Categories
Security (74) Front-end (29) JavaScript (16) Web (8) React (7) Algorithm (3) Others (18) Back-end (4) Android (2)

Security

corCTF 2023 & Sekai CTF 2023 Writeup
Math jail - Intigriti 0823 XSS Challenge Author Writeup
GoogleCTF + zer0ptsCTF + ImaginaryCTF 2023 Writeup
EJS Vulnerabilities in CTF
ReDoS: Attacks using regexp
Android App Reverse Engineering Part 4: Dynamic Analysis with Frida
Android App Reverse Engineering Part 3: Monitoring App Packets
Android App Reverse Engineering Part 2: Modifying Smali Code
Android App Reverse Engineering Part 1: Decompiling and Rebuilding APKs
Preparation Experience for Japan's FE and SG Exams for Zero-Day Japanese Beginners
LINE CTF 2023 Notes
DiceCTF 2023 Notes
Intigriti 0123 Challenge Writeup - Second Order MongoDB JS Injection
Is it meaningful to encrypt passwords when calling APIs on the website frontend?
Summary of CTF Web Frontend and JS Challenges in 2022
RCTF 2022 Notes
Notes on Several CTF Challenges Related to Web and JS
Hack.lu CTF 2022 Notes
SekaiCTF 2022 Notes and Concurrent Limit
SekaiCTF 2022 - safelist writeup
Stealing Data with CSS - CSS Injection (Part 2)
Stealing Data with CSS - CSS Injection (Part 1)
Who pollutes your prototype? Find the libs on cdnjs in an automated way
Intigriti 0822 XSS Challenge Author Writeup
corCTF 2022 writeup - modernblog
UIUCTF 2022 Notes
Insecure Deserialization in JavaScript: GoogleCTF 2022 Web/HORKOS Writeup
GoogleCTF 2022 Notes
justCTF 2022 Notes
justCTF 2022 - Baby XSLeak Write-up
DEF CON CTF 2022 Qualifier Notes
m0leCon CTF 2022 Notes
WordPress Plugin VikBooking <= 1.5.3 Unauthorized RCE Vulnerability Details
ångstromCTF 2022 Notes
ångstromCTF 2022 Writeup
Revenge of Intigriti 0422 Challenge Author Writeup
Intigriti 0422 XSS Challenge Author Writeup
How much do you know about script type?
What do you know about script type?
The Magical Features of RegExp and String Replacement in JavaScript
The Magical Features of RegExp and String Replacement in JavaScript
Notes XSS Challenge Author Writeup
picoCTF 2022 Notes
iframe and window.open black magic
SSRF and Account Takeover via XSS in ERPNext
Details of Amelia < 1.0.49 Sensitive Information Disclosure Vulnerability
Sensitive Data Disclosure in WordPress Plugin Amelia < 1.0.49
LINE CTF 2022 Notes
TSJ CTF 2022 - web/Nim Notes Notes
SUSCTF 2022 Writeup
Intigriti 0222 XSS Challenge Author Writeup
Various JS and Front-end Tips I Learned from DiceCTF 2022
Story of critical security flaws I found in Glints
SQL injection in action: Speeding up under restrictions
How a flawed password reset mechanism can lead to account takeover vulnerabilities? Matters as an example
Understanding the Log4j and Log4Shell Vulnerabilities through Surveillance Cameras
CPSA (CREST Practitioner Security Analyst) Exam Experience
HITCON 2021 x DEVCORE Wargame Write-up
Learning HTML Again from Intigriti's October XSS Challenge
Discovering My Lack of Front-end Knowledge through Cybersecurity
XSS from scratch: history and origin
Prototype Pollution: An Attack Technique Based on JS Prototype Chain
Issues to be aware of when implementing redirect functionality: Open Redirect
What is Clickjacking Attack
Understanding Front-end Supply Chain Attacks and Defenses through the Vulnerability of cdnjs
Intigriti July XSS Challenge: Breaking Through Multiple Levels
DoS Attack Using Cookie: Cookie Bomb
Intigriti June XSS Challenge Review
A Brief Discussion on the Various Aspects of XSS Attacks and Defense
Intigriti's 0521 XSS Challenge Solution: Limited Character Combination Code
Solving Intigriti's 0421 XSS Challenge (Part 1)
Preventing XSS may be more difficult than you think
BambooFox CTF 2021 writeup
An Introduction to DOM Clobbering and Its Applications

