Aggregator

前言最近痴迷于看 RFC 及各类规范文档，从中发现一些有趣的利用。

前言最近痴迷于看 RFC 及各类规范文档，从中发现一些有趣的利用。

前言最近痴迷于看 RFC 及各类规范文档，从中发现一些有趣的利用。

This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021! Please visit the following link to read that :)

• FROM PWN2OWN 2021: A NEW ATTACK SURFACE ON MICROSOFT EXCHANGE - PROXYSHELL!

If you are interesting in more Exchange Server attacks, you can also check our series of articles:

• A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
• A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
• A New Attack Surface on MS Exchange Part 3 - ProxyShell!
• A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

With ProxyShell, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server through an exposed 443 port! Here is the demonstration video:

跨平台社区化Web指纹识别工具ObserverWard_0x727

跨平台社区化Web指纹识别工具ObserverWard_0x727

跨平台社区化Web指纹识别工具ObserverWard_0x727

CTF Writeup

The NCSC's Cloud Security Research Lead suggests some approaches to help you get confidence in cloud services.

In part 2 of his Cloud Blog Trilogy, Andrew explains why it's better for everyone if cloud providers are willing to be open about how they run their services.

Highlighting guidance which will help you secure your servers

代码嵌套几百个 if(...)if(...)if(...)if(...)if(...) 会怎样？

如何打穿几千台的内网域渗透？当然是靠 WMI 横向移动了

如何打穿几千台的内网域渗透？当然是靠 WMI 横向移动了

如何打穿几千台的内网域渗透？当然是靠 WMI 横向移动了

如何打穿几千台的内网域渗透？当然是靠 WMI 横向移动了

如何打穿几千台的内网域渗透？当然是靠 WMI 横向移动了

1.更改请求方式 这是一种检查绕过验证码的简单方法，只需更改“请求的请求方法”并删除验证码参数 示例 POST — — -> GET (POST请求转GET) #更有效 POST — — -> PUT (POST请求转PUT) 2.删除参数或使用先前使用的验证码 3.修改JSON请求到正常请求 有时