From 24cfa7a998c20365c05c6ebd2724c43c4fac71d8 Mon Sep 17 00:00:00 2001 From: MasonLiu <2857911564@qq.com> Date: Mon, 9 Dec 2024 23:52:49 +0800 Subject: [PATCH] update logfile to loguru --- Core.py | 25 +- GotoSend/M_4hou.py | 1 - .../__pycache__/M_4hou.cpython-312.pyc | Bin 5501 -> 5503 bytes .../__pycache__/anquanke.cpython-312.pyc | Bin 5362 -> 5362 bytes .../__pycache__/doonsec.cpython-312.pyc | Bin 5609 -> 5609 bytes .../__pycache__/freebuf.cpython-312.pyc | Bin 5525 -> 5525 bytes .../__pycache__/qianxin.cpython-312.pyc | Bin 5275 -> 5275 bytes GotoSend/__pycache__/seebug.cpython-312.pyc | Bin 0 -> 5464 bytes .../__pycache__/xianzhi.cpython-312.pyc | Bin 5244 -> 5244 bytes GotoSend/anquanke.py | 2 +- GotoSend/doonsec.py | 2 +- GotoSend/freebuf.py | 1 - GotoSend/qianxin.py | 1 - GotoSend/xianzhi.py | 1 - JSON/4hou.json | 14 +- JSON/anquanke.json | 160 +-- JSON/doonsec.json | 1136 ++++++++--------- JSON/freebuf.json | 160 +-- JSON/qianxin.json | 28 +- JSON/seebug.json | 16 +- JSON/xianzhi.json | 580 ++++----- README.md | 3 +- __pycache__/GotoSend_seebug.cpython-312.pyc | Bin 5509 -> 0 bytes __pycache__/SendBot.cpython-312.pyc | Bin 3700 -> 0 bytes db/4hou.db | Bin 229376 -> 229376 bytes db/anquanke.db | Bin 12288 -> 12288 bytes db/doonsec.db | Bin 69632 -> 69632 bytes db/freebuf.db | Bin 20480 -> 20480 bytes db/qianxin.db | Bin 12288 -> 12288 bytes db/seebug.db | Bin 20480 -> 20480 bytes db/xianzhi.db | Bin 24576 -> 24576 bytes media/common.py | 24 +- media/freebuf.py | 24 +- media/xianzhi.py | 24 +- requirements.txt | 3 +- 35 files changed, 1089 insertions(+), 1116 deletions(-) rename __pycache__/GotoSend_4hou.cpython-312.pyc => GotoSend/__pycache__/M_4hou.cpython-312.pyc (94%) rename __pycache__/GotoSend_anquanke.cpython-312.pyc => GotoSend/__pycache__/anquanke.cpython-312.pyc (94%) rename __pycache__/GotoSend_doonsec.cpython-312.pyc => GotoSend/__pycache__/doonsec.cpython-312.pyc (94%) rename __pycache__/GotoSend_freebuf.cpython-312.pyc => GotoSend/__pycache__/freebuf.cpython-312.pyc (95%) rename __pycache__/GotoSend_qianxin.cpython-312.pyc => GotoSend/__pycache__/qianxin.cpython-312.pyc (94%) create mode 100644 GotoSend/__pycache__/seebug.cpython-312.pyc rename __pycache__/GotoSend_xianzhi.cpython-312.pyc => GotoSend/__pycache__/xianzhi.cpython-312.pyc (95%) delete mode 100644 __pycache__/GotoSend_seebug.cpython-312.pyc delete mode 100644 __pycache__/SendBot.cpython-312.pyc diff --git a/Core.py b/Core.py index 93510fc..c6b5ca2 100644 --- a/Core.py +++ b/Core.py @@ -21,23 +21,16 @@ from GotoSend.xianzhi import Src_xianzhi from GotoSend.freebuf import Src_freebuf from GotoSend.qianxin import Src_qianxin from GotoSend.seebug import Src_seebug -import logging - -# 设置日志记录 -logger = logging.getLogger() -logger.setLevel(logging.INFO) -logger.handlers.clear() # 清除已有的处理器 - -file_handler = logging.FileHandler('./log/spider.log', mode='a', encoding='utf-8') -file_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')) - -console_handler = logging.StreamHandler() -console_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')) - -logger.addHandler(file_handler) -logger.addHandler(console_handler) -logger.propagate = False # 禁用日志传递 +from loguru import logger +logger.add("./log/spider.log", + format="{time:YYYY-MM-DD HH:mm:ss} - {level} - {name}:{function}:{line} - {message}", + rotation="10 MB", + compression="zip", + encoding="utf-8") +# shell终端打印日志 +# logger.add(lambda msg: print(msg), +# format="{time:YYYY-MM-DD HH:mm:ss} - {level} - {name}:{function}:{line} - {message}") # 加载参数 with open('./config.yaml', 'r', encoding="utf-8") as file: diff --git a/GotoSend/M_4hou.py b/GotoSend/M_4hou.py index c3cf3df..21afd1d 100644 --- a/GotoSend/M_4hou.py +++ b/GotoSend/M_4hou.py @@ -4,7 +4,6 @@ import json import sqlite3 import os from datetime import datetime, timedelta -from SendBot import SendToFeishu def create_database(): conn = sqlite3.connect('./db/4hou.db') diff --git a/__pycache__/GotoSend_4hou.cpython-312.pyc b/GotoSend/__pycache__/M_4hou.cpython-312.pyc similarity index 94% rename from __pycache__/GotoSend_4hou.cpython-312.pyc rename to GotoSend/__pycache__/M_4hou.cpython-312.pyc index e2ee8985eda1155fa54a4392b3cc79a566b3fb4f..ae5b4d22af8508fb2746d8050054b46246ea644d 100644 GIT binary patch delta 74 zcmeyX^)G6;&vs3Czh~Aw}odTMST$?uw*s}ltd9xDp delta 66 zcmeyQ`AL)eG%qg~0}$|S3);vnz|816S%z7jF@CcRvjwjx=d-y>pY59Pe$T9z%s@4z TAeEexI|VcuIX7<>ux9}Pf4>t8 diff --git a/__pycache__/GotoSend_doonsec.cpython-312.pyc b/GotoSend/__pycache__/doonsec.cpython-312.pyc similarity index 94% rename from __pycache__/GotoSend_doonsec.cpython-312.pyc rename to GotoSend/__pycache__/doonsec.cpython-312.pyc index d14bc49dedd8b0f55d189a924db3ea344896dde3..9d68c66c467dce58e3b17a671869946768610961 100644 GIT binary patch delta 46 zcmaE<{ZgCzG%qg~0}yC5hiv5j#l)C8nT=VVF=n$GvmzfO*JKYtOGd8EO@iqx03gu| APXGV_ delta 46 zcmaE<{ZgCzG%qg~0}x1T3);y2i;2;7G8?lzWBg_{W<@?m&dDBvmW-U6n*`HY03qrN AQ2+n{ diff --git a/__pycache__/GotoSend_freebuf.cpython-312.pyc b/GotoSend/__pycache__/freebuf.cpython-312.pyc similarity index 95% rename from __pycache__/GotoSend_freebuf.cpython-312.pyc rename to GotoSend/__pycache__/freebuf.cpython-312.pyc index db2f63b7712ee11dad1c445d730113db3773e7e4..ac38a66da43c09ce2235e91122ceda79b3cf7fac 100644 GIT binary patch delta 46 zcmbQLJyo0gG%qg~0}$vphiv5j!^D_6nS)uLF=n#{vj`s}*JN8kO-8QG>4JJJ00Jor AH~;_u delta 46 zcmbQLJyo0gG%qg~0}v=}3);y2hl$a3G6%CfWBg_fW)VI{&dIidnv9&A(*^Zd00X58 AJpcdz diff --git a/__pycache__/GotoSend_qianxin.cpython-312.pyc b/GotoSend/__pycache__/qianxin.cpython-312.pyc similarity index 94% rename from __pycache__/GotoSend_qianxin.cpython-312.pyc rename to GotoSend/__pycache__/qianxin.cpython-312.pyc index 6dd28eb49beed55cd4ed9545d33be210c782972c..b755086e30510c5f3812026c0e8692545b1cbfcc 100644 GIT binary patch delta 46 zcmbQOIa`zaG%qg~0}$vnhiv5j#l)C8nT=VVF=n$G^CKQcuF0GNnv7hVjRi7T01R>p A)c^nh delta 46 zcmbQOIa`zaG%qg~0}$wJ3);y2i;2;7G8?lzWBg_{=0`k?oRc{PG#NQJ8w+Hx000kJ B3grL* diff --git a/GotoSend/__pycache__/seebug.cpython-312.pyc b/GotoSend/__pycache__/seebug.cpython-312.pyc new file mode 100644 index 0000000000000000000000000000000000000000..85328aab22c950d05be760a72d3fb7f5819908c7 GIT binary patch literal 5464 zcmdT|T~Hg>6}~I&N-GITmiV_Dd*g-}5q^?1t|@78FbD%NatiVf*r`U=E?8J-@$RZI zL^QI;9YakDo~8viNuy4h29J}POgj#7m?SfO>9jARB4cIanPw({%~J?=Co_KPxw~2k zgGGwG&v8d9`gG&=RcMSO7O_MKb*fLI zlTiA)P8~dTA$_mDQ{PK=l7u=>bsAXxS=4D{NvLU-g4)CypfSy{_vLS4Dj&e_?V6T4u>1T&jByEa3hegcoM*6fJVw`KeNL_guOFJV<4 zmrkZxzr;zwUQRaQn&m>0KcKFo*7)n<&+RFw#*viX1VTMJRbX|^652w8D2jTh)pKh5 za(ZZxh!Q=<_4BMw(?DPiru7n<24&u|(R@F0={p+yzag3Hs+bO=GMBl4(4fh z2UB;zyT923s#@J1Z+S*q3Q8f4@wyMM8Vd!(C)NxF;Ly8yp?}RV%ZULY*e3<~@S2&v z$gu`^hiQPFdz)L`%7U&-2H7Z{3)`uH|&gPxsvhB`A=wGU#9%P%N+sM*jl~ z#1^)Z1?r-x0X=&dp+UW5z^mfYL#xl#bmV5=d#tP9QroOPBSA%V zJwPUF3rm773hRQWA^kL_pS1F%x~R)(v=L~elSJ^%@TspUtB^tTvs2);ux4%LR>aOAHbn(8Ko zsQH2|<0mehxL&YpwqVyZH65I-Zb}w34_Q*h4_z;=m@TeIRMsVn_YB!Sqiv(MVcRm& z7v(G)kUei~?{Ij6i#J~EojfpAGh0#n5%p2;>{H&vK{jFK{%O>kx`|~AUS`?39(#fl zHhB;GV_YlP(}Dc~_Moel`?3H1(3bTGqD9K^eU|0V5K@NYS%THGcza^umB}w=Ms8hsck%Vu;%jf*oIJm9ZFF(s%EH+1Z+$p+>$f9| zZ@<1UJ^jVZX_*iP0JvQh)hK-4d})Ts!A8*GYd1LOD|o#b>+%xz1YX` z;mW>#RrSKm8CB^L_9UQ>5&_qePyjs{3HaIsd=^3;u8N=n@auxCB5>bntE}Tine6jR z$7KU|Dkw^#>}U*zI1ev1@{us>76kCRB;Ut{WfGqPP#5oKWphvjLXiC70Efv;lw|Wk ze<;GK@+K}E0U`owlJ(sjcyE6nC}1%ab%AnWD{M_ROT6R{DTE?Z!7$66l1Xs-y}~w_ zUB^Fm(Bo5Y!-w}FJPA?|MHjux(3h4T8YnL>HKo6o#w)A4eBiw!2?Uq50xLeN><2xF~un6aNkX_hOb&aC_g#0@x+PaqunD zg(WpSN2!hHyL1{qKrF4>D54lNK*W*ZOKqjq5k=I{j$D))Q((9q=OGFmXvui|cK1Ga zy_YFt8r$}_X2OTe^r0qqn_G($m_2UqA-CJZ>}Kjb4a{yuO2DMN&fyFA>STSGe@-Bw zr8@Kn@EG02NrB`3P)K#{MgXl3Zz}8Dg<33UR*1o;q(DGAtlBaPoEQm7qKM5y@$H&- zw~Jf|!fcq^ep+;%@53)A4qI{ENOmxs_FU@?%5~YiN=oP6P*dukvm2`^(?V$M)v$s zewa_%w#D|Qxk@6}HAj}=L%lakQ4bdT7OiA>r!KMN3$;o|&a zC!kmdafB|aWA)hOyo?~?*QpWz%ji{d0I-d-Vb%bnO56_;G_*}=Y4fX;CIh3E%&1Nq zWpmWl$S#~201mAl0rPzXM^-oAd4J(I=f9Zw^%B1J2oC7X;7V^^j>DMnuqL+jiw_om z{stDqXBWZol6ijmXY(`h#qq04vB{ zsjdre3DBj+&H31Gfzy*X0Yd8xzMcV@AHheALKQ5o!C)5oj-l@y`pLJN81xl_blyJB@RqHcH!_? z%fzvO3}s! z2`S?rqM2V{;O&feSQRIO9ST+{lRZW={sw!ZcGRzf-%J#cHM&ef8LT5bf~#^|;kOhB zDItZD+bHxW;5%}W!c*{&t*u({fpaO@vHnKuK}^I(1XrKFdvm)GNWUg{Vdgj%>3|Aj zbXB-gHfMQco-UlDi-Aq4O=nx-k^fLKuOx^GyLssv4ou(ub`+l_Ta=u&Qb}2b z&3ITj=k2(KX-Yj}%v{PjE9ZkZ9`^TgKA!?8@KiF@Cj#;%YNduu|V!Z literal 0 HcmV?d00001 diff --git a/__pycache__/GotoSend_xianzhi.cpython-312.pyc b/GotoSend/__pycache__/xianzhi.cpython-312.pyc similarity index 95% rename from __pycache__/GotoSend_xianzhi.cpython-312.pyc rename to GotoSend/__pycache__/xianzhi.cpython-312.pyc index 2a9f9ab3bb2d778af26c4658f050b0e59a5fe11c..0577da1b740b8cdfd658a3cfd4f5bd4dd30c3be9 100644 GIT binary patch delta 40 ucmeyP@kfLEG%qg~0}yC7hiv3N%fy&E`6iP*W6b8COyRtYT$=+0v{?ZAB@2E4 delta 40 vcmeyP@kfLEG%qg~0}xnk3);wimWk1I@=Ydr#`w)YnZkJ)IX4FiXtMwS|E&w6 diff --git a/GotoSend/anquanke.py b/GotoSend/anquanke.py index dc00ae5..190ccac 100644 --- a/GotoSend/anquanke.py +++ b/GotoSend/anquanke.py @@ -4,7 +4,7 @@ import json import sqlite3 import os from datetime import datetime, timedelta -from SendBot import SendToFeishu + def create_database(): conn = sqlite3.connect('./db/anquanke.db') diff --git a/GotoSend/doonsec.py b/GotoSend/doonsec.py index c2bca3f..26bb49b 100644 --- a/GotoSend/doonsec.py +++ b/GotoSend/doonsec.py @@ -4,7 +4,7 @@ import json import sqlite3 import os from datetime import datetime, timedelta -from SendBot import SendToFeishu + def create_database(): conn = sqlite3.connect('./db/doonsec.db') diff --git a/GotoSend/freebuf.py b/GotoSend/freebuf.py index cb0af25..bac6590 100644 --- a/GotoSend/freebuf.py +++ b/GotoSend/freebuf.py @@ -4,7 +4,6 @@ import json import sqlite3 import os from datetime import datetime, timedelta -from SendBot import SendToFeishu def create_database(): conn = sqlite3.connect('./db/freebuf.db') diff --git a/GotoSend/qianxin.py b/GotoSend/qianxin.py index 6c60d87..f927917 100644 --- a/GotoSend/qianxin.py +++ b/GotoSend/qianxin.py @@ -4,7 +4,6 @@ import json import sqlite3 import os from datetime import datetime, timedelta -from SendBot import SendToFeishu def create_database(): conn = sqlite3.connect('./db/qianxin.db') diff --git a/GotoSend/xianzhi.py b/GotoSend/xianzhi.py index a02346e..12b4f18 100644 --- a/GotoSend/xianzhi.py +++ b/GotoSend/xianzhi.py @@ -4,7 +4,6 @@ import json import sqlite3 import os from datetime import datetime, timedelta -from SendBot import SendToFeishu def create_database(): conn = sqlite3.connect('./db/xianzhi.db') diff --git a/JSON/4hou.json b/JSON/4hou.json index 36d8e4f..a717b1d 100644 --- a/JSON/4hou.json +++ b/JSON/4hou.json @@ -1,4 +1,11 @@ [ + { + "title": "黑客利用 ProjectSend 漏洞对暴露的服务器进行后门处理", + "link": "https://www.4hou.com/posts/pnBX", + "description": "

恶意分子正在利用 ProjectSend 中的一个关键身份验证绕过漏洞的公共漏洞来上传 Webshell 并获得对服务器的远程访问。

该漏洞被追踪为 CVE-2024-11680,是一个严重的身份验证错误,影响 r1720 之前的 ProjectSend 版本,允许攻击者向“options.php”发送特制的 HTTP 请求以更改应用程序的配置。

成功利用该漏洞可以创建流氓帐户、植入 Webshell 以及嵌入恶意 JavaScript 代码。

尽管该漏洞已于 2023 年 5 月 16 日得到修复,但直到近期才为其分配了 CVE,导致用户没有意识到其严重性以及应用安全更新的紧迫性。

根据已检测到活跃利用的 VulnCheck 的说法,到目前为止,修补速度非常糟糕,99% 的 ProjectSend 实例仍在运行易受攻击的版本。

数千个实例被曝光

ProjectSend 是一款开源文件共享 Web 应用程序,旨在促进服务器管理员和客户端之间安全、私密的文件传输。它是一款颇受欢迎的应用程序,被那些更喜欢自托管解决方案而不是 Google Drive 和 Dropbox 等第三方服务的组织所使用。

VulnCheck 表示,在线大约有 4,000 个面向公众的 ProjectSend 实例,其中大多数都容易受到攻击。具体来说,根据 Shodan 数据,55% 的暴露实例运行 2022 年 10 月发布的 r1605,44% 使用 2023 年 4 月的未命名版本,只有 1% 运行修补版本 r1750。 

VulnCheck 报告称,发现 CVE-2024-11680 的主动利用不仅限于测试,还包括更改系统设置以允许用户注册、获得未经授权的访问以及部署 Webshell 以保持对受感染服务器的控制。

\"registration.webp.png\"/

启用新用户注册

自 2024 年 9 月 Metasploit 和 Nuclei 发布 CVE-2024-11680 的公共漏洞以来,此活动有所增加。

报告中写道:“VulnCheck 注意到面向公众的 ProjectSend 服务器已开始将其登陆页面标题更改为长的、随机的字符串。这些又长又随机的名称符合 Nuclei 和 Metasploit 实施漏洞测试逻辑的方式。”

这两种漏洞利用工具都会修改受害者的配置文件,以使用随机值更改站点名称(以及 HTTP 标题)。GreyNoise 列出了与此活动相关的 121 个 IP,表明存在广泛的尝试,而不是孤立的来源。

\"shodan-victims(1).jpg\"/

Shodan 上出现的攻击受害者

VulnCheck 警告称,Webshell 存储在“upload/files”目录中,名称由 POSIX 时间戳、用户名的 SHA1 哈希值以及原始文件名/扩展名生成。

通过 Web 服务器直接访问这些文件表明存在积极的利用行为。基于攻击可能已经很普遍存在,研究人员建议用户尽快升级到 ProjectSend r1750 版本。

", + "pubDate": "Mon, 09 Dec 2024 12:00:00 +0800", + "author": "胡金鱼" + }, { "title": "警方查获Matrix 加密聊天服务", "link": "https://www.4hou.com/posts/om8k", @@ -131,12 +138,5 @@ "description": "

 

数据要素政策密集落地,我国公共数据资源开发利用将提速。近日,中共中央办公厅、国务院办公厅印发的《关于加快公共数据资源开发利用的意见》(以下简称《意见》)10月9日正式对外发布,其中提出到2025年,公共数据资源开发利用制度规则初步建立,培育一批数据要素型企业。

 

与此同时,《国家数据标准体系建设指南》《公共数据资源授权运营实施规范(试行)》等多个数据要素相关文件也于近期密集发布。当数据成为与土地、劳动力、资本、技术相提并论的第五大生产要素,将形成巨大市场空间。

 

那么数据要素企业如何看待相关政策对行业或公司带来的影响?财联社记者近日专访盛邦安全(688651.SH)副总裁、董秘袁先登。

 

以下为访谈实录:

 

财联社:《意见》提出在市场需求大、数据资源多的行业和领域,拓展应用场景,鼓励经营主体利用公共数据资源开发产品、提供服务。在场景应用方面我们有哪些做的比较好的案例可以分享吗?

 

袁先登:首先,在数据资源方向,安全行业需要数据库和引擎来支撑其工作。当识别一个资产是否有漏洞时,要将其与背后的漏洞库做对比,分析是否与漏洞库特征相一致,以此来判断该资产是否有漏洞。比如在做安全防护时,可以通过与防护规则库作对比来判断是否是攻击行为。

 

在这方面,我们有漏洞库、防护规则库、网络资产特征库、网络资产数据库。举例来说,网络资产特征库可以通过分析设备的突出特征及与网络资产特征库的对比来识别设备。这四个库就是我们的数据资源,目前盛邦的一部分收入来源于数据类产品与服务,我们每年都会收取产品订阅升级费用,用户缴费后,就可享受最新升级的数据库,这是目前数据变现的一个案例。

 

其次,盛邦安全帮助客户建立数据资产体系从而让它产生价值。比如我们有IP威胁管控设备,IP行为记录就是数据要素,我们的设备可以帮助客户连接到数据要素,让他们实时得到所有IP过往行为的记录,以此来及时识别有潜在威胁的IP。

 

在使用数据要素时,从收集到整理,会发现一个IP可能有多个来源,迭加判断IP性质时,可能会产生冲突。针对该情况我们有多元异构数据融合平台,可以把不同渠道的各种数据加以整合,当有矛盾发生时,盛邦安全可以通过算法得到正确的数据判断供用户参考。

 

除此之外,我们有网络空间地图,它融合了网络资产特征库、网络资产数据库的数据,客户通过使用网络空间地图获得库中的数据,对自身资产进行分析。

 

财联社:盛邦安全在数据要素市场中的角色定位是怎样的?

 

袁先登:我也注意到近日国家发改委、国家数据局等部门印发的《国家数据标准体系建设指南》,《指南》将整个数据标准体系分为七个模块。盛邦安全在数据要素市场的探索目前有两个方面。首先,我们是网络资产数据资源的提供者,网络资产就是互联网的各种设备、网站等。我们的产品可以探测到这些资产的数据,并进行加工处理,产生数据要素,最后提供给社会。

 

第二,盛邦安全可以为其中的数据资源、数据技术、融合应用和安全保障方面提供产品和解决方案。比如数据技术方面涉及到的汇聚技术,我们的网络空间资产探测产品可以对数据进行收集,数据处理技术可以通过多元异构数据融合平台对数据进行处理。

 

总的来看,在数据资源方面,我们致力于为社会提供网络资产、数据资源,同时在数据技术、数据应用和数据安全方面为各行业客户提供产品和解决方案。

 

财联社:如何看待《意见》发布对公司带来的机会?

 

袁先登:首先将对我们带来机遇,在整个数据设施中,一种是基础设施,比如网线、服务器,这些基础设施在交换的过程中就会用到我们的产品。此外,数据量越来越大,随之而来对数据安全的要求也越来越高,对安全产品、安全服务的需求也会增大。

 

但毕竟数据是近几年的新兴概念,与普通的实体产品相比,大家对数据的质量、准确率与应用了解并不多,所以还需在应用层面多做一些与应用场景结合的分析,将应用场景更直接地显现出来。

 

财联社:从顶层设计来看,推动数据要素市场化已经是大势所趋,目前公众对公共数据开放的授权运营模式比较关注,你认为在实践中具体应如何推进?

 

袁先登:首先,凡是数据一定会有数据库,那么数据库平台的安全是就是最核心的问题。其次,在使用端,有本地化使用和远程接入使用两种方式。本地化使用针对大客户,他们对自身安全要求较高。其余可以选择远程接入的方式,数据存储在某个集中的地方,管控成本会减小。

 

采用远程接入方式,也有两个需要关注的方面——接入环节和认证环节的安全问题,这两个环节虽然研究了很多年,但之前侧重在攻防方面,现在涉及到数据方面,很多技术还有待升级。

 

财联社:除了以上几点问题,你认为还有哪些需要我们注意的地方?

