If you ever record your screen at work, you’ll find yourself navigating the cursor most of the time when programming/writing, instead of typing. Therefore, the lesser time to move the cursor means more time for typing/thinking!

Luckily, using Karabiner with a configuration inspired by UHK (Ultimate Hacking Keyboard) and a faster keyboard repeat rate, your cursor can fly anywhere you want it to be, in real-time.

Before we jump in, let’s see what MacOS has to offer.

macOS Keyboard Navigation Shortcuts

  • ⌘←: go to the beginning of the line

In 2019, I discovered multiple vulnerabilities in QNAP PhotoStation and CGI programs. These vulnerabilities can be chained into a pre-auth root RCE. All QNAP NAS models are vulnerable, and there are ~312K vulnerable QNAS NAS instances on the Internet (statistical prediction). These vulnerabilities have been responsibly reported, fixed and assigned CVE-2019–7192 (CVSS 9.8), CVE-2019–7193 (CVSS 9.8), CVE-2019–7194 (CVSS 9.8), CVE-2019–7195 (CVSS 9.8). This article is the first public disclosure, but only 3 of the vulnerabilities are disclosed, because they’re enough to achieve pre-auth root RCE.


Vulnerable Instances

The following Shodan search reveals 564K QNAP instances on the Internet. Among those, 590 of…

Type Less and Do More

Shells like bash, zsh come with many great features to save repeated typing, but most of them are buried in those informative, yet lengthy man pages. This article demonstrates some of the most time-saving features and commands that I heavily use every day.

NOTE: The demonstrations are made in bash, but most of them are applicable in zsh as well.

Before We Jump In

If the following scenario already makes sense to you, then you don’t need to read this article. Otherwise, I bet this article will help you save a lot of precious time if you use terminal every day as I do.

I passed my OSCP exam, and I rooted all 5 exam machines in 11 hours and 4 minutes (excluding rest time). In the lab, I exploited 46 machines (40 rooted, 6 user). This article is to share:

  • some of the good/bad decisions I made


I have very little pentest experience before PWK, but I’ve been working in the cybersec industry as blueteam for almost 6 years, and I have reported several CVEs (mostly RCEs). …


I discovered a file inclusion vulnerability in index.php from PMA 4.8.0 ~ 4.8.1, and it is assigned CVE-2018–12613. It is caused by a validation bypass in the vulnerable path checking function Core::checkPageValidity. This vulnerability enables an authenticated remote attacker to execute arbitrary PHP code on the server.

Vulnerability Explained

There is a file inclusion in index.php:

if (! empty($_REQUEST['target'])
&& is_string($_REQUEST['target'])
&& ! preg_match('/^index/', $_REQUEST['target'])
&& ! in_array($_REQUEST['target'], $target_blacklist)
&& Core::checkPageValidity($_REQUEST['target'])
) {
include $_REQUEST['target'];
// ...

This include used to be properly protected by the conditions in the if statement, but in the 4.8.0 release, the last check is…

Henry Huang

Into programming, bug hunting

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store