I really want to go out to play _ (: ☒ "∠) _ but I can't get out, so I have to ask questions at home at the invitation of the XCTF Anti epidemic Game. But what should I do if I don't know? I happened to see an article of Xray complaining that the average code development ability of security practitioners is poor. Considering the need for certain development ability to solve confusion, let's use the question of confusion water

I haven't written an article for a long time. Let's just take out my recent research and make up a number. Unexpectedly, it is an article that has nothing to do with technology (. This article is personal oriented Non professional The bookkeeping course aims at Amway Beancount and introduces some usage methods of Beancount that adapt to China's national conditions. If you like manual bookkeeping, Beancount may be the best bookkeeping tool; If you don't like manual work and just want to finish bookkeeping quickly, Beancount is also suitable for you.

This time in RCTF2019, I asked a question about SourceGuardian decryption. And Hook zend_compile_string Can be solved php_screw 、 php-beast Like other extensions, there are still general (or more general) cracking schemes for extensions that do not make major changes to the overall execution process of PHP. SourceGuardian is an example. This article will talk about this kind of encryption cracking scheme from the perspective of Zend virtual machine.

For the title and Writeup of this question, see:

First, we need to be familiar with the process of PHP code execution - that is, PHP is like

I haven't written the front end article for a long time. Write an article to make up the number.
GitHub related to this article: https://github.com/zsxsoft/nextjs-csr
See: https://codesandbox.io/s/github/zsxsoft/nextjs-csr

This year's HITCON has finished. I was addicted to writing the front end and engaged in the Nextjs operation. I successfully broke 0 (fog). I don't want to write the front end. jpg.

The 0CTF/TCTF global finals in Shenzhen just ended, and then Konjaku Konjaku decisively played GG. The leaders were too strong.

Official wp（ https://github.com/LyleMi/My-CTF-Challenges/blob/master/ezDoor/README_ZH.md ）After coming out, I found that my solution was unexpected from the beginning to the end, so I wrote this article as a record. I have to say, I think my solution is quite interesting.

In the "Super Tennis Cup" competition held last weekend, there was a very interesting question, "Eggs". The problem surface is as follows: I finally used the UDF of the unexpected PostgreSQL solution to solve this problem, but the positive solution was not found. Just in time, the analysis article of Orange God let me find a positive solution. This article is a divergent debug note for this vulnerability.

With the rapid development of front-end technology, more and more software is using browser related technologies as part of its composition. Compared with software developed entirely using traditional client technology, software developed partially or completely using web front-end technology has the advantages of low development cost and low deployment cost. But naturally, we can also attack these clients with the commonly used techniques against the Web. Because the client software has greater permissions, the attack technology with severely limited use scenarios on the Web can often cause greater harm.