 

袁先登:盛邦是新一代网络网络安全公司,目前市场上做数据要素业务的安全公司还是比较少的。传统安全公司可能比较侧重于安全防护与安全检测相关业务。与其不同,盛邦的愿景是做网络空间资产治理的领航者,从成立起的定位就在网络资产治理,致力于让网络空间更有序。

 

在我们的概念里,安全是一个最基本的要求,一个企业的所有网络资产除了要求安全之外,还要求合理、科学、平衡,能够易于管控和高效运行。首先就要识别资产的状态,在这个过程中我们积累了大量的网络资产特征库、网络资产数据库,也有机会参与数据要素相关业务。

 

在全部业务中,传统、通用的安全产品占比较小,盛邦比较侧重于做新型场景化的产品,围绕某类特定的客户、行业的特定需求做定制产品。在这个过程中可以接触到客户的业务,进而接触到数据接入、数据认证。加之网络空间地图产品的开发,使数据要素的功能和资源整合在一起,形成可以为国家应急管控、城市治理、交通运输、金融服务、科技创新等提供数据应用的大平台。

 

财联社:针对数据业务相关,盛邦接下来是怎样的业务布局?

 

袁先登:首先我们要识别与数据要素相关的客户,把客户在数据要素使用方面的产品技术集中推广,让客户知道我们的产品在数据要素方面起的作用,助力客户在数据要素方面处于领先状态。我们后续会投入更多研发资源到数据技术方向,研发更多的产品。

 

同时,为了护航数字经济发展,维护新兴产业安全,盛邦安全在近十几年来一直在专注做四件事。第一件事为对数字经济新产物的安全进行评估和检测;第二件事为形成联防联控的防御贡献力量;第三件事为构建用于实现对虚拟数字空间管理管控的网络空间;第四件事为持续完善例如卫星互联网等新兴产业的业务布局。

 

原文链接

", "pubDate": "Thu, 28 Nov 2024 13:31:39 +0800", "author": "盛邦安全" - }, - { - "title": "盛邦安全推出面向短信业务平台的API安全治理方案", - "link": "https://www.4hou.com/posts/OGJG", - "description": "

近日,一则安全事件刷爆了朋友圈:10月12日,多名网友反映收到了来自“某省教育厅”的短信,短信内容中带有黄色网站非法链接。经查,这些短信并非某省教育厅发送,而是不法分子入侵了短信平台后,以教育厅的名义发送的。该事件引发了广泛的社会关注和担忧。

 

✦ 事件分析

 

短信平台群发短信通常需要和短信服务平台公司合作通过API接口实现。短信平台API接口是一种用于实现短信发送和接收功能的编程接口,它允许合作的短信服务平台公司将自己的应用程序与短信平台的功能进行集成,可以方便地调用短信平台提供的各种功能,如短信发送、状态查询等。

 

在某省教育厅短信平台被入侵事件中,暴露了短信平台在安全防护机制、身份认证和监控预警等存在缺陷。不法分子可能通过API接口发送了包含非法链接的短信,包含但不限于通过弱口令、身份认证信息的窃取或伪造、系统漏洞的利用、失效的API接口验证以及不当的权限管理等来实现诈骗和信息传播,试图诱骗用户点击并泄露个人信息。可见,加强API接口的安全防护刻不容缓。

 

✦ 防护建议

 

针对此类事件,盛邦安全推出面向短信业务平台的API安全治理方案结合API安全当前面临的典型问题,覆盖API学习、API画像、攻击防护、权限保护、API审计和应急响应等各个阶段,以业务风险识别与防护控制为核心目标,通过对业务流量的识别分析来梳理API接口,在此基础上通过数据建模、行为建模和算法分析等技术,实现API接口识别与梳理、数据调用识别与保护、接口访问安全控制及审计等安全能力,从而实现面向API接口全生命周期的安全监测与治理。

 

 

✦ 五大核心能力

 

主被动结合的API学习引擎

方案采用主动学习与被动流量分析相结合的API学习引擎,可以全面梳理业务中存在的API资产,并结合流量特征进行语义提取,识别API状态、用途等属性,从而实现标签化的画像管理。

 

启发式攻击检测与防护引擎

采用特征检测、语义分析与AI学习三合一的启发式检测引擎,通过对已知的攻击规则与行为特征简化判断逻辑,并对引擎持续训练,提升针对未知风险的发现能力,从而对API相关的注入攻击、命令攻击、异常访问和非法内容进行防护处置。

 

基于人机识别的API访问控制

基于流量变化和行为特点等角度进行建模分析,梳理API访问的基线并进行动态跟踪,对未授权访问、未知请求、非法调用和异常高频请求等行为进行识别判断,并利用反向校验、访问限制和白名单等方式进行访问控制。

 

面向业务的API数据调用管控

采用全面的检查点和丰富的数据处理模型,结合业务特点,对组织敏感数据、个人隐私信息、业务关键信息和系统账户口令等进行精准识别、统计和分类梳理,并结合擦除、替换和访问限制等手段来达到脱敏保护等目的。

 

面向API生命周期的态势监控

基于时间、空间、业务属性和数据类型等多种维度对API资产进行监控,对API上线状态、运行状况、调用可靠性、数据合法性以及威胁态势进行综合研判,实现API资产的细粒度审计和可视化分析。

 

✦ 方案价值

 

防止未经授权的访问

 

通过加强API安全防护,可以确保只有授权用户才能访问API,防止未经授权的访问和数据泄露。

 

监控和审计API行为

 

建立回溯审计和监控措施,对业务、短信服务、短信网关三个环节发送的短信回执进行校验,对数量、频率、内容的异常情况进行阈值预警和阻断,防止被攻击者非法调用。

 

保护敏感数据

 

对发送内容进行审查过滤,对敏感数据的流转进行监控和过滤,避免非法信息传播,防止敏感数据的泄露。

 

随着教育数字化转型的加速,网络和数据安全威胁日益严峻。此次事件再次凸显了API安全防护的重要性。各单位应高度重视API安全问题,采取有效措施加强防护与管理,确保短信平台的安全性和可靠性。同时,个人也应提升安全意识,有效识别并过滤恶意信息,保护自身合法权益。让我们共同维护网络空间的安全和有序,助力教育数字化转型健康发展。


