blogs
2024:
Azure VM Insights Elevation of Privilege Vulnerability
OpenStack Admin Account Takeover due to Unsafe Environment Handling in MuranoPL
Jumpserver Preauth RCE Exploit Chain
2023:
An Interview about Me: An Ethical Hacker
EvilSln: Don't open .sln files
2021:
PrintNightmare : Remote code execution in Windows Spooler Service
An Interview about Me: The Journey of a Vulnerability Discoverer
2020:
Exploiting an Elevation of Privilege bug in Windows 10 (CVE-2020-1362)
Pre-auth RCE on multiple Xiaomi Routers(CVE-2019-18370,CVE-2019-18371)
Writeup and POC for CVE-2020-0753, CVE-2020-0754 and six fixed Window DOS Vulnerabilities
Update Orchestrator Service (UsoSvc) Info Leak
Attacks on shadowsocks ciphers
2019:
CVE-2019-6487, A command injection vulnerability in TP-Link WDR5620
2018:
All roads lead to Rome: Many ways to double spend your cryptocurrency
Danger of using fully homomorphic encryption: A look at Microsoft SEAL
Security Risks in Zero Knowledge Proof Cryptocurrencies
Not A Fair Game – Fairness Analysis of Dice2win
Analysis and Improvement of NEO dBFT Consensus Mechanism
NEO Smart Contract Platform Runtime Serialize Calls DoS
EOS Node Remote Code Execution Vulnerability — EOS WASM Contract Function Table Array Out of Bounds
Attackers Fake Computational Power to Steal Cryptocurrencies from Mining Pools
Bitpie Key Recovery vulnerability
Proposal for suggested texts for ITU-T X.stov Security threats to online voting using distributed ledger technology,Draft Standard. 2018
Proposal for suggested texts for Security framework for Distributed Ledger Technology, Draft Standard. 2018
Proposal for suggested texts for the X.sct-dlt Security capabilities of and threats to Distributed Ledger Technology,Draft Standard. 2018
Proposal for suggested texts for X.strdlt The security threats and requirements for digital payment services based on distributed ledger technology, Draft Standard. 2018
Before 2018:
IIS remote code execution
小米电商主站数据库任意操作漏洞, 2012
Struts2远程任意代码执行漏洞及利用工具. 2012
新浪微博用户密码泄露漏洞. 2011