tangjunyi23
@tangjunyi23
Public Skills
auth-bypass
by tangjunyi23
Authentication bypass vulnerability hunting in IoT firmware. Use when analyzing login mechanisms, session management, access control, or authentication logic in web interfaces, APIs, or network services of embedded devices. Triggers on auth bypass, login bypass, session hijacking, or access control analysis tasks.
hardware-debug-interfaces
by tangjunyi23
Hardware debug interface exploitation for embedded devices — UART, JTAG, SWD identification, connection, and security bypass through physical debug ports
bootloader-security
by tangjunyi23
U-Boot and embedded bootloader security analysis — environment variable attacks, secure boot bypass, boot sequence exploitation, and firmware integrity verification
buffer-overflow
by tangjunyi23
Buffer overflow vulnerability hunting in IoT embedded binaries. Use when reverse-engineering ARM/MIPS/x86 binaries for stack-based or heap-based overflow vulnerabilities, analyzing unsafe memory operations (strcpy, sprintf, gets, memcpy), checking binary protections (NX, ASLR, canary), or building overflow PoCs for embedded targets.
iot-network-analysis
by tangjunyi23
IoT network service and protocol vulnerability analysis. Use when analyzing network-facing services (UPnP, MQTT, CoAP, Telnet, RTSP), scanning device ports, testing network service implementations, or analyzing protocol-level vulnerabilities in IoT devices.
command-injection
by tangjunyi23
Command injection vulnerability hunting in IoT firmware. Use when analyzing CGI binaries, web server handlers, SOAP/UPnP interfaces, or any user-input-to-system-call path in embedded devices. Triggers on searching for OS command injection (CWE-78), argument injection (CWE-88), or code injection in firmware binaries and scripts.
privilege-escalation
by tangjunyi23
Embedded device privilege escalation techniques — from limited shell to root, service exploitation, filesystem abuse, kernel vulnerabilities, and misconfigurations in IoT Linux environments
crypto-weakness
by tangjunyi23
Cryptographic weakness and insecure crypto implementation hunting in IoT firmware. Use when analyzing encryption implementations, TLS/SSL configurations, key management, random number generation, or any cryptographic operations in embedded device firmware. Triggers on crypto analysis, weak encryption, insecure TLS, or key management tasks.
firmware-decryption
by tangjunyi23
Firmware decryption, deobfuscation, and unpacking for encrypted IoT firmware images. Use when firmware entropy analysis reveals encrypted/obfuscated content, when binwalk extraction fails due to encryption, when decrypting vendor-specific firmware encryption (D-Link, Netgear, TP-Link, Hikvision, Dahua, ZTE), or when reversing custom XOR/AES/DES encryption applied to firmware update files.
reverse-engineering
by tangjunyi23
Binary reverse engineering and code analysis for IoT firmware using Ghidra and Joern. Use when performing binary analysis with Ghidra headless mode (decompiling, cross-references, imports, dangerous calls), CPG-based vulnerability hunting with Joern (taint analysis, data flow tracking, pattern matching), or any reverse engineering task on ARM/MIPS/x86 embedded binaries. Triggers on tasks requiring decompilation, interprocedural analysis, or static vulnerability scanning of firmware binaries.
firmware-extraction
by tangjunyi23
Firmware extraction and filesystem analysis for IoT devices. Use when analyzing firmware binaries, extracting filesystems with binwalk, identifying firmware format/structure, locating key files after extraction, or performing initial reconnaissance on router/camera/IoT firmware images. Triggers on tasks involving .bin/.img/.trx/.chk firmware files.
rtos-analysis
by tangjunyi23
Real-Time Operating System vulnerability analysis for embedded devices running FreeRTOS, VxWorks, ThreadX, eCos, and other RTOS platforms
format-string-exploitation
by tangjunyi23
Format string vulnerability detection and exploitation in embedded firmware binaries, covering ARM, MIPS, and x86 architectures
hardcoded-credentials
by tangjunyi23
Hardcoded credential and backdoor hunting in IoT firmware. Use when searching for default passwords, API keys, private keys, certificates, debug accounts, hidden backdoor accounts, or embedded secrets in firmware filesystems and binaries. Triggers on credential hunting, password discovery, secret scanning, or backdoor detection tasks.
supply-chain-analysis
by tangjunyi23
Third-party component and supply chain vulnerability analysis for embedded firmware — outdated libraries, known CVEs, open-source component detection, and dependency risk assessment