原文链接

", - "pubDate": "Thu, 28 Nov 2024 13:30:48 +0800", - "author": "盛邦安全" } ] \ No newline at end of file diff --git a/JSON/anquanke.json b/JSON/anquanke.json index 88f62f4..ec0bb41 100644 --- a/JSON/anquanke.json +++ b/JSON/anquanke.json @@ -1,4 +1,84 @@ [ + { + "guid": "https://www.anquanke.com/post/id/302547", + "title": "年关将至,这些单位用360安全大模型交上安全运营高分成绩单", + "author": " 安全客", + "description": null, + "source": "微信", + "pubDate": "2024-12-09 15:00:35" + }, + { + "guid": "https://www.anquanke.com/post/id/302544", + "title": "需要采取紧急行动:ABB ASPECT 漏洞使建筑物面临网络攻击", + "author": " 安全客", + "description": null, + "source": "securityonline", + "pubDate": "2024-12-09 14:47:06" + }, + { + "guid": "https://www.anquanke.com/post/id/302541", + "title": "CVE-2024-55563: 交易中继干扰漏洞对比特币闪电网络构成威胁", + "author": " 安全客", + "description": null, + "source": "securityonline", + "pubDate": "2024-12-09 14:29:27" + }, + { + "guid": "https://www.anquanke.com/post/id/302538", + "title": "罗马尼亚选举系统在总统投票前遭受 8.5 万次攻击", + "author": " 安全客", + "description": null, + "source": "securityaffairs", + "pubDate": "2024-12-09 14:18:58" + }, + { + "guid": "https://www.anquanke.com/post/id/302535", + "title": "CVE-2024-12209 (CVSS 9.8): WP Umbrella 插件漏洞导致 30,000 个网站遭入侵", + "author": " 安全客", + "description": null, + "source": "securityonline", + "pubDate": "2024-12-09 11:26:20" + }, + { + "guid": "https://www.anquanke.com/post/id/302532", + "title": "卡达诺基金会 X 账户遭黑客攻击,发布诈骗链接后又被删除", + "author": " 安全客", + "description": null, + "source": "Cointelegraph.com News", + "pubDate": "2024-12-09 11:14:36" + }, + { + "guid": "https://www.anquanke.com/post/id/302529", + "title": "艺术家损失 13.5 万美元后,布鲁克林检察官关闭了 40 个 NFT 诈骗网站", + "author": " 安全客", + "description": null, + "source": "Cointelegraph.com News", + "pubDate": "2024-12-09 11:07:23" + }, + { + "guid": "https://www.anquanke.com/post/id/302526", + "title": "DDoSecrets 推出大型 “泄密资料库 ”搜索引擎,收录数百万份泄密文件", + "author": " 安全客", + "description": null, + "source": "securityonline", + "pubDate": "2024-12-09 10:52:57" + }, + { + "guid": "https://www.anquanke.com/post/id/302523", + "title": "Ultralytics 人工智能库遭受供应链攻击: 6000 万次下载遭到破坏", + "author": " 安全客", + "description": null, + "source": "securityonline", + "pubDate": "2024-12-09 10:44:46" + }, + { + "guid": "https://www.anquanke.com/post/id/302520", + "title": "谷歌在 2024 年 12 月的 Pixel 安全更新中修复了严重的 RCE 漏洞", + "author": " 安全客", + "description": null, + "source": "securityonline", + "pubDate": "2024-12-09 10:38:22" + }, { "guid": "https://www.anquanke.com/post/id/302508", "title": "开放银行中的 API 安全:平衡创新与风险管理", @@ -78,85 +158,5 @@ "description": null, "source": "securityonline", "pubDate": "2024-12-05 16:06:53" - }, - { - "guid": "https://www.anquanke.com/post/id/302485", - "title": "最高级!360获评NVDB通用网络产品安全漏洞专业库“三星级技术支撑单位”称号", - "author": " 安全客", - "description": null, - "source": "微信", - "pubDate": "2024-12-05 15:51:37" - }, - { - "guid": "https://www.anquanke.com/post/id/302482", - "title": "Crypto.com 与 HackerOne 一起推出 200 万美元的漏洞赏金计划", - "author": " 安全客", - "description": null, - "source": "securityonline", - "pubDate": "2024-12-05 15:44:08" - }, - { - "guid": "https://www.anquanke.com/post/id/302479", - "title": "FSB 黑客攻破巴基斯坦的 APT 风暴-0156", - "author": " 安全客", - "description": null, - "source": "darkreading", - "pubDate": "2024-12-05 15:31:48" - }, - { - "guid": "https://www.anquanke.com/post/id/302476", - "title": "Veeam 解决了关键的服务提供商控制台 (VSPC) 错误", - "author": " 安全客", - "description": null, - "source": "securityaffairs", - "pubDate": "2024-12-05 15:20:49" - }, - { - "guid": "https://www.anquanke.com/post/id/302473", - "title": "软件供应链攻击导致 Solana 的 web3.js 库在 npm 注册表上出现恶意版本", - "author": " 安全客", - "description": null, - "source": "helpnetsecurity", - "pubDate": "2024-12-05 15:11:15" - }, - { - "guid": "https://www.anquanke.com/post/id/302468", - "title": "CVE-2024-51378 (CVSS 10):CISA 警告称,严重 Cyber Panel 缺陷受到主动攻击", - "author": " 安全客", - "description": null, - "source": "securityonline", - "pubDate": "2024-12-05 15:03:45" - }, - { - "guid": "https://www.anquanke.com/post/id/302462", - "title": "CVE-2024-10905 (CVSS 10): SailPoint IdentityIQ 中的严重漏洞会暴露敏感数据", - "author": " 安全客", - "description": null, - "source": "securityonline", - "pubDate": "2024-12-05 14:37:48" - }, - { - "guid": "https://www.anquanke.com/post/id/302456", - "title": "当心 Celestial Stealer:新的 MaaS 针对浏览器和加密钱包", - "author": " 安全客", - "description": null, - "source": "securityonline", - "pubDate": "2024-12-05 11:24:53" - }, - { - "guid": "https://www.anquanke.com/post/id/302453", - "title": "Akira v2 出现: 基于 Rust 的勒索软件提高了风险", - "author": " 安全客", - "description": null, - "source": "securityonline", - "pubDate": "2024-12-05 11:12:32" - }, - { - "guid": "https://www.anquanke.com/post/id/302450", - "title": "新的 Andromeda/Gamarue 命令和控制集群以亚太地区为目标", - "author": " 安全客", - "description": null, - "source": "securityonline", - "pubDate": "2024-12-05 11:02:51" } ] \ No newline at end of file diff --git a/JSON/doonsec.json b/JSON/doonsec.json index 4646431..7aa3c17 100644 --- a/JSON/doonsec.json +++ b/JSON/doonsec.json @@ -1,4 +1,556 @@ [ + { + "title": "Zabbix SQL 注入漏洞(CVE-2024-42327)", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NzM4NzI1MA==&mid=2247486212&idx=1&sn=a25394ea5d523773aa1771aebc8872fc", + "description": null, + "author": "天启实验室", + "category": "天启实验室", + "pubDate": "2024-12-09T20:52:21" + }, + { + "title": "SRC挖掘-验证码攻防问题总结分享", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247518596&idx=1&sn=b8f5c4c7744bd9a24cbfd7b6dc8362d9", + "description": null, + "author": "亿人安全", + "category": "亿人安全", + "pubDate": "2024-12-09T19:31:15" + }, + { + "title": "最强大的Android间谍软件曝光,可提取信息、密码和执行shell命令", + "link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094241&idx=2&sn=ffebda2bff5fc391363ae248eb8be9d4", + "description": null, + "author": "网安百色", + "category": "网安百色", + "pubDate": "2024-12-09T19:30:23" + }, + { + "title": "SQL注入学习记录", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NzM4OTQ5NQ==&mid=2247484954&idx=1&sn=362865deeff0f3a6b60f8406f9b71269", + "description": null, + "author": "小杨学安全", + "category": "小杨学安全", + "pubDate": "2024-12-09T19:28:19" + }, + { + "title": "安全卫士 | 魔方安全漏洞周报", + "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzA5NDc0MA==&mid=2649291910&idx=1&sn=cce3441e3c4e73b5d7381cac3619dd88", + "description": "成事在微,筑防于先。魔方安全提醒您:注意企业网络空间资产安全!", + "author": "魔方安全", + "category": "魔方安全", + "pubDate": "2024-12-09T18:31:10" + }, + { + "title": "钓鱼网页散播银狐木马,远控后门威胁终端安全", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NzIxMDYxMw==&mid=2247504176&idx=1&sn=27f99ecb6ba3c497677bde65758089d4", + "description": null, + "author": "听风安全", + "category": "听风安全", + "pubDate": "2024-12-09T18:24:17" + }, + { + "title": "APT-C-08(蔓灵花)组织新型攻击组件分析报告", + "link": "https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247505075&idx=1&sn=e77800fcd72fe1d342a5c9e4d15de2f4", + "description": "360安全大脑监测到多起蔓灵花组织通过投递内部携带有chm恶意文档的压缩包附件的钓鱼邮件,诱导用户打开其中的chm文档,利用计划任务周期性回传受影响用户的机器名及用户名并同时下发后续攻击组件", + "author": "360威胁情报中心", + "category": "360威胁情报中心", + "pubDate": "2024-12-09T17:54:21" + }, + { + "title": "\\\"多引擎\\\"的资产识别、信息收集 | 干货", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247519358&idx=2&sn=053fe593848492102cf308e4ce93de7f", + "description": null, + "author": "渗透安全团队", + "category": "渗透安全团队", + "pubDate": "2024-12-09T17:08:43" + }, + { + "title": "【 CVE-2024-38193 】Windows 0day漏洞已在野利用,PoC已发布", + "link": "https://mp.weixin.qq.com/s?__biz=MjM5Mzc4MzUzMQ==&mid=2650260229&idx=1&sn=f6a11bf294dc8f32a86b9a5cafa66554", + "description": null, + "author": "骨哥说事", + "category": "骨哥说事", + "pubDate": "2024-12-09T16:48:48" + }, + { + "title": "基于安全产品DNS隧道流量分析", + "link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247487855&idx=1&sn=ab33b11b9d2ec3860605cd33256b0f4b", + "description": "选择哪家的云都没问题,这里我选择的是TX云。", + "author": "蚁景网安", + "category": "蚁景网安", + "pubDate": "2024-12-09T16:30:38" + }, + { + "title": "哥斯拉源码解读+如何绕过waf检测", + "link": "https://mp.weixin.qq.com/s?__biz=MzU3MjczNzA1Ng==&mid=2247493811&idx=1&sn=db12565d91e55498d134dcb943e35185", + "description": null, + "author": "龙哥网络安全", + "category": "龙哥网络安全", + "pubDate": "2024-12-09T15:51:00" + }, + { + "title": "src|组合拳进入后台,拿下高危!", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484180&idx=1&sn=9bab0ede32aa0055770498bc9cd20a42", + "description": "src高危漏洞", + "author": "simple学安全", + "category": "simple学安全", + "pubDate": "2024-12-09T15:48:25" + }, + { + "title": "Windows 零日漏洞 CVE-2024-38193 在野外被利用:PoC 发布", + "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525485&idx=1&sn=a5aeff09df0da8ba8baa5a35ae43b833", + "description": null, + "author": "Ots安全", + "category": "Ots安全", + "pubDate": "2024-12-09T15:44:07" + }, + { + "title": "EarlyBird 技术:一种先进的恶意软件规避策略", + "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525485&idx=2&sn=f773a4d627cc7872c87f1808d64a1c57", + "description": null, + "author": "Ots安全", + "category": "Ots安全", + "pubDate": "2024-12-09T15:44:07" + }, + { + "title": "通过 NTLM 强制进行层次结构接管并中继到远程站点数据库上的 MSSQL", + "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525485&idx=3&sn=57070a075945c22af097a8ce86269e93", + "description": null, + "author": "Ots安全", + "category": "Ots安全", + "pubDate": "2024-12-09T15:44:07" + }, + { + "title": "【web安全】云密钥泄露排查与利用思路", + "link": "https://mp.weixin.qq.com/s?__biz=MzkzMzYzNzIzNQ==&mid=2247485459&idx=1&sn=fab08a0a3edea2775ca41953da798df6", + "description": "随着云技术逐步发展,云资源被运用在各个领域,aksk泄露的风险也逐渐得到越来越多的关注。本文提供对本地文件、日常浏览器访问js文件、安全测试期间抓包数据进行aksk泄露排查的简要方案,以及对aksk泄露文件、权限的排查思路。", + "author": "安全驾驶舱", + "category": "安全驾驶舱", + "pubDate": "2024-12-09T15:24:15" + }, + { + "title": "太棒辣 | 感谢大哥带我学习关于验证码逻辑漏洞这些事", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NzQxNzY2OQ==&mid=2247487368&idx=1&sn=e37ec534c44ac5981864d0853b870a29", + "description": "犀利猪安全,带你上高速~", + "author": "犀利猪安全", + "category": "犀利猪安全", + "pubDate": "2024-12-09T15:14:22" + }, + { + "title": "Mitre_Att&ck框架T1518(软件发现)的简单实现", + "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484947&idx=1&sn=4c4d13bc392c72bb9d35a2e8103d4a31", + "description": null, + "author": "新蜂网络安全实验室", + "category": "新蜂网络安全实验室", + "pubDate": "2024-12-09T14:50:31" + }, + { + "title": "使用云访问凭证蜜标及时发现入侵行为", + "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTM5MDUxMA==&mid=2247501033&idx=1&sn=225f59063df401594c298e53353c8ab6", + "description": "云厂商自身具备一定的入侵行为检测能力,但依然存在检测规则被绕过、低危操作不触发告警的可能。那么作为云的使用者,在面对攻击者的入侵行为时,我们能做点什么呢?", + "author": "国际云安全联盟CSA", + "category": "国际云安全联盟CSA", + "pubDate": "2024-12-09T14:47:53" + }, + { + "title": "有PoC,Windows 0day漏洞CVE-2024-38193在野外被利用", + "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492986&idx=1&sn=09e54f7bf277f6cbca0f1c957c7e12cd", + "description": null, + "author": "独眼情报", + "category": "独眼情报", + "pubDate": "2024-12-09T14:02:03" + }, + { + "title": "【新手法】QR 码绕过浏览器隔离,实现恶意 C2 通信", + "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492986&idx=2&sn=2f68e8cdfddb9cf61b36ab3bb32c62e7", + "description": null, + "author": "独眼情报", + "category": "独眼情报", + "pubDate": "2024-12-09T14:02:03" + }, + { + "title": "【值得一看】财富 100 强公司中 40% 的 waf存在错误配置,导致易被绕过", + "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492986&idx=4&sn=6e677b7538a25ed316c371425b33a43f", + "description": null, + "author": "独眼情报", + "category": "独眼情报", + "pubDate": "2024-12-09T14:02:03" + }, + { + "title": "黑客利用 ProjectSend 漏洞对暴露的服务器进行后门处理", + "link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580114&idx=1&sn=fa181017da36db2d6d5598cb97f6ec10", + "description": "尽管该漏洞已于 2023 年 5 月 16 日得到修复,但直到近期才为其分配了 CVE,导致用户没有意识到其严重性以及应用安全更新的紧迫性。", + "author": "嘶吼专业版", + "category": "嘶吼专业版", + "pubDate": "2024-12-09T14:00:32" + }, + { + "title": "[含POC]CyberPanel upgrademysqlstatus 远程命令执行漏洞(CVE-2024-51567)", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MDY2NTY5Mw==&mid=2247485555&idx=1&sn=ce73bb7765466995a3745ab23db7e56f", + "description": null, + "author": "安全光圈", + "category": "安全光圈", + "pubDate": "2024-12-09T13:44:15" + }, + { + "title": "Cobalt Strike Postex Kit 套件", + "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485646&idx=1&sn=1090b5ba2f204ef433973a730c3ae7b1", + "description": null, + "author": "securitainment", + "category": "securitainment", + "pubDate": "2024-12-09T13:37:14" + }, + { + "title": "干货|一文搞懂加密流量检测的解决方法和技术细节", + "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247132&idx=2&sn=db993f8d0a0734eefc16f2dd7aaa2ba9", + "description": null, + "author": "e安在线", + "category": "e安在线", + "pubDate": "2024-12-09T13:13:54" + }, + { + "title": "【免杀】冰蝎免杀 XlByPassBehinder 过360、火绒、微软 v1.2已更新!", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg4Mzg4OTIyMA==&mid=2247485853&idx=1&sn=d820e9417910db7fd86eaaf2d6aa0631", + "description": "XlByPassBehinder v1.2更新!\\\\x0d\\\\x0a经测试过过360、火绒、微软 \\\\x0d\\\\x0a支持自定义webshell连接密码", + "author": "威零安全实验室", + "category": "威零安全实验室", + "pubDate": "2024-12-09T10:35:13" + }, + { + "title": "vulnhub之Matrix-3的实践", + "link": "https://mp.weixin.qq.com/s?__biz=MzA3MjM5MDc2Nw==&mid=2650748856&idx=1&sn=669a6d84045d7efd002d8c6f6382d49b", + "description": null, + "author": "云计算和网络安全技术实践", + "category": "云计算和网络安全技术实践", + "pubDate": "2024-12-09T10:11:24" + }, + { + "title": "web应急之各中间件日志保存位置", + "link": "https://mp.weixin.qq.com/s?__biz=MjM5ODkxMTEzOA==&mid=2247484416&idx=1&sn=434f9fb6580367d1a6a13705e3b7f526", + "description": "web应急之各中间件日志保存位置,作者:雁过留痕@深信服MSS专家部", + "author": "安服仔的救赎", + "category": "安服仔的救赎", + "pubDate": "2024-12-09T10:10:28" + }, + { + "title": "某订货系统文件上传漏洞分析", + "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604707&idx=3&sn=c9de054d4fda0db26998079e2dad84c4", + "description": null, + "author": "黑白之道", + "category": "黑白之道", + "pubDate": "2024-12-09T09:58:21" + }, + { + "title": "接口测试二三事", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486308&idx=1&sn=3a7a66d35bf0ebaf1c3e608311c1c41e", + "description": null, + "author": "扫地僧的茶饭日常", + "category": "扫地僧的茶饭日常", + "pubDate": "2024-12-09T09:52:52" + }, + { + "title": "动态逃逸杀软的艺术", + "link": "https://mp.weixin.qq.com/s?__biz=MzkyMDM4NDM5Ng==&mid=2247489197&idx=1&sn=6e201677c58d82a5f5f4fabf579346bf", + "description": "主要聚焦在流量、内存、行为上进行规避,并且组合了间接系统调用、反调试、反沙箱等技术进一步对抗杀软,也为后续综合逃逸EDR/XDR打下良好的基础", + "author": "安全洞察知识图谱", + "category": "安全洞察知识图谱", + "pubDate": "2024-12-09T09:43:42" + }, + { + "title": "【漏洞复现】Palo Alto PAN-OS身份认证绕过CVE-2024-0012及命令执行漏洞CVE-2024-9474", + "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjcxNzE2MQ==&mid=2247484485&idx=1&sn=0f5b3d6588ad00afd34fe51811a012a4", + "description": "【漏洞复现】Palo Alto Networks PAN-OS身份认证绕过CVE-2024-0012及命令执行漏洞CVE-2024-9474", + "author": "白帽攻防", + "category": "白帽攻防", + "pubDate": "2024-12-09T09:34:02" + }, + { + "title": "CVE-2023-6553 WordPress存在的远程命令执行漏洞", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486227&idx=1&sn=a70bbbb6e66a54b7a6765ab23f927f9f", + "description": null, + "author": "TtTeam", + "category": "TtTeam", + "pubDate": "2024-12-09T09:33:26" + }, + { + "title": "RedLine信息窃取木马活动通过盗版企业软件瞄准俄罗斯企业", + "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793421&idx=3&sn=7d7ec00dc894ec04618b450e170fa2de", + "description": "信息窃取木马通过盗版软件激活工具威胁俄罗斯企业。", + "author": "军哥网络安全读报", + "category": "军哥网络安全读报", + "pubDate": "2024-12-09T09:00:17" + }, + { + "title": "\\\"多引擎\\\"的资产识别、信息收集", + "link": "https://mp.weixin.qq.com/s?__biz=MzkwMDY5OTA3OA==&mid=2247483730&idx=1&sn=1e6684394884bcfdf2a1fee28dc25c19", + "description": null, + "author": "SecSentry", + "category": "SecSentry", + "pubDate": "2024-12-09T08:51:52" + }, + { + "title": "Wireshark & Packetdrill | TCP RST 之应用主动 RST 连接", + "link": "https://mp.weixin.qq.com/s?__biz=MzA5NTUxODA0OA==&mid=2247493057&idx=1&sn=136e392cdb02bb2bd94be1b73810f718", + "description": null, + "author": "Echo Reply", + "category": "Echo Reply", + "pubDate": "2024-12-09T08:08:11" + }, + { + "title": "安卓APP抓包大全", + "link": "https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247509812&idx=1&sn=424628999b821b12940f0fbab27483ee", + "description": null, + "author": "李白你好", + "category": "李白你好", + "pubDate": "2024-12-09T08:03:07" + }, + { + "title": "HTTPS也能明文抓包", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzIwNTY1OA==&mid=2247509640&idx=1&sn=f34051af5a0f4bb89e3eb6a6b98d2b05", + "description": null, + "author": "kali笔记", + "category": "kali笔记", + "pubDate": "2024-12-09T08:01:28" + }, + { + "title": "超级详细 - PHP webshell 免杀步骤、姿势总结", + "link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ5MDM3NA==&mid=2247487271&idx=1&sn=74bff3a1cd79d6676389f202dc5ad838", + "description": null, + "author": "SecretTeam安全团队", + "category": "SecretTeam安全团队", + "pubDate": "2024-12-09T08:00:53" + }, + { + "title": "漏洞预警 | Apache Arrow R package反序列化漏洞", + "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491681&idx=2&sn=6e023ccd4d0d3fa65654c5c2d88ff938", + "description": "Apache Arrow R包存在反序列化漏洞,攻击者可通过构造恶意的Arrow IPC、Feather或Parquet文件,在元数据中嵌入恶意对象,当应用程序加载这些文件时,可能触发反序列化漏洞,从而导致任意代码执行。", + "author": "浅安安全", + "category": "浅安安全", + "pubDate": "2024-12-09T08:00:27" + }, + { + "title": "坑人的恶意域名解析", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486959&idx=1&sn=6d26ed5344fe905df5145d3826bd73d8", + "description": null, + "author": "进击的HACK", + "category": "进击的HACK", + "pubDate": "2024-12-09T07:55:30" + }, + { + "title": "等保命令||人大金仓数据库等保测评相关命令收藏这篇你就够用了", + "link": "https://mp.weixin.qq.com/s?__biz=MzIwNDYzNTYxNQ==&mid=2247502367&idx=1&sn=b042fcf974dff8819fba4cf0b509daa0", + "description": null, + "author": "网络安全与等保测评", + "category": "网络安全与等保测评", + "pubDate": "2024-12-09T07:47:04" + }, + { + "title": "【OSCP】 Kioptrix 提权靶机(1-5)全系列教程,Try Harder!绝对干货!", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247496963&idx=1&sn=646e34d7b03cef9741616ea8d7e20968", + "description": null, + "author": "泷羽Sec", + "category": "泷羽Sec", + "pubDate": "2024-12-09T07:44:19" + }, + { + "title": "JAVA安全之Groovy命令注入刨析", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493820&idx=2&sn=9ec5b54dd922368d1f30e2a9d62eaaaa", + "description": null, + "author": "七芒星实验室", + "category": "七芒星实验室", + "pubDate": "2024-12-09T07:01:05" + }, + { + "title": "关于内网代理、vm、frp、proxifier全局流量转发等问题", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzY5NDUyMQ==&mid=2247484915&idx=1&sn=0da135b7e90aa90e6681a61c423ec648", + "description": null, + "author": "flowers-boy", + "category": "flowers-boy", + "pubDate": "2024-12-09T01:27:03" + }, + { + "title": "关于内网代理、横向移动技巧", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzY5NDUyMQ==&mid=2247484890&idx=1&sn=9ca4a681145e7f8abcbdc2345c342eb8", + "description": null, + "author": "flowers-boy", + "category": "flowers-boy", + "pubDate": "2024-12-09T01:17:44" + }, + { + "title": "关于内网代理、横向移动技巧", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzY5NDUyMQ==&mid=2247484871&idx=1&sn=089ce3d21145f24a457defdeb38ba1c2", + "description": null, + "author": "flowers-boy", + "category": "flowers-boy", + "pubDate": "2024-12-09T00:39:17" + }, + { + "title": "高版本Fastjson反序列化Xtring新链和EventListenerList绕过", + "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517584&idx=1&sn=26963081ad3fb9b4c7daaf1a6ebb1da3", + "description": null, + "author": "船山信安", + "category": "船山信安", + "pubDate": "2024-12-09T00:00:37" + }, + { + "title": "免杀|先锋马免杀分享", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247517520&idx=1&sn=b2ba85beb3cd31cad51d5e6ac33969ba", + "description": null, + "author": "Z2O安全攻防", + "category": "Z2O安全攻防", + "pubDate": "2024-12-08T22:35:57" + }, + { + "title": "网络工程师必知:5种常见的防火墙类型", + "link": "https://mp.weixin.qq.com/s?__biz=MzIyMzIwNzAxMQ==&mid=2649463458&idx=1&sn=03f5dc1be57f136c227974046cc727e1", + "description": "学网络,尽在网络技术联盟站!", + "author": "网络技术联盟站", + "category": "网络技术联盟站", + "pubDate": "2024-12-08T20:01:42" + }, + { + "title": "HTB_Vintage(思路)", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxMjYyMjA3Mg==&mid=2247485349&idx=1&sn=a329b52351dc5b9a272eb4450c1df369", + "description": "HTB_Vintage(思路)+ windows(hard)+pre2k+krb5票据(getTGT)+bloodyAD+asreproast+dpapi", + "author": "羽泪云小栈", + "category": "羽泪云小栈", + "pubDate": "2024-12-08T20:00:10" + }, + { + "title": "无文件攻击概览:武器化 PowerShell 和 Microsoft 合法应用程序", + "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485637&idx=1&sn=e3658e19648848f897893d47b9925dde", + "description": null, + "author": "securitainment", + "category": "securitainment", + "pubDate": "2024-12-08T18:49:48" + }, + { + "title": "EDR 规避:利用硬件断点的新技术 – Blindside", + "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525470&idx=2&sn=8137725aa1e79d840d5907dab8750104", + "description": null, + "author": "Ots安全", + "category": "Ots安全", + "pubDate": "2024-12-08T18:18:17" + }, + { + "title": "PE文件结构:NT头部", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484858&idx=1&sn=8564c27477338a8d3157b18e82a374a0", + "description": null, + "author": "风铃Sec", + "category": "风铃Sec", + "pubDate": "2024-12-08T15:48:48" + }, + { + "title": "RDP连接多开方法与利用思路", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493781&idx=2&sn=91e0f133a4824dcbbc882d716787520a", + "description": "文章前言本篇文章我们主要介绍在拿下目标域内主机的情况下,如何多开RDP链接且使得正常登录目标主机的用户不会被", + "author": "七芒星实验室", + "category": "七芒星实验室", + "pubDate": "2024-12-08T15:04:48" + }, + { + "title": "MalleableC2配置详解", + "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE3MzAxOA==&mid=2247484871&idx=1&sn=85dc63ec970621ccc35863a08e4aaade", + "description": "MalleableC2配置详解,解释了CS profile的配置项,为免杀和隐藏提供思路", + "author": "魔影安全实验室", + "category": "魔影安全实验室", + "pubDate": "2024-12-08T14:26:49" + }, + { + "title": "渗透测试 | 记一次信息泄露到学工系统", + "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486301&idx=1&sn=2dda1feb65b7d107523e4ea4e929921a", + "description": null, + "author": "扫地僧的茶饭日常", + "category": "扫地僧的茶饭日常", + "pubDate": "2024-12-08T14:08:26" + }, + { + "title": "一文看懂安卓JSB风险漏洞挖掘", + "link": "https://mp.weixin.qq.com/s?__biz=MzU0NDI5NTY4OQ==&mid=2247486237&idx=1&sn=61373f8016157b66e2c28307cdd3de53", + "description": null, + "author": "暴暴的皮卡丘", + "category": "暴暴的皮卡丘", + "pubDate": "2024-12-08T13:16:14" + }, + { + "title": "Mitre_Att&ck框架T1056.002(图形界面输入捕获)的简单实现", + "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484926&idx=1&sn=d38335e66a441a8cd2de7efe528ab730", + "description": "Mitre_Att\\\\x26amp;ck框架T1056.002(图形界面输入捕获)的简单实现", + "author": "新蜂网络安全实验室", + "category": "新蜂网络安全实验室", + "pubDate": "2024-12-08T13:00:48" + }, + { + "title": "Go :恶意软件开发(第二部分)", + "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503766&idx=1&sn=99017e10b273bcc56d5e09aa8c760946", + "description": "欢迎回来!!现在我们已经启动并运行了 TCP 服务器和客户端,", + "author": "安全狗的自我修养", + "category": "安全狗的自我修养", + "pubDate": "2024-12-08T12:40:41" + }, + { + "title": "【MalDev-08】反虚拟机", + "link": "https://mp.weixin.qq.com/s?__biz=MzIzODMyMzQxNQ==&mid=2247484339&idx=1&sn=3f7607badf404e2423c94c3f7f866e6e", + "description": "本章主要通过文件系统检测、硬件检测、基于时间的沙箱逃逸检测、注册表检测等方式进行反虚拟机。", + "author": "高级红队专家", + "category": "高级红队专家", + "pubDate": "2024-12-08T12:06:18" + }, + { + "title": "使用Azure CDN进行子域名接管", + "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614596&idx=1&sn=651eb8cf208c293adf46552a30899075", + "description": null, + "author": "白帽子左一", + "category": "白帽子左一", + "pubDate": "2024-12-08T12:03:04" + }, + { + "title": "哥斯拉webshell管理工具二次开发规避流量检测设备", + "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247492924&idx=1&sn=6480fbcef03f510d24353a08df6010ef", + "description": null, + "author": "夜组安全", + "category": "夜组安全", + "pubDate": "2024-12-08T12:02:41" + }, + { + "title": "渗透测试 | 记一次信息泄露到学工系统", + "link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247545734&idx=1&sn=14b57260a20b172b8f5240f5b120005b", + "description": null, + "author": "掌控安全EDU", + "category": "掌控安全EDU", + "pubDate": "2024-12-08T12:02:22" + }, + { + "title": "基于包长语义的隧道内部攻击流量识别", + "link": "https://mp.weixin.qq.com/s?__biz=MzA3MTAwODc0NQ==&mid=2649891287&idx=1&sn=59212e83e259d2665f07853fa80de907", + "description": "ACM CCS 2024 论文抢先看!