{"version":1,"pages":[{"id":"-MHdUOflR_Mm3U1XTsNN","title":"About Calvin Lai (fkclai)","pathname":"/calvin-lai-security","siteSpaceId":"sitesp_ZuiZZ","description":"I am working in the IT industry for over 25 years. For the first 15-years worked on web applications and middle-tier development, in recent years, I focus on application security and management work."},{"id":"-MHdhcLeospo7mefiMBN","title":"My Work","pathname":"/calvin-lai-security/my-work","siteSpaceId":"sitesp_ZuiZZ","description":"130n@calvinlai.com"},{"id":"Dn2r8l4VumsIdiNdKBCX","title":"Cyber Security Centre (CSC)","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Cyber Security "}]},{"id":"Ymf0FPYdOlDgfKfR6Xwx","title":"Why we need a CSC","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc/why-we-need-a-csc","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Cyber Security "},{"label":"Cyber Security Centre (CSC)"}]},{"id":"U69BLsMRPUQKLtQHc1uw","title":"CSC Team Structure: Roles, Functions, and Tools","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc/csc-team-structure-roles-functions-and-tools","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Cyber Security "},{"label":"Cyber Security Centre (CSC)"}]},{"id":"QFRH0u8hVyp7suFksYgF","title":"Key Function & Role","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc/csc-team-structure-roles-functions-and-tools/key-function-and-role","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Cyber Security "},{"label":"Cyber Security Centre (CSC)"},{"label":"CSC Team Structure: Roles, Functions, and Tools"}]},{"id":"bNyWqysf5M9pHrFZu6pL","title":"Tools & Platforms","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc/csc-team-structure-roles-functions-and-tools/tools-and-platforms","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Cyber Security "},{"label":"Cyber Security Centre (CSC)"},{"label":"CSC Team Structure: Roles, Functions, and Tools"}]},{"id":"pOTI5ZDpQsNjxTl050AF","title":"People","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc/csc-team-structure-roles-functions-and-tools/people","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Cyber Security "},{"label":"Cyber Security Centre (CSC)"},{"label":"CSC Team Structure: Roles, Functions, and Tools"}]},{"id":"4SYDU9ym9YWYsRzINADq","title":"Outsource Strategy","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc/csc-team-structure-roles-functions-and-tools/outsource-strategy","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Cyber Security "},{"label":"Cyber Security Centre (CSC)"},{"label":"CSC Team Structure: Roles, Functions, and Tools"}]},{"id":"hM8IFgp768eRNFvPIQux","title":"HRMC Executive Paper","pathname":"/calvin-lai-security/cyber-security/cyber-security-centre-csc/hrmc-executive-paper","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Cyber Security "},{"label":"Cyber Security Centre (CSC)"}]},{"id":"vuXVCRxpPaNTv5ZXNR7m","title":"Detection and Response","pathname":"/calvin-lai-security/detection-and-response","siteSpaceId":"sitesp_ZuiZZ","description":"April 2025"},{"id":"fJN8K58sV8Ity1Va3PKI","title":"Playbook: Threat Prioritization & Automated Response Strategies","pathname":"/calvin-lai-security/detection-and-response/playbook-threat-prioritization-and-automated-response-strategies","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Detection and Response"}]},{"id":"VyeKXAmlfGAHKoE6kruL","title":"Scenario: Detecting and Mitigating a Ransomware Attack","pathname":"/calvin-lai-security/detection-and-response/playbook-threat-prioritization-and-automated-response-strategies/scenario-detecting-and-mitigating-a-ransomware-attack","siteSpaceId":"sitesp_ZuiZZ","description":"April 2025","breadcrumbs":[{"label":"Detection and Response"},{"label":"Playbook: Threat Prioritization & Automated Response Strategies"}]},{"id":"wTyrD34c5uCfQJLeyElL","title":"Scenario: DC Sync Attack Detected and Mitigated","pathname":"/calvin-lai-security/detection-and-response/playbook-threat-prioritization-and-automated-response-strategies/scenario-dc-sync-attack-detected-and-mitigated","siteSpaceId":"sitesp_ZuiZZ","description":"April 2025","breadcrumbs":[{"label":"Detection and Response"},{"label":"Playbook: Threat Prioritization & Automated Response Strategies"}]},{"id":"zWpm0yBZXQIkmbpRzdeq","title":"Scenario: Pass-the-Hash (PtH) Attack Detected and Contained","pathname":"/calvin-lai-security/detection-and-response/playbook-threat-prioritization-and-automated-response-strategies/scenario-pass-the-hash-pth-attack-detected-and-contained","siteSpaceId":"sitesp_ZuiZZ","description":"April 2025","breadcrumbs":[{"label":"Detection and Response"},{"label":"Playbook: Threat Prioritization & Automated Response Strategies"}]},{"id":"jxFUHR7I1FmhTnfjS4Oj","title":"Scenario: Phishing Campaign with Malware / Credential Theft Detected and Mitigated","pathname":"/calvin-lai-security/detection-and-response/playbook-threat-prioritization-and-automated-response-strategies/scenario-phishing-campaign-with-malware-credential-theft-detected-and-mitigated","siteSpaceId":"sitesp_ZuiZZ","description":"📅 Date: May 2025","breadcrumbs":[{"label":"Detection and Response"},{"label":"Playbook: Threat Prioritization & Automated Response Strategies"}]},{"id":"PG3xDArmUrkPNRdosiYn","title":"Student Module Registration Flow Series using Microservices & Event-Driven Architecture","pathname":"/calvin-lai-security/application-architecture/student-module-registration-flow-series-using-microservices-and-event-driven-architecture","siteSpaceId":"sitesp_ZuiZZ","description":"Last updated: 10:47 PM HKT, Tuesday, September 23, 2025.","breadcrumbs":[{"label":"Application Architecture"}]},{"id":"OC46LTXfZH9MvfnV3kAF","title":"Student Module Registration Flow in Microservices & Event-Driven Architecture","pathname":"/calvin-lai-security/application-architecture/student-module-registration-flow-series-using-microservices-and-event-driven-architecture/student-module-registration-flow-in-microservices-and-event-driven-architecture","siteSpaceId":"sitesp_ZuiZZ","description":"A Scalable, Resilient Workflow for Academic System","breadcrumbs":[{"label":"Application Architecture"},{"label":"Student Module Registration Flow Series using Microservices & Event-Driven Architecture"}]},{"id":"0D6QB90yQBwWuBX1apYh","title":"Optimizing Event-Driven Workflows in Microservices: Patterns for Scalability and