diff --git a/Core.py b/Core.py
index d53a0ba..51d20f8 100644
--- a/Core.py
+++ b/Core.py
@@ -21,6 +21,23 @@ from GotoSend_xianzhi import Src_xianzhi
from GotoSend_freebuf import Src_freebuf
from GotoSend_qianxin import Src_qianxin
from GotoSend_seebug import Src_seebug
+import logging
+
+# 设置日志记录
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+logger.handlers.clear() # 清除已有的处理器
+
+file_handler = logging.FileHandler('./log/spider.log', mode='a', encoding='utf-8')
+file_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+console_handler = logging.StreamHandler()
+console_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+logger.addHandler(file_handler)
+logger.addHandler(console_handler)
+logger.propagate = False # 禁用日志传递
+
# 加载参数
with open('./config.yaml', 'r', encoding="utf-8") as file:
@@ -32,7 +49,13 @@ webhook_url_once, timestamp_once, sign_once = gen_sign()
def send_job(time_1):
# 爬取数据
print("正在启动各爬虫并获取资源中...")
- run()
+ seebug_main()
+ M_4hou_main()
+ anquanke_main()
+ # sec_wiki_main()
+ huawei_main()
+ doonsec_main()
+ qianxin_main()
freebuf_main()
xianzhi_main()
@@ -51,83 +74,83 @@ def send_job(time_1):
# 发送嘶吼资讯
if reslt_4hou:
print("-" * 40)
- print("嘶吼资讯递送中:")
+ logger.info("嘶吼资讯递送中:")
SendToFeishu(reslt_4hou, "嘶吼资讯递送", webhook_url, timestamp, sign)
print("-" * 40 + "\n")
time.sleep(60)
else:
print("-" * 40)
- print("嘶吼数据为空,跳过执行。")
+ logger.info("嘶吼数据为空,跳过执行。")
# 发送安全客资讯
if reslt_anquanke:
print("-" * 40)
- print("安全客资讯递送中:")
+ logger.info("安全客资讯递送中:")
SendToFeishu(reslt_anquanke, "安全客资讯递送", webhook_url, timestamp, sign)
print("-" * 40 + "\n")
time.sleep(60)
else:
print("-" * 40)
- print("安全客数据为空,跳过执行。")
+ logger.info("安全客数据为空,跳过执行。")
# 发送洞见微信安全资讯
if reslt_doonsec:
print("-" * 40)
- print("洞见微信安全资讯递送中:")
+ logger.info("洞见微信安全资讯递送中:")
SendToFeishu(reslt_doonsec, "洞见微信安全资讯递送", webhook_url, timestamp, sign)
print("-" * 40 + "\n")
time.sleep(60)
else:
print("-" * 40)
- print("洞见微信安全数据为空,跳过执行。")
+ logger.info("洞见微信安全数据为空,跳过执行。")
# 发送先知社区资讯
if reslt_xianzhi:
print("-" * 40)
- print("先知社区资讯递送中:")
+ logger.info("先知社区资讯递送中:")
SendToFeishu(reslt_xianzhi, "先知社区资讯递送", webhook_url, timestamp, sign)
print("-" * 40 + "\n")
time.sleep(60)
else:
print("-" * 40)
- print("先知社区数据为空,跳过执行。")
+ logger.info("先知社区数据为空,跳过执行。")
# 发送FreeBuf资讯
if reslt_freebuf:
print("-" * 40)
- print("FreeBuf资讯递送中:")
+ logger.info("FreeBuf资讯递送中:")
SendToFeishu(reslt_freebuf, "FreeBuf资讯递送", webhook_url, timestamp, sign)
print("-" * 40 + "\n")
time.sleep(60)
else:
print("-" * 40)
- print("FreeBuf数据为空,跳过执行。")
+ logger.info("FreeBuf数据为空,跳过执行。")
# 发送奇安信攻防社区资讯
if reslt_qianxin:
print("-" * 40)
- print("奇安信攻防社区资讯递送中:")
+ logger.info("奇安信攻防社区资讯递送中:")
SendToFeishu(reslt_qianxin, "奇安信攻防社区资讯递送", webhook_url, timestamp, sign)
print("-" * 40 + "\n")
time.sleep(60)
else:
print("-" * 40)
- print("奇安信攻防社区数据为空,跳过执行。")
+ logger.info("奇安信攻防社区数据为空,跳过执行。")
# 发送Seebug资讯
if reslt_seebug:
reslt_seebug = Src_seebug(1000)
webhook_url, timestamp, sign = gen_sign()
print("-" * 40)
- print("Seebug社区资讯递送中:")
+ logger.info("Seebug社区资讯递送中:")
SendToFeishu(reslt_seebug, "Seebug社区资讯递送", webhook_url, timestamp, sign)
print("-" * 40 + "\n")
else:
print("-" * 40)
- print("Seebug社区数据为空,跳过执行。")
+ logger.info("Seebug社区数据为空,跳过执行。")
def signal_handler(sig, frame):
- print("接收到退出信号,程序即将退出...")
+ logger.info("接收到退出信号,程序即将退出...")
sys.exit(0)
@@ -140,14 +163,14 @@ def main_loop():
while True:
try:
# 执行任务
- print(f"第{n}次执行,当前时间为:{datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
+ logger.info(f"第{n}次执行,当前时间为:{datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
send_job(e_hour)
- print("执行完毕,等待下一次执行...")
+ logger.info("执行完毕,等待下一次执行...")
n += 1
time.sleep(e_hour * 60 * 60 - 5 * 60)
except Exception as e:
- print(f"发生错误: {e}, 程序已暂停")
+ logger.error(f"发生错误: {e}, 程序已暂停")
# SendToFeishu(f"发生错误: {e}, 程序已退出", "报错信息")
exit()
@@ -193,13 +216,18 @@ if __name__ == "__main__":
start_info += "程序已启动,当前时间为:" + datetime.now().strftime("%Y-%m-%d %H:%M:%S") + "\n"
start_info += "程序作者:MasonLiu \t 开源地址:[GM-gitea](https://git.masonliu.com/MasonLiu/PyBot)" + "\n"
start_info += "时间配置:每隔" + str(e_hour) + "小时执行一次推送\n"
- SendToFeishu(start_info, "程序信息", webhook_url_once, timestamp_once, sign_once)
+ result = SendToFeishu(start_info, "程序信息", webhook_url_once, timestamp_once, sign_once)
+ logger.info(result)
+ print("-" * 40)
# print(start_info)
- SendToFeishu(rss_info, "RSS源状态", webhook_url_once, timestamp_once, sign_once)
+ result = SendToFeishu(rss_info, "RSS源状态", webhook_url_once, timestamp_once, sign_once)
+ logger.info(rss_info)
+ logger.info(result)
+ print("-" * 40)
# print(rss_info)
# 首次运行先暂停两分钟
- time.sleep(2 * 60)
+ # time.sleep(2 * 60)
# 主程序
main_loop()
\ No newline at end of file
diff --git a/JSON/4hou.json b/JSON/4hou.json
index 6146f09..36d8e4f 100644
--- a/JSON/4hou.json
+++ b/JSON/4hou.json
@@ -1,4 +1,25 @@
[
+ {
+ "title": "警方查获Matrix 加密聊天服务",
+ "link": "https://www.4hou.com/posts/om8k",
+ "description": "代号为“Operation Passionflower”的国际执法行动已经关闭了 MATRIX,这是一个加密消息平台,网络犯罪分子利用该平台协调非法活动,同时逃避警方追捕。
MATRIX 与同名的安全开源、去中心化、实时通信协议是不同的实体,继续使用是完全合法的。该行动在欧洲各地进行,包括法国、荷兰、意大利、立陶宛、西班牙和德国,并由欧洲刑警组织和欧洲司法组织协调。
犯罪推动者
警方在找到一名 2021 年 7 月试图暗杀记者的枪手的手机后,顺藤摸瓜找到了 MATRIX。在分析手机后,他们发现该手机经过定制,可以连接到名为 Matrix 的加密消息服务。
荷兰和法国当局之间的联合调查小组 (JIT) 允许警方监控和拦截通过这些设备发送的 33 种不同语言的 230 万条消息。但是,没有提供有关如何做到这一点的技术细节。
“三个月来,当局能够监控可能犯罪分子的信息,这些信息现在将用于支持其他调查。”欧洲刑警组织发布了一份声明。
在欧洲司法组织和欧洲刑警组织支持的协调行动中,荷兰和法国当局关闭了该消息服务,意大利、立陶宛和西班牙当局采取了后续行动。
MATRIX 遍布欧洲的 40 台服务器促进了至少 8,000 个用户帐户的通信,这些用户帐户支付了 1350 至 1700 美元的加密货币购买基于 Google Pixel 的设备以及手机上安装的服务的六个月订阅。
MATRIX 还以“Mactrix”、“Totalsec”、“X-quantum”和“Q-safe”等名称出售,但它们都使用相同的基础设施。 MATRIX 还提供加密视频通话、跟踪交易和匿名浏览互联网的功能。
扣押和逮捕
本周,执法部门在四个国家同时进行了突袭和搜查,导致法国和德国的 40 台服务器被关闭,西班牙和法国的 5 名嫌疑人被捕。
其中一名被捕者是一名 52 岁的立陶宛男子,他被怀疑是 MATRIX 的所有者和主要运营商。当局还查获了 970 部加密手机、152,500 美元现金、525,000 美元加密货币以及四辆汽车。 MATRIX 网站上张贴的查封横幅警告该服务的用户他们的通信已被暴露,调查将继续进行。
![\"seizure.webp.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241206/1733453697519973.png\" "\\"1733295792775604.png\\"")
扣押通知
荷兰警方在另一份公告中指出,任何出于隐私和匿名目的而选择该服务且未参与犯罪活动的 MATRIX 用户应发送电子邮件请求豁免调查。尽管 MATRIX 的运营商技术先进,并且相信它优于之前被拆除的加密电话服务,但 MATRIX 仍被拆除。
然而,之前取缔类似加密电话服务(如 Ghost、EncroChat、Exclu 和 Sky ECC)的执法行动表明,一旦执法部门了解其基础设施,他们就可以通过监控截获的消息或通过查获的信息来收集犯罪行为的重要证据。这些证据导致数千名毒贩、武器经销商、有组织犯罪分子、杀人犯和洗钱犯被捕。
",
+ "pubDate": "Fri, 06 Dec 2024 12:00:00 +0800",
+ "author": "胡金鱼"
+ },
+ {
+ "title": "伏特加制造商 Stoli 因勒索软件攻击申请破产",
+ "link": "https://www.4hou.com/posts/nl7P",
+ "description": "Stoli 集团的美国公司在 8 月份遭遇勒索软件攻击后申请破产,俄罗斯当局查封了该公司在该国的剩余酿酒厂。Stoli 集团的两家子公司 Stoli USA 和 Kentucky Owl 的总裁兼全球首席执行官在最近的一份文件中表示,这是因为 8 月份的攻击严重破坏了其 IT 系统(包括企业资源规划 (ERP))之后发生的。此次网络攻击还迫使整个集团进行手动操作,影响了会计等关键流程,预计要到 2025 年初才能完全恢复。
Caldwell 表示:“2024 年 8 月,Stoli 集团的 IT 基础设施因数据泄露和勒索软件攻击而遭受严重破坏。” 由于 Stoli 集团的企业资源规划 (ERP) 系统被禁用,并且 Stoli 集团的大部分内部流程(包括会计职能)被强制,此次攻击给 Stoli 集团内的所有公司(包括 Stoli USA 和 KO)造成了严重的运营问题。
这一事件还导致 Stoli 美国子公司无法向两家公司拖欠 7800 万美元债务的贷款人提供财务报告。2024 年 7 月,该集团在俄罗斯仅存的最后资产——两家价值 1 亿美元的酿酒厂也因 Stoli 集团及其创始人 Yuri Shefler 被认定为“极端分子”而被没收。
此外,Stoli 集团还花费了数千万美元与俄罗斯国有企业 FKP Sojuzplodoimport 就 Stolichnaya 和 Moskovskaya 伏特加商标权进行了长达 23 年的长期法庭诉讼,涉及多个司法管辖区,其中包括美国。
这场法律斗争源于 2000 年 3 月总统普京的一项行政命令,旨在“恢复和保护国家对伏特加商标的权利”,这些商标的权利在 20 世纪 90 年代被私营公司购买。该公司创始人谢夫勒也因批评普京政权而受到出于政治动机和“捏造”的指控,于 2002 年被迫逃离俄罗斯。
",
+ "pubDate": "Fri, 06 Dec 2024 12:00:00 +0800",
+ "author": "胡金鱼"
+ },
+ {
+ "title": "ChatGPT 诞生两周年:AI 世界的一次代际飞跃",
+ "link": "https://www.4hou.com/posts/pnBm",
+ "description": "人工智能 (AI) 技术已有数十年的历史,推动着从机器人到预测分析等方方面面的创新。两年前,伴随着 ChatGPT 的横空出世,生成式人工智能 (GenAI) 成为了 AI 发展史上的一个里程碑式转折点。ChatGPT 被设计用于以近乎人类的水平进行对话、创作和理解。得益于这一变革性功能,AI 走出技术领域,进入日常生活,以前所未有的方式推动着先进技术的广泛普及。
ChatGPT 于 2022 年底推出,在短短 5 天内迅速走红,用户数量达到了 100 万。2024 年,ChatGPT 的活跃用户数量骤增至 2 亿,成为历史上增长速度最快的应用之一。 凭借实时生成上下文相关的连贯回答的能力,ChatGPT 让 AI 成为了一个家喻户晓的名词。这两年以来,人类仿佛又迎来了一次技术革命,全球各个行业都在AI应用中看到了无限可能。
在十一月乌镇举办的2024年世界互联网大会上,人工智能成为展示重点,涵盖低空经济、智能网联汽车、人形机器人、数字文创等热点,40余个大模型及垂直模型、10余个机器人集中亮相。今年十月,我国一位儿童用户通过视频展示了两个AI就“愚公是否应该移山”这一主题展开辩论,这两个应用占线的严密逻辑以及“类人化”的表达方式在短短几天就收获了数十万观看与数万条评论。可以看出,在短短两年时间内,各个AI应用已经开始“飞入寻常百姓家”。
然而,在ChatGPT 及其他类似工具应用于各行各业、为专业人士和个人的工作和生活赋能的同时,此类工具的“两面性”也日益凸显。
ChatGPT 的崛起:助力各行各业创新
从客户服务到内容创建,AI应用已迅速成为个人和企业必不可少的生产工具。虽然想要达到人类顶级人才的水平仍有待时日,但大型语言模型 (LLM) 通常都能够根据需求提供不错的解决方案,可让专业人士专注于创造性、分析性和战略性任务。GenAI 的即时性和可扩展性促进了范式转变,即“AI 无处不在”不再只是一种趋势,而是实实在在的现实。
GenAI 工具为各行各业提供了支持,它可通过回答 StackOverflow 等平台上的技术问题,帮助快速解决问题,并加快项目进度,将为期一周的任务缩短至数小时。ChatGPT 等 GenAI 工具还通过创新性地应用语言模型来破译功能和理解复杂代码,将其功能扩展到了逆向工程。
在网络安全领域, GenAI 已经产生了深远的影响。例如,ChatGPT 能够分析庞大的数据集,以检测异常和模式,从而帮助用户发现以前可能无法察觉的威胁。这种增强的可视性是一项颠覆性特性,有助于高效打击日益复杂的网络攻击。
从积极的方面看,GenAI 已成为加强安全运维不可或缺的工具:
1. 加速工作流程:网络安全专业人员现在使用 ChatGPT 等 GenAI 工具快速排除故障、破解复杂问题并从海量数据集中提取实用洞察——这些任务以前都需要数周或数天的时间才能完成。
2. 威胁检测:GenAI 能够快速、深入地分析海量数据,从而帮助机构检测到可能被忽视的威胁。
3. 事件响应:GenAI 正被探索用于总结攻击模式、缩短响应时间并加强防御能力。
然而,GenAI 的兴起也带来了重大风险。若无适当的安全防护措施,输入到 ChatGPT 等工具中的敏感数据可能会在不经意间被泄漏。一次数据处理不当就可能带来毁灭性后果,如果这些数据被用于未来网络攻击的话。
从某些方面来看,这项变革性技术为网络犯罪分子肆无忌惮的滥用提供了可乘之机:
· 恶意代码开发:ChatGPT 和类似工具甚至支持新手攻击者创建和调试恶意软件,这大大降低了网络犯罪发起攻击的门槛。
· 复杂的网络钓鱼电子邮件:黑客可利用 GenAI 制作出更具迷惑性的逼真电子邮件。与传统的网络钓鱼电子邮件相比,这些电子邮件更有可能骗到收件人,因为前者措辞不够严谨并缺乏对相关情况的了解,所以可能会被明眼人识破。
· 深度伪造:GenAI 生成的视频和音频片段往往难辨真伪,主要用于欺诈、造谣和勒索,致使社交工程威胁升级。
这些滥用案例凸显了一个残酷的现实:正如 GenAI 可以让防御者如虎添翼一样,它也可能为虎作伥,成为攻击者的帮凶。
保障 GenAI 领域的安全
随着 GenAI 的快速普及,用户需要采取主动式安全防护来缓解风险。Check Point 建议采取以下措施:
1. 开展员工培训:让员工了解 GenAI 特定的威胁和风险,例如逼真的网络钓鱼电子邮件、深度伪造和幻觉,以便他们能够发现和报告潜在事件。
2. 实施数据保护:采用可靠工具防止在不经意间与 AI 平台共享敏感数据,从而降低数据泄漏或滥用风险。
3. 监控和规范 AI 使用:制定明确的政策,确保在机构内以合乎道德的方式安全使用 GenAI,让使用者和开发人员承担起相应的责任。
4. 实施自动化数据控制:部署自动化解决方案来监控和限制与第三方 AI 系统的数据共享,确保敏感信息始终安全无虞。
5. 采用基于 AI 的防御:利用 AI 工具有效防范攻击,增强威胁检测和响应能力。
未来愿景:负责任地使用 AI,维护网络安全
毫无疑问,ChatGPT 等 GenAI 将在塑造网络安全格局方面发挥日益重要的作用。我们所面临的挑战在于如何正确发挥其潜力,同时最大限度地降低滥用风险。
使用 GenAI 的好处显而易见:用户可以使用其算法高效使用之前很难处理的海量数据。然而,GenAI 并不是人类的自动化替身,也不仅仅是一套先进的算法。虽然 GenAI 潜力巨大,但其风险也不容小觑。
为了确保 GenAI 正面助力网络安全,各机构必须对其使用承担起责任。无论是通过监管敏感应用、培养 AI 文化素养,还是部署高级监控工具,业界都必须与这项技术同步发展。通过保持警惕性和前瞻性,我们可确保 ChatGPT 等工具不断推动创新,同时防止其被滥用。
",
+ "pubDate": "Fri, 06 Dec 2024 11:45:46 +0800",
+ "author": "Check Point"
+ },
{
"title": "网络钓鱼电子邮件越来越多地使用 SVG 附件来逃避检测",
"link": "https://www.4hou.com/posts/rpXB",
@@ -117,26 +138,5 @@
"description": "近日,一则安全事件刷爆了朋友圈:10月12日,多名网友反映收到了来自“某省教育厅”的短信,短信内容中带有黄色网站非法链接。经查,这些短信并非某省教育厅发送,而是不法分子入侵了短信平台后,以教育厅的名义发送的。该事件引发了广泛的社会关注和担忧。
短信平台群发短信通常需要和短信服务平台公司合作通过API接口实现。短信平台API接口是一种用于实现短信发送和接收功能的编程接口,它允许合作的短信服务平台公司将自己的应用程序与短信平台的功能进行集成,可以方便地调用短信平台提供的各种功能,如短信发送、状态查询等。
在某省教育厅短信平台被入侵事件中,暴露了短信平台在安全防护机制、身份认证和监控预警等存在缺陷。不法分子可能通过API接口发送了包含非法链接的短信,包含但不限于通过弱口令、身份认证信息的窃取或伪造、系统漏洞的利用、失效的API接口验证以及不当的权限管理等来实现诈骗和信息传播,试图诱骗用户点击并泄露个人信息。可见,加强API接口的安全防护刻不容缓。
![](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241029/1730168564472607.png\"/)
✦ 防护建议
针对此类事件,盛邦安全推出面向短信业务平台的API安全治理方案,结合API安全当前面临的典型问题,覆盖API学习、API画像、攻击防护、权限保护、API审计和应急响应等各个阶段,以业务风险识别与防护控制为核心目标,通过对业务流量的识别分析来梳理API接口,在此基础上通过数据建模、行为建模和算法分析等技术,实现API接口识别与梳理、数据调用识别与保护、接口访问安全控制及审计等安全能力,从而实现面向API接口全生命周期的安全监测与治理。
![](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241029/1730168565103722.png\"/)
方案采用主动学习与被动流量分析相结合的API学习引擎,可以全面梳理业务中存在的API资产,并结合流量特征进行语义提取,识别API状态、用途等属性,从而实现标签化的画像管理。
采用特征检测、语义分析与AI学习三合一的启发式检测引擎,通过对已知的攻击规则与行为特征简化判断逻辑,并对引擎持续训练,提升针对未知风险的发现能力,从而对API相关的注入攻击、命令攻击、异常访问和非法内容进行防护处置。
基于流量变化和行为特点等角度进行建模分析,梳理API访问的基线并进行动态跟踪,对未授权访问、未知请求、非法调用和异常高频请求等行为进行识别判断,并利用反向校验、访问限制和白名单等方式进行访问控制。
采用全面的检查点和丰富的数据处理模型,结合业务特点,对组织敏感数据、个人隐私信息、业务关键信息和系统账户口令等进行精准识别、统计和分类梳理,并结合擦除、替换和访问限制等手段来达到脱敏保护等目的。
基于时间、空间、业务属性和数据类型等多种维度对API资产进行监控,对API上线状态、运行状况、调用可靠性、数据合法性以及威胁态势进行综合研判,实现API资产的细粒度审计和可视化分析。
防止未经授权的访问
通过加强API安全防护,可以确保只有授权用户才能访问API,防止未经授权的访问和数据泄露。
监控和审计API行为
建立回溯审计和监控措施,对业务、短信服务、短信网关三个环节发送的短信回执进行校验,对数量、频率、内容的异常情况进行阈值预警和阻断,防止被攻击者非法调用。
保护敏感数据
对发送内容进行审查过滤,对敏感数据的流转进行监控和过滤,避免非法信息传播,防止敏感数据的泄露。
随着教育数字化转型的加速,网络和数据安全威胁日益严峻。此次事件再次凸显了API安全防护的重要性。各单位应高度重视API安全问题,采取有效措施加强防护与管理,确保短信平台的安全性和可靠性。同时,个人也应提升安全意识,有效识别并过滤恶意信息,保护自身合法权益。让我们共同维护网络空间的安全和有序,助力教育数字化转型健康发展。
原文链接
",
"pubDate": "Thu, 28 Nov 2024 13:30:48 +0800",
"author": "盛邦安全"
- },
- {
- "title": "关于发布《网络安全标准实践指南——粤港澳大湾区(内地、香港)个人信息跨境处理保护要求》的通知",
- "link": "https://www.4hou.com/posts/0MEV",
- "description": "网安秘字〔2024〕152号
各有关单位:
落实《全球数据跨境流动合作倡议》,为促进粤港澳大湾区个人信息跨境安全有序流动,网安标委秘书处联合香港私隐公署编制了《网络安全标准实践指南——粤港澳大湾区(内地、香港)个人信息跨境处理保护要求》。
本《实践指南》规定了粤港澳大湾区(内地、香港)个人信息处理者或者接收方,在大湾区内地和香港间通过安全互认方式进行大湾区内个人信息跨境流动应遵守的基本原则和要求,适用于指导大湾区内个人信息处理者开展个人信息跨境处理活动。
附件:《网络安全标准实践指南——粤港澳大湾区(内地、香港)个人信息跨境处理保护要求》
全国网络安全标准化技术委员会秘书处
2024年11月21日![\"1.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760166651917.png\" "\\"1732760166651917.png\\"")
![\"2.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760198177148.png\" "\\"1732760198177148.png\\"")
![\"3.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760209104447.png\" "\\"1732760209104447.png\\"")
![\"4.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760223161434.png\" "\\"1732760223161434.png\\"")
![\"5.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760235135665.png\" "\\"1732760235135665.png\\"")
![\"6.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760248713898.png\" "\\"1732760248713898.png\\"")
![\"7.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760259196152.png\" "\\"1732760259196152.png\\"")
![\"8.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760280152913.png\" "\\"1732760280152913.png\\"")
![\"99.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760341310360.png\" "\\"1732760341310360.png\\"")
![\"100.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760357198713.png\" "\\"1732760357198713.png\\"")
![\"111.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760368485832.png\" "\\"1732760368485832.png\\"")
![\"122.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760381193962.png\" "\\"1732760381193962.png\\"")
