SHF Security Labs

https://shfsec.com

Technical blog of SHBFinance's IT Security team. The opinions expressed here are solely those of the authors and do not reflect the views of SHBFinance. Wanna join us? hi@shfsec.com

20 40 6 19.3K

realalphaman dot substack dot com

May 6th, 2024 9:48 a.m. 2 min read

CVE-2024-4142 Privilege Escalation in Jfrog Artifactory

312 0 0

Hoan Pham

Mar 4th, 2024 3:11 a.m. 2 min read

CVE-2023-42793-TeamCity-Authentication bypass leading to RCE

CyberSecurity Java penetration testing pentest Security

412 1 0

realalphaman dot substack dot com

Feb 19th, 2024 7:56 a.m. 10 min read

Tìm cách RCE trên Manageengine ServiceDesk version cổ tới mức không bị affect bởi một CVE RCE nào

Java penetration testing pentest Security CyberSecurity

731 0 3

Kaito Vũ

Nov 30th, 2023 6:56 a.m. 4 min read

[CVE-2019-16891] Liferay RCE via JSON Deserialization

CVE-2019-16891 Liferay Java Insecure Deserialization web security

1.6K 0 0

Kaito Vũ

Nov 3rd, 2023 3:59 a.m. 4 min read

[CVE-2023-39361] Unauthenticated SQL injection in Cacti v1.2.24

web security Sql Injection static code analysis CVE-2023-39361

258 0 0

realalphaman dot substack dot com

Oct 23rd, 2023 8:20 a.m. 12 min read

Trending Nov 10th, 2023 7:59 a.m.

Redteam 0x02: Tôi đã compromise hạ tầng của một ngân hàng trong tháng cô hồn như thế nào

Editors' Choice cyber security Java pentest redteam Security

3.8K 11 9

Tri Luu

Sep 11th, 2023 3:40 a.m. 16 min read

Gadget Inspector 101

pentest shfsec

534 1 0

realalphaman dot substack dot com

Sep 7th, 2023 9:37 a.m. 6 min read

Phân tích CVE-2023-39476 Inductive Automation Ignition Deserialization và vấn đề với Gadget Jython2

CVE CyberSecurity Java Java deserialization Python

408 0 0

realalphaman dot substack dot com

Aug 21st, 2023 3:06 a.m. 15 min read

Nghiên cứu về Hessian Deserialization trong một buổi chiều đầu thu

CyberSecurity deserialization Java Java deserialization pentest

650 1 0

realalphaman dot substack dot com

Aug 8th, 2023 8:41 a.m. 8 min read

Java RMI Phần 3 - Bypass JEP 290 để khai thác Deserialization

CyberSecurity Java Java deserialization Security

541 0 0

realalphaman dot substack dot com

Aug 8th, 2023 8:39 a.m. 10 min read

Java RMI Phần 2 - Khai thác JMX service dựa trên RMI

CyberSecurity deserialization Java Security

959 0 0

realalphaman dot substack dot com

Aug 8th, 2023 8:37 a.m. 12 min read

Java RMI Phần 1 - Concept và exploit RMI Server

deserialization Java research Security CyberSecurity

1.4K 1 0

realalphaman dot substack dot com

Aug 2nd, 2023 3:40 a.m. 9 min read

Redteam 0x01: Làm gì khi đã chiếm được quyền điều khiển hệ thống Source code management

GitLab CyberSecurity CVE red team Security

1.6K 2 0

realalphaman dot substack dot com

Jul 6th, 2023 1:53 p.m. 12 min read

Java Webshell - Part 2: Ghi chú về Memory Webshell

CyberSecurity Tomcat Spring servlet webshell

1.5K 0 1

realalphaman dot substack dot com

Jul 6th, 2023 1:41 p.m. 7 min read

Java Webshell - Part 1: Một vài phương pháp tạo ra JSP Webshell

webshell CyberSecurity Java JSP Shell

1.6K 1 0

realalphaman dot substack dot com

Jun 29th, 2023 8:24 a.m. 7 min read

Phân tích CVE-2017-3066 - AMF Deserialization trong Adobe ColdFusion

coldfusion deserialization CyberSecurity pentest CVE

269 1 0

realalphaman dot substack dot com

Jun 28th, 2023 2:25 a.m. 8 min read

JDBC Exploit

Java JDBC MySql

696 3 0

Tri Luu

Jun 15th, 2023 4:43 p.m. 2 min read

Free "Kali" SSH server | Hack mọi lúc mọi nơi

kali SSH free Security

891 2 1

realalphaman dot substack dot com

Jun 15th, 2023 10:30 a.m. 3 min read

Adobe Coldfusion from LFI to RCE (CVE-2023-26359 / CVE-2023-26360)

CVE RCE Security coldfusion shfsec

584 0 0

realalphaman dot substack dot com

Jun 13th, 2023 4:19 p.m. 5 min read

Phân tích gadget CommonsCollections1 trong ysoserial

deserialization Java deserialization Security ysoserial

493 0 0

Members List

Technology stacks

PHP Java Python .NET Go CyberSecurity