DuckLogs 恶意软件在野外执行多种恶意活动
paper - Last paper

DuckLogs 恶意软件在野外执行多种恶意活动 lanying37 • 27 minutes ago

0   

Bug in Honda, Nissan, Toyota Cars App Let Hackers Unlock & Start The Car Remotely
cybersecuritynews.com

SiriusXM 某一网站存在漏洞可影响多家车企,允许攻击者仅通过VID即可获取客户信息,通过进一步提权可导致受害客户的汽车被远程解锁、启动、定位、鸣笛。 WireFisher • 2 hours ago

0   

Data exfiltration using Excel
systemweakness.com • Pentest

C2 新思路:利用 Excel 的 WEBSERVICE 函数 “在检测到 url 发生变化时自动发起新请求” 这一特性进行数据泄露 andreszeng • 2 hours ago

0   

CVE-2022-41120 PoC released for Windows Sysmon Elevation of Privilege Vulnerability
securityonline.info • Windows Tools

Sysmon 中包含一个能让普通用户以 “NT AUTHORITY\SYSTEM” 用户的身份完成任意文件/目录删除操作的漏洞,将该漏洞与 “利用任意文件删除进行提权” 技术相结合,可完成EoP andreszeng • 3 hours ago

0   

Threat Analysis: MSI - Masquerading as a Software Installer
Blog

伪装成MSI的植入物分析 crazyman • 6 hours ago

0   

Cache Poisoning? - Solution to November '22 XSS Challenge
www.youtube.com • Web

利用缓存投毒进行XSS - November '22 XSS 挑战的官方解决方案 crazyman • 6 hours ago

0   

An Introduction To Memory Forensics: Windows Process Internals | by Joseph Moronwi
eforensicsmag.com • Windows Forensics

从取证的角度分析Windows进程中的有趣的数据结构 Atum • 7 hours ago

0   

Debugging Protected Processes
itm4n.github.io • Programming

如何使用PPLKiller绕过PPL保护调试受保护的进程及相关技术原理。 P4nda • 10 hours ago

0   

r/ReverseEngineering - How to replicate OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786 and use libfuzzer
www.reddit.com

两个OpenSSL高危漏洞分析(CVE-2022-3786、CVE-2022-3602),以及如何使用libfuzzer去发现上述漏洞。 P4nda • 10 hours ago

0   

Weaponizing Discord Shell via SMB
medium.com

在Discord中植入RCE后门的尝试,作者起初选择使用Python调用API与server通信,并通过Nuitka将其打包为PE,但会使得程序文件大小增加40+ MB,后续尝试通过SMB进行优化。 keenan • 13 hours ago

0   

Neton - Tool For Getting Information From Internet Connected Sandboxes
www.kitploit.com • Tools

Neton,用于获取沙箱指纹的工具 keenan • 13 hours ago

0   

How the 8086 processor's microcode engine works
www.righto.com

探索8086 微处理器的微码引擎是如何工作的 lanying37 • 1 day ago

0   

GitHub - APTIRAN/CVE-2022-21661: The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661)
github.com • Web

CVE-2022-21661:WordPress Core 5.8.2 - 'WP_Query' sql注入 crazyman • 1 day ago

0   

Wh04m1001/SysmonEoP
github.com • Windows

Sysmon 中任意文件删除/写入的POC (CVE-2022-41120/CVE-2022-XXXXX) crazyman • 1 day ago

0   

GitHub - BeichenDream/PrintNotifyPotato: PrintNotifyPotato
github.com • Tools

PrintNotifyPotato - PrintNotify COM接口提权 用于win10,11 Windows Server 2012 - 2022 crazyman • 1 day ago

0   

GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown
boschko.ca • IoT

GL-MT300N-V2路由器的漏洞利用以及固件提取 crazyman • 1 day ago

0   

WebUI:The easiest attack surface in Chromes
Sakuraのblog

针对chrome中WebUI的攻击面分析,如检查缺失,智能指针多次初始化,线程竞争以及UAF等 xmzyshypnc • 1 day ago

2   

HTB: CarpeDiem
0xdf.gitlab.io • Tools

HTB靶机CarpeDiem的writeup by 0xdf crazyman • 1 day ago

1   

Pre-Auth RCE with CodeQL in Under 20 Minutes : netsec
www.reddit.com

利用CodeQL快速挖未授权RCE的示例 crazyman • 1 day ago

0   

₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
www.volexity.com • Malware

volexity披露了Lazarus APT组织采取了两种手法针对加密货币行业目标,其一通过搭建钓鱼站点部署带有AppleJeus木马的安装包文件进行钓鱼活动,安装包会释放带有白加黑的恶意载荷并且创造计划任务.AppleJeus植入物会通过收集信息并且上传到云端,等待下一步的指令.其二通过Microsoft Office宏植入(宏分为解码OLE对象的blob和从OpenDriver上下载第二阶段的载荷),后续逻辑与第一种基本一致 crazyman • 1 day ago

0   

Tags

Tools Malware Windows Vulnerability Browser Web Android Attack iOS Linux Pentest Conference macOS Network IoT Wireless Fuzzing Reverse Engineering Virtualization Defend CTF Crypto Data Breach Programming Machine Learning Firmware Report Forensics Mitigation PoC SCADA Backdoor Side Channel Blockchain Threat Intelligence Hardware Exploit Supply Chain Bug Bounty Privacy Power Analysis
Loading