![\"133.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760392245447.png\" "\\"1732760392245447.png\\"")
![\"144.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760403134537.png\" "\\"1732760403134537.png\\"")
![\"155.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760414123278.png\" "\\"1732760414123278.png\\"")
![\"166.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760429141429.png\" "\\"1732760429141429.png\\"")
![\"177.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760441860095.png\" "\\"1732760441860095.png\\"")
![\"188.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760451192348.png\" "\\"1732760451192348.png\\"")
![\"199.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760463186433.png\" "\\"1732760463186433.png\\"")
![\"200.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760475597159.png\" "\\"1732760475597159.png\\"")
![\"21.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760487777583.png\" "\\"1732760487777583.png\\"")
![\"22.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241128/1732760500192360.png\" "\\"1732760500192360.png\\"")
文章来源自:全国网安标委
",
- "pubDate": "Thu, 28 Nov 2024 12:00:00 +0800",
- "author": "企业资讯"
- },
- {
- "title": "RomCom 黑客利用 Firefox 和 Windows 零日漏洞",
- "link": "https://www.4hou.com/posts/9jG8",
- "description": "总部位于俄罗斯的 RomCom 网络犯罪组织在最近针对欧洲和北美 Firefox 和 Tor 浏览器用户的攻击中发现了两个零日漏洞。
第一个漏洞 (CVE-2024-9680) 是 Firefox 动画时间线功能中的释放后使用错误,该功能允许在 Web 浏览器的沙箱中执行代码。 Mozilla 于 2024 年 10 月 9 日(ESET 报告该漏洞一天后)修补了该漏洞。
利用的第二个零日漏洞是 Windows 任务计划程序服务中的权限升级漏洞 (CVE-2024-49039),该漏洞允许攻击者在 Firefox 沙箱之外执行代码。 Microsoft 在本月初(即 11 月 12 日)修复了此安全漏洞。
RomCom 将这两个漏洞作为零日链漏洞利用,帮助他们无需用户交互即可获得远程代码执行。他们的目标只需访问一个由攻击者控制的恶意制作的网站,该网站会在其系统上下载并执行 RomCom 后门。
根据攻击中使用的 JavaScript 漏洞之一的名称 (main-tor.js),威胁者还针对 Tor 浏览器用户(根据 ESET 的分析,版本 12 和 13)。
![\"romcom-attack-flow.webp.png\"/](\"https://img.4hou.com/uploads/ueditor/php/upload/image/20241127/1732690835694622.png\" "\\"1732690783198751.png\\"")
RomCom 攻击流程
ESET 研究员表示:“妥协链由一个虚假网站组成,该网站将潜在受害者重定向到托管漏洞的服务器,如果漏洞成功,就会执行 shellcode,下载并执行 RomCom 后门。”
虽然不知道假网站的链接是如何分发的,但是,如果使用易受攻击的浏览器访问该页面,则有效负载会被丢弃并在受害者的计算机上执行,无需用户交互。
一旦部署在受害者的设备上,该恶意软件使攻击者能够运行命令并部署额外的有效负载。将两个零日漏洞链接在一起,就会为 RomCom 提供了无需用户交互的漏洞。这种复杂程度也表明了威胁者获取或开发隐秘能力的决心和手段。
此外,这些攻击中成功利用攻击的次数最终导致 RomCom 后门部署在受害者的设备上,这使得人们有理由相信这是一次广泛的活动。根据 ESET 遥测数据,潜在目标的数量从每个国家一名受害者到多达 250 名受害者不等。
这并不是 RomCom 第一次利用零日漏洞进行攻击。 2023 年 7 月,其运营商利用多个 Windows 和 Office 产品中的零日漏洞 (CVE-2023-36884) 攻击参加立陶宛维尔纽斯北约峰会的组织。
RomCom(也被追踪为 Storm-0978、Tropical Scorpius 或 UNC2596)与出于经济动机的活动、精心策划的勒索软件和勒索攻击以及凭证盗窃(可能旨在支持情报行动)有关。该威胁组织还与 Industrial Spy 勒索软件行动有关,该组织后来转向地下勒索软件。
据 ESET 称,RomCom 现在还针对乌克兰、欧洲和北美的组织进行跨行业的间谍攻击,包括政府、国防、能源、制药和保险。
",
- "pubDate": "Thu, 28 Nov 2024 12:00:00 +0800",
- "author": "胡金鱼"
- },
- {
- "title": "盛邦安全2024“乌镇时间”,权小文入选人工智能专委会推进计划牵头人",
- "link": "https://www.4hou.com/posts/VWlB",
- "description": "以“拥抱以人为本、智能向善的数字未来——携手构建网络空间命运共同体”为主题的2024年世界互联网大会乌镇峰会于11月19日至22日在浙江乌镇举行。盛邦安全受邀参与本次峰会,董事长权小文入选人工智能专委会推进计划牵头人,并参与“2024年世界互联网大会乌镇峰会智能交通论坛”专题对话环节,与业界专家学者共同探讨智联网环境下网络安全前沿技术与发展趋势。
图片来源于世界互联网大会官方
2024年世界互联网大会乌镇峰会,谋划了一系列新议题、新亮点,世界互联网大会人工智能专业委员会正式在会上成立。盛邦安全积极响应,董事长权小文入选专委会推进计划牵头人名单。作为大会国际组织成立后设立的第一个专业化、常态化分支机构,专委会将搭建人工智能国际交流合作平台,开展专题研讨、成果分享、倡议发布等活动,推动人工智能技术以人为本、向上向善。
权小文表示,人工智能在提高社会生产效率、突破技术难题、新应用方面有巨大作用,对于人工智能建议提前做好约束和规范,通过制度约束,加强人工智能技术应用的监管,加强国际合作,倡导技术向善的价值观。
![](\"https://www.webray.com.cn/upload/2024/11/21/d26fa7bc5879432faefe18b702349827/mceu_33502627321732183238070.png\"/)
图片来源于世界互联网大会官方
以“智联未来,交通无界—共创智能交通新生态”为主题的智能交通论坛将于11月22日上午召开。盛邦安全董事长权小文受邀参加“智能网联汽车与交通基础设施的协同”专题对话,聚焦智慧交通,分享如何利用卫星互联网推动智能交通安全防护系统的全面升级。
![\"\"](\"https://www.webray.com.cn/upload/2024/11/21/db38a10ba6d94d719fae0a10e702d834/%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_20241121175753.png\")
今年,世界互联网大会乌镇峰会迈入第11个年头,正式开启“下一个十年”的新篇章。这十年间网络安全作为护航国家数字经济发展的核心力量,与行业生态紧密协同、持续发展。盛邦安全作为世界互联网大会的会员单位,将继续充分发挥其在网络安全领域的积淀与优势,为构建网络空间命运共同体贡献中国智慧和力量,携手各界共绘“下一个十年”的辉煌未来。
原文链接
",
- "pubDate": "Wed, 27 Nov 2024 17:27:04 +0800",
- "author": "盛邦安全"
}
]
\ No newline at end of file
diff --git a/JSON/anquanke.json b/JSON/anquanke.json
index 0720f36..88f62f4 100644
--- a/JSON/anquanke.json
+++ b/JSON/anquanke.json
@@ -1,4 +1,140 @@
[
+ {
+ "guid": "https://www.anquanke.com/post/id/302508",
+ "title": "开放银行中的 API 安全:平衡创新与风险管理",
+ "author": " 安全客",
+ "description": null,
+ "source": "hackread",
+ "pubDate": "2024-12-06 16:51:03"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302505",
+ "title": "非洲执法部门抓获1,000多名网络犯罪嫌疑人",
+ "author": " 安全客",
+ "description": null,
+ "source": "darkreading",
+ "pubDate": "2024-12-06 16:50:19"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302502",
+ "title": "NCA的破坏行动:瓦解全球洗钱网络",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-06 16:49:32"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302499",
+ "title": "FBI 警告犯罪分子利用生成式人工智能进行欺诈活动",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-06 16:48:36"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302465",
+ "title": "印度尼西亚富士电机遭受勒索软件攻击: 业务合作伙伴数据可能泄露",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-06 15:41:27"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302496",
+ "title": "Lorex 2K安全摄像头的五个缺陷使黑客能够完全控制,警告发布",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-06 15:17:22"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302459",
+ "title": "Veeam 备份与复制漏洞曝光: 高严重性漏洞使数据面临风险",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-06 15:16:35"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302511",
+ "title": "360数字安全集团携手上海东海职业技术学院,共育实战型网络安全人才队伍",
+ "author": " 安全客",
+ "description": null,
+ "source": "微信",
+ "pubDate": "2024-12-06 15:16:11"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302493",
+ "title": "网络钓鱼狂潮:Cloudflare 域在最新攻击中被利用",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-05 16:14:12"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302490",
+ "title": "可用的漏洞利用代码:在 WhatsUp Gold 中发现严重缺陷 - CVE-2024-8785 (CVSS 9.8)",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-05 16:06:53"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302485",
+ "title": "最高级!360获评NVDB通用网络产品安全漏洞专业库“三星级技术支撑单位”称号",
+ "author": " 安全客",
+ "description": null,
+ "source": "微信",
+ "pubDate": "2024-12-05 15:51:37"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302482",
+ "title": "Crypto.com 与 HackerOne 一起推出 200 万美元的漏洞赏金计划",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-05 15:44:08"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302479",
+ "title": "FSB 黑客攻破巴基斯坦的 APT 风暴-0156",
+ "author": " 安全客",
+ "description": null,
+ "source": "darkreading",
+ "pubDate": "2024-12-05 15:31:48"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302476",
+ "title": "Veeam 解决了关键的服务提供商控制台 (VSPC) 错误",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityaffairs",
+ "pubDate": "2024-12-05 15:20:49"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302473",
+ "title": "软件供应链攻击导致 Solana 的 web3.js 库在 npm 注册表上出现恶意版本",
+ "author": " 安全客",
+ "description": null,
+ "source": "helpnetsecurity",
+ "pubDate": "2024-12-05 15:11:15"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302468",
+ "title": "CVE-2024-51378 (CVSS 10):CISA 警告称,严重 Cyber Panel 缺陷受到主动攻击",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-05 15:03:45"
+ },
+ {
+ "guid": "https://www.anquanke.com/post/id/302462",
+ "title": "CVE-2024-10905 (CVSS 10): SailPoint IdentityIQ 中的严重漏洞会暴露敏感数据",
+ "author": " 安全客",
+ "description": null,
+ "source": "securityonline",
+ "pubDate": "2024-12-05 14:37:48"
+ },
{
"guid": "https://www.anquanke.com/post/id/302456",
"title": "当心 Celestial Stealer:新的 MaaS 针对浏览器和加密钱包",
@@ -22,141 +158,5 @@
"description": null,
"source": "securityonline",
"pubDate": "2024-12-05 11:02:51"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302432",
- "title": "AI全新赋能,360开启终端All in One 5.0时代",
- "author": " 安全客",
- "description": null,
- "source": "微信",
- "pubDate": "2024-12-04 14:44:35"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302429",
- "title": "日本加密服务因价值3.08亿美元的比特币被盗而关闭",
- "author": " 安全客",
- "description": null,
- "source": "therecord",
- "pubDate": "2024-12-04 14:36:18"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302426",
- "title": "能源行业承包商称勒索软件攻击限制了对 IT 系统的访问",
- "author": " 安全客",
- "description": null,
- "source": "therecord",
- "pubDate": "2024-12-04 14:31:13"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302423",
- "title": "韩国撤销戒严令,加密货币市场回暖",
- "author": " 安全客",
- "description": null,
- "source": "Cointelegraph.com News",
- "pubDate": "2024-12-04 14:25:11"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302420",
- "title": "法国移动运营商联手应对日益猖獗的欺诈行为",
- "author": " 安全客",
- "description": null,
- "source": "infosecurity",
- "pubDate": "2024-12-04 11:31:24"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302417",
- "title": "ASA漏洞CVE-2014-2120正在被恶意利用",
- "author": " 安全客",
- "description": null,
- "source": "securityaffairs",
- "pubDate": "2024-12-04 11:24:59"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302414",
- "title": "Play Store上发现15款针对数百万人的SpyLoan应用程序",
- "author": " 安全客",
- "description": null,
- "source": "hackread",
- "pubDate": "2024-12-04 11:19:55"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302411",
- "title": "保护您的网络: Zyxel 发布固件更新",
- "author": " 安全客",
- "description": null,
- "source": "securityonline",
- "pubDate": "2024-12-04 11:02:26"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302407",
- "title": "谷歌浏览器解决 V8 JavaScript 引擎中的高严重性漏洞 (CVE-2024-12053)",
- "author": " 安全客",
- "description": null,
- "source": "securityonline",
- "pubDate": "2024-12-04 10:47:00"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302404",
- "title": "威胁行为者利用Gafgyt恶意软件利用配置错误的Docker远程API服务器进行攻击",
- "author": " 安全客",
- "description": null,
- "source": "securityonline",
- "pubDate": "2024-12-04 10:37:57"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302397",
- "title": "CVE-2024-48651:ProFTPD 漏洞为攻击者提供 Root 访问权限",
- "author": " 安全客",
- "description": null,
- "source": "securityonline",
- "pubDate": "2024-12-03 15:23:53"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302394",
- "title": "针对 Windows 任务计划程序缺陷 (CVE-2024-49039) 发布的零日漏洞利用代码,该漏洞已被 RomCom Group 积极利用",
- "author": " 安全客",
- "description": null,
- "source": "securityonline",
- "pubDate": "2024-12-03 15:16:41"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302390",
- "title": "领跑中国市场!360安全大模型获权威机构安全运营实测认证",
- "author": " 安全客",
- "description": null,
- "source": "微信",
- "pubDate": "2024-12-03 15:01:22"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302387",
- "title": "黑客利用 DeFi 漏洞在 2024 年从加密货币中盗取 14.8 亿美元",
- "author": " 安全客",
- "description": null,
- "source": "hackread",
- "pubDate": "2024-12-03 14:56:10"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302384",
- "title": "施乐、诺基亚、美国银行、摩根士丹利等公司 76 万员工的数据在网上泄露",
- "author": " 安全客",
- "description": null,
- "source": "theregister",
- "pubDate": "2024-12-03 14:43:32"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302381",
- "title": "Horns & Hooves活动利用NetSupport和BurnsRAT进行广泛妥协",
- "author": " 安全客",
- "description": null,
- "source": "securityonline",
- "pubDate": "2024-12-03 14:31:35"
- },
- {
- "guid": "https://www.anquanke.com/post/id/302378",
- "title": "从美国到阿联酋: APT35 扩大网络间谍活动范围",
- "author": " 安全客",
- "description": null,
- "source": "securityonline",
- "pubDate": "2024-12-03 11:35:47"
}
]
\ No newline at end of file
diff --git a/JSON/doonsec.json b/JSON/doonsec.json
index 3ac9d6e..4646431 100644
--- a/JSON/doonsec.json
+++ b/JSON/doonsec.json
@@ -1,4 +1,708 @@
[
+ {
+ "title": "Windows 7 至 Windows 11 中存在新的 0 Day NTLM 哈希泄露漏洞",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247504999&idx=3&sn=860de968b5da5269ea0ec755cd3e8392",
+ "description": null,
+ "author": "网络研究观",
+ "category": "网络研究观",
+ "pubDate": "2024-12-07T18:02:01"
+ },
+ {
+ "title": "WEB前端逆向拦截页面跳转",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247487787&idx=1&sn=c9f78157d67619339c84a9681a33dbba",
+ "description": "从网上求助学来的知识,都会写清楚原作者",
+ "author": "青衣十三楼飞花堂",
+ "category": "青衣十三楼飞花堂",
+ "pubDate": "2024-12-07T17:24:27"
+ },
+ {
+ "title": "攻防|记一次溯源真实案例",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568203&idx=1&sn=2fdb04a880e088fc0b8f232f5adfd9f4",
+ "description": null,
+ "author": "马哥网络安全",
+ "category": "马哥网络安全",
+ "pubDate": "2024-12-07T17:00:24"
+ },
+ {
+ "title": "TCP连接,是否是新开端口号和客户端进行交互?",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzIxNTM3NDE2Nw==&mid=2247490258&idx=1&sn=db89cb9898e851c734a0830cf1f677fd",
+ "description": null,
+ "author": "车小胖谈网络",
+ "category": "车小胖谈网络",
+ "pubDate": "2024-12-07T16:51:29"
+ },
+ {
+ "title": "Spring Properties 远程代码执行",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485622&idx=1&sn=c6b1a76d598054eb86efa917775f6188",
+ "description": null,
+ "author": "securitainment",
+ "category": "securitainment",
+ "pubDate": "2024-12-07T15:54:26"
+ },
+ {
+ "title": "Windows 中存在严重0day,可导致用户凭据泄露",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492906&idx=1&sn=bcccbff213bc1e74461cb25625f86307",
+ "description": null,
+ "author": "独眼情报",
+ "category": "独眼情报",
+ "pubDate": "2024-12-07T14:15:15"
+ },
+ {
+ "title": "制作一个可以绕过 Defender 的 Powershell Shellcode 下载器(无需绕过 Amsi)",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525456&idx=1&sn=1ff51ea83820483d2912dc91da0c103e",
+ "description": null,
+ "author": "Ots安全",
+ "category": "Ots安全",
+ "pubDate": "2024-12-07T13:09:10"
+ },
+ {
+ "title": "新的 Windows 零日漏洞暴露 NTLM 凭据,已获得非官方补丁",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525456&idx=2&sn=36ccd1ade2da7b7093c538a25b09dc4a",
