1602 lines
82 KiB
JSON
1602 lines
82 KiB
JSON
|
[
|
|||
|
|
{
|
|||
|
|
"title": "国外红队大佬内核+系统级后门维持骚姿势【附代码】",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI1Mjc3NTUwMQ==&mid=2247538309&idx=1&sn=dd64f573e068a0ec20c175049061bcb5",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "教父爱分享",
|
|||
|
|
"category": "教父爱分享",
|
|||
|
|
"pubDate": "2025-01-05T23:19:42"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Windows注册表 IFEO注入",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU0NDI5NTY4OQ==&mid=2247486252&idx=1&sn=aa3c25ab63b811804e30eea2e29263b0",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "暴暴的皮卡丘",
|
|||
|
|
"category": "暴暴的皮卡丘",
|
|||
|
|
"pubDate": "2025-01-05T22:44:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "国密测评抓取APP的TCP握手报文",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU4NzU4MDg0Mw==&mid=2247489518&idx=1&sn=81e228fe4680b9ad6e061a9bb9396839",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "安全初心",
|
|||
|
|
"category": "安全初心",
|
|||
|
|
"pubDate": "2025-01-05T22:32:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Windows 曝9.8分漏洞,已有PoC及利用情况",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247633558&idx=3&sn=52cfdbc169143c290a49fffc945d77d6",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "商密君",
|
|||
|
|
"category": "商密君",
|
|||
|
|
"pubDate": "2025-01-05T19:15:38"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "通过模拟功能实现提权(Bugcrowd)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NjY3OTQ3NA==&mid=2247486466&idx=1&sn=a30b93ae9f1bcb37ae3d5fbb97c3f608",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "玲珑安全",
|
|||
|
|
"category": "玲珑安全",
|
|||
|
|
"pubDate": "2025-01-05T18:55:21"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "通过模拟功能实现提权(Bugcrowd)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI4NTYwMzc5OQ==&mid=2247500656&idx=1&sn=8cd3d32e7a74ea7a64d7e7932730f768",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "芳华绝代安全团队",
|
|||
|
|
"category": "芳华绝代安全团队",
|
|||
|
|
"pubDate": "2025-01-05T18:53:58"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "(滥用) ClickOnce 实现可信任意代码执行",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486184&idx=1&sn=5c1bd5ddbc40812af82fbfa7a9f22770",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "securitainment",
|
|||
|
|
"category": "securitainment",
|
|||
|
|
"pubDate": "2025-01-04T23:04:05"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Steam假入库深入解析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTc0NDY2Nw==&mid=2247484579&idx=1&sn=59e527ca060e26343855dce02d6e5eb5",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "冲鸭安全",
|
|||
|
|
"category": "冲鸭安全",
|
|||
|
|
"pubDate": "2025-01-04T10:00:36"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | Apache MINA反序列化漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491972&idx=1&sn=307a01116d071dca48ffee093d16aaab",
|
|||
|
|
"description": "Apache MINA存在反序列化漏洞,攻击者可通过向受影响的应用程序发送特制的恶意序列化数据,利用不安全的反序列化过程触发该漏洞,从而可能导致远程代码执行。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-04T08:03:54"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | 卓软计量业务管理平台任意文件读取漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491972&idx=3&sn=ff471839b4b2ae7ac321141a08593a64",
|
|||
|
|
"description": "卓软计量业务管理平台的/HuameiMeasure/image.ashx接口存在任意文件读取漏洞,未经身份验证的攻击者可以通过该漏洞读取服务器任意文件,从而获取服务器大量敏感信息。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-04T08:03:54"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "工具 | Metasploit",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491972&idx=4&sn=c8de45b234450a36e9a22d0bb76734bb",
|
|||
|
|
"description": "Metasploit Framework是一款开源安全漏洞检测工具。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-04T08:03:54"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "警报升级!超 15,000 台 Four-Faith 路由器正遭黑客攻击,利用默认密码即可入侵!",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899916&idx=1&sn=c7bd48c8e4031bc1a4a427c4014293c9",
|
|||
|
|
"description": "安全紧急关注!据 VulnCheck 最新披露,知名工业物联网路由器制造商Four-Faith旗下两款路由器存在严重安全漏洞(CVE-2024-12856),目前正遭受黑客大规模攻击!更危险的是,利用该漏洞竟只需默认密码!",
|
|||
|
|
"author": "技术修道场",
|
|||
|
|
"category": "技术修道场",
|
|||
|
|
"pubDate": "2025-01-04T08:00:17"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【oscp】Tr0ll 靶机全系列(1-3),FTP被玩坏了",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247497565&idx=1&sn=0495a32e8e257d65c7ad14810a22fa74",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "泷羽Sec",
|
|||
|
|
"category": "泷羽Sec",
|
|||
|
|
"pubDate": "2025-01-04T07:44:56"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "使用 Azure 上的 Dapr 保护微服务:实现端到端安全性",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247504388&idx=1&sn=fe35c01f86f69c8072a03db66361d2a8",
|
|||
|
|
"description": "在微服务领域,各个服务跨网络进行通信,安全性至关重要。随着分布式系统和微服务架构",
|
|||
|
|
"author": "安全狗的自我修养",
|
|||
|
|
"category": "安全狗的自我修养",
|
|||
|
|
"pubDate": "2025-01-04T07:09:11"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "无文件恶意软件 – 检测、响应和预防",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247498040&idx=1&sn=df0fee8a13e4cae93c015af689d05822",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "河南等级保护测评",
|
|||
|
|
"category": "河南等级保护测评",
|
|||
|
|
"pubDate": "2025-01-04T07:05:19"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【神兵利器】红队浏览器凭据提取工具",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494577&idx=1&sn=beae3d675ef8ab93ef534f4998553621",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "七芒星实验室",
|
|||
|
|
"category": "七芒星实验室",
|
|||
|
|
"pubDate": "2025-01-04T07:00:24"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "安卓app抓包总结",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518123&idx=1&sn=7c1cb512d57a482e7d7486845b297182",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "船山信安",
|
|||
|
|
"category": "船山信安",
|
|||
|
|
"pubDate": "2025-01-04T02:01:04"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "攻防靶场(31):日志投毒与文件包含漏洞 Solstice",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NjA3Mzk2NQ==&mid=2247495429&idx=1&sn=38b21b3d0a81ed449647cb0de481cac6",
|
|||
|
|
"description": "基于 ATTCK 的 OSCP PG Play 靶场通关攻略",
|
|||
|
|
"author": "OneMoreThink",
|
|||
|
|
"category": "OneMoreThink",
|
|||
|
|
"pubDate": "2025-01-04T01:17:57"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "双击劫持:攻击者可以悄无声息地窃取用户账户",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505495&idx=3&sn=6b53d706b8c196758b7385fb31f0e0a8",
|
|||
|
|
"description": "两次鼠标点击之间的时间足以让黑客交换网页并诱骗受害者意外授权访问或转账。",
|
|||
|
|
"author": "网络研究观",
|
|||
|
|
"category": "网络研究观",
|
|||
|
|
"pubDate": "2025-01-04T00:30:41"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "新的“DoubleClickjacking”攻击针对 OAuth 进行帐户接管",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505495&idx=5&sn=9bd1c23d7430a1486c6ad45a04a34d50",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "网络研究观",
|
|||
|
|
"category": "网络研究观",
|
|||
|
|
"pubDate": "2025-01-04T00:30:41"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【高危漏洞预警】Windows LDAP远程代码执行漏洞(CVE-2024-49112)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489400&idx=1&sn=c983947941f4637d6fade0c80b18ea2c",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "飓风网络安全",
|
|||
|
|
"category": "飓风网络安全",
|
|||
|
|
"pubDate": "2025-01-03T22:37:58"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【已复现】Windows 轻量级目录访问协议 (LDAP) 拒绝服务漏洞(CVE-2024-49113)安全风险通告",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502708&idx=1&sn=30ee0bf007924eb359c6c609b3ba1cb7",
|
|||
|
|
"description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。",
|
|||
|
|
"author": "奇安信 CERT",
|
|||
|
|
"category": "奇安信 CERT",
|
|||
|
|
"pubDate": "2025-01-03T22:18:20"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【官方WP】第一届solar杯·应急响应挑战赛官方题解",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTQ0MjE1NQ==&mid=2247495983&idx=1&sn=bb47c9dee278873726ca0100d04cbd8e",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "solar应急响应团队",
|
|||
|
|
"category": "solar应急响应团队",
|
|||
|
|
"pubDate": "2025-01-03T21:42:17"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "至少35个Chrome扩展被劫持,新细节揭示了黑客的攻击手法",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094510&idx=2&sn=59af44a0186be3732b3d8f628d21e3a9",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "网安百色",
|
|||
|
|
"category": "网安百色",
|
|||
|
|
"pubDate": "2025-01-03T19:30:23"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "XXE注入",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMjU5MzgzMQ==&mid=2247485197&idx=1&sn=49e2d5bf917ae79c1b8c38d4f8a3817f",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "AlertSec",
|
|||
|
|
"category": "AlertSec",
|
|||
|
|
"pubDate": "2025-01-03T19:01:18"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【成功复现】大华智能物联综合管理平台远程代码执行漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDgzOTQzNw==&mid=2247502820&idx=1&sn=5ebcb4158f712c89ddc3f0c5b1ee0bed",
|
|||
|
|
"description": "【成功复现】大华智能物联综合管理平台远程代码执行漏洞",
