Just a Blog by Sharkkcode ... 紀錄，也是一種享受生活的方式 XD

Use Ghidra to find the offset of SSL_write() in the chrome.dll file from Chrome version 129.0.6668.71 You need to first prepare Chrome version 129.0.6668.71 . SSL_write() is located in boringssl ( boringssl/ssl/ssl_lib.cc ) , a third-party library used by Chrome. Finding the location of SSL_write() in the source code first will help locate its offset in chrome.dll later. Search for the source code of boringssl/ssl/ssl_lib.cc Now, let's start looking for the source code of Chrome version 129.0.66 ...

This is my Web Security Academy SQL injection lab writeups. https://portswigger.net/web-security/sql-injection Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data Description This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following: 1SELECT * FROM products WHERE category = 'Gifts' AND released = 1 To solve the lab, perform a SQL injectio ...

CSAW CTF Qualification Round 2024 Writeups This is the writeup for my competition. It includes the solutions to the problems I solved during the contest, as well as some problems I managed to solve after the event. It's meant to share some of my thought processes, the techniques I learned, and the skills I acquired through solving these problems. Competition website link: https://ctf.csaw.io/ Backup of competition problems: https://github.com/osirislab/CSAW-CTF-2024-Quals INTRO Flag ( Ques ...

CVE-2024-6239 This is my first CVE!!! I am preparing to share the process of how I discovered, explored, and submitted this CVE. The structure of this topic will be presented as a directory that reflects the entire process of vulnerability discovery and CVE application from start to finish. The process involves selecting a target project, narrowing down the scope, reviewing the source code (since the project I’m researching is open-source), conducting fuzzing tests on areas of interest, analyz ...

Detailed Guide to Getting Started with Windows ETW Disclaimer: The following content is based on information from the internet and some of my own notes, aimed at a more comprehensive study and recording of ETW-related knowledge. Environment Operating System: Windows 10 21H1 Introduction to ETW History ETW (Event Tracing for Windows) was first introduced in Windows 2000, after which the operating system core and services began using ETW to log events. After Windows Vista, ETW introduced a uni ...

Understanding Yara, Sigma, and Snort Rules in Cybersecurity In the field of cybersecurity, Yara , Sigma , and Snort are essential tools used for creating and implementing rules to detect and respond to security threats. Each tool serves a unique purpose and has its own strengths and weaknesses. This article provides an overview of these tools, including a practical examples of Yara rules and detailed installation and usage instructions for the Windows enviroment. Overview Tool Primary U ...

OSINT Exercise 001 walkthrough I came to know about this interesting website because of an introduction by Ball45. Challenge INFO https://gralhix.com/list-of-osint-exercises/osint-exercise-001/ My Solution Kiffa is located in Mauritania, and its location can be roughly pinpointed using Google Maps: The map shows that it is not too far from the equator, so it should follow the general pattern of the sun rising in the east and setting in the west: Using the pattern of the sun's rise and set a ...

basic mod 1 https://play.picoctf.org/practice/challenge/253 The file ./message.txt contains a series of numbers. By taking each number mod 37 and then mapping them according to the rules ( 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. ) mentioned in the question, you can obtain the flag. exploit 123456789101112131415161718192021import stringmes = ""with open("./message.txt") as fp: mes = fp.read().strip()print(mes)mes_arr = mes.sp ...

作品集 研究所時期 主題 連結網址 說明 程式安全 Computer Security 2023 FALL hw0 連結網址 CTF 、學習筆記 程式安全 Computer Security 2023 FALL tool 連結網址 CTF 、學習筆記 Randomized Algorithms 連結網址 學習筆記 大學時期 主題 連結網址 說明 pwnable tw writeup ( start ) 連結網址 CTF PWN Travel Vision 大數據視覺化 連結網址 國立中正大學資訊管理學系畢業專題 The Detection of Fake News 連結網址 國立中正大學資料探勘期末報告 Artificial Neural Network 連結網址 國立中正大學 AI 助教 slide SHELL CTF 2022 writeup 連結網址 CTF writeup Google CTF 2021 連結網址 CTF 2019 Trendmicro CTF Wildcard 400 連結網址 CTF 威脅分析 ...

關於我 常用 Nickname ： Sharkkcode 、 sharkkcode 、 Shark||| 熱衷於程式設計、資訊安全、人工智慧以及教育。 我的基本資訊 資訊 連結或內容 Gmail fuhanpan.zzz@gmail.com Instagram _river________ BLOG 文章整理、作品整理、導覽 連結 Github 個人頁面 連結 我的資安經歷 第八屆臺灣好厲駭 第七屆臺灣好厲駭 第六屆臺灣好厲駭 Hitcon 2022, 2023 AIS3 2022 SHELL CTF 2022 Google CTF 2021 NISRA 2021 此 Blog 所使用的圖片大多都來自 這裡 、自行攝影或經作者同意使用，如果有需要標明出處、作者等等資訊或者覺得有不當使用的地方等等，可以聯絡我討論，謝謝！