A New GitHack Script

Git hack happens when site maintainers use Git to manage the source code of the website but forget to deleting  directory. By accessing  , you can easily find Git information and even the source code of the target website. Sometimes you may see 403 when you are trying to visit that URL, but that is because the access to directories is restricted. In this case, you can still access and download certain files if you know the exact URL to the file.

Continue reading “A New GitHack Script”

Machine Learning – KNN

When you given a set of commands from a log file such as .bash_history or something similar, you can definitely judge if this set of commands reveals a evil attack to your computer system by reading it lines by lines if there is not too many commands. However, for those companies, there are such many log files waiting to analyze that it is not possible to audit manually. 

Continue reading “Machine Learning – KNN”

Note for SSL/TLS

Recently, I have been asked several times about what TLS is and how it works. Unfortunately, I failed to give them a detailed answers though I have learned that before. These days, I spent some time on reviewing it, and decidede to post it on my blog, hoping it will help you recall the knowledge about TLS. 

Continue reading “Note for SSL/TLS”

Note for GraphQL

This is a rough translation from one article on my old Chinese blog. The original one was written on Sept. 19th, 2017. Last weekend, when I was playing a CTF game, I got an interesting challenge about GraphQL. That was my first time to see GraphQL. At that time, I spent some time on Google, trying to get more detail about it, but finally found a few things impressive. This time, I took a twice look at it. Although it may lack some depth, it is enough to be a note.

Continue reading “Note for GraphQL”