|
|||
|
|
"author": "弥天安全实验室",
|
|||
|
|
"category": "弥天安全实验室",
|
|||
|
|
"pubDate": "2025-01-03T18:50:36"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次护网通过外网弱口令一路到内网",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486374&idx=1&sn=6ba0b2da64f7d7dd0708f8840bb32147",
|
|||
|
|
"description": "记一次护网通过外网弱口令一路到内网",
|
|||
|
|
"author": "扫地僧的茶饭日常",
|
|||
|
|
"category": "扫地僧的茶饭日常",
|
|||
|
|
"pubDate": "2025-01-03T18:33:02"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "大量 Four-Faith 路由器因严重漏洞面临远程攻击风险",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU3MzU4NjI4OQ==&mid=2247515719&idx=1&sn=01c1fdb783a2a11f73b6961114c9435b",
|
|||
|
|
"description": "大量 Four-Faith 路由器因严重漏洞面临远程攻击风险",
|
|||
|
|
"author": "河北镌远网络科技有限公司",
|
|||
|
|
"category": "河北镌远网络科技有限公司",
|
|||
|
|
"pubDate": "2025-01-03T18:29:17"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "CTF内存取证分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMDQwNTE5MA==&mid=2650247701&idx=1&sn=94fe6a6f6082bce230d3c856a36f17ba",
|
|||
|
|
"description": "在CTF中,内存取证一般指对计算机及相关智能设备运行时的物理内存中存储的临时数据进行获取与分析,提取flag或者与flag相关重要信息。",
|
|||
|
|
"author": "白帽子",
|
|||
|
|
"category": "白帽子",
|
|||
|
|
"pubDate": "2025-01-03T17:20:30"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "CTF内存取证分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTA4OTI5NA==&mid=2247519162&idx=1&sn=3b94e0cea3cc0ad094a93cf56c558227",
|
|||
|
|
"description": "在CTF中,内存取证一般指对计算机及相关智能设备运行时的物理内存中存储的临时数据进行获取与分析,提取flag或者与flag相关重要信息。",
|
|||
|
|
"author": "Tide安全团队",
|
|||
|
|
"category": "Tide安全团队",
|
|||
|
|
"pubDate": "2025-01-03T17:01:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "某应用虚拟化系统远程代码执行",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247488036&idx=1&sn=954fe8e1b962684bfaca2d857754c333",
|
|||
|
|
"description": "攻击者可以通过该漏洞执行任意代码,导致系统被攻击与控制。",
|
|||
|
|
"author": "蚁景网安",
|
|||
|
|
"category": "蚁景网安",
|
|||
|
|
"pubDate": "2025-01-03T16:31:09"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "文件读取漏洞实战利用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwODM3NjIxOQ==&mid=2247502201&idx=1&sn=f9dbc0640e326e3c63591c0ae5c533b0",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "WIN哥学安全",
|
|||
|
|
"category": "WIN哥学安全",
|
|||
|
|
"pubDate": "2025-01-03T14:50:33"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次某OA渗透测试有意思的文件上传漏洞挖掘经历以及分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzODQzNTU2NA==&mid=2247486273&idx=1&sn=25043aaddb4c641195e99dbfd8312447",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "天启互联网实验室",
|
|||
|
|
"category": "天启互联网实验室",
|
|||
|
|
"pubDate": "2025-01-03T14:50:32"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "冒充会议应用程序的加密窃取恶意软件瞄准 Web3 专业人士",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580607&idx=2&sn=10ada78214e70c6f1985fdf417fd885e",
|
|||
|
|
"description": "用户在未首先验证该软件是否合法,然后使用 VirusTotal 等多引擎防病毒工具进行扫描的情况下,切勿安装用户通过社交媒体推荐的软件。",
|
|||
|
|
"author": "嘶吼专业版",
|
|||
|
|
"category": "嘶吼专业版",
|
|||
|
|
"pubDate": "2025-01-03T14:03:51"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Wireshark 抓包过滤命令(一篇文章足矣)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzIwNTY1OA==&mid=2247510409&idx=1&sn=afbf5afae3222b62d6d0e754b16263d5",
|
|||
|
|
"description": "通过一篇文章,让你掌握常用的Wireshark 抓包过滤命令。网工必藏!",
|
|||
|
|
"author": "kali笔记",
|
|||
|
|
"category": "kali笔记",
|
|||
|
|
"pubDate": "2025-01-03T12:39:05"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "工具集:NacosExploit【Nacos漏洞综合利用工具2.0】",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247485072&idx=1&sn=cd5c7085fac45bf2a9d30a905608af8c",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "风铃Sec",
|
|||
|
|
"category": "风铃Sec",
|
|||
|
|
"pubDate": "2025-01-03T12:17:18"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【首发 1day】WordPress Crypto 插件存在前台任意用户登录漏洞(CVE-2024-9989)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247488533&idx=1&sn=3bd41daca34f543f26361bb54f403b16",
|
|||
|
|
"description": "WordPress 的 Crypto 插件容易受到身份验证绕过攻击,这使得未经身份验证的攻击者可以以站点上的任何现有用户(例如管理员)身份登录",
|
|||
|
|
"author": "星悦安全",
|
|||
|
|
"category": "星悦安全",
|
|||
|
|
"pubDate": "2025-01-03T12:04:07"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Java安全小记-RMI反序列化",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247484934&idx=1&sn=259dd188a23582d453f9cf4ea280fc2c",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "土拨鼠的安全屋",
|
|||
|
|
"category": "土拨鼠的安全屋",
|
|||
|
|
"pubDate": "2025-01-03T11:30:58"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "文件读取漏洞实战利用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMjIxNjExNg==&mid=2247486122&idx=1&sn=fe8e6f4bc0f3516c35c83887e341c6a7",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "沃克学安全",
|
|||
|
|
"category": "沃克学安全",
|
|||
|
|
"pubDate": "2025-01-03T11:19:04"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "实战-关于KEY泄露API接口利用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525435&idx=1&sn=548c6faedbee74d38aa1a25ab6fb8c10",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "乌雲安全",
|
|||
|
|
"category": "乌雲安全",
|
|||
|
|
"pubDate": "2025-01-03T11:00:33"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【漏洞文章】大华智能物联综合管理平台远程代码执行漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyMTY1NDc2OA==&mid=2247487254&idx=1&sn=01268baaacf70df064ef36219af22e7c",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "小羊安全屋",
|
|||
|
|
"category": "小羊安全屋",
|
|||
|
|
"pubDate": "2025-01-03T10:50:32"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Bug Bounty Tips 0003",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NDQ5NTU0MA==&mid=2647690567&idx=1&sn=7b91b491be931acd75da26cd09f349b6",
|
|||
|
|
"description": "Bug Bounty Tips!",
|
|||
|
|
"author": "Rsec",
|
|||
|
|
"category": "Rsec",
|
|||
|
|
"pubDate": "2025-01-03T10:09:00"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "利用文件读取加条件竞争Getshell",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606113&idx=3&sn=e21303612212b045e3beeac557a9502a",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "黑白之道",
|
|||
|
|
"category": "黑白之道",
|
|||
|
|
"pubDate": "2025-01-03T09:54:14"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Burp Suite 插件 BurpGPT,可执行额外的被动扫描,以发现高度定制的漏洞,并可以运行任何类型的基于流量的分析。",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606113&idx=4&sn=3a58d4a332d17dd134f29e1888743162",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "黑白之道",
|
|||
|
|
"category": "黑白之道",
|
|||
|
|
"pubDate": "2025-01-03T09:54:14"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "针对Windows LDAP 零点击 RCE 漏洞的 PoC 利用工具发布",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793722&idx=3&sn=5967bc25cd58dbddd6903bdc12c80132",
|
|||
|
|
"description": "利用漏洞可以零点击攻击windows系统。",
|
|||
|
|
"author": "军哥网络安全读报",
|
|||
|
|
"category": "军哥网络安全读报",
|
|||
|
|
"pubDate": "2025-01-03T09:01:19"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": ".NET | SCM权限维持在红队实战中的应用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247497904&idx=1&sn=5676b3ef2333f9be869e7dc21307792d",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "dotNet安全矩阵",
|
|||
|
|
"category": "dotNet安全矩阵",
|
|||
|
|
"pubDate": "2025-01-03T08:58:00"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "0Day-OURPHP建站系统存在未授权访问漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzUzMDQ1MTY0MQ==&mid=2247506520&idx=1&sn=34e28b190e59f2ddf4e3ed081340efd1",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "狐狸说安全",
|
|||
|
|
"category": "狐狸说安全",
|
|||
|
|
"pubDate": "2025-01-03T08:55:11"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "获取Telegram的用户IP地址",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247496407&idx=2&sn=6d9e73e76942241736b521f64f10358a",
|
|||
|
|
"description": "最近有个需求,查了些资料发现,Telegram有语音通话功能,也可以类似QQ一样通过语音通话的连接获取对方的",
|
|||
|
|
"author": "Khan安全攻防实验室",
|
|||
|
|
"category": "Khan安全攻防实验室",
|
|||
|
|
"pubDate": "2025-01-03T08:38:53"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Linux权限管理全攻略:读懂权限机制,一文带你快速上手!",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI1NzI5NDM4Mw==&mid=2247498514&idx=1&sn=06727077972d2b50ea0fa48b787d4636",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Docker中文社区",
|
|||
|
|
"category": "Docker中文社区",
|
|||
|
|
"pubDate": "2025-01-03T08:28:05"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "开源代码漏洞扫描器 OSV-Scanner 新增修复和离线功能",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4Njc0Mjc3NQ==&mid=2247486620&idx=1&sn=a3c9f75946a17f69bb762ac9e19442ee",
|
|||
|
|
"description": "最新版本1.9.2的实验性功能:指导性纠正是非常有发展潜力的。",
|
|||
|
|
"author": "wavecn",
|
|||
|
|
"category": "wavecn",
|
|||
|
|
"pubDate": "2025-01-03T08:14:07"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【漏洞复现】朗速ERP后台管理系统FileUploadApi接口文件存在文件上传漏洞||附POC",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI1NTE2NzQ3NQ==&mid=2247485496&idx=2&sn=f883374d1a9a9eab5602921437412041",
|
|||
|
|