本文中,我们考量当攻击者启用隧道传输其攻击流量时,如何对攻击流量进行准确检测。", + "author": "赛博新经济", + "category": "赛博新经济", + "pubDate": "2024-12-08T11:35:58" + }, + { + "title": "burpsuite SQL注入插件", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486953&idx=1&sn=ab10862e21c3541f3bf996f5396697ec", + "description": null, + "author": "进击的HACK", + "category": "进击的HACK", + "pubDate": "2024-12-08T07:55:40" + }, + { + "title": "渗透测试实战—利用防火墙突破网络隔离", + "link": "https://mp.weixin.qq.com/s?__biz=MzkyNjczNzgzMA==&mid=2247484338&idx=1&sn=1d4e3af01af9eb42ccc7d8c19de30992", + "description": "渗透测试实战—利用防火墙突破网络隔离", + "author": "网安日记本", + "category": "网安日记本", + "pubDate": "2024-12-08T07:00:47" + }, + { + "title": "新型 C2 技术利用二维码绕过浏览器隔离", + "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505049&idx=2&sn=af32da1272fdc565fad633f0937681e3", + "description": null, + "author": "网络研究观", + "category": "网络研究观", + "pubDate": "2024-12-08T00:00:35" + }, { "title": "Windows 7 至 Windows 11 中存在新的 0 Day NTLM 哈希泄露漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247504999&idx=3&sn=860de968b5da5269ea0ec755cd3e8392", @@ -143,14 +695,6 @@ "category": "军哥网络安全读报", "pubDate": "2024-12-07T09:01:41" }, - { - "title": "漏洞预警 | Zabbix SQL注入漏洞", - "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491663&idx=1&sn=13f8337d2c5b035b77d6655b19c9fc53", - "description": "Zabbix前端的CUser类中的addRelatedObjects函数未对输入数据进行充分验证和转义,导致具有API访问权限的恶意用户可以通过user.get API传递特制输入触发SQL注入攻击。", - "author": "浅安安全", - "category": "浅安安全", - "pubDate": "2024-12-07T08:30:49" - }, { "title": "【PWN】堆溢出2.23 Off-By-One", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NDYwOTcxNg==&mid=2247485038&idx=1&sn=2d307c01f15498c12c5bcad97233f8ab", @@ -159,6 +703,14 @@ "category": "智佳网络安全", "pubDate": "2024-12-07T08:30:49" }, + { + "title": "漏洞预警 | Zabbix SQL注入漏洞", + "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491663&idx=1&sn=13f8337d2c5b035b77d6655b19c9fc53", + "description": "Zabbix前端的CUser类中的addRelatedObjects函数未对输入数据进行充分验证和转义,导致具有API访问权限的恶意用户可以通过user.get API传递特制输入触发SQL注入攻击。", + "author": "浅安安全", + "category": "浅安安全", + "pubDate": "2024-12-07T08:30:49" + }, { "title": "浅谈利用PDF钓鱼攻击", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzIwNTY1OA==&mid=2247509598&idx=1&sn=be74c502c8b0cd301e12048e894f9257", @@ -407,14 +959,6 @@ "category": "军哥网络安全读报", "pubDate": "2024-12-06T09:00:59" }, - { - "title": "Mitre_Att&ck框架T1574.001技术(劫持Dll搜索顺序)的简单实现", - "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484913&idx=1&sn=38c952a43bd8d00d7d0251d15f3463c1", - "description": "Mitre_Att\\\\x26amp;ck框架T1574.001技术(劫持Dll搜索顺序)的简单实现", - "author": "新蜂网络安全实验室", - "category": "新蜂网络安全实验室", - "pubDate": "2024-12-06T09:00:25" - }, { "title": "渗透测试人员的 Nmap:漏洞扫描", "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485821&idx=1&sn=b98633172a515bdd2cbbfed5efdc3e30", @@ -423,6 +967,14 @@ "category": "三沐数安", "pubDate": "2024-12-06T09:00:25" }, + { + "title": "Mitre_Att&ck框架T1574.001技术(劫持Dll搜索顺序)的简单实现", + "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484913&idx=1&sn=38c952a43bd8d00d7d0251d15f3463c1", + "description": "Mitre_Att\\\\x26amp;ck框架T1574.001技术(劫持Dll搜索顺序)的简单实现", + "author": "新蜂网络安全实验室", + "category": "新蜂网络安全实验室", + "pubDate": "2024-12-06T09:00:25" + }, { "title": "利用伪装$Version Cookie绕过WAF防火墙", "link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492726&idx=1&sn=9e6c4dc27f3599ad2ca6487f320cf05c", @@ -1046,557 +1598,5 @@ "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2024-12-04T16:48:38" - }, - { - "title": "安卓逆向之第一代:整体型壳的工作原理", - "link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484348&idx=1&sn=853d0b9ffba606adede67a3dceb926d6", - "description": null, - "author": "Ting丶的安全笔记", - "category": "Ting丶的安全笔记", - "pubDate": "2024-12-04T16:47:09" - }, - { - "title": "Java 反序列化之 XStream 反序列化", - "link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247487830&idx=1&sn=c73070283e1b24b768e04165b08c1289", - "description": "XStream 是一个简单的基于 Java 库,Java 对象序列化到 XML,反之亦然。", - "author": "蚁景网安", - "category": "蚁景网安", - "pubDate": "2024-12-04T16:30:42" - }, - { - "title": "第71篇:某银行外网打点到内网核心区红队评估复盘", - "link": "https://mp.weixin.qq.com/s?__biz=MzIzMjg0MjM5OQ==&mid=2247487941&idx=1&sn=9b320e074613a6b014ac1246d69e96e9", - "description": "本期复盘一次银行的红队评估项目,基本上涵盖了外网打点、内网横向、社工钓鱼、供应链攻击、物理渗透、的方方面面,未知攻、焉知防,希望对红蓝双方都有借鉴意义。", - "author": "嗨嗨安全", - "category": "嗨嗨安全", - "pubDate": "2024-12-04T15:55:10" - }, - { - "title": "某企业SRC的两次WAF的对抗", - "link": "https://mp.weixin.qq.com/s?__biz=MzkxMDY3MzQyNQ==&mid=2247484734&idx=1&sn=8078a45842d6aa07b585f6791ec565ad", - "description": null, - "author": "OneTS安全团队", - "category": "OneTS安全团队", - "pubDate": "2024-12-04T14:58:35" - }, - { - "title": "【开源工具】-无害化钓鱼平台pfish", - "link": "https://mp.weixin.qq.com/s?__biz=MzA5OTI3MTE5MQ==&mid=2247485434&idx=1&sn=bf59cc92588b5bc09d84d8122325ed0c", - "description": "无害化钓鱼平台pfish", - "author": "埋藏酱油瓶", - "category": "埋藏酱油瓶", - "pubDate": "2024-12-04T14:46:08" - }, - { - "title": "黑客利用 macOS 扩展文件属性隐藏恶意代码", - "link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580067&idx=1&sn=1b4cd406b7ac4ce6e199711f557c7808", - "description": "威胁分子将恶意代码隐藏在自定义文件元数据中,并使用诱饵 PDF 文档来帮助逃避检测。", - "author": "嘶吼专业版", - "category": "嘶吼专业版", - "pubDate": "2024-12-04T14:00:36" - }, - { - "title": "新型漏洞攻击利用服务器进行恶意更新", - "link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580067&idx=2&sn=d10b2e801f0d756e658e21558ddff8d7", - "description": "AmberWolf 披露了有关这两个漏洞的更多详细信息,并发布了一个名为 NachoVPN 的开源工具,该工具模拟可以利用这些漏洞的流氓 VPN 服务器。", - "author": "嘶吼专业版", - "category": "嘶吼专业版", - "pubDate": "2024-12-04T14:00:36" - }, - { - "title": "浅谈红队中那些常见的场景和问题", - "link": "https://mp.weixin.qq.com/s?__biz=MzkzMzI3OTczNA==&mid=2247487440&idx=1&sn=0ae9cb74e601015c38b1b58c5d6498d5", - "description": "浅谈红队中那些常见的场景和问题。", - "author": "千寻安服", - "category": "千寻安服", - "pubDate": "2024-12-04T14:00:28" - }, - { - "title": "支持自定义密码 | 哥斯拉免杀 过360、火绒、D盾 XlByPassGodzilla v1.3已更新!", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg4Mzg4OTIyMA==&mid=2247485847&idx=1&sn=74982dff5ea606b9f1082ede4deb0f6c", - "description": "哥斯拉免杀XlByPassGodzilla v1.3已更新\\\\x0d\\\\x0a过360、火绒、D盾(部分过)", - "author": "威零安全实验室", - "category": "威零安全实验室", - "pubDate": "2024-12-04T13:48:46" - }, - { - "title": "【免杀思路】某60 SHELLCODE注入探测", - "link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTY3OTc5Mw==&mid=2247484856&idx=1&sn=c30863a5525a3ed62f00fc83647e9d90", - "description": null, - "author": "网安鲲为帝", - "category": "网安鲲为帝", - "pubDate": "2024-12-04T13:46:16" - }, - { - "title": "Zabbix SQL 注入 CVE-2024-42327 POC已公开", - "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTQzNjIwNw==&mid=2247490461&idx=2&sn=08cc776019baf385a479ee02ed9635ae", - "description": "CVE-2024-42327 的 PoC 发布", - "author": "棉花糖fans", - "category": "棉花糖fans", - "pubDate": "2024-12-04T13:30:05" - }, - { - "title": "Web狗的近源渗透记录", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDA5NzUzNA==&mid=2247488520&idx=1&sn=0cb39ed4c4a6827600805a5c1b3683b9", - "description": null, - "author": "藏剑安全", - "category": "藏剑安全", - "pubDate": "2024-12-04T12:41:09" - }, - { - "title": "linux系统中常见的几种文件传输方式", - "link": "https://mp.weixin.qq.com/s?__biz=MzI3NjA4MjMyMw==&mid=2647789820&idx=1&sn=3fc71504ae514f9af5355d447cfdc75f", - "description": "本文的几种传输方法针对的是在渗透中常遇到的情况。", - "author": "乌鸦安全", - "category": "乌鸦安全", - "pubDate": "2024-12-04T12:17:48" - }, - { - "title": "Mitre Att&ck框架T1059.008技术(Network Device CLI)的简单实现", - "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484883&idx=1&sn=ce52009dc757f7c57bb6bccd059a69b8", - "description": "Mitre Att\\\\x26amp;ck框架T1059.008技术(Network Device CLI)的简单实现", - "author": "新蜂网络安全实验室", - "category": "新蜂网络安全实验室", - "pubDate": "2024-12-04T12:10:26" - }, - { - "title": "一次ASP.NET站点文件上传bypass", - "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614522&idx=1&sn=a80a20b412ee8bd03f82dc6277244e99", - "description": null, - "author": "白帽子左一", - "category": "白帽子左一", - "pubDate": "2024-12-04T12:02:44" - }, - { - "title": "干货|一文搞懂加密流量检测的解决方法和技术细节", - "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247107&idx=2&sn=14422cc225f026b33245b6fe143ea536", - "description": null, - "author": "e安在线", - "category": "e安在线", - "pubDate": "2024-12-04T11:32:47" - }, - { - "title": "系统文件管理行为漏洞导致本地提权", - "link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTU2ODQ4Mw==&mid=2247486517&idx=1&sn=388de17165c44f34a9aa9f95be1ac96f", - "description": "文章从两个C语言底层函数出发,分析在处理文件时,缺少对符号链接的严格检测,导致macOS的隐私绕过与本地提权及缓解方案。", - "author": "奇安信天工实验室", - "category": "奇安信天工实验室", - "pubDate": "2024-12-04T11:30:51" - }, - { - "title": "一文学会fastjson漏洞", - "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484160&idx=1&sn=768fc0310477001e491b83ee2ccdbd59", - "description": "fastjson漏洞", - "author": "simple学安全", - "category": "simple学安全", - "pubDate": "2024-12-04T10:55:30" - }, - { - "title": "【重新架构】基于frp 过卡巴斯基、360核晶、defender、火绒的xlfrc v1.2发布!", - "link": "https://mp.weixin.qq.com/s?__biz=MzkzNjM5NDU0OA==&mid=2247486211&idx=3&sn=563d506f54cfa08428c80bc707e9bbdb", - "description": "分离客户端与服务器端源码,减少程序静态特征\\\\x0d\\\\x0a过卡巴斯基、360、defender、火绒\\\\x0d\\\\x0a支持linux、windows平台", - "author": "钟毓安全", - "category": "钟毓安全", - "pubDate": "2024-12-04T10:43:53" - }, - { - "title": "EDR Silencers 与阻止 EDR 通信方法探索u200a-u200a第 2 部分", - "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485566&idx=1&sn=da384849804c481aefcad9f835e65683", - "description": null, - "author": "securitainment", - "category": "securitainment", - "pubDate": "2024-12-04T10:30:23" - }, - { - "title": "【全国职业技能大赛“信息安全与评估”赛项】Linux系统入侵排查与应急响应技术", - "link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247485913&idx=1&sn=d11bcfbb72d32f8f9a4808c0b6ba001f", - "description": null, - "author": "神农Sec", - "category": "神农Sec", - "pubDate": "2024-12-04T10:11:41" - }, - { - "title": "CVE-2017-7504 JBOSS反序列化漏洞复现", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg2Mzg1MTA5MQ==&mid=2247484544&idx=1&sn=edccc83fdc6c490a2e6fea3dca97653f", - "description": "JBoss AS 4.x JbossMQ实现过程的JMS over HTTP Invocation Layer的HTTPServerILServlet.java文件存在反序列化漏洞,远程攻击者可借助特制的序列化数据利用该漏洞执行任意代码。", - "author": "网安知识库", - "category": "网安知识库", - "pubDate": "2024-12-04T10:00:45" - }, - { - "title": "Venom Spider 为 MaaS 平台制造新型恶意软件", - "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793364&idx=3&sn=da0de415c1527aad4f9a58dd47947c23", - "description": "“Venom Spider”威胁组织升级攻击工具。", - "author": "军哥网络安全读报", - "category": "军哥网络安全读报", - "pubDate": "2024-12-04T09:00:54" - }, - { - "title": "【实战小技巧系列】前端 JS 解密:一次简单高危漏洞案例", - "link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491124&idx=1&sn=a0b37e5980727d2306c23e85b77a4db1", - "description": "前端 JS 解密:一次简单高危漏洞案例", - "author": "实战安全研究", - "category": "实战安全研究", - "pubDate": "2024-12-04T09:00:23" - }, - { - "title": "从JS到内网横向", - "link": "https://mp.weixin.qq.com/s?__biz=MzUyNjk0Njg5Nw==&mid=2247484185&idx=1&sn=a9f95d93cc287d18e2541bb17a5e4c1e", - "description": "前段时间参加了一场攻防演练,使用常规漏洞尝试未果后,想到不少师傅分享过从JS中寻找突破的文章,于是硬着头皮刚起了JS,最终打开了内网入口获取了靶标权限和个人信息。在此分享一下过程。", - "author": "左逆安全攻防", - "category": "左逆安全攻防", - "pubDate": "2024-12-04T08:41:16" - }, - { - "title": "银狐黑产最新加载器利用破解版VPN为诱饵进行传播", - "link": "https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247489624&idx=1&sn=d79b623b062721f4270af7e991894bf1", - "description": "银狐黑产最新加载器利用破解版VPN为诱饵进行传播", - "author": "安全分析与研究", - "category": "安全分析与研究", - "pubDate": "2024-12-04T08:41:01" - }, - { - "title": "Windows漏洞:MS08-067远程代码执行漏洞复现及深度防御", - "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTUxMzk2NQ==&mid=2247485627&idx=1&sn=22b7126319128dc90cd1fb3659a2c5c8", - "description": null, - "author": "安全君呀", - "category": "安全君呀", - "pubDate": "2024-12-04T08:10:39" - }, - { - "title": "漏洞预警 | 致翔OA SQL注入漏洞", - "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491636&idx=2&sn=2d7f1f2bbdc233543e7c316a9a7d4297", - "description": "致翔OA的/OpenWindows/open_juese.aspx接口存在SQL注入漏洞,未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。", - "author": "浅安安全", - "category": "浅安安全", - "pubDate": "2024-12-04T08:00:41" - }, - { - "title": "漏洞预警 | Eking管理易任意文件上传漏洞", - "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491636&idx=3&sn=b01fdd9d4755ed5068d97d6a493c81fb", - "description": "EKing管理易的/Base64Upload.ihtm接口处存在任意文件上传漏洞,未经身份验证的远程攻击者可利用此漏洞上传任意文件,在服务器端任意执行代码获取服务器权限,进而控制整个web服务器。", - "author": "浅安安全", - "category": "浅安安全", - "pubDate": "2024-12-04T08:00:41" - }, - { - "title": "记一次回显利用接管学校财务系统", - "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486891&idx=2&sn=7a470fde8eb7457c56e395fbdeea2652", - "description": null, - "author": "进击的HACK", - "category": "进击的HACK", - "pubDate": "2024-12-04T07:50:56" - }, - { - "title": "OsCommerce v4 RCE:揭开文件上传绕过威胁", - "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503761&idx=1&sn=6967ccadb1a4a56080ed1cdec5bd6cfd", - "description": "在我最近的渗透测试中,我在 osCommerce v4 中发现了一个关键漏洞,特别", - "author": "安全狗的自我修养", - "category": "安全狗的自我修养", - "pubDate": "2024-12-04T07:42:26" - }, - { - "title": "Docker Privileged特权逃逸", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493740&idx=2&sn=ee345278088902534badddef929a7a62", - "description": "文章前言在Docker中Privileged是一种特殊的权限模式,它允许Docker容器在启动时获取到与宿主", - "author": "七芒星实验室", - "category": "七芒星实验室", - "pubDate": "2024-12-04T07:05:51" - }, - { - "title": "基于动态Agent挖掘更多的反序列化入口", - "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517445&idx=1&sn=d6495be48e8a001ccb846c382c5a2336", - "description": null, - "author": "船山信安", - "category": "船山信安", - "pubDate": "2024-12-04T02:02:46" - }, - { - "title": "文末获取 | 一款替代SNETCracker支持多协议弱口令爆破工具", - "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491543&idx=1&sn=91387096fc0e7cc0f34c0e842513435f", - "description": null, - "author": "星落安全团队", - "category": "星落安全团队", - "pubDate": "2024-12-04T00:03:46" - }, - { - "title": "CVE-2024-42327 Zabbix 严重漏洞POC已公开!", - "link": "https://mp.weixin.qq.com/s?__biz=MzkwODI1ODgzOA==&mid=2247506250&idx=1&sn=65c3600e701ae88d87981315807f4d12", - "description": "CVE-2024-42327 Zabbix 严重漏洞POC已公开!请及时修复", - "author": "一个不正经的黑客", - "category": "一个不正经的黑客", - "pubDate": "2024-12-04T00:01:00" - }, - { - "title": "一款能快速探测可能存在SQL注入的Burpsuite插件 提高 SQL 注入测试效率|渗透测试", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODE2MjkxMQ==&mid=2247489248&idx=1&sn=28b8aa1e0b877a8d712468bd82d26459", - "description": "DetSql是基于 BurpSuite Java 插件 API 开发的 SQL 注入探测插件,主要作用为快速从 http 流量中筛选出可能存在 SQL 注入的请求,在尽可能减少拦截的情况下提高 SQL 注入测试效率。", - "author": "渗透安全HackTwo", - "category": "渗透安全HackTwo", - "pubDate": "2024-12-04T00:00:53" - }, - { - "title": "【揭秘】打印机痕迹取证", - "link": "https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048065&idx=2&sn=c2b79081f1e540ebe55d37898c8f3900", - "description": null, - "author": "电子物证", - "category": "电子物证", - "pubDate": "2024-12-04T00:00:53" - }, - { - "title": "sign加密小程序漏洞挖掘", - "link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247498804&idx=1&sn=7b4841d81ea301d1b204b069ffc9250b", - "description": null, - "author": "网络安全者", - "category": "网络安全者", - "pubDate": "2024-12-04T00:00:14" - }, - { - "title": "【漏洞预警】Dell NetWorker权限提升漏洞(CVE-2024-42422)", - "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489258&idx=1&sn=37b588ec3a46cd041f49cdc24390fdd6", - "description": null, - "author": "飓风网络安全", - "category": "飓风网络安全", - "pubDate": "2024-12-03T23:20:53" - }, - { - "title": "searchsploit漏洞辅助利用工具", - "link": "https://mp.weixin.qq.com/s?__biz=MzA3NTc0MTA1Mg==&mid=2664712099&idx=1&sn=61a72f188755066a11d2bbfb63a06708", - "description": null, - "author": "小兵搞安全", - "category": "小兵搞安全", - "pubDate": "2024-12-03T23:04:58" - }, - { - "title": "GitLab漏洞汇总", - "link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491122&idx=1&sn=bb9371663020caf90ea8432d73756f63", - "description": "本文汇总了gitlab从2016到2023年的一些常见漏洞。", - "author": "实战安全研究", - "category": "实战安全研究", - "pubDate": "2024-12-03T22:37:34" - }, - { - "title": "剖析JA4H指纹:提升Sliver C2检测能力", - "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjM0ODAwNg==&mid=2247488274&idx=1&sn=d31b4691a249e96a6e60836c9b2d3317", - "description": "happy hunting", - "author": "TIPFactory情报工厂", - "category": "TIPFactory情报工厂", - "pubDate": "2024-12-03T20:30:33" - }, - { - "title": "动态逃逸杀软", - "link": "https://mp.weixin.qq.com/s?__biz=MzkzNTYwMTk4Mw==&mid=2247488075&idx=1&sn=30866fcd85c0b1a1f1d5fef6f8f2cde1", - "description": null, - "author": "网安探索员", - "category": "网安探索员", - "pubDate": "2024-12-03T20:03:50" - }, - { - "title": "应急响应 - Windows基础篇", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTU3NTY0Nw==&mid=2247489400&idx=1&sn=1b9208a83d4719f03c7e5582703f8236", - "description": null, - "author": "网络安全与取证研究", - "category": "网络安全与取证研究", - "pubDate": "2024-12-03T20:00:20" - }, - { - "title": "两个影响WPS Office的任意代码执行漏洞分析", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg5OTQzNTI4Nw==&mid=2247488921&idx=1&sn=796d00590260af7c745e20f4cb082c0b", - "description": null, - "author": "黑客街安全团队", - "category": "黑客街安全团队", - "pubDate": "2024-12-03T19:17:41" - }, - { - "title": "新型恶意软件能利用LogoFAIL漏洞感染Linux系统", - "link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308739&idx=2&sn=9f511acdd37389f627c4dd8e2667b338", - "description": "许多厂商产品会受到 LogoFAIL 漏洞的一种或多种变体的影响。", - "author": "FreeBuf", - "category": "FreeBuf", - "pubDate": "2024-12-03T19:02:32" - }, - { - "title": "分析运行APP内存中的敏感信息", - "link": "https://mp.weixin.qq.com/s?__biz=MzAwOTQzMjMwOQ==&mid=2247483897&idx=1&sn=9b153c1f54e112bd43648e47809200ea", - "description": "众所不知在OSS中,使用HTTP请求的Authorization Header来携带签名信息是进行身份验证的最常见方法。除了使用POST签名和URL签名之外,所有的OSS操作都需要通过Authorization Header来进行身份验证。", - "author": "思极安全实验室", - "category": "思极安全实验室", - "pubDate": "2024-12-03T19:01:07" - }, - { - "title": "【安全圈】新型恶意软件能利用LogoFAIL漏洞感染Linux系统", - "link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066393&idx=4&sn=b1e7b15689fa221569f9a1cad7eff071", - "description": null, - "author": "安全圈", - "category": "安全圈", - "pubDate": "2024-12-03T19:00:52" - }, - { - "title": "安卓逆向之Android-Intent介绍", - "link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484333&idx=1&sn=d634f8d7c16848236b8763cb07390347", - "description": "安卓逆向之Android-Intent介绍", - "author": "Ting丶的安全笔记", - "category": "Ting丶的安全笔记", - "pubDate": "2024-12-03T18:59:24" - }, - { - "title": "11月漏洞快报 | Apache OFBiz 表达式注入漏洞、Oracle 文件泄露漏洞...", - "link": "https://mp.weixin.qq.com/s?__biz=MjM5NzE0NTIxMg==&mid=2651134656&idx=2&sn=64e0a5818023dfe7a4f9a1c5e1101a01", - "description": null, - "author": "梆梆安全", - "category": "梆梆安全", - "pubDate": "2024-12-03T17:54:30" - }, - { - "title": "无文件攻击的恶意软件加载器:PSLoramyra技术分析", - "link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492450&idx=1&sn=e25fe33cdbf7b2905dddbe3f503934ad", - "description": "近日,一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。", - "author": "白泽安全实验室", - "category": "白泽安全实验室", - "pubDate": "2024-12-03T17:47:30" - }, - { - "title": "利用断开的域管理员rdp会话提权", - "link": "https://mp.weixin.qq.com/s?__biz=MzkxNTIwNTkyNg==&mid=2247551774&idx=1&sn=27b225e1a3c8cb15734b6e39c2e3ba68", - "description": null, - "author": "蚁景网络安全", - "category": "蚁景网络安全", - "pubDate": "2024-12-03T17:30:35" - }, - { - "title": "Windows 工具被武器化:Wevtutil.exe 在新型攻击中被利用", - "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525251&idx=1&sn=8cf9d612a0fa98c133236ace9572e8f5", - "description": null, - "author": "Ots安全", - "category": "Ots安全", - "pubDate": "2024-12-03T17:30:13" - }, - { - "title": "从 Base64 到反向 Shell:从 Word 文档中解压恶意软件", - "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525251&idx=2&sn=70d91929eb7adde3106da6b8a73946dd", - "description": null, - "author": "Ots安全", - "category": "Ots安全", - "pubDate": "2024-12-03T17:30:13" - }, - { - "title": "【技术分享】从网站搭建到木马免杀捆绑与拿shell全过程", - "link": "https://mp.weixin.qq.com/s?__biz=MzIyNTIxNDA1Ng==&mid=2659211256&idx=1&sn=7be75392df645155a215faa354d98e14", - "description": null, - "author": "暗影网安实验室", - "category": "暗影网安实验室", - "pubDate": "2024-12-03T17:20:54" - }, - { - "title": "【免杀+钓鱼】钓鱼页面搭建+免杀捆绑拿shell", - "link": "https://mp.weixin.qq.com/s?__biz=MzkxMDc0MTc5Mw==&mid=2247483778&idx=1&sn=617673eea861e0f39c1b0c1f5e976558", - "description": null, - "author": "红岸基地网络安全", - "category": "红岸基地网络安全", - "pubDate": "2024-12-03T17:20:24" - }, - { - "title": "Nmap 结果也能可视化?效果还真不错!", - "link": "https://mp.weixin.qq.com/s?__biz=MzU0MDUxMDEzNQ==&mid=2247489676&idx=1&sn=a76a9b21c54c717195a7cb1ef7c87630", - "description": null, - "author": "黑客仓库", - "category": "黑客仓库", - "pubDate": "2024-12-03T16:30:24" - }, - { - "title": "免杀对抗从0开始(六)", - "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MzU5NTg1Ng==&mid=2247484842&idx=1&sn=e686677da6362fd1f51d39052c58adae", - "description": null, - "author": "泾弦安全", - "category": "泾弦安全", - "pubDate": "2024-12-03T15:29:09" - }, - { - "title": "EDR Silencers 与阻止 EDR 通信的方法探索 - 第一部分", - "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485552&idx=1&sn=8b6b477f2189c031b7faab345ea9f6a2", - "description": null, - "author": "securitainment", - "category": "securitainment", - "pubDate": "2024-12-03T13:37:36" - }, - { - "title": "未探索的 LOLBAS 技术 Wevtutil", - "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485552&idx=2&sn=f82bc68e8d2c879cb6e4744b550ede6a", - "description": null, - "author": "securitainment", - "category": "securitainment", - "pubDate": "2024-12-03T13:37:36" - }, - { - "title": "损坏的 Word 文件助长复杂的网络钓鱼活动", - "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485795&idx=1&sn=ad88754e71bbff268358d0567838de6c", - "description": null, - "author": "三沐数安", - "category": "三沐数安", - "pubDate": "2024-12-03T12:31:38" - }, - { - "title": "云安全红队渗透测试详解【案例实操】", - "link": "https://mp.weixin.qq.com/s?__biz=MzI1Mjc3NTUwMQ==&mid=2247536949&idx=1&sn=ae9c6716667e57e6f8d66a034befdaac", - "description": "内容较多,可收藏观看", - "author": "教父爱分享", - "category": "教父爱分享", - "pubDate": "2024-12-03T12:03:06" - }, - { - "title": "如何使用 Shodan狩猎C2", - "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614505&idx=1&sn=2fe91456fc059ab8a4c0588c08160f9a", - "description": null, - "author": "白帽子左一", - "category": "白帽子左一", - "pubDate": "2024-12-03T12:01:26" - }, - { - "title": "记一次回显利用接管学校财务系统", - "link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247545624&idx=1&sn=88f0278c64118fc4e169de395776a9c5", - "description": null, - "author": "掌控安全EDU", - "category": "掌控安全EDU", - "pubDate": "2024-12-03T12:01:18" - }, - { - "title": "【护网蓝队应急系列1】Windows入侵排查", - "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTUxMzk2NQ==&mid=2247485605&idx=1&sn=8d6e9cc10aee02d296cc2d99807c4889", - "description": null, - "author": "安全君呀", - "category": "安全君呀", - "pubDate": "2024-12-03T11:54:01" - }, - { - "title": "第101篇:一个绕过5层权限校验的0day漏洞的代码审计分析", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDg2MDIxNQ==&mid=2247485183&idx=1&sn=10c23306ea0a57295373eb38828c61cf", - "description": null, - "author": "Jie安全", - "category": "Jie安全", - "pubDate": "2024-12-03T11:49:23" - }, - { - "title": "Nighthawk 正在推翻 Cobalt Strike", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MzA4NTM0OA==&mid=2247492953&idx=1&sn=d9a55365e49765779b01df8d48c5f943", - "description": "MDSec 团队通过此新版本加强了内存规避技术。借助新的 Python API 和注册自定义命令的能力,Nighthawk 正成为推翻 Cobalt Strike 的有力竞争者。", - "author": "OSINT研习社", - "category": "OSINT研习社", - "pubDate": "2024-12-03T11:45:06" - }, - { - "title": "Burpsuite存储桶配置不当漏洞检测插件", - "link": "https://mp.weixin.qq.com/s?__biz=Mzg2MTg2NzI5OA==&mid=2247484752&idx=1&sn=11f717a42e8b1e332a6e68aa76a479fd", - "description": "自动化检测存储桶漏洞工具", - "author": "黑熊安全", - "category": "黑熊安全", - "pubDate": "2024-12-03T11:30:03" - }, - { - "title": "【重新架构】基于frp 过卡巴斯基、360核晶、defender、火绒的xlfrc v1.2发布!", - "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTIzODg0MA==&mid=2247491258&idx=1&sn=20bfef1278649f270b44f8e6fbd998c1", - "description": "分离客户端与服务器端源码,减少程序静态特征\\\\x0d\\\\x0a过卡巴斯基、360、defender、火绒\\\\x0d\\\\x0a支持linux、windows平台", - "author": "爱喝酒烫头的曹操", - "category": "爱喝酒烫头的曹操", - "pubDate": "2024-12-03T11:10:03" } ] \ No newline at end of file diff --git a/JSON/freebuf.json b/JSON/freebuf.json index 69b4500..818679b 100644 --- a/JSON/freebuf.json +++ b/JSON/freebuf.json @@ -1,4 +1,68 @@ [ + { + "title": "腾讯云首届金融安全峰会圆满举办,让安全价值看得见", + "link": "https://www.freebuf.com/articles/417280.html", + "description": "12月6日,2024首届腾讯云金融安全峰会在上海成功举办。", + "body": "