Resilience","pathname":"/calvin-lai-security/application-architecture/student-module-registration-flow-series-using-microservices-and-event-driven-architecture/student-module-registration-flow-in-microservices-and-event-driven-architecture/optimizing-event-driven-workflows-in-microservices-patterns-for-scalability-and-resilience","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Architecture"},{"label":"Student Module Registration Flow Series using Microservices & Event-Driven Architecture"},{"label":"Student Module Registration Flow in Microservices & Event-Driven Architecture"}]},{"id":"os9F3cdTSDdAMywIgInk","title":"Enhancing Security in a Microservices-Based Student Module Registration System","pathname":"/calvin-lai-security/application-architecture/student-module-registration-flow-series-using-microservices-and-event-driven-architecture/student-module-registration-flow-in-microservices-and-event-driven-architecture/enhancing-security-in-a-microservices-based-student-module-registration-system","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Architecture"},{"label":"Student Module Registration Flow Series using Microservices & Event-Driven Architecture"},{"label":"Student Module Registration Flow in Microservices & Event-Driven Architecture"}]},{"id":"zLdLaNJ7rGGscCPAtvQk","title":"Comparison of MVC , N-tier and Microservice Architecture","pathname":"/calvin-lai-security/application-architecture/comparison-of-mvc-n-tier-and-microservice-architecture","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Architecture"}]},{"id":"dWO0aWvLaB6IQnKLIOiQ","title":"AI: Using RAG-Based Enquiry Assistant using Vector Database","pathname":"/calvin-lai-security/ai-using-rag-based-enquiry-assistant-using-vector-database","siteSpaceId":"sitesp_ZuiZZ","description":"Developing a RAG-Based Enquiry Assistant with Amazon Bedrock, Vector Databases, and Full-Stack Integration"},{"id":"reZzlLl67tB9KRKfzMym","title":"RAG Architecture Deep Dive","pathname":"/calvin-lai-security/ai-using-rag-based-enquiry-assistant-using-vector-database/rag-architecture-deep-dive","siteSpaceId":"sitesp_ZuiZZ","description":"Working in Progress","breadcrumbs":[{"label":"AI: Using RAG-Based Enquiry Assistant using Vector Database"}]},{"id":"VI8h0LWfLpr6q7e2xuB1","title":"Embedding and Vector Store Integration","pathname":"/calvin-lai-security/ai-using-rag-based-enquiry-assistant-using-vector-database/embedding-and-vector-store-integration","siteSpaceId":"sitesp_ZuiZZ","description":"Working in Progress","breadcrumbs":[{"label":"AI: Using RAG-Based Enquiry Assistant using Vector Database"}]},{"id":"px7GYNvt91G6yihyCt6Z","title":"Backend API with AWS Lambda","pathname":"/calvin-lai-security/ai-using-rag-based-enquiry-assistant-using-vector-database/backend-api-with-aws-lambda","siteSpaceId":"sitesp_ZuiZZ","description":"Working in Progress","breadcrumbs":[{"label":"AI: Using RAG-Based Enquiry Assistant using Vector Database"}]},{"id":"ELquKfZNHC4CobCcK0jZ","title":"Frontend Chatbot with React","pathname":"/calvin-lai-security/ai-using-rag-based-enquiry-assistant-using-vector-database/frontend-chatbot-with-react","siteSpaceId":"sitesp_ZuiZZ","description":"Working in Progress","breadcrumbs":[{"label":"AI: Using RAG-Based Enquiry Assistant using Vector Database"}]},{"id":"K7o4ypcTwP2W42wEFccq","title":"Others integration","pathname":"/calvin-lai-security/ai-using-rag-based-enquiry-assistant-using-vector-database/others-integration","siteSpaceId":"sitesp_ZuiZZ","description":"Working in Progress","breadcrumbs":[{"label":"AI: Using RAG-Based Enquiry Assistant using Vector Database"}]},{"id":"WE9nhD8ZZEZbD0PAAvfT","title":"Securing React Native Applications with Java Microservices","pathname":"/calvin-lai-security/application-security/securing-react-native-applications-with-java-microservices","siteSpaceId":"sitesp_ZuiZZ","description":"Working in Progress","breadcrumbs":[{"label":"Application Security "}]},{"id":"DaSFRKiWy6gEXxL7wvQP","title":"Securing WebView-Based Mobile Applications with Java Microservices","pathname":"/calvin-lai-security/application-security/securing-webview-based-mobile-applications-with-java-microservices","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"kPwn6Tr24pHJPmBAYbMB","title":"OAuth, SAML, and OpenID Connect: Key Differences and Use Cases","pathname":"/calvin-lai-security/application-security/oauth-saml-and-openid-connect-key-differences-and-use-cases","siteSpaceId":"sitesp_ZuiZZ","description":"April 2025","breadcrumbs":[{"label":"Application Security "}]},{"id":"00aUloI05eX0nqUdPpKh","title":"Secure Coding Principles","pathname":"/calvin-lai-security/application-security/secure-coding-principles","siteSpaceId":"sitesp_ZuiZZ","description":"August 2022","breadcrumbs":[{"label":"Application Security "}]},{"id":"Rpe5yjeGvAxtQeh2ILpr","title":"HTTP Header Security Principles","pathname":"/calvin-lai-security/application-security/http-header-security-principles","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"Z6Zt7SLrFODWi8b57psD","title":"Mitigating Broken Object Level Authorization (BOLA)","pathname":"/calvin-lai-security/application-security/mitigating-broken-object-level-authorization-bola","siteSpaceId":"sitesp_ZuiZZ","description":"10 November 2024","breadcrumbs":[{"label":"Application Security "}]},{"id":"KHg99uLLPT3KYhbS04UI","title":"Spring Boot Validation","pathname":"/calvin-lai-security/application-security/spring-boot-validation","siteSpaceId":"sitesp_ZuiZZ","description":"Spring Boot Validation to Address Lack of Input Validation","breadcrumbs":[{"label":"Application Security "}]},{"id":"uUhuYqRi4jm9nblVnwr0","title":"Output Encoding in JavaServer Faces (JSF)","pathname":"/calvin-lai-security/application-security/output-encoding-in-javaserver-faces-jsf","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"AqArUyJeFVGWCFWxx65a","title":"Session Management Security Issues","pathname":"/calvin-lai-security/application-security/session-management-security-issues","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"8v93QUA0FxHwpZhU5j6z","title":"Common API Security Problems","pathname":"/calvin-lai-security/application-security/common-api-security-problems","siteSpaceId":"sitesp_ZuiZZ","description":"Understanding and Mitigating Common API Security Problems","breadcrumbs":[{"label":"Application Security "}]},{"id":"0jn1jRlz2dV7YRDgO6NF","title":"Broken Authentication","pathname":"/calvin-lai-security/application-security/common-api-security-problems/broken-authentication","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Common