【安全通告】Adobe Acrobat与Reader任意代码执行漏洞(CVE-2023-26369)
近日,绿盟科技CERT监测到Adobe官方发布安全公告,修复了任意代码执行漏洞,由于越界写入缺陷,未经身份验证的攻击者利用该漏洞,最终可实现在目标系统上执行任意代码。该漏洞存在在野利用,请受影响的用户尽快采取措施进行防护。
Aggregator
【安全更新】微软9月安全更新多个产品高危漏洞
1 year 1 month ago
9月13日,绿盟科技CERT监测到微软发布9月安全更新补丁,修复了61个安全问题,本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有5个,重要(Important)漏洞有55个。其中包括2个存在在野利用的漏洞。
加入我们,共建腾讯混元大模型!
1 year 1 month ago
腾讯混元大模型热招中,欢迎加入
基于大语言模型的代码缺陷定位
1 year 1 month ago
基于大语言模型的代码缺陷定位
对代码预训练模型的多目标后门攻击
1 year 1 month ago
对代码预训练模型的多目标后门攻击
MSSPs' Playbook for Success: Balancing Automation and Human Expertise
1 year 1 month ago
This post recaps our recent webinar "How MSSPs Can Leverage Automation to Reduce Alerts & Maximize their Analysts." Check it out to see key takeaways related to their automation journey.
原创 | Spring Framework RCE CVE-2022-22965 漏洞分析
1 year 1 month ago
【安全通告】致远OA前台任意用户密码修改漏洞
1 year 1 month ago
近日,绿盟科技CERT监测到致远OA前台任意用户密码修改漏洞,由于用户在修改密码时短信验证码认证存在缺陷,攻击者可以通过构造恶意数据修改任意用户密码,导致任意用户登录,进一步利用可实现远程代码执行。
【安全通告】Google Chrome堆缓冲区溢出漏洞(CVE-2023-4863)
1 year 1 month ago
近日,绿盟科技CERT监测发现Google官方修复了一个堆缓冲区溢出漏洞(CVE-2023-4863),攻击者通过诱导用户访问恶意网站触发该漏洞,最终导致在目标系统上任意执行代码。目前已监测到该漏洞存在在野利用。
红队武器开发(进阶版)开班啦~
1 year 1 month ago
文末附带福利哦~
Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking
1 year 1 month ago
This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own [...]
Read More... from Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking
The post Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking appeared first on Cobalt Strike.
Robert Bearsby
Choose Your Own Adventure ? A Chat About the Future of Edge Computing
1 year 1 month ago
AJ Johnson
Hands-On Learning Experiences Encourage Cybersecurity Career Discovery
1 year 1 month ago
With a mention in the new National Cyber Workforce and Education Strategy and even a dedicated state law , K–12 cybersecurity education clearly has the eye of policymakers. However, despite public attention and new opportunities for high school students to pursue cybersecurity coursework, high schools often struggle to provide students with a clear understanding of what cybersecurity careers actually look like. Hands-on learning experiences, like those we’ve had at our schools and during our internship with NICE at NIST, can help bring cybersecurity education and career pathways into focus for
Asher Cronin , Stephen Langelier
征集一种方法
1 year 1 month ago
征集一种方法
来看一个有趣的XSS(二)
1 year 1 month ago
有趣的XSS系列 二
使用JDK类绕过TemplatesImpl黑名单
1 year 1 month ago
当TemplatesImpl被resolveClass拉黑时,如何使用JDK 中的类绕过黑名单
因果宇宙
1 year 1 month ago
“我去过很多宇宙,但最喜欢这里。你们宇宙最棒的地方就是一切行为都会有后果。这太罕见了。大部分宇宙都乱糟糟的。”
祝NISL全体老师教师节快乐!
1 year 1 month ago
2023年NISL实验室教师节活动
Fuzzing 在 Java 漏洞挖掘中的应用
1 year 1 month ago
分享一个在护网中使用的漏洞挖掘思路。
Chromium based browser/Webview启用--js-flags
1 year 1 month ago
背景
因为工作需求要去验证一些PoC,而很多PoC需要开natives-syntax才能跑,如果转成纯JS实现又需要花更多时间,所以需要在Android的app/webview里也实现添加 js-flags,方便后面搞分析 :)
muhe