Official Writeup of SUCTF 2025

My collection to execute os command without using subprocess.Popen.

JDBC Connection URL Attack

Python sandbox escape wiki + payload generator

A curated list of various bug bounty tools

A tool to analyze the network flow during attack/defence Capture the Flag competitions

Attack & Defense CTF Farm based on DestructiveFarm

An Intrusion Prevention System for Attack-Defense CTFs

Reverse proxies cheatsheet

关于我在CTF中的所有东西

Things help you get started with Java Vulnerability

Deserialization payload generator for a variety of .NET formatters

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

how to look for Leaked Credentials !

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1400多个poc/exp，长期更新。

Collection of CTF Web challenges I made

This repo contains solution for ctf challenges

Curated list of project-based tutorials

🏴 🏴 🏴

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

XS-Leaks Wiki

【三万字原创】完全零基础从0到1掌握Java内存马，公众号：追梦信安

A collection of Server-Side Prototype Pollution gadgets and exploits

Collections of Orange Tsai's public presentation slides.

Awesome MXSS ??

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

Content-Type Research