+ "description": null,
+ "author": "Ots安全",
+ "category": "Ots安全",
+ "pubDate": "2024-12-07T13:09:10"
+ },
+ {
+ "title": "记一次简单的代码审计项目案例",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTUxMzk2NQ==&mid=2247485642&idx=1&sn=afcc7c4a8330cefeed2195326b87685f",
+ "description": null,
+ "author": "安全君呀",
+ "category": "安全君呀",
+ "pubDate": "2024-12-07T12:07:52"
+ },
+ {
+ "title": "记一次JAVA代码审计过程",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDg2MDIxNQ==&mid=2247485194&idx=1&sn=47071e2c86a784f6eeca99def55e03ef",
+ "description": null,
+ "author": "Jie安全",
+ "category": "Jie安全",
+ "pubDate": "2024-12-07T11:15:35"
+ },
+ {
+ "title": "移动安全框架 (MobSF) 存在存储型XSS漏洞 | CVE-2024-53999",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604682&idx=3&sn=66e331213aaa69ebd6e06ba539c6cbae",
+ "description": null,
+ "author": "黑白之道",
+ "category": "黑白之道",
+ "pubDate": "2024-12-07T10:24:59"
+ },
+ {
+ "title": "sqlmap被动代理小工具",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604682&idx=4&sn=b00a4b26e07c7fbcb487eb3616ea6456",
+ "description": null,
+ "author": "黑白之道",
+ "category": "黑白之道",
+ "pubDate": "2024-12-07T10:24:59"
+ },
+ {
+ "title": "记一次JAVA代码审计过程",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjM5NDM3NQ==&mid=2247486169&idx=1&sn=06e49fd2f6cf2dbdca4eb3c550ed86cf",
+ "description": null,
+ "author": "进击安全",
+ "category": "进击安全",
+ "pubDate": "2024-12-07T10:20:28"
+ },
+ {
+ "title": "无补丁,I-O Data路由器0Day漏洞被利用",
+ "link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651309095&idx=1&sn=c6dd464702642072510bbb85c37cb402",
+ "description": "补丁预计将在12月18日发布,因此在此之前用户将面临比较严重的风险。",
+ "author": "FreeBuf",
+ "category": "FreeBuf",
+ "pubDate": "2024-12-07T10:04:20"
+ },
+ {
+ "title": "深度解析GoldenEyeDog APT组织最新攻击技术动向",
+ "link": "https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655261379&idx=1&sn=ee9f64fe9cbad33d1a141c69151701d7",
+ "description": null,
+ "author": "计算机与网络安全",
+ "category": "计算机与网络安全",
+ "pubDate": "2024-12-07T09:57:20"
+ },
+ {
+ "title": "Mitre Att&ck框架T1036.006(文件名后面的空格)技术的简单实现",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484920&idx=1&sn=2bada6774d9702240e6f8d840640f4dc",
+ "description": "Mitre Att\\\\x26amp;ck框架T1036.006(文件名后面的空格)技术的简单实现",
+ "author": "新蜂网络安全实验室",
+ "category": "新蜂网络安全实验室",
+ "pubDate": "2024-12-07T09:04:06"
+ },
+ {
+ "title": "俄黑客利用Cloudflare Tunnels和 DNS Fast-Flux 隐藏恶意软件针对乌克兰",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793408&idx=2&sn=62e5b7cce0750160459330d1cb527daf",
+ "description": "研究人员发现俄罗斯黑客组织利用Cloudflare Tunnels和 DNS Fast-Flux隐藏恶意软件的托管设施。",
+ "author": "军哥网络安全读报",
+ "category": "军哥网络安全读报",
+ "pubDate": "2024-12-07T09:01:41"
+ },
+ {
+ "title": "新的Windows 0day漏洞:攻击者几乎无需用户交互即可窃取 NTLM 凭据",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793408&idx=3&sn=07c14519c7e26f4483bd662559941c89",
+ "description": "从win7到最新的win11 24h2均存在的新0day漏洞,打开文件夹就能触发。",
+ "author": "军哥网络安全读报",
+ "category": "军哥网络安全读报",
+ "pubDate": "2024-12-07T09:01:41"
+ },
+ {
+ "title": "漏洞预警 | Zabbix SQL注入漏洞",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491663&idx=1&sn=13f8337d2c5b035b77d6655b19c9fc53",
+ "description": "Zabbix前端的CUser类中的addRelatedObjects函数未对输入数据进行充分验证和转义,导致具有API访问权限的恶意用户可以通过user.get API传递特制输入触发SQL注入攻击。",
+ "author": "浅安安全",
+ "category": "浅安安全",
+ "pubDate": "2024-12-07T08:30:49"
+ },
+ {
+ "title": "【PWN】堆溢出2.23 Off-By-One",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NDYwOTcxNg==&mid=2247485038&idx=1&sn=2d307c01f15498c12c5bcad97233f8ab",
+ "description": "2.23堆溢出Off-By-One,unsortedbin泄露libc配置fastbin attack + realloc_hook调栈。",
+ "author": "智佳网络安全",
+ "category": "智佳网络安全",
+ "pubDate": "2024-12-07T08:30:49"
+ },
+ {
+ "title": "浅谈利用PDF钓鱼攻击",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzIwNTY1OA==&mid=2247509598&idx=1&sn=be74c502c8b0cd301e12048e894f9257",
+ "description": "利用PDF文件,诱导用户点击文件,即可获取系统权限。",
+ "author": "kali笔记",
+ "category": "kali笔记",
+ "pubDate": "2024-12-07T08:00:57"
+ },
+ {
+ "title": "云安全学习-密钥泄露与CF利用框架",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486945&idx=2&sn=beee676ac80e94387272c03affb7e5cb",
+ "description": "u200b首先认识下阿里云官方解释的什么是AccessKey:在调用阿里云API时您需要使用AccessKey完成身份验证。AccessKey包括AccessKey ID和AccessKey Secret,需要一起使用。",
+ "author": "进击的HACK",
+ "category": "进击的HACK",
+ "pubDate": "2024-12-07T07:56:26"
+ },
+ {
+ "title": "【SDL实践指南】Foritify结构化规则定义",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493770&idx=2&sn=d76331319fa028f0f4379b0f87c23020",
+ "description": "基本介绍结构分析器匹配源代码中的任意程序结构,它的设计目的不是为了发现由执行流或数据流引起的问题,相反它通过",
+ "author": "七芒星实验室",
+ "category": "七芒星实验室",
+ "pubDate": "2024-12-07T07:00:42"
+ },
+ {
+ "title": "实战红蓝:谈一谈NSmartProxy流量特征在实战中的表现",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486222&idx=1&sn=f1b43263c2fab0c92dd05ae1bcc4c16d",
+ "description": null,
+ "author": "TtTeam",
+ "category": "TtTeam",
+ "pubDate": "2024-12-07T00:01:07"
+ },
+ {
+ "title": "PC逆向 -- 用户APC执行",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037147&idx=2&sn=2980166e539b9fecaf3f664831f7a1ae",
+ "description": null,
+ "author": "逆向有你",
+ "category": "逆向有你",
+ "pubDate": "2024-12-07T00:00:15"
+ },
+ {
+ "title": "【免杀干货】杀毒软件检测详解",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI1Mjc3NTUwMQ==&mid=2247537058&idx=1&sn=e1aa16a7450e6eb919e87021ac20192a",
+ "description": "收藏学习",
+ "author": "教父爱分享",
+ "category": "教父爱分享",
+ "pubDate": "2024-12-06T23:59:45"
+ },
+ {
+ "title": "【漏洞预警】SonicWall SMA100 SSL-VPN缓冲区溢出漏洞CVE-2024-45318",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489275&idx=1&sn=31722ca4a5e3edc74c5e218e4bfedbdf",
+ "description": null,
+ "author": "飓风网络安全",
+ "category": "飓风网络安全",
+ "pubDate": "2024-12-06T23:49:32"
+ },
+ {
+ "title": "HTB-Vintage笔记",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTQxOTA3Ng==&mid=2247489250&idx=1&sn=e244c73804185afe5f0cf4752865bdbc",
+ "description": null,
+ "author": "Jiyou too beautiful",
+ "category": "Jiyou too beautiful",
+ "pubDate": "2024-12-06T23:17:24"
+ },
+ {
+ "title": "网安瞭望台第9期:0day 情报,OAuth 2.0授权流程学习",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTkwODU3Ng==&mid=2247514008&idx=1&sn=5c670c62b4c5fa4a355f424e56645be1",
+ "description": "网安资讯分享\\\\x0d\\\\x0aDAILY NEWS AND KNOWLEDGE",
+ "author": "东方隐侠安全团队",
+ "category": "东方隐侠安全团队",
+ "pubDate": "2024-12-06T21:54:51"
+ },
+ {
+ "title": "从JS代码审计到GraphQL利用的管理账户接管",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496534&idx=1&sn=493cff035c6dde66c5b31d96de6f3834",
+ "description": null,
+ "author": "迪哥讲事",
+ "category": "迪哥讲事",
+ "pubDate": "2024-12-06T21:38:57"
+ },
+ {
+ "title": "CVE-2024-42327 Zabbix SQL注入 POC",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247495970&idx=1&sn=ff9a5f04745abfade7cb4ca85fc55840",
+ "description": null,
+ "author": "Khan安全攻防实验室",
+ "category": "Khan安全攻防实验室",
+ "pubDate": "2024-12-06T19:50:37"
+ },
+ {
+ "title": "【安全圈】I-O Data路由器0Day漏洞被利用,无修复补丁",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066435&idx=3&sn=bbca90f744a9f08fd2d2e9d95bb190e2",
+ "description": null,
+ "author": "安全圈",
+ "category": "安全圈",
+ "pubDate": "2024-12-06T19:00:27"
+ },
+ {
+ "title": "混淆 Office 宏以逃避 Defender",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525341&idx=3&sn=197b8217ce933acb3c06e016737a1e79",
+ "description": null,
+ "author": "Ots安全",
+ "category": "Ots安全",
+ "pubDate": "2024-12-06T18:09:22"
+ },
+ {
+ "title": "实战!一次超简单的网站后门利用体验",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzIwMzc3NTkxMA==&mid=2247491233&idx=3&sn=cb494f72f9e49b7d0b8bc8158dbd176c",
+ "description": null,
+ "author": "电信云堤",
+ "category": "电信云堤",
+ "pubDate": "2024-12-06T18:01:43"
+ },
+ {
+ "title": "未然威胁追踪 | 深度解析GoldenEyeDog APT组织最新攻击技术动向",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAwODU5NzYxOA==&mid=2247505657&idx=1&sn=22625bef15dad3040d367c97fb602c7e",
+ "description": "GoldenEyeDogAPT组织伪装常用软件诱导安装恶意程序,实现远程控制。",
+ "author": "华为安全",
+ "category": "华为安全",
+ "pubDate": "2024-12-06T17:30:32"
+ },
+ {
+ "title": "CNNVD 关于SonicWall SMA100 安全漏洞的通报",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxODY1OTM5OQ==&mid=2651461968&idx=1&sn=0a6663b04895b46371bd12da4468b547",
+ "description": "近日,国家信息安全漏洞库(CNNVD)收到关于SonicWall SMA100 安全漏洞(CNNVD-202412-487、CVE-2024-45318)情况的报送。",
+ "author": "CNNVD安全动态",
+ "category": "CNNVD安全动态",
+ "pubDate": "2024-12-06T17:10:06"
+ },
+ {
+ "title": "恶意软件分析-代码注入",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDg3OTc0OA==&mid=2247488896&idx=1&sn=68a8307a5264347a644d93378ae6d367",
+ "description": null,
+ "author": "Relay学安全",
+ "category": "Relay学安全",
+ "pubDate": "2024-12-06T17:09:18"
+ },
+ {
+ "title": "新一代Webshell管理器",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568143&idx=2&sn=d5a6df73e38793ccfdecd67ecae32403",
+ "description": null,
+ "author": "马哥网络安全",
+ "category": "马哥网络安全",
+ "pubDate": "2024-12-06T17:00:34"
+ },
+ {
+ "title": "SonicWall SMA100 SSLVPN 多个高危漏洞安全风险通告",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502571&idx=1&sn=c30e1d47ae1059542d59b52c7c4ddfd5",
+ "description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。",
+ "author": "奇安信 CERT",
+ "category": "奇安信 CERT",
+ "pubDate": "2024-12-06T15:55:21"
+ },
+ {
+ "title": "一文学会shiro反序列化",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484171&idx=1&sn=1a340e6c0983e249883ffa49c67206d3",
+ "description": "shiro反序列化漏洞",
+ "author": "simple学安全",
+ "category": "simple学安全",
+ "pubDate": "2024-12-06T15:43:51"
+ },
+ {
+ "title": "金眼狗APT后门处置",
+ "link": "https://mp.weixin.qq.com/s?__biz=MjM5ODkxMTEzOA==&mid=2247484375&idx=1&sn=1f76fc8d445edfc4387c1d3e501f79dd",
+ "description": "金眼狗APT后门处置,作者:雁过留痕@深信服MSS专家部。",
+ "author": "安服仔的救赎",
+ "category": "安服仔的救赎",
+ "pubDate": "2024-12-06T15:09:14"
+ },
+ {
+ "title": "组策略安全噩梦 第二部分",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485618&idx=2&sn=f01a6dd1559a75dd2631663c6b18d3e5",
+ "description": null,
+ "author": "securitainment",
+ "category": "securitainment",
+ "pubDate": "2024-12-06T14:56:20"
+ },
+ {
+ "title": "Apache-HertzBeat开源实时监控系统存在默认口令漏洞【漏洞复现|附nuclei-POC】",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTcwOTMwMQ==&mid=2247484585&idx=1&sn=5454bc75cdf44fafbb3e5e8027140664",
+ "description": null,
+ "author": "脚本小子",
+ "category": "脚本小子",
+ "pubDate": "2024-12-06T14:40:57"
+ },
+ {
+ "title": "【免杀】单文件一键击溃windows defender进程 v1.1发布!",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg4Mzg4OTIyMA==&mid=2247485851&idx=1&sn=a1db0833cfab8195b3301d922d7b0538",
+ "description": "单文件一键击溃windows defender\\\\x0d\\\\x0a使用资源文件嵌入驱动,避免直接依赖外部文件\\\\x0d\\\\x0a替换旧版本驱动文件,旧版本驱动证书已过期",
+ "author": "威零安全实验室",
+ "category": "威零安全实验室",
+ "pubDate": "2024-12-06T13:30:33"
+ },
+ {
+ "title": "接口测试二三事",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247545690&idx=1&sn=3d45ecc2dd5998e9a91906e5ceaa5e69",
+ "description": null,
+ "author": "掌控安全EDU",
+ "category": "掌控安全EDU",
+ "pubDate": "2024-12-06T12:00:16"
+ },
+ {
+ "title": "干货|一文搞懂加密流量检测的解决方法和技术细节",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247124&idx=2&sn=8e23579cb82d06948bf7f91642d24e49",
+ "description": null,
+ "author": "e安在线",
+ "category": "e安在线",
+ "pubDate": "2024-12-06T11:26:50"
+ },
+ {
+ "title": "中国科学院信工所 | Snowflake代理请求的隐蔽性分析",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247491417&idx=1&sn=948790356cdbfb890e36824bd672ac2d",
+ "description": "采用机器学习模型对Snowflake代理请求进行精准检测。",
+ "author": "安全学术圈",
+ "category": "安全学术圈",
+ "pubDate": "2024-12-06T10:26:45"
+ },
+ {
+ "title": "攻防|记一次溯源真实案例",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604658&idx=3&sn=d0065fbf3c181a1e7c9cdac026f2895a",
+ "description": null,
+ "author": "黑白之道",
+ "category": "黑白之道",
+ "pubDate": "2024-12-06T10:03:46"
+ },
+ {
+ "title": "一个绕过 EDR 的dumplsass免杀工具",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604658&idx=4&sn=01d4146012efc924fe7b8f0d366f971a",
+ "description": null,
+ "author": "黑白之道",
+ "category": "黑白之道",
+ "pubDate": "2024-12-06T10:03:46"
+ },
+ {
+ "title": "工具集:BurpSuite-collections【burp插件合集】",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484779&idx=1&sn=7b4c268d7c7db35eaad297a0fb50dcb9",
+ "description": null,
+ "author": "风铃Sec",
+ "category": "风铃Sec",
+ "pubDate": "2024-12-06T09:08:46"
+ },
+ {
+ "title": "黑客利用 MOONSHINE 漏洞和 DarkNimbus 后门攻击",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793394&idx=2&sn=06277be44ef38c9683d24a9ef2472d1c",
+ "description": "趋势科技发的新报告。",
+ "author": "军哥网络安全读报",
+ "category": "军哥网络安全读报",
+ "pubDate": "2024-12-06T09:00:59"
+ },
+ {
+ "title": "Mitre_Att&ck框架T1574.001技术(劫持Dll搜索顺序)的简单实现",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484913&idx=1&sn=38c952a43bd8d00d7d0251d15f3463c1",
+ "description": "Mitre_Att\\\\x26amp;ck框架T1574.001技术(劫持Dll搜索顺序)的简单实现",
+ "author": "新蜂网络安全实验室",
+ "category": "新蜂网络安全实验室",
+ "pubDate": "2024-12-06T09:00:25"
+ },
+ {
+ "title": "渗透测试人员的 Nmap:漏洞扫描",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485821&idx=1&sn=b98633172a515bdd2cbbfed5efdc3e30",
+ "description": "Nmap 脚本引擎 (NSE) 是 Nmap 最有效的功能之一,它允许用户准备和共享脚本,以自动执行涉及网络的众多任务。",
+ "author": "三沐数安",
+ "category": "三沐数安",
+ "pubDate": "2024-12-06T09:00:25"
+ },
+ {
+ "title": "利用伪装$Version Cookie绕过WAF防火墙",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492726&idx=1&sn=9e6c4dc27f3599ad2ca6487f320cf05c",
+ "description": "通过使用伪装的 $Version 属性,可以有效地绕过许多 Web 应用防火墙 (WAF)。此技术利用了许多 WAF 对 Cookie 标头解析的不一致性。",
+ "author": "二进制空间安全",
+ "category": "二进制空间安全",
+ "pubDate": "2024-12-06T08:55:58"
+ },
+ {
+ "title": "Jolokia logback JNDI RCE漏洞复现",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY3MTM4Nw==&mid=2247484054&idx=1&sn=8a23efc97b5ae0c014ad74d391dd5717",