作为数字经济的重要组成部分之一,金融行业的发展与稳定一直备受关注。国家高度重视金融行业的数字化转型与安全建设,金融企业加速信息技术融合创新改造升级。中国人民银行等7部门联合印发的《推动数字金融高质量发展行动方案》提出,以数据要素和数字技术为关键驱动,加快推进金融机构数字化转型,夯实数字金融发展基础。

随着金融科技进入4.0时代,以人工智能(AI)、大数据、云计算和区块链等新兴技术", + "category": "活动", + "pubDate": "Mon, 09 Dec 2024 19:24:40 +0800" + }, + { + "title": "通过二维码实现命令与控制操作的新方法", + "link": "https://www.freebuf.com/news/417227.html", + "description": "Mandiant技术公司发现了一种绕过浏览器隔离技术并通过二维码实现命令与控制操作的新方法。", + "body": "

Mandiant技术公司发现了一种绕过浏览器隔离技术并通过二维码实现命令与控制操作的新方法。

浏览器隔离是一种越来越受欢迎的安全技术,它通过将所有本地Web浏览器请求路由至托管在云环境或虚拟机中的远程Web浏览器,来执行。

访问的网页上的任何脚本或内容都是在远程浏览器上执行,而不是在本地的浏览器上。然后,页面的渲染像素流被发送回原始请求的本地浏览器,只显示页面的外观,", + "category": "资讯", + "pubDate": "Mon, 09 Dec 2024 14:34:59 +0800" + }, + { + "title": "2024半年度国内外网安龙头公司业绩对比", + "link": "https://www.freebuf.com/news/417217.html", + "description": "探讨2024上半年国内外顶尖网安公司(国内外各20家市值排名靠前、专注网安行业的上市公司)整体业绩。", + "body": "

本期,我们将探讨2024上半年国内外顶尖网安公司(国内外各20家市值排名靠前、专注网安行业的上市公司)整体业绩,并对比2023年同期数据评估发展状况,研究此期间国内外网安公司差距发生了怎样的变化。注:三季报分析即将完成,将在近期发布,敬请期待。

一、营业收入

<", + "category": "资讯", + "pubDate": "Mon, 09 Dec 2024 14:15:37 +0800" + }, + { + "title": "Gartner 发布首份《身份验证魔力象限报告》", + "link": "https://www.freebuf.com/articles/neopoints/417194.html", + "description": "Gartner 在报告中将 Entrust 、Incode 、Jumio 、Socure 和Sumsub 评为身份验证领导者。", + "body": "

身份验证在历史上主要是用于银行、赌博和加密货币等受监管的入职过程,但 COVID-19 引入了新的政府和劳动力相关的用例,包括防止欺诈。咨询公司 Gartner 的副总裁分析师 Akif Khan 表示,身份验证技术如今在像 Airbnb 这样的市场,上建立信任和防范勒索软件攻击方面发挥着重要作用。据The Hacker News消息,网络安全研究人员近日发现一种新的诈骗活动,利用虚假的商务视频会议应用程序来针对 Web3 技术公司的工作人员,并传播一种名为Realst 的信息窃取程序。

罗马尼亚宪法法院作出了一项具有历史性的裁决,取消了总统选举第一轮投票的结果,原因是涉嫌俄罗斯的干预。因此,原定于 2024 年12 月8 日举行的第二轮投票将不再进行。第一轮获胜者卡林·乔尔杰斯库(Călin Georgescu)将这一裁决称为“正式政变”和对民主的攻击。全球动态

1. I-O Data路由器0Day漏洞被利用,无修复补丁

日本计算机紧急响应小组(CERT)警告称 ,黑客正在利用I-O Data路由器设备中的零日漏洞来修改设备设置、执行命令,甚至关闭防火墙。【外刊-几天来,业内同仁非常关注我的内部公开信。我有必要做出公开的答复,进一步明确安天的发展目标和路径。

企业创始人、实控人对企业发展运营承担完整的责任与使命,这是我坚持的原则。在此原则之上,才能做好目标拆解、责任分工与总结。

既然回归指挥位,我就要高效明确地向内部传递工作导向,这已经在内部公开信中讲的很清楚,而且就重大工作安排,发布内部公开", + "category": "观点", + "pubDate": "Fri, 06 Dec 2024 20:44:22 +0800" + }, { "title": "关键的联发科芯片组漏洞影响15亿手机用户", "link": "https://www.freebuf.com/news/417104.html", @@ -7,6 +71,14 @@ "category": "资讯", "pubDate": "Fri, 06 Dec 2024 19:01:01 +0800" }, + { + "title": "一周网安优质PDF资源推荐丨FreeBuf知识大陆", + "link": "https://www.freebuf.com/news/417087.html", + "description": "我们精选了本周知识大陆公开发布的10条优质资源,让我们一起看看吧。", + "body": "

各位读者周末好,以下是本周「FreeBuf知识大陆一周优质资源推荐」,我们精选了本周知识大陆公开发布的10条优质资源,让我们一起看看吧。

众所周知,一个漏洞在出现之后,会很快被各大杀软发现,紧接着就会更新病毒库,针对该漏洞进行检测。像rar之类并不会自动更新的软件,这些漏洞却因为杀软而无法使用。

授人以鱼不如授人以渔。在绕过杀软的同时利用漏洞,就是我接下来给大家讲的技术手段。

一 测试环境。

漏洞:CVE-2023-38831

全球动态

1. 上海全面开展个人信息保护,对“刷脸支付”等过度索取个人信息行为说“不”

12月4日,上海市网信办在“亮剑浦江·2024”消费领域个人信息权益保护专项执法行动总结交流会议上发布成效评估报告并透露,今年全市范围3704家公共停车场全面落实停车缴费“纯净码”,24家重点咖啡企业开展自查整改。 【Stoli集团在美国的子公司因8月份遭受的勒索软件攻击,以及俄罗斯当局没收其在俄剩余酿酒厂而不得不申请破产保护。\"\"

Stoli美国公司及其子公司肯塔基猫头鹰公司的总裁兼全球首席执行", - "category": "资讯", - "pubDate": "Thu, 05 Dec 2024 13:56:42 +0800" - }, - { - "title": "谷歌浏览器类型混淆漏洞让攻击者能够执行远程代码", - "link": "https://www.freebuf.com/news/416908.html", - "description": "攻击者可能利用此漏洞在受影响的系统上执行远程代码,从而导致系统受损和数据盗窃。", - "body": "

据Cyber Security News消息,最近,独立研究人员在谷歌Chrome 的 V8 JavaScript 引擎中发现了一个严重性较高的类型混淆漏洞。

前言

当域内管理员登录过攻击者可控的域内普通机器运维或者排查结束后,退出3389时没有退出账号而是直接关掉了远程桌面,那么会产生哪些风险呢?有些读者第一个想到的肯定就是抓密码,但是如果抓不到明文密码又或者无法pth呢?

