Aggregator

0x00 漏洞挖掘新增两个CNVD近期，使用了Xcheck Java引擎对一些开源网站系统进行检查，最终发现

Examining three breach and compliance failure cases under the New York Department of Financial Services’ 23 NYCRR Part 500 cybersecurity regulation.

前言

汽车行业非常严谨，许多产品都要按照规范设计，首先要搞清楚ISO与SAE的关系。

• 国

New details in the Indexsinas SMB worm, also dubbed NSABuffMiner.

一次 Shiro 到内网漫游横向渗透

6 月 28 日，收益聚合器 Merlin Lab 遭到黑客攻击。

最近几年，安全服务发生了一些显著变化。本文重点介绍MSS服务和MDR服务以及国内安全服务现状。

启动docker镜像

根据其官网

What is your recollection of May 2017? Emmanuel Macron won the French election. The Ringling Bros. and Barnum & Bailey Circus gave its final performance after a 146-year run. The U.S. FCC voted to overturn net neutrality rules. And the National Health Service in the United Kingdom was crippled by a massive ransomware attack that ended up costing over $120 million.

研究过程

最近研究某汽车，遇到一个Win下的软件，用于连接经销商内网。

安装完成，目录有jar文件又有exe文件。

执行start.exe之后

美国一家名为Premise Data Corp.的数据公司，通过三百万名兼职人员，以拍照、数据记录、填写问卷

宝，我今天发财了！发的什么财？诚聘英才！

Until the Apple Airtag came out a few months ago I hadn’t really looked into the tag tracking market. Turns out there were already quite a lot of offerings available before Apple joined the market, most notably Tile. However, I wanted to try out the Airtag and ended up ordering a few. This post will explore three things: Removing the speaker of my Airtag Using Browser APIs to scan for Airtags (if you don’t have an iPhone but someone tries to stalk you this might be handy) Explore data exfiltration via Airtags and Apple’s “Find My” network By the way, when you order your Airtags online you can customize them.

QEMU仿真方式总结

​6 月 28 日，Polygon 生态中的算法稳定币项目 SafeDollar 遭到黑客攻击，该项目所发行的稳定币 SDO 从 1.07 美元趋于归零，攻击者拿走了价值 25 万美元的 USDC 和 USDT。

银针安全沙龙上海站开启报名！转发赢银针安全沙龙定制T恤~

新类型 cmdlinux，直连命令执行WebShell

银针

前些时回母校做了个分享，回来修改速记稿修改了整整两周。以下是分享全文。答疑部分日后再发。