Introduction to ARM PWN: A Beginner’s Guide

Introduction to ARM PWN: A Beginner's Guide

1. Introduction In CTF competitions, most of the challenges we encounter are based on x86 and x86_64 architectures. However, after I started researching the IoT field, I found that smart devices primarily use ARM and MIPS architectures. This article aims to introduce readers to the world of ARM PWN through CTF challenges based on the … Read more

Bypassing HttpOnly for Escalating Vulnerability Impact

Bypassing HttpOnly for Escalating Vulnerability Impact

The vulnerabilities described in this article have been fixed. Please do not conduct unauthorized penetration testing. Original source: https://sallam.gitbook.io/sec-88/write-ups/how-we-turned-a-medium-xss-into-a-high-bounty-by-bypassing-httponly-cookie Content The target application is a common website translation platform that includes team management, project management, and an AI feature module. During testing for privilege escalation and injection attacks, I discovered an interesting input field in … Read more

Practical Analysis of Attackers Exploiting Windows and Linux Vulnerabilities for System Intrusion

Practical Analysis of Attackers Exploiting Windows and Linux Vulnerabilities for System Intrusion

Part01 Exploitation Trend Escalation Recent monitoring by global cybersecurity teams has detected a significant increase in activities where attackers exploit vulnerabilities in Windows and Linux systems to conduct complex attacks aimed at gaining unauthorized system access. These attacks typically begin with phishing emails or malicious web content, deploying weaponized documents to initiate the attack. When … Read more

Analysis of WOW64 Exploitation Techniques

Analysis of WOW64 Exploitation Techniques

Recently, hackers have drawn the attention of many security researchers by using an “old” technology from over a decade ago – “Heaven’s Gate” – to evade detection. In response, FireEye published an article titled “WoW64 Subsystem Internals and Hooking Techniques” [1] (hereinafter referred to as “FireEye article”), which provides a detailed introduction to “Heaven’s Gate” … Read more

Introduction to CTF Pwn: Linux Pwn Exploration

Introduction to CTF Pwn: Linux Pwn Exploration

Do you want to tackle PWN challenges in CTF competitions with ease and lead your team independently? Do you want to build a solid foundation in binary security to support your future career in security? Students and professionals who love binary security are in for a treat! The platform has launched a new course, “Introduction … Read more

Exploring Schneider PLC Worm Technology

Exploring Schneider PLC Worm Technology

Author: Green Alliance Technology, Ge Wu Laboratory, Chen Jie Background Recently, researchers abroad discovered a code injection vulnerability in Schneider’s systems (CVE-2020-7475), which could allow Schneider PLCs to be turned into worms. If successfully exploited, this vulnerability could enable the PLC to act as a small PC executing malicious network activities, serving as an internal … Read more