通过计划任务完成域内提权

首先模拟域管登录了攻击者可控的普通域内机器并且关掉了3389远程", - "category": "漏洞", - "pubDate": "Thu, 05 Dec 2024 11:10:43 +0800" - }, - { - "title": "警惕这类黑产,近百万老年机被远程控制,每月莫名扣费……", - "link": "https://www.freebuf.com/news/416899.html", - "description": "初步统计显示,全国竟有98万部手机遭遇莫名扣费情况,金额高达500多万元。不法分子如何盯上老人机?", - "body": "

初步统计显示,全国竟有98万部手机遭遇莫名扣费", - "category": "资讯", - "pubDate": "Thu, 05 Dec 2024 10:46:34 +0800" - }, - { - "title": "安全研究年终总结-分享2024年RCE类的CVE漏洞高危EXP集合!", - "link": "https://www.freebuf.com/articles/web/416887.html", - "description": "网络安全漏洞不断变化且威胁日益严重,及时了解和修复这些漏洞至关重要。本文介绍的多个CVE漏洞,涉及常见的企业级软件和硬件,黑客可以利用这些漏洞远程控制系统、窃取敏感数据甚至完全破坏服务。", - "body": "

缘起

  • 网络安全漏洞不断变化且威胁日益严重,及时了解和修复这些漏洞至关重要。本文介绍的多个CVE漏洞,涉及常见的企业级软件和硬件,黑客可以利用这些漏洞远程控制系统、窃取敏感数据甚至完全破坏服务。

  • 对于企业和开发者来说,了解这些漏洞不仅能帮助保护自己的系统,还能减少数据泄露、经济损失和品牌信誉的风险。因此,深入研究", - "category": "Web安全", - "pubDate": "Thu, 05 Dec 2024 09:42:13 +0800" - }, - { - "title": "信息安全管 | 企业端点与主机安全", - "link": "https://www.freebuf.com/articles/endpoint/400836.html", - "description": "本文主要探讨企业在管理和强化端点与主机安全方面所面临的挑战,并介绍一些最佳实践和策略,帮助企业构建一个坚固的安全防线。", - "body": "

    前言:

    随着网络威胁的日益复杂化和攻击手段的不断进化,企业端点与主机安全的重要性愈发凸显。端点安全不仅涉及保护企业内部员工的工作站、笔记本电脑、移动设备等,还包括确保服务器、虚拟化环境以及企业数据中心的安全。这些端点作为企业网络的入口和出口,若管理不善,将可能成为网络攻击者的温床和突破口。本文主要探讨企业在管理和强化端点与主机安全方面所面临的挑战,并介绍一", - "category": "终端安全", - "pubDate": "Thu, 05 Dec 2024 08:46:32 +0800" - }, - { - "title": "企业从0到1如何配置 | 工控操作系统标准基线", - "link": "https://www.freebuf.com/articles/ics-articles/402959.html", - "description": "合理的安全配置基线可以有效降低工控系统受到恶意攻击的风险,提升系统的稳定性和可靠性。", - "body": "

    前言

    开局先废话;前几天领导说要我把企业所有基线标准梳理一下然后我马上就把活甩给小弟做了;同时紧急把我的文件库存拿出来看了一下;顺便分享一下给兄弟们;在制造业随着自动化工控系统的普及和发展,Windows操作系统在工控领域的应用也越来越广泛。然而,由于工控系统的特殊性,对Windows操作系统的安全配置提出了更高的要求。为", - "category": "工控安全", - "pubDate": "Thu, 05 Dec 2024 08:43:15 +0800" - }, - { - "title": "钓鱼网页散播银狐木马,远控后门威胁终端安全", - "link": "https://www.freebuf.com/news/416880.html", - "description": "在当今网络环境下,许多人都有通过搜索引擎下载应用程序的习惯,虽然这种方式简单又迅速,但这也可能被不法分子所利用,通过设置钓鱼网站来欺骗用户。这些钓鱼网站可能会通过各种方式吸引用户点击,从而进行病毒的传", - "body": "

    在当今网络环境下,许多人都有通过搜索引擎下载应用程序的习惯,虽然这种方式简单又迅速,但这也可能被不法分子所利用,通过设置钓鱼网站来欺骗用户。这些钓鱼网站可能会通过各种方式吸引用户点击,从而进行病毒的传播,危害个人或企业的信息安全。

    我们期望本篇文章有助于帮助您提高网络安全防范意识,", - "category": "资讯", - "pubDate": "Wed, 04 Dec 2024 21:28:45 +0800" - }, - { - "title": "FreeBuf早报 | 今年黑客已窃取 14.9 亿美元加密货币;Cloudflare开发人员域正被滥用", - "link": "https://www.freebuf.com/news/416863.html", - "description": "Web3 漏洞赏金平台 Immunefi 的一份新报告显示,2024 年迄今已记录了近 14.9 亿美元的加密货币损失,主要是由于黑客事件。", - "body": "

    全球动态

    1. 中国多个协会声明:美国芯片不再安全、不再可靠,慎用

    中国互联网协会、中国半导体行业协会、中汽协、中国通信企业协会齐发声,谨慎采购美国芯片。 【阅读原文

    ", - "category": "资讯", - "pubDate": "Wed, 04 Dec 2024 17:35:23 +0800" - }, - { - "title": "JNDI绕过高版本注入限制那些事", - "link": "https://www.freebuf.com/vuls/416862.html", - "description": "JNDI高版本注入可以说是java安全大集合了。涉及了许多框架漏洞的组合使用,当分析完JNDI高版本时,我认为也算是正式入门JAVA安全了", - "body": "

