[ { "title": "cve-2024-26229 漏洞分析", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486275&idx=1&sn=18c0bd580c1f76ce1aface83320fe3c2", "description": null, "author": "TtTeam", "category": "TtTeam", "pubDate": "2024-12-15T00:00:59" }, { "title": "免杀基础-线程劫持", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517664&idx=1&sn=88bf2b3381e0af1feb048e2134d3da6d", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2024-12-15T00:00:35" }, { "title": "VUE|如何不使用Fuzz得到网站所有参数与接口?", "link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496602&idx=1&sn=b23208b7113632dbea687ab88a6e3ef9", "description": null, "author": "迪哥讲事", "category": "迪哥讲事", "pubDate": "2024-12-14T23:34:36" }, { "title": "QR 码可绕过浏览器隔离,实现恶意 C2 通信", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491770&idx=1&sn=ea35f88e6aa19b5b5f897c215e87a6e8", "description": null, "author": "犀牛安全", "category": "犀牛安全", "pubDate": "2024-12-14T23:30:18" }, { "title": "LDAP 攻防查询操作指南", "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485745&idx=1&sn=e31a21eb50a321b7644c58dd97cdea6e", "description": null, "author": "securitainment", "category": "securitainment", "pubDate": "2024-12-14T21:39:20" }, { "title": "绕过EDR系统检测的新型攻击技术", "link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492466&idx=1&sn=089ab82b59e99f6ae79b71b103514b23", "description": "近日,一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。", "author": "白泽安全实验室", "category": "白泽安全实验室", "pubDate": "2024-12-14T20:25:26" }, { "title": "【安全圈】最新网络钓鱼活动利用损坏的 Word 文档来规避检测", "link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066606&idx=3&sn=d6db5800165d61a841b21b917d975bde", "description": null, "author": "安全圈", "category": "安全圈", "pubDate": "2024-12-14T19:00:24" }, { "title": "Frida 逆向一个 APP", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458586874&idx=1&sn=3bdc2f37290cd64b6fe65a45db267db7", "description": "看雪论坛作者ID:mb_vcrwlkem", "author": "看雪学苑", "category": "看雪学苑", "pubDate": "2024-12-14T18:00:10" }, { "title": "从目录浏览分析幽盾攻击组织", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMDE3ODc1Mw==&mid=2247488850&idx=1&sn=01d5793dd2794a1e702dd4d2608fadde", "description": "迷子でもいい、迷子でも進め!!!!!", "author": "Desync InfoSec", "category": "Desync InfoSec", "pubDate": "2024-12-14T16:45:48" }, { "title": "新型 OT/IoT 网络武器:IOCONTROL", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525951&idx=2&sn=db9e840a8fa035ead438827315449dc2", "description": "Team82 获得了一种定制的 IoT/OT 恶意软件 IOCONTROL 样本,该恶意软件被与伊朗有关的攻击者用来攻击以色列和美国的 OT/IoT 设备。", "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-14T14:43:32" }, { "title": "Zabbix 存在SQL注入漏洞 (CVE-2024-42327)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247488091&idx=1&sn=e6260f524d404ed289aa878c061f01f4", "description": "Zabbix 上具有默认 User 角色或具有任何其他授予 API 访问权限的角色的非 admin 用户帐户可以利用此漏洞。SQLi 存在于 addRelatedObjects 函数的 CUser 类中", "author": "星悦安全", "category": "星悦安全", "pubDate": "2024-12-14T12:20:46" }, { "title": "价值1.4 W人民币漏洞!骚!缓存配置错误造成鉴权绕过", "link": "https://mp.weixin.qq.com/s?