OSINT Exercise 011 walkthrough
OSINT Exercise 011 解題紀錄
任務
https://gralhix.com/list-of-osint-exercises/osint-exercise-011/
任務要求:找出圖中四位人物的名稱。
這題我找 剝殼雞蛋 跟我一起解,原先是想要比誰先解出來,但是因為太難所以決定合作🥺
我們的解題過程
首先先放個我們看完題目後的心理狀態:
單看圖片沒有什麼頭緒,先用圖片搜尋來看有沒有其他的線索。
找到 As Libyan parties delay naming unity government, UN urges steps to end political divisions 這篇文章,其中有一張圖片幾乎與原圖如出一轍,圖片下方有註釋:「 Signing of the Libyan Political Agreement in Skhirat, Morocco, 17 December 2015. 」 ,到這邊我們可以推斷出幾件事情:
知道照片拍攝於 2015/12/17 。
影片中的人們應該正在簽署 Liby ...
Use Ghidra to find the offset of SSL_write() in the chrome.dll file from Chrome version 129.0.6668.71
Use Ghidra to find the offset of SSL_write() in the chrome.dll file from Chrome version 129.0.6668.71
You need to first prepare Chrome version 129.0.6668.71 .
SSL_write() is located in boringssl ( boringssl/ssl/ssl_lib.cc ) , a third-party library used by Chrome.
Finding the location of SSL_write() in the source code first will help locate its offset in chrome.dll later.
Search for the source code of boringssl/ssl/ssl_lib.cc
Now, let's start looking for the source code of Chrome version 129.0.66 ...
Web Security Academy SQL injection Writeups
This is my Web Security Academy SQL injection lab writeups.
https://portswigger.net/web-security/sql-injection
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Description
This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:
1SELECT * FROM products WHERE category = 'Gifts' AND released = 1
To solve the lab, perform a SQL injectio ...
CSAW CTF Qualification Round 2024 Writeups
CSAW CTF Qualification Round 2024 Writeups
This is the writeup for my competition. It includes the solutions to the problems I solved during the contest, as well as some problems I managed to solve after the event. It's meant to share some of my thought processes, the techniques I learned, and the skills I acquired through solving these problems.
Competition website link:
https://ctf.csaw.io/
Backup of competition problems:
https://github.com/osirislab/CSAW-CTF-2024-Quals
INTRO
Flag ( Ques ...
CVE-2024-6239
CVE-2024-6239
This is my first CVE!!! I am preparing to share the process of how I discovered, explored, and submitted this CVE.
The structure of this topic will be presented as a directory that reflects the entire process of vulnerability discovery and CVE application from start to finish. The process involves selecting a target project, narrowing down the scope, reviewing the source code (since the project I’m researching is open-source), conducting fuzzing tests on areas of interest, analyz ...
Detailed Guide to Getting Started with Windows ETW
Detailed Guide to Getting Started with Windows ETW
Disclaimer: The following content is based on information from the internet and some of my own notes, aimed at a more comprehensive study and recording of ETW-related knowledge.
Environment
Operating System: Windows 10 21H1
Introduction to ETW
History
ETW (Event Tracing for Windows) was first introduced in Windows 2000, after which the operating system core and services began using ETW to log events. After Windows Vista, ETW introduced a uni ...
Understanding Yara, Sigma, and Snort Rules in Cybersecurity
Understanding Yara, Sigma, and Snort Rules in Cybersecurity
In the field of cybersecurity, Yara , Sigma , and Snort are essential tools used for creating and implementing rules to detect and respond to security threats. Each tool serves a unique purpose and has its own strengths and weaknesses. This article provides an overview of these tools, including a practical examples of Yara rules and detailed installation and usage instructions for the Windows enviroment.
Overview
Tool
Primary U ...
OSINT Exercise 001 walkthrough
OSINT Exercise 001 walkthrough
I came to know about this interesting website because of an introduction by Ball45.
Challenge INFO
https://gralhix.com/list-of-osint-exercises/osint-exercise-001/
My Solution
Kiffa is located in Mauritania, and its location can be roughly pinpointed using Google Maps:
The map shows that it is not too far from the equator, so it should follow the general pattern of the sun rising in the east and setting in the west:
Using the pattern of the sun's rise and set a ...
basic mod 1
basic mod 1
https://play.picoctf.org/practice/challenge/253
The file ./message.txt contains a series of numbers. By taking each number mod 37 and then mapping them according to the rules ( 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. ) mentioned in the question, you can obtain the flag.
exploit
123456789101112131415161718192021import stringmes = ""with open("./message.txt") as fp: mes = fp.read().strip()print(mes)mes_arr = mes.sp ...
Portfolio
作品集
研究所時期
主題
連結網址
說明
程式安全 Computer Security 2023 FALL hw0
連結網址
CTF 、學習筆記
程式安全 Computer Security 2023 FALL tool
連結網址
CTF 、學習筆記
Randomized Algorithms
連結網址
學習筆記
大學時期
主題
連結網址
說明
pwnable tw writeup ( start )
連結網址
CTF PWN
Travel Vision 大數據視覺化
連結網址
國立中正大學資訊管理學系畢業專題
The Detection of Fake News
連結網址
國立中正大學資料探勘期末報告
Artificial Neural Network
連結網址
國立中正大學 AI 助教 slide
SHELL CTF 2022 writeup
連結網址
CTF writeup
Google CTF 2021
連結網址
CTF
2019 Trendmicro CTF Wildcard 400
連結網址
CTF 威脅分析 ...