Installation
github.com • Tools

Obfuscation Detection 一个用于自动检查二进制文件中的混淆代码和状态机的脚本/工具/Binary Ninja插件 ThomasonZhao • 3 hours ago

0   

Chinese PlugX Malware Hidden in Your USB Devices?
unit42.paloaltonetworks.com • Malware

隐藏于USB介质中的PlugX变体 crazyman • 5 hours ago

0   

OpenEMR - Remote Code Execution in your Healthcare System
www.sonarsource.com

openemr中的未授权任意读取漏洞以及未授权rce的漏洞分析(XSS鉴权,文件上传+LFI) crazyman • 15 hours ago

0   

Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
blog.assetnote.io

通过利用一些硬编码在Yellowfin BI里的秘钥信息(例如私钥),用其生成后完成鉴权实现RCE crazyman • 15 hours ago

0   

MyBB <= 1.8.31: Remote Code Execution Chain – PT SWARM
swarm.ptsecurity.com

MyBB <= 1.8.31中的RCE利用链:先通过留言板xss让admin的账号发search API的请求触发sqli注入 再通过修改template实现RCE crazyman • 16 hours ago

0   

Proxying DLL Loads For Hiding ETWTI Stack Tracing
0xdarkvortex.dev

通过TpAllocWork,TpPostWork,TpReleaseWork间接回调调用LoadLibrary以规避ETWTI堆栈跟踪 crazyman • 16 hours ago

0   

GitHub - alt3kx/CVE-2023-24055_PoC: CVE-2023-24055 PoC (KeePass 2.5x)
github.com

CVE-2023-24055:KeePass 配置文件具有写入权限的攻击者可以修改它并注入恶意触发器,可以泄露密码 crazyman • 19 hours ago

0   

akamai-security-research/PoCs/CVE-2022-34689 at main · akamai/akamai-security-research
github.com

利用 Windows CryptoAPI 中的欺骗漏洞(CVE-2022-34689),Poc的攻击分为两种:一种利用 Chrome v48,另一种侧重于crypt32.dll中易受攻击的MD5 crazyman • 19 hours ago

0   

Pwning the all Google phone with a non-Google bug
github.blog • Android

CVE-2021-39793:Arm Mali GPU 驱动程序JIT中的一个UAF漏洞,本文详细介绍了漏洞成因以及后续利用的细节 crazyman • 2 days ago

0   

FBI Confirms Lazarus Group, APT38 Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft
www.fbi.gov

FBI 确认 Lazarus Group 对 Harmony 的 Horizo​​n Bridge 货币盗窃负责 crazyman • 2 days ago

0   

CVE-2023-0210
sysdig.com • Linux

CVE-2023-0210:KSMBD 中的 Linux 内核未经身份验证的堆溢出漏洞 crazyman • 2 days ago

1   

CVE-2023-23504: XNU Heap Underwrite in dlil.c
adamdoupe.com

CVE-2023-23504:XNU dlil.c中的堆写入漏洞 crazyman • 2 days ago

0   

CVE-2022-42845: 20-Year-Old XNU Use After Free Vulnerability in ndrv.c
adamdoupe.com

CVE-2022-42845:XNU ndrv.c中存在20年的UAF漏洞 crazyman • 2 days ago

0   

Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation
www.zerodayinitiative.com

激活上下文的缓存中毒:利用 CSRSS 进行权限提升的一种新的攻击面类型 crazyman • 2 days ago

1   

Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
research.nccgroup.com

 U-Boot – USB DFU 中未经检查所接收内容的大小和来源造成堆栈溢出 (CVE-2022-2347) crazyman • 4 days ago

0   

idekCTF2022 - Coroutine Writeup
kiprey.github.io • CTF

idekCTF2022 - Pwn题目 Coroutine 的详细Writeup crazyman • 4 days ago

0   

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”
securityintelligence.com

详细分析 CVE-2022-34718 漏洞包含其逆向补丁,协议的所有细节过程,包括纠正Numen Cyber Labs blog中的一些不准确的地方.并成功实现dos.以及概述讲解如何将原语转换为后续rce的一些步骤 crazyman • 4 days ago

0   

b3typer - bi0sCTF 2022
blog.bi0s.in • Browser

bi0sCTF 2022 jsc题目b3typer的offical writeup crazyman • 4 days ago

0   

The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3)
infosecwriteups.com • Vulnerability

入门级堆利用教学系列,目前共发布7篇 ThomasonZhao • 4 days ago

0   

A step-by-step introduction to the use of ROP gadgets to bypass DEP – CYBER GEEKS
cybergeeks.tech

手把手教你如何用 ROP 绕过数据执行保护(Data Execution Prevention,DEP)。利用 QuoteDB 在 Windows 平台上进行调试教学。 ThomasonZhao • 4 days ago

0   

Tags

Tools Malware Windows Vulnerability Browser Web Attack Android iOS Linux Pentest Conference macOS Network IoT Wireless Fuzzing Reverse Engineering Virtualization Defend CTF Crypto Data Breach Programming Machine Learning Firmware Report Forensics Mitigation PoC SCADA Backdoor Threat Intelligence Side Channel Blockchain Hardware Exploit Supply Chain Bug Bounty Privacy Power Analysis
Loading