__biz=MzkwODI1ODgzOA==&mid=2247506296&idx=1&sn=d78be69680656e7f679dc04367806179", "description": "这篇文章讲述了我最喜欢的一个漏洞发现,因为它是一个非常出乎意料的问题。", "author": "一个不正经的黑客", "category": "一个不正经的黑客", "pubDate": "2024-12-14T12:05:47" }, { "title": "OpenWrt 严重漏洞致设备遭受恶意固件注入", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493068&idx=5&sn=6cbbaac9e6c56d21ac09c0bb63b45aea", "description": null, "author": "独眼情报", "category": "独眼情报", "pubDate": "2024-12-14T11:39:43" }, { "title": "AI安全漏洞之VLLM反序列化漏洞分析与保姆级复现(附批量利用)", "link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484369&idx=1&sn=6bf8e1fb3de630777ecce9568e186adf", "description": "AI安全漏洞之VLLM反序列化漏洞分析与保姆级复现(附批量利用)", "author": "Ting的安全笔记", "category": "Ting的安全笔记", "pubDate": "2024-12-14T10:20:42" }, { "title": "Go — :恶意软件开发 (第六部分)", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503856&idx=1&sn=b8e02fd58d4f83ba069a47f2c9eb8266", "description": "欢迎回来!在我们旅程的前几部分,我们使用 TCP 服务器和客户端建立了坚实的基础,实现了无缝的远程命令执行", "author": "安全狗的自我修养", "category": "安全狗的自我修养", "pubDate": "2024-12-14T08:35:04" }, { "title": "使用 Sqlmap 和 Burp Suite(Burp CO2 插件)进行 Sql 注入攻击", "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485986&idx=1&sn=e2508059f48ec83f001e1884c49f9ee0", "description": "Burp CO2 是流行的 Web 代理/Web 应用程序测试工具 Burp Suite 的扩展,可在 Portswigger 上获取", "author": "三沐数安", "category": "三沐数安", "pubDate": "2024-12-14T08:30:11" }, { "title": "PHP 常见漏洞威胁函数 | 全面总结", "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTUxMzk2NQ==&mid=2247485822&idx=1&sn=7121f15cad1c3aaf8a54ff5735789067", "description": null, "author": "安全君呀", "category": "安全君呀", "pubDate": "2024-12-14T08:10:44" }, { "title": "漏洞预警 | I Doc View SSRF漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491726&idx=1&sn=3cc974eaf3fee6d1baa7741b52b96b0b", "description": "I Doc View在线文档预览的/view/url接口存在SSRF漏洞,未授权的攻击者可使用file协议读取系统敏感文件。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-14T08:00:16" }, { "title": "漏洞预警 | 顺景ERP管理系统任意文件下载漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491726&idx=2&sn=e1d9019f697e2b42d4d8fee135c26031", "description": "顺景ERP管理系统的/api/TMScmQuote/GetFile接口存在任意文件下载漏洞,未经身份验证的攻击者可以通过该漏洞下载服务器任意文件,从而获取大量敏感信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-14T08:00:16" }, { "title": "漏洞预警 | YourPHPCMS SQL注入漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491726&idx=3&sn=295c736ddffb607c469f96a60e45993d", "description": "YourphpCMS存在SQL注入漏洞,未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-14T08:00:16" }, { "title": "WebSockets XSS |burpsuite翻译", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487045&idx=1&sn=638bcc244e652b91f87f92ea38b1bf31", "description": null, "author": "进击的HACK", "category": "进击的HACK", "pubDate": "2024-12-14T07:55:55" }, { "title": "JWT攻防指南一篇通", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493905&idx=2&sn=32dabb1937bb95a440a7e79d05519a44", "description": null, "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2024-12-14T07:05:17" }, { "title": "OpenWrt LuCi 