Aggregator

年轻人如何挖掘第一个RCE

赛博回忆录

3 years ago

0x00 引言这些年看到几个很有灵性的年轻人从一个啥也不懂的脚本小子一年时间就成长为业内漏洞挖掘机，一路交流

聊聊新类型ASPXCSharp

学蚁致用

3 years ago

聊聊蚁剑新类型ASPXCsharp与ASP.NET下的内存马

Yar 源码阅读笔记：数据传输模块

她和她的猫

3 years ago

前言在前面几篇文章中，更多的是在研究 Yar 传输的内容，比如协议的格式是什么样的、如何对数据进行编码等等。今天这篇文章，主要介绍 Yar 编码模块的结构体定义，以及

Log4j Zero-Day Vulnerability

X-Force Exchange - Collection Feed

3 years ago

Summary IBM X-Force Incident Command is following a recent disclosure regarding a vulnerability in the in the Log4j Java library. A report by LunaSec details the vulnerability as well as mitigation strategies for the vulnerability. Threat Type Vulnerability Overview ***UPDATE #9, January 5, 2021*** One of the largest cryptocurrency platforms in Vietnam (ONUS) has been hacked using the Log4Shell vulnerability. The payment software used by ONUS, Cyclos was compromised and escalated due to misconfigurations an

云化分布式自动化渗透测试平台 - 架构笔记

b1ngz的笔记本

3 years ago

The Great Christmas Download

The Akamai Blog

3 years ago

Video game downloads and console updates helped game industry traffic peak at 125% above average on Christmas day according to Akamai, which supports more than 225 game publishers globally.

Chris Nicholson

好的工作想法从哪里来

404NotF0und

3 years ago

定义起点、关键路径、终点和时间轴四个维度，排列组合搜寻好的工作想法。

Log4Shell and Request Forgery Attacks

Embrace The Red

3 years ago

The last weeks of 2021 got quite interesting for security professionals and software engineers. Apache’s log4j library and its now prominent Java Naming and Directory Interface support, which enables easy remote code execution, made the news across the industry. What makes Log4Shell scary is the widespread adoption of the Log4j library amongst Java applications, and the ease of remote exploitation. A dangerous combination. Patches got released, bypasses were discovered more patches were released and so forth.

Webshell检测方法

Red0

3 years ago

第十四周/20220104 红队推送

凌晨一点零三分

3 years ago

2022.01.03 新年好啊

I can see and hear you seeing and hearing me!

ThinkDFIR

3 years ago

In preparation for an upcoming FOR500 class I thought I would test out one of the recent additions to the class. This post by my colleague Zach shows that Win10 1903 and later has a registry key that will store the full path of any executable that utilises the computers camera or microphone. Zach shows […]

Phill Moore