| Category | Details |
|---|---|
| Languages / IDE |       |
| Domain Knowledge |     |
| CI / CD |    |
| ML / DL Frameworks |     |
| EKSClusterGame | K8s-Lan-Party |
|---|---|
 |
 |
| View on GitHub | View on GitHub |
Focus: Committed to advancing research in cloud security and container security.
| Category | Details |
|---|---|
| CNVD | CNVD-C-2022-369640, CNVD-2022-498774, CNVD-2022-51701, CNVD-C-2023-73489 |
| CNNVD | CNNVD-2023/2024 and over a dozen contributions |
| Focus | - Secured multiple CNNVD certificates on domestic platforms - Exploring international CVE platforms for future contributions - Active research in cloud security SRC |
- WiseFlow - AI-powered security search platform
- Apt_t00ls - Zero-day exploit toolkit
- JarEditor - Fluent Java archive editing tool
- Memexec - Bypasses "noexec" mount flag for arbitrary Linux binary execution via ptrace-less process injection
- Fscan - Add port exclusion during scanning to bypass port honeypots
- Deadpool - Optimize user experience
red-team:
- https://github.com/cdxiaodong/-selenium-nps-
- https://github.com/cdxiaodong/-shell-
- https://github.com/cdxiaodong/NCuploadServletRCE
- https://github.com/cdxiaodong/Apt_t00ls
- https://github.com/cdxiaodong/Transacted-Hollowing-allinone
- https://github.com/cdxiaodong/ASM-hide-RASP
cloud-sercurity:
- https://github.com/cdxiaodong/ebpf-c-tample-action
- https://github.com/cdxiaodong/k8s-2024-21626
- https://github.com/cdxiaodong/docker-for-Verification
chrome plugin:
office efficiency :
- https://github.com/cdxiaodong/CVE-2021-4034-touch
- https://github.com/cdxiaodong/CVE-2024-21626
- 20 container secure CVE images
Some articles are password-protected. Contact me for access!
- Phishing Techniques Report - CD - Insights into modern phishing strategies
- Java Code Audit Getting Started - Beginner’s guide to Java code auditing
- MingYuan Cloud - Security analysis of MingYuan Cloud (Password-protected)
- Java Code Audit Quick Tips - Practical tips for efficient auditing
- Exploiting Java Deserialization with NC - Deserialization exploit techniques
- Java Code Audit: Rapid RCE Exploration - 4-step guide to finding RCE vulnerabilities
- Parallel Batch Exploiting Java RCE - Maximizing efficiency in RCE exploitation
- Java Vulnerabilities Overview - Common Java security issues
- Java 9 Self-Attach Techniques - Advanced Java debugging methods
- From External to Domain Controller via Weblogic - Full penetration path to domain control (Password-protected)
- PHP WebShell: Basics to Advanced - Evolution of PHP WebShell techniques
- Disabling Windows Defender with Turated - Bypassing Defender for testing
- Building a Twitter Crawler - Social media data scraping guide
- Shell Scripting and Development - Practical shell scripting tips
- Exploiting NPS: 10,000+ URLs Leaked - Default credential exploitation (Password-protected)
- Weaponizing Java Deserialization - Crafting deserialization exploits
- Writing Your First Shell - Intro to shellcode development
- Hooking Memory Access Exceptions - Advanced memory hooking techniques
- VT Fully Bypassed Loader - Evading VirusTotal detection (Password-protected)
- Silent Installation of Any File - Stealth installation techniques
- RASP Attack and Defense - Confronting runtime application security
- Deep Learning in Data Feature Extraction - Comparing DL methods for feature extraction
- Kubernetes Goat - Hands-on Kubernetes security lab
- CVE-2024-21626 Analysis - Deep dive into container escape vulnerability
- eBPF in Docker - Leveraging eBPF for container monitoring
- Container Security Verification with eBPF - eBPF-based security solutions
- BAS on Cloud - Breach and attack simulation in cloud environments
- Network Isolation in K8s Security - Securing Kubernetes with network policies
- Chart Studio - Chart Studio
- Favorite Productivity Tips - My go-to efficiency hacks
- Cloud-Native ATT&CK Matrix - Multi-dimensional view of cloud attack techniques
- Top 7 Cloud Attack Paths - Critical cloud security attack vectors
- Favorite Articles Real-Time - Curated security insights updated live
Developed in C++, C#, and C for advanced evasion techniques:
- Audio Reverse Shell - Stealthy reverse shell via audio channels
- AVkiller - Anti-virus evasion toolkit
- Packer - Custom binary packing for obfuscation
- CS - C# utilities for red team operations
- TrustedInstaller Kill WDF (Win10) - Bypassing Windows Driver Framework protections
- STEAL-HOOK - Advanced hooking for stealth execution
- Binary Utility Functions - Reusable binary manipulation functions
- GitHub Journey: Account created on September 12, 2020
- Visitor Tracking: Counting page views since September 12, 2023