任意文件读取", "link": "https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247496122&idx=2&sn=817a93013142cf529d0727c9402e0c80", "description": null, "author": "Khan安全攻防实验室", "category": "Khan安全攻防实验室", "pubDate": "2024-12-14T00:01:29" }, { "title": "免杀基础-shellcode开发", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517663&idx=1&sn=b2f84fc57658dadea5f9872ab1bb4c70", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2024-12-14T00:01:15" }, { "title": "一款后渗透免杀工具,助力每一位像我这样的脚本小子快速实现免杀,支持bypass 360 火绒 Windows Defender", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247492959&idx=1&sn=bfaedc1fde06af5264a7be8d453a2158", "description": null, "author": "夜组安全", "category": "夜组安全", "pubDate": "2024-12-14T00:01:13" }, { "title": "Microsoft Teams 被利用传播 DarkGate 恶意软件", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505171&idx=2&sn=7d08ade7b7aa05f6bcf3148e7a7dedc9", "description": null, "author": "网络研究观", "category": "网络研究观", "pubDate": "2024-12-13T23:56:58" }, { "title": "【漏洞预警】Cleo远程代码执行漏洞CVE-2024-50623", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489308&idx=1&sn=5c47de34e923278823c34ea94e60cbb6", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2024-12-13T21:58:33" }, { "title": "烽火狼烟丨暗网数据及攻击威胁情报分析周报(12/09-12/13)", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NjMxNTgyOQ==&mid=2247484480&idx=1&sn=1c697c3d39f222244bc4a5d6e314e2b9", "description": "盛邦安全威胁情报周报", "author": "盛邦安全应急响应中心", "category": "盛邦安全应急响应中心", "pubDate": "2024-12-13T19:55:52" }, { "title": "Unix通用打印系统cups-browsed远程代码执行漏洞分析", "link": "https://mp.weixin.qq.com/s?__biz=MzAwNTI1NDI3MQ==&mid=2649619760&idx=1&sn=941fa5fb1aeba9276998379a942c2a88", "description": "安全研究员Simone Margaritelli披露了Unix通用打印系统CUPS存在一系列安全漏洞,利用多个漏洞组合可在受影响的系统上执行远程命令。启明星辰ADLab研究人员对该漏洞的原理进行深入分析,同时提出修复建议和缓解措施。", "author": "ADLab", "category": "ADLab", "pubDate": "2024-12-13T19:18:17" }, { "title": "【安全圈】关键的Windows UI自动化框架漏洞允许黑客绕过EDR", "link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066594&idx=3&sn=fb1485e3b4a0ed439c616f967bfc2543", "description": null, "author": "安全圈", "category": "安全圈", "pubDate": "2024-12-13T19:02:29" }, { "title": "记一次从302跳转打到fastcgi", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247518641&idx=1&sn=2be19ab3c556e5ebb43a2a7676d694bf", "description": null, "author": "亿人安全", "category": "亿人安全", "pubDate": "2024-12-13T18:59:16" }, { "title": "环境搭建 | XDebug 无错配置+代替phpStudy的另一种集成工具", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMzQyMTg5OA==&mid=2247486369&idx=1&sn=1f3d812b33e268c77c3210f4e8a9841e", "description": "XDebug 无错配置 + 代替phpStudy的另一种集成工具", "author": "Heihu Share", "category": "Heihu Share", "pubDate": "2024-12-13T18:32:18" }, { "title": "钓鱼攻击防护思路", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MDY1MzUzNw==&mid=2247498002&idx=1&sn=e74675640b427002ba3768e58142c45b", "description": null, "author": "长风实验室", "category": "长风实验室", "pubDate": "2024-12-13T18:24:01" }, { "title": "【xss】xss挑战之旅", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTU2NjA1Mw==&mid=2247494829&idx=2&sn=d22194c8b083bbd7e0c3127f0fa71e84", "description": "一个平凡而普通的人,时时都会感到被生活的波涛巨浪所淹没。你会被淹没吗?