Aggregator

介绍

同样是在ichunqiu CTF大本营刷题的时候碰到一道高质量的web题，也比较有实战价值，比赛中算是web里耗时较长的的。网上已经有一些公开的writeup，但是为了加深理解记忆，故记录一篇blog。

其中包括一些网上没公开的一些CVE-2022-42919 LPE exp的利用细节及PHP 8.2.2 OPcache Binary Webshell手工利用方法。

• 复现链接: 2023年春秋杯网络安全联赛春季赛 web php_again

Summary X-Force is monitoring reports of a series of firmware updates published to address a critical pre-authentication remote code execution vulnerability (CVE-2023-27997) in Fortinet’s SSL VPNs. Threat Type Vulnerability Overview Update 02- 07/03/2023 According to a recent article from Bleeping Computer, while a fix has been made available since June 11, 2023, over 300 thousand internet facing FortiGate appliances are still vulnerable to this flaw. Fortinet released fixes for this vulnerability before d

Today?s malicious actors see the healthcare industry as a target-rich environment, so getting ready for open enrollment should be a year-round process.

Using tiny laser-launched projectiles and troves of data, scientists can more quickly bridge the gap between a material’s microscopic properties and its real-world behavior.

活动时间7月4日-7月16日~

2022西湖论剑线下部分个人觉得有比较意思的题目复现: )

过完这些，Web3 安全就算入门了，等待你的将是波澜壮阔、噩梦连连的黑暗森林战争...😂

RapidDNS私有化部署方案

大家好，我是BaCde，过年期间开发了Afuzz这款工具。今天给大家详细介绍介绍。

“ RASP漏洞防御之 shiro 反序列化” ApacheShiro框架提供了记住我的功能（Remembe

本周看到的信息安全岗位汇聚

AI tools are spreading rapidly and CISOs need to be ready.

🎁 2023Q2直播抽奖预告

新一波需求来了，还没提交没签约的可以提交收集表喽

让我们跟随G0mini师傅的脚步，从某次省HW攻击队的视角，来看一场步步艰辛的打点入口，从中学习文件上传ByPass的骚姿势~

飞越云「无边界办公」，邀测持续开放中~

《人民的名义》是检察院拍的，完美诠释了检察院怎么看待公安，法院，政府，还有检察院自己。公检法互相怎么看待彼此的呢？本文纯属意淫，如有雷同，实属巧合！