API Security Problems"}]},{"id":"TKQIXu6RXfjJlLt4ePT9","title":"Excessive Data Exposure","pathname":"/calvin-lai-security/application-security/common-api-security-problems/excessive-data-exposure","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Common API Security Problems"}]},{"id":"M2OOFQwARq6H2JJ5UXOQ","title":"Lack of Resources & Rate Limiting","pathname":"/calvin-lai-security/application-security/common-api-security-problems/lack-of-resources-and-rate-limiting","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Common API Security Problems"}]},{"id":"t0181gnuzIjeA2Pd6VlZ","title":"Broken Function Level Authorization","pathname":"/calvin-lai-security/application-security/common-api-security-problems/broken-function-level-authorization","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Common API Security Problems"}]},{"id":"MvPpBHjPEBwWFI1aZ7h4","title":"Unsafe Consumption of APIs","pathname":"/calvin-lai-security/application-security/common-api-security-problems/unsafe-consumption-of-apis","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Common API Security Problems"}]},{"id":"YwJUwT6ECy2D4fysBnE7","title":"JAVA Exception Handling","pathname":"/calvin-lai-security/application-security/java-exception-handling","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"Vtx1wElFQYfHna7d5EOp","title":"File Upload Validation","pathname":"/calvin-lai-security/application-security/file-upload-validation","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"uGEeZwd2OsWZi4shRnsK","title":"OAuth 2.0 Security","pathname":"/calvin-lai-security/application-security/oauth-2.0-security","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"pTz3HMKS5vNdHQB2lBfK","title":"Insecure Storage of Access Tokens","pathname":"/calvin-lai-security/application-security/oauth-2.0-security/insecure-storage-of-access-tokens","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"OAuth 2.0 Security"}]},{"id":"Iz0MsZp4LmUfXGwW4B1s","title":"Microservice Security","pathname":"/calvin-lai-security/application-security/microservice-security","siteSpaceId":"sitesp_ZuiZZ","description":"Application Security Issues in microservice at Multi-Service Provider Environments","breadcrumbs":[{"label":"Application Security "}]},{"id":"6eGW9UjpvGZrIrF7KZXh","title":"Sample Coding Demo","pathname":"/calvin-lai-security/application-security/microservice-security/sample-coding-demo","siteSpaceId":"sitesp_ZuiZZ","description":"A sample code implementation illustrating how Spring Security can help address these challenges","breadcrumbs":[{"label":"Application Security "},{"label":"Microservice Security"}]},{"id":"OVclkBQaxCMXrDm7qRG9","title":"Service Implementation","pathname":"/calvin-lai-security/application-security/microservice-security/sample-coding-demo/service-implementation","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Microservice Security"},{"label":"Sample Coding Demo"}]},{"id":"cijZcQt8VypBVSZagjcq","title":"Client Interaction","pathname":"/calvin-lai-security/application-security/microservice-security/sample-coding-demo/client-interaction","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Microservice Security"},{"label":"Sample Coding Demo"}]},{"id":"ifVTz2uooXFb3QXOvAkn","title":"Security Solution for Microservices Architecture","pathname":"/calvin-lai-security/application-security/microservice-security/security-solution-for-microservices-architecture","siteSpaceId":"sitesp_ZuiZZ","description":"Enterprise Security and Integration Solutions for Microservices Gateways solution","breadcrumbs":[{"label":"Application Security "},{"label":"Microservice Security"}]},{"id":"Jme6fflG7hqdMNUPOPQR","title":"Modifying and Protecting Java Class Files","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"pQMM6zgQ7HTSK9v6Up2F","title":"Modify a Class File Inside a WAR File","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/modify-a-class-file-inside-a-war-file","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"}]},{"id":"Ik4Q23mWzthjYlUGJVNo","title":"Demo: 1. Create Java Web Application","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/modify-a-class-file-inside-a-war-file/demo-1.-create-java-web-application","siteSpaceId":"sitesp_ZuiZZ","description":"July 2025","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"},{"label":"Modify a Class File Inside a WAR File"}]},{"id":"C0JNph0jEj9YN0qh3NSv","title":"Demo: 2. Modify the Class file","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/modify-a-class-file-inside-a-war-file/demo-2.-modify-the-class-file","siteSpaceId":"sitesp_ZuiZZ","description":"July 2025","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"},{"label":"Modify a Class File Inside a WAR File"}]},{"id":"lBaKbTg6QnDXlNN80aXC","title":"Direct Bytecode Editing","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/direct-bytecode-editing","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"}]},{"id":"dhNcnFkXqleTQD7CPMMg","title":"Steps to Directly Edit a Java Class File","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/direct-bytecode-editing/steps-to-directly-edit-a-java-class-file","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"},{"label":"Direct Bytecode Editing"}]},{"id":"qdeYuRTW9tu5msBNcl3p","title":"Update: Java Bytecode Editing Tools","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/direct-bytecode-editing/steps-to-directly-edit-a-java-class-file/update-java-bytecode-editing-tools","siteSpaceId":"sitesp_ZuiZZ","description":"April 2025","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"},{"label":"Direct Bytecode Editing"},{"label":"Steps to Directly Edit a Java Class File"}]},{"id":"xTeGwxPdIRrqG0GGxWU8","title":"Techniques to Protect Java Class Files","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/techniques-to-protect-java-class-files","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"}]},{"id":"relY1SAYrlpRE2J8rPVo","title":"Runtime Decryption in WebLogic","pathname":"/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/techniques-to-protect-java-class-files/runtime-decryption-in-weblogic","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"Modifying and Protecting Java Class Files"},{"label":"Techniques to Protect Java Class Files"}]},{"id":"NnejrQbjDqR4OS16qjN7","title":"JAVA