+ "description": "JNDI是 Java 命名与目录接口(Java Naming and Directory Interface),在J2EE规范中是重要的规范之一",
+ "author": "浩凯信安",
+ "category": "浩凯信安",
+ "pubDate": "2024-12-06T08:31:47"
+ },
+ {
+ "title": "实战|记一次溯源真实案例",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247517178&idx=1&sn=0970bac0e2ec58b8d9669c8556dd6001",
+ "description": null,
+ "author": "HACK之道",
+ "category": "HACK之道",
+ "pubDate": "2024-12-06T08:04:41"
+ },
+ {
+ "title": "POC集合,框架nday漏洞利用",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247492910&idx=1&sn=09a010c00e7b570a4044e87718fd1ea4",
+ "description": null,
+ "author": "夜组安全",
+ "category": "夜组安全",
+ "pubDate": "2024-12-06T08:02:20"
+ },
+ {
+ "title": "某订货系统文件上传漏洞分析",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247509663&idx=1&sn=36790b3290209381053ccbb1036f3b23",
+ "description": null,
+ "author": "李白你好",
+ "category": "李白你好",
+ "pubDate": "2024-12-06T08:01:05"
+ },
+ {
+ "title": "漏洞预警 | WordPress Elementor PDF生成器任意文件下载漏洞",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491646&idx=1&sn=e2735658a6d4f6f895d5a79139c28b03",
+ "description": "WordPress Elementor页面生成器插件PDF生成器的/elementor-84接口存在任意文件下载漏洞,未经身份验证的攻击者可以通过该漏洞下载服务器任意文件,从而获取大量敏感信息。",
+ "author": "浅安安全",
+ "category": "浅安安全",
+ "pubDate": "2024-12-06T08:00:57"
+ },
+ {
+ "title": "漏洞预警 | 用友U8CRM SQL注入漏洞",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491646&idx=2&sn=146ed161d1ca3fb154097be23b43a507",
+ "description": "用友U8CRM客户关系管理系统存在SQL注入漏洞,未经身份验证的攻击者通过漏洞执行任意SQL语句,调用xp_cmdshell写入后门文件,执行任意代码,从而获取到服务器权限。",
+ "author": "浅安安全",
+ "category": "浅安安全",
+ "pubDate": "2024-12-06T08:00:57"
+ },
+ {
+ "title": "新型网络钓鱼服务“Rockstar 2FA”来袭,微软 365 用户面临攻击威胁",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899703&idx=1&sn=f8913402ae49952d0b206b8e65d7434a",
+ "description": "网络安全研究人员警告称,一种名为“Rockstar 2FA”的网络钓鱼即服务(PhaaS)工具包正被用于恶意邮件活动,旨在窃取微软 365 帐户凭据。",
+ "author": "技术修道场",
+ "category": "技术修道场",
+ "pubDate": "2024-12-06T08:00:48"
+ },
+ {
+ "title": "[04]恶意文档分析-工具篇-OleTools(一)",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI4MDcxODc4MQ==&mid=2247485099&idx=1&sn=82a1499793e45c47eac7f2cb8af73806",
+ "description": "恶意文档分析,一学就会!",
+ "author": "Y1X1n安全",
+ "category": "Y1X1n安全",
+ "pubDate": "2024-12-06T08:00:44"
+ },
+ {
+ "title": "浅谈红队中那些常见的场景和问题",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486926&idx=2&sn=ea58246c8cfed147506b4764e57aaaa2",
+ "description": "浅谈红队中那些常见的场景和问题。",
+ "author": "进击的HACK",
+ "category": "进击的HACK",
+ "pubDate": "2024-12-06T07:57:01"
+ },
+ {
+ "title": "Villain C2",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503763&idx=1&sn=1b457900f24b3fe2e8c7f054f7f9a200",
+ "description": "乘坐 C2 快速前往 Revershell Lane 最近,除了 Cobalt Strike 之外,我一直在摆弄其他 C2,因为",
+ "author": "安全狗的自我修养",
+ "category": "安全狗的自我修养",
+ "pubDate": "2024-12-06T07:11:46"
+ },
+ {
+ "title": "CVE-2024-22399 - SwingLazyValue利用链构造分析",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517492&idx=1&sn=f586d9016d9592f6f6dffa36d64a2eda",
+ "description": null,
+ "author": "船山信安",
+ "category": "船山信安",
+ "pubDate": "2024-12-06T02:00:41"
+ },
+ {
+ "title": "ATT&CK红队评估实战靶场二",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzY5NDUyMQ==&mid=2247484853&idx=1&sn=9b889d07c5e333da0d5f5657dbb81ec6",
+ "description": null,
+ "author": "flowers-boy",
+ "category": "flowers-boy",
+ "pubDate": "2024-12-06T00:29:49"
+ },
+ {
+ "title": "WAF自动化绕过工具 -- x-waf",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515071&idx=1&sn=214be935ebb249a12f64fd88a876dc30",
+ "description": null,
+ "author": "Web安全工具库",
+ "category": "Web安全工具库",
+ "pubDate": "2024-12-06T00:01:13"
+ },
+ {
+ "title": "安卓逆向 -- 某定位软件分析",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037129&idx=1&sn=9f23954b167130ade615e71c326c9f4a",
+ "description": null,
+ "author": "逆向有你",
+ "category": "逆向有你",
+ "pubDate": "2024-12-06T00:00:49"
+ },
+ {
+ "title": "PC逆向 -- 内核APC执行",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037129&idx=2&sn=48a950a51b0bb5f95804cd7fea6d5a97",
+ "description": null,
+ "author": "逆向有你",
+ "category": "逆向有你",
+ "pubDate": "2024-12-06T00:00:49"
+ },
+ {
+ "title": "端口存活扫描工具 -- x-pscan(12月4日更新)",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247498834&idx=1&sn=de1e00a45bbc8c8e115645394496821f",
+ "description": null,
+ "author": "网络安全者",
+ "category": "网络安全者",
+ "pubDate": "2024-12-06T00:00:48"
+ },
+ {
+ "title": "【免杀】单文件一键击溃windows defender进程 v1.1发布!",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491607&idx=1&sn=803fe3abf2c407e54b3d4ec1545abeb0",
+ "description": "单文件一键击溃windows defender\\\\x0d\\\\x0a使用资源文件嵌入驱动,避免直接依赖外部文件\\\\x0d\\\\x0a替换旧版本驱动文件,旧版本驱动证书已过期",
+ "author": "星落安全团队",
+ "category": "星落安全团队",
+ "pubDate": "2024-12-06T00:00:16"
+ },
+ {
+ "title": "立即修复,微软驱动程序关键漏洞已被APT组织利用",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkzNjIzMjM5Ng==&mid=2247490066&idx=1&sn=19f10acfb4432ac39d26b9c846eece40",
+ "description": null,
+ "author": "信息安全大事件",
+ "category": "信息安全大事件",
+ "pubDate": "2024-12-05T20:24:32"
+ },
+ {
+ "title": "SMB 中继:攻击、缓解、策略和有效的解决方案",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247504962&idx=1&sn=dae7a03ab07cc04acc999dbe7a920e9a",
+ "description": null,
+ "author": "网络研究观",
+ "category": "网络研究观",
+ "pubDate": "2024-12-05T19:17:18"
+ },
+ {
+ "title": "【安全圈】立即修复,微软驱动程序关键漏洞已被APT组织利用",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066421&idx=2&sn=c856137ec845bc74a8a86abc23c1eb69",
+ "description": null,
+ "author": "安全圈",
+ "category": "安全圈",
+ "pubDate": "2024-12-05T19:01:01"
+ },
+ {
+ "title": "大模型的反序列化导致的RCE漏洞",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU0MzkzOTYzOQ==&mid=2247489539&idx=1&sn=69e2563458072584247038ace3c47897",
+ "description": "大模型RCE漏洞!!",
+ "author": "黑伞安全",
+ "category": "黑伞安全",
+ "pubDate": "2024-12-05T18:04:31"
+ },
+ {
+ "title": "新型网络钓鱼活动利用损坏的 Word 文档来逃避安全保护",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525328&idx=1&sn=aa4690f683a66fd805db9c7b4ebb5d2f",
+ "description": null,
+ "author": "Ots安全",
+ "category": "Ots安全",
+ "pubDate": "2024-12-05T17:53:47"
+ },
+ {
+ "title": "CVE-2024-42448 (CVSS 9.9):Veeam VSPC 中的严重 RCE 漏洞",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525328&idx=2&sn=9359464472ac9ce0e09e7e04e80d874f",
+ "description": null,
+ "author": "Ots安全",
+ "category": "Ots安全",
+ "pubDate": "2024-12-05T17:53:47"
+ },
+ {
+ "title": "一种可绕过MFA认证的邻近入侵技术",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492683&idx=1&sn=9a95dbd2eb123c7bf3d9634288a7de32",
+ "description": "“邻近攻击”本质上是一种近距离访问操作,但避免了攻击者被物理识别或拘留的风险。这种攻击方式既具备近距离接触的所有好处,又允许幕后操作者远在千里之外。",
+ "author": "二进制空间安全",
+ "category": "二进制空间安全",
+ "pubDate": "2024-12-05T17:52:16"
+ },
+ {
+ "title": "日本CERT提醒:IO-Data 路由器中的多个0day已遭利用",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247521692&idx=2&sn=adb3ff5ba3ff65807012edd28d90be20",
+ "description": "其它两个0day的补丁将于12月18日推出",
+ "author": "代码卫士",
+ "category": "代码卫士",
+ "pubDate": "2024-12-05T17:46:29"
+ },
+ {
+ "title": "Nessus扫描报告自动化生成工具",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568045&idx=1&sn=733899809ca7843908e3295aae3111f4",
+ "description": null,
+ "author": "马哥网络安全",
+ "category": "马哥网络安全",
+ "pubDate": "2024-12-05T17:01:04"
+ },
+ {
+ "title": "某OA 11.10 未授权任意文件上传",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247487839&idx=1&sn=c7739038fa14d38c3ffb3e3fd0f46786",
+ "description": "前几天看到通达 OA 11.10 存在未授权任意文件上传漏洞,于是也打算对此进行复现和分析。",
+ "author": "蚁景网安",
+ "category": "蚁景网安",
+ "pubDate": "2024-12-05T16:30:26"
+ },
+ {
+ "title": "Yakit针对流量加密APP的Frida rpc解决方案",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491126&idx=1&sn=8a07cf454033234da27ea3525f5cd616",
+ "description": "本文只要讲述针对复杂流量加密的APP,如何在Yakit工具下采用Frida rpc的方式进行流量解密测试。",
+ "author": "实战安全研究",
+ "category": "实战安全研究",
+ "pubDate": "2024-12-05T15:29:44"
+ },
+ {
+ "title": "攻防的较量,杀毒软件的致命缺陷",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODE5OTM5Nw==&mid=2247486613&idx=1&sn=ff6a075a665310c9459d711c4e78ce18",
+ "description": "根据云查杀引擎设计原理,我们发现基于黑白名单的检测机制存在时间绕过的缺陷,这意味着在下一次同步(一般是2-4小时)云规则前,文件仍处于灰名单期间它将绕过。",
+ "author": "白帽子安全笔记",
+ "category": "白帽子安全笔记",
+ "pubDate": "2024-12-05T14:22:48"
+ },
+ {
+ "title": "干货|一文搞懂加密流量检测的解决方法和技术细节",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247117&idx=2&sn=4cfb96c5877794de29c638e7e3154263",
+ "description": null,
+ "author": "e安在线",
+ "category": "e安在线",
+ "pubDate": "2024-12-05T13:52:08"
+ },
+ {
+ "title": "Mitre Att&ck框架T1205.001(端口敲击)和T1205.002(套接字过滤)技术的简单实现",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484898&idx=1&sn=0b8fe71a5d54db4c3434020ad198578e",
+ "description": "Mitre Att\\\\x26amp;ck框架T1205.001(端口敲击)和T1205.002(套接字过滤)技术的简单实现",
+ "author": "新蜂网络安全实验室",
+ "category": "新蜂网络安全实验室",
+ "pubDate": "2024-12-05T13:05:08"
+ },
+ {
+ "title": "js逆向案例-cookie反爬之akamai_2.0-上",
+ "link": "https://mp.weixin.qq.com/s?__biz=MzU5NTcyMDc1Ng==&mid=2247493337&idx=1&sn=b903406edf42dde48c2b0ad2721eafef",
+ "description": "js逆向案例-cookie反爬之akamai_2.0-上",
+ "author": "逆向OneByOne",
+ "category": "逆向OneByOne",
+ "pubDate": "2024-12-05T12:55:42"
+ },
+ {
+ "title": "9个超级实用BurpSuite插件,SRC漏洞挖掘利器打包推荐",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247487695&idx=1&sn=65d7e7419f8d11a5cd05a191525939d6",
+ "description": "前段时间自己在做项目的时候,需要用到一些漏洞扫描工具,以及一些被动扫描的工具,其中BurpSuite中的几个插件起到了关键性的作用,其实在实际攻防演练,或者渗透中一些漏洞出现的概率还是挺高的。",
+ "author": "星悦安全",
+ "category": "星悦安全",
+ "pubDate": "2024-12-05T12:52:14"
+ },
+ {
+ "title": "从JS代码审计到GraphQL利用的管理账户接管",
+ "link": "https://mp.weixin.qq.com/s?__biz=MjM5Mzc4MzUzMQ==&mid=2650260223&idx=1&sn=31a7ee28fac382ef469e173b0bcfa32e",
+ "description": null,
+ "author": "骨哥说事",
+ "category": "骨哥说事",
+ "pubDate": "2024-12-05T12:20:18"
+ },
{
"title": "CVE-2024-31317 复现",
"link": "https://mp.weixin.qq.com/s?__biz=MzIxMDYyNTk3Nw==&mid=2247515004&idx=1&sn=49ef9432fd64ba81064c5af61066efee",
@@ -863,6 +1567,14 @@
"category": "安全君呀",
"pubDate": "2024-12-03T11:54:01"
},
+ {
+ "title": "第101篇:一个绕过5层权限校验的0day漏洞的代码审计分析",
+ "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDg2MDIxNQ==&mid=2247485183&idx=1&sn=10c23306ea0a57295373eb38828c61cf",
+ "description": null,
+ "author": "Jie安全",
+ "category": "Jie安全",
+ "pubDate": "2024-12-03T11:49:23"
+ },
{
"title": "Nighthawk 正在推翻 Cobalt Strike",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MzA4NTM0OA==&mid=2247492953&idx=1&sn=d9a55365e49765779b01df8d48c5f943",
@@ -886,717 +1598,5 @@
"author": "爱喝酒烫头的曹操",
"category": "爱喝酒烫头的曹操",
"pubDate": "2024-12-03T11:10:03"
- },
- {
- "title": "【重新架构】基于frp 过卡巴斯基、360核晶、defender、火绒的xlfrc v1.2发布!",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg4Mzg4OTIyMA==&mid=2247485845&idx=1&sn=078a3949ee339e02b6d90fe40a5829a0",
- "description": "分离客户端与服务器端源码,减少程序静态特征\\\\x0d\\\\x0a过卡巴斯基、360、defender、火绒\\\\x0d\\\\x0a支持linux、windows平台",
- "author": "威零安全实验室",
- "category": "威零安全实验室",
- "pubDate": "2024-12-03T11:09:41"
- },
- {
- "title": "Windows 任务计划程序漏洞 (CVE-2024-49039) 零日漏洞利用代码发布",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492812&idx=1&sn=9735ed97824b65fb886b0a07fe30720f",
- "description": null,
- "author": "独眼情报",
- "category": "独眼情报",
- "pubDate": "2024-12-03T10:56:54"
- },
- {
- "title": "环境利用技术(LOLBAS ):Wevtutil.exe",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492812&idx=3&sn=503595d28393816ee1ac73f83325f378",
- "description": null,
- "author": "独眼情报",
- "category": "独眼情报",
- "pubDate": "2024-12-03T10:56:54"
- },
- {
- "title": "干货|一文搞懂加密流量检测的解决方法和技术细节",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247095&idx=2&sn=30cf5f1c62ec1628508a4c5befee3711",
- "description": null,
- "author": "e安在线",
- "category": "e安在线",
- "pubDate": "2024-12-03T10:03:11"
- },
- {
- "title": "Mitre Att&ck框架T1659技术(内容注入)的简单实现",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484856&idx=1&sn=50889b2328e4bc809b7309d7d377ac41",
- "description": "分别使用fakedns和ettercap说明T1659技术的实现原理。",
- "author": "新蜂网络安全实验室",
- "category": "新蜂网络安全实验室",
- "pubDate": "2024-12-03T10:00:27"
- },
- {
- "title": "应急响应之linux 排查",
- "link": "https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247504792&idx=2&sn=df4c87001f3075c83ee292b89f3e9179",
- "description": "帮会兼职项目,参与即刻回本",
- "author": "网络安全实验室",
- "category": "网络安全实验室",
- "pubDate": "2024-12-03T09:55:15"
- },
- {
- "title": "【漏洞复现】Bazaar 任意文件读取漏洞(CVE-2024-40348)",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjcxNzE2MQ==&mid=2247484450&idx=1&sn=18f5fca3583408b95ab16f7b37e5ebba",
- "description": "【漏洞复现】Bazaar 任意文件读取漏洞(CVE-2024-40348)",
- "author": "白帽攻防",
- "category": "白帽攻防",
- "pubDate": "2024-12-03T09:04:59"
- },
- {
- "title": "APP常用抓包技巧(Android部分)",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkyNzM2MjM0OQ==&mid=2247495100&idx=1&sn=3475a4c104ee9a91ab871970f4c0ba31",
- "description": "一文学会app抓包",
- "author": "隐雾安全",
- "category": "隐雾安全",
- "pubDate": "2024-12-03T09:00:38"
- },
- {
- "title": "【解析】通过USB设备感染传播的恶意软件Raspberry Robin深度分析",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247535616&idx=3&sn=7f9e04f3d93817c00106c351bdd55285",
- "description": null,
- "author": "安小圈",
- "category": "安小圈",
- "pubDate": "2024-12-03T08:45:43"
- },
- {
- "title": "微信4.0聊天记录数据库文件解密分析",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525087&idx=1&sn=1f41edd92aa8c6737f6386e32b5463f1",
- "description": null,
- "author": "乌雲安全",
- "category": "乌雲安全",
- "pubDate": "2024-12-03T08:42:47"
- },
- {
- "title": "出口FireWall助力突破靶标",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNzQyMDkxMQ==&mid=2247487834&idx=1&sn=4bf47d2dc73f0cb7660813c1d27748f2",
- "description": null,
