吕立青的博客
-
1
RoamResearch 的革命性,在于恢复用户对自己注意力的控制权 | Roam Newsletter 漫游研究所周报 2021W06
-
2
写作时感到的痛苦,是理清思想的痛苦 | Roam Newsletter 漫游研究所周报 2021W07
-
3
承认错误是成功的关键,帮助自己快速发现并纠正错误 | Roam Newsletter 漫游研究所周报 2021W08
-
4
【译】深度解析 Roam 数据结构 —— 为什么 Roam 远不只是一个笔记应用
-
5
为什么说 Roam 远不只是一个笔记应用 | Roam Newsletter 漫游研究所周报 2021W10
-
6
【译】Roam Research 自定义组件 —— 跟 {{roam/render}} 来一次亲密接触!
-
7
事物间丰富的关联,是我们抽象、感知和思考的重要部分 | Roam Newsletter 漫游研究所周报 2021W11
-
8
如何把 Roam Research 安利给你的另一半? | Roam Newsletter 漫游研究所周报 2021W12
-
9
创造的自由:低代码开发的时代,人人都是创新者
-
10
“罗马不是一天建成的”:Roam Research 101 系列之每日笔记与页面引用
Pure randomness
-
1
Java: Possible RCEs in X.509 certificate validation [CVE-2018-2633][CVE-2017-10116]
-
2
Java: Exploiting your “unreachable” JRMP/RMI/JMX endpoints [CVE-2018-2800]
-
3
Java: Finally closing the door on JNDI remote classloading [CVE-2018-3149]
-
4
Beware the Nashorn: ClassFilter gotchas
-
5
PSA: Log4Shell and the current state of JNDI injection
Relentless Coding
-
1
Circumventing Antivirus Javascript Detection
-
2
Screen Unlock Meterpreter Script
-
3
Windows Vista + 7 Targets for Screen Unlock Script
-
4
Bypassing Antivirus using De-Obfuscation
-
5
New Javascript packer: JSidle
-
6
Combining the Quicktime "Marshaled_pUnk" exploit with JSidle
-
7
Meterpreter Script to extract chrome browser data
-
8
Social engineering with unicode filenames
-
9
Analyzing the Blackhole Exploit Kit 2.0 with JSDetox
-
10
JSDetox 0.2 released
RPISEC
-
1
TokyoWesterns CTF 2019 - gnote
-
2
CSAW CTF Qualification - Pop Goes the Printer
-
3
HITCON Qualification - LazyHouse
-
4
HITCON Qualification - GoGo PowerSQL
-
5
hxp 36C3 CTF - Compilerbot
-
6
Injecting into 32-bit programs on macOS Mojave
-
7
PlaidCTF 2020 golf.so
-
8
TikTok - A tcache tutorial with our dear friend Ke$ha
-
9
Arm Strong - CSAW Quals 2025
-
10
Colony Defense - CSAW Quals 2025
Sean Heelan’s Blog
-
1
Some Cool Projects from a Dagstuhl Seminar on SAT, SMT and CP
-
2
Automation in Exploit Generation with Exploit Templates
-
3
Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters
-
4
PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
-
5
Optimising an eBPF Optimiser with Prodfiler (Repost)
-
6
60%+ Performance Improvements with Continuous Profiling and Library Matching – Part 1/2 on Combining Dynamic and Static Analysis for Performance Optimisation
-
7
Finding 10x+ Performance Improvements in C++ with CodeQL – Part 2/2 on Combining Dynamic and Static Analysis for Performance Optimisation
-
8
Application optimisation with LLMs: Finding faster, equivalent, software libraries.
-
9
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
-
10
On the Coming Industrialisation of Exploit Generation with LLMs
shift or die
-
1
A portscan by email − HTTP over X.509 revisited
-
2
SMTP over XXE − how to send emails using Java’s XML parser
-
3
Fingerprinting Firefox users with cached intermediate CA certificates (#fiprinca)
-
4
mrmcd CTF writeup: Once Upon A Time
-
5
mrmcd CTF writeup: Friendly Machine
-
6
How to turn a Dromedary camel into a Bactrian camel
-
7
The strange case of the Jekyll and Hyde PDF
-
8
Introducing tmpnix - an alternative to static binaries for post exploitation
-
9
pdml2sbud - pretty network packets in your terminal
-
10
Turning off certificate validation with Java instrumentation
Skeleton Scribe
-
1
Chronofeit Phishing
-
2
Hackxor hacking game beta
-
3
Simulating targets for XSS/CSRF attacks in hacking games
-
4
JS-less XSS
-
5
Sparse Bruteforce Addon Detection
-
6
Phrack ebook
-
7
X-Frame-Options gotcha
-
8
Practical HTTP Host header attacks
-
9
Comma Separated Vulnerabilities
-
10
Exploiting Path Relative Style-Sheet Imports (PRSSI)