Auxy Space

My footprints

日常立flag

啊啊啊啊,快疯掉了 哎,暑假生活才没几天,计划乱的不行。本来想先花点心思放在__二进制__安全上面的,结果翻了几页书就去看别人的 CTF writeup,看完回来之后有去研究 CSP bypass和 SOP bypass。结果一个都没学会。。。很快就要去写一个月的公开AP的IOT扫描器报告了,结果现在一点准备都没有,现在整个人都慌了。在此,我郑重立flag下宣言: ...

Celica forenotice

My security assistant bot in Slack Slack is known for its powerful API. In a short holiday, I decided to write am assistant bot. I named it ‘Celica’, which is a character in Akashic Records of Bas...

What should you prepare before practicing Stack Overflow( To newbie

Eh.. You might never guess that I begin to learn information security from reverse engineer. Yeah…But that is just a begin, I give up it and start studying Web Security. Finding system vulnerabili...

JQuery-The blade of XSS

What’s up? In CTF or real pentest, Web developers will use many methods to filter your XSS. In some case, however, the JS code is not completely filtered out but has many strange limitations. Such...

linux作死系列

前言 昨天手贱只用nvidia单显驱动Xorg,结果一不小心就跑崩了我的Arch,装系统解决驱动花了半天.反正也是无聊,就试试其他的花式死法好了.欢迎各位仍命令到服务器亲自试胆 测试地点:Xubuntu-16.04-LTS :(){ :|:& };: 大名鼎鼎的fork炸弹,我们先来分析一下语法: :()创建一个名为 : 的函数 { :|:& };函数的执...

alf.nu alert(1) 1~10 writeup

just a XSS test

Preface Alert(1) is a test in https://alf.nu/alert(1), which tests your bypass ability. The questions are really helpful to CTF. In a boring afternoon, I found out it :D 1)WarmUp function escape...