"description": "朗速ERP系统FileUploadApi接口文件存在文件上传漏洞",
|
|||
|
|
"author": "网络安全007",
|
|||
|
|
"category": "网络安全007",
|
|||
|
|
"pubDate": "2025-01-03T08:01:26"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | Adobe ColdFusion反序列化漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491967&idx=1&sn=f272d94e20068861012bfdc0fb0343c4",
|
|||
|
|
"description": "Adobe ColdFusion存在路径遍历漏洞,该漏洞可能导致未经身份验证的远程攻击者绕过应用程序的访问限制,从而读取受限目录之外的文件或目录,成功利用该漏洞可能导致敏感信息泄露或系统数据被操纵。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-03T08:00:36"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | 用友NC XML实体注入漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491967&idx=2&sn=835396913c02e3d69338f769abed1682",
|
|||
|
|
"description": "用友NC的/uapws/service/nc.pubitf.rbac.IUserPubServiceWS接口存在XML实体注入漏洞,未经身份验证攻击者可通过该漏洞读取系统重要文件、数据库配置文件等等,导致网站处于极度不安全状态。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-03T08:00:36"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | 用友BIP信息泄露漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491967&idx=3&sn=ae28506ae28775537a4e202b2f314308",
|
|||
|
|
"description": "用友BIP的/bi/api/Portal/GetUserList和/bi/api/SemanticModel/GetOlapConnectionList接口存在信息泄露漏洞,攻击者可利用该漏洞获取管理员的账号密码相关信息。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-03T08:00:36"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Berserk Bear APT 攻击模拟",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247504381&idx=1&sn=8c30fe56c4afbb2ea4c5f72791d5cec6",
|
|||
|
|
"description": "这是对 (Berserk Bear) APT 集团针对全球关键基础设施和能源公司的攻击的模拟,",
|
|||
|
|
"author": "安全狗的自我修养",
|
|||
|
|
"category": "安全狗的自我修养",
|
|||
|
|
"pubDate": "2025-01-03T07:16:51"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "代码审计 - MCMS v5.4.1 0day挖掘",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518041&idx=1&sn=07f9f7aae2aead67b9b4558d64c61cef",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "船山信安",
|
|||
|
|
"category": "船山信安",
|
|||
|
|
"pubDate": "2025-01-03T02:00:28"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "权限维持 | 绕过360核晶、火绒、添加Windows 服服务",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247493775&idx=1&sn=8bfa4ae6e8947d7404efb0226f2facfe",
|
|||
|
|
"description": "动态绕过360核晶、火绒6、defender 添加Windows 服务\\\\x0d\\\\x0a权限维持",
|
|||
|
|
"author": "星落安全团队",
|
|||
|
|
"category": "星落安全团队",
|
|||
|
|
"pubDate": "2025-01-03T00:30:51"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【免杀技术】致盲组件 - AMSI内存修复 (修改一个字节就能绕过AMSI?)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247518064&idx=1&sn=66793f4f20c456ce2161e989ec998c32",
|
|||
|
|
"description": "【免杀技术】致盲组件 - AMSI内存修复 (修改一个字节就能绕过AMSI?)",
|
|||
|
|
"author": "Z2O安全攻防",
|
|||
|
|
"category": "Z2O安全攻防",
|
|||
|
|
"pubDate": "2025-01-03T00:02:34"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "朝鲜黑客“Lazarus”利用新型恶意软件攻击核组织",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491873&idx=1&sn=a4488c39b846fb700b050fcbf22938d0",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "犀牛安全",
|
|||
|
|
"category": "犀牛安全",
|
|||
|
|
"pubDate": "2025-01-03T00:00:00"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【工具更新】BurpSuite最新2024.11版Windows/Mac(附下载)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NjQ5MTM1MA==&mid=2247492751&idx=1&sn=96485ef795e87b2d49db56d3a3a778ac",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "信安404",
|
|||
|
|
"category": "信安404",
|
|||
|
|
"pubDate": "2025-01-02T21:39:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "防范XXE漏洞:XXE攻击详解与应对策略",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTEwNTE1Mw==&mid=2247485171&idx=1&sn=0058b76345fc8ac04545cbf80cdc99e0",
|
|||
|
|
"description": "XXE(XML External Entity)漏洞是一个严重的安全漏洞。当应用程序允许 XML 引用外部实体时,恶意用户可以构造特定内容,从而导致以下危害",
|
|||
|
|
"author": "SDL安全",
|
|||
|
|
"category": "SDL安全",
|
|||
|
|
"pubDate": "2025-01-02T19:48:07"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "MAC地址在网络安全中扮演什么角色?详解设备识别与访问控制",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI5MjY4MTMyMQ==&mid=2247489459&idx=1&sn=62ef1680ac037b39a732c63a197a41ba",
|
|||
|
|
"description": "在网络安全领域,MAC地址(Media Access Control Address)扮演着至关重要的角色。作为网络接口的唯一标识符,MAC地址在OSI模型的第二层运作,为计算机、路由器和智能手机等硬件设备提供永久性的物理地址。",
|
|||
|
|
"author": "HW安全之路",
|
|||
|
|
"category": "HW安全之路",
|
|||
|
|
"pubDate": "2025-01-02T19:42:27"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "基于Go编写的windows日志分析工具 - windows_Log",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzIzNTE0Mzc0OA==&mid=2247486019&idx=1&sn=8439ff27faf464050b0494d7e78f0540",
|
|||
|
|
"description": "基于Go编写的windows日志分析工具",
|
|||
|
|
"author": "GSDK安全团队",
|
|||
|
|
"category": "GSDK安全团队",
|
|||
|
|
"pubDate": "2025-01-02T19:11:53"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【漏洞预警】Apache Arrow代码执行漏洞(CVE-2024-52338)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489395&idx=1&sn=256650cb87713ff212758abde0e2facc",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "飓风网络安全",
|
|||
|
|
"category": "飓风网络安全",
|
|||
|
|
"pubDate": "2025-01-02T18:19:44"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Hyper-V拒绝服务漏洞CVE-2024-43633分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587938&idx=1&sn=501d4121b0437af290d817483a675882",
|
|||
|
|
"description": "看雪论坛作者ID:王cb",
|
|||
|
|
"author": "看雪学苑",
|
|||
|
|
"category": "看雪学苑",
|
|||
|
|
"pubDate": "2025-01-02T18:02:56"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "使用规则管理新功能,进行新年的第一场代码审计!",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247527377&idx=1&sn=986b33d2912d6d5f6b9351fdac951c6d",
|
|||
|
|
"description": "妈妈说再也不怕牛牛搞不定代码审计的规则们了",
|
|||
|
|
"author": "Yak Project",
|
|||
|
|
"category": "Yak Project",
|
|||
|
|
"pubDate": "2025-01-02T17:30:49"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "服务器配置不出网后还存在的威胁",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247569304&idx=2&sn=00dcbff84e7abeb8c65f2e6d09d7f634",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "马哥网络安全",
|
|||
|
|
"category": "马哥网络安全",
|
|||
|
|
"pubDate": "2025-01-02T17:03:56"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "如何像使用专业版一样使用 Burp Suite 社区版",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjY1MjY3OQ==&mid=2247488133&idx=1&sn=53302814fe126ac230ccce904cf1bc81",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "CatalyzeSec",
|
|||
|
|
"category": "CatalyzeSec",
|
|||
|
|
"pubDate": "2025-01-02T17:02:36"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "SSTI模板注入漏洞详解(附一键getshell工具)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTY2ODE1NA==&mid=2247484948&idx=1&sn=480a76ee02ac812d7b8f4f5635fff7b4",
|
|||
|
|
"description": "SSTI漏洞详解",
|
|||
|
|
"author": "Z0安全",
|
|||
|
|
"category": "Z0安全",
|
|||
|
|
"pubDate": "2025-01-02T16:23:33"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次JS中的漏洞挖掘",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247519026&idx=1&sn=1199efa3c2e527406ee3ae0ae85e550d",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "亿人安全",
|
|||
|
|
"category": "亿人安全",
|
|||
|
|
"pubDate": "2025-01-02T16:17:52"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "黑客攻击导致至少16个Chrome浏览器扩展程序被入侵,影响超过60万用户",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492498&idx=1&sn=10ab1206b0915453dfe9f606e7ed2126",
|
|||
|
|
"description": "近日,一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。",
|
|||
|
|
"author": "白泽安全实验室",
|
|||
|
|
"category": "白泽安全实验室",
|
|||
|
|
"pubDate": "2025-01-02T16:03:01"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "数百万用户中招!Chrome扩展开发者遭遇钓鱼攻击",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MDYwMjE3OQ==&mid=2247485982&idx=1&sn=cbe958859fd50288f3c1e6cfdc8cfdb0",
|
|||
|
|
"description": "黑客通过钓鱼攻击目标Chrome扩展开发者,成功注入恶意代码,窃取用户数据,影响了至少35个扩展和260万用户。",
|
|||
|
|
"author": "安全威胁纵横",
|
|||
|
|
"category": "安全威胁纵横",
|
|||
|
|
"pubDate": "2025-01-02T14:58:03"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "LdapNightmare 一个 PoC 工具,用于针对 CVE-2024-49112 易受攻击 Windows Server",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526666&idx=1&sn=51464a34472921949f23f7dfe3591e96",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Ots安全",
|
|||
|
|
"category": "Ots安全",
|
|||
|
|
"pubDate": "2025-01-02T14:46:45"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "BootExecute EDR 绕过",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526666&idx=3&sn=6edcf1ab2673cf3ca5395796ae2cf38d",
|
|||
|
|
"description": "Boot Execute 允许本机应用程序(具有 NtProcessStartup 入口点且仅依赖于 ntdll.dll 的可执行文件)在 Windows 操作系统完全初始化之前运行。这甚至发生在 Windows 服务启动之前。",
|
|||
|
|
"author": "Ots安全",
|
|||
|
|
"category": "Ots安全",
|
|||
|
|
"pubDate": "2025-01-02T14:46:45"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "新的 IOCONTROL 恶意软件用于关键基础设施攻击",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580564&idx=1&sn=b8689abfa62f761f32105a853f2ec51d",
|
|||
|
|
"description": "该恶意软件以“iocontrol”名称存储在“/usr/bin/”目录中,使用模块化配置来适应不同的供应商和设备类型,针对广泛的系统架构。",
|
|||
|
|
"author": "嘶吼专业版",
