用 CSS 來偷資料 - CSS injection(上)
blog.huli.tw • Web

用 CSS 來偷資料 - CSS injection(上) lanying37 • 15 hours ago

0   

JBoss Remoting Connector 4446端口反序列化分析
跳跳糖 - 安全与分享社区

JBoss Remoting Connector 4446端口反序列化分析 lanying37 • 15 hours ago

0   

Bw3ll/sharem
github.com • Tools

SHAREM - Windows Shellcode 辅助分析和构造的工具 Jett • 23 hours ago

0   

Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
medium.com

Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes Jett • 23 hours ago

0   

www.mandiant.com
www.mandiant.com

为躲避 EDR 的检测,攻击者开始将攻击的目标瞄准网络设备、存储设备以及 VMware ESXi Server Jett • 23 hours ago

0   

airbus-seclab/AutoResolv
github.com

AutoResolv - 用于解析导入函数详细信息的 IDA Pro 插件 Jett • 23 hours ago

0   

Two Lines of JScript for $20,000 – Pwn2Own Miami 2022
trenchant.io • Tools

Pwn2Own Miami 2022 工控软件 Iconics Genesis64 所使用的任意 JScript.NET 代码执行漏洞分析 Jett • 23 hours ago

0   

New Attack Paths? AS Requested Service Tickets
www.semperis.com • Windows

New Attack Paths? AS Requested Service Tickets Jett • 23 hours ago

0   

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
gteltsc.vn

GTSC SOC 团队发现近期有攻击者利用 Microsoft Exchange Server 0day 发起攻击 Jett • 23 hours ago

0   

glibc2.35后门执行研究:tls_dtor_list攻击劫持exit执行流程
跳跳糖 - 安全与分享社区

glibc2.35后门执行研究:tls_dtor_list攻击劫持exit执行流程 lanying37 • 1 day ago

0   

CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…
infosecwriteups.com

WhatsApp CVE-2022–36934 整数溢出漏洞分析 Jett • 2 days ago

1   

YARI: A New Era of YARA Debugging
engineering.avast.io • Tools

YARI - 对编写的 YARA 规则进行 Debug 的工具 Jett • 2 days ago

0   

Sandbox Scryer: open source tool for producing threat hunting and intelligence data
securityonline.info • Tools

基于 MITRE ATT&CK 框架,对大量恶意样本自动化分析生成威胁情报的工具 Jett • 2 days ago

0   

Whitepaper – Project Triforce: Run AFL On Everything (2017)
research.nccgroup.com

NCC Group 2017 年基于 AFL 和 QEMU 实现的全系统 Fuzz 的项目 - TriforceAFL Jett • 2 days ago

1   

Exploits Explained: 5 Unusual Authentication Bypass Techniques
www.synack.com

synack 总结的 Web 认证绕过的几种常见攻击技术 Jett • 2 days ago

0   

A Deep Dive Into the APT28’s stealer called CredoMap
securityscorecard.com • Malware

俄罗斯 APT28 CredoMap 恶意样本的分析 Jett • 2 days ago

0   

FFmpeg: Heap Out-Of-Bounds Write in build_open_gop_key_points
github.com

FFmpeg 被发现一个堆越界写漏洞,可以通过构造的 mp4 文件实现 RCE Jett • 2 days ago

0   

Prilex: the pricey prickle credit card complex
Securelist • Malware

卡巴斯基对 ATM 恶意软件组织 Prilex 的分析报告 Jett • 2 days ago

0   

The difference between signature-based and behavioural detections
s3cur3th1ssh1t.github.io • Tools Defend

特征检测和行为检测两种威胁检测方案的比较 Jett • 3 days ago

1   

#HITB2022SIN CommSec Track
www.youtube.com • Conference

HITB2022SIN 安全会议的视频公开了 Jett • 3 days ago

1   

Tags

Tools Malware Windows Vulnerability Browser Web Android Attack iOS Linux Pentest Conference macOS Network IoT Wireless Fuzzing Reverse Engineering Defend Virtualization CTF Crypto Data Breach Programming Machine Learning Firmware Report Forensics Mitigation PoC SCADA Backdoor Side Channel Blockchain Threat Intelligence Hardware Exploit Supply Chain Bug Bounty Privacy Power Analysis
Loading