- "author": "赤弋安全团队",
- "category": "赤弋安全团队",
- "pubDate": "2024-12-03T08:39:08"
- },
- {
- "title": "开源的Webshell管理器--游魂",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkyMDM4NDM5Ng==&mid=2247488920&idx=1&sn=007e0d36ce7bc49088c602c74273dfc0",
- "description": "游魂是一个开源的Webshell管理器,提供更为方便的界面和更为简单易用的功能,可配合或代替其他webshell管理器,帮助用户在各类渗透场景中控制目标机器",
- "author": "安全洞察知识图谱",
- "category": "安全洞察知识图谱",
- "pubDate": "2024-12-03T08:30:28"
- },
- {
- "title": "漏洞预警 | 紫光档案管理系统SQL注入漏洞",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491621&idx=2&sn=a67718759a9d841d63ae09745728dcbf",
- "description": "紫光电子档案管理系统的/Archive/ErecordManage/mergeFile接口存在SQL注入漏洞,未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。",
- "author": "浅安安全",
- "category": "浅安安全",
- "pubDate": "2024-12-03T08:03:26"
- },
- {
- "title": "漏洞预警 | 百易云资产管理运营系统任意文件上传漏洞",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491621&idx=3&sn=eab772ce86acfdc34824c18d8d6a382e",
- "description": "百易云资产管理运营系统的/mobilefront/c/2.php接口存在任意文件上传漏洞,未经身份验证的攻击者可以通过该漏洞上传恶意脚本文件到服务器,从而控制目标服务器。",
- "author": "浅安安全",
- "category": "浅安安全",
- "pubDate": "2024-12-03T08:03:26"
- },
- {
- "title": "记一次HVV中对某登录框的优雅测试",
- "link": "https://mp.weixin.qq.com/s?__biz=MjM5Mzk0MDE2Ng==&mid=2649608499&idx=1&sn=b37385f175143fc91a15d6faf6ea4999",
- "description": "某地市2024HVV活动中,在对某国企系统打点过程时遇见一个登录框页面摒弃常规账号密码暴破的思路转而对其他页",
- "author": "天地和兴",
- "category": "天地和兴",
- "pubDate": "2024-12-03T07:59:44"
- },
- {
- "title": "记一次认证绕过接管平台",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486889&idx=2&sn=893da33939e5257df0e8783446f7ae8e",
- "description": null,
- "author": "进击的HACK",
- "category": "进击的HACK",
- "pubDate": "2024-12-03T07:56:08"
- },
- {
- "title": "使用PHP实现GitHub API搜索与数据库同步",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg3MTE0NTg4OQ==&mid=2247484021&idx=1&sn=de70e635426988a9dc96bac72edc58cd",
- "description": null,
- "author": "HackTips",
- "category": "HackTips",
- "pubDate": "2024-12-03T07:32:26"
- },
- {
- "title": "云存储攻防之Bucket配置可写",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493730&idx=2&sn=cf365012f325768ff21ac4d308e8e539",
- "description": "基本介绍OBS ACL是基于帐号级别的读写权限控制,权限控制细粒度不如桶策略和IAM权限,OBS支持的被授权",
- "author": "七芒星实验室",
- "category": "七芒星实验室",
- "pubDate": "2024-12-03T07:00:25"
- },
- {
- "title": "第107篇:国*攻防比赛中一个多层嵌套的java内存马的反混淆解密分析过程",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNjM5NDU0OA==&mid=2247486205&idx=1&sn=aa6e6d0fbb48dcd821d505129cf47def",
- "description": null,
- "author": "钟毓安全",
- "category": "钟毓安全",
- "pubDate": "2024-12-03T06:52:40"
- },
- {
- "title": "第71篇:某银行外网打点到内网核心区红队评估复盘",
- "link": "https://mp.weixin.qq.com/s?__biz=MzU3MjU4MjM3MQ==&mid=2247488717&idx=1&sn=d9c8b0ddd2d317d2c88cf7bc621c09a2",
- "description": "本期复盘一次银行的红队评估项目,基本上涵盖了外网打点、内网横向、社工钓鱼、供应链攻击、物理渗透、的方方面面,未知攻、焉知防,希望对红蓝双方都有借鉴意义。",
- "author": "银遁安全团队",
- "category": "银遁安全团队",
- "pubDate": "2024-12-03T06:01:17"
- },
- {
- "title": "啊,这,不是那个隧道啊!!!",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NDQwMDY1Nw==&mid=2247484784&idx=1&sn=c66ddca4dd3de1ac999ae36ef0978a4a",
- "description": "如何使用 NPS 内网穿透工具实现远程访问和管理内网服务器的详细教程。步骤清晰,操作简单,让您轻松实现内网穿透功能。",
- "author": "人遁安全",
- "category": "人遁安全",
- "pubDate": "2024-12-03T06:00:28"
- },
- {
- "title": "【重新架构】基于frp 过卡巴斯基、360核晶、defender、火绒的xlfrc v1.2发布!",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491519&idx=1&sn=addf9eb9b4c1065b7777d6a9d62998b1",
- "description": "分离客户端与服务器端源码,减少程序静态特征\\\\x0d\\\\x0a过卡巴斯基、360、defender、火绒\\\\x0d\\\\x0a支持linux、windows平台",
- "author": "星落安全团队",
- "category": "星落安全团队",
- "pubDate": "2024-12-03T00:00:20"
- },
- {
- "title": "【漏洞情报】任我行管家婆订货易在线商城 UploadImgNoCheck未授权文件上传限制不当漏洞",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489253&idx=1&sn=94cbfc91e7da2499acfad5272df15561",
- "description": null,
- "author": "飓风网络安全",
- "category": "飓风网络安全",
- "pubDate": "2024-12-02T22:37:00"
- },
- {
- "title": "CouchDB 渗透",
- "link": "https://mp.weixin.qq.com/s?__biz=MzA3NTc0MTA1Mg==&mid=2664712081&idx=1&sn=e770b59428ab348451dd921e192bd91c",
- "description": null,
- "author": "小兵搞安全",
- "category": "小兵搞安全",
- "pubDate": "2024-12-02T22:22:18"
- },
- {
- "title": "0day 挖到手软,403 到 getshell",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247517473&idx=1&sn=1b1243aeb8410ce2b661e1d2b892abbe",
- "description": null,
- "author": "Z2O安全攻防",
- "category": "Z2O安全攻防",
- "pubDate": "2024-12-02T21:26:00"
- },
- {
- "title": "【漏洞复现】CVE-2024-11680",
- "link": "https://mp.weixin.qq.com/s?__biz=MzUxMTk4OTA1NQ==&mid=2247484742&idx=1&sn=95c54287f548e5f8ec29e9252cf822b4",
- "description": "PCVE-2024-11680,rојесtSеnd版本在r1720之前受到不当认证漏洞",
- "author": "混子Hacker",
- "category": "混子Hacker",
- "pubDate": "2024-12-02T20:36:16"
- },
- {
- "title": "从零构建一个基于PHP和MySQL的文件管理系统",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg3MTE0NTg4OQ==&mid=2247484016&idx=1&sn=ecebb926f07ebb7f9f16ba3b3cf59c25",
- "description": null,
- "author": "HackTips",
- "category": "HackTips",
- "pubDate": "2024-12-02T20:01:08"
- },
- {
- "title": "【DVWA】验证码攻防对抗实战",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTU2NjA1Mw==&mid=2247494440&idx=1&sn=61b7fba88306364ba294fa96651b8b39",
- "description": "此心光明,亦复何言",
- "author": "儒道易行",
- "category": "儒道易行",
- "pubDate": "2024-12-02T20:00:58"
- },
- {
- "title": "安全卫士 | 魔方安全漏洞周报",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzA5NDc0MA==&mid=2649291900&idx=1&sn=52fb27c14d392ae7db10750c2810342f",
- "description": "成事在微,筑防于先。魔方安全提醒您:注意企业网络空间资产安全!",
- "author": "魔方安全",
- "category": "魔方安全",
- "pubDate": "2024-12-02T18:30:51"
- },
- {
- "title": "API测试思路及crAPI漏洞靶场复现",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDY2MTQ1OQ==&mid=2247523491&idx=1&sn=4ea12a053dc17deb84ecceedaa7abd91",
- "description": null,
- "author": "红队蓝军",
- "category": "红队蓝军",
- "pubDate": "2024-12-02T18:03:53"
- },
- {
- "title": "【已复现】Zabbix SQL注入漏洞(CVE-2024-42327) 安全风险通告",
- "link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502546&idx=1&sn=e301f3d4f389baa4e9e448b7cdefb1e8",
- "description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。",
- "author": "奇安信 CERT",
- "category": "奇安信 CERT",
- "pubDate": "2024-12-02T17:48:25"
- },
- {
- "title": "Patchwork(白象)APT组织Protego远控木马攻击场景复现",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAwNDUzNDExMQ==&mid=2247485166&idx=1&sn=fc6827c1156d35634432440dd02e68b9",
- "description": null,
- "author": "T0daySeeker",
- "category": "T0daySeeker",
- "pubDate": "2024-12-02T17:40:07"
- },
- {
- "title": "本文总结了如何将 Cobalt Strike 的 UDRL、SleepMask 和 BeaconGate 结合满足调用堆栈欺骗",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525250&idx=1&sn=8d751f8f0a34a52f06a024a0cad2ad98",
- "description": null,
- "author": "Ots安全",
- "category": "Ots安全",
- "pubDate": "2024-12-02T17:39:19"
- },
- {
- "title": "Godot 引擎遭到入侵:通过 GodLoader 分发的恶意软件",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525250&idx=3&sn=fb9258e972a652186cea177957f2ff72",
- "description": null,
- "author": "Ots安全",
- "category": "Ots安全",
- "pubDate": "2024-12-02T17:39:19"
- },
- {
- "title": "非管理员就可访问!Zabbix SQL注入漏洞安全风险通告",
- "link": "https://mp.weixin.qq.com/s?__biz=MjM5NjY2MTIzMw==&mid=2650620029&idx=2&sn=9fcc1074fb8178d2f8ac88ecafa3ad0e",
- "description": "亚信安全建议受影响用户尽快采取相关安全措施。",
- "author": "亚信安全",
- "category": "亚信安全",
- "pubDate": "2024-12-02T17:34:56"
- },
- {
- "title": "恶意软件分析-汇编基础",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDg3OTc0OA==&mid=2247488866&idx=1&sn=f8813c6be34c92301c0c6e3df7538660",
- "description": null,
- "author": "Relay学安全",
- "category": "Relay学安全",
- "pubDate": "2024-12-02T17:26:04"
- },
- {
- "title": "【工具分享】I-Wanna-Get-All 主流OA漏洞利用工具",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247486533&idx=1&sn=8d46b544b1fdddb5cbc38b18ab0f13b7",
- "description": "根据提示输入内容执行,集成调用sqlmap\\\\x0d\\\\x0a泛微CheckServer-Sql注入,检测漏洞存在后,将payload字段下内容保存为req文件,使用sqlmap模块构造参数",
- "author": "星悦安全",
- "category": "星悦安全",
- "pubDate": "2024-12-02T16:58:07"
- },
- {
- "title": "Linux通用应急响应脚本",
- "link": "https://mp.weixin.qq.com/s?__biz=MzA4NzU1Mjk4Mw==&mid=2247492111&idx=1&sn=b69e0ad026a6f08f52e4d82c34fbb45e",
- "description": "Linux通用应急响应脚本,适用大多数情况,目前在ubuntu、centos7、kali上均可以正常运行。",
- "author": "Hack分享吧",
- "category": "Hack分享吧",
- "pubDate": "2024-12-02T16:56:30"
- },
- {
- "title": "JAVA安全-反序列化系列-CC6(无依赖链)分析",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MzkwNzI1OQ==&mid=2247485493&idx=1&sn=eae25b060fd652369f42497240baa34d",
- "description": "CC6这条链是基于CC1的基础上,由于在CC1中使用到的AnnotationInvocationHandler类,也就是入口点,它的readObject()在java8u71版本后就进行了修改,导致在jdk8u71后的版本,cc1使用不了",
- "author": "菜狗安全",
- "category": "菜狗安全",
- "pubDate": "2024-12-02T16:30:14"
- },
- {
- "title": "Palo Alto Networks PAN-OS身份认证绕过导致RCE漏洞(CVE-2024-0012)",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzMTcwMTg1Mg==&mid=2247489476&idx=1&sn=fe81181a05d394083a3fca2f8405d4ca",
- "description": "Palo Alto Networks PAN-OS身份认证绕过导致RCE漏洞(CVE-2024-0012)",
- "author": "nday POC",
- "category": "nday POC",
- "pubDate": "2024-12-02T15:43:29"
- },
- {
- "title": "一款快速等保核查、资产扫描工具",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNjQwOTc4MQ==&mid=2247489901&idx=1&sn=e2ffcf91b6bc07bd5261d8d8d59ca3e2",
- "description": "主要功能主机存活探测、漏洞扫描、子域名扫描、端口扫描、各类服务数据库爆破等~~",
- "author": "安全帮",
- "category": "安全帮",
- "pubDate": "2024-12-02T15:13:26"
- },
- {
- "title": "Windows日志分析工具(GUI版)",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NjQ5MTM1MA==&mid=2247492674&idx=1&sn=bed925b80d6823ea8191ede3e6ab18a2",
- "description": null,
- "author": "信安404",
- "category": "信安404",
- "pubDate": "2024-12-02T14:50:25"
- },
- {
- "title": "Windows日志分析工具(GUI版)",
- "link": "https://mp.weixin.qq.com/s?__biz=MjM5ODkxMTEzOA==&mid=2247484360&idx=1&sn=26ad13ef39232b62cd89217fd3506f35",
- "description": "骁佬终于把日志查询、内存检索、md5检索整合在一起了,还开发了GUI,有了自己公众号,给榜一大佬点点关注。",
- "author": "安服仔的救赎",
- "category": "安服仔的救赎",
- "pubDate": "2024-12-02T14:46:21"
- },
- {
- "title": "安卓逆向 -- 某app破解下载和高清功能",
- "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037081&idx=1&sn=53186ffd1f157ab954530c149627c68c",
- "description": null,
- "author": "逆向有你",
- "category": "逆向有你",
- "pubDate": "2024-12-02T14:08:29"
- },
- {
- "title": "Windows 在新的网络钓鱼攻击中感染了后门 Linux 虚拟机",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247579944&idx=1&sn=937ff8a0f0fd609a57acccbdd578fda7",
- "description": "Securonix 研究人员发现的一项新活动是使用网络钓鱼电子邮件执行无人值守的 Linux 虚拟机安装,以破坏企业网络并获得持久性。",
- "author": "嘶吼专业版",
- "category": "嘶吼专业版",
- "pubDate": "2024-12-02T14:00:24"
- },
- {
- "title": "最近邻居攻击:X 罗斯 APT 如何利用附近的 Wi-Fi 网络进行隐秘访问",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485529&idx=1&sn=7f9ed4a43afb4ae162c3165663a3c1bf",
- "description": null,
- "author": "securitainment",
- "category": "securitainment",
- "pubDate": "2024-12-02T13:38:02"
- },
- {
- "title": "一次0Day漏洞Rce审计流程",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNjM5NDU0OA==&mid=2247486203&idx=1&sn=195421b509dcbf7ba6eca59d16085fab",
- "description": null,
- "author": "钟毓安全",
- "category": "钟毓安全",
- "pubDate": "2024-12-02T13:28:36"
- },
- {
- "title": "关于缓存欺骗的小总结",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614389&idx=1&sn=5a4421e74a24a2fd584ca8795acc6f5d",
- "description": null,
- "author": "白帽子左一",
- "category": "白帽子左一",
- "pubDate": "2024-12-02T12:01:48"
- },
- {
- "title": "记一次网上阅卷系统漏洞挖掘",
- "link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247545580&idx=1&sn=b177bb6f876e6363c7633e53a8157dc2",
- "description": null,
- "author": "掌控安全EDU",
- "category": "掌控安全EDU",
- "pubDate": "2024-12-02T12:00:13"
- },
- {
- "title": "干货|一文搞懂加密流量检测的解决方法和技术细节",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247084&idx=2&sn=e08fcb88bf26bb7b749512659c069797",
- "description": null,
- "author": "e安在线",
- "category": "e安在线",
- "pubDate": "2024-12-02T10:34:52"
- },
- {
- "title": "混淆 API 补丁以绕过新的 Windows Defender 行为签名",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485528&idx=1&sn=a662c6388db6cfcf0e8355194f1937af",
- "description": null,
- "author": "securitainment",
- "category": "securitainment",
- "pubDate": "2024-12-02T10:24:00"
- },
- {
- "title": "二开哥斯拉-绕过cloudflare流量检测",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwMzcwMDU5OA==&mid=2247484084&idx=1&sn=ed81804fec0bcd62e7666c0d53b63fcd",
- "description": "WebShell\\\\x0d\\\\x0a\\\\x0d\\\\x0a上传了 但是遇到防火墙拦截了,哎,苦恼连接不上\\\\x0d\\\\x0a\\\\x0d\\\\x0a没办法经过测试发现是因为流量中的字段有敏感字段被拦截了,找了好几个人要了二开过的哥斯拉发现都不行,还是被检测被拦截,无奈只能自己手搓一个二开了",
- "author": "RongRui安全团队",
- "category": "RongRui安全团队",
- "pubDate": "2024-12-02T10:23:40"
- },
- {
- "title": "任子行网络安全审计系统 log_fw_ips_scan_jsondata SQL注入漏洞",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzMTcwMTg1Mg==&mid=2247489464&idx=1&sn=5e9d75fc459499bee5931b854a9e6b22",
- "description": "任子行网络安全审计系统 log_fw_ips_scan_jsondata 接口存在SQL注入漏洞,未经身份验证的远程攻击者除了可以利用xa0SQLxa0注入获取数据库中的信息之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。",
- "author": "nday POC",
- "category": "nday POC",
- "pubDate": "2024-12-02T10:13:51"
- },
- {
- "title": "绕过CDN查找真实IP方法",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604369&idx=3&sn=d57274a3d983b3f0784be283e00d4013",
- "description": null,
- "author": "黑白之道",
- "category": "黑白之道",
- "pubDate": "2024-12-02T10:08:31"
- },
- {
- "title": "一款内存马检测工具",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604369&idx=4&sn=7f784b5acc1a96bd2e06bb3fc4a4709d",
- "description": null,
- "author": "黑白之道",
- "category": "黑白之道",
- "pubDate": "2024-12-02T10:08:31"
- },
- {
- "title": "Windows 自动登录配置指南",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ0NzQwNA==&mid=2247485686&idx=1&sn=ee5f98f830a7ef9a532493c93f427459",