    JNDI高版本注入可以说是java安全大集合了。涉及了许多框架漏洞的组合使用,当分析完JNDI高版本时,我认为也算是正式入门JAVA安全了

    ### 下一步计划
    - 添加更多RSS订阅源
    - 将所有打印信息转为logging info并存档(已完成)
    -- 将logging info转为异步的loguru
    +- 将logging info转为异步的loguru(已完成)
    - 探查异常中断原因(暂未清楚发生原因,猜测和4hou获取rss后的代码逻辑有关)
    - 存档所有推送文章方便以后查看
    - 添加更多推送方式,如邮件、微信等
    +- 创建Web网页以展示最新推送
    ### 日志相关 请查看./log文件夹下内容
    diff --git a/__pycache__/GotoSend_seebug.cpython-312.pyc b/__pycache__/GotoSend_seebug.cpython-312.pyc deleted file mode 100644 index 26609aa62fe98ce4869b8eada8a63ccff00d75ae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5509 zcmdT|Z*UXG72lI|(n+!;B>#s7E+j4%u}%I_sFOgAEn_=aB(@;nz-WZ-Y-D7eb9ZX6 zBR7JfgI%23Ow-ylN#jnM28N_K(@x?LCdss4I_(#^at7r>rN6wT&}FZRadd=Wz_w z4$ca-le0nX;#YC@BjtpM8w`YZae3z{Z53^9-px6VY=IFgjCgprK0=Wm3VS%`Vvl<7 zTD?K@(V7bCf=DA4!l-dg++fKA-LCqY_l7W%)Q~&^1t~!Ma>R*PxEuR~qjj zUZek}vuYD}Xp_YAhvFSo+@apT)VBC)0zNiSvtyT!ZLDYgy92CmUt?>al?{n zw%o>MON3(^{Q=)jUkm$GOJj3Q%YODr-+s1cPhfYWA5=B_{DF#`v>cJ6JR9)sThbSe z#E#t76^29T5X7F_x;b77i;-?QBE)VR>5d<&gJ;+}Sb3na*{4qEJ!e)d(sR*>%s--7 z!a^*@hh@baj*F5YDi;1IACAjBbO>Et5m}+bQ9tGBR@Mp}f8eQ}9fEvdryvVx8o})Tb@wQ)u*kzwf?!CYLm`P5J)lEXRs)SBxnlPW zZ6Da4TJu2KUXiTJINU?e4m^A6V6r}AvYqrF^Uo7Yf%OKl(6;$igtnf1^4OCnnlmQm zWYe*xAMd&jN=P_oWpINwpju!9^!^7Hh!(bz1sW2hjvU-aNS{$QHD!lb{oZPH;507tRE_Xw(H)bM|Vd$nY-7{W2S-I^K`jf87 z9|Tf+xs-$dr^RUPpyus3&Aewh_Cz$AF#K`_cUHxo0qhU3mm9c~_rDX`79)aWmvjDp z(aRsF+KLg%EAmjk-M4u7xZUn>^>ynFC&dS;JC;p9u{jL&u zca?D5RRU;*z7Edys<{vS54w}vN`ltk9(>Dl;9Cr>K@*uwv$qMkHBM-1U(t?-%5HAs*v=q6ksfBy{sJ z#e};6u1g4UiY+36Ly$wUFpthmk`>$DP&CeK@>V_;2S)_1NilZt5WPd)pnyYH)DFtU zb+9zWCJS;XsyY;fj>I_rsA7Vk-zBmzy3GH$Ku$i_g-<9q)PXsoqJQvUhqPmf@IT`Vs@{EuF&xfhz zi(p|XQ{gvWSf#rBn-cnv4~l9x8~?PKuH9z2gH+d^i-1YN6c%pbg@p7K6LE9p!AQV+g7# z5jY)AYgt5IibrKhLi12#yB^(L5+4Pc9n@0=(FYRvlZK#LDZ&G^?D<0#0~M#LlC>Fk z!OJ~kKb$JAnsiqsn=&p>vH`F|+ck!4EMVZyUU=Dd&!p|1)Y^yAwui?XEkJRX8LJ2x;fK6}VhdkgBo zoFIq0#h65-?jj;0o7QCM7$kHdF$l>DxYM053XGpfk3qH4VP$ibRK9o0v=KM;)+|Na zSd1-t$@!5VK@WT~pdiD={9-ep*Z@4jkT7sY3^cD0VEhJ+@xMY|GxY+tF&pO0(5v!( zkYJ!~%}U!|qjeeRwdZ;bdM}r!wFb9fW&k*J_(k;hab#9k-~DjrSEs(Z^vgLs_Bawc zD}>Uk=f|K=+@Ooi{p_RJpT3D=m}tb2FIlH2elmS&Ym0tG2ALrIqy$t+l5w~olXRCX z5EH$=pUyDO;YMJ*HD?ZwwvD|ozInp^?$+^*DbEv=%oF|QTZU5`woVjIJoiD#gzb~{ zDUWZG@o5r!Mjtx8Z@6jn(D0^7=3cE2TLb2KE6f52%kw0gm!EkKOn-)@{g>?6wiqw; z*g%m*ZoH%qqnTRtzCKFM#fL=h3k*D+iw;Y8GT5Q$kaO8%A{TEk619>Z1AH@4L00dz ziVwg%Vg*)}SYf8GLP(_)YHp*tKM~K!YZ8$LDvoBId|)o6xR;-39f(P2MCe#GklI?s zaP~2A4~#@mWIt4h(Is?cL}hDlI>2 zPM2%~9`Lo9Fr`;K8&c)pPkXBSEg4r4i2ODHi;|0v}sM#Ft`MGuSFMffd)Fkh<&lVGD_zw&Cc<)LmD13tuA^>f(bz6pw{O-wFFU z@hq70DEGoz2Ue@8qJ^z)Du3a-G~7BZlxLx!h$@_akeKrNd;exE{mfB3YCIJLbXpw4 lg~wm~jB)h0zvO@eusZt>54zw!<*fdcd2HTAOsmyZ{R?k?(c=IB diff --git a/__pycache__/SendBot.cpython-312.pyc b/__pycache__/SendBot.cpython-312.pyc deleted file mode 100644 index 611d36139fe0581858c94faa940d54d14a298934..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3700 zcmai1eQ+Da72ngHK2Ngb&&VIKkC-@?!FEWT7y|V`W1xX)S|GHw38T4aPqq|Er{0|~ zHd3l&lGZ6uJA7GSL!3#VP7~}S@4emI_uKWq91a_TcK5}Hdy-Csz9b#JX(Q12`V$}{2qR2|PUlqnP`9Pq+HJ!$jIn}s6bZIbgc)qa zCTt!vU<&E1 zSgc^j8_pT>0V&i^^-~`AGU@L1t!AMy6Hv$o)<}^xDnRoMQ`ms%^UOIi3T+2UAZ1lX zD9Gfs>uDUFTb-RCdjr2h{NGU6SP90XC}F^+IEBsm-m8WLt(bK$idC0_7F{ZEefQR) zFxV1g3*)*JXW|Aua>A%MbbYW$mkK;?3>Fu9x`b&xhEk&If@Qi?;ODJ+oZyCnR+sdA z6DEZ$R%^j3T`KUnNskuXSkUTHA(w=U8s-p z*!B)MT3UT##2@Hs>F2{Cm6C24V~W4|b`PamgosbXfk=;Pk_De6Ch$t$f1j2%9@{3ZKhhA@(_o;M5=u=HvLV{}U<>lT`-~i;+ z%WvDUQ#IvXtEL0IEbMGktp|3tt=gKf0E-Yj7M1Y_Lf|&PT8SJZmF*J_kW{@fDWqCS zSXtr2QME``Bv`js5xsJtC!$(O4qoC%Wr#v12aa29H#P~o_CF$o{LTABG1R;ptoHxB z|Hq;N$_NJD675$lJwinDCEWy5%i&KZIFUs2R>z>2k|%z7#kwPhC}YE=viaijk=hfr zjxeZ7%w((qyvV9N-K)1xTP0CE9Z#G$$|4fsT1CQgA2 zSf(MAhG%0;!bmVJKtVmMp-gZUp>+3z$BmdhZ(pmd_0d<&utTqygt>qo--j7-L);uU zoiEZ+EMc*(!?>W1@aw|IEkXOb?y9&J&l_NyEJpSLeA$JF9FqhuFZ%)kiJUVJt3DJAI(htcKNy2v#F`f@Eh4TPcNRD{Oa=I*gfCz zl{t2C;e(gH>xH;`>qutkNcP1G-}XW-<;)*WW=6-qy8KG46nYOl^0U3%(jQM}UmMQ5 z+QoTnDns^FHR4z}DobROREs41ItBnNt4vgs;S-Y^LDoL1O7{q$hyo}ps*^bE)KL9i zNfIRwt1<^f+%GkQ7pa<%wGS=rAl)|N-bOz8>ZJgoE%pz^?o#kqCX*`9W`Uoy`)?@m52?{xNA<@ zUbc4DU&WXKP#2wXGM7GqpRXH?~ig+O}@YQ%F*mg?`2O7E{QaIg0r=Ao)W z0eF;&VbzQUKOYMz9-{_|@U8-wl(vxwjD~&2C-_hdo0m|p_ z;fc)T@uhc;E=^7?TpnLeJ|~gmFWo{&3-M?1dcy>Wy)kkfX5V>wY3jx7#lh_1DNm7f z2Qh0WgusDRL5PbG^2CbS}P3?QaTdI(nXe`(buvH$=8 diff --git a/db/4hou.db b/db/4hou.db index e7c793cd90ccc977df556f18b1da069484dd89f2..df206cac6f2c3bc8792e6e08ac95cea0b15aa7da 100644 GIT binary patch delta 7032 zcmeHMTTmO<8Ro2n@m(ZN8ar;n;>3xa7$XU=P3m}XoHS0;xXjp1?4%cCtN;!H8HlHS zXeGP`Nq~?P0n0_0i@_*dB*6kJB!QC7w6FC{nrUA;lO}u4?oQLOGt=qx!I%C=D-2FO zeeMGu{sUT_%m07>_kZV{wcWneZr|$NxuqZ@BjZro*8BDxL>t;m|O4ej;}S+0we&3zqVRla`wEEJ=9C>{T3IAic9{ zU`Fn}LIQ5wGK71AO0rKGYQx@kl@H>PE3&uQ|E+JQ&06!y>BH6|q;Z~H@nB~&p7N5Z zYd8>m$m~*d3TBj|b}2fJn*_BZq{Jqq_@X-Ari2^ic&CzdXdXZ}+%$=srnQfxe^iRL zNQpuA9m~1;N=tP$ix=jVb`jf_cA)f5%|sjN4r}g7(NWdmrqiwRQ0?eZ!eQu!7pJk` z&DNO?=9rDFw9txOwC@8@$}T4fO!A+7!ECd6eP7uFwbq8J+M4?P)=KMF_I~W~srE+M zwSb-Tbm;L@r%G8RERyNVQhb#3&617<9P5AtK{Pn#fj(-JTV7lh6LETR%YcUS{rIpa z4CAr0565FP*SX!W`g1xPAHC9h#CAPGeacc0#YgAW*7;*wVV+9SlaIt zIymIQO+kuRR|GJUXUCM}1oT<)n+)0(h&zPE8FI}|=2~GgG8Ewy1GYHCX|)1AsKX8#)8w#{ zY=^GjSsS8IFJF^leUKyE6`!<_8vwY3%17WUP; zs!J9Ye1pGgt>a9OWtK|xGq-7NQTI8`vDt?boZjXFNH7V<*XdJhs6(6!F#hcU~FQ@}l zn-Zp_q$Im>TN7!W)PzkI;&OaI2`z!1(PD0DR6@~o*$YA3+y>O6>b}H7G;-WS+MVQh zKL;ymx~>U;$_3@cnFr)dO7@dBpzH!A|z_L8mcWX?=l@MC@`4|3Jc99V8)?h?aQ+2hL?BMSt_dP8|uoai1XhbMkj38 z8>T*k?r4IQ^89dqy|t|7$l-H!`A3%b9>+LMQ(-En#VMJ5%hFI*Z>_GaYDh8s#7E`T zmMT`u^h5Any%$34KrO)3My5tU$N+e%lP)_RzKUB0SNN}`juN)HM{V@qO!UGgv?{Yg zFtuYx{ulS}qX+5hjHmQ=_A{g==8kOt`?8*Xu05K2cj$4>IQDu_Fc> zofK`qpEkKK3a21gmNl78RE5|#N@=YO1xa^1p6aHDsD&gE`Y42v{&XcR>m=SfH6l;6 z(%Ab)VGp3RK1OM6I#hJXT(JLw^}lHij4w8ui;A@`Q?#y6$x_~>s`7@a59{}s_WDbL zZ`jge1&1zh8)}}el9IRkXg!4IE8J41uBTNa(YA78gNQEEeF$jy5pcikeE$1Y)s}k5 z7~N(UJAtYYK1J0AOz4Nr7Def0n|<&KWbvJ--)AbkQyxs zxP1Ufn%)n+?tJ3<1W$L;0UZNyURtRR)!qxI&D3UjpX6{xA?>3eF~x9p)QGChv^pj7 zSeRUGq$x=qpJ7i2&cnQT0P@@J|K@IvZ5gVt0y~5_0|JJZoTMkDHoCR6LYQg%>Y>f%>Y&}qU4%A=vqJj_R|9PkR|V|>t^(Sp zI199f?c90zmCv1nR?n5qu=fm`{<#G{Am*hE=B4S2#7#FC*UHGCFmpf3>z|)(ImX<`<>{|oqSx#9sJ55=x(5FQO}~=20ip! z&!fF)pJ>cRpBvDIIX$`uJqGXO%$Mp=CaM>ipX%;z{J2EV>q~S~=%P4NqB~*evg-7r z{;ck{p{rDvDQ4b4o=j9Hc7A~_Y($2cv!Clwjqs=PZ&2p0%SX8nh2L9VMW|ZXSm9+d zbAy%K2f{#Atv-_-ws9APZ8hJZP1{nJm#l$|tbyr^omu)@Z*dL6HOJ4^qsOirb=lO@ z$N8ap(0SqAAHvc*JVji&@aFNk zEIRs0QGbiMXFxmW^g8(UeLi=SE|+KTGV8^>Y~ANMT_rRSBbrCZA|_1e^{s;LQ<$*y z=XzunesSs#y3CE9ceq+%@995h%|}uz-eB&eFnoshy^D^DuYJla8PKzQ?lf~md?mts zW<5`04%R2@e;7R{wftkQIfjt3c2BZH~ zwHd4sjDENL>{0mpF)*6vY%l{D9Y_0a1=|Ql$K-(R2g?K72lgV^3t)S}_JBPPcIG)~ zc7r_&_6*oAuv{<}?2)w51-F5%11kbM2=+AC0WiAAQ(!y6o&?(gwjFGP_!p~gkKsQF Cbu}aa delta 7388 zcmeHMdvH`$n&;e3cw~SM2+D{skr@#cNGA|r-N=aUlr>_MaZz+s9$Ha$O96oy^q=WY zI*-nyA4w;k=X~FHzUS{d*W+33@vIJQTvfDW$&!6GEp6Jimlcg4?{_ZGbN)Sk zT(TmuGJmHeKmK=YbxzlAZ<+GkXVM3&O7Ucm_b5I$d*8rkiT8DUF7>{K&t=|M@tNm6 zjL&@Ui}+mUJ%rC(?+f_M@s>>#eC1?wlXKERiCO%vt!kTNxk~OCc6cd!LHX&=*?+TK zSFptUymIgZc75689D5^&y`~&h**`dP*94Dvf2urUuzy{4js4oeUR8eM5F2(>9`L@R z{4$sQ6=O$~yk#sT3vy=u3)Egav$h(dtXxSSuNJ?h9)b*?8EH|m*<9atpU9Qv`naw4OLYP7bL*6Wjhcfhf6s_K?~AF< zB9|8N6&2GS-rvbXeto)0JP!J`_8zST+s4G6?g68ATcN zfvmF76z5Y@b;JvQLIWc{VB2S^6~BWEPt9tHE^(~>8Fi|YS0}W@FmG?CBMsMFzK?dh^_wzm!AoOB>|lF1CB+ zyccS;i=ps8-rgNP`gvaSr)%-w=H^dVtSS`#MEKl)v&?%;xpW_UeL4HyVKK0K2(!w)x{!!^(m}@!Cysi1uAIPpxq!sdiyu`|mMbm0JpvjY_eC=~jg?>3r zU+k0^zo>bJga=y3G=EGV&+v;4`e+^ERUh)}nQJ^f$m1y}VqC9M(?iB=m(klu@(}`f zB>%+4o_1q_nylB;vwHm`bc7&dHY8ToPx6}U;?FU!-ZIRCakIMz67dU3vTqGAa{lM&X{R-;XjFe%*T>WjHUO+)Y)zx z96=SZIkgOHK1HkZ8{TPRiM_DYx5&&oUQ1M&kqIjS&+M1)+r%cVINU&<7M8S3D$L!B z0+?Q;EYGC%D-FEsqLz+l4Nv>Dz=+m1O>si;CL++PV_L+Iik$sZRL1IrnygckBYGfi z)K_K;iCwtBzs?Rnt*6%F6nJ*FoL+lc0p ziDV;%g3-=Xc|h-~SCa!gkwNTeqy5^|Ub`6A`0<_BCbjk%6#l!S82rszx8E2wWs5%aA+3NK0%$__Od&||%5=|XQS zLFU_@-TCddZydV=e{dwr{pQE zVp6LLl7j>jD@@SVjr0|}!XeYU>Ty&fc3JZ^shO+1ta=<$QDYHNWMnGN!uS@B5jKz1 z@pKRzdHrQx-}SZ5;uQltt%Se$mo4ryq8IEh#lJVt7G}SnC^&hx{Ou>UoIHR2%(=%4 z3ol%_u=7Isn`cjaxbv;k@9li+RN<-e3+Hwe@7q_n*HyA>=gIT$y}PC0{E4&gl%IcM z%dvCi@4mfdKMzE;wpv0LrG+Of=Ebh!-8+hku(P0O*W6C1Ktv*lf^AqzA%l?4_DHB}dRj!gwc0S&Sl#qtH4^|7qYkI_ z)as)%$V>>0yWRl% zP~O~S;jFLj1{5e8FS_Z7!~x}&PD!=}!vjB_w|yPl2&^o^IV;=}OVV&!yU(F)DieBi z04weKJ5&XPExczn8xp9;JXRxrryn)j^kj^gCbB<32yxUJEA-5$5gXMrUOb}gHJg1{ zAUbYzz`PVNJ1z@_g6I`v=#$7PthDWI;T(hqIuX`bt~f04Y4rf9C3;KKw3_K(_|xhz z)NDmRu@E>_|7^I=O|p`+ROBsRN62L2O$M);jd2YHLo0s#tS@E?WWMY=_4>2QZTXh4{l;k7jstl%To6CU@~=&z1vD3HiQq^lMlG&}mS zRO_16{CyC!*hj)Ibq!kVx|o$`W-vD!RpU4SwOKsXy9D(4b|2;CpdEcT{JY<5$kxWi zh{$Rrcc6uteo-bYw2DFnBxy!GKrF%piy*8$5m#U3!K5g7(-Ep_NE6KAFc6h-l!>Z7PwIHx|%4~X#k!_gbW0H#CLBdQ4%HLs4$;75Y6cThzY({bX${jf6F?JwirV~C+U!uE)*ZJY z7$?2ccl*~mlDOPxtmdIBRJ;f$WnCdmU_Di*fhYW^JebLe59K7E8mC;kOFzmw!DqxP zaIddTof6P;tsz`o zFIh+3ksWJEIib3Rc5Ni$%Lo-?DSax8z2ULBN3!X9RUX{O?b%nd zXZP;C#d}9fW9psLU~$?k;iLBVxJUqebFSf+9L=Fp^=PAQ>Rp!bny( zrMi}Vnzfm|%R&X@B|5XXx3aEB?l7Je)OSNnTw3i5jAd{4h$A}uUDtfXU0kAAAYHSr zsl)&L@At^vN9Z>6>vEx_$hB*4adG&4dA+>(6KSKkHNEa%@cMce3v;bdFokJn2N$-j76dPS)?BUL)t!}QCqUYFd;@NwxiC)=jv9Kszddqh6*v~*jM z4oJ+&9+mx{NVg`71e3?)2OpI7D^C?jA3NE0xv5h+p!_IbnsHutNMC;a>xSq4{JP=K zuN(gO*A2yZ-EfdzH{|9c;)|3V5Bm!7Sb8d{X*Ao*ro_99i%uVEebSsA)O-R4I zohRNpBy#3%Ih*Hl+}M>1Dg-SD-3PiCv>qgW+W`75=zh>f&E!;$@vU@@mjJP%%in!*qcPm47?q*yj8{Kl6xQ diff --git a/db/anquanke.db b/db/anquanke.db index dfa7333d13c6a67b4f5a456e8af65b395b19332e..bf58a2d82970fababef0411670f06d3b38d957bf 100644 GIT binary patch delta 1480 zcma)6&rjP{90x<8loqN=0FI9pCb^U`9TQ~91?ciW&gl-m^S%6+n4n)ZJKu4a|~OgU3PnV^7Hre^K0$0 zc6n~**3DL#a_jcHwo2=ka!Q|+L`#Tk=Bwf2KZ^}lUKD*_RDF4>@b|(`3cf2Sx%6Rv zJnyf(4~V7x&p##dZEv&JIcvqY1Y63rR4x&03HMWFf?%(4{+l}ldzEXg3KMKG_gfXd zyuyWVtr2Vy_wH>c!CvNmxa}p_Lax8s^VC+y78K>!?seAYXlta{F$zz^KnPGIr33IJ z4m1=%0f)Fa2HJbRu=D~Lal-KsT8g9jn2-nyXA!vR68H%r5tQvN<-7MxZ2+CRQGA8_ zx$I6JO_5xzvV5coXh=qDWGL$VA270EyU$+2!y7ZhAN39mn0vn*>ggT?0?)(aAoBAP zn}R$i+rrT86VgkN_sU!vd6Uqde0{nI^dw0FAz?=^*M-EClu9XII%48l94@<`4Gr}V zGL4PH!@~_`?$@$%f~L4=#%eWScV1xnh8NW4>z~r z$`ts;8bAkQFghU}j-h!!MuxAJktZO=H{j_U;$~i-P9yITOwFOWnCMSqXhJfjzCrW& ze1t)9LRk%#MgOlXG{w+{EG%!ac^FG`XOrTIlShFlj2t1?D%{)$8f^ouP!`iOaGZr6 zWh6|n@+%u0pF%4>^o-195?aIg%F z&{UJDujjKNORweQ0dxPehVH)S;DKd$P)R|(hN>sAc^ZZ^FqAe6rG_Oi%GwM{=vtT3 zX(`IXRbIBw3fP+`K#Ff6$1%1i@vf=ooFbktCaoVHq+;njW{+pOc_4i8oD;J32s9gRxc#&-?A*(esZ6EWN#E zfZShWbJW4W2TFVYAxqP=UaK$^_)WCH;hKucZFuquIb#PdA|;pU>yIxa8PLP$)i xm(rO>@&x6*1?ZT-gvI0ze)yktQAO(vFdY%j*0Xy+GbG+)^uZt1Mb~pZe*>lM*bD#w delta 1430 zcmY+EPf#0W7{(z~N-GvET4<5_b?`vzPl8|huC8Po^B|%FPN`RPz)bZ?$H!n^vo&EODc;M_s{gO~8Iqr9OpWpku&$G4x z+rUCoWvl;fb!F@Jz((Dr=M{DOQ-7TL^tH{}!`csCT|D{c$tx$OYjQOW$34}5RjXc^ zI`-?a^Hr?k`Sz_RiW_$O1$O#Gh5fAdVuk90a4#W-Wakm6QsN`d&uo#*8G7mi~;UH9!uyVEkuc*C$0>a4CuwhVE4ucgTTlI6s?LtRlz`?)Un0 zcW_EcP^79vPsL6lz4r@x>i&<~l$ere!?A9R1g+|RjRxS@#r%pITBq+b>5Nv;JH!~R zI_p&Lb-<^#(7Jr;vF!8+S)Y*nfk$Yeq#S-KEc%3*6=5+Ucw!?~>$rt#Z=d8Eo13bL z4rPIbpj4d{(N)6I!G4Wc)a5KBuIlUphgsJV&0%&9@u+(>JwV#pfPS|aK{uE$LICyD zO~wrRXd|NsVm2)=?L*)9(3Rj*8R(7*!3=a}ia1>DJLeHgSAm73Fcn3RB`gFxS@7jO zl(6C@`P?#02W2i-oC4!n$(aNilb$xx`KyCT=BDcMs0F|@2g6Zd95(=ACkh?&(pr>H zxr=cT?0dqDPn>fJ;U{Ij+#xzuBaD9B$XG4R;Di}DT)c&{4c!7KseD*U3D2{)5#bx! zJYhe>&;}qy9zn+r${L*Ak%KYBB!oTCy@oQFhhKCQivWFzyr2D=J~c8E$iXEk9v|Ue zZ*CbSIy+v9)5F8G&TJ`XP+}C(UE)$TJ5f_Hrfoq8A8W1xIpardLH>xVNw}XxwGi&b z;e(C5J3W0j0O|lrM;nHtIHFjhmAi*%^O%{ThjhlT%B56zc{o~FD_Xa?7!LE)xYcxd z&}2Xn^ny?5!7;}Cg^@vDHfeWX@J5l@K#5`K!71jvaQ1HAj6y=CU7zgqOR+WRstgp% z(Nzp2Nf88vl?IYxEl5+VJ)8f{gl(wEVmfk|wW~TX$-6JbXFl)$@TzPJiNUCN;1@Gt zJ{^Iaz1ZfXLZmo86+)4CVGHxAIpO{a8X>rCLO3o2<3hj>J&XK-=Y{P-H3~BH?dOp$ z5nUwA#rS7y<(`l@>P(6KS6DN*a{3nqdyAv%mlfd!pz z#H$S-8d8?0CZaTMWph8RYu}~?tlquWuJfPPb;JfbtiIjJ1841MWAezycIyHA_}N&0 ztJQQNZk)I4jwWvP=|4F%FTC^Zoy9ws>?~fsaN)d-73xBU;Y3d2IbNPup>AJD&#T$A zFr)-1Nud;0Q#FMVMLwu-w9K=rBFd5)5|UkQ@uPLPq`j}sKGK)0YqzhQwc0wYYvyM| z&3HX=qtPB{Pn^1x7-`4ltt02H_QqKM#pJ2*ZtM7Q9HeZh+2D#A?`lk*ZcQG(5W9Vx zoTF{ z`DtCm?mTPt_uDtx5`)NLp;qqwSl_q)NPV&OdMANlM$PlwUkryM1hkZO**OeIA<1a2>R^+#a z2CSx=u5{M5di(Op_@Hhd!zIqfdrw-oZ^rts#0PuGvW*;xpWh$9bU0pr+r1}iK#%qB zgFODCvNGTDWqQZVm%|e8Y&T1`n-?jOQYev^IX=iRN{Et0MG9(?zzDJ?vyR}Sa&ufB zC6?6IxS~gv7y=~rIub8dsw;Oas;E}|u3~&P)D`Qmi}$oxyP6<7S(3<2yRj`X{6HVJ zE78-KjEuyu9E_W1iBKz3LNSgGiXy9Us=$cBpeTt{)Y4=ax6mO6)l8y zQA3ofNCEPVmsq^Yu>pzw!%I|baG9Q9M9F1yYpR1E#s?d%_9lCO6iZ_5I%~DJT5VUM zQ}+ImSpWXyr9)QBwah|a7`~=r#^lt>mk*E&8B8)&s=IesoS&|~S5!s4=IS5Gpc z+czS~J#G5?AI;ZGug?ziu1dT66=2x_O$TI^(SocbPy)pVRqPWl1gH=fNY?GO_g}E| zi&pPVs3lxhvSHZ%_#~V~^3)-0Mq=b}a!<3})ZrdURQFI{`Dz?^*OF5PA>^@C9xElf zz7nwy_u)Qp6Oq*h4gH%*^lvU4^}X5$f4!<=lUlW{#t(Jc;ck_6>*JJGIxZVBKp)AA zu10QYd?lRjq6G!F7h+_ruM~ndNJ2nX;HX22AYkp&S6ay9Bzz|?p2tcj`mVpJ`P)o!ewtG7Ffd+nl)|xOif2O_4^81DPG)F|35Hlo(zqa8i>isC zbWz1T3Zk-he`m6;%~c1h`&9DK@rHo$!W2(r0)pR@te9U~zMx zsESNTqg9q;u$HpMsWh)@Oo(FzDkaUCouH&}%naR2X z*6v-&hVyp&fYpD_KC(BsZlmi0?StVx_Q}&&ZmV^FeCPrqQ1UPl6|W=@=*eqC$@*UW zNmQ}#n$czBC(Jn!I8l zSi7&L>0@2pOrd@2m_^7-PzAXPM~w*pjCre!+K)dqta%W<>@*))+2@Tv%B7gU0* zK+CEsNp@2^EQ#bccY3k@@hct4Lmv}owW|p}Vw?bN?aAE-?E3S0NMY>8ciLh@kywA1 z>-6Fm29SifM(4`=<@5!X@>n{LrqWLrnQuIo=@E(X=9VpAhI5iIa^+m?_6dFX&*z6X zP{lioxRUba{5@G7C-dCc^0NXX!B=Y}u!UGf2nbY2;wT{`2Sgf?KV1qrkCF0d*}B?h zA3Z-7J3>Y-{2cH2Ir~T*$x_brEQMm_Z&ItPDpYb~S6dRpB--2EN3C6ZiK4dkA$zmh z4!WKNE(Vz^!i{yH+1}fO^s8o_R#|Cv495n~INOEWS#UKaRX)Je!JxbIVo~*v$v+ z)80^+g~Z3;^5f#s|9&enp2f#+#v zCZ2PQop_#Zti$sI#wt8NXuOW+iH7vC|F_c@{@XPC;hp{^556biSMr#Q2l?MDJf`50 zjmK0x$e}rSOvmE^JSKK*IT!sY^-@ko))qBP*TSh$7pUqh`tv*|yawqG*vL-z=`CliA6FhEbZ9xbVlRz=6lg!pQC&}^Q-y`7jV+AL^Cd$IO)53_a&Tk zjlSmcHJ|y8o^$0BpZRw5hgUN3=IUsycaAqB@|L+u|4#eg`^>kZ7dtlKjg`?y^&jD9 zx&BK7w_2tTn%|#duE_K#5k+Bh_2)aE)n6KTN>3a-@RVCEe&WfQF|8>3m)R4iyp&Zs z`8Si)iN`bkE@S3|Oz;2ke1ZZpqy9N_dGza@&*QYE(cVK-@v|g4ba*;`7VF>c8uXb( z`o8Wz^O?)^vLjfXrO_Ej58=%>qaPnDhLG#bCAv`eGoSf}{zL?ay{`XD&oQc*`;5eK_+5vp~0Z<6MiP-`^9!x$^aItZ3H1wRfq{d^P&ezDs!NmFUR+CHVPr zbV>`2p9}Sct>5sOFGYXb>h)$c%rjq%KDp&Q-pJFxUH#WSQ`V2w{DaSw^c}U|_nD$z zy7kBNh&nZ8jGCw1-!W4Aw zgTM8eygp^yKl@BB`Y+oK;Owj(-tkvHlhI3d_WDd(|Lsob8l~U<+JMh|LErje)Mq}g zKl>4uXF>GeKbnL8cus#X45d@eTz%R5(5q*ooO0TmWzNqco7wP+ey!ut=zj)w;LvBH z)#@#;E2fw8n)+$>H?y;+6lFDLwoHC`;%_pVC%o(H@&22ayS60kC4- z_&hxsy5TeD>L=DhhNq${*O85WGPX({dj{fKRrTEVp)35K| z_#Zy=as8uBkoQaaYgGdo5!QSRc7-#|i5_46I8HGed+`IGIZHoWcFAYXjJ{T`d)@Yf z_p)btSf|!K z7kJk=Xiv^hawbk4$u6HVDf3?^2Pai#{I3a>zC+%Gcb12SR*Zc`G&8gFCmG(j&z#)( z$wcp8`pik4hbDQk+Y>wAnC$(o&&;?rC)2wL*O+jtIm_FMUwoZ&vc3PF(JIc5~vCr6{zxGJ4&)5z(vRU8!s|>yUkuT{@kG|$Jw&~w_w9jXJphsp5`;4vn zt26(>XVmJmXZ_q~)aY5W|I%kv>pz%%+h=Ui56r=PoAr&44f>2K{n;=5m(SRw&wb@b zuSVW5Hl`quTo*C$7ceQ{((R?k2Abo8*U|fn51K$?M?vLemk~cV=rsP0eJ~@;1A!Yu zI~0I1szNge9%>L+SV&O?mIZXkih_h@@@PPj{1gTJE05(CjK>3|BgIBjb@v)~PQXj$cHB^16GLlx)jy%ncVih~3(q_p|~z zmUY1y2PmUePGf=i(n?6y0vrHPqEV4aXefXm($xc~ z3$_-3KiCN=(9q$c5SR>T^R2Ub)u+$se_saVjZK3gXf6OWU!W9*3eX}$TIUQ$g?K>8 z6cFw}n!(Ua9)%2yv0Iz%)*iQ4zPNBDaWM~iay`=*=TuJXpE{Hso$^;xCS%$?DGGkrV5>I5h16hpX-C)uq$XIW)(HW0U2f#fUh#tZw!ogL0dnfm`RWk@a~- zD9ck2QR-*2G;r)9rLs`_07eY}+iGh`9PYCB9|wj=M5xJo;f0NQ-pSeFoh5}uJBoHL z-#%s?4h8|olLlb3AyJ^j0FjE~fYUH+Q09VoH6#gwCTLLq_@xuE{z1@gQh=(%@rg%) zy&S)*uaWr4%LH3Wsc!@(9R>sktq1f(0M3sO$9u0OVK{aDqX!WWv%5KQ^1S;>{K{Se z6%MtfmN)Ij?lB1LmXJqFAXvl)dg22FmyY%8pb*s0F|;f~@rbbO{DrSq`Td}i+~v9u z@XJ*rfHv{Vm!VjIgn=Fr$VQ+4^*P}*@f=F4$Lq(_#a={pAIve)~uZ0fmA09zfl4 z3TSftQXiZH^AI5>xy~92$-!CE`d@!{#?*SjP=UFF#t@mW7gs*=B*hEQQxx-z)qTer zJ{32clSfZEF6XS>VkTN|0fEQ3+g3*HaiRI3*Cj(`pmtL&3oAhW)kuU zhz-OQ9oz$NYVWBhw$-A)S+>aKn(0|Tqry~i;SwJ71+HW~8BRbYIOfI$nibiQM9~7x z1HuzDCdf!EB?eU$^aVaWphFHC3c}f4*YOSYi+A-}Ehl6Bha#m$AmuX`-u0Pt2?gzs za+=|tYa!=KP%W15C8LnF3+%B}8vlk-k$Rx`7x;jv(!|DD4aF^|0o+D3f{Pv7Y0$U; zstfksOW@C04LuMy(R?#`_KHiPtDkBpSspOaBKhnL5td)6DS=9@fJyFZi4XTC`p$tK zMEqZPTS@t1wrFSm_IpI*Br#1iiC2RHs|96|5)i$Eh~E+rT0#U-6h+m3&lRAbxK47< zK4>vw<>u4vF;-Si4&6qjga2WLJBlv(4oPy4<_*cg=tfBLhw+ zTnLvmaJQ1LUv0dfMLci)VwPS}Seh6)1{dp)W1vX4?WlPVq0;et`pxgiVJQuW2Kk8! z(Ja_&5<}Qeq?N#^A}xT%2B)hKoxF6y+S`&i5BB8ccpnHW+jx$1K@IrZ)@0P?Y;q$#%Dv}yAhrcdFmi~QojSyWBmpq2AO1xF92P=(VttBB?B~Dq7Mc1SXMFsPO{0 z#3j%}^@cJn7qD(r6i31PD_hNfss0q&P7E1Ljqbk z`wE-;M){)m-m2JCtE|-!d{Q)Egq`q)?M3U~-chtZpDh|k=tF{AlJXm<+nYvPN`Ps=Wednm<_obssnud?0L{^p9!zk zYRg|QpPw73tg2FX2UnoghA_={^0Vb!b^~; zEZGJ=(DtIyAb?z+6Id=?Ye_1n2I+vtgN4cpV9AQIh{Q!exx^q|Bf)h=Aj$UCVHmFa zr=x&u9u|Ij?a?07c1Qey` zsW4MQ$W}YwX2*pxo+b`wER+QpFjx727GS}J1eHm}wjwfv(uDd6%+hq(7$^A`-(gBz zFA0^#`bAb6Z$sT3X6;;(2kmWw3wuq*wym$J+JvOg8fdecI-%>UYpW|Zt%VW77r`wr z{s6kUtfHn?+oV;KpKehNBY0Bp`fOI1m(o&bu#W_!skEZ9p@19!lSWmP5UmJWAV90i zSj?607SUp&>9%$48tM*+8xf7wsU+Y@@Wu%zYxgcJa%}K4(tE-ZKY!6`?}+z+B?nSi zopsCMGwR>`a8@`yW+71q2TWyXn&U$Zr*OQeY9STt2mUV&CAe#gju@;A#}KL{7GAR; zP_=`UB@cKmdU8IT_Q=$d>={$mWbM!VNv1einP_BuIw9fvjqhczh6B>SI=;S@h4`!f zf5n&6wp#{mUqRCW(t~D+Y%3U0gA5cq2!10c3H z#jv8t6jDU&xIhO{3ur<3zwz=h=p(S{^1WoN%=D}x;?ZyBzm@N*Y3%m?*Q=|lKG@;% z$J}Ou)pQ>8Peg0|`giieIIm+8j_(KmkPq;j3QiWo3Lq?lo2oI24C1+lykyKIu*DDn zjAj0F;$g@r$5J6#LSRCjR8m$@iW14cw4!P=tYEtz*$9~mIC>M2TYw{`7x3_sSSnOA zuol}q48H}}QC_{n{{}p!R!tK7!K0|yUApaOL!Dl)_o?t&rg$evUhDI@@opRDE2Ona z1Wo{V5sWj6MI8!Hh2&Mx5N$=o4_O$uvSiyq?X#n|;9p6Q-DZ^GW@K_R1=zdT$WeDK zKm0KEIv8qadXjr!N&4t;fqRV8qiT$I_ru^)Yj4~{A_gKgGMw1(3G3=L>&$Va8_47w zTHm(fLd>F+zdgQA|sCv(;qWQ#*Z$33FF_vd}z6J{OGq3Zd1;kZOo(6Cm)pvtKf{G=kF+sFkm!2xb+CWSc)F5>my{O3++Wj_+I3pB-E^>2 zsot_xt98>J68v!fT@9{opm$~6Xa+acJqeUKaqT2IW>~id3}^xg)(98-P9%nhp(n9{ z?o|5ZHm%zF5)H$No^ynRoRT?ABFm`IvBB0vT{Fnhi9OdrdB$W3@$lekIyBPs;vLp2 zktBiE36Acz7h$)pQ}luA)0=ucW0 zairu~*kLs?Bu&}qO6ro}BlC=sOj471*e}0PUS3)jd+_#gtdV`F6$|IiF%iw}RI|M^ z*9lx&EC{h2#iPl~D`fm3AjukwG7+R-3~4X{YOERLt`rTv?*^r^B7WIGPY>5EP7#hB zqIHX&Us~#34({Ns}89 zyl5Y7MgNI-inGI!WkwO4&_w4}S5;JNHAo~k_~-dcVHjGiT3u0D39BJ(jTL3(et3QB z5l5v^*C3`lFS_L$5{#$9q}!mKsLrEhKVFY8UBffbqcY@O)jR50V<~z$b5YMf#x7i; zsmm%hX>OM`esN&~*w{8kqApyvuaot2JwUv>6ZxIXRd+eu@nenFp53vL#`th2CWYL$ zh%?uJ{-c>;j&ZACXQ)g>tO-&S7|(#$gUFO=DS)~`qeUvDpapdI+GCeazi5gwK2k^I zaoVxg`ADJx!zkk}Jm7z}L?2?4RtN6He0)MWh1wLU&S7crG9+Fl8PZ&4y$$$}ra0g-(NE z&Z4_g?$~gBz*vICFT>(%&Ongs!K^baXx<@FC{-$}{P~r&RsPca;sqsTiGfS8!Qn*j znM9wE0-r|7-V{YMWc1LX$GeWsJ=^FJG6p(z0svuTYdfg(%vfdP_F*yZIaU*pPCKij z=9CnbqLdJ3U(lPQku@r~lENXK`MuH>Yqi^|syEd9uGmECFoMXaP=B1*=^Bg`M2m`X zTheaz(cm%OaQe{=v)P3tb+1Ef*lFz^t%Jspo!mQsfmF92t*^TAco@!^D=sYJ$B(T6 zs*%$+7Ck+*_e3$sONinMj|l<}Gq53Elvz#)gxsD?BGMIaJV$ymPI61)z-|&!@eAp) z_77mn(rqE%?MpOUVKSL%klucK6Y?H1ZHkFar-hxk+JF#9&Vq*X)dute-QV4oHIkN8 z?Ksj+`k0un1$wiu6Fn~6DS{}bWl7h|8P16h4&nUnQlKyL!s@~m7!*QhDDmFjK6q0s z3>xF{lXc_Qmt#?Ty72|0f>z&g)XW6s>b{e>dW}>s)4dZsIls<%a_ZXbgHwjH{%7Wk zlUGeTIq}ak)=bcSTfMiv6FRp152MoLJ zEQvj2xcLe;m$ZI5&srm$Bx$~KC^noydZqf7#<}`;SIsC#8a`%t91IP~EG&;g!mFb4 zK{X^&yv7DZKw!cjcYzlDxz+TtG{I@oDM9qczM|nD8#J)_wuy=C)<~gIn96-uez3K2 z)4Htz$X=w73S|LHbfouK;?@l(U}D^}2#HOQDIOi*5_k%s8|}NXTL9*&2&7?#G#D*? z_z&csK_P?$hfz6s47$U>GsHqt!I9x`fNZ^;XbGg}>8`T764Y0G)hK|!WYLNBvLZZ? zn}8A2Y4_E{QA}8oUax<3<)R&>N=?loZ5_HzTD2bz2ZMSrBLL&^!2`se?)1W3{2$QI zGr&gd?(67Bq-rVsX8D|OTFpfAcTL8G8iv4BY=J7FVp2kkDxk^`So(LaMoxP7j1hnr zluDiy2PGw~eMs|r1xg*h0>|4%pWPfu?7=8%7a-`nNoT70>`X?D-(G;SG>dSU?7o>w z4(~RwQL-;0G@~%77gKmceCx|&Mw1CrZlFeg9;3zfY8k>>#jaQKq&L_gmU1POh zDlIAaO2LkRR$Z!W(klI1H?OS*kg#z_&6diVTBUYt&3tGCnTG$}VEN2wVB%?B5a&Bt z7=fU_eCZ=b-;Groctc$pWA>8jqzNb0SzwQd_5{{4xDz z9cgNqYP{ltYV{l0T(}oNac=uM&tFB4fh@y)(Z}oPO7Je4qod;=A}=3a4yu zO?IBQ&NQN><)mQ8zdbXIUeB1MAq8O^a3UIJ0=%6HERmNbjAM%-K?~9p8kGRN6Mbh> z*SbZf7YQ8!^YOQ@`*|RSO@3PN6PMT8BKqMVOZ*oFR7KU}w;qvrZ?G5K}RdT|8o4u5U?B!r^0?0 zLU^~kN)j(17<=~vcY@^0SNK1di8KdPBqCt%G31hNp-p&9NT!it>-PxhI0Pmn0B#AY zAr-D67!v3JD<}czG|L3h^&0od3ZExrk?|6QoZy%tHWX9pxc=|XvyWOB%BLKeg+Cen z#09-%+jHq_=RggVtnpk(#7w&g{R{?zs8s2o%!@(v*HM(E+tufY)gT!!I?SGiHS9u{ zH{rw@^7$Xuo-2vINaDy50;09;13Q4UC0nmfMQ<+GVa4tojW^zOwJ`N|PovdzcvSNc)?&l0_>c%&Z;1^b0d$w@k#y`sFNs{h zX`H}blJ%!!x0{?}@F@x%c*|WFw0VfiU`LL^98#npyck#SkGV&Z&n+H^aM<1f4XWSak-H8-) z;8oNvWBv;n89qQFfMH$+C`$kz=70~}0HX?

