Jhe

It's all about inconsistency.

About Me

I'm a:
  - Security researcher
  - co-founder of UCCU Hacker
  - key contributor of Qiling framework
  - pythonista, rustacean, gopher, haskeller, Arch Linux user

Interested in:
  - Web security, Container security, IoT security
  - Linux security, Python security

Public speaking experiences:
  - 2016
    - Fun with SOHO Router 101    @  HITCON Community
    - Insecure of Things Explorer @  TDOH CONF
  - 2017
    - Harden your program the hard way   @ HITCON Community
    - Python security from top to bottom @ TDOH CONF

Recent Posts

How to reproduce CVE-2020-8962 with Qiling Framework

2020-07-30 security Qiling CVE D-Link

進行著每天例行的快速新聞瀏覽,偶然看見 CVE-2020-8962 是一個跟 D-Link 有關的漏洞,自從開始貢獻 Qiling Framework 開始就沒少碰過 D-Link 了,於似乎就想重現一下漏洞。 下載最接近文章中所提及的版本後發現 binwalk 不認得,猜測是韌體被加密了,剛好之前 ... Read More

ELF Symbol Resolving

2019-12-12 security ELF

這邊其實可以當成是 Lazy binding 的後篇,在 Lazy binding in ELF 中,只講到表層觀察到的現象 也就是 GOT、PLT 等相交互的運作,但細部的如 function 是如何被"找"到的還是一個黑盒子 這邊試著一步步用gdb ... Read More

Python Pickle

2019-05-30 security Python Pickle

在 2018 年的時候有一個 Code-breaking Puzzles 挑戰賽,都是 Web 題,使用的語言橫跨 PHP、Nodejs、Java 與 python,用盡各語言的特性及奇技淫巧來解題 唯一的一題用 Django 出的題目引起了我的興趣,起初環境不知道為什麼架不起來, ... Read More

categories

misc security

tags

android asm c chrome cryptography css cve d-link elf hash hook jwt linux php pickle ptrace python qiling redis rpo web windows winrar