Aggregator

本文主要工作： 实现了一个LLM引导的协议模糊器。提出三种基于LLM的模糊器变异策略，每种策略解决了协议模糊测试的特定挑战。本文实现了灰盒模糊测试算法并命名为CHATAFL。目前该工具已在github开源。

Github发现一个很棒的工具，通过JDI实现了Tomcat 各个版本 Jetty，Spring，Struts，Jersey等中间价框架的路由扫描

感谢您对小米安全的帮助与支持！

2023.12.07：Google推出了最新的人工智能模型 Gemini （双子座），看演示视频： https://www.youtube.com/watch? […]

技术无善恶，考验的是人心

简述

本文是insane难度的HTB Coder机器的域渗透部分，其中Bloodhound AD Enumeration, ADCS CVE-2022-26923等域渗透提权细节是此box的特色，主要参考0xdf’s blog coder walkthrough和HTB的coder官方writeup paper记录这篇博客加深记忆和理解，及供后续做深入研究查阅，备忘。

清华大学网络与信息安全实验室学术论文分享活动

前言本来该系列只有八篇，这篇是由于之前设计题目的过程中，别人给出了多个我没想到的解法思路，所以就专门写了这个

In the blog we discuss the importance of securing your Atlassian products, provide valuable insights on various IP activities, and offer friendly advice on proactive measures to protect your organization.

In the relatively short history of ransomware crime, very few of the professional criminals behind these attacks have ever been brought to justice. So many crimes, so few arrests, and there’s no mystery as to why: Ransomware criminals typically operate from countries with weak or no laws against what they do, and sometimes (stand up, […]

The post Europol Makes New Ransomware Arrests. But Will It Make Any Difference? appeared first on Ransomware.org.

-赛博昆仑漏洞安全通告-【复现】金蝶天燕未授权远程代码执行漏洞风险通告

We add two IoT CVEs and discuss the other sorts of traffic we see regularly.

MiSRC颁奖典礼，期待与白帽师傅们欢聚一堂，共度狂欢夜！

实战Web.config DESCryptoServiceProvider 加密字符串 解密过程 及 dll逆向技巧