I really want to go out and play_ (: з」 ∠)_ But can not go out, had to be at home at the invitation of xctf anti epidemic competition. But I didn't ask what to do? I happened to see an article by Xray that complained about the poor average code development ability of security practitioners. Considering that the solution of obfuscation requires a certain development ability, it's better to use confusion water

I haven't written an article for a long time, so I'll just take out my recent research and make a number of them. Unexpectedly, it is an article that has nothing to do with technology Non professional Bookkeeping tutorial aims at Amway beancount, and introduces some usage methods of beancount that are suitable for China's national conditions. If you like manual bookkeeping, beancount may be the best billing tool; If you just want to do the work by hand, it's very convenient for you.

This time, in rctf2019, I put forward a question: sourceguardian decryption. And hook zend_ compile_ string It can be solved php_ screw 、 php-beast Like other extensions, there are no extensions that make significant changes to the overall execution process of PHP, and there are still general (or more general) cracking solutions. Sourceguardian is an example. This article will talk about this kind of encryption cracking scheme from the perspective of Zend virtual machine.

For the title and writeup of this question, see:

First of all, we need to be familiar with the process of PHP code execution -- that is, PHP is like this

I haven't written the front-end article for a long time. Let's write one to make up the number.
This paper is related to GitHub https://github.com/zsxsoft/nextjs-csr
The results are as follows: https://codesandbox.io/s/github/zsxsoft/nextjs-csr

This year's hitcon is finished. I'm addicted to writing the front-end and doing nextjs operation successfully. I don't want to write the front end. Jpg.

Just at the end of the 0ctf / tctf global finals in Shenzhen, and then Ben konjac decisively played GG, the big guys are too strong.

Official WP（ https://github.com/LyleMi/My-CTF-Challenges/blob/master/ezDoor/README_ZH.md ）After coming out, I found that my solution was unexpected from the beginning to the end, so I wrote this article as a record. I have to say, I think my solution is quite interesting.

In the "strong net cup" competition held at the weekend of last week, there was an interesting question "colored eggs". The problem is as follows: in the end, I used the UDF of PostgreSQL to solve the problem, but the positive solution was not found. At the same time, orange's analysis of the article let me find the correct solution. This article is a divergent debug note for this vulnerability.

With the rapid development of front-end technology, more and more software is using browser related technology as a part of it. Compared with the software developed by traditional client technology, the software developed by partial or full use of Web front-end technology has the advantages of low development cost and low deployment cost. But naturally, we can also attack these clients with common Web attack techniques. Because the client software has more rights, the use of attack technology with severely limited scenarios on the web can often cause greater harm.