|
|||
|
|
"category": "嘶吼专业版",
|
|||
|
|
"pubDate": "2025-01-02T14:01:51"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Bug Bounty Tips 0002",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NDQ5NTU0MA==&mid=2647690563&idx=1&sn=4ef423617c04f0a34addc6d0a0226104",
|
|||
|
|
"description": "Bug Bounty Tips",
|
|||
|
|
"author": "Rsec",
|
|||
|
|
"category": "Rsec",
|
|||
|
|
"pubDate": "2025-01-02T13:25:10"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【漏洞复现】SecFox运维安全管理与审计系统FastJson反序列化漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI1NTE2NzQ3NQ==&mid=2247485484&idx=1&sn=105f7b834b3da70b77523462ca24ac4b",
|
|||
|
|
"description": "SecFox运维安全管理与审计系统FastJson反序列化漏洞复现详细过程!",
|
|||
|
|
"author": "网络安全007",
|
|||
|
|
"category": "网络安全007",
|
|||
|
|
"pubDate": "2025-01-02T12:03:34"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Java安全小记-Commons-Collections1反序列化",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247484773&idx=1&sn=123602ba59ef673ba01cb5225b30e419",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "土拨鼠的安全屋",
|
|||
|
|
"category": "土拨鼠的安全屋",
|
|||
|
|
"pubDate": "2025-01-02T11:31:59"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "一款高性能哥斯拉内存代理插件",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NTUzNzY3Ng==&mid=2247488940&idx=1&sn=ad2213ad2da95b67450fe89fbfb0bcbf",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "SecHub网络安全社区",
|
|||
|
|
"category": "SecHub网络安全社区",
|
|||
|
|
"pubDate": "2025-01-02T11:22:34"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "警惕!国产工业路由器零日漏洞疑遭攻击者利用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247359&idx=1&sn=f31ecbd205f72292f49cf6cab4e276a6",
|
|||
|
|
"description": "警惕!国产工业路由器零日漏洞疑遭攻击者利用",
|
|||
|
|
"author": "e安在线",
|
|||
|
|
"category": "e安在线",
|
|||
|
|
"pubDate": "2025-01-02T11:20:57"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Linux渗透实战之Nullbyte靶场提权",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486760&idx=1&sn=4436f1e24f83b27846a8d050810fff1d",
|
|||
|
|
"description": "提权!",
|
|||
|
|
"author": "神农Sec",
|
|||
|
|
"category": "神农Sec",
|
|||
|
|
"pubDate": "2025-01-02T10:36:56"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "面向JS漏洞挖掘",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU5NjA0ODAyNg==&mid=2247485931&idx=1&sn=664afa8dc20695b2d86fddda2830538f",
|
|||
|
|
"description": "最近在研究怎么从JS中挖掘更多有用信息,以前在漏洞挖掘的时候没有对js进行细致的挖掘利用,在研究小程序调试解密的时候发现js文件中可获取信息的点、可挖掘漏洞的点还是很多的,花了一段时间积攒了一些漏洞场景,就有了这篇文章了~~",
|
|||
|
|
"author": "凌晨安全",
|
|||
|
|
"category": "凌晨安全",
|
|||
|
|
"pubDate": "2025-01-02T10:09:44"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "警惕!国产工业路由器零日漏洞疑遭攻击者利用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606042&idx=2&sn=a643b8dd73810f509abdbb3f1c935808",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "黑白之道",
|
|||
|
|
"category": "黑白之道",
|
|||
|
|
"pubDate": "2025-01-02T10:02:15"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Azure Airflow 中配置错误可能会使整个集群受到攻击",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTY0MjIwNg==&mid=2247485306&idx=1&sn=dfa665ba5de97366f35f1233624ad7bc",
|
|||
|
|
"description": "网络安全研究人员在 Microsoft 的 Azure 数据工厂xa0Apache Airflow 中发现了三个安全漏洞",
|
|||
|
|
"author": "星尘安全",
|
|||
|
|
"category": "星尘安全",
|
|||
|
|
"pubDate": "2025-01-02T10:01:04"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【攻防演练】针对溯源反制的思考",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247485408&idx=1&sn=5ce4f37d02eaddc3d60c578ccb17224e",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "富贵安全",
|
|||
|
|
"category": "富贵安全",
|
|||
|
|
"pubDate": "2025-01-02T09:03:17"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "PHP_webshell免杀01-变量绕过",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTcwOTgxMQ==&mid=2247485200&idx=1&sn=469aa3987e94119b78e8c1908a1a1f77",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Spade sec",
|
|||
|
|
"category": "Spade sec",
|
|||
|
|
"pubDate": "2025-01-02T09:00:28"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "面向JS漏洞挖掘",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMzI3OTczNA==&mid=2247487963&idx=1&sn=f152d932bd0d1e3b3513328ced8cf98f",
|
|||
|
|
"description": "最近在研究怎么从JS中挖掘更多有用信息,以前在漏洞挖掘的时候没有对js进行细致的挖掘利用,在研究小程序调试解密的时候发现js文件中可获取信息的点、可挖掘漏洞的点还是很多的,花了一段时间积攒了一些漏洞场景,就有了这篇文章了~~",
|
|||
|
|
"author": "千寻安服",
|
|||
|
|
"category": "千寻安服",
|
|||
|
|
"pubDate": "2025-01-02T08:57:23"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "工具集:Befree【代理池工具】",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247485064&idx=1&sn=191220ed279c2be53143d739529b524a",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "风铃Sec",
|
|||
|
|
"category": "风铃Sec",
|
|||
|
|
"pubDate": "2025-01-02T08:49:35"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【免杀手法】红队免杀木马快速生成",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494516&idx=1&sn=ba05bd2a798f4d5943bf08abb734ad45",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "七芒星实验室",
|
|||
|
|
"category": "七芒星实验室",
|
|||
|
|
"pubDate": "2025-01-02T08:38:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "JRMP通信攻击过程及利用介绍",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494516&idx=2&sn=98352908d6489fcf5fe0862ca0352daa",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "七芒星实验室",
|
|||
|
|
"category": "七芒星实验室",
|
|||
|
|
"pubDate": "2025-01-02T08:38:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Zebo-0.1.0 和 Cometlogger-0.1 中的 Python 恶意软件被发现窃取用户数据",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486165&idx=1&sn=db8306ba27ab37b90c6c1f0d759c9b13",
|
|||
|
|
"description": "为了防范这些威胁,至关重要的是断开互联网连接、隔离受感染的系统、使用信誉良好的防病毒软件以及在必要时重新格式化系统。",
|
|||
|
|
"author": "三沐数安",
|
|||
|
|
"category": "三沐数安",
|
|||
|
|
"pubDate": "2025-01-02T08:30:33"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【技术分享】文件上传XSS漏洞的利用方式",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMTY1MTIzOA==&mid=2247484520&idx=1&sn=f5521e504c8b6e019aad5f78b8fdcf54",
|
|||
|
|
"description": "本文讲述了在无法解析利用的废弃文件上传漏洞的前提下,去触发XSS漏洞,来进行水报告的一种思路方式。在SRC挖掘时碰到过上传HTML文件触发XSS漏洞,被确认为XSS存储漏洞给奖励的,但是大多数的SRC厂商都是不收的,不过项目上水报告很好用。",
|
|||
|
|
"author": "剁椒Muyou鱼头",
|
|||
|
|
"category": "剁椒Muyou鱼头",
|
|||
|
|
"pubDate": "2025-01-02T08:30:17"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "快速识别网络钓鱼攻击的8种迹象",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU4NjY3OTAzMg==&mid=2247514613&idx=2&sn=4212277eea3f9fb277c2559d80852fad",
|
|||
|
|
"description": "网络钓鱼已成为最常见、也最容易得逞的攻击手段之一。随着网络技术的不断发展,钓鱼攻击的伪装手段也变得愈发狡诈,攻击频次不断提升,各种新奇",
|
|||
|
|
"author": "天津恒御科技有限公司",
|
|||
|
|
"category": "天津恒御科技有限公司",
|
|||
|
|
"pubDate": "2025-01-02T08:15:42"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "ysoSimple:简易的Java漏洞利用工具,集成Java、Hessian、XStream、Shiro550反序列化等",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247493133&idx=1&sn=58da466e03801a32a4977feb65c2ac71",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "夜组安全",
|
|||
|
|
"category": "夜组安全",
|
|||
|
|
"pubDate": "2025-01-02T08:11:14"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | 蓝凌OA SSRF漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491966&idx=2&sn=0109569e3097888c035be7756d35dae4",
|
|||
|
|
"description": "蓝凌OA存在SSRF漏洞,未经身份验证攻击者可通过该漏洞读取系统重要文件,导致网站处于极度不安全状态。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-02T08:01:25"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | 泛微E-Bridge SQL注入漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491966&idx=3&sn=9d8938cb9e5e52e23bd52f350b6a80a2",
|
|||
|
|
"description": "泛微E-Bridge的/taste/checkMobile接口存在SQL注入漏洞,未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2025-01-02T08:01:25"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "X-Ways Forensics 功能介绍——事件列表功能",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTU3NTY0Nw==&mid=2247489471&idx=1&sn=c63c57513f5c0f910e79851dfa724f28",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "网络安全与取证研究",
|
|||
|
|
"category": "网络安全与取证研究",
|
|||
|
|
"pubDate": "2025-01-02T08:00:48"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "紧急!Palo Alto Networks 防火墙遭 DoS 攻击,黑客利用 CVE-2024-3393 漏洞致其瘫痪!",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899899&idx=1&sn=2f85cb1a3466fd4c8372b3207ce3c810",
|
|||
|
|
"description": "Palo Alto Networks 近日发布紧急安全警告, PAN-OS 软件的 DNS Security 功能存在严重拒绝服务 (DoS) 漏洞 (CVE-2024-3393),黑客正利用该漏洞发动攻击,迫使防火墙重启,甚至进入维护模式",
|
|||
|
|
"author": "技术修道场",
|
|||
|
|
"category": "技术修道场",
|
|||
|
|
"pubDate": "2025-01-02T08:00:47"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "多接口版MD5解密工具源码",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3MTE0NTg4OQ==&mid=2247484083&idx=1&sn=38539eb625ffe5cf76a9fb658dd06351",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "HackTips",
|
|||
|
|
"category": "HackTips",
|
|||
|
|
"pubDate": "2025-01-02T07:57:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "利用UEFI内存Dump绕过BitLocker加密,支持Windows11(24H2)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492812&idx=1&sn=a68182005a3969d84629af1888276b9f",
