🛠️ My Skills & Expertise

Category	Details
Doing
Languages / IDE
Domain Knowledge
CI / CD
ML / DL Frameworks

EKSClusterGame	K8s-Lan-Party
View on GitHub	View on GitHub

CloudHunterGame	Wiz-Perimeter-Leak
View on GitHub

AI Security Challenge	Breaking The Barriers
View on GitHub

Focus: Committed to advancing research in cloud security and container security. Dream to join Wiz

🔍 Vulnerabilities & Security Research

Category	Details
CNVD	CNVD-C-2022-369640, CNVD-2022-498774, CNVD-2022-51701, CNVD-C-2023-73489
CNNVD	CNNVD-2023/2024 and over a dozen contributions
Focus	- Secured multiple CNNVD certificates on domestic platforms - Exploring international CVE platforms for future contributions - Active research in cloud security SRC

🚀 Projects I've Contributed To

• WiseFlow - AI-powered security search platform
• Apt_t00ls - Zero-day exploit toolkit
• JarEditor - Fluent Java archive editing tool
• Memexec - Bypasses "noexec" mount flag for arbitrary Linux binary execution via ptrace-less process injection
• Fscan - Add port exclusion during scanning to bypass port honeypots
• Deadpool - Optimize user experience
• KubeAPI-Inspector - Add skip-tls-verify

💻I'm also write some codes ;)

red-team:

• https://github.com/cdxiaodong/-selenium-nps-
• https://github.com/cdxiaodong/-shell-
• https://github.com/cdxiaodong/NCuploadServletRCE
• https://github.com/cdxiaodong/Apt_t00ls
• https://github.com/cdxiaodong/Transacted-Hollowing-allinone
• https://github.com/cdxiaodong/ASM-hide-RASP

cloud-sercurity:

• https://github.com/cdxiaodong/ebpf-c-tample-action
• https://github.com/cdxiaodong/k8s-2024-21626
• https://github.com/cdxiaodong/docker-for-Verification

chrome plugin:

• https://github.com/cdxiaodong/Site-Specific-Extension-Manager

office efficiency :

• https://github.com/cdxiaodong/windows-internals-7th-Chinese-
• https://github.com/cdxiaodong/-Docker-

- POC Based

• https://github.com/cdxiaodong/CVE-2021-4034-touch
• https://github.com/cdxiaodong/CVE-2024-21626
• 20 container secure CVE images

📝 Articles You Don’t Want to Miss

Some articles are password-protected. Contact me for access!

🎣 Phishing Techniques

• Phishing Techniques Report - CD - Insights into modern phishing strategies

🌐 Web Penetration & Code Audit

• Java Code Audit Getting Started - Beginner’s guide to Java code auditing
• MingYuan Cloud - Security analysis of MingYuan Cloud (Password-protected)
• Java Code Audit Quick Tips - Practical tips for efficient auditing
• Exploiting Java Deserialization with NC - Deserialization exploit techniques
• Java Code Audit: Rapid RCE Exploration - 4-step guide to finding RCE vulnerabilities
• Parallel Batch Exploiting Java RCE - Maximizing efficiency in RCE exploitation
• Java Vulnerabilities Overview - Common Java security issues
• Java 9 Self-Attach Techniques - Advanced Java debugging methods

🖧 AD & Intranet Penetration

• From External to Domain Controller via Weblogic - Full penetration path to domain control (Password-protected)

💻 Programming & Development Notes

• PHP WebShell: Basics to Advanced - Evolution of PHP WebShell techniques
• Disabling Windows Defender with Turated - Bypassing Defender for testing
• Building a Twitter Crawler - Social media data scraping guide
• Shell Scripting and Development - Practical shell scripting tips
• Exploiting NPS: 10,000+ URLs Leaked - Default credential exploitation (Password-protected)
• Weaponizing Java Deserialization - Crafting deserialization exploits

🛠️ Binary Development

• Writing Your First Shell - Intro to shellcode development
• Hooking Memory Access Exceptions - Advanced memory hooking techniques
• VT Fully Bypassed Loader - Evading VirusTotal detection (Password-protected)

🔒 Security Research

• Silent Installation of Any File - Stealth installation techniques
• RASP Attack and Defense - Confronting runtime application security

🧠 Deep Learning

• Deep Learning in Data Feature Extraction - Comparing DL methods for feature extraction

☁️ Cloud & Container Security

• Kubernetes Goat - Hands-on Kubernetes security lab
• CVE-2024-21626 Analysis - Deep dive into container escape vulnerability
• eBPF in Docker - Leveraging eBPF for container monitoring
• Container Security Verification with eBPF - eBPF-based security solutions
• BAS on Cloud - Breach and attack simulation in cloud environments
• Network Isolation in K8s Security - Securing Kubernetes with network policies

⚙️ Office Efficiency

• Chart Studio - Chart Studio
• Favorite Productivity Tips - My go-to efficiency hacks

🌐 Explore My SaaS Front-End Projects

• Cloud-Native ATT&CK Matrix - Multi-dimensional view of cloud attack techniques
• Top 7 Cloud Attack Paths - Critical cloud security attack vectors
• Favorite Articles Real-Time - Curated security insights updated live

🔴 Red Team Binary Evasion Projects

Developed in C++, C#, and C for advanced evasion techniques:

• Audio Reverse Shell - Stealthy reverse shell via audio channels
• AVkiller - Anti-virus evasion toolkit
• Packer - Custom binary packing for obfuscation
• CS - C# utilities for red team operations
• TrustedInstaller Kill WDF (Win10) - Bypassing Windows Driver Framework protections
• STEAL-HOOK - Advanced hooking for stealth execution
• Binary Utility Functions - Reusable binary manipulation functions

👀 Profile Insights

• GitHub Journey: Account created on September 12, 2020
• Visitor Tracking: Counting page views since September 12, 2023

Thanks for visiting ❤️

📧 Contact me | MIT License

contact me : cdxiaodong@systemshell.org