2019

• Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!
• Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!
• Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!(EN)
• Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
• Hacking Jenkins Part 1 - Play with Dynamic Routing (EN)
• Hacking Jenkins Part 1 - Play with Dynamic Routing

2016

• Advisory: Accellion File Transfer Appliance Vulnerability
• Accellion File Transfer Appliance 弱點報告
• How I Hacked Facebook, and Found Someone's Backdoor Script
• 滲透 Facebook 的思路與發現