用 CSS 來偷資料 - CSS injection(上)
blog.huli.tw • Web

用 CSS 來偷資料 - CSS injection(上) lanying37 • 15 hours ago

0   

JBoss Remoting Connector 4446端口反序列化分析
跳跳糖 - 安全与分享社区

JBoss Remoting Connector 4446端口反序列化分析 lanying37 • 15 hours ago

0   

Bw3ll/sharem
github.com • Tools

SHAREM - Windows Shellcode 辅助分析和构造的工具 Jett • 23 hours ago

0   

Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
medium.com

Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes Jett • 23 hours ago

0   

www.mandiant.com
www.mandiant.com

为躲避 EDR 的检测,攻击者开始将攻击的目标瞄准网络设备、存储设备以及 VMware ESXi Server Jett • 23 hours ago

0   

airbus-seclab/AutoResolv
github.com

AutoResolv - 用于解析导入函数详细信息的 IDA Pro 插件 Jett • 23 hours ago

0   

Two Lines of JScript for $20,000 – Pwn2Own Miami 2022
trenchant.io • Tools

Pwn2Own Miami 2022 工控软件 Iconics Genesis64 所使用的任意 JScript.NET 代码执行漏洞分析 Jett • 23 hours ago

0   

New Attack Paths? AS Requested Service Tickets
www.semperis.com • Windows

New Attack Paths? AS Requested Service Tickets Jett • 23 hours ago

0   

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
gteltsc.vn

GTSC SOC 团队发现近期有攻击者利用 Microsoft Exchange Server 0day 发起攻击 Jett • 23 hours ago

0   

glibc2.35后门执行研究:tls_dtor_list攻击劫持exit执行流程
跳跳糖 - 安全与分享社区

glibc2.35后门执行研究:tls_dtor_list攻击劫持exit执行流程 lanying37 • 1 day ago

0   

CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…
infosecwriteups.com

WhatsApp CVE-2022–36934 整数溢出漏洞分析 Jett • 2 days ago

1   

YARI: A New Era of YARA Debugging
engineering.avast.io • Tools

YARI - 对编写的 YARA 规则进行 Debug 的工具 Jett • 2 days ago

0   

Sandbox Scryer: open source tool for producing threat hunting and intelligence data
securityonline.info • Tools

基于 MITRE ATT&CK 框架,对大量恶意样本自动化分析生成威胁情报的工具 Jett • 2 days ago

0   

Whitepaper – Project Triforce: Run AFL On Everything (2017)
research.nccgroup.com

NCC Group 2017 年基于 AFL 和 QEMU 实现的全系统 Fuzz 的项目 - TriforceAFL Jett • 2 days ago

1   

Exploits Explained: 5 Unusual Authentication Bypass Techniques
www.synack.com

synack 总结的 Web 认证绕过的几种常见攻击技术 Jett • 2 days ago

0   

A Deep Dive Into the APT28’s stealer called CredoMap
securityscorecard.com • Malware

俄罗斯 APT28 CredoMap 恶意样本的分析 Jett • 2 days ago

0   

FFmpeg: Heap Out-Of-Bounds Write in build_open_gop_key_points
github.com

FFmpeg 被发现一个堆越界写漏洞,可以通过构造的 mp4 文件实现 RCE Jett • 2 days ago

0   

Prilex: the pricey prickle credit card complex
Securelist • Malware

卡巴斯基对 ATM 恶意软件组织 Prilex 的分析报告 Jett • 2 days ago

0   

The difference between signature-based and behavioural detections
s3cur3th1ssh1t.github.io • Tools Defend

特征检测和行为检测两种威胁检测方案的比较 Jett • 3 days ago

1   

#HITB2022SIN CommSec Track
www.youtube.com • Conference

HITB2022SIN 安全会议的视频公开了 Jett • 3 days ago

1   

Loading