除非你甘心就此而沉沦!!", "author": "儒道易行", "category": "儒道易行", "pubDate": "2024-12-13T18:00:12" }, { "title": "NGINX联合攻击链", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTY3NTMxMQ==&mid=2247484518&idx=1&sn=b10fc8d8846638b65961aada1a67590b", "description": "NGINX联合攻击链研究", "author": "金色钱江", "category": "金色钱江", "pubDate": "2024-12-13T17:52:06" }, { "title": "零基础掌握SSH安全登录:从入门到实战全攻略", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568558&idx=1&sn=918050938980ade91e3b0633b5502e52", "description": null, "author": "马哥网络安全", "category": "马哥网络安全", "pubDate": "2024-12-13T17:02:04" }, { "title": "忘记 PSEXEC:DCOM 上传与执行后门", "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485712&idx=1&sn=f538857359489611b8c2f5f3e8321d6e", "description": null, "author": "securitainment", "category": "securitainment", "pubDate": "2024-12-13T16:31:58" }, { "title": "一个0day的开端:失败的man与nday", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247487889&idx=1&sn=3cc6ea970109136c7522b2c5ff73bdf0", "description": "最近在审计Java的CMS,跟着文章进行nday审计...", "author": "蚁景网安", "category": "蚁景网安", "pubDate": "2024-12-13T16:30:38" }, { "title": "深入了解SAML协议及常见安全问题", "link": "https://mp.weixin.qq.com/s?__biz=MzU1ODk1MzI1NQ==&mid=2247491313&idx=1&sn=49b15be28a571d1e470af12fd721adb8", "description": "了解SAML协议及其安全问题,对于构建安全的网络环境至关重要。本文将深入探讨SAML的工作原理,分析常见的安全漏洞,以帮助企业和开发者构建更安全的SAML SSO系统。", "author": "联想全球安全实验室", "category": "联想全球安全实验室", "pubDate": "2024-12-13T15:41:43" }, { "title": "干货|一文搞懂加密流量检测的解决方法和技术细节", "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247185&idx=3&sn=a4ea530b171509460cbff168f33ded4a", "description": null, "author": "e安在线", "category": "e安在线", "pubDate": "2024-12-13T14:00:42" }, { "title": "最新网络钓鱼活动利用损坏的 Word 文档来规避检测", "link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580215&idx=1&sn=9ff4f8c581555adb95ed00a53c21a308", "description": "如果收到来自未知发件人的电子邮件,尤其是包含附件的电子邮件,应立即将其删除或在打开之前与网络管理员确认。", "author": "嘶吼专业版", "category": "嘶吼专业版", "pubDate": "2024-12-13T14:00:28" }, { "title": "分享一个简单且粗暴的白嫖某数据库管理软件的思路", "link": "https://mp.weixin.qq.com/s?__biz=MzIxMDYyNTk3Nw==&mid=2247515104&idx=1&sn=54610adabdcceafb100701d37d10e9d6", "description": "分享一个简单且粗暴的白嫖某数据库管理软件的思路", "author": "白帽100安全攻防实验室", "category": "白帽100安全攻防实验室", "pubDate": "2024-12-13T13:50:08" }, { "title": "加了签名又如何,该爆破时照样爆破,分享 burpsuite 插件 signme", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODk1MjI5NQ==&mid=2247484641&idx=1&sn=1f39e2f830330b9d775e283b5fb90ec5", "description": null, "author": "网安小趴菜", "category": "网安小趴菜", "pubDate": "2024-12-13T13:41:10" }, { "title": "源代码安全审计研究", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzUyNjU5Mg==&mid=2247485850&idx=1&sn=4041edd2933925f850820c2a0c05fe0b", "description": "代码审计就是挖掘源代码中存在的代码安全问题", "author": "华克斯", "category": "华克斯", "pubDate": "2024-12-13T13:15:28" }, { "title": "拿下证书站两个接口SQL盲注", "link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247546009&idx=1&sn=35e8f3b53c5252ca8f467a0dc7dcfc5f", "description": null, "author": "掌控安全EDU", "category": "掌控安全EDU", "pubDate": "2024-12-13T12:03:58" }, { "title": "AI安全漏洞之VLLM反序列化漏洞分析与保姆级复现(附批量利用)", "link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484366&idx=1&sn=cef0cd84a600f9172436a33b15497565", "description": "AI安全漏洞之VLLM反序列化漏洞分析与保姆级复现(附批量利用)", "author": "Ting的安全笔记", "category": "Ting的安全笔记", "pubDate": "2024-12-13T11:53:58" }, { "title": "哥斯拉二开从0到1-2(免杀)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3Mzg5MTc1OA==&mid=2247484271&idx=1&sn=a3810f3c76c165837985c9a999c55228", "description": null, "author": "Cloud Security lab", "category": "Cloud Security lab", "pubDate": "2024-12-13T11:28:40" }, { "title": "【OleView.NET】Windows COM 攻击面漏洞扫描工具", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493039&idx=3&sn=6825a1e1963fd82c3dbe8d1f6d4ffaed", "description": null, "author": "独眼情报", "category": "独眼情报", "pubDate": "2024-12-13T11:22:45" }, { "title": "Zerologon", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNzI2Mzc0Ng==&mid=2247486367&idx=1&sn=be7226d2660eaedf3e2f919c000e5748", "description": "“A9 Team 甲方攻防团队,成员来自某证券、微步、青藤、长亭、安全狗等公司。", "author": "A9 Team", "category": "A9 Team", "pubDate": "2024-12-13T10:42:33" }, { "title": "功能强大的XSS自动化扫描器", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605007&idx=4&sn=44a2db492c668b298e01d3ff9f914e88", "description": null, "author": "黑白之道", "category": "黑白之道", "pubDate": "2024-12-13T10:02:54" }, { "title": "实战自动化加解密&加密场景下的暴力破解", "link": "https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247517224&idx=1&sn=7b6cc949eb4840049bcbbbe76e5d7d3e", "description": null, "author": "HACK之道", "category": "HACK之道", "pubDate": "2024-12-13T09:08:46" }, { "title": "Mitre_Att&ck框架T1622(调试器规避)技术的简单实现", "link": "https://mp.weixin.qq.com/s?__biz=MzI0NTI4NjEwOQ==&mid=2247484957&idx=1&sn=37059c25f43518ac486bd4d37596e732", "description": "Mitre_Att\\\\x26amp;ck框架T1622(调试器规避)技术的简单实现", "author": "新蜂网络安全实验室", "category": "新蜂网络安全实验室", "pubDate": "2024-12-13T09:00:39" }, { "title": "新型 IOCONTROL 恶意软件攻击美以关键基础设施", "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793479&idx=1&sn=9600f9f6ca274db50e1249144cf4f554", "description": "黑客组织针对美国以色列关键基础设施。", "author": "军哥网络安全读报", "category": "军哥网络安全读报", "pubDate": "2024-12-13T09:00:35" }, { "title": "新型隐秘 Pumakit Linux rootkit 恶意软件被发现", "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793479&idx=2&sn=fca57ae06815eba38d739b1a6e3032fe", "description": "这个新发现的linux rootkit不知道是哪个黑客组织在用。", "author": "军哥网络安全读报", "category": "军哥网络安全读报", "pubDate": "2024-12-13T09:00:35" }, { "title": "警惕!银狐木马,再出新招!", "link": "https://mp.weixin.qq.com/s?__biz=MzUzNjkxODE5MA==&mid=2247487728&idx=1&sn=8c5f5e8ba6e21eb50db932b856bd4e99", "description": "银狐木马通过QQ、微信等即时通信软件发送钓鱼文件或网站链接,诱导受害者点击", "author": "君说安全", "category": "君说安全", "pubDate": "2024-12-13T09:00:00" }, { "title": "内网渗透--内网探测", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247484470&idx=1&sn=ba9f46113b7612e8365c9b6f968e37ca", "description": "内网渗透--内网探测", "author": "富贵安全", "category": "富贵安全", "pubDate": "2024-12-13T08:41:29" }, { "title": "网络资产收集与漏洞扫描工具", "link": "https://mp.weixin.qq.com/s?