Aggregator
KexecDDPlus: Exploiting the KsecDD Windows driver
1 year 5 months ago
KexecDDPlus This proof-of-concept is the result of a research project that aimed at extending the work of @floesen_ on the KsecDD Windows driver. It relies on Server Silos to access the KsecDD driver directly, without having...
The post KexecDDPlus: Exploiting the KsecDD Windows driver appeared first on Penetration Testing Tools.
ddos
cloudlist: listing Assets from multiple Cloud Providers
1 year 5 months ago
Cloudlist Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a...
The post cloudlist: listing Assets from multiple Cloud Providers appeared first on Penetration Testing Tools.
ddos
Power Pwn: An offensive and defensive security toolset for Microsoft 365 Power Platform
1 year 5 months ago
Power Pwn Power Pwn is an offensive and defensive security toolset for Microsoft Power Platform. Disclaimer: These materials are presented from an attacker’s perspective to raise awareness of the risks of underestimating the security...
The post Power Pwn: An offensive and defensive security toolset for Microsoft 365 Power Platform appeared first on Penetration Testing Tools.
ddos
Is there any way to bypass hard paywalls?
1 year 5 months ago
出海中东|2025 中国网安出海中东研讨会·报名启动
1 year 5 months ago
探索中东!
证券公司API安全运营实践与探索|大湾区金融安全专刊·安全村
1 year 5 months ago
API已经成为攻击者的重点攻击对象,成为数据泄露的主要源头
出海中东|2025 中国网安出海中东研讨会·报名启动
1 year 5 months ago
随着地缘冲突和网络攻击的不断升级,网络安全科技已成为全球关注的焦点。在这个关键时刻,2025 GISEC Global ,作为中东地区最大的网络安全专业峰会,即将再次拉开帷幕,为网络安全领域的顶尖专家
证券公司API安全运营实践与探索|大湾区金融安全专刊·安全村
1 year 5 months ago
一、前言在当下的数字信息时代,大数据、云计算、移动5G等新兴技术得到深度应用发展,数字化转型的不断推进使得数据成了宝贵资源。数据接口作为连接不同服务、系统、应用程序等进行数据交换的关键桥梁,也成为了推
Apache fixed a critical SQL Injection in Apache Traffic Control
1 year 5 months ago
Apache fixed a critical SQL Injection in Apache Traffic Control
Apache fixed a critical SQL Injection in Apache Traffic Control
1 year 5 months ago
Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control. The Apache Software Foundation (ASF) released security updates to address a critical security vulnerability, tracked as CVE-2024-45387 (CVSS score 9.9), in Traffic Control. Traffic Control allows operators to set up a Content Delivery Network to quickly and efficiently deliver content […]
Pierluigi Paganini
派早报:Apple 公开申明不做搜索服务的缘由、《Halide》公布 2025 年更新计划等
1 year 5 months ago
你可能错过的新鲜事Apple 公开申明不做搜索服务的缘由在上周提交给华盛顿特区美国联邦法院的一份申明中,Apple 公司的高级副总裁 Eddy Cue 向法庭解释了 Apple 不做自己的搜索引擎
李想:理想汽车大模型进入手机市场;吴柳芳被禁言,抖音:根据法规要求;三星 XR 头显产品或叫「Switch」 | 极客早知道
1 year 5 months ago
曝谷歌利用竞品模型改善自家 AI 模型性能;智己汽车完成 94 亿元 B 轮融资;极氪推送无图版城区智驾。
.NET内网实战:调用wevtutil进程实现痕迹清理
1 year 5 months ago
01阅读须知此文所节选自小报童《.NET 内网实战攻防》专栏,主要内容有.NET在各个内网渗透阶段与Windows系统交互的方式和技巧,对内网和后渗透感兴趣的朋友们可以订阅该电子报刊,解锁更多的报刊内
伏魔挑战赛.NET赛道 | 分享一款团队内使用的免杀WebShell
1 year 5 months ago
01阅读须知此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等(包括但不限于)进行检测或维护参考,未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直
伏魔挑战赛.NET赛道 | 分享一款突破WAF免杀的WebShell
1 year 5 months ago
01阅读须知此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等(包括但不限于)进行检测或维护参考,未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直
伏魔挑战赛.NET赛道 | 分享一款团队内使用的免杀WebShell
1 year 5 months ago
.NET内网实战:调用wevtutil进程实现痕迹清理
1 year 5 months ago
伏魔挑战赛.NET赛道 | 分享一款突破WAF免杀的WebShell
1 year 5 months ago
Capturing Honeypot Data Beyond the Logs, (Thu, Dec 26th)
1 year 5 months ago
By default, DShield Honeypots [1] collect firewall, web and cowrie (telnet/ssh) [2] data and log th