Front-end

TIL:img src also supports mp4 (Safari only)
An Introduction to the Tailwind CSS and Atomic CSS
Trying out new features with Chrome Origin Trials
The Art of Turning Same Site into Same Origin!
Creating HTML Web Pages Suitable for Printing as PDFs with Paged.js
Some useful CSS properties that are not easy to remember
Writing a Simple and Usable ESLint Plugin
CORS Complete Guide (6): Summary, Afterword, and Leftovers
CORS Complete Guide (5): Security Issues of Cross-Origin
CORS Complete Guide (Part 4): Understanding the Specification
CORS Complete Guide (Part 3): CORS in Detail
CORS Complete Guide (Part 2): How to Solve CORS Issues?
CORS Complete Guide (Part 1): Why CORS Errors Occur?
Why is Vite so fast? Starting with ES modules
An interesting styled components bug
Introduction to webpack and snowpack for beginners
Common Problems for Beginners Learning SPA: Router Example
Solid Front-end Learning Path and Resource Recommendations
Functional CSS Experience Sharing: Is It a Blessing or a Curse?
Learning Front-end Development from Redux Creator Dan Abramov’s Article
PWA Practical Experience Sharing
CORS is not as simple as I thought
CSS keylogger: Attack and Defense
The Most Beginner-Friendly RxJS Tutorial
Unified Web Payment Interface: Payment Request API
Front-end Separation and SPA
DOM Event Propagation: Capturing and Bubbling
Understanding Ajax and Cross-Origin Requests Easily
Let's talk about CSRF

JavaScript

Common Mistakes When Using Numbers in JavaScript
Counting all data types in JavaScript
Understanding the Execution Environment (Runtime) in JavaScript
Your JavaScript Knowledge Might Be Wrong
Understanding JavaScript from its history
A Brief Discussion on Time and Timezone Handling in JavaScript
How to write console.log(1) without using letters and numbers in JavaScript?
Am I weird for finding JavaScript functions interesting?
Exploring the Performance Issues of let and var from V8 bytecode
Synchronous and Asynchronous in JavaScript (Part 1): Become a Callback Master!
Understanding JavaScript's Number One Headache: this
All Functions are Closures: Discussing Scope and Closure in JS
I know you understand hoisting, but how deep do you know?
A Deep Dive into Parameter Passing in JavaScript: Call by Value or Reference?
Understanding JavaScript Prototype Chain
[Javascript] Promise, generator, async and ES6

Web

Starting a Journey with SessionStorage
Console.log Issues You Need to Pay Attention to
Don’t break the Web: The Case of SmooshGate and <keygen>
In-depth Session and Cookie: Implementation in Express, PHP, and Rails
A Brief Discussion on Session and Cookie: Reading RFC Together
The Battle to Save the Teapot: 418 I am a teapot
Understanding HTTP Cache Mechanism Gradually
The Most Difficult Cookie Problem I've Ever Encountered

React

I don't know React (Part 1)
A Discussion on state and useEffect in React
Differences between class and function components from practical examples
Understanding keyPress and keyDown events in React source code
A Brief Introduction to React Fiber and Its Impact on Lifecycles
React Performance Optimization Challenge: Understanding Immutable Data and shouldComponentUpdate
[Javascript] Detailed Explanation of Redux Middleware

Algorithm

Tips for Beginners in Solving Programming Problems
Reviewing Classic Sorting Algorithms with JavaScript
Introduction to Binary Search

Others

Updating Blog with chatGPT
Consider Using Eleventy to Write Technical Blog Posts Besides Hexo
A Simple Guide to Regular Expressions
How to Build Your Own Online Judge System
From Nand To Tetris: Understanding Computer Operations by Building One
Moving from GitHub Issues back to Hexo
The Evolution of Web Scraping on Medium
Behind the Scenes: Design and Easter Eggs of Lidemy HTTP Challenge
My Experience Fixing a Bug in the Open Source Project Spectrum
Can I be called a senior engineer after two years?
Using Github Classroom and Travis CI to Build a Homework Submission System
Experience of Moving Blog: From Logdown to Hexo
Lidemy Lithium Academy: An Online Programming Course Platform for Beginners
A Free Programming Experiment for Thirty People: Results and Review
Notes on HLS Protocol
An Ocean-like Programming Course: CS50
My Ideal Interview Process
[Experience] iTerm2 + zsh, creating a better working environment

Back-end

AWS Lambda + GitHub API + Google Sheet = Automated Sign-in System
Redis: The Perfect Companion for Databases
Building RESTful API with Node.js
[Experience] Struggling with DDoS: nginx, iptables and fail2ban

Android

Quickly Obtain APK Related Information
[Android] APK Decompilation for Everyone