Program","pathname":"/calvin-lai-security/application-security/java-program","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "}]},{"id":"Xf2YmLCTiPVjwdbKD3QE","title":"Secure, Concurrent Web Access Using Java and Tor","pathname":"/calvin-lai-security/application-security/java-program/secure-concurrent-web-access-using-java-and-tor","siteSpaceId":"sitesp_ZuiZZ","description":"A Comprehensive Guide for developing a Secure, Concurrent Web Access Using Java and Tor:","breadcrumbs":[{"label":"Application Security "},{"label":"JAVA Program"}]},{"id":"kZzaBlGAxrA6D42qIpGm","title":"Creating a Maven Java project in Visual Studio Code","pathname":"/calvin-lai-security/application-security/java-program/creating-a-maven-java-project-in-visual-studio-code","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Application Security "},{"label":"JAVA Program"}]},{"id":"-MIy0QhWye_F6JlenjjD","title":"ZeroLogon Exploit","pathname":"/calvin-lai-security/exploit-cve-poc/zerologon-exploit","siteSpaceId":"sitesp_ZuiZZ","description":"CVE-2020-1472, 6 Oct 2020","breadcrumbs":[{"label":"Exploit/CVE PoC"}]},{"id":"-MN90xGo7Npl4JuT_4Za","title":"Remote Retrieved Chrome saved Encrypted Password","pathname":"/calvin-lai-security/exploit-cve-poc/remote-getting-chrome-saved-encrypted-password","siteSpaceId":"sitesp_ZuiZZ","description":"21 May 2018","breadcrumbs":[{"label":"Exploit/CVE PoC"}]},{"id":"-MN94IGBSRa-rE8a8j1S","title":"Twitter Control an RCE attack","pathname":"/calvin-lai-security/exploit-cve-poc/twitter-control-an-rce-attack","siteSpaceId":"sitesp_ZuiZZ","description":"18 May 2018","breadcrumbs":[{"label":"Exploit/CVE PoC"}]},{"id":"-MUlPEXDFJdU1b3DGip1","title":"Hits & Summary","pathname":"/calvin-lai-security/hack-the-box-writeup/htb-hits-and-summary","siteSpaceId":"sitesp_ZuiZZ","description":"Hack the Box, try harder and harder","breadcrumbs":[{"label":"Hacking Report (HTB)"}]},{"id":"xZvb1eWtNtJxNWhXJzCi","title":"Tools & Cheat Sheet","pathname":"/calvin-lai-security/hack-the-box-writeup/htb-hits-and-summary/tools-and-cheat-sheet","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Hits & Summary"}]},{"id":"-MHdv0f8cqJxon_I8DXB","title":"Windows Machine","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Hacking Report (HTB)"}]},{"id":"-MawWSYEgKe8yn-UoVDR","title":"Love 10.10.10.239","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/love-10.10.10.239","siteSpaceId":"sitesp_ZuiZZ","description":"You could claim that anything's real if the only basis for believing in it is that nobody's proved it doesn't exist! <J.K. Rowling>","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHe0S1WsRqe6mx6OIC9","title":"Blackfield 10.10.10.192","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/blackfield","siteSpaceId":"sitesp_ZuiZZ","description":"I know the sky is not the limit because there are footprints on the Moon — and I made some of them! #Buzz Aldrin","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHdw-Jv50YZC-iTGD2K","title":"Remote 10.10.10.180","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/remote","siteSpaceId":"sitesp_ZuiZZ","description":"It doesn’t matter how many times you get knocked down. All that matters is you get up one more time than you were knocked down. <Roy T. Bennett0 May 2020>","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MNBAetkdNLAZEof8y0V","title":"Sauna 10.10.10.175","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/sauna","siteSpaceId":"sitesp_ZuiZZ","description":"Technology is just a tool. In terms of getting the kids working together and motivating them, the teacher is the most important. <Bill Gates>","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MPDGL0mHSaNNxlxm952","title":"Forest 10.10.10.161","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/forest","siteSpaceId":"sitesp_ZuiZZ","description":"Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. <John Lambert>","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHdrsKRtiw9s5wRJtcL","title":"Sniper","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/sniper","siteSpaceId":"sitesp_ZuiZZ","description":"09 Feb 2020","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHdrljJdU3Z4RlknVDK","title":"Json","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/json","siteSpaceId":"sitesp_ZuiZZ","description":"19 Sep 2019","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHdsOqqOvjwyr_qqiZQ","title":"Heist","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/heist","siteSpaceId":"sitesp_ZuiZZ","description":"26.10.2019","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHdrhqbvlQNWgRvDQmV","title":"Blue","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/blue","siteSpaceId":"sitesp_ZuiZZ","description":"18 Sep 2019","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHdrYnQOgNt1q2nQkfp","title":"Legacy","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/legacy","siteSpaceId":"sitesp_ZuiZZ","description":"17 Sep 2019","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHda5i2Jdp0Y4mGJ9Cz","title":"Resolute","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/resolute","siteSpaceId":"sitesp_ZuiZZ","description":"10.10.10.169, windows machine.","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHe14aID1Nbsti4--tz","title":"Cascade","pathname":"/calvin-lai-security/hack-the-box-writeup/windows-machine/cascade","siteSpaceId":"sitesp_ZuiZZ","description":"20 July 2020","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Windows Machine"}]},{"id":"-MHdv59xBzGKBoHTA0yK","title":"Linux Machine","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Hacking Report (HTB)"}]},{"id":"JP5ycVFqRA2FwbCUt4W6","title":"Photobomb 10.10.11.182","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/photobomb-10.10.11.182","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"Ex6a9fpM0FO4VbT5t6JQ","title":"Pandora 10.10.11.136","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/pandora-10.10.11.136","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-Mj7o6eQBt4Fxq_6heIQ","title":"BountyHunter 10.10.11.100","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/bountyhunter-10.10.11.100","siteSpaceId":"sitesp_ZuiZZ","description":"by 130n@calvinlai.com, 11 Sep 2021","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MiiqdW4IhRGvSRlfBgm","title":"CAP 10.10.10.245","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/cap-10.10.10.245","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-Mb1pFgvNwLUYSAf8wkT","title":"Spectra 10.10.10.229","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/spectra-10.10.10.229","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MUVnqkj3uQC0jHBtRXj","title":"Ready 10.10.10.220","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/ready-10.10.10.220","siteSpaceId":"sitesp_ZuiZZ","description":"The good thing about science is that it's true whether or not you believe in it. <Neil deGrasse Tyson>","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MST3DmF9L4jQBRrpEOf","title":"Doctor 10.10.10.209","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/doctor-10.10.10.209","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MPWxF_zbbWBNxxksEop","title":"Bucket 10.10.10.212","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/bucket-10.10.10.212","siteSpaceId":"sitesp_ZuiZZ","description":"No technology that's connected to the internet is unhackable. <Abhijit Naskar>","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MKiQvxw5GlnnCrBLYfT","title":"Blunder 10.10.10.191","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/blunder-10.10.10.191","siteSpaceId":"sitesp_ZuiZZ","description":"Persistence is very important. You should not give up unless you are forced to give up (Elon Musk)","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MNlHdxAH_GmRBYZPAaS","title":"Registry 10.10.10.159","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/registry-10.10.10.178","siteSpaceId":"sitesp_ZuiZZ","description":"Look up at the stars and not down at your feet <Stephen Hawking>","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MHe-teMOfxV79O0B9zp","title":"Magic","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/magic","siteSpaceId":"sitesp_ZuiZZ","description":"04 July 2020","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"-MHe02PZffKhDhsDxXYd","title":"Tabby","pathname":"/calvin-lai-security/hack-the-box-writeup/linux-machine/tabby","siteSpaceId":"sitesp_ZuiZZ","description":"28 Jun 2020","breadcrumbs":[{"label":"Hacking Report (HTB)"},{"label":"Linux Machine"}]},{"id":"xRZlBG2MdqH0ZPVCEjPW","title":"Web Application PenTest","pathname":"/calvin-lai-security/penetration-testing/web-application-pentest","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Penetration Testing"}]},{"id":"3Fh0Eg83C9OkOUXfsIgO","title":"Network/System PenTest","pathname":"/calvin-lai-security/penetration-testing/network-system-pentest","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Penetration Testing"}]},{"id":"2U1iVLsdBShrTHTu4Iou","title":"Mobile Penetration Test","pathname":"/calvin-lai-security/penetration-testing/mobile-penetration-test","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Penetration Testing"}]},{"id":"4Z24kQwpTtLYempCb2I4","title":"Certificate Pinning","pathname":"/calvin-lai-security/penetration-testing/mobile-penetration-test/certificate-pinning","siteSpaceId":"sitesp_ZuiZZ","description":"A security technique used in mobile app to ensure that the app communicates only with a specific server by validating the server's certificate against a known, hardcoded certificate or public key.","breadcrumbs":[{"label":"Penetration Testing"},{"label":"Mobile Penetration Test"}]},{"id":"Pqu2vUPqmfo37am7rvNA","title":"Certificate Pinning Bypass (Android)","pathname":"/calvin-lai-security/penetration-testing/mobile-penetration-test/certificate-pinning/certificate-pinning-bypass-android","siteSpaceId":"sitesp_ZuiZZ","description":"Bypassing certificate pinning using three different methods: Frida, Xposed Framework with JustTrustMe, and Modifying APK.","breadcrumbs":[{"label":"Penetration Testing"},{"label":"Mobile Penetration Test"},{"label":"Certificate Pinning"}]},{"id":"F73hxzGfBAy2pnkOIGOs","title":"Root a Android Device","pathname":"/calvin-lai-security/penetration-testing/mobile-penetration-test/certificate-pinning/certificate-pinning-bypass-android/root-a-android-device","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Penetration Testing"},{"label":"Mobile Penetration Test"},{"label":"Certificate Pinning"},{"label":"Certificate Pinning Bypass (Android)"}]},{"id":"pbV8q4Yn5iAP9QKICkKh","title":"Setup Proxy Tool - Burp Suite","pathname":"/calvin-lai-security/penetration-testing/mobile-penetration-test/certificate-pinning/certificate-pinning-bypass-android/setup-proxy-tool-burp-suite","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Penetration Testing"},{"label":"Mobile Penetration Test"},{"label":"Certificate Pinning"},{"label":"Certificate Pinning Bypass (Android)"}]},{"id":"0wICWONtLRGxAGXId0Po","title":"Checklist","pathname":"/calvin-lai-security/penetration-testing/mobile-penetration-test/checklist","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Penetration Testing"},{"label":"Mobile Penetration Test"}]},{"id":"tzvVogqPqKhj61XHglSK","title":"Advanced Persistent Threat (APT) groups","pathname":"/calvin-lai-security/threat-intelligence/advanced-persistent-threat-apt-groups","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Threat Intelligence"}]},{"id":"jx9MeQJ7PpQR9DOg8Sh5","title":"North Korean APT Groups","pathname":"/calvin-lai-security/threat-intelligence/advanced-persistent-threat-apt-groups/north-korean-apt-groups","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Threat Intelligence"},{"label":"Advanced Persistent Threat (APT) groups"}]},{"id":"3h4qRSHGiYoxQLPd8P1K","title":"Chinese APT Groups","pathname":"/calvin-lai-security/threat-intelligence/advanced-persistent-threat-apt-groups/chinese-apt-groups","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Threat Intelligence"},{"label":"Advanced Persistent Threat (APT) groups"}]},{"id":"W3FDoEwRVUhmPH9lAFMK","title":"Russian APT Groups","pathname":"/calvin-lai-security/threat-intelligence/advanced-persistent-threat-apt-groups/russian-apt-groups","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Threat Intelligence"},{"label":"Advanced Persistent Threat (APT) groups"}]},{"id":"eqZQpD8EzbtdupKkUNOe","title":"Other APT","pathname":"/calvin-lai-security/threat-intelligence/advanced-persistent-threat-apt-groups/other-apt","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Threat Intelligence"},{"label":"Advanced Persistent Threat (APT) groups"}]},{"id":"N55fhEodBYkfV4smiztM","title":"01 Reconnaissance","pathname":"/calvin-lai-security/red-team-windows/01-reconnaissance","siteSpaceId":"sitesp_ZuiZZ","description":"January 2022","breadcrumbs":[{"label":"Red Team (Windows)"}]},{"id":"VYBlAtCPhNNHS4BAOm8x","title":"02 Privileges Escalation","pathname":"/calvin-lai-security/red-team-windows/02-privileges-escalation","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Red Team (Windows)"}]},{"id":"tXvi8G5aFbS5hHAXYo3Z","title":"03 Lateral Movement","pathname":"/calvin-lai-security/red-team-windows/03-lateral-movement","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Red Team (Windows)"}]},{"id":"IEY40RvkkH3Doj7NTTdB","title":"04 AD Attacks","pathname":"/calvin-lai-security/red-team-windows/04-ad-attacks","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Red Team (Windows)"}]},{"id":"d3RHAElpJ6vyaTjvOY3p","title":"DCSync","pathname":"/calvin-lai-security/red-team-windows/04-ad-attacks/dcsync","siteSpaceId":"sitesp_ZuiZZ","description":"MITRE ATT&CK T1003.006","breadcrumbs":[{"label":"Red Team (Windows)"},{"label":"04 AD Attacks"}]},{"id":"gxUo1xTl5XS7t4rQklxJ","title":"05 Bypass-Evasion","pathname":"/calvin-lai-security/red-team-windows/05-bypass-evasion","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Red Team (Windows)"}]},{"id":"QDnFhvHx4i6qpXT9y5Gd","title":"06 Kerberos Attack","pathname":"/calvin-lai-security/red-team-windows/06-kerberos-attack","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Red Team (Windows)"}]},{"id":"zoXrv4lSyOqtI5uGSLGR","title":"99 Basic Command","pathname":"/calvin-lai-security/red-team-windows/99-basic-command","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Red Team (Windows)"}]},{"id":"-MHenJHJ3pta9_tbK5jz","title":"01 Reconnaissance","pathname":"/calvin-lai-security/tools/01-reconnaissance","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MHeif1joZj0AKCTSu8L","title":"02 Port Enumeration","pathname":"/calvin-lai-security/tools/02-eumernation","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MHf2g90phj4u6Ed37th","title":"03 Web Enumeration","pathname":"/calvin-lai-security/tools/03-web-enum-and-exploit","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MHfYA7XnLAsZg_FqnPF","title":"04 Windows Enum & Exploit","pathname":"/calvin-lai-security/tools/04-windows-enum-and-exploit","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"QO9GaDzePHIwwwWqI2dE","title":"Windows Credential Dumping","pathname":"/calvin-lai-security/tools/04-windows-enum-and-exploit/windows-credential-dumping","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"},{"label":"04 Windows Enum & Exploit"}]},{"id":"-MI7T9GK37JV91x16Rq5","title":"Credential Dumping: SAM","pathname":"/calvin-lai-security/tools/04-windows-enum-and-exploit/windows-credential-dumping/dumping-windows-credentials","siteSpaceId":"sitesp_ZuiZZ","description":"Dumping the NTL Hash","breadcrumbs":[{"label":"Exploitation Guide"},{"label":"04 Windows Enum & Exploit"},{"label":"Windows Credential Dumping"}]},{"id":"6D6pKwT6Xq6PgYGCYv7h","title":"Credential Dumping: DCSync","pathname":"/calvin-lai-security/tools/04-windows-enum-and-exploit/windows-credential-dumping/credential-dumping-dcsync","siteSpaceId":"sitesp_ZuiZZ","description":"May 2022","breadcrumbs":[{"label":"Exploitation Guide"},{"label":"04 Windows Enum & Exploit"},{"label":"Windows Credential Dumping"}]},{"id":"-MHo4XiS-_6nk1EnHHAX","title":"Kerberos Attack","pathname":"/calvin-lai-security/tools/04-windows-enum-and-exploit/09-kerberos-attack","siteSpaceId":"sitesp_ZuiZZ","description":"January 2020","breadcrumbs":[{"label":"Exploitation Guide"},{"label":"04 Windows Enum & Exploit"}]},{"id":"-MIPTqHImdpuld8sDZhI","title":"RDP","pathname":"/calvin-lai-security/tools/04-windows-enum-and-exploit/rdp","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"},{"label":"04 Windows Enum & Exploit"}]},{"id":"-MHl1nGazR4Ydqrz1Q_z","title":"05 File Enumeration","pathname":"/calvin-lai-security/tools/05-file-enumeration","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MHdhVq_mZwp9cSnTTXy","title":"06 Reverse Shell Cheat Sheet","pathname":"/calvin-lai-security/tools/exploitation-command","siteSpaceId":"sitesp_ZuiZZ","description":"The syntax of generating reverse TCP shell payload","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MHdqUegd2pk0Z_HKUxK","title":"Windows Reverse Shell","pathname":"/calvin-lai-security/tools/exploitation-command/windows-reverse-shell","siteSpaceId":"sitesp_ZuiZZ","description":"This page is going to show the generation of reverse shell payload for Windows environment.","breadcrumbs":[{"label":"Exploitation Guide"},{"label":"06 Reverse Shell Cheat Sheet"}]},{"id":"-MHdp8hG9rZY0qCcq5zY","title":"Linux Reverse Shell","pathname":"/calvin-lai-security/tools/exploitation-command/linux-reverse-shell","siteSpaceId":"sitesp_ZuiZZ","description":"This page is going to show the generation of reverse shell payload for Linux environment.","breadcrumbs":[{"label":"Exploitation Guide"},{"label":"06 Reverse Shell Cheat Sheet"}]},{"id":"-MHjbD4jLpskwzc2o2QN","title":"07 SQL Injection","pathname":"/calvin-lai-security/tools/06-sql-injection","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MHl8sNIMoGyokXM_aR7","title":"08 BruteForce","pathname":"/calvin-lai-security/tools/08-bruteforce","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MaggDQcSL8fsEoeZ_ts","title":"09 XSS Bypass Checklist","pathname":"/calvin-lai-security/tools/09-xss","siteSpaceId":"sitesp_ZuiZZ","description":"XSS ByPass, CTF","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-Mb-tACidTaqJpjjBjPN","title":"10 Spring Boot","pathname":"/calvin-lai-security/tools/10-spring-boot","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-Mfv_CP8_3RoLSh0TM22","title":"11 WPA","pathname":"/calvin-lai-security/tools/11-wpa","siteSpaceId":"sitesp_ZuiZZ","description":"aircrack-ng","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MjKPMfY-8BWOlYx8obl","title":"12 Payload list","pathname":"/calvin-lai-security/tools/12-payload-list","siteSpaceId":"sitesp_ZuiZZ","description":"XXS, injection, open-redirect, XXE, rfi & lfi","breadcrumbs":[{"label":"Exploitation Guide"}]},{"id":"-MHeKsUbKWJVmJtxMg_-","title":"MrRobot","pathname":"/calvin-lai-security/vuln-hub-writeup/mrrobot","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHeKTMPzlMmH3Jh6783","title":"CYBERRY","pathname":"/calvin-lai-security/vuln-hub-writeup/cyberry","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHeKLyXqblO0x0dRZfV","title":"MATRIX 1","pathname":"/calvin-lai-security/vuln-hub-writeup/matrix-1","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHeHCFEoT7QF0yCiHu9","title":"Node-1","pathname":"/calvin-lai-security/vuln-hub-writeup/node-1-without-msf","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHeGqfYT-U4HS1anRnI","title":"DPwwn-1","pathname":"/calvin-lai-security/vuln-hub-writeup/dpwwn-1","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHe7ib83skpwiB1aNPj","title":"DC7","pathname":"/calvin-lai-security/vuln-hub-writeup/dc7","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHe55KT4diyrdIG70x0","title":"AiWeb-2","pathname":"/calvin-lai-security/vuln-hub-writeup/aiweb-2","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHdt8ELl5M8U1o5R6Cq","title":"AiWeb-1","pathname":"/calvin-lai-security/vuln-hub-writeup/aiweb-1","siteSpaceId":"sitesp_ZuiZZ","description":"29 AUGUST 2019","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"-MHeH5SLQCznVxChrhaJ","title":"BrainPan","pathname":"/calvin-lai-security/vuln-hub-writeup/brainpan","siteSpaceId":"sitesp_ZuiZZ","description":"22 MAY 2019","breadcrumbs":[{"label":"Vuln Hub (Writeup)"}]},{"id":"SQZEEif0YwrtbhQQ8fOw","title":"CTF Tools & Tips","pathname":"/calvin-lai-security/ctf-writeup/ctf-tools-and-tips","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"CTF (Writeup & Tips)"}]},{"id":"-MHk6X27vAm58fyRzgYd","title":"Hacker One","pathname":"/calvin-lai-security/ctf-writeup/hacker-one","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"CTF (Writeup & Tips)"}]},{"id":"-MHeL4pL6XUcr3STCK10","title":"CTF Learn","pathname":"/calvin-lai-security/ctf-writeup/ctf-learn","siteSpaceId":"sitesp_ZuiZZ","description":"https://ctflearn.com/","breadcrumbs":[{"label":"CTF (Writeup & Tips)"}]},{"id":"-MHeNfeScx7G7CamBRDY","title":"P.W.N. University - CTF 2018","pathname":"/calvin-lai-security/ctf-writeup/p.w.n.-university-ctf-2018","siteSpaceId":"sitesp_ZuiZZ","description":"https://uni.hctf.fun/","breadcrumbs":[{"label":"CTF (Writeup & Tips)"}]},{"id":"-MHesHUrRG_RBBFpvHM6","title":"HITCON","pathname":"/calvin-lai-security/ctf-writeup/hitcon","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"CTF (Writeup & Tips)"}]},{"id":"J9SfxbHfiHk3TN3b4P3C","title":"Pwnable","pathname":"/calvin-lai-security/ctf-writeup/pwnable","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"CTF (Writeup & Tips)"}]},{"id":"C8nwJpYIV3XhpGE5o11Q","title":"01 Start","pathname":"/calvin-lai-security/ctf-writeup/pwnable/01-start","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"CTF (Writeup & Tips)"},{"label":"Pwnable"}]},{"id":"ncsZvLuKMnBCONf07iqA","title":"Kali","pathname":"/calvin-lai-security/useful-command/kali","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Useful Command/Tools"}]},{"id":"-MHpvp6hM_JWWTLV4IA4","title":"Windows","pathname":"/calvin-lai-security/useful-command/windows","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Useful Command/Tools"}]},{"id":"-MHvTN_9s6gpHMQbMUm-","title":"Linux","pathname":"/calvin-lai-security/useful-command/linux","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Useful Command/Tools"}]},{"id":"-MHjAr32Uu74HbDO1p-D","title":"Lab","pathname":"/calvin-lai-security/oscp-lab-and-exam/lab","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Offensive Security Lab & Exam"}]},{"id":"eQb2E8184HNFk3fVEMBi","title":"Tools for an Offensive Certification","pathname":"/calvin-lai-security/oscp-lab-and-exam/tools-for-an-offensive-certification","siteSpaceId":"sitesp_ZuiZZ","description":"Commands, Payloads and Resources for an Offensive Certification.","breadcrumbs":[{"label":"Offensive Security Lab & Exam"}]},{"id":"Osv2bgDg5WyhPlTbd3zU","title":"Strategy for an Offensive Exam Certification","pathname":"/calvin-lai-security/oscp-lab-and-exam/tools-for-an-offensive-certification/strategy-for-an-offensive-exam-certification","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Offensive Security Lab & Exam"},{"label":"Tools for an Offensive Certification"}]},{"id":"zIcfAX0rKt8boGRLrPZf","title":"CVEs","pathname":"/calvin-lai-security/oscp-lab-and-exam/tools-for-an-offensive-certification/strategy-for-an-offensive-exam-certification/cves","siteSpaceId":"sitesp_ZuiZZ","description":"Some common CVEs \"May\" be useful in the exam","breadcrumbs":[{"label":"Offensive Security Lab & Exam"},{"label":"Tools for an Offensive Certification"},{"label":"Strategy for an Offensive Exam Certification"}]},{"id":"TRPLuqCMu4Z5LWBNb497","title":"Privilege Escalation","pathname":"/calvin-lai-security/oscp-lab-and-exam/tools-for-an-offensive-certification/strategy-for-an-offensive-exam-certification/privilege-escalation","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Offensive Security Lab & Exam"},{"label":"Tools for an Offensive Certification"},{"label":"Strategy for an Offensive Exam Certification"}]},{"id":"41Y44dvnsGlBAwndNK5n","title":"Commands","pathname":"/calvin-lai-security/oscp-lab-and-exam/tools-for-an-offensive-certification/strategy-for-an-offensive-exam-certification/commands","siteSpaceId":"sitesp_ZuiZZ","description":"","breadcrumbs":[{"label":"Offensive Security Lab & Exam"},{"label":"Tools for an Offensive Certification"},{"label":"Strategy for an Offensive Exam Certification"}]},{"id":"8UTSYTxykyDa1iBSB1Bc","title":"Impacket","pathname":"/calvin-lai-security/oscp-lab-and-exam/tools-for-an-offensive-certification/strategy-for-an-offensive-exam-certification/impacket","siteSpaceId":"sitesp_ZuiZZ","description":"https://github.com/SecureAuthCorp/impacket","breadcrumbs":[{"label":"Offensive Security Lab & Exam"},{"label":"Tools for an Offensive Certification"},{"label":"Strategy for an Offensive Exam Certification"}]},{"id":"n9HgkT5yM7yN8cTrUskb","title":"Disclaimer","pathname":"/calvin-lai-security/iso-27001/disclaimer","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"}]},{"id":"0MKn9R2mlC143PAYqF98","title":"What is ISO 27001","pathname":"/calvin-lai-security/iso-27001/what-is-iso-27001","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"}]},{"id":"BAC5Yom3UWUqVQJv8mXs","title":"Implementation","pathname":"/calvin-lai-security/iso-27001/what-is-iso-27001/implementation","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"What is ISO 27001"}]},{"id":"evooNGCG4oakY6TpnIcf","title":"Documentation","pathname":"/calvin-lai-security/iso-27001/documentation","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"}]},{"id":"bUdCjh3ywO3qhhpUMa1T","title":"Common Mistake","pathname":"/calvin-lai-security/iso-27001/common-mistake","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"}]},{"id":"4zi2MGMYjoprQmc4mpbG","title":"Q&A","pathname":"/calvin-lai-security/iso-27001/q-and-a","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"}]},{"id":"GWSDjvHfuf2k0R3TUGSm","title":"Can internal audit to replace the risk assessment","pathname":"/calvin-lai-security/iso-27001/q-and-a/can-internal-audit-to-replace-the-risk-assessment","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"Q&A"}]},{"id":"WsbpYw0GKoukQfzFkMKH","title":"Is it sufficient for only the IT department head to support the ISO 27001 program","pathname":"/calvin-lai-security/iso-27001/q-and-a/is-it-sufficient-for-only-the-it-department-head-to-support-the-iso-27001-program","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"Q&A"}]},{"id":"VmD1gJ1TM2ohIBNiP3uj","title":"Does the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?","pathname":"/calvin-lai-security/iso-27001/q-and-a/does-the-business-continuity-plan-bcp-and-a-disaster-recovery-plan-drp-are-the-same","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"Q&A"}]},{"id":"3gu9LSFU8ySGpkQOLLxi","title":"ISO 27001 Controls and Domains","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"}]},{"id":"0os1ZUChwyhrugM6Nm5H","title":"1. Information Security Policies","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/1.-information-security-policies","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"2vLLnNSDvzEFsAuIifXP","title":"2. Organization of Information Security","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/2.-organization-of-information-security","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"vLRfTYdsXydyWoaxRXsC","title":"3. Human Resource Security","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/3.-human-resource-security","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"BuYxDCHZaFm4PIwIUJe0","title":"4. Asset Management","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/4.-asset-management","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"uNZC51pw1xGFlLYLxKzz","title":"5. Access Control","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/5.-access-control","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"iRF6WL78Q03oLQRhlDYb","title":"6. Cryptographic Controls","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/6.-cryptographic-controls","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"fJNBuUqURQ0Nli8L79Qu","title":"7. Physical and Environmental Security","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/7.-physical-and-environmental-security","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"sr3X41IrTYUlnkDgMpfe","title":"8: Operational Security","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/8-operational-security","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"r5hbjj3LEq9Uph7nVAdE","title":"9. Communications Security","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/9.-communications-security","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"cb6fwz8NVGLNIut34CCA","title":"10. System Acquisition, Development, and Maintenance","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/10.-system-acquisition-development-and-maintenance","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"bbCNaRyq2ofgJtjfw6Qh","title":"11. Supplier Relationships","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/11.-supplier-relationships","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"QNEdKn3p9IewEhZQXt3e","title":"12: Information Security Incident Management","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/12-information-security-incident-management","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"qEqh6ljGQXEs932HdHcR","title":"13. Information Security Aspects of Business Continuity Management","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/13.-information-security-aspects-of-business-continuity-management","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"jdNXEU3PKMZoojKkaWgl","title":"14. Compliance","pathname":"/calvin-lai-security/iso-27001/iso-27001-controls-and-domains/14.-compliance","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"ISO 27001"},{"label":"ISO 27001 Controls and Domains"}]},{"id":"n3Izg13BsgxoaW0BUMJ7","title":"IT Risk and Control Library Policy and Procedure","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Risk Management"}]},{"id":"WkWKOxLGtnRG9WyZOjFB","title":"Risk Library","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure/risk-library","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Risk Management"},{"label":"IT Risk and Control Library Policy and Procedure"}]},{"id":"FotqfQiftoJBzS78jMre","title":"Control Library","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure/control-library","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Risk Management"},{"label":"IT Risk and Control Library Policy and Procedure"}]},{"id":"SwY05rDpbEs1DCM7lAnD","title":"Assessment Level","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure/assessment-level","siteSpaceId":"sitesp_ZuiZZ","description":"Three level details of the risk assessment","breadcrumbs":[{"label":"Risk Management"},{"label":"IT Risk and Control Library Policy and Procedure"}]},{"id":"nfiigGFBsj8M7TFUWT36","title":"Control Implementation","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure/control-implementation","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Risk Management"},{"label":"IT Risk and Control Library Policy and Procedure"}]},{"id":"kmFl3PjvpQod5UbLtXeZ","title":"ISRA Project Change Scope Definition","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure/isra-project-change-scope-definition","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Risk Management"},{"label":"IT Risk and Control Library Policy and Procedure"}]},{"id":"6OOP6xPKDVyGPuLeYzzm","title":"ISRA Questionnaire","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure/isra-questionnaire","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Risk Management"},{"label":"IT Risk and Control Library Policy and Procedure"}]},{"id":"Cb3Jn4zMtUrYxu679gMn","title":"Risk Acceptance and Risk Register Policy and Procedure","pathname":"/calvin-lai-security/risk-management/it-risk-and-control-library-policy-and-procedure/risk-acceptance-and-risk-register-policy-and-procedure","siteSpaceId":"sitesp_ZuiZZ","breadcrumbs":[{"label":"Risk Management"},{"label":"IT Risk and Control Library Policy and Procedure"}]}]}