|
|||
|
|
"description": "在上一篇文章主要介绍了利用外部硬件设备进行信号截取的方式获取数据, 而本文的实现方式更为方便,只需要一个USB设备就能完成, 实现方法是利用一个名为Memory-Dump-UEFI的工具从内存中提取完整卷加密密钥(FVEK)。",
|
|||
|
|
"author": "二进制空间安全",
|
|||
|
|
"category": "二进制空间安全",
|
|||
|
|
"pubDate": "2025-01-02T07:30:22"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "文末获取 | 一款替代Frp完美消除网络特征的内网穿透神器",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247493766&idx=1&sn=bc254ad7989b96cbfd9eeeae567eb99e",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "星落安全团队",
|
|||
|
|
"category": "星落安全团队",
|
|||
|
|
"pubDate": "2025-01-02T00:00:36"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次某红蓝演练经历",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMjY1NDMxMg==&mid=2247485002&idx=1&sn=175696cd5f18931fe426b67081550764",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "红细胞安全实验室",
|
|||
|
|
"category": "红细胞安全实验室",
|
|||
|
|
"pubDate": "2025-01-01T23:59:27"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "构建一个绕过杀毒软件检测的 RuntimeInstaller Payload Pipeline",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486112&idx=1&sn=ed6846e7a1992739afc59e3a1136ba82",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "securitainment",
|
|||
|
|
"category": "securitainment",
|
|||
|
|
"pubDate": "2025-01-01T23:33:43"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "第二十课-系统学习代码审计:Java反序列化基础-fastjson反序列化漏洞原理分析fastjson利用条件分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjY0NDM3OA==&mid=2247484167&idx=1&sn=b3d525b35dd2e4849cdb43db78477e55",
|
|||
|
|
"description": "第二十课-系统学习代码审计:Java反序列化基础-fastjson反序列化漏洞原理分析fastjson利用条件分析",
|
|||
|
|
"author": "安全随心录",
|
|||
|
|
"category": "安全随心录",
|
|||
|
|
"pubDate": "2025-01-01T22:50:14"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【翻译】使用 LLM 编写隐秘的恶意 JavaScript,以逃避恶意软件检测,甚至欺骗 VirusTotal",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NzgzMjUzOA==&mid=2247485433&idx=1&sn=f5e5e19630e7b70daaaad4ff65f13a4d",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "安全视安",
|
|||
|
|
"category": "安全视安",
|
|||
|
|
"pubDate": "2025-01-01T20:26:52"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Linux应急响应工具 - LER",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzIzNTE0Mzc0OA==&mid=2247486018&idx=1&sn=f418c5b1882778b2d17bb5f5235f449c",
|
|||
|
|
"description": "Linux应急响应工具 - LER",
|
|||
|
|
"author": "GSDK安全团队",
|
|||
|
|
"category": "GSDK安全团队",
|
|||
|
|
"pubDate": "2025-01-01T19:11:56"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "PWN入门:三打竞态条件漏洞-DirtyCOW",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587913&idx=2&sn=98c0e76217bf3df9659f9e697ec2775d",
|
|||
|
|
"description": "看雪论坛作者ID:福建炒饭乡会",
|
|||
|
|
"author": "看雪学苑",
|
|||
|
|
"category": "看雪学苑",
|
|||
|
|
"pubDate": "2025-01-01T18:00:09"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Azure Airflow 中 Kubernetes RBAC 配置错误可能导致整个集群遭受攻击",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493759&idx=4&sn=633b5f1fd57b44083383dbfa40c96d82",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "独眼情报",
|
|||
|
|
"category": "独眼情报",
|
|||
|
|
"pubDate": "2025-01-01T11:13:48"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "分享应急响应排查——windows应急响应详细解析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486709&idx=1&sn=70603444fa226522eb7fc334ead763d0",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "神农Sec",
|
|||
|
|
"category": "神农Sec",
|
|||
|
|
"pubDate": "2025-01-01T10:00:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Windows环境实现无缝文件同步",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ0NzQwNA==&mid=2247485799&idx=1&sn=4754937e48de965375a73e52aee67067",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "网络个人修炼",
|
|||
|
|
"category": "网络个人修炼",
|
|||
|
|
"pubDate": "2025-01-01T10:00:28"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "一种难以检测的批量禁用EDR传感检测的攻击手法",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492783&idx=1&sn=707997e9eb229d9ece7625a7b7cba2c7",
|
|||
|
|
"description": "Windows Defender应用程序控制(WDAC)技术是Windows 10 和 Windows Server 2016 起开始引入并默认启用。它允许组织对其 Windows 设备上允许运行的可执行代码进行精细控制。",
|
|||
|
|
"author": "二进制空间安全",
|
|||
|
|
"category": "二进制空间安全",
|
|||
|
|
"pubDate": "2025-01-01T10:00:19"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次从JS源码分析到任意用户登录",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606022&idx=3&sn=84a93bab7256c027deed8208c418cac5",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "黑白之道",
|
|||
|
|
"category": "黑白之道",
|
|||
|
|
"pubDate": "2025-01-01T09:37:12"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "服务器配置不出网后还存在的威胁",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247517628&idx=1&sn=0b204c5d4da4bacb92208c83d3040e43",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "HACK之道",
|
|||
|
|
"category": "HACK之道",
|
|||
|
|
"pubDate": "2025-01-01T09:08:21"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【技术分享】Shiro框架下文件读取漏洞快速利用思路",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMTY1MTIzOA==&mid=2247484482&idx=1&sn=6ebfcd11af1fdd86f306e7c16c822820",
|
|||
|
|
"description": "本文只讲述了Shiro框架下文件读取漏洞快速利用思路,实际渗透测试时,会碰到各种各样的文件读取下载漏洞,并不一定就是Shiro框架,所以各位朋友就当作一个简单的思路来看就好,实际环境下还是需要随机应变。",
|
|||
|
|
"author": "剁椒Muyou鱼头",
|
|||
|
|
"category": "剁椒Muyou鱼头",
|
|||
|
|
"pubDate": "2025-01-01T09:02:15"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "WebShell代码免杀方式",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTYwMTk4Mw==&mid=2247488152&idx=1&sn=32b64fa1cbb756b6137458408a32ef17",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "网安探索员",
|
|||
|
|
"category": "网安探索员",
|
|||
|
|
"pubDate": "2025-01-01T08:30:44"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "ZeroEye3.0自动化找白文件,提升免杀效率,实现降本增效",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247488767&idx=1&sn=0e7e75025c1ff2a5bff4b17cbb5f4a6a",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "白帽学子",
|
|||
|
|
"category": "白帽学子",
|
|||
|
|
"pubDate": "2025-01-01T08:11:51"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【神兵利器】Windows通用免杀shellcode生成器",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494515&idx=1&sn=b392e81a3b031da86733719a48315b4b",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "七芒星实验室",
|
|||
|
|
"category": "七芒星实验室",
|
|||
|
|
"pubDate": "2025-01-01T07:00:29"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【扫盲系列】HTTPS 和 SSL/TLS 协议[8]:国密TLCP之身份鉴别",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247519251&idx=1&sn=38ff208c2f953c25addb38b26d1ea621",
|
|||
|
|
"description": "【扫盲系列】HTTPS 和 SSL/TLS 协议[8]:国密TLCP之身份鉴别",
|
|||
|
|
"author": "利刃信安",
|
|||
|
|
"category": "利刃信安",
|
|||
|
|
"pubDate": "2025-01-01T02:43:24"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "内核攻防-高权限继承",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517955&idx=1&sn=d8555d24bc4f311b2dce16e224a6954b",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "船山信安",
|
|||
|
|
"category": "船山信安",
|
|||
|
|
"pubDate": "2025-01-01T02:00:25"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "简单的order by注入记录",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU4Mzc4MDQyOQ==&mid=2247484406&idx=1&sn=4171c1f7807b4d863e01449bcfe50400",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "安全的黑魔法",
|
|||
|
|
"category": "安全的黑魔法",
|
|||
|
|
"pubDate": "2025-01-01T00:40:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Cleo 远程代码执行漏洞复现(CVE-2024-50623)(附脚本)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515415&idx=1&sn=0302b4a3ffa8ce6ea4ef4b342f977b64",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Web安全工具库",
|
|||
|
|
"category": "Web安全工具库",
|
|||
|
|
"pubDate": "2025-01-01T00:28:39"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【漏洞预警】Apache Traffic Control SQL注入漏洞(CVE-2024-45387)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489384&idx=1&sn=985ccff71c2ce2fbab9504240e929608",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "飓风网络安全",
|
|||
|
|
"category": "飓风网络安全",
|
|||
|
|
"pubDate": "2024-12-31T23:53:57"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "攻防靶场(29):目录权限和文件权限 ICMP",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NjA3Mzk2NQ==&mid=2247495364&idx=1&sn=9a18611e93f4bff5cce4e0979165ed09",
|
|||
|
|
"description": "基于 ATTCK 的OSCP PG Play 靶场 WriteUp",
|
|||
|
|
"author": "OneMoreThink",
|
|||
|
|
"category": "OneMoreThink",
|
|||
|
|
"pubDate": "2024-12-31T22:35:11"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "深入浅出API测试|搜集分析与漏洞挖掘实战",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496715&idx=1&sn=5df17524d1be3680c48f6168438b7a70",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "迪哥讲事",
|
|||
|
|
"category": "迪哥讲事",
|
|||
|
|
"pubDate": "2024-12-31T22:30:54"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "警惕!国产工业路由器零日漏洞疑遭攻击者利用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247633465&idx=3&sn=ef758b05548bc18a71aefb5a10e8d08f",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "商密君",
