走在時代前沿的前言 歡迎回來小蜥蜴們，我是 CX330！昨天已經讓大家把環境給安裝好了，今天就會正式進入我們的暗影綠鬣蜥訓練！語法的部分我總共打算分為 3 天，也就是 3 篇文章來講解。今天的話會說明一下我對於 Zig 語言的認識以及他的一些特性、構建系統、變數宣告、基礎變數型別等。前面的三天都是語法居多，也滿多內容和範例都是來自於 Zig 語言聖經[1]，滿推薦可以從這裡入門的。 如果有學過 C 語言的話，應該會覺得 Zig 寫起來手感滿像的，上手起來應該會比較快（相較於隔壁的 Rust XD）。 疊甲 中華民國刑法第 362 條：「製作專供犯本章之罪之電腦程式，而供自己或他人犯本章之罪，致生損害於公眾或他人者，處五年以下有期徒刑、拘役或科或併科六十萬元以下罰金。」 本系列文章涉及多種惡意程式的技術，旨在提升個人技術能力與資安意識。本人在此強烈呼籲讀者，切勿使用所學到的知識與技術從事任何違法行為！ Zig 版本 本系列文章中使用的 Zig 版本號為 0.14.1。 我眼中的 Zig 比起很多其他的語言宣稱要成為一個 Better C 來說，於我而言 Zig 更為謙遜且現代，無論是 ...

依照慣例小聊一下 「要參加嗎？我要寫什麼當主題呢？大家都喜歡看什麼樣的內容？我寫的完嗎？三十天其實有點多，會不會沒內容？」 這大概就是我在開賽前的內心活動。 在想要不要開賽的時候一直在思考，思考自己在賽期的其他安排、思考自己是否有時間完成這樣的每日任務、思考自己有沒有足夠多的內容可以支撐三十天，總之我真的想了挺多的。後來因為牛肉湯的其他成員們（yunshiuan、owl_d、檸檬、白臉貓、Panda）也都決定開賽，那身為社長的我肯定也不能不出現吧，所以我們最後就組成了 6 人小隊，牛肉湯加油！ 結果真的開始寫了之後，好不容易已經寫了好幾天，結果卻發生了一件超大的慘事。 我不小心把整個文章所在的資料夾刪掉了。== 明明記得自己都有做好備份，也明明記得自己都有 git push 但是卻居然直接消失！！十幾天之間寫的內容瞬間連灰都不剩，我甚至都開始懷疑自己是不是真的有寫過還是自己做了一個很長的夢。而且自己寫過的很多內容都已經忘記當初是如何編排進度，還有內容的詳細程度等等，所以當我現在開賽當天在寫這篇的時候，就是完全只能憑記憶與印象去拼湊內容。 「天將降大任於斯人也，必先苦其心志，勞其筋骨 ...

Prologue - What is Tao 「一陰一陽之謂道。」——《周易》 In this blog, I’ll introduce Tao, the malware uses Heaven’s Gate and Hell’s Gate techniques. I’ll try to explain the principles behind each of these distinct malware techniques and show how I design Tao in Zig programming language. By the way, this article is not my own research, it references plenty of other researchers’ findings. So it acts more like a note I took while learning from others’ research. If you got time, please take a look at those resear ...

Windows Data Types The Windows API has many datas types outside of the well-known ones (e.g. int, float). The data types are documented and can be viewed here. Some of the common data types are listed below: DWORD - A 32-bit unsigned integer, on both 32-bit and 64-bit systems, used to represent values from 0 up to (2^32 - 1). DWORD dwVariable = 42; size_t - Used to represent the size of an object. It’s a 32-bit unsigned integer on 32-bit systems representing values from 0 up to (2^32 - 1 ...

HTB CBBH Experience Sharing Finally, I’ve got my CBBH certification from HackTheBox on last friday! This certification is totally underrated! It’s content is well-organized & comprehensive. I would say that this is really a good start if you’re interested in offensive web security. It’s a unforgettable experience, and here are some tips for those who also want to join the CBBH gang! 📚 Go through the content twice There’s really A LOT in the whole CBBH content, from different attack approach ...

Why this? Why? Just since it makes my terminal looks prettier and easier to understand. It devides every command into a BLOCK so that I can easily get to the point. How it looks like? The gray line in the graph is how it looks like. You can change the color later in your setup. Setup function print_separator() { local cols=$(tput cols) local color="\033[38;2;68;71;90m" # RGB(68, 71, 90), you can change the color here local reset="\033[0m" printf "\n" printf ...

0x00 Challenge Info Obviously, it’s an LFI vuln. The web application can read the local file to response the different page. 0x01 Reconnaissance We can found that the file can be read by such as page=file:///etc/passwd. 0x02 Exploit Use the file:///flag.txt to read the flag.txt in the root path. 0x03 Pwned