Today I spent some time on practicing coding. When I was trying to solve a problem about finding paths with elements whose sum equals to a specified value, given a binary tree and a value, I stumble against some unknown problems.Continue reading “Trick on Appending a List to Another List in Python”
Recently, I am studying on intrusion detection with machine learning, hoping to use what I have learned this semester in Machine Learning course to solve some real life problems. The first topic is using Hidden Markov Models to detect abnormal input for parameters.Continue reading “Detection for Abnormal Params with HMM (with Code)”
K sum problems are the sort of problems that asking you to find the k numbers whose sum is the target when given a number array or list. On LeetCode, there are two sum and three sum problems. Today, I am gonna discuss such kind of problems.Continue reading “K Sum Problem”
When you given a set of commands from a log file such as
.bash_history or something similar, you can definitely judge if this set of commands reveals a evil attack to your computer system by reading it lines by lines if there is not too many commands. However, for those companies, there are such many log files waiting to analyze that it is not possible to audit manually.
As the second CVE ID I have owned, CVE-2018-10574 identifies an arbitrary code
After haivng spent two decades of days on security development in SenseTime, an A.I. company in China, I finally finished a detection system helping company find their private source codes leaked on Github. It did takes some of my effort but fortunately it works well and every morning our team can be informed by the email sent by my detection system.Continue reading “How did I Compromise an IPMS”
Recently, I have been asked several times about what TLS is and how it works. Unfortunately, I failed to give them
SQL Injection is a kind of vulnerability that allows attackers to insert some codes into original SQL statements to trigger some evil function, such as dumping the database or writing
This is a rough translation from one article on my old Chinese blog. The original one was written on Sept. 19th, 2017. Last weekend, when I was playing a CTF game, I got an interesting challenge about GraphQL. That was my first time to see GraphQL. At that time, I spent some time on Google, trying to get more detail about it, but finally found a few things impressive. This time, I took a twice look at it. Although it may lack some depth, it is enough to be a note.
Last week, I saw a challenge of pwn. The source code has been provided, and what you are asked to do is to pwn the vulnerable program.Continue reading “Pwn-RET Address Overwrite”