|
|||
|
|
"category": "商密君",
|
|||
|
|
"pubDate": "2024-12-31T22:05:12"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "关于防范SafePay勒索病毒的风险提示",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247633465&idx=4&sn=c60fd0fa97ea5028d8cb95970b0bdc35",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "商密君",
|
|||
|
|
"category": "商密君",
|
|||
|
|
"pubDate": "2024-12-31T22:05:12"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "哥斯拉(Godzilla)流量特征修改",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU5NjYwNDIyOQ==&mid=2247484795&idx=1&sn=876fe5d839a9e2891885c3d914d36f7a",
|
|||
|
|
"description": "哥斯拉(Godzilla)流量特征修改",
|
|||
|
|
"author": "走在网安路上的哥布林",
|
|||
|
|
"category": "走在网安路上的哥布林",
|
|||
|
|
"pubDate": "2024-12-31T20:56:08"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "MSSQL注入xp_cmdshell无回显的一些研究",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3MjU5MDc5MA==&mid=2247483776&idx=1&sn=f18cb731b5b0bde68eb5de22dd3ef7c4",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "小白安全",
|
|||
|
|
"category": "小白安全",
|
|||
|
|
"pubDate": "2024-12-31T20:21:01"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "关于防范SafePay勒索病毒的风险提示",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094494&idx=2&sn=dff517feaaf5131c415ba2e422d33315",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "网安百色",
|
|||
|
|
"category": "网安百色",
|
|||
|
|
"pubDate": "2024-12-31T19:31:05"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "ELF文件结构浅析-解析器和加载器实现",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587912&idx=1&sn=4ad15eeb82b8a9aa74549d38c434f8bc",
|
|||
|
|
"description": "看雪论坛作者ID:东方玻璃",
|
|||
|
|
"author": "看雪学苑",
|
|||
|
|
"category": "看雪学苑",
|
|||
|
|
"pubDate": "2024-12-31T18:01:41"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Docker逃逸详解(二)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNTU3MjA3OQ==&mid=2247484997&idx=1&sn=ad95ee62d94f0aff51a87d4a46002881",
|
|||
|
|
"description": "远程API未授权访问逃逸",
|
|||
|
|
"author": "安全攻防屋",
|
|||
|
|
"category": "安全攻防屋",
|
|||
|
|
"pubDate": "2024-12-31T17:47:50"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "通过条件竞争实现内核提权",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNTIwNTkyNg==&mid=2247552846&idx=1&sn=f1718b0814dd2d5c433ad291df24d85c",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "蚁景网络安全",
|
|||
|
|
"category": "蚁景网络安全",
|
|||
|
|
"pubDate": "2024-12-31T17:40:12"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "一个灰常牛皮的全自动WAF绕过脚本",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247569276&idx=2&sn=bbf6efedb8fa3ac08aa7f12322a3585c",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "马哥网络安全",
|
|||
|
|
"category": "马哥网络安全",
|
|||
|
|
"pubDate": "2024-12-31T17:00:33"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "SRC挖掘之Access验证校验的漏洞挖掘",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247488012&idx=1&sn=03cd5f595007f6e1342a05b1a4342891",
|
|||
|
|
"description": "可获取全校师生个人min感信息...",
|
|||
|
|
"author": "蚁景网安",
|
|||
|
|
"category": "蚁景网安",
|
|||
|
|
"pubDate": "2024-12-31T16:30:32"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "FICORA、CAPSAICIN 僵尸网络利用旧 D-Link 路由器漏洞发起 DDoS 攻击",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486154&idx=1&sn=f07ce16c527fab05e35d43f5cd4daa4a",
|
|||
|
|
"description": "Mirai 和 Keksec 僵尸网络变体正在利用 D-Link 路由器中的关键漏洞。了解影响、受影响的设备以及如何保护自己免受这些攻击。",
|
|||
|
|
"author": "三沐数安",
|
|||
|
|
"category": "三沐数安",
|
|||
|
|
"pubDate": "2024-12-31T16:25:49"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "瑞斯康达智能网关命令执行漏洞简单分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODMwNjQzMA==&mid=2247485755&idx=1&sn=2424459bff9c2f58c6001e3ab850dbd0",
|
|||
|
|
"description": "瑞斯康达智能网关命令执行漏洞简单分析",
|
|||
|
|
"author": "XK Team",
|
|||
|
|
"category": "XK Team",
|
|||
|
|
"pubDate": "2024-12-31T16:20:06"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次从JS源码分析到任意用户登录",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247518987&idx=1&sn=14661694761c987472aa5a295a74d91a",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "亿人安全",
|
|||
|
|
"category": "亿人安全",
|
|||
|
|
"pubDate": "2024-12-31T16:08:20"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【免杀实战】 - R3Kill掉system启动的火绒6.0主程序 * 追加篇",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDUzNjk4MQ==&mid=2247484820&idx=1&sn=4d47c7cb3ac314eb7144c0e884edc89c",
|
|||
|
|
"description": "火绒无法保障计算机安全!!!",
|
|||
|
|
"author": "零攻防",
|
|||
|
|
"category": "零攻防",
|
|||
|
|
"pubDate": "2024-12-31T16:05:16"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "通过代码审计用友获取CNVD高危证书",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzODQzNTU2NA==&mid=2247486264&idx=1&sn=d66a1443fa5d075f4be3fefff1faf36e",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "天启互联网实验室",
|
|||
|
|
"category": "天启互联网实验室",
|
|||
|
|
"pubDate": "2024-12-31T16:01:52"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "通过代码审计用友获取CNVD高危证书",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxNzkyOTgxMw==&mid=2247493750&idx=1&sn=322743019a204e55a45f57cb47685ea7",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "哈拉少安全小队",
|
|||
|
|
"category": "哈拉少安全小队",
|
|||
|
|
"pubDate": "2024-12-31T14:52:53"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【最新】推特蓝V公布 7zip 0day(续篇)7-Zip LZMA 解码器漏洞与缓冲区溢出攻击",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NzgzMjUzOA==&mid=2247485415&idx=1&sn=42033006d1c3f341464004d58fb21f4a",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "安全视安",
|
|||
|
|
"category": "安全视安",
|
|||
|
|
"pubDate": "2024-12-31T14:45:02"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Objection Hook初探",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMzI3OTczNA==&mid=2247487835&idx=1&sn=aa3bb0d6b9d8ab0e1628ff35cae355f5",
|
|||
|
|
"description": "Objection 是一个功能强大的移动安全和逆向工程工具,它利用 Frida 来在运行时对 Android 和 iOS 应用进行探索、调试和修改。通过命令行的方式提供丰富的功能选项,适用于安全研究人员和开发者进行移动应用的测试和逆向工程。",
|
|||
|
|
"author": "千寻安服",
|
|||
|
|
"category": "千寻安服",
|
|||
|
|
"pubDate": "2024-12-31T14:01:29"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Telegram 几款手机号码落查、定位工具",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247543310&idx=1&sn=ce55a583832cea6baf03c8b2ae181943",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Hacking黑白红",
|
|||
|
|
"category": "Hacking黑白红",
|
|||
|
|
"pubDate": "2024-12-31T13:50:53"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "概念验证远程桌面(RDP)会话劫持实用程序",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526560&idx=1&sn=b29d3d2bdc284b67b377900a94b155aa",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Ots安全",
|
|||
|
|
"category": "Ots安全",
|
|||
|
|
"pubDate": "2024-12-31T13:48:59"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "利用 AD CS 错误配置,允许从任何子域到整个林的权限升级和持久化",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526560&idx=2&sn=743c40e7d7cddc4ce1a3929e7da630a8",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Ots安全",
|
|||
|
|
"category": "Ots安全",
|
|||
|
|
"pubDate": "2024-12-31T13:48:59"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Linux 内核漏洞 CVE-2023-4147:针对权限提升缺陷的 PoC 漏洞已发布",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526560&idx=4&sn=f3a9bdb2740228cbc942151a6713f073",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Ots安全",
|
|||
|
|
"category": "Ots安全",
|
|||
|
|
"pubDate": "2024-12-31T13:48:59"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Windows Defender 网络检测驱动程序内部导览",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486103&idx=1&sn=a4eaf7b6d33962b75db7a1e9b9881c2f",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "securitainment",
|
|||
|
|
"category": "securitainment",
|
|||
|
|
"pubDate": "2024-12-31T13:37:59"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Windows 11 (24H2版本) BitLocker加密绕过方案",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493699&idx=3&sn=051c69db407c416f6a69790ded2dcbd7",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "独眼情报",
|
|||
|
|
"category": "独眼情报",
|
|||
|
|
"pubDate": "2024-12-31T12:40:56"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Oracle WebLogic Server 漏洞可让攻击者远程入侵服务器",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493699&idx=4&sn=6bbd40cf4080f5974706d1e44302f9b0",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "独眼情报",
|
|||
|
|
"category": "独眼情报",
|
|||
|
|
"pubDate": "2024-12-31T12:40:56"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "一次曲折的文件上传漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NzIxMDYxMw==&mid=2247504295&idx=1&sn=55e32a8a79eebc042916417c79214dd3",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "听风安全",
|
|||
|
|
"category": "听风安全",
|
|||
|
|
"pubDate": "2024-12-31T12:32:04"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "从CloudFlare配置错误到登录管理后台",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614900&idx=1&sn=d1fdd58ff5af1ce9b537af23f4027987",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "白帽子左一",
