Who am I

  • CDU大二学生&ID:wanth3f1ag&酸萝卜战队

CDU sophomore & ID: wanth3f1ag & Sour Radish Team

  • 主要方向是Web安全

The main focus is web security.

  • 目前主攻Javasec&域渗透(略懂)

Currently focusing on Javasec and domain penetration (just a little).

这个博客对我来说,不只是一个发文章的地方,更像是一份长期维护的学习档案。我会把做过的题、踩过的坑、复现过的漏洞、分析过的利用链都尽量整理下来,一方面方便自己回看,另一方面也希望把零散的知识慢慢沉淀成体系。

This blog is more than just a place to post articles; it’s like a long-term, maintained learning archive. I’ll try my best to organize the problems I’ve solved, the pitfalls I’ve encountered, the vulnerabilities I’ve reproduced, and the exploit chains I’ve analyzed. This is partly for my own reference, and partly to gradually solidify scattered knowledge into a systematic whole.

What am i recording

  • Web 安全基础与常见漏洞

Web Security Fundamentals and Common Vulnerabilities

  • CTF 赛题记录,尤其是 Web / Java 方向

CTF competition record, especially in the Web/Java category.

  • Java 安全学习,包括反序列化、JNDI、内存马、框架利用链等内容

Java security learning, including deserialization, JNDI, memory exploits, framework exploit chains, etc.

  • 漏洞复现与利用链拆解

Vulnerability Reproduction and Exploitation Chain Disassembly

  • 应急响应、流量分析、内网渗透中的零散实践与总结

Scattered practices and summaries in emergency response, traffic analysis, and internal network penetration

  • 日常生活碎碎念&总结

Random Thoughts and Summary of Daily Life

Why write this blog

  • 做备忘录,避免“学过一遍,过段时间又忘了”

Make memos to avoid “learning something once and then forgetting it after a while”.

  • 做复盘,把零散知识串起来,形成自己的理解路径

By reviewing past experiences, we can connect scattered pieces of knowledge and form our own path to understanding.

  • 逼自己把“看懂了”变成“写明白了”

Force yourself to transform “understanding” into “writing it clearly”.

  • 给未来的自己留一份能回头翻的学习痕迹

Leave a record of your learning for your future self to look back on.

now and later

现在的我还在持续补基础、补源码、补工程化视角,也还在不断修正自己的学习方式。希望以后这里不只是题解和笔记,也会慢慢积累出更完整的专题整理、漏洞分析,以及一些更成体系的 Java 安全内容。

I’m still continuously learning the fundamentals, studying source code, and gaining an engineering perspective, while also constantly refining my learning methods. I hope that in the future this will not only consist of problem solutions and notes, but will also gradually accumulate more comprehensive thematic summaries, vulnerability analyses, and more systematic Java security content.

如发现文章纰漏或希望探讨技术细节,亦或者想交友认识一下,欢迎通过QQ咨询我

If you find any errors in the article, wish to discuss technical details, or are interested in making friends, please feel free to contact me via QQ.