play with V8 - build, debug and basics
Lately, I have been working on customizing V8 which gives me a chance to learn more about V8. In this blog post, I will be sharing my experience of getting started with V8. The topics that will be covered include building V8 from the source, debugging V8, and comprehending V8's compilation pipeline.
Read moreJailbreak the latest LLM - chatGPT & Sydney
In this blog, I am going to share a brief summary of recent trending attack, prompts injection, on chatGPT, Sydney(Bing), or other LLM services.
Read more西湖论剑 WestLake 2022 babycalc
I was delighted to play in the WestLake CTF this year alongside my younger schoolmates and to see their high level of skill despite being only sophomores. Kudos to the younger generation, their future is certainly promising!
Read moreidekCTF 2022 Writeup
idek2022 has provided several challenges with good quality. The sprintf challenge is a "wired" format string challenge in which I have summarized 3 different impressive approaches. Check them out!
Read moreRealWorld CTF 2023 Writeup
Another writeup for the ReadWorld 2023 CTF. Here are the baby-level and normal-level challenges, but they are actually not easy at all.
Read moreUnderstanding the Heap - a beautiful mess
In this blog, I am going to explain the important concepts of Heap and use the ptmalloc in the Glibc 2.31 library as an example. The heap is a beautiful mess :)
Read moresnykCTF 2022 Writeup
This is the writeup for the snykCTF 2022 which provided so many interesting web challenges. I take it as an opportunity to learn more about various web security topics which is why I spend time going through all the challenges again. I hope you find this writeup informative and enjoyable!
Read moreDEADFACE CTF 2022 Writeup
Another writeup for the really interesting CTF game I played last weekend! Luckily to find a prototype pollution challenge in the game.
Read moreGoogle XSS Game Exploit & Patch
Hi, here are six easy but interesting XSS games hosted by Google. This blog records the writeup, how to patch these vulns and CSP-based protection strategies. More importantly, I summarized the browser parsing process in terms of the timing of different decoding occurring.
Read moreA JS Beginner-Friendly Introduction to Prototype Pollution(1/2)
This blog aims to summarize everything about the javascript-specific vulnerability - prototype pollution: necessary knowledge about javascript, what is the prototype and prototype chain, how to exploit the prototype pollution vulnerability and several CTF challenges related to the prototype pollution which might help in understanding all the stuff.
Read more