Aggregator

本文将详细介绍当前已被主流废弃但仍可在攻击场景中利用的URL Credentials技术，将其扩展用于各种常见漏洞的绕过

大模型发展至今，近两年非常火热，其中模型的更新和迭代也非常快速，也伴随着很多的风险增加，其中比较普遍的风险包括如下几个。

本文对土豆家族中几个关键的提权漏洞进行了学习与分析，学习之后思路更加清晰，许多原本模糊的概念也变得明朗起来。

前言本文以第六届强网拟态线下赛的格式化字符串Pwn题为例，分享非栈上格式化字符串的利用方法。主要涵盖两个关键技术点： 多级指针链利用：当格式化字符串不在栈上时，通过修改栈上现有的多级指针链（二重/三重指针）来间接控制目标内存 高位截断技术：当前期输出字符数已超过后期需求值时，利用0x10000溢出特性实现单字节精确写入 同时探讨为何不能在同一条指针链上使用 $ 符号进行连续修改的问题，并提出个人结

前言漏洞编号CVE-2018-7034，影响D-Link和TrendNet的一些老设备。通过网盘分享的文件：TEW751DR_FW103B03.bin链接: https://pan.baidu.com/s/1g37sSUnZQDQjpg_ABuGULg?pwd=xidp 提取码: xidp这里分析的是TrendNet TEW751的固件，此外D-Link的一些老设备，如DIR645，DIR815等

第一届OpenHarmony CTF专题赛RE题解

本文系统地介绍了在渗透测试与内网攻防中至关重要的 Linux 提权技术。先阐述了权限划分的基本原理，包括用户与用户组、文件权限、特殊权限（SUID、SGID、SBIT）等核心概念；然后通过自动化工具与手动命令详细说明了信息收集阶段的关键操作，如系统版本、用户信息、明文密码及 SSH 密钥的获取方式。文章重点介绍了几类常见提权手法，包括内核漏洞利用、/etc/passwd 伪造、Docker 容器逃

In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs, and data leakage. He explains that as GenAI features proliferate, organizations must implement guardrails to manage risk, especially around input/output handling and fine-tuning practices. Establishing these controls early ensures safe, compliant adoption without compromising innovation. For … More →

The post Before scaling GenAI, map your LLM usage and risk zones appeared first on Help Net Security.

CVE-2025-49113认证后php反序列化rce复现新视角……一个有趣的php反序列化对象注入导致的命令执行

JAVA代码审计之鉴权逻辑错误审计小记

精准与否，就是屠宰与手术的区别 —— 青钢影

在2025d3ctf的一道web题d3jtar中，过滤了jsp等关键字的黑名单，如何去绕过呢？

本文系统介绍了Struts2框架的架构特点及其安全风险，重点分析了OGNL（Object-Graph Navigation Language）表达式在漏洞利用中的关键作用。由于OGNL具备强大的对象访问与方法调用能力，若开发者未对用户输入进行严格过滤，攻击者即可借此执行恶意代码，从而造成远程代码执行（RCE）等严重后果。文章详细讲解了OGNL的语法机制、上下文实现与在Struts2中的应用方式，并

大量国内正常数字签名被用于传播XtremeRAT远控木马

Currently trending CVE - Hype Score: 4 - The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for ...

为了探索K8s Ingress的更佳的利用姿势，深入分析K8s Ingress CVE-2025-24513漏洞，并且举一反三从源码审计了PHP、C、Golang的文件接口源码，总结了这些语言的文件接口在文件穿越场景的利用（进行深入探索，尤其分析PHP文件目录穿越，发现很多人只是看到过没复现成功过就算了）。 最终从优化PoC角度，将PoC改造更为通用、爆破效率更高，进一步提高PoC的成功率。

NIST and the University of Colorado Boulder have created a public service that delivers random numbers using quantum mechanics. Called the Colorado University Randomness Beacon (CURBy), the system offers a daily stream of certifiable random numbers generated through a process that no one can predict or manipulate. Instrumentation for the quantum random number generator (Source: NIST) For security professionals, randomness is essential. But most systems use pseudo-random numbers, which are generated by algorithms and can … More →

The post CURBy: A quantum random number generator you can verify appeared first on Help Net Security.

Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company. The media

Litctf 2025 crypto wp 全解

本文是对《追踪 Android 方法调用 1》所学知识的实践，通过 frida hook `ArtMethod::Invoke`、`ArtInterpreterToInterpreterBridge` 与 `ArtInterpreterToCompiledCodeBridge` 等函数，追踪以下调用关系：- `Java->Java` - `Java-JNI` - `JNI-Java` - `JNI