- "description": null,
- "author": "网络个人修炼",
- "category": "网络个人修炼",
- "pubDate": "2024-12-02T10:01:50"
- },
- {
- "title": "一次0Day漏洞Rce审计流程",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDg2MDIxNQ==&mid=2247485181&idx=1&sn=19d894e589badfb040423b5f9dc66b0b",
- "description": null,
- "author": "Jie安全",
- "category": "Jie安全",
- "pubDate": "2024-12-02T10:00:35"
- },
- {
- "title": "二开哥斯拉-绕过cloudflare流量检测",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwMzcwMDU5OA==&mid=2247484055&idx=1&sn=d9bf533093a85156acc9d52b79183c55",
- "description": null,
- "author": "RongRui安全团队",
- "category": "RongRui安全团队",
- "pubDate": "2024-12-02T09:57:03"
- },
- {
- "title": "应用内存中的后渗透利用-远程工具密码读取",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkyMDM4NDM5Ng==&mid=2247488877&idx=1&sn=c590c282cca8fea893d27dfce01c8d29",
- "description": "新版本的todesk和向日葵已经无法从配置文件获取密码,而且常规的替换手法也已经失效",
- "author": "安全洞察知识图谱",
- "category": "安全洞察知识图谱",
- "pubDate": "2024-12-02T09:54:28"
- },
- {
- "title": "Windows常规应急",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNzI2Mzc0Ng==&mid=2247486342&idx=1&sn=7f19ac711aa23420e8154fb8f9d92c1d",
- "description": "“A9 Team 甲方攻防团队,成员来自某证券、微步、青藤、长亭、安全狗等公司。",
- "author": "A9 Team",
- "category": "A9 Team",
- "pubDate": "2024-12-02T09:44:45"
- },
- {
- "title": "蓝队应急响应-Linux日志分析及常用命令总结",
- "link": "https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247504775&idx=2&sn=75c3de7e0ad99bfbbb818769f81c2e17",
- "description": "蓝队应急响应-Linux日志分析及常用命令总结",
- "author": "网络安全实验室",
- "category": "网络安全实验室",
- "pubDate": "2024-12-02T09:37:05"
- },
- {
- "title": "实战!一次超简单的网站后门利用体验",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDY0MjMxNQ==&mid=2247531560&idx=1&sn=d7955cec0a3eaf10a1c57b32b669e6d7",
- "description": null,
- "author": "中国电信安全",
- "category": "中国电信安全",
- "pubDate": "2024-12-02T09:26:04"
- },
- {
- "title": "【新增PHP类型】蚁剑 | 哥斯拉免杀 过雷池、D盾、安全狗的 XlByPassWAF v1.1已更新!",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg4Mzg4OTIyMA==&mid=2247485843&idx=1&sn=379dca0b0551c3a8260b7d113607b925",
- "description": "新增PHP免杀Webshell\\\\x0d\\\\x0a过雷池、D盾、安全狗等WAF \\\\x0d\\\\x0a蚁剑 | 哥斯拉免杀",
- "author": "威零安全实验室",
- "category": "威零安全实验室",
- "pubDate": "2024-12-02T09:15:21"
- },
- {
- "title": "【新增PHP类型】蚁剑 | 哥斯拉免杀 过雷池、D盾、安全狗的 XlByPassWAF v1.1已更新!",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTIzODg0MA==&mid=2247491256&idx=1&sn=b367b232fb68d53f849330476cf3bef4",
- "description": "新增PHP免杀Webshell\\\\x0d\\\\x0a过雷池、D盾、安全狗等WAF \\\\x0d\\\\x0a蚁剑 | 哥斯拉免杀",
- "author": "爱喝酒烫头的曹操",
- "category": "爱喝酒烫头的曹操",
- "pubDate": "2024-12-02T09:14:56"
- },
- {
- "title": "【漏洞复现】OfficeWeb365 SaveDraw 任意文件上传getshell漏洞",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjcxNzE2MQ==&mid=2247484430&idx=1&sn=ce83f5232dd760583f858e6ddccf7aa7",
- "description": "【漏洞复现】OfficeWeb365 SaveDraw 任意文件上传getshell漏洞",
- "author": "白帽攻防",
- "category": "白帽攻防",
- "pubDate": "2024-12-02T09:10:26"
- },
- {
- "title": "新型网络钓鱼活动利用损坏的 Word 文档来逃避安全保护",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793334&idx=3&sn=41a092c18e1be58c7fc8ce61cf44a3ba",
- "description": "攻击者利用损坏的Word文档钓鱼",
- "author": "军哥网络安全读报",
- "category": "军哥网络安全读报",
- "pubDate": "2024-12-02T09:01:01"
- },
- {
- "title": "一次0Day漏洞Rce审计流程",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjM5NDM3NQ==&mid=2247486155&idx=1&sn=853814e2de56863228049b5207d23e70",
- "description": null,
- "author": "进击安全",
- "category": "进击安全",
- "pubDate": "2024-12-02T09:00:59"
- },
- {
- "title": "JS逆向系列12-深入Js Hook",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzNTcwOTgxMQ==&mid=2247484921&idx=1&sn=9eb69d9b85fe59f787b406015424bed2",
- "description": null,
- "author": "Spade sec",
- "category": "Spade sec",
- "pubDate": "2024-12-02T09:00:48"
- },
- {
- "title": "vulnhub之Matrix-2的实践",
- "link": "https://mp.weixin.qq.com/s?__biz=MzA3MjM5MDc2Nw==&mid=2650748838&idx=1&sn=00aa5d5e8d6bb1cfb0c3d8cbad275ab3",
- "description": null,
- "author": "云计算和网络安全技术实践",
- "category": "云计算和网络安全技术实践",
- "pubDate": "2024-12-02T08:57:56"
- },
- {
- "title": "针对【中文】和越南语【用户】的新型【恶意软件】“CleverSoar”",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247535293&idx=3&sn=fcf8a07fcf513c0faac8cd883ee392a1",
- "description": null,
- "author": "安小圈",
- "category": "安小圈",
- "pubDate": "2024-12-02T08:45:48"
- },
- {
- "title": "【漏洞复现】Apache OFBiz远程代码执行漏洞(CVE-2024-45195)",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTY2ODE1NA==&mid=2247484884&idx=1&sn=c3d38f9f57d4e2b96d95aea5b15ddaa6",
- "description": "星标公众号,及时接收推文消息",
- "author": "Z0安全",
- "category": "Z0安全",
- "pubDate": "2024-12-02T08:42:15"
- },
- {
- "title": "针对银狐一些最新攻击样本加载过程的调试分析",
- "link": "https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247489593&idx=1&sn=4791b9831434d21de5e329c04ffde76c",
- "description": "针对银狐一些最新攻击样本加载过程的调试分析",
- "author": "安全分析与研究",
- "category": "安全分析与研究",
- "pubDate": "2024-12-02T08:40:42"
- },
- {
- "title": "开源的Webshell管理器--游魂",
- "link": "https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247504061&idx=1&sn=92014a616ed3945fbbb3b9541ddfac92",
- "description": null,
- "author": "菜鸟学信安",
- "category": "菜鸟学信安",
- "pubDate": "2024-12-02T08:30:43"
- },
- {
- "title": "某通用系统0day审计过程",
- "link": "https://mp.weixin.qq.com/s?__biz=MzU5OTMxNjkxMA==&mid=2247488022&idx=1&sn=67aaed483092d9231c0a1c1744d53f6e",
- "description": null,
- "author": "道一安全",
- "category": "道一安全",
- "pubDate": "2024-12-02T08:12:18"
- },
- {
- "title": "内存马检测工具",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247488428&idx=1&sn=5188e911d690494368fdc456924397d6",
- "description": null,
- "author": "白帽学子",
- "category": "白帽学子",
- "pubDate": "2024-12-02T08:11:23"
- },
- {
- "title": "Wireshark & Packetdrill | TCP RST 之连接不存在的服务端口",
- "link": "https://mp.weixin.qq.com/s?__biz=MzA5NTUxODA0OA==&mid=2247493054&idx=1&sn=9aa118b745b703068af6a2c40e6a5f5d",
- "description": null,
- "author": "Echo Reply",
- "category": "Echo Reply",
- "pubDate": "2024-12-02T08:08:50"
- },
- {
- "title": "Windows权限控制相关的防御与攻击技术",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ5MDM3NA==&mid=2247487114&idx=1&sn=69890ae99784ecfdc8e9a4a7cf1225ad",
- "description": null,
- "author": "SecretTeam安全团队",
- "category": "SecretTeam安全团队",
- "pubDate": "2024-12-02T08:02:54"
- },
- {
- "title": "利用js挖掘漏洞",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247509558&idx=1&sn=4ed77b8fbe43290b3fb889465673e9a3",
- "description": "在漏洞挖掘中,通过对js的挖掘可发现诸多安全问题,此文章主要记录学习如何利用JS测试以及加密参数逆向相关的漏洞挖掘。",
- "author": "李白你好",
- "category": "李白你好",
- "pubDate": "2024-12-02T08:02:42"
- },
- {
- "title": "LLVM Pass转储类或结构的内存布局",
- "link": "https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247487768&idx=1&sn=89d39255b09284433239ad822791febc",
- "description": "面向LLVM Pass小白提供完整可操作示例",
- "author": "青衣十三楼飞花堂",
- "category": "青衣十三楼飞花堂",
- "pubDate": "2024-12-02T08:00:35"
- },
- {
- "title": "漏洞预警 | PAN-OS Web管理界面身份认证绕过漏洞",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491620&idx=1&sn=bc353ebff4eec5172710bb052bc2c31b",
- "description": "PAN-OS设备管理Web界面中存在身份认证绕过漏洞,未经身份验证的远程攻击者可以通过网络访问管理Web界面,从而进行后续活动,包括修改设备配置、访问其他管理功能。",
- "author": "浅安安全",
- "category": "浅安安全",
- "pubDate": "2024-12-02T08:00:13"
- },
- {
- "title": "AUTOSAR OS模块详解(二) Counter",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTYxOTcxMw==&mid=2247492882&idx=1&sn=6c2df5be54cd336d31d3cb16e4924166",
- "description": "本文主要介绍AUTOSAR OS的Counter,并对基于英飞凌Aurix TC3XX系列芯片的Vector Microsar代码和配置进行部分讲解。",
- "author": "汽车电子嵌入式",
- "category": "汽车电子嵌入式",
- "pubDate": "2024-12-02T07:40:28"
- },
- {
- "title": "DedeCMS v5.7 SP2后台SSTI到RCE再到GetShell",
- "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493715&idx=1&sn=f7679c045644db006bb0c43afc218b0a",
- "description": "影响范围DedeCMS v5.7 SP2利用条件登陆后台(有点鸡肋,但是可以结合DedeCMS的其他漏洞进行",
- "author": "七芒星实验室",
- "category": "七芒星实验室",
- "pubDate": "2024-12-02T07:01:03"
- },
- {
- "title": "Windows钓鱼演练工具 -- xiao_fishing",
- "link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515009&idx=1&sn=097c6fa033a767c9238b4b7b4a3d4891",
- "description": null,
- "author": "Web安全工具库",
- "category": "Web安全工具库",
- "pubDate": "2024-12-02T06:44:33"
- },
- {
- "title": "文末获取 | 基于卡巴斯基虚拟化技术实现内核Hook",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491255&idx=1&sn=557595ed39256247197085690907cda6",
- "description": null,
- "author": "星落安全团队",
- "category": "星落安全团队",
- "pubDate": "2024-12-02T00:00:48"
- },
- {
- "title": "什么CNVD证书批量化挖掘 ?",
- "link": "https://mp.weixin.qq.com/s?__biz=MzAwOTQzMjMwOQ==&mid=2247483890&idx=1&sn=a691603b482681117b33c8e20dcc55db",
- "description": "借助fofa搜索引擎达到批量化收集通用网址的目的。",
- "author": "思极安全实验室",
- "category": "思极安全实验室",
- "pubDate": "2024-12-01T22:20:43"
- },
- {
- "title": "横向移动:远程服务",
- "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485789&idx=1&sn=c6a19e4fa62e866815845b4169e95770",
- "description": "在红队评估期间,在入侵完成后,攻击者倾向于在网络中横向移动,以获取有关其他系统的更多相关信息。这种横向移动可以通过使用许多二进制文件/服务/进程来实现。",
- "author": "三沐数安",
- "category": "三沐数安",
- "pubDate": "2024-12-01T21:15:18"
- },
- {
- "title": "由于缓存配置错误而绕过授权",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503485&idx=1&sn=a4ed2402d78a8171463eb0e567952c15",
- "description": "这篇文章是关于我最喜欢的发现之一,因为这是一个非常出乎意料的问题。",
- "author": "安全狗的自我修养",
- "category": "安全狗的自我修养",
- "pubDate": "2024-12-01T21:14:16"
- },
- {
- "title": "网工最容易搞混的三个概念:防火墙、网闸、堡垒机,一文让你轻松搞明白!",
- "link": "https://mp.weixin.qq.com/s?__biz=MzIyMzIwNzAxMQ==&mid=2649463267&idx=1&sn=f42714daafd3449fe284e3bc39c7b4aa",
- "description": "学网络,尽在网络技术联盟站!",
- "author": "网络技术联盟站",
- "category": "网络技术联盟站",
- "pubDate": "2024-12-01T21:08:04"
- },
- {
- "title": "经验贴收稿分享3 | 一次XSS漏洞挖掘",
- "link": "https://mp.weixin.qq.com/s?__biz=MzkxNTY4NTQwMg==&mid=2247484100&idx=1&sn=bd1389cc16246729ae15e078bee53d54",
- "description": null,
- "author": "励行安全",
- "category": "励行安全",
- "pubDate": "2024-12-01T19:22:27"
}
]
\ No newline at end of file
diff --git a/JSON/freebuf.json b/JSON/freebuf.json
index 0224bf5..69b4500 100644
--- a/JSON/freebuf.json
+++ b/JSON/freebuf.json
@@ -1,4 +1,92 @@
[
+ {
+ "title": "关键的联发科芯片组漏洞影响15亿手机用户",
+ "link": "https://www.freebuf.com/news/417104.html",
+ "description": "联发科已经承认了这些安全漏洞,并强烈敦促相关组织立即更新受影响的系统以防范潜在风险。",
+ "body": "联发科(MediaTek)是全球领先的Android平板电脑和智能手机芯片供应商,同时也是全球第二大智能手机芯片制造商,拥有超过15亿活跃的Android设备。该公司以其集成的先进5G、人工智能、成像、连接和游戏技术而闻名,致力于提供高性能解决方案,以增强全球范围内各种设备的用户体验。
![](\"https://image.3001.net/images/2024120",)
各位 Buffer 周末好,以下是本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!![\"\"](\"https://image.3001.net/images/20220923/1663923572_632d7574ead5a97f52086.jpg!small\")
",
+ "category": "资讯",
+ "pubDate": "Fri, 06 Dec 2024 15:44:07 +0800"
+ },
+ {
+ "title": "最强大的Android间谍软件曝光,可提取信息、密码和执行shell命令",
+ "link": "https://www.freebuf.com/news/417070.html",
+ "description": "Monokle 间谍软件功能十分完善,曾号称是最强的间谍软件之一。",
+ "body": "最近在俄罗斯联邦安全局(FSB)查获的手机上发现了一种新的Android间谍软件,这突显了用户隐私和安全持续面临的风险,特别是当设备被当局没收然后归还时。
![](\"https://image.3001.net/images/20241206/1733469855_6752a69fbc368b86c7c1f.png!sm",)
一、控制流平坦化
还原前
![\"image\"](\"https://image.3001.net/images/20241206/1733466950_67529b46739bd7254126d.png!small\")
还原后据Cyber Security News消息,臭名昭著的勒索软件组织 Brain Cipher 近日声称入侵了世界四大会计师事务所之一德勤,并从中窃取了1TB的压缩数据。
![\"\"](\"https://image.3001.net/images/20241206/1733467139_67529c0348d0bb6d8ab42.png!small\")
据BleepingComputer消息,一种名为“DroidBot”的新型安卓系统银行恶意软件试图窃取77 家加密货币交易所和银行应用程序的凭证,涉及英国、意大利、法国、西班牙、葡萄牙等多个国家。
据发现恶意软件的 Cleafy 研究人员称,DroidBot 自 2024 年 6 月以来一直活跃,并作为恶意软件即服务 (MaaS) 平台运行,每月的使用价格为3000美元。
",
+ "category": "资讯",
+ "pubDate": "Fri, 06 Dec 2024 13:47:34 +0800"
+ },
+ {
+ "title": "漏洞挖掘与复现",
+ "link": "https://www.freebuf.com/articles/web/414845.html",
+ "description": "漏洞复现与挖掘",
+ "body": "大家好,我是一个在IT行业十余年的小菜鸟,今天与大家聊一聊漏洞的挖掘与复现。
一 漏洞复现。
1.NetScaler ADC
例如我对CVE-2023-3519漏洞进行了分析,该漏洞是Citrix ADC 和 Citrix Gateway 中存在未经身份验证的远程代码执行漏洞。
由于不同版本会导",
+ "category": "Web安全",
+ "pubDate": "Fri, 06 Dec 2024 12:03:12 +0800"
+ },
+ {
+ "title": "freebuf快速同步语雀文章",
+ "link": "https://www.freebuf.com/sectool/417015.html",
+ "description": "把时间花在重要的事情上,减少浪费时间在重复动作上",
+ "body": "
1. 背景
日常笔记使用语雀记录文章,想要快速同步内容至freebuf,寻找已有工具无果,遂写了个工具方便快速同步文章。
2. 工具
# coding=gbk\nimport re\nimport requests\nfrom urllib.parse import urlparse, parse_qs\nimport os\nimport ",
+ "category": "工具",
+ "pubDate": "Fri, 06 Dec 2024 11:03:02 +0800"
+ },
+ {
+ "title": "I-O Data路由器0Day漏洞被利用,无修复补丁",
+ "link": "https://www.freebuf.com/news/417010.html",
+ "description": "日本CERT发布公告称,黑客正在利用I-O Data路由器设备中的零日漏洞来修改设备设置、执行命令,甚至关闭防火墙。",
+ "body": "日本计算机紧急响应小组(CERT)警告称 ,黑客正在利用I-O Data路由器设备中的零日漏洞来修改设备设置、执行命令,甚至关闭防火墙。
I-O Data在其网站上发布的安全公告中承认确实存在三个零日漏洞,但目前暂无完整的修复补丁,预计将在2024年12月18日发布,因此在此之前用户将面临比较严重的风险。![](\"https://image.3001.net/image",)
全球动态
1. 上海全面开展个人信息保护,对“刷脸支付”等过度索取个人信息行为说“不”
12月4日,上海市网信办在“亮剑浦江·2024”消费领域个人信息权益保护专项执法行动总结交流会议上发布成效评估报告并透露,今年全市范围3704家公共停车场全面落实停车缴费“纯净码”,24家重点咖啡企业开展自查整改。 【Stoli集团在美国的子公司因8月份遭受的勒索软件攻击,以及俄罗斯当局没收其在俄剩余酿酒厂而不得不申请破产保护。![\"\"](\"https://image.3001.net/images/20241205/1733378175_6751407f6ee8aa40b6bdc.png!small\")
Stoli美国公司及其子公司肯塔基猫头鹰公司的总裁兼全球首席执行",
+ "category": "资讯",
+ "pubDate": "Thu, 05 Dec 2024 13:56:42 +0800"
+ },
{
"title": "谷歌浏览器类型混淆漏洞让攻击者能够执行远程代码",
"link": "https://www.freebuf.com/news/416908.html",
@@ -7,6 +95,14 @@
"category": "资讯",
"pubDate": "Thu, 05 Dec 2024 11:29:27 +0800"
},
+ {
+ "title": "利用断开的域管理员RDP会话提权",
+ "link": "https://www.freebuf.com/vuls/416904.html",
+ "description": "当域内管理员登录过攻击者可控的域内普通机器运维或者排查结束后,退出3389时没有退出账号而是直接关掉了远程桌面,那么会产生哪些风险呢?",
+ "body": "
前言
当域内管理员登录过攻击者可控的域内普通机器运维或者排查结束后,退出3389时没有退出账号而是直接关掉了远程桌面,那么会产生哪些风险呢?有些读者第一个想到的肯定就是抓密码,但是如果抓不到明文密码又或者无法pth呢?
