Collections of Orange Tsai's public presentation slides. You can find me at:
- Blog: https://blog.orange.tw/
- Mail: [email protected]
- Twitter: @orange_8361
2021
- A Journey Combining Web Hacking and Binary Exploitation in Real World!
- RealWorld CTF (Live Forum)
- OWASP Hong Kong TechDay
- (blog) A Journey Combining Web Hacking and Binary Exploitation in Real World!
2020
2019
- Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
- Black Hat USA
- DEFCON
- HITCON
- CODE BLUE
- HITB GSEC
- RomHack
- (blog) Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!
- (blog) Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
- (blog) Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!
- 你用它上網,我用它進你內網 - 知名電信商設備遠端代碼執行漏洞
- DEVCORE Conference
- (blog) 你用它上網,我用它進你內網! 中華電信數據機遠端代碼執行漏洞
- Hacking Jenkins!
2018
- Breaking Parser Logic - Take Your Path Normalization off and Pop 0days Out!
- Black Hat USA
- DEFCON
- CODE BLUE
- Hack.lu
- (blog) How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System
- 從一個脆弱點到串起整個攻擊鏈
- 先知白帽大會
- HITCON
- 從一個脆弱點到串起整個攻擊鏈 (JavaScript ver)
- TDOH Conf
2017
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
- Black Hat USA
- DEFCON
- Black Hat Asia (2018)
- HITCON
- CODE BLUE
- HITB GSEC
- (blog) How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
2016
2015
- Web Hacking 中的奇技淫巧 - Epic Tricks in Web Hacking
- HITCON
- 關於 HITCON CTF 的那些事 - Web 狗如何在險惡的 CTF 世界中存活?
- Wooyun Summit
2014
- 掃吧你!從協議面抓出機歪的遠端桌面後門
- HITCON
2013
- 0-Day 輕鬆談(0-Day Easy Talk) - Happy Fuzzing Internet Explorer
- HITCON
- Best Practices - The Upload
- WebConf Taiwan
- 矛盾大對決
- PHPConf Taiwan
- 駭客看 Django
- PyCon Taiwan
2012
- Security in PHP 那些在滲透測試的小技巧
- PHPConf Taiwan
- 網頁安全 Web Security 入門
- Study Area
2011
- SQL Injection from Past to Now
- AVTOKYO
- 關於SQL Injection的那些奇技淫巧
- Chroot Meetup