Hazzel's blog

Hazzel's blog

  • HOME
  • BLOG
  • ABOUT
Illustration of a bird flying.
  • JumpServer Remote Code Execution Vulnerability

    Introduction JumpServer is the first open-source jump server based on Django. It provides friendly web UI for dev-ops management administrators and users to access the remote resources such as servers. databases, and so on. The project can be found at https://github.com/jumpserver/jumpserver [……] Read more

    January 18, 2021
  • Reverse Interactive Shell in Python

    Reverse Interactive Shell in Python

    Background It’s been a really long time since last time I took participated in a CTF game. Last weekend, Randomly found an ongoing CTF game – GACTF. There was a web challenge named XWIKI. That challenge provided an environment with XWIKI, an open source Wiki system. To dig more ways, I built a[……] Read more

    September 3, 2020
  • A New GitHack Script

    Git hack happens when site maintainers use Git to manage the source code of the website but forget to delete .git directory. By accessing http://your.target.site/.git/ , you can easily find Git information and even the source code of the target website. Sometimes you may see 403 when you are trying to visit that URL, but that is […]

    April 20, 2019
  • Trick on Appending a List to Another List in Python

    Today I spent some time on practicing coding. When I was trying to solve a problem about finding paths with elements whose sum equals to a specified value, given a binary tree and a value, I stumble against some unknown problems.  [……] Read more

    December 7, 2018
  • Detection for Abnormal Params with HMM (with Code)

    Recently, I am studying on intrusion detection with machine learning, hoping to use what I have learned this semester in Machine Learning course to solve some real life problems. The first topic is using Hidden Markov Models to detect abnormal input for parameters.  [……] Read more

    December 6, 2018
  • K Sum Problem

    K sum problems are the sort of problems that asking you to find the k numbers whose sum is the target when given a number array or list. On LeetCode, there are two sum and three sum problems. Today, I am gonna discuss such kind of problems.  [……] Read more

    December 3, 2018
  • Machine Learning – KNN

    When you given a set of commands from a log file such as .bash_history or something similar, you can definitely judge if this set of commands reveals a evil attack to your computer system by reading it lines by lines if there is not too many commands. However, for those companies, there ar[……] Read more

    July 22, 2018
  • Code Audit – CVE-2018-10574

    As the second CVE ID I have owned, CVE-2018-10574 identifies an arbitrary code executation in BigTree CMS developed by Fastspot. Here are some places to get more details about this CVE. [……] Read more

    June 26, 2018
  • How did I Compromise an IPMS

    After haivng spent two decades of days on security development in SenseTime, an A.I. company in China, I finally finished a detection system helping company find their private source codes leaked on Github. It did takes some of my effort but fortunately it works well and every morning our team can be informed by the […]

    June 26, 2018
  • Note for SSL/TLS

    Recently, I have been asked several times about what TLS is and how it works. Unfortunately, I failed to give them a detailed answers though I have learned that before. These days, I spent some time on reviewing it, and decidede to post it on my blog, hoping it will help you recall the knowledge […]

    April 8, 2018
1 2
Next Page→

Hazzel's blog

Proudly powered by WordPress