Jang
Jangggg's Blog

Jangggg's Blog

Archive

Build CodeQL DB without source code
Jun 23, 2021 · by Jang

A Quick Look at CVE-2021–21985 VCenter Pre-Auth RCE
Jun 5, 2021 · by Jang

Làm ATTT là làm gì? (“0day hunter” — Vulnerability Research)
May 30, 2021 · by Jang

Phân tích lỗ hổng SolarWinds Orion Deserialization to RCE (CVE-2021–31474)
May 25, 2021 · by Jang

Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)
Apr 26, 2021 · by Jang

GSM in your Area (Làm thế nào để giả mạo cột sóng, giả mạo SMS Brandname)
Mar 26, 2021 · by Jang

Phân tích lỗ hổng ProxyLogon — Mail Exchange RCE (Sự kết hợp hoàn hảo CVE-2021–26855 +…
Mar 10, 2021 · by Jang

Làm An toàn thông tin là làm gì? (nghề kiểm thử xâm nhập — pentest)
Feb 21, 2021 · by Jang

How does the Semmle Core works [Part 2]
Jan 13, 2021 · by Jang

How does Semmle core/CodeQL works? Góc nhìn phiến diện về cách hoạt động của CodeQL! [Part 1]
Jan 12, 2021 · by Jang

HPE System Insight Manager (SIM) AMF Deserialization lead to RCE(CVE-2020–7200)
Dec 22, 2020 · by Jang

(0.5 day) Micro Focus Operations Bridge Manager Pre-Auth Deserialization to RCE
Nov 18, 2020 · by Jang

Weblogic RCE by only one GET request — CVE-2020–14882 Analysis
Oct 28, 2020 · by Jang

CVE-2020–4280 — IBM QRadar Java Deserialization Anlysis (and bypass)
Oct 20, 2020 · by Jang

CodeQL thần chưởng [part 2]
May 27, 2020 · by Jang

CodeQL thần chưởng [part 1]
May 21, 2020 · by Jang

The Art of Deserialization Gadget Hunting [part 3] (How I found CVE-2020–2555 by known tools!)
Mar 12, 2020 · by Jang

[GadgetChain] GadgetProbe — Blind ClassPath guessing
Feb 19, 2020 · by Jang

The Art of Deserialization Gadget Hunting [part 2]
Feb 14, 2020 · by Jang

The Art of Deserialization Gadget Hunting
Feb 1, 2020 · by Jang