My-Presentation-Slides

Orange Tsai's public presentation slides. You can find me at:

• Blog: https://blog.orange.tw/
• Mail: orange.8361@gmail.com
• Twitter: @orange_8361

2024

• Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
  • Black Hat USA
  • Additional Materials:
    • [Blog] - Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

2023

• A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learneds
  • HITCON
  • Romhack
  • Hexacon
  • CODE BLUE
  • Additional Materials:
    • YoutTube Video
• 從 2013 到 2023: Web Security 十年之進化及趨勢!
  • WebConf
  • Additional Materials:
    • [Blog] - 從 2013 到 2023: Web Security 十年之進化與趨勢!
• From Zero to Hero — 從零開始的 Pwn2Own 奪冠之路
  • DEVCORE Conference

2022

• Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
  • Black Hat USA
  • DEFCON
  • HITCON
  • CODE BLUE
  • Additional Materials:
    • [Blog] - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS

2021

• The Proxy Era of Microsoft Exchange Server
  • POC2021
  • CODE BLUE
  • HITCON
  • Additional Materials:
    • [Blog] - A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
• ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!
  • Black Hat USA
  • DEFCON
  • Additional Materials:
    • [Blog] - A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
    • [Blog] - A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
    • [Blog] - A New Attack Surface on MS Exchange Part 3 - ProxyShell!
• A Journey Combining Web Hacking and Binary Exploitation in Real World!
  • RealWorld CTF (Live Forum)
  • OWASP Hong Kong TechDay
  • Additional Materials:
    • [Blog] - A Journey Combining Web Hacking and Binary Exploitation in Real World!
• 從初出茅廬到破解大師: 我的 14 年駭客生涯回顧
  • iThome CYBERSEC 2021 台灣資安大會

2020

• How I Hacked Facebook Again!
  • HITCON
  • Additional Materials:
  • [Blog] - How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

2019

• Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
  • Black Hat USA
  • DEFCON
  • HITCON
  • CODE BLUE
  • HITB GSEC
  • RomHack
  • Additional Materials:
    • [Blog] - Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!
    • [Blog] - Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
    • [Blog] - Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!
• 你用它上網，我用它進你內網 - 知名電信商設備遠端代碼執行漏洞
  • DEVCORE Conference
  • Additional Materials:
    • [Blog] - 你用它上網，我用它進你內網! 中華電信數據機遠端代碼執行漏洞
• Hacking Jenkins!
  • Pass the Salt
  • Becks.io
  • HITB GSEC
  • Additional Materials:
    • [Blog] - Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
    • [Blog] - Hacking Jenkins Part 1 - Play with Dynamic Routing

2018

• Breaking Parser Logic - Take Your Path Normalization off and Pop 0days Out!
  • Black Hat USA
  • DEFCON
  • CODE BLUE
  • Hack.lu
  • Additional Materials:
    • [Blog] - How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System
• 從一個脆弱點到串起整個攻擊鏈
  • 先知白帽大會
  • HITCON
• 從一個脆弱點到串起整個攻擊鏈 (JavaScript ver)
  • TDOH Conf

2017

• A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
  • Black Hat USA
  • DEFCON
  • Black Hat Asia (2018)
  • HITCON
  • CODE BLUE
  • HITB GSEC
  • Additional Materials:
    • [Blog] - How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!

2016

• Bug Bounty 獎金獵人甘苦談 那些年我回報過的漏洞
  • HITCON
  • Additional Materials:
    • [Blog] - HITCON 2016 投影片 - Bug Bounty 獎金獵人甘苦談 那些年我回報過的漏洞

2015

• Web Hacking 中的奇技淫巧 - Epic Tricks in Web Hacking
  • HITCON
• 關於 HITCON CTF 的那些事 - Web 狗如何在險惡的 CTF 世界中存活？
  • Wooyun Summit

2014

• 掃吧你！從協議面抓出機歪的遠端桌面後門
  • HITCON

2013

• 0-Day 輕鬆談(0-Day Easy Talk) - Happy Fuzzing Internet Explorer
  • HITCON
• Best Practices - The Upload
  • WebConf Taiwan
• 矛盾大對決
  • PHPConf Taiwan
• 駭客看 Django
  • PyCon Taiwan

2012

• Security in PHP 那些在滲透測試的小技巧
  • PHPConf Taiwan
• 網頁安全 Web Security 入門
  • Study Area

2011

• SQL Injection from Past to Now
  • AVTOKYO
• 關於SQL Injection的那些奇技淫巧
  • Chroot Meetup