Open in app

Sign In

Write

Sign In

Peterjson
Peterjson

380 Followers

Home

About

Jun 23, 2022

Miracle - One Vulnerability To Rule Them All

# Introduction As mentioned in Jang blog, We (me and Jang) found a mega 0-day. After April Critical Patch, finally the vulnerability was patched properly. If you never known about this vulnerability, please patch your system ASAP ! # Summary Let us name this attack The Miracle Exploit because it affects many products based…

Cve 2022 21445

11 min read

Miracle - One Vulnerability To Rule Them All
Miracle - One Vulnerability To Rule Them All
Cve 2022 21445

11 min read


Nov 19, 2021

Some notes about Microsoft Exchange Deserialization RCE (CVE-2021–42321)

Vietnamese version: https://testbnull.medium.com/some-notes-of-microsoft-exchange-deserialization-rce-cve-2021-42321-f6750243cdcd INTRO It’s been several months since our last story about ProxyShell Exploit and recently Exchange was pwned again at Tianfu Cup 2021. We’re very excited about that Exploit and we’re waiting for Tuesday Patch of MS Exchange this month to analyse it. There’s already a blog analysis about…

Exchange

8 min read

Some notes about Microsoft Exchange Deserialization RCE (CVE-2021–42321)
Some notes about Microsoft Exchange Deserialization RCE (CVE-2021–42321)
Exchange

8 min read


Sep 19, 2021

[::ACSC Quals 2021::] — Breaking Logics

Yesterday, I have played ACSC 2021 and there an interesting challenge from Orange Tsai and I want to write down something about this challenge. The challenges from ACSC so good and it will be up for 1–2 days. If you curious about them, go head https://score.acsc.asia/ This challenge is easy…

Acsc

5 min read

[::ACSC Quals 2021::] — Breaking Logics
[::ACSC Quals 2021::] — Breaking Logics
Acsc

5 min read


Sep 16, 2021

Linh tinh về Oracle Business Intelligence [part 3]

Để tiếp nối series Oracle Business Intelligence, mình sẽ write-up 2 bug pre-auth RCE mà mình tìm được đợt này CVE-2021-2244 và CVE-2021-2456 (số đẹp vkl ( ͡° ͜ʖ ͡°) ). Bài viết này sẽ nói về 2 bug trên cũng như những tip/trick khi target Oracle BI. Enviroment Weblogic: 12.2.1.3.0 …

Cve 2021 2244

8 min read

Linh tinh về Oracle Business Intelligence [part 3]
Linh tinh về Oracle Business Intelligence [part 3]
Cve 2021 2244

8 min read


Published in tradahacking

·Sep 7, 2021

[Atlassian Confluence CVE-2021–26084]::: The other side of bug report!

tl;dr A pull request for Nuclei template of CVE-2021–26084 turned out to be a leak of our Pre-Auth RCE exploit payload for Atlassian Confluence that had been provided to VMWare. When CVE-2021–26084 advisory came out, our team as usual tried to reproduce the bug with a reliable exploit. I noticed…

Confluence

4 min read

[Atlassian Confluence CVE-2021–26084]::: The other side of bug report!
[Atlassian Confluence CVE-2021–26084]::: The other side of bug report!
Confluence

4 min read


Aug 6, 2021

Reproducing The ProxyShell Pwn2Own Exploit

INTRO I and Jang recently successfully reproduced the ProxyShell Pwn2Own Exploit of Orange Tsai 🍊. Firstly, I just want to tell that I respect your hard work and the contribution of you to cybersecurity which inspired me many years ago. Now I want to summary the progress when we reproduce this…

Proxy

7 min read

Reproducing The ProxyShell Pwn2Own Exploit
Reproducing The ProxyShell Pwn2Own Exploit
Proxy

7 min read


Published in tradahacking

·Feb 20, 2021

CVE-2019–2725 Revisited

INTRO Hi guys! Lần này mình sẽ mang tới cho các bạn 1 case mình thấy khá là hay ho nên muốn viết write-up chia sẻ về case này. Context của target mình gặp phải là một site dính CVE-2019–2725 NHƯNG Weblogic version 12.1.3.0.0 target này không có…

Cve 2019 2725

6 min read

CVE-2019–2725 Revisited
CVE-2019–2725 Revisited
Cve 2019 2725

6 min read


Jul 25, 2020

CVE-2020–2950 — Turning AMF Deserialize bug to Java Deserialize bug

INTRO Hi các bạn ! Cũng lâu rồi mình chưa có viết lách gì về kỹ thuật thì lần này mình sẽ write-up về 1 case pentest liên quan đến bug CVE-2020–2950 . Mình reproduce lại…

Gadget

11 min read

CVE-2020–2950 — Turning AMF Deserialize bug to Java Deserialize bug
CVE-2020–2950 — Turning AMF Deserialize bug to Java Deserialize bug
Gadget

11 min read


Published in CDLabs

·Feb 23, 2020

RMI Study Note And Some Study Case

Hi ! Lâu rồi mình cũng không viết blog hay là write-up về CTF nữa, mà lần này mình muốn viết về một chủ đề khác, về RMI, về Java và muốn chia sẻ chính về cách mình tiếp cận, quá trình đào sâu một vấn đề mới và nhiều…

Java

15 min read

RMI Study Note And Some Study Case
RMI Study Note And Some Study Case
Java

15 min read


Published in tradahacking

·Feb 23, 2020

[RMI] Study Note And Some Study Case

Hi ! Lâu rồi mình cũng không viết blog hay là write-up về CTF nữa, mà lần này mình muốn viết về một chủ đề khác, về RMI, về Java và muốn chia sẻ chính về cách mình tiếp cận, quá trình đào sâu một vấn đề mới và nhiều…

Java

15 min read

[RMI] Study Note And Some Study Case
[RMI] Study Note And Some Study Case
Java

15 min read

Peterjson

Peterjson

380 Followers

Nub-boi

Following
  • Buxu

    Buxu

  • Shahmeer Amir

    Shahmeer Amir

  • Jang

    Jang

  • Avinash Jain (@logicbomb)

    Avinash Jain (@logicbomb)

  • Khanh Ta Quang

    Khanh Ta Quang

See all (92)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech