Personal wiki
Security notes, write-ups, and AI experiments.
Nsdd is a working knowledge base for practical offensive security, Linux incident response, cloud methodology, and AI-assisted research.
"Live a good life, meet slowly."
Latest writing
14 entries across posts and notes.
-
Building a Leader-and-Coworker Multi-Agent System on OpenClaw
Sanitized implementation guide based on a real OpenClaw deployment Version context: OpenClaw 2026.3.8 Pattern: one leader agent plus multiple specialist coworker agents Audience: …
-
Reentrancy Attack Explained:The Deeper Dive into the Vulnerability That Halted The DAO
Reentrancy Attack Explained: The Deeper Dive into the Vulnerability That Halted The DAO Introduction: The Ghosts of The DAO The Reentrancy Attack stands as one of the most …
-
Linux Incident Investigation Handbook for Security Analysts
Introduction Incident investigation is the process of analyzing security incidents to understand what happened, how it occurred, and what was impacted. It is a critical component …
-
Ransom Attack Analysis on ICBCFS
I. Overview In the case of the attack on the Industrial and Commercial Bank of China’s U.S. subsidiary, the possible attack chain includes: External attackers exploited a …
-
Pentesting Cloud Methodology
Support HackTricks and get benefits! If you want to see your company advertised in HackTricks or if you want access to the latest version of the PEASS or download HackTricks in …
-
HTB-Escape-Writeup
Background Escape : Machine. NetSecFocus Trophy Room : Generated by TJnull, recommanded HTB VMs to prepare for OSCP Certs. 0x01 Enumeration Nmap result: PORT STATE SERVICE …
-
HTB-MonitorsTwo-Writeup
Background MonitorsTwo : Machine. NetSecFocus Trophy Room : Generated by TJnull, recommanded HTB VMs to prepare for OSCP Certs. 0x01 Enumeration nmap PORT STATE SERVICE …
-
PWK OSCP Preparation Roadmap
Roadmap for preparing for OSCP Useful handbooks 1. The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 2. Writeups learning: Write-ups for vulnerable …
-
Useful Linux Commands
☁️ HackTricks Cloud ☁️🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥 Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to …
-
Linux Privilege Escalation
HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥 Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have …
-
HTB-Busqueda-Writeup
0x00 Background Busqueda : Machine location. NetSecFocus Trophy Room : Generated by TJnull, recommanded HTB VMs to prepare for OSCP Certs. 0x01 Enumeration Using Nmap to discover …
-
HTB-Precious-Writeup
Background Precious : Machine location. NetSecFocus Trophy Room : Generated by TJnull, recommanded HTB VMs to prepare for OSCP Certs. 0x01 Enumeration Start from ports&svcs …
-
Sec Coding - PHP
[TOC] PHP代码安全规范 1. 代码实现 1.1 输入验证 1.1.1 【必须】按类型进行数据校验 所有程序的外部输出的参数,都应进行数据校验。校验内容包括但不限于:数据长度、数据范围、数据类型和格式。校验不通过,应拒绝。 对于输入数据的验证,应根据预期进行严格的数据校验,对参数的长度、组成、格式等应同时进行验证。任何一项不符合都应拒绝该数据输入。 …
-
Sec Coding - Python
[TOC] 通用类 I. 代码实现 1.1 加密算法 1.1.1【必须】避免使用不安全的哈希算法 DES和3DES已经不再现代应用程序,应改为使用AES。 1.2 程序日志 1.2.1 【建议】对每个重要行为都记录日志 确保重要行为都记录日志,且可靠保存6个月以上。 1.2.2 【建议】禁止将未经验证的用户输入直接记录日志 当日志条目包含未经净化的 …