    hg4E@E(bJlp}T&)PeuENsY7(8nUm za&WxPT(nOgNZdJ%Zh_r+JaP3DIu_vlka7H`4tHqUg$T%~uQTbJtQ$<+>2Q6b+m(t9 zI9L&xt_7=Q=iAIUlm+b`bdJZw)>u@&=n@7wP6@){(vpA<9e_39iC{U&aR3hZh=*nb le9{6YJJEj*Z4Znm2hop8LW}@wy=VdA!aK&%o~ulxRe!HTEn(O-Ff;aTwb{AKe>=C;iF;hdSXAIf?@ z^MhI6%lJ*k+LzUx2Uq z_@Wn{i?2EOnvJh4d}ZQm7QQm@mEOMlVtQ?H`*LTo-u9;>1zb*=xBV%S_5GiD+m}VG z?=MPA4>9daN&HW*d)t?g?mrvwwm(TW{`p^e+n*qRDi3PsYkpbNmS||k>Di};?9&H+S<`Oy zj6_FT0_D4WI998<*SdAXJ~oKo{<0>-ON@PH*gi3YpN-@Z(18gh}C-4aYmL~$?!gwUClD9 z89vr{%{q1}QQr}(>$lF|zz*15w{6lKGQ&@0dUl4iE&S58d&+k`Q?aL{(zLD|w`%+B z-l0T&b8LJdI^1lH6ML-HzH!<( z#u|c)G5{^P}ytgNLkvCab=$c4v55mS+q6WgowMQ%Ui*%5B=d?LPa;Ijg(R zZt08N9rdj%^J_aQeT9|fCEHDR0YYANwy>!vkD0yzl~YB2Y5|6-i6SqFrl87_D9fs! zVU2)d2#PKSRDsXSDKvGT)pa&;yeCm}l4hDK=V`KOYP7pQvJRcG#^A08t%LPgTl~_2 zMCh)4sK)LN4*s&H)~e~T4qZ;Brp;BA+saCP*_(5HR>u)L(q|n!Lbqq&Wb}5E)jl2_ zJ&*H?*Nt0;y5L^Z7HT)PA&Y(1T7C4)yPNQtSpVthNK?F~9yjKgmyx(8eMJygGg5wG z?xv#HnQ-*>nb`R|G#T9IiFy{iI=^n-OLO9LxY-|M6=c@WYRve-%%7&OopIDVme%Eo zw(lNG5AozavY`K_mn?{UyMJ+-m(1_{-psTkq~gk}UNVn-<4V7m%#G|EAV?48WDdD{ z?Vr44Ho18HmX~CacOt*@l1%dUjX&{{S&^r2ehC-IAVotFFPTZQZr$*b^vK;?Z{xQ! zB9GpF4&S}xD$s;FG&v>vjm+sfhs!(?x!T={?~5Y2r*FYDg)HnGPfL4^9O~WXC0``} z)QcrOO#08ll7}Mio?C_Yej(C!zASCVtK`AR+Dosd&8>Z&Jb-MqIHZN1?OZuO?IH5t zE(&B<^aVmL_NRv`$mdCW-#>fF=Sbt_?|8}mq~OC5Cxzdaw%D^^-n@_JEt|W0&du4s zoBe9m`?F%RGBTK%8`Jm9IO+Xv+T!-z|B_y}jI4@$a;OjYUP(?J`GJ=_LrR-}>Ln{k zZp)9or^)xdWGN{P4|vHE^4QT~ zFL{#u<Uhdbza7t(b@B}#94oq z@r(3-O@G$=leAdcV;&A0pYmU58+o1-RsFq}JV(Ajw*$)lB{Uh-w~vr4Sx4h(q$hN)5@y9h0@BU2_ z#{I@K|L605GH>?Wt#dkOd$Lw!{5Ipsna`!a?>&-s%k!J|-QQ0SWs^6^|9le{*h>C= z;dZj}E%@H+kc$KsdJg3`t?^Q!@k!_it;*gfjuRtBP#%fU9+?`-Nmf}?7bQ_Mrkf@zt9dcM)GR7=>y=w9>YgJ3B#s9|S{;gT z?4yrlHa57X;p4HBurxu208Fj($718{b`y!!-nJUAqK43ao*B08)>%hJVk5NX#0L*V z$F5rEn`2$a$?g}I1grDjD`xWE%Mc52&IKhH5HBMTDCYZ7Xjpy@0pNQR`E zs${CDU3Pbmd)er44YtZP3A>eg-$d{2Sl0jrJ3S-#NObs6&>p%O>pDhDUW)aADoN}6 zKD64}DI`082cG154*nUv(`Ai>6XcE^9<>@q=^L6Z$J!3s!<~tmR{Bqrv17OKf8x|x z{Eu7O-5~*kAtvf7=P=+p~BKQIc2pTp&zRor)99FC((4nKG2Gi z>XgA`6@&|kt3?r@$?EK*|GU8A0b*u(-a%@Akzcw&+pGDk)@GnNtFaSaAH99p_XYrk zsqIYpz4yp5>PRH7aZ!+&+HYOv8JXb}-emop;Fl%EWCT_c{R{vlr>GMbvX28#)9QfWavBQ)`q~ z13d{`{A9>JF$iD6GD8K#$n;dv5K-x>n@OVPAdU#vfKO6eM$b{7JbEKKPOQ_1t#c7- z)U6BA@ouZ7C)P&V|8*(h_bhxoLTh+f>;{Mbj~_`ucB*N9G@c=2!2LvIs5`PSyY@e+-kD;V;Ucgb6?#k}Ml zl2eGx{Wai^Jn}{na_3jc9~O;!$=f8f1*Pt-$aAmXMEd&*dGSsIsd}T;OWq{2-~2dP zJdmHq<~=tzclNJmKa;gFvwK!+M#0Q*`sj>oZ^+5dJL=|;y_4<8(*OVMNN{`gCPeS1 zoGteNQ$^xfH-dTEnu-!{h>R2v1wEiKNJWaSFn(QTWK;F~4gddbmlFKnv?>2jyA;G6 zoRMEG@`;Wfdyu%t9$Nf7*^}wX4r$Bz6*Ti4Yp||djEzs1Hz(2CNG z_|ZkH^%hODEf)}J(cugBnK8HZqL*-1vQyLZ3-QOq$+p;~P|RUZoE~>-fmZ9G*cgdl zI!9A-Z{s~#hNW5NF_E<{G+;NQcYCe#mnmu(IGyJ%M2=hE^)HV34*DrsdjLy8Q3AjPK;Z_q*5qcaY2snv6XDxcZHjC`a z@@$8_kMc_$YQc5+=*}q8H}7#ptWsVrDAC(T62r;R4n0H4GCk|4t1R7W`eTPX z@!|O0c0gPA!X)j{<-uYxFDF~vRK2Bo({y@6!68h=FQfZ;)ieZM&?JSEB^)XvYNF2i zc}d|>>r#p@JcUJ_13YVRry5)C>FWAaoQmH9!O;#VD>1&pSJrRbxGq0uJtZ~jFW4<-?VFti3(}S$NxsSF7wO`Z z=eQh_B1%)6tn-W_@t|QiQR7X3hXBI_bcKhLnW~{O(``f}z)CK*NnF1UR>T@URa-=M zAR_bN;cIx=rO+s~vcct61`mR<^L^cCkqclF?ZY@4x(doKf>5OJ(%}#BLr$#gj_-{f zYpXURhrC>7RF~}7p;11O@4T9xwjn5_%kS9_1-+5g7fN&uxlT8ghfB$J=je9wOUVyT ztRzFfUh-0PUUe=#l6(DL7KBv4*GyIS%Yq5FVpvh?x$^Gv z&g+?J3xkZ5QaB8j@q=Du*Z^b5BIrd?F*#Ng6$6{E7;^SbzgfPuY)8OnAL>tZUq@>~ zJAwL0{O$?2th)E7Ii%}`b^c_0@M3KAAnKMKLUKN0-5zpd0Uva+c@VP#IF@gdrf(~I zee)*Dv86W0_)vWCg4-zDeZBVK9;U*-7uo}C_ zOV;rrt8FYgOmfl1f?urtGAYUOybq_|!>>q;BBz{n@8EMvxX*67Y+XC*rflolX}jhU zN;=YyyPLrEu`@*bWXbd`b;cg7U(gK!PAhA=pqrA(s;UesR}^JkR?uhnh2nJ~AP!pd zt{zOeV931%vh*Z%nKYoj4rs-02CIC<-PGv#U7U1$@LJ-+O-F@y2u;{5n>EbQ7tkz>_`T)$VfxFS+(UhQP z&`zP7WuwD&@k1T<@t(eOx=XngRf>k0TP-s3BqW(_Uwt?jXvtCKN@cuj-{+^8wW9?@A!WB>G33mg!Q zo8*#Zz2QS#K6-b+svix#7*0zTs;AIc($?amUaRZ0ef&-`=KvB9^r8i@&-BJ`oW($g z6xhp2>0d7lDr!nS#WX`^0*0xWNPq|kq#RxqF&r{Yjl=kGx=kV)3<+5bqz0D%O7^-} z>(nqtYx}_a?Ba(NUy5`xyCd<9+1lcV74!?^Z>p z{{v?eFbvheyahxVIzh!yWzbQA%IgXn@UMS0^-{R^vum{qQxdl9+EJz%t4g+2?nDz{ zwVp%2K*uiKedL>si%8?C2ZQmu-56WBObq4)NM6Yu!eql~d0ZqtVIGBq)N66lDRZ#o zUz;w`W{KvSkn6OQ?{S?TAEY_H=7`;L$!Z*;JVVj&hx<(b~1(en{0kB|222}oG|7LIlu-ubjmu%^WY>+S?5^^4VY{Q zoGMRzj&5B3F0(W_IDWPaKfm+d9<#z+rB&?OPyXS(#iZ%fqold#!3UEIbkdwPLhPfh z_JJN!@YM&*&$2qSmHa`LC-jhuMBPE2yS)g+yh27zXxk5zLo$hg=(9LZ122q9B)oLO9MZvz)}UDrhD{R~g-ab6}vQYMd_WfasI-5R61m z;LLEahjc+x*a=nBYx?T zb0|)zXDE?wc6W<75WU@Tg|vs!8|SRA%FoH>?_q{jiA!OI4b0jkj`uU@y*M@?U=XVX zfcR8aQ3Zd1{r!yjEL#fTk&ZFb7f<0i>w1*iOe48s9u~ViRL7C8XL-bscHoOVi*9^F z;S?R~5Sq?JaZA;v_qH>e-YXWT<8eh`6>$pAIt{*oDAhSdHdufaQDFUkOi3|h)L9dy z!ydSaB%kQKVYSv`hutJ-b&nt-{Kp zs>Ycf4_J*S<2P@?o(+Zc(%m(&(MIsos2S0bARTg2;9XC%iW>`fXX4b5eWt+;cFZ-w zVnjzqTyTZRrb*+h`H$}45i0lp1u z^9u`8d36#x_bincR2Q>(McMaGj|5RjITzE=b##JY5F}ktLEJ#4VN#x1qtkjmuwiXk zMTIZB&?l_g@7v(VKk^E&&q$rFo59;R;|A4Nl0_<6bZ+Tzhb6?c-dI;6eK1t4}^%0-nnVFbl5!?DBv6k+cg&~ zf>B5qmnFUb_7u5Zx-iJ5kW~iD`t^X{FLMUZ1r)fM0K}{_psX|yw61W9>JJiz30Y#>*bY3yO@Nqt;FUE{wN$1BI=p02Ug;+2&UV&f*Q4In|VKp-VAgcx-@j?>` z{w5_zXlG2@KX{9TYIOy%xa_6u+>Nex z0a(~QWFwUUIVkm1>%t(fx(6UoIu&Xg+0SAX;J!Ju!xCs^jm7$8GZ0_^2`1`3#6oV^ za>>%y-B_oDKj+}7x+-3FOJV$O8*p6q=FP5<1x14v3J2i0uC%R^6h81oa37_lzyV(VHvNZpA<}%<@|;KE=Ms1G*w{C7*mUmb=pmsf;GdnQ6Z2Z++M*gcr+g4 zgSYH!wXh+34^%VdCDmFb4cXu;CWcMrXd&%35I+}PU7u?qN|_5p;v@ah(Q$Cm@j+*- z*j?kYoUS7w(h?`m(~|4-rDIG~K{S`#x<-YKXgs0z4vvO0!Rgl1DSapw~VWz8|P84XA7dzbM6Nmbbcz z|M&8mr^%OpfZj&t)hV)24Tvm84~D_ZII;ksmo69vFp4C};N%rFrC>;`mRjp5K*S}B zgfN=1T080dal%7=u8U$*P+=))+;|M1!4FpJaSRdhdu#j}(ucF){3#t0+>isY|5CYW zuH6#|6@>50r0j-=mtC61{nXaYg}(ei05mzhfzu(S!sE`Lr=_8MKzsmdv?y1&2Z|{w zm(sk-s$?+W&oOYI*iuJ7XL3wH&@qCv}xLUD>QZmhQ^HrU{b&-hJ6Tk!QJbB}$hz@*S@EM<@tP2o|XSvA1$IzWgB zqS={Bq|8KkALo<=j!9NsC#TR{-Fl3Axr1Uu%fjs_H;f@konAdSG2joiMT;>}o zhCv6hZ&UHK=^C~s1sxbXh%8BEHBO+a1}Z&dKpX3-A61EGaa!> zKc)!VSxMqSR_j_oMUGPh9z7@z#xfxB?(oBQK9AH>TvEA1^8=o93_x!qRd({$ zZHmn)Mjq)(<}0TcpPn{2M3B6i7XWfpii0Q7>NWuQ)!ECsv&H#b2d6RoAfpW*`s&2w?s6vU=WG=ue3TOyMk~Eez&{PNf zAneh;B8;Z$49Bl#gw>(~aBkJ#wA)U*)`h+jo{f5l7SrP(c-J1qD{z z#ej^ac84l!rT*c*^XZfU21baT*JhJ@^mGDok|_GxaNs`EPN9zFw{E8Gj(Qo7U~k17-*V!r@y*G zqxSCG{fU|$XYO+tY!dyI!#H8s<&K2l*;Iz?sE}Qeu@9qkG-b(om@_tVNJIN*W2~j& z>#01V6L3Fy7c^~(0)xj zB4}4>lQhB+}?1Mt~5Ly3k~ zikYr-C2E?Sk^R&rq+Av^ae)o43EX2{9Z&9-BPF*FU$h%P#CzOPXLJ|_r0!9W&el>k zDK#@pxRc1cJLiVpE1JH&XkS_Ff^bHbrwj>g9=|3fn&{9mIhKS{fXeWljFUQt{CF(n zjM7&>`|M7#{gZ{k?fdd`a@l-1+B8`;as%9ZiUfh+0i!j>lo`Noh#(YMRal-CQD_2! z!E*n{R$$*K8y4&wqIB>1=E=O{t{hN`p}7<6!*DZ{;jz(HY@}PvL;mngB%sHg1cau} z?(TQl3lOrd58GXLfiVi9CsBPP-Mz@AZBJhz*%uofKqdXCzbV=s? zGrhpPImopQ7~0D!7`NKWh7H$G*PDFewjD@5Z*vA zC9(R{t~*an2r8Pq4JD4Uq`nWEy<}puX|6qV9?2MzLg+5tCfKEyz&o`k`C+G3o|WvC zDO4dVe}oE2B%6O0_lS#44^h0H^E6dgls4~{N%*E z{r4PW#K>#*(;Wlgg;NTVqCjRNV+#b9g?0*!n4}tXkO8THrs_~ROaXHoIoLPFZgEI@ z2U4uh*%Ep-{6tbnvBJ7o8y!FDc1*s)ZDod58asSBcBEw;H<=!GkvYc}IdYrS?cf5Y z$_fBMI@PftXCo$1sdW?~i9yTyDLXjn9=Q#kWqCZ44wQ4D{TZP!6Uqu#q?%eKFx3U~ zM^AB%!@yCxjo^{5oy$nYH@_H^R3Qb`(DAlJ0hn@WAc( zojRldnyXs}?eGvrtMN; zXgcx%;uyXpt%UjK(YvI7>muU)?USVQ(!!vurnr%2P{<{iGN|J~fCF0r9*+?vS>Yim z13fwI{CFs)l<07ieZ37-6SgQMg%@Xf3TYZyPT67ym{Sur=5JgJz6`vM-96~rYVNJv zQ(3aZ!4WsB)F4C{Q_UijQGOjtR>k0SByim?p@$a)Kae05d`>$%h(~}+rRn@hs3`mx zGQd2?jQ^bJiJe^Jh=3{ELmLTnSFT3&UXmyE2_yxS6Vyln4r2o<5%kLeP4i=hYl4V} zjj0>;*+w$qN0X>;sVfX|_2MY+42W;*(&3NC8m)RvwVPaDC)JA=2lJ}8h?|Ov*?Srk zpud#10FOe!!(>B~kYfWF%!sT3m?a|bDw?687o7@1aW#hqS+yf~tg#6x)4K2@6X|Kw zPHmSjHcG(zM{oDUeSla1T9*z&sQmF*4^R{S5Wjmo*4={wmg=_^xlN9+itsJjgG8H>WG>T#zx!i!*?sTp$Tw0KUhn< zl21v7cnHp>O0C4o64E@nEC~=0&=ra-h7wLD<%Q8fr);cD;XWrIV_4URQBon}OoiM? zFAFECl>EzevXMP7xD2%r_B77bJ${1*dDLsg)S{M153!9LjurUW+8OgO<9 zg*J!3h*d10XRsJ1zu=yan2-k z@x&9lu6!nbw%>**7xP8x$0sN9(JFJl`2`;x9=QS{XCy%_J=;$TiU9&f7fzbzw5f_7 zPz{OYG$x?YXE=GD<0VZuQSYD~3QQ|^pE55y{7|Mxqg#h(KOK3}F)EWly0m(F+-W^H zjdEibxUl%(siX*)7XQy}`C?E`r6f4n4}~k#y%^FXghV`6f~*PuQqTwRi+W-{yO%tbEVT3P=+sZgem{RF5$aze@x^1k>T=rKvwg!0ir>@bs69;VL4rnuKxwQ3dM`4eDe z(}UIP8JZtbs2A|EynwO9RLDt!2}rB33fLhdU}6&KQ2g*NAZd+BrQr~AK$1LTpFN2G zlToLIA8;T*;isPb$o_n(QC?PJtjsN~L|YLZJscZtcF-&y^a%1PJ&hspcsAOQbymVC z1u=zoTjIf=BJ2T|WO}QVM@q6k~M_RPON@2R;9<~*F$ znECLmoQ&|yZ>RrtIy2*8Z(drX=W6@zL+PO+;vs)A`V((QkPMD}%iHk>c=+&L@}uz* zZ^s9b7w>!_&D-&Hvi0ue^pM%{J`ukW^LA8|$G-VJZ$}mRhi?veJNA?AKm2oV$G*s} zZ_6F%_P+o; C8Hb$! diff --git a/db/freebuf.db b/db/freebuf.db index 3b8702e51c593bfbec6050cffffb30125cae4b7a..853a7b92c4e1a0fb518461275a9f144ef50be0b6 100644 GIT binary patch literal 20480 zcmeHOTTEM7mNluQLaMteqZySVG>Y0Ib!)oRoeF;N^1M0^x|FU;Djn!fr>9YgB(5$L zf>U5Bil$5BYw#0nV=zw}jEQ-LV4Jt`1Aou&e9u?aJ?Gy0m6_lE7|lBO7~+sZjCvxC zW^@rD#=iHQz1P`$oqaiLxBT*x4!c$Vxvl$QyIpV6{h6++O7}CpUZ>NY!@pDbxBpdz z7bo|B!T;>{sv2f{-jxd z=-MB5wLi4}6nB0g+^IT!?)>?xzEkR$?cMf{dl-8E{}Zo_vj49B$M5LNUmf@L*KV{n zf7Ez8ib(SO{0M}O&8t)E`Ift#;4-)Q~m!PWK-d#6?3+Web}_c}Ye9vph> zzP0CGcgG`phpp?-Cy#pXUTw!S{Z+WudhL4i%c1Y#?cdwFpQtye6Mn!R@T<=Lks*KT z>>s~>{+<6kL#k&^54{~Y_3Y%AZ~fuKv#Nydx5qDxQ}~^5x?0!XCVXb9A%P6ZIj;z} z&*+4|ZgW~qHFPXPW(G*gM*<_#MqbLtm62^ZF-V1N+8>gOX)(Vo_Z6jQeIzv2&_Gh# ziYF}31ZXTrXZoe7etC0&dUuFtRZa_E*zJ#cEEg|6e*E~u&%3SGyS<-(c+d9mVwd%C z&qcGLq1M#+;TQIYon$B=W^-4&Z5{V7+w2&m(u(hxKRrsKdle=S|13$n<;_Ks6~tVU zPK;2WgA5PyTS+b=MV6$c0g?-0Y;M|%!XVxDk&s^=SR>Kmw+;dBk>n!rF0?K~y?x?0!M=KKM0-P<7p zNkv#C1H;nh9F63OCyy!RxfO0U;DW_;G(!U^dD~@Zy?iWIb@d!8bws`pQodixd-RvP z+dI1SS2`YjVeQt-r7#_zCr>ldVurZp#l0;t=N7YL(&!+GM&Y4Yn37WolJ$zY0pd>p zDRFl|%sRNuFp}(Ui}|3KUFD|Yc9_S23l2zyWp48!Aj}q1qs46CKnOR4UsdZq?Ga3- zAJLs1y5p8h6C@Z{v7eO|19WVc6hb65Bkyb-<@SDdUVLb~+tF!Nqov-YA|Pf5l<7I8 zuSh4-VzGp^MXK1kSlEQE#~L3(sU_72jcu4lI)j;+_*)`kIf;*G*D`WUQaXc61NkBLsjEHyGAd-o@Aa&@$Fpj7E#WRF3C5p#@I2w>i(6 zYJQIFz1;gb2`^Fqy#5dROSfC#jWRq>H~N*>ItgsRT|_t12kY^o5ak)H438*l1+p_w zTsvgY1v}-`@;8o{9EvH~_&1JextOQZFf|OUd6patMI(oTIzUb%G`J)OhG^_LEMu$L zw<*?qEea`5odY9Od@`<6&bo7@AbyiD#B1m+AC8i_h#7al6P6h7pwM z8IonL(G5Tu#w7Si>09E<4Z?xtc%R06q~wwp1R_ikPmX`eTwaZkWPq)GDT-C6tMhas zC?!%1%;Yi~4FR(@Dn(OtmSu{(lO}upucBeBWif9w%8O3q18Rs*K^9lqoYxM>f{rh9 zviNT@W>ku7!E~~-M3S4ATa~DrMCT6ep+|wYPm~5DX9qbwUsU+6NX2nw z`8mlH#M~72N+ps6af+pWPO+^W4_a*x$nHAzWf*5Td|=ZTh4`@mHS(-_b@XQ_c<`-E z&WQ+rPfjfv973r=q90c>R?-*{8S+B4IqJ?jc%ieaH~ulXAG3xlb%0kG*V1a z|EM&tQnI?ivg?C!5}jrH5$diL&}~0#pkrwkZoBKs+$-_bq&L(u!ZGe|Mt><>M|}N7 zoAU#ZYJOgxoFalpUUVySVYQ%1p@5XrYs&l~KjlDEHj3@wWA@sk{i`2~hsA zFg5X7gM-ayV}_2pQ8HCdTUlHpPnBUWN$={}bb1~Jd{%bv&OE>sb2$>8U~r(yD$LU1 zRp5n~;U(}bYkOypU5~4I(ZDM(UbBoPzxKN9DByLK7)U!v1d^14lt}z)M|L+ap^?mt8I04NW|b z4rYt7$^av=u+O;l&0Y5HUbup7_gdFI+kGp0^^4wz9X9r&#dfc^+o}h(wDdmg>AkC$ z)BS7#D{Y)}lXL-Vc*t)sFlrP-nRZSKA6M&o+nj%8s$u&v3HVvE<`!7F4zf&+@vT?c zn*^uur2vmg`DLsUO-GLMd7n;Nv1pxpW#KpdoVv4 z>NnP+q99o(xSs}xvCzu&Eb#@@f@A~)&P`-xDlEgwV+LHTGRBL7kB)AN#Sw1wAt=li z11i=1s^f|93za&mOf`yQ3bl)v89l^CPDXM6;A1WyRB0NM7`k$t7hfA}!?0*Y9rsY39A=ya|@Z6X~ zE;d<=W~4Zt=}!u`+1Y&6+5gbtTl>-w&=AlN&=AlN&=AlN&=AlN&=AlN&=AlN&=C0l zg21~~Z=FA}|F;I+zp>~4vpC>Cd;UHByYK($=l`$6qn-b2=l}R4w08c_MIGAtfBAq@ zJO9_t|6gjIwDW(1cK%ziS7(Y`RT--l+0mJDAl1ml2+o7 z>@_vQ0LT=%;ub1O1#-EH>1dyexS3WC@)%`qT3MNp_x9>)Yt?QC4{`NDivkriYlMKT ze07K{IK?6qp^!ED;TL3V@C$mwgNm?@DfZ0uFWVu^!X?&b(g*c8SJBb2RVW~t5-uK> zQVHnqp@h42^(NErrKh2lr_+5$`TtdKCzGAkHmjlPvNp>0}DRBi48^xg?i{AdRBlF2-O16N6|?U_&^cio0HThLDgVaWe7@T4gRO zCShFg3T_4qgU-Z7%+8a-&k$ed+JwiDGG%t?>fnKn3Q-1OG4FEVS2OYUzQ0U)oGkY@ zaC5}`Q^>!L!n7=M1E#zS=U^Zv<;Pg6l%K99%PQ{J(s!t)Az@NGEGp-N`{*A5N=(1! z+2s0a+)D#-2>y8gh!h=%wy{$0g!nO7jF3F-OJV<9_y_2#+nmji!p7&BKC%#kzLxd+ zj0lo%5Mt8G?ix0qV^|qqJ=R?#S1z{LZJixlWDK3Jv=?N#gJ40dbG2@Cwh=ihLNtj! zp3pe^tfKdZqow-FnoADktSmCu94u-g+r+hvp_yjaw=5PX6<0}d4MP_WTajB(nc=4t z*^tva((EQ81uY2FpFD($$x>HuF&oQ&lxY$E9?@~9&DruDI_uF4lAeSzB(Op!;s{S> z1LSveQ0=;|UbVGwqxV}LqTFfv)Byn?r2lf-r#Cd|$+|!?VK5gMjily|#j~!gD2_qJ zmM5+$NGs*kI@9@k-I6m)6W(%K#g|oCWPmwdx0L@85eM}>XDX=K7It%?Nof?(U#W^(L2Q6fUovy`;&6Ey=-t9q~o(qxw6hXtY?=@TG)E-HCSZ@~Ed7|489CFJbJ%%+j0_52R z_$d`rP?(mxozx~H%pgUkWX}fc*ce|$yMrXGkh#f9V9?YCDng@2eOXv(68^SY_wha9 zys4(#!AD9fiUUkJhz&?iuPRYQk4IXWJt|ImtoQ6TTc_H=WvJtAD}Fzim9-=J*WfE! zYS5zqkI<=ueF-}ZOeLNWqL6Mq!`{d*=2rr7R6|Tjo%J7VJ}?`)U=yUlJhs0U{^qo< z;bDX62W5B$$7pZ@+E?5SDeO_E?w__?d~Cf7d(DmJvc0^IMZK2^Xw}gwCpWUm4Mxbm zxyBPmDi)-v)>8RDZmDc~!!4E07U6dqfxdYHeNXsD!1|*$;cHV(?fv#A#1){^4s;6Y zyW6`fs{_tRJT38{eC5~87m!J&3#P_KlL2~ne&eyJdQcEH@J0<9L@P>;b#bi~*xtI} zJa~s@BcM32NBOCA8vQA1*9j^C$q*{RM0yW1g#H%SEW392Ut@eHZ^b* tSFy9QI<-~FoTy(Kphrgu%zZ;E&u_IYg&(OM-cs)TpWIS@^S`>K{1<2j^A`XB delta 2500 zcma)8-A`NR8Rsk+fo2I+R;sdgiaV{Ux{VKi2E3alBuz=Ru9~KHH%Or^S+nJ%OGvqy zWFLQEW3Z2nF$UWN8*pp_97Al3eU4AOO1s$I)W4zUdEaxSNu8$LY*N)duaB3pY!|yh z2YBD-}sbk^4RpDMCO}r5TbeLZ+xTS4n6S(h7)G@R#*P5!NJ{ zb8F&bvZPQYM&%6n!yqKv-$h>Y@-*dRB?MQ#bbBmA7F)mB(m!M|nXN9T-Qu(kX$L+{ zEO}nyJG(pho^j9X);>sQHKnA=Rg$h?2VXVj)mmN03U_wYn%n44Yeuzb9uhMkCa_wq z>ere9iw*V!lB|9*HTCIT=iuP<^z^{BJCle%sx-tIVeW``S&i)X&z&c)r|eZo1)_g-*t$6UNU9((ccogEz=-{vnoGJVt2`=?X* zOXrEtJ5IlQ>iLs@dv2r)PJCW|;mv7|8z|48f1Ts{%ase~IPNFqzl@&XxF46FT)Xq8Hb^o%q+A4lUSEkq zu&R4DR4J`Wb4c1t@t&V`xrQB<7H{n0Ggm-B-11tfLY7OvnfPqNkO8AUJp<7oa)~sM z>MRH${MN)8Y^F$VhTN}`hCnL!ku56w*h!^H7mElzC~*klfhdUcMnc!WicD7V|0EdG z#7(s(sr5A~CNVGB-GGL`>Q5H0oPYnkQ3IxXO25ryKIgR9oi>M&)$<;I8RHpT_edY63Ux?Z&KwD)GN9i192S=AJK=Gy&x=^%(j6MlPWdo;|Tb@5XwSnMynK{ z#(&jFkKVX_@8fGXChkl^!;RWkB?)57u(pP^Y3tiW&SP`N5DYu4EigZr{LpGL%Fzx4 zJrIL>8H7F4*v*^wZcSdhZbE2KeX6XWB(XAxg~;+_x+x(BtT7W7sWpA9+QUbhxCcst zA>52TQz?cyQml(7;WgOYZ)sfC9`J}CUEEith|w_8j&pEybXwS1?M{o;m>jR2e+#iY zIqsXZ_UQ|8eZPU@r{@kxVuLK~>hUU_i;_%H-`c?>S~Ei;1&BtF8^HNIjRPtN>2}E= zsSU~Skl_oNBC?Mi8S_jdC0O^WwK*22r5uD+_bMbatGiPuUlPsG$~w9YiAV65rYImS zBG9xr2a>?>t7nO~#ICO>)K}G-E3^O5>DSh;e5nOGg zj35wo`JNU9(HeGRT&A8n1Y}m09MRkeWLnG3)1;r27FcJE>=AWa%udU&(`Ijb+xPfO z$j~vDr`!6P+Thh%3S$gGaL)`6JgSn={b4K|r4EOA66q_Dcvw|3v@BD3jbsB5m|;dM zHRBVnyz09C(cS)uJ5$#`x-ofo&^BZlv5y#JMT0at!_?Jsej}!F&oBj~i6nyh3dWAK z5*3UL=+{^Z;j6?akVP4r#31@cL|@s$Zix_uaKJc;f2X&LWe`)uU4VsojH|C^@%yMg z?WQ4Y-Rd;kjU+}n9w&dXtK-+xp4$jPGe`Kg;BeQl5pRKlDnyXg8fr&IOK&TZ^*nj& z<4r!t$vwHE(P!?8=AN>n$4GD)TZVd7mFK7&X5%iUNygFyFugmpVljQkhoC~@qSdl zDs3~dq2c^u^b*}?e2u<;$?z`R2N2%B^sDy_!+(`&CjN(?ce)(I!{=JSwU@K;K4_Uf z8>^*V5S9@vwYJE7!ON3mo~A=;Ew2Z{tXUz1in<8w6jcIC|W}wU-1%WW~ zfz7t*Y2nDAaBZd#nx|zlWwo{t)M{FRJrdd)kP61?XF%t6(EIRY+xuIq&6xTBNZibz z!7x_~Rt=qg>E`J}wj@YGAigz{*dyU9B3(>rSfevpCIG jTn7dRY~7#62iEDYPyO*be`c?*@|id7C;zX9!#Do~n61LU diff --git a/db/qianxin.db b/db/qianxin.db index 33b70dbc5ae2dec829ccd17f7bcfd8281dbd81b5..982d5a18b855dddcc3ad658847efc380f9ad2542 100644 GIT binary patch delta 1011 zcmZuvO>7fK7|n`MT&pT4)TB2J#ps3elxSDo_eZKI=g`swUt)0qwo9Pn>TMB zKgbWx+L#k_9evD+>R|EsC#`(T$EzQmx4!uBk>%yFSI7E4=s$Y9m9O6PwH}$A@JXlI z{<3&2EtB>ETUh$K%`W}WzQ_zoZ`$`6kM!o#MP^XS+WutRQmW&3=K9W+&XWvtZRgHs zai;U`x8GY@x(95DTP}YvFyw{2=m`exff0LXgp>HrFQPr+v7w(hZv^GGa3z5j6L>RE zH=qd6Na_pCKlajO`zh2Hw3>*wvV<4l$-1WG-_haayC9VHco~{;Xe`ljP0fH%)R)Re zD=$J))P-qdZ{myrnb&G7Se*euj-n|E?JUqX;#I6lCcX$WDNTN?)oMmP#lvqUquzXg zQfnwzgXD9AZstCu%CGqth|`dK8VIpNo^Zg+-WUmu2RWagqYzUhojrHKe)ilqXHZs! zglcF_inI%|OroVp+W#>$7UuAd3dyBI87RlYY=$xqd;9^f+wY;2k?^5Ds@pJ>^@k!~ zh9kbvnEB&IM@jQ%dOK9fl17{~6jGWu#EJrJE9RMLlv{y{a$pfepR7}l=!90!qudml z;z8bq)P`}6@(^Tm+N_|JU07TGulaHkVgjf&ym=2lERu?-)g^kB0|K=53u$KFLf1-K zeTy_#NFhxMMGyp(PF%t<#p!T$rcTkCaYw9l3I^e zXaA2*lT(HdW;oubw)R~*V>dNAU9Qs(t0rgI^PXUU#Z^_?+dB|Mk)|enqe@eu)tfjQ zEweZL;h=k%8+LOekUz({Zo|VPy$4b?d7tMIFeDUN0aV0*3 z;?kt7)Z~(9bJjeY);>u}OtNtnHucYEubbQ;C2IPtb28AF=d)U#>|O9|PUo}EhNlzO zKkc6gGGEuwP}j&p!NAhW*x1U%pwT6ggP~C~SUP`lw}`IN(88dE1`#EqcCX5zs-30cOT97wwtyV%??}>(&8X`+mUiOw84%oP$D`MDwU{Ggj71P;keiB6~-plH7ZO7D+gLWsE&EG)ptzydc^2nMFkj7R6Zk6t}GoBOc254#1(?GZsg2_lhR5&_C2UAXzCn=sF0*B*>+mik=mrd(M{U9!Mjue$_E6GjL^&nl zEE3;t|7!hvJ0BtskVLkmd1PIlJApr}Kz$yf?XRINp+U7;)rJ-4jM|)DN8M5sB@veo z@kb_qkd{LdJZ17#x<2vpkNH98&VTFww7z;m>kY$d==#w2xY|=DUz~cZeMyS3IB}r% zz#Vj2AlwC%(hKp7_+*w zg{djCn3#&u>ktU@!oQ%aE?V7q-WRyCZrhw4hOTwn<+JB`zMt>2=gawl^MgDMtP+wCSc=qlz%0`R%LiD((lm;c5(p;jU07bOd zXvjxD&zWdYpsQtr0CKcmE&$}A#!4&XP!x5VSAArTRHd(!QjrUXl=5pqt3sXoBZoe< z4~Nhn9=Hdxk^4O5dD!Hre$mAj=TWAc7sfQTMq7`i-OONnAngm{mkzuXCkyN1&Ti5h z^n6iQmegLZW9!7IhxlFM&O(Z_A0+13XZ6h~5-zf}n6Vj}#P(p?7fKH=&+c<0sm(xEg)DHyx0>{ZnY)($ z{yqzX=a!D zR&BP~9t|=ko2`fGurZx&mWzxSojOR&8(0I2V_TA*boqnK<=#kYYeS5WoxqOG#3E!u zNUlw1JKaN1dUZOTLRzn@(d%pU28O-Tz}7dg>}WZ!MN`+$({L88-uMQfLH1@n4QJ4H sixi6@^sChYphnNlRdh+_`FUWa3Wb8B{OP|j3lH1|WNl*pGh%)42Pcy{&;S4c diff --git a/db/xianzhi.db b/db/xianzhi.db index ab2e43267e916a0d45c63c75647bea6bddbfe348..ed943a8c1460b88d6ac2927b4294f34c854e7dce 100644 GIT binary patch delta 5289 zcmeHLYfx0@89w{La*>9S-f(JOl%Cd{Q+`L6l z_#ntd{4hG=1vK6(U=YCtqCc9+OlLA}I_xhxNHn^P zQdFO-YE&xf8p&Ur5mJiHWO>p7gwsh=(jkP?h$pEK;Z*YOs-p;}5cjGAgx@DiR@)KY zPEN1RLUKIs%|I-U*BjIDRyCzD zvo>2p4P7g^T(s12Meez-B(RM$&D){X@r<5lm_ocoOL!yD3edlCQSXIR)7- zrZ43<8bxPL%DU~jJJ;>Z$g%i?7>vct#S5tcc#bmSmvmvkh`s~GPa?4}6 zwby&+jO6YGn&hizW%r2eCaQ#_azl^`j@EKKn+$AxfRn?hmQ`l9tlnAcs<+mO09fuG zmb%(}?f0b4J5uMM@AeI81k1hWJX4QfOm_+Ob&gcA+)*JqeIvKLQ&<}Q(08M4;~Ymj z4D&hC8hFmgYxM`PNlleQ?XI~!?jF(JV0Aj|Qt!pt_FkY@8pN~LFG4M)_9=O=!+X~~ zd*P9Syx3rvhg_%Qb;A<8GbV3P;-?#e`r(1ZS;2%WAV#hzCVGr~ne4ZNB7t+U|KeEcZWAILBSSAz*%N z_QHb#tG&X}=%Q2SRx3y38-p5wBOpG*>-2W4Q&T6+Y-YOEF4*Xlofewgq=k}7eKVe^ zkL3?<`-Zya9R42_~Xpw|u1;gz6n?*0`!fn@!QWG~F!q_9@Bd8h=n|j@KshoZ%4Otfm^xY-KK( z*X-cw!j!ypUrWDld?2;HtV)C@=kstJ5U9vx)L_Q^n=nFc@9cvu;5MP z!7fYEF04^g+kt(PH0}1z^vPF7Xz^&N%>hazwJXaPX>^LCrbYmE zGVF)M@;a--t_0s^n(tC2c%X@H@HbJ9yD!kErQxgIo>9-#4ewd(ojMPK%*c^OTW0%P z6n;}o^UDT7^aemE;J4J22<>mK<9j9_fUD?S@o>H9s-vZIU3896S49VrrY8rrYor;l zm;v-7;Pw7E@^~9q7&^K%Iq7vj1%t~sn&t5`v&~b!Py1d>chuX5shKk?qXpujUF2jM|1s2Sq=6afS`TO&sPjyArZ|t();Tlwa@f-iWy|&Rl z_iAdp6R_7xqk#!3)W01X1E7YFG1!O08(g`%F)XW%u9Dr6cvW;@EMBD zpV0q`D`<^@hxODoDsCjMI4(T4`+qYq^&MWAmtaa+n3opjrGGa%N8x!pDg^{}RH-$WT7~@hAx?IEe5OQe7Y-+(dp|02fb< zB)brnG?2d(!uEQSUQ~l{9eiCpj6PI{#|rK^qQ!tC}-4a0QGL9FS0F?ix`gJ!v7p@4PO)X^Dr?i zLH$sj9{Q)yQ=ywfejDOKe@C6FuT?ix8PpfliN3?@Lv~_2`Mx+C;Tn>?5Aw8;U+jbH zvTE|?{v8M(BKG|Q2wO>1Nj1V%q^Sg!RFZE>0OmoGUkWQlGFqAwQivaKjD_Z5&Ou=C5;FdlYcDPjqqN0 z+CuQscMvWjpDk@gxR7KmgY*i>z%l{heDeLWJcRdFISWyoI|*TJqYh2T?wTKXOq7sI1%1Sgx4X1pOR;k!T$ OYZ5yV-a+msR{a~y4jz#J delta 3092 zcmdT`Yfw|^89sav61gO(-PRS|#&*`OKeXqP06FSPKn(X=Kqw$=jNu|kFa!}VYiM&0 z7rFYm2m(U10PR>6R>e>&UQnQpiJvz?vkbi0#tPSQWN)6TTBo$2;Hi8XO&JJY|N z$zseP(QTPgN%!Bmt=Sc$`AYLQbyDJT;@*TmCUhih zj$epRj+=|qZ+N<)R`n-UpNdv~qU4km)}{XtS0rUWoJmiJ#p6{8h%@84sxHKp;vLnc zh%3Pz)h5Ih<7d@J5m$tNP*aY$LflnThqwa#d5r^c`MB`N5ya);yGKqTE*HO9Ye!rT z9;$pSsdeS?H%fc}mk0b6NZrfOixJ>-<#xsb^z=t+fAkK(q zHnk!y9cwn{A?^UK*$gM&#=qR$8g1tG<3DUQB@hG=%d6m9!C4<@zt$MEiSV#RsU|cF zngaD-)syO-iJv5%OZ;)dr@`b`;`hdV8P^r}2BcrE`n{@0m8SG7$CPTEmR^h87w~xc zPmudv{6$#+cN;cVS&`cgRW2{> zj^VYjME5QeBi*?pOil{-`=zI&fwduVdPx}U7x;(%N0YmS#Xf;s@UM^fM{bG(qhjwk z{3`U%3X@*n`l9gj!D5TUDcqg&J(=B!JsH|GCQVP1v~D*=?WXlwDvc#mSduK_zpo&S zCPx12Ti(*v*@}OYv^9lEONqQ}VD%|1qbuOwP!Rh~j5sqQJzSMmXMC$Sq}gs^(c@qA zlxAkhSNAY!hKQ>)#ga5jlllC11+mw}G_*7wwF*2Z+#Qz|J<!{XYo_`x-CU`!ku7hTi-IJZJDT5;CZ785dv+O%%cNDewAxebusdxHcK`a6I5aO#Ed*}e5ihR_J*&c$ zSDaYF`>M5tjDh|JIMkA~@mm$d2@@kMJt;6}ieo*#)yD!qDD>WvE-wg+*QB9){`DTI z_c45nkGcar!vZ%bPP^oI(;0&<5|Uvln$^>_{Oby$4j|XOK#h2DMs#({#~^5F@{<3N zTbx}3(w!X+T#&ru0Aomf36i2ENmd6*r&RJ=6omOdAc5&i!o5-9$p=2~fPZ~b=zT0) z8W5*{8t^>9-9_7S7(-el1~6p+n0o$u3c_w;a*E1AvXid51@30x%7U~CX{>zdx(uI# zIiZ$?N%Kb76Je;te#x(Y=W`WK*H(%P7RX;fTZ7MJ;u zI>o+uzh}VQXlrS)+K<_AcX@I;8I}vYM#nM+mZB>8?*uDnY_nJ!ZQ5*`!+9pdW^rmm z8A6Kzr@oawp?5+CF_K{p0VIW`X-Kw?->e`k-i*`Ww3Woqe%T=%8H!6tg zpr-)$;3$LPpN9nd7pq_Gs4%O@#_R1*WPAk6Y1 zY5SgB>}YLiYHgNlpd%v*hXUv*RtFxV33^O}9by${dqwYcp~w3o==mGixPANEIx0*- zsw`eQ1%y}5s})3niSgh28FZ2CPo77)X8-&RFhQYjP`bS&JKhpht~|Md3Yu8Z-%@3< z$*}BcJV_6jGRJgO@wvLrul&s|Af}*fl?Jf3(E-i@E+FWdDZwF^PrqxEOU9Qi5 zDokk*MD|3coZk>kq0rXZ?zA|x6*gP5UR#ls@iKn#+6Z){jF3Zx*#!hW^a!gbrFZ_HY!>EHIl(uHc|vnnV^;q~-Jw<`9#7nn@KHiu{6FIt z;}6IEJ?=^zx#7WvOqHa{RsLGps3c;q#YQQ56+2@-j;W3QEV?Q>8qJ~fs6dn}iXi4k zPnPdG%&USf7n1(64HX~ygG4moU=mKM8J=y@u>cMrk>dkJC70NHe8^My7D zlC<(M3Zm&7&Z@OKy4sxfx1hJd-^8i=fk~G<<0pomuk~rMtLTj_bYv$27$itjReUsF zJXDQ%gyT)+h>yZYP3I6#;4e&W#9hGk*|2cFi+`J4g}C#0PY&#>=kQ3*X~dnyak*C! zcLvYp!jD~8l~<3r)3`0qhPY1rSspC0r?5F6j&$JX`EcEd^9oKNt{u<5e&|wR3gR3% ztq=~M#50Aph-<@N7sBFf$F)U=5!Z?z7v)A5a3`>