|
|||
|
|
"category": "白帽子左一",
|
|||
|
|
"pubDate": "2024-12-31T12:01:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次护网通过外网弱口令一路到内网",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247546389&idx=1&sn=15e113a1110bf9fa380626975cd8f0d4",
|
|||
|
|
"description": "记一次护网通过外网弱口令一路到内网",
|
|||
|
|
"author": "掌控安全EDU",
|
|||
|
|
"category": "掌控安全EDU",
|
|||
|
|
"pubDate": "2024-12-31T12:01:11"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "CVE-2024-52046 Apache MINA反序列化漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NzczNTM1MQ==&mid=2247485113&idx=1&sn=50df90ad4a66b95ba4c48d29d449b8b0",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "云梦安全",
|
|||
|
|
"category": "云梦安全",
|
|||
|
|
"pubDate": "2024-12-31T11:52:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "CVE-2024-12856 四信Four-Faith路由器存在命令注入漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NzczNTM1MQ==&mid=2247485113&idx=2&sn=45c7416f428ce01ae543c22d001b2eaa",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "云梦安全",
|
|||
|
|
"category": "云梦安全",
|
|||
|
|
"pubDate": "2024-12-31T11:52:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Burp Suite 插件 BurpGPT,可执行额外的被动扫描,以发现高度定制的漏洞,并可以运行任何类型的基于流量的分析。",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247493117&idx=1&sn=5cbf11851c6bc22bb2af1ea69009af0a",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "夜组安全",
|
|||
|
|
"category": "夜组安全",
|
|||
|
|
"pubDate": "2024-12-31T11:30:21"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "免杀基础-shellcode注入详解",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDg3OTc0OA==&mid=2247489219&idx=1&sn=ab08d440a570716aea2c25f3b733a19d",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Relay学安全",
|
|||
|
|
"category": "Relay学安全",
|
|||
|
|
"pubDate": "2024-12-31T10:17:35"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【漏洞通告】Apache Traffic Control SQL注入漏洞安全风险通告",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU4NjY4MDAyNQ==&mid=2247496908&idx=1&sn=352ac8e21fec342905ad73d02a58e740",
|
|||
|
|
"description": "近日,嘉诚安全监测到Apache Traffic Control中存在一个SQL注入漏洞,鉴于漏洞危害较大,嘉诚安全提醒相关用户尽快更新至安全版本,避免引发漏洞相关的网络安全事件。",
|
|||
|
|
"author": "嘉诚安全",
|
|||
|
|
"category": "嘉诚安全",
|
|||
|
|
"pubDate": "2024-12-31T09:31:25"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "2024年挖洞记录",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI4MjI2NDI1Ng==&mid=2247484781&idx=1&sn=725693ce15070d359938fdf8d8150f59",
|
|||
|
|
"description": "回顾下2024年挖的一些洞",
|
|||
|
|
"author": "安全艺术",
|
|||
|
|
"category": "安全艺术",
|
|||
|
|
"pubDate": "2024-12-31T09:15:34"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Word宏样本分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ5MDM3NA==&mid=2247487882&idx=1&sn=4d675bac7378edc520bf2fa1c78f07e2",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "SecretTeam安全团队",
|
|||
|
|
"category": "SecretTeam安全团队",
|
|||
|
|
"pubDate": "2024-12-31T09:14:08"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "日志分析——被入侵的 WordPress",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyMjcxNzE2MQ==&mid=2247484530&idx=1&sn=a72d1b6359f2f7027e778942fe23eae2",
|
|||
|
|
"description": "日志分析——被入侵的 WordPress",
|
|||
|
|
"author": "白帽攻防",
|
|||
|
|
"category": "白帽攻防",
|
|||
|
|
"pubDate": "2024-12-31T09:06:01"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "应急研判|原创最详细Windows应急响应研判思路讲解",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDE5OTQyNQ==&mid=2247488222&idx=1&sn=89431823197e067fe4cc9e210ca5ebca",
|
|||
|
|
"description": "本次视频学习以下内容:Windows主机排查、WEB日志研研判分析、综合流量分析,主要知识点:利用任何可利用的工具进行快速应急研判,不限于命令行,视频讲的比较细,所以时长较长,请沉浸式观看",
|
|||
|
|
"author": "州弟学安全",
|
|||
|
|
"category": "州弟学安全",
|
|||
|
|
"pubDate": "2024-12-31T09:03:19"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "攻击者正在利用 Four-Faith 工业路由器中的命令注入漏洞来部署反向 shell",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793690&idx=3&sn=6545990d8d094c2f6b2efa2c79bf0e8a",
|
|||
|
|
"description": "对工业路由器的攻击行动。",
|
|||
|
|
"author": "军哥网络安全读报",
|
|||
|
|
"category": "军哥网络安全读报",
|
|||
|
|
"pubDate": "2024-12-31T09:00:40"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "利用云服务实现分布式信息收集&&新插件",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMDY5OTA3OA==&mid=2247483755&idx=1&sn=c64fc33dc9fed3035c74effb79a4319e",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "SecSentry",
|
|||
|
|
"category": "SecSentry",
|
|||
|
|
"pubDate": "2024-12-31T08:30:48"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Weblogic 8.x早期版本后台部署war包获取shell方法与坑点总结",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyMDM4NDM5Ng==&mid=2247490003&idx=1&sn=0bedacadfd73ce1b8527185f53972a86",
|
|||
|
|
"description": "过去几年,在内网中多次遇到weblogic 8.x,与10.x及后续版本相比,早期版本的weblogic后台获取shell的过程会比较复杂",
|
|||
|
|
"author": "安全洞察知识图谱",
|
|||
|
|
"category": "安全洞察知识图谱",
|
|||
|
|
"pubDate": "2024-12-31T08:30:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | GeoServer远程代码执行漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491934&idx=1&sn=c056c4384930ffec5352c63b06b11434",
|
|||
|
|
"description": "GeoServer的/geoserver/wfs接口存在远程代码执行漏洞,如果应用程序使用某些GeoTools功能来评估用户输入提供的XPath表达式,则未经身份验证的攻击者可以通过该漏洞远程执行任意代码,从而控制目标服务器。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2024-12-31T08:03:53"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞预警 | Sophos Firewall SQL注入、弱凭证和代码注入漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491934&idx=3&sn=d94a3dfc31a0ad8f9e870fdff248dc44",
|
|||
|
|
"description": "Sophos Firewall存在多个安全漏洞,攻击者可通过漏洞获取敏感信息、特权访问、执行任意代码等,建议相关用户及时更新。",
|
|||
|
|
"author": "浅安安全",
|
|||
|
|
"category": "浅安安全",
|
|||
|
|
"pubDate": "2024-12-31T08:03:53"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "MuMu模拟器Frida 逆向某颜色APP实战",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5MzMzNTUzMA==&mid=2247485990&idx=1&sn=e53fd4c06aa08935844f4aeabb00ee50",
|
|||
|
|
"description": "免责声明:由于传播、利用本公众号SSP安全研究所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人",
|
|||
|
|
"author": "SSP安全研究",
|
|||
|
|
"category": "SSP安全研究",
|
|||
|
|
"pubDate": "2024-12-31T08:00:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "警惕!锐捷网络云平台曝严重漏洞,全球约 5 万台设备或遭远程控制!",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899889&idx=1&sn=6060673f25972e58339a5a40ae67e4be",
|
|||
|
|
"description": "近日,网络安全研究人员发现锐捷网络开发的云管理平台存在多个安全漏洞,攻击者可以利用这些漏洞控制接入该平台的网络设备。",
|
|||
|
|
"author": "技术修道场",
|
|||
|
|
"category": "技术修道场",
|
|||
|
|
"pubDate": "2024-12-31T08:00:11"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【神兵利器】基于PE Patch后渗透免杀工具",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494392&idx=1&sn=e8f6de1032f93d1fe80ea8c5bfce5ce4",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "七芒星实验室",
|
|||
|
|
"category": "七芒星实验室",
|
|||
|
|
"pubDate": "2024-12-31T07:00:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Kerberos协议之AS_REQ&AS_REP",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494392&idx=2&sn=d2c5e1af4cc775d8403dc1d43c17166c",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "七芒星实验室",
|
|||
|
|
"category": "七芒星实验室",
|
|||
|
|
"pubDate": "2024-12-31T07:00:13"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "CVE-2024-42327:Zabbix SQL注入漏洞分析漏洞分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517945&idx=1&sn=866df104f09aad13fccf1e26c6c78bc8",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "船山信安",
|
|||
|
|
"category": "船山信安",
|
|||
|
|
"pubDate": "2024-12-31T02:00:20"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Four-Faith 路由器pre-auth 命令注入漏洞(CVE-2024-12856)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzUxMjc0MTE3Mw==&mid=2247494831&idx=1&sn=5aaadb7d61edb505bc39101bbd83d4b9",
|
|||
|
|
"description": "此漏洞允许远程攻击者通过 /apply.cgi 接口的 adj_time_year 参数,在修改设备系统时间(submit_type=adjust_sys_time)时注入恶意命令。",
|
|||
|
|
"author": "锋刃科技",
|
|||
|
|
"category": "锋刃科技",
|
|||
|
|
"pubDate": "2024-12-31T00:15:42"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "利用白加黑静/动态逃逸杀软",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247493760&idx=1&sn=6d4d7227c23451c32bddd0f938a694d3",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "星落安全团队",
|
|||
|
|
"category": "星落安全团队",
|
|||
|
|
"pubDate": "2024-12-31T00:00:44"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次某红蓝演练经历",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486396&idx=1&sn=1c3899153360d0cf36bd7469b356fccb",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "TtTeam",
|
|||
|
|
"category": "TtTeam",
|
|||
|
|
"pubDate": "2024-12-31T00:00:14"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【漏洞预警】Craft CMS register_argc_argv 致模板注入代码执行漏洞(CVE-2024-56145)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489376&idx=1&sn=c143a56e17c582e5f043c8486dacb182",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "飓风网络安全",
|
|||
|
|
"category": "飓风网络安全",
|
|||
|
|