通过计划任务完成域内提权
首先模拟域管登录了攻击者可控的普通域内机器并且关掉了3389远程",
+ "category": "漏洞",
+ "pubDate": "Thu, 05 Dec 2024 11:10:43 +0800"
+ },
{
"title": "警惕这类黑产,近百万老年机被远程控制,每月莫名扣费……",
"link": "https://www.freebuf.com/news/416899.html",
@@ -15,6 +111,38 @@
"category": "资讯",
"pubDate": "Thu, 05 Dec 2024 10:46:34 +0800"
},
+ {
+ "title": "安全研究年终总结-分享2024年RCE类的CVE漏洞高危EXP集合!",
+ "link": "https://www.freebuf.com/articles/web/416887.html",
+ "description": "网络安全漏洞不断变化且威胁日益严重,及时了解和修复这些漏洞至关重要。本文介绍的多个CVE漏洞,涉及常见的企业级软件和硬件,黑客可以利用这些漏洞远程控制系统、窃取敏感数据甚至完全破坏服务。",
+ "body": "
缘起
网络安全漏洞不断变化且威胁日益严重,及时了解和修复这些漏洞至关重要。本文介绍的多个CVE漏洞,涉及常见的企业级软件和硬件,黑客可以利用这些漏洞远程控制系统、窃取敏感数据甚至完全破坏服务。
对于企业和开发者来说,了解这些漏洞不仅能帮助保护自己的系统,还能减少数据泄露、经济损失和品牌信誉的风险。因此,深入研究",
+ "category": "Web安全",
+ "pubDate": "Thu, 05 Dec 2024 09:42:13 +0800"
+ },
+ {
+ "title": "信息安全管 | 企业端点与主机安全",
+ "link": "https://www.freebuf.com/articles/endpoint/400836.html",
+ "description": "本文主要探讨企业在管理和强化端点与主机安全方面所面临的挑战,并介绍一些最佳实践和策略,帮助企业构建一个坚固的安全防线。",
+ "body": "
前言:
随着网络威胁的日益复杂化和攻击手段的不断进化,企业端点与主机安全的重要性愈发凸显。端点安全不仅涉及保护企业内部员工的工作站、笔记本电脑、移动设备等,还包括确保服务器、虚拟化环境以及企业数据中心的安全。这些端点作为企业网络的入口和出口,若管理不善,将可能成为网络攻击者的温床和突破口。本文主要探讨企业在管理和强化端点与主机安全方面所面临的挑战,并介绍一",
+ "category": "终端安全",
+ "pubDate": "Thu, 05 Dec 2024 08:46:32 +0800"
+ },
+ {
+ "title": "企业从0到1如何配置 | 工控操作系统标准基线",
+ "link": "https://www.freebuf.com/articles/ics-articles/402959.html",
+ "description": "合理的安全配置基线可以有效降低工控系统受到恶意攻击的风险,提升系统的稳定性和可靠性。",
+ "body": "
前言
开局先废话;前几天领导说要我把企业所有基线标准梳理一下然后我马上就把活甩给小弟做了;同时紧急把我的文件库存拿出来看了一下;顺便分享一下给兄弟们;在制造业随着自动化工控系统的普及和发展,Windows操作系统在工控领域的应用也越来越广泛。然而,由于工控系统的特殊性,对Windows操作系统的安全配置提出了更高的要求。为",
+ "category": "工控安全",
+ "pubDate": "Thu, 05 Dec 2024 08:43:15 +0800"
+ },
+ {
+ "title": "钓鱼网页散播银狐木马,远控后门威胁终端安全",
+ "link": "https://www.freebuf.com/news/416880.html",
+ "description": "在当今网络环境下,许多人都有通过搜索引擎下载应用程序的习惯,虽然这种方式简单又迅速,但这也可能被不法分子所利用,通过设置钓鱼网站来欺骗用户。这些钓鱼网站可能会通过各种方式吸引用户点击,从而进行病毒的传",
+ "body": "
在当今网络环境下,许多人都有通过搜索引擎下载应用程序的习惯,虽然这种方式简单又迅速,但这也可能被不法分子所利用,通过设置钓鱼网站来欺骗用户。这些钓鱼网站可能会通过各种方式吸引用户点击,从而进行病毒的传播,危害个人或企业的信息安全。
我们期望本篇文章有助于帮助您提高网络安全防范意识,",
+ "category": "资讯",
+ "pubDate": "Wed, 04 Dec 2024 21:28:45 +0800"
+ },
{
"title": "FreeBuf早报 | 今年黑客已窃取 14.9 亿美元加密货币;Cloudflare开发人员域正被滥用",
"link": "https://www.freebuf.com/news/416863.html",
@@ -24,139 +152,11 @@
"pubDate": "Wed, 04 Dec 2024 17:35:23 +0800"
},
{
- "title": "立即修复,微软驱动程序关键漏洞已被APT组织利用",
- "link": "https://www.freebuf.com/news/416830.html",
- "description": "2024年8月,微软发布安全更新已经修复该漏洞,强烈建议组织及时进行修复。",
- "body": "
近日,微软被曝Windows AFD.sys漏洞(编号:CVE-2024-38193)正在被黑客组织利用。该漏洞被归类为自带易受攻击驱动程序(BYOVD)漏洞,可影响Windows套接字的注册I/O(RIO)扩展,并允许攻击者远程接管整个系统。
漏洞影响版本包括Windows 11(ARM64、x64,多个版本)、Windows 10(ARM64、x64、32位,多个版本)、Wi",
- "category": "资讯",
- "pubDate": "Wed, 04 Dec 2024 14:37:40 +0800"
- },
- {
- "title": "思科安全设备ASA十年老漏洞正在被利用",
- "link": "https://www.freebuf.com/news/416826.html",
- "description": "该漏洞最初于2014年披露,它允许未经身份验证的远程攻击者对WebVPN用户执行XSS攻击。",
- "body": "
近期,思科系统公司(Cisco Systems)更新了关于CVE-2014-2120的安全公告,警告客户该漏洞已在野外被利用。CVE-2014-2120是一个影响思科自适应安全设备(ASA)软件的WebVPN登录页面的跨站脚本(XSS)漏洞。该漏洞最初于2014年披露,它允许未经身份验证的远程攻击者对WebVPN用户执行XSS攻击。
![](\"https://image",)
据Cyber Security News消息,一名现任苹果员工于美国当地时间12月1日向加利福尼亚州法院提起诉讼,指控苹果侵入性的监控行为干预了员工的个人生活。
![\"\"](\"https://image.3001.net/images/20241204/1733280393_674fc28912cc0257261a4.png!small\")
全球动态
1. 工信部通报27款侵害用户权益行为的APP及SDK
近期,工信部组织第三方检测机构进行抽查,共发现27款App及SDK存在侵害用户权益行为,主要集中在信息窗口关不掉、乱跳转,违规收集个人信息以及过度索取权限等问题。工信部要求相关App开发者限期整改,对于整改落实不到位的,将采取企业约谈、App下架、行政处罚",
- "category": "资讯",
- "pubDate": "Tue, 03 Dec 2024 16:41:40 +0800"
- },
- {
- "title": "知名开源监控系统Zabbix存在SQL 注入漏洞",
- "link": "https://www.freebuf.com/news/416735.html",
- "description": "攻击者可以通过操控特定的API调用,注入恶意SQL代码,从而获得未授权的访问和控制权限。",
- "body": "
Zabbix 存在 SQL 注入漏洞(CVE-2024-42327),该漏洞是由于在 Zabbix前端的CUser类中的addRelatedObjects函数未对输入数据进行充分验证和转义,导致具有API访问权限的恶意用户可以通过user.get API传递特制输入触发SQL注入攻击,进而利用该漏洞实现权限提升或访问敏感数据。开发者经常无意中在网上暴露AWS访问密钥,这已不是秘密,这些密钥在组织有机会撤销它们之前,就被攻击者抓取并滥用。Clutch Security的研究人员进行了一项测试,以查看这种情况发生的速度有多快。
![](\"https://image.3001.net/images/20241203/1733204055_674e9857af59cfdecf8da.png!smal",)
据BleepingComputer消息,韩国Best of the Best (BoB) 培训计划的网络安全学生利用 LogoFAIL 漏洞创建了新型恶意软件Bootkitty,能够攻击Linux系统设备。
固件安全公司Binarly 于2023 年 11 月发现了 LogoFAIL,并警告其可能被用于实际攻击。而安全公司ESET表示,Bootkitty 是第一个专门针对 Lin",
- "category": "资讯",
- "pubDate": "Tue, 03 Dec 2024 11:12:26 +0800"
- },
- {
- "title": "FreeBuf 赠书第109期 | API攻防:Web API安全指南",
- "link": "https://www.freebuf.com/articles/416686.html",
- "description": "这本书就体系化地讲解了Web API 的漏洞挖掘方法和防御策略,能够帮助组织构建起API安全体系。",
- "body": "
知名网络安全公司HackerOne发布的《2023年黑客力量安全报告》透露,已有30名优秀的白帽子各自获得了超100万美元的奖励,而其中最厉害的白帽奖励超过了400万美元。
HackerOne是全球领先的漏洞赏金平台,自2012年成立以来,HackerOne已向白帽子和漏洞研究人员发放了超过3亿美元的奖励。
白帽遵循一套道德准则和职业操守,在获得组织的明确授权后,通过",
- "category": "活动",
- "pubDate": "Mon, 02 Dec 2024 18:54:59 +0800"
- },
- {
- "title": "浅谈一次edusrc | 文件上传成功getshell",
- "link": "https://www.freebuf.com/vuls/416682.html",
- "description": "这篇文章偏基础的src漏洞挖掘,并且讲的内容还是偏向edusrc方面的。",
- "body": "
0x1 前言
这里记录一下我在微信小程序挖人社局等一些人力资源和社会保障部信息中心漏洞,人社这类漏洞相对于web应用端的漏洞来讲要好挖很多,里面的WAF过滤等一些验证也少。比如你在开始学习src漏洞挖掘,就可以从微信小程序下手。
一般像这类漏洞可以在微信小程序检索就业、人社、贷款等关键字
![]()
JNDI高版本注入可以说是java安全大集合了。涉及了许多框架漏洞的组合使用,当分析完JNDI高版本时,我认为也算是正式入门JAVA安全了
全球动态
1. 国家安全部:警惕开源信息成为泄密源头
大数据时代,信息在网络空间发布、传播渠道愈发丰富多样。值得警惕的是,一些敏感信息在未经脱密处理、未经风险隐患评估的情况下,通过互联网公开传播,成为境外间谍情报机关获取开源情报的重要来源,对我国家安全构成威胁。 【上周(11月28日),丹麦发生了一起大规模手机故障事件。丹麦电信运营商 TDC Net 遭遇大规模电信服务中断,导致所有用户无法使用移动电话、短信和网络接入服务,持续时间长达至少一天。
这次中断事件严重扰乱了成千上万人的通信,并引发了人们对基本电信服务可靠性的严重担忧。受影响的群体包括紧急救援人员、医院和通勤上班一族,这表明了现代社会依赖无缝连接的程度。![](\"htt",)
印度电信监管机构推出了旨在保护国家关键基础设施网络免受网络威胁的规则,但专家表示,这些新指南对用户的基本隐私权保护不足。
上周由印度电信部(DoT)发布的这些规定,要求电信实体在六小时内报告网络安全事件,与网络安全当局共享用户流量数据,并采用包括风险管理方法、培训、网络测试和风险评估的网络安全政策。
这些措施是在2023年通过的具有里程碑意义的《电信法》下推出的,对行",
- "category": "资讯",
- "pubDate": "Mon, 02 Dec 2024 13:52:30 +0800"
- },
- {
- "title": "新型钓鱼工具包能让“菜鸟”轻松发动攻击",
- "link": "https://www.freebuf.com/news/416616.html",
- "description": "一种恶意电子邮件活动正利用名为 Rockstar 2FA 的网络钓鱼即服务(PhaaS)工具包窃取 Microsoft 365 用户帐户凭证。",
- "body": "
据The Hacker News消息,研究人员近日发出警告,称一种恶意电子邮件活动正利用名为 Rockstar 2FA 的网络钓鱼即服务(PhaaS)工具包窃取 Microsoft 365 用户帐户凭证。
![](\"https://image.3001.net/images/20241202/1733109695_674d27bfcbce0a33907d7.png!sm",)
一种新型的网络钓鱼攻击利用了微软Word文件恢复功能,通过发送损坏的Word文档作为电子邮件附件,使它们能够因为损坏状态而绕过安全软件,但仍然可以被应用程序恢复。
威胁行为者不断寻找新的方法来绕过电子邮件安全软件,将他们的网络钓鱼邮件送达到目标收件箱。由恶意软件狩猎公司Any.Run发现的一个新的网络钓鱼活动,使用故意损坏的Word文档作为电子邮件附件,这些邮件伪装成来自工资单和",
- "category": "资讯",
- "pubDate": "Mon, 02 Dec 2024 10:26:53 +0800"
- },
- {
- "title": "一周网安优质PDF资源推荐丨FreeBuf知识大陆",
- "link": "https://www.freebuf.com/news/416552.html",
- "description": "各位读者周末好,我们精选了本周知识大陆公开发布的10条优质资源,让我们一起看看吧。",
- "body": "
各位读者周末好,以下是本周「FreeBuf知识大陆一周优质资源推荐」,我们精选了本周知识大陆公开发布的10条优质资源,让我们一起看看吧。
![](\"https://image.3001.net/images/20241129/1732868224_6749788012adb40a28cdb.png!small\")
全球动态
1. 英国医疗保健提供者遭网络攻击,服务大受影响
一场重大的网络攻击扰乱了威勒尔大学教学医院(WUTH)的运营,该医院隶属于NHS基金会信托,导致预约和程序推迟。【外刊-各位 Buffer 周末好,以下是本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!![](\"https://image.3001.net/images/202209",)
### 下一步计划
+- 探查异常中断原因
- 添加更多RSS订阅源
-- 将所有打印信息转为logging info并存档
-- 存档所有推送文章方便以后查看
\ No newline at end of file
+- 将所有打印信息转为logging info并存档(已完成)
+- 存档所有推送文章方便以后查看
+- 添加更多推送方式,如邮件、微信等
\ No newline at end of file
diff --git a/SendBot.py b/SendBot.py
index 1799f08..f29a817 100644
--- a/SendBot.py
+++ b/SendBot.py
@@ -71,14 +71,13 @@ def SendToFeishu(body, header, webhook_url, timestamp, sign):
response_data = json.loads(response.content)
# 检查 msg 字段
if response_data.get('msg') == 'success':
- print("飞书发送成功")
+ return f"飞书发送 {header} 成功"
elif response_data.get('msg') == 'sign match fail or timestamp is not within one hour from current time':
- print("发送失败: 签名验证错误,请检查签名密钥是否正确!")