"pubDate": "2024-12-30T22:54:39"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【免杀实战】 - 低权限kill火绒,让火绒6.0内存扫描形同虚设",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDUzNjk4MQ==&mid=2247484809&idx=1&sn=e6b27e3ceffc6692ee50c8ee813cb39b",
|
|||
|
|
"description": "火绒正在绞尽脑子的保护你的电脑!!!",
|
|||
|
|
"author": "零攻防",
|
|||
|
|
"category": "零攻防",
|
|||
|
|
"pubDate": "2024-12-30T21:57:19"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "CVE-2024-21182 - Oracle Weblogic Server 漏洞利用 PoC 发布",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526526&idx=1&sn=b40e4e0b3bfdf287bdb7d6d93a01a914",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Ots安全",
|
|||
|
|
"category": "Ots安全",
|
|||
|
|
"pubDate": "2024-12-30T20:19:59"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Krueger 是一种概念验证 (PoC) .NET 后利用工具",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526526&idx=2&sn=cef20dd8649aac66ad56c7106ed00265",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Ots安全",
|
|||
|
|
"category": "Ots安全",
|
|||
|
|
"pubDate": "2024-12-30T20:19:59"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "近期 Apache Struts 2 严重漏洞开始被利用",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486138&idx=1&sn=ea815812a6b145f0e3cff283fef7d86e",
|
|||
|
|
"description": "研究人员警告称,恶意攻击利用 Apache Struts 2 中最近修补的严重漏洞,导致远程代码执行 (RCE)。",
|
|||
|
|
"author": "三沐数安",
|
|||
|
|
"category": "三沐数安",
|
|||
|
|
"pubDate": "2024-12-30T19:53:51"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "webshell取证工具 - webshell-decryptor",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzIzNTE0Mzc0OA==&mid=2247486017&idx=1&sn=f782c6501d8c4529267e674e968698ff",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "GSDK安全团队",
|
|||
|
|
"category": "GSDK安全团队",
|
|||
|
|
"pubDate": "2024-12-30T19:48:03"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "复测 Apache Tomcat 远程代码执行漏洞(CVE-2024-50379)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU4NDY3MTk2NQ==&mid=2247491006&idx=1&sn=ae1eb85988018523b6fede2de404e828",
|
|||
|
|
"description": "1、可以跨目录进行上传文件,除了../和./ ,必须知道目录,不然报错\\\\x0d\\\\x0a\\\\x0d\\\\x0a2、功能点如果只是读取文件不落地,该漏洞不会有影响\\\\x0d\\\\x0a\\\\x0d\\\\x0a3、全版本存在漏洞",
|
|||
|
|
"author": "网安守护",
|
|||
|
|
"category": "网安守护",
|
|||
|
|
"pubDate": "2024-12-30T19:05:52"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "安全卫士 | 魔方安全漏洞周报",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzA5NDc0MA==&mid=2649291998&idx=1&sn=36120636ca1c352ce916cebd14212209",
|
|||
|
|
"description": "成事在微,筑防于先。魔方安全提醒您:注意企业网络空间资产安全!",
|
|||
|
|
"author": "魔方安全",
|
|||
|
|
"category": "魔方安全",
|
|||
|
|
"pubDate": "2024-12-30T18:31:00"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "Palo Alto 修复已遭利用的严重PAN-OS DoS 漏洞",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247521932&idx=1&sn=518332fa38f3263ee23df7a70c1187d3",
|
|||
|
|
"description": "速修复",
|
|||
|
|
"author": "代码卫士",
|
|||
|
|
"category": "代码卫士",
|
|||
|
|
"pubDate": "2024-12-30T18:12:31"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "细说软件保护",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587900&idx=1&sn=c8d213caf6ea7d09c475c09634b099a5",
|
|||
|
|
"description": "看雪论坛作者ID:Payne-Wu",
|
|||
|
|
"author": "看雪学苑",
|
|||
|
|
"category": "看雪学苑",
|
|||
|
|
"pubDate": "2024-12-30T17:59:30"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "CS免杀姿势",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNTIwNTkyNg==&mid=2247552839&idx=1&sn=c7854ed5aca05663f752275799218405",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "蚁景网络安全",
|
|||
|
|
"category": "蚁景网络安全",
|
|||
|
|
"pubDate": "2024-12-30T17:36:33"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "资产收集常用工具以及思路总结",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247569252&idx=1&sn=e54c1fa0bea69d42456678ba88583486",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "马哥网络安全",
|
|||
|
|
"category": "马哥网络安全",
|
|||
|
|
"pubDate": "2024-12-30T17:03:21"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "某小型CMS漏洞复现审计",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247488005&idx=1&sn=62d81de1aeddc3b12a7c5e00acfa04cb",
|
|||
|
|
"description": "记录一次CMS的漏洞复现过程。",
|
|||
|
|
"author": "蚁景网安",
|
|||
|
|
"category": "蚁景网安",
|
|||
|
|
"pubDate": "2024-12-30T16:30:19"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "2024年网鼎杯初赛和半决赛部分题解--PWN",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNTc1MzQyNw==&mid=2247488717&idx=1&sn=6650a89222f154da3605f27cf7fa1c21",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Undefin3d安全团队",
|
|||
|
|
"category": "Undefin3d安全团队",
|
|||
|
|
"pubDate": "2024-12-30T14:29:08"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【工具分享】SpringBootVul-GUI 半自动图形化打点工具",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247488486&idx=1&sn=8447ecb599d814fcfe6e6e317e3fa092",
|
|||
|
|
"description": "本着简单到极致的原则,开发了这么一款半自动化工具(PS:这个工具所包含多个漏洞,开发不易)",
|
|||
|
|
"author": "星悦安全",
|
|||
|
|
"category": "星悦安全",
|
|||
|
|
"pubDate": "2024-12-30T12:11:16"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "漏洞分析 | Apache SkyWalking SQL注入漏洞分析",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5Njg5ODM0OQ==&mid=2247485970&idx=1&sn=9b76a2caa9f387177dd7ead1489c5aad",
|
|||
|
|
"description": "当SkyWalking使用H2、MySQL或者TiDB作为存储方案时,攻击者可通过默认未授权的GraphQL接口构造恶意请求,从而获取敏感数据。",
|
|||
|
|
"author": "杂七杂八聊安全",
|
|||
|
|
"category": "杂七杂八聊安全",
|
|||
|
|
"pubDate": "2024-12-30T11:36:29"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "免杀基础-DLL注入详解(学不会你打我)",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDg3OTc0OA==&mid=2247489203&idx=1&sn=5d24620f587994655eff662e827dc137",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "Relay学安全",
|
|||
|
|
"category": "Relay学安全",
|
|||
|
|
"pubDate": "2024-12-30T11:35:19"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次某红蓝演练经历",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMjIxNjExNg==&mid=2247486094&idx=1&sn=e704a94ef7316948bf0aaeec785f2c29",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "沃克学安全",
|
|||
|
|
"category": "沃克学安全",
|
|||
|
|
"pubDate": "2024-12-30T11:24:51"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "【技术分享】微信小程序AppSecret秘钥利用方式",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMTY1MTIzOA==&mid=2247484459&idx=1&sn=8f70d6d283f4aa7949b14a75ac65dc85",
|
|||
|
|
"description": "AppID与AppSecret可以调用接口获取临时登录凭证(access_token),用于在开发过程中验证用户身份。通过获取到的access_token可以在微信开发平台调式工具调用接口进行调式,可以理解为接管接口提供的一系列服务。",
|
|||
|
|
"author": "剁椒Muyou鱼头",
|
|||
|
|
"category": "剁椒Muyou鱼头",
|
|||
|
|
"pubDate": "2024-12-30T10:22:15"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次某红蓝实战演练的经历",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486390&idx=1&sn=c3cde76e6b3df4698e512f60e9c0cdec",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "TtTeam",
|
|||
|
|
"category": "TtTeam",
|
|||
|
|
"pubDate": "2024-12-30T10:20:24"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次某红蓝实战演练的经历",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605966&idx=3&sn=a520a4b214874df858c7956733b8373d",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "黑白之道",
|
|||
|
|
"category": "黑白之道",
|
|||
|
|
"pubDate": "2024-12-30T10:15:16"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "APP客户端安全问题扫描工具",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605966&idx=4&sn=7001edcbe19c8e314026639aaa2f362a",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "黑白之道",
|
|||
|
|
"category": "黑白之道",
|
|||
|
|
"pubDate": "2024-12-30T10:15:16"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "急需升级,D-Link 路由器漏洞被僵尸网络广泛用于 DDoS 攻击",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTY0MjIwNg==&mid=2247485293&idx=1&sn=1138242da1a830b127c4b00f230940f8",
|
|||
|
|
"description": "Mirai 和 Keksec 僵尸网络变体正在利用 D-Link 路由器中的关键漏洞",
|
|||
|
|
"author": "星尘安全",
|
|||
|
|
"category": "星尘安全",
|
|||
|
|
"pubDate": "2024-12-30T10:00:55"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "16 款 Chrome 插件被黑,60W+用户面临数据被盗风险",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MjM5Mzc4MzUzMQ==&mid=2650260337&idx=1&sn=854e45d4bb0f235f913a467c9a9b5896",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "骨哥说事",
|
|||
|
|
"category": "骨哥说事",
|
|||
|
|
"pubDate": "2024-12-30T09:55:02"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "初探免杀与持久化",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNzI2Mzc0Ng==&mid=2247486374&idx=1&sn=ac6969783db2c7d82ff98224ed21ba0f",
|
|||
|
|
"description": "“A9 Team 甲方攻防团队,成员来自某证券、微步、青藤、长亭、安全狗等公司。",
|
|||
|
|
"author": "A9 Team",
|
|||
|
|
"category": "A9 Team",
|
|||
|
|
"pubDate": "2024-12-30T09:47:32"
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"title": "记一次某红蓝演练经历",
|
|||
|
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247518973&idx=1&sn=666b20eacb63dbb1b7b2e4f76c06feab",
|
|||
|
|
"description": null,
|
|||
|
|
"author": "亿人安全",
|
|||
|
|
"category": "亿人安全",
|
|||
|
|
"pubDate": "2024-12-30T09:45:01"
|
|||
|
|
}
|
|||
|
|
]
|