+ return f"{header} 发送失败: 签名验证错误,请检查签名密钥是否正确!"
else:
- print("发送失败: 其他错误,请检查请求参数是否正确!")
- print(f"原因:{response_data.get('msg')}")
+ return f"{header} 发送失败: 其他错误,请检查请求参数是否正确!\n原因:{response_data.get('msg')}"
except json.JSONDecodeError as e:
- print(f"JSON 解析错误: {e}")
+ return f"{header} JSON解析错误: {e}"
# print(sign)
# print(response.content)
diff --git a/__pycache__/GotoSend_4hou.cpython-312.pyc b/__pycache__/GotoSend_4hou.cpython-312.pyc
index 0bbbe7d..e2ee898 100644
Binary files a/__pycache__/GotoSend_4hou.cpython-312.pyc and b/__pycache__/GotoSend_4hou.cpython-312.pyc differ
diff --git a/__pycache__/GotoSend_anquanke.cpython-312.pyc b/__pycache__/GotoSend_anquanke.cpython-312.pyc
index a1de8e5..f31caf8 100644
Binary files a/__pycache__/GotoSend_anquanke.cpython-312.pyc and b/__pycache__/GotoSend_anquanke.cpython-312.pyc differ
diff --git a/__pycache__/GotoSend_doonsec.cpython-312.pyc b/__pycache__/GotoSend_doonsec.cpython-312.pyc
index bd228d3..d14bc49 100644
Binary files a/__pycache__/GotoSend_doonsec.cpython-312.pyc and b/__pycache__/GotoSend_doonsec.cpython-312.pyc differ
diff --git a/__pycache__/GotoSend_freebuf.cpython-312.pyc b/__pycache__/GotoSend_freebuf.cpython-312.pyc
index 7d7af01..db2f63b 100644
Binary files a/__pycache__/GotoSend_freebuf.cpython-312.pyc and b/__pycache__/GotoSend_freebuf.cpython-312.pyc differ
diff --git a/__pycache__/GotoSend_qianxin.cpython-312.pyc b/__pycache__/GotoSend_qianxin.cpython-312.pyc
index 003516b..6dd28eb 100644
Binary files a/__pycache__/GotoSend_qianxin.cpython-312.pyc and b/__pycache__/GotoSend_qianxin.cpython-312.pyc differ
diff --git a/__pycache__/GotoSend_xianzhi.cpython-312.pyc b/__pycache__/GotoSend_xianzhi.cpython-312.pyc
index 4719a98..2a9f9ab 100644
Binary files a/__pycache__/GotoSend_xianzhi.cpython-312.pyc and b/__pycache__/GotoSend_xianzhi.cpython-312.pyc differ
diff --git a/config.yaml b/config.yaml
index 449c979..2fb836c 100644
--- a/config.yaml
+++ b/config.yaml
@@ -1,4 +1,4 @@
key: aa04a02f-d7bf-4279-bd48-44c4f28c8f74
secret: 4tq65T4jm1MO2IlxvHxBWe
# 结算时间范围
-e_hour: 5 # 程序运行时间间隔
\ No newline at end of file
+e_hour: 12 # 程序运行时间间隔
\ No newline at end of file
diff --git a/db/4hou.db b/db/4hou.db
index 59f5bee..e7c793c 100644
Binary files a/db/4hou.db and b/db/4hou.db differ
diff --git a/db/anquanke.db b/db/anquanke.db
index 0b7fe6b..dfa7333 100644
Binary files a/db/anquanke.db and b/db/anquanke.db differ
diff --git a/db/doonsec.db b/db/doonsec.db
index 4cc1452..0f7e7d3 100644
Binary files a/db/doonsec.db and b/db/doonsec.db differ
diff --git a/db/freebuf.db b/db/freebuf.db
index 4e221bc..3b8702e 100644
Binary files a/db/freebuf.db and b/db/freebuf.db differ
diff --git a/db/qianxin.db b/db/qianxin.db
index d8414ca..33b70db 100644
Binary files a/db/qianxin.db and b/db/qianxin.db differ
diff --git a/db/seebug.db b/db/seebug.db
index 512e3c4..a4266df 100644
Binary files a/db/seebug.db and b/db/seebug.db differ
diff --git a/db/xianzhi.db b/db/xianzhi.db
index 3e453a4..ab2e432 100644
Binary files a/db/xianzhi.db and b/db/xianzhi.db differ
diff --git a/log/spider.log b/log/spider.log
new file mode 100644
index 0000000..e69de29
diff --git a/media/__pycache__/common.cpython-312.pyc b/media/__pycache__/common.cpython-312.pyc
index 07d0a62..4d26095 100644
Binary files a/media/__pycache__/common.cpython-312.pyc and b/media/__pycache__/common.cpython-312.pyc differ
diff --git a/media/__pycache__/freebuf.cpython-312.pyc b/media/__pycache__/freebuf.cpython-312.pyc
index e9b87aa..096b459 100644
Binary files a/media/__pycache__/freebuf.cpython-312.pyc and b/media/__pycache__/freebuf.cpython-312.pyc differ
diff --git a/media/__pycache__/xianzhi.cpython-312.pyc b/media/__pycache__/xianzhi.cpython-312.pyc
index a97e552..85236f2 100644
Binary files a/media/__pycache__/xianzhi.cpython-312.pyc and b/media/__pycache__/xianzhi.cpython-312.pyc differ
diff --git a/media/common.py b/media/common.py
index 3bc974b..b454efb 100644
--- a/media/common.py
+++ b/media/common.py
@@ -4,6 +4,22 @@ import requests
import xml.etree.ElementTree as ET
import json
from requests.exceptions import RequestException
+import logging
+
+# 设置日志记录
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+logger.handlers.clear() # 清除已有的处理器
+
+file_handler = logging.FileHandler('./log/spider.log', mode='a', encoding='utf-8')
+file_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+console_handler = logging.StreamHandler()
+console_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+logger.addHandler(file_handler)
+logger.addHandler(console_handler)
+logger.propagate = False # 禁用日志传递
# 测试用爬虫请求头
headers = {
@@ -25,7 +41,7 @@ def fetch_rss(url, headers):
response.raise_for_status() # 检查请求是否成功
return response.content
except RequestException as e:
- print(f"请求失败: {e}") # 可选:打印错误信息
+ logger.error(f"请求 {url} 时发生错误: {e}")
return None # 返回None表示请求失败
def parse_rss(rss_content):
@@ -42,123 +58,131 @@ def save_to_json(data, filename):
with open(filename, 'w', encoding='utf-8') as f:
json.dump(data, f, ensure_ascii=False, indent=4)
+
# seebug 爬虫
def seebug_main():
url = "https://paper.seebug.org/rss/"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
- items = parse_rss(rss_content)
-
- # 确保目录存在
- os.makedirs(os.path.dirname('./JSON/seebug.json'), exist_ok=True)
-
- # 将解析后的数据保存到 JSON 文件
- save_to_json(items, './JSON/seebug.json')
- print("数据已保存到 ./JSON/seebug.json!")
- else:
- print("无法获取Seebug社区RSS内容,跳过保存操作。")
+ if rss_content is None:
+ logger.warning("无法获取Seebug社区RSS内容,跳过保存操作。")
+ return
+
+ items = parse_rss(rss_content)
+
+ # 确保目录存在
+ os.makedirs(os.path.dirname('./JSON/seebug.json'), exist_ok=True)
+
+ # 将解析后的数据保存到 JSON 文件
+ save_to_json(items, './JSON/seebug.json')
+ logger.info("数据已保存到 ./JSON/seebug.json!")
# 4hou 爬虫
def M_4hou_main():
url = "https://www.4hou.com/feed"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
- items = parse_rss(rss_content)
-
- # 确保目录存在
- os.makedirs(os.path.dirname('./JSON/4hou.json'), exist_ok=True)
-
- # 将解析后的数据保存到 JSON 文件
- save_to_json(items, './JSON/4hou.json')
- print("数据已保存到 ./JSON/4hou.json!")
- else:
- print("无法获取嘶吼RSS内容,跳过保存操作。")
+ if rss_content is None:
+ logger.warning("无法获取嘶吼RSS内容,跳过保存操作。")
+ return
+
+ items = parse_rss(rss_content)
+
+ # 确保目录存在
+ os.makedirs(os.path.dirname('./JSON/4hou.json'), exist_ok=True)
+
+ # 将解析后的数据保存到 JSON 文件
+ save_to_json(items, './JSON/4hou.json')
+ logger.info("数据已保存到 ./JSON/4hou.json!")
# 安全客 爬虫
def anquanke_main():
url = "https://api.anquanke.com/data/v1/rss"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
- items = parse_rss(rss_content)
-
- # 确保目录存在
- os.makedirs(os.path.dirname('./JSON/anquanke.json'), exist_ok=True)
-
- # 将解析后的数据保存到 JSON 文件
- save_to_json(items, './JSON/anquanke.json')
- print("数据已保存到 ./JSON/anquanke.json!")
- else:
- print("无法获取安全客RSS内容,跳过保存操作。")
+ if rss_content is None:
+ logger.warning("无法获取安全客RSS内容,跳过保存操作。")
+ return
+
+ items = parse_rss(rss_content)
+
+ # 确保目录存在
+ os.makedirs(os.path.dirname('./JSON/anquanke.json'), exist_ok=True)
+
+ # 将解析后的数据保存到 JSON 文件
+ save_to_json(items, './JSON/anquanke.json')
+ logger.info("数据已保存到 ./JSON/anquanke.json!")
# sec_wiki 爬虫
def sec_wiki_main():
url = "https://www.sec_wiki.com/news/rss"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
- items = parse_rss(rss_content)
-
- # 确保目录存在
- os.makedirs(os.path.dirname('./JSON/sec_wiki.json'), exist_ok=True)
-
- # 将解析后的数据保存到 JSON 文件
- save_to_json(items, './JSON/sec_wiki.json')
- print("数据已保存到 ./JSON/sec_wiki.json!")
- else:
- print("无法获取安全维基RSS内容,跳过保存操作。")
+ if rss_content is None:
+ logger.warning("无法获取安全维基RSS内容,跳过保存操作。")
+ return
+
+ items = parse_rss(rss_content)
+
+ # 确保目录存在
+ os.makedirs(os.path.dirname('./JSON/sec_wiki.json'), exist_ok=True)
+
+ # 将解析后的数据保存到 JSON 文件
+ save_to_json(items, './JSON/sec_wiki.json')
+ logger.info("数据已保存到 ./JSON/sec_wiki.json!")
# 华为 爬虫
def huawei_main():
url = "https://www.huawei.com/cn/rss-feeds/psirt/rss"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
- items = parse_rss(rss_content)
-
- # 确保目录存在
- os.makedirs(os.path.dirname('./JSON/huawei.json'), exist_ok=True)
-
- # 将解析后的数据保存到 JSON 文件
- save_to_json(items, './JSON/huawei.json')
- print("数据已保存到 ./JSON/huawei.json!")
- else:
- print("无法获取华为RSS内容,跳过保存操作。")
+ if rss_content is None:
+ logger.warning("无法获取华为RSS内容,跳过保存操作。")
+ return
+
+ items = parse_rss(rss_content)
+
+ # 确保目录存在
+ os.makedirs(os.path.dirname('./JSON/huawei.json'), exist_ok=True)
+
+ # 将解析后的数据保存到 JSON 文件
+ save_to_json(items, './JSON/huawei.json')
+ logger.info("数据已保存到 ./JSON/huawei.json!")
# 洞见微信聚合爬虫
def doonsec_main():
url = "https://wechat.doonsec.com/bayes_rss.xml"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
- items = parse_rss(rss_content)
-
- # 确保目录存在
- os.makedirs(os.path.dirname('./JSON/doonsec.json'), exist_ok=True)
-
- # 将解析后的数据保存到 JSON 文件
- save_to_json(items, './JSON/doonsec.json')
- print("数据已保存到 ./JSON/doonsec.json!")
- else:
- print("无法获取洞见微信聚合RSS内容,跳过保存操作。")
+ if rss_content is None:
+ logger.warning("无法获取洞见微信聚合RSS内容,跳过保存操作。")
+ return
+
+ items = parse_rss(rss_content)
+
+ # 确保目录存在
+ os.makedirs(os.path.dirname('./JSON/doonsec.json'), exist_ok=True)
+
+ # 将解析后的数据保存到 JSON 文件
+ save_to_json(items, './JSON/doonsec.json')
+ logger.info("数据已保存到 ./JSON/doonsec.json!")
# 奇安信攻防社区 爬虫
def qianxin_main():
url = "https://forum.butian.net/Rss"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
- items = parse_rss(rss_content)
-
- # 确保目录存在
- os.makedirs(os.path.dirname('./JSON/qianxin.json'), exist_ok=True)
-
- # 将解析后的数据保存到 JSON 文件
- save_to_json(items, './JSON/qianxin.json')
- print("数据已保存到 ./JSON/qianxin.json!")
- else:
- print("无法获取奇安信攻防社区RSS内容,跳过保存操作。")
+ if rss_content is None:
+ logger.warning("无法获取奇安信攻防社区RSS内容,跳过保存操作。")
+ return
+
+ items = parse_rss(rss_content)
+
+ # 确保目录存在
+ os.makedirs(os.path.dirname('./JSON/qianxin.json'), exist_ok=True)
+
+ # 将解析后的数据保存到 JSON 文件
+ save_to_json(items, './JSON/qianxin.json')
+ logger.info("数据已保存到 ./JSON/qianxin.json!")
def run():
seebug_main()
@@ -168,4 +192,3 @@ def run():
huawei_main()
doonsec_main()
qianxin_main()
-
\ No newline at end of file
diff --git a/media/freebuf.py b/media/freebuf.py
index 639528d..8121579 100644
--- a/media/freebuf.py
+++ b/media/freebuf.py
@@ -4,6 +4,22 @@ import requests
import xml.etree.ElementTree as ET
import json
from requests.exceptions import RequestException
+import logging
+
+# 设置日志记录
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+logger.handlers.clear() # 清除已有的处理器
+
+file_handler = logging.FileHandler('./log/spider.log', mode='a', encoding='utf-8')
+file_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+console_handler = logging.StreamHandler()
+console_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+logger.addHandler(file_handler)
+logger.addHandler(console_handler)
+logger.propagate = False # 禁用日志传递
# 测试用爬虫请求头
headers = {
@@ -25,7 +41,7 @@ def fetch_rss(url, headers):
response.raise_for_status() # 检查请求是否成功
return response.content
except RequestException as e:
- print(f"请求失败: {e}") # 可选:打印错误信息
+ logger.error(f"请求 {url} 时发生错误: {e}")
return None # 返回None表示请求失败
def parse_rss(rss_content):
@@ -49,7 +65,12 @@ def save_to_json(data, filename):
def freebuf_main():
url = "https://www.freebuf.com/feed"
rss_content = fetch_rss(url, headers)
- if rss_content is not None:
+
+ if rss_content is None:
+ logger.warning("无法获取Freebuf RSS内容,跳过保存操作。")
+ return
+
+ try:
items = parse_rss(rss_content)
# 确保目录存在
@@ -57,9 +78,9 @@ def freebuf_main():
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/freebuf.json')
- print("数据已保存到 ./JSON/freebuf.json!")
- else:
- print("无法获取Freebuf社区RSS内容,跳过保存操作。")
+ logger.info("数据已保存到 ./JSON/freebuf.json!")
+ except Exception as e:
+ logger.error(f"解析或保存Freebuf RSS内容时发生错误: {e}")
if __name__ == '__main__':
freebuf_main()
\ No newline at end of file
diff --git a/media/xianzhi.py b/media/xianzhi.py
index b8deff4..bc89dd0 100644
--- a/media/xianzhi.py
+++ b/media/xianzhi.py
@@ -6,7 +6,19 @@ import json
import logging
# 设置日志记录
-logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+logger.handlers.clear() # 清除已有的处理器
+
+file_handler = logging.FileHandler('./log/spider.log', mode='a', encoding='utf-8')
+file_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+console_handler = logging.StreamHandler()
+console_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+
+logger.addHandler(file_handler)
+logger.addHandler(console_handler)
+logger.propagate = False # 禁用日志传递
# 测试用爬虫请求头
headers = {
@@ -24,7 +36,7 @@ def fetch_rss(url, headers):
response.raise_for_status() # 检查请求是否成功
return response.content
except requests.exceptions.RequestException as e:
- logging.error(f"请求 {url} 时发生错误: {e}")
+ logger.error(f"请求 {url} 时发生错误: {e}")
return None
# 先知社区 爬虫
@@ -33,7 +45,7 @@ def xianzhi_main():
rss_content = fetch_rss(url, headers)
if rss_content is None:
- logging.warning("无法获取先知社区RSS内容,跳过保存操作。")
+ logger.warning("无法获取先知社区RSS内容,跳过保存操作。")
return
try:
@@ -64,9 +76,9 @@ def xianzhi_main():
with open('./JSON/xianzhi.json', 'w', encoding='utf-8') as json_file:
json_file.write(json_data)
- logging.info("数据已保存到 ./JSON/xianzhi.json!")
+ logger.info("数据已保存到 ./JSON/xianzhi.json!")
except Exception as e:
- logging.error(f"解析或保存先知社区RSS内容时发生错误: {e}")
+ logger.error(f"解析或保存先知社区RSS内容时发生错误: {e}")
# 示例调用
if __name__ == "__main__":
![](\"https://www.webray.com.cn/upload/2024/11/21/112f10152dd04447bdfdf318dc213a61/mceu_88587238711732183186586.png\"/)