__biz=MzA4NzU1Mjk4Mw==&mid=2247492196&idx=1&sn=9a17a69290ef6d3f0970fde1eb354811", "description": "hscan是一款网络资产收集与漏洞扫描工具,作者目前已完成探活、服务扫描(常规 \\\\x26amp; 非常规端口)等功能...。", "author": "Hack分享吧", "category": "Hack分享吧", "pubDate": "2024-12-13T08:39:44" }, { "title": "SeaCMS admin_files.php CVE-2024-42599分析", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMDY1NzA2Mw==&mid=2247483831&idx=1&sn=317637ef6617e99f0ba2575c705aaca6", "description": null, "author": "fraud安全", "category": "fraud安全", "pubDate": "2024-12-13T08:32:02" }, { "title": "工具集:TestNet【资产管理系统】", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484904&idx=1&sn=b2d7a3504673bc469fb07920bb274f7b", "description": null, "author": "风铃Sec", "category": "风铃Sec", "pubDate": "2024-12-13T08:31:08" }, { "title": "使用 Sqlmap 在 Web 服务器中上传 Shell", "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485974&idx=1&sn=15c944eab7abf07044165fb13078a157", "description": "您可能多次使用 sqlmap 进行 SQL 注入以获取 Web 服务器的数据库信息。在本教程中,我将向您展示如果网站存在 SQL 漏洞,如何上传任何后门来获取 meterpreter 会话。", "author": "三沐数安", "category": "三沐数安", "pubDate": "2024-12-13T08:31:01" }, { "title": "隐蔽攻击!新型恶意技术利用 Windows UI 框架绕过 EDR 防护", "link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899745&idx=1&sn=b75d1f66e7f422b23cd1132e08b4f2a3", "description": "风险预警\\\\x0d\\\\x0a\\\\x0d\\\\x0a xa0Akamai 安全研究人员发现了一种新型攻击技术,攻击者利用 Windows 辅助功能框架 UI Automation (UIA) 执行恶意活动,而 EDR 安全工具却无法察觉。", "author": "技术修道场", "category": "技术修道场", "pubDate": "2024-12-13T08:06:57" }, { "title": "漏洞预警 | Django拒绝服务和SQL注入漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491705&idx=1&sn=c6d00db2d1d2da8d4eccb0541ede19a2", "description": "Django存在拒绝服务和SQL注入漏洞,攻击者可通过该漏洞使应用程序挂起或崩溃和获取敏感数据,建议相关用户及时更新。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-13T08:02:47" }, { "title": "漏洞预警 | 小米路由器任意文件读取漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491705&idx=3&sn=cfbfa8d0e7f3f0cf0bb12bfdb1f55e15", "description": "小米路由器的/api-third-party/download/extdisks接口存在任意文件读取漏洞,攻击者通过漏洞可以读取服务器敏感信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-13T08:02:47" }, { "title": "CTF逆向题目解题思路", "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTUxMzk2NQ==&mid=2247485811&idx=1&sn=4bc9f21cb3e724d31c231696d945d4a1", "description": null, "author": "安全君呀", "category": "安全君呀", "pubDate": "2024-12-13T08:00:31" }, { "title": "闭源系统半自动漏洞挖掘工具 SinkFinder", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487028&idx=1&sn=59fd71a1f2ba11ab7b07247934d24721", "description": null, "author": "进击的HACK", "category": "进击的HACK", "pubDate": "2024-12-13T07:55:25" }, { "title": "【MalDev-10】免杀-3", "link": "https://mp.weixin.qq.com/s?__biz=MzIzODMyMzQxNQ==&mid=2247484344&idx=1&sn=23bea36464fb1ec449f66047871fdf87", "description": "本章主要介绍几种高级免杀技巧,如syscalls、用户层hook、直接调用syscalls、bypass EDR的原理和代码实战", "author": "高级红队专家", "category": "高级红队专家", "pubDate": "2024-12-13T07:08:42" }, { "title": "集群安全之Kubelet端口未授权深入利用", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493893&idx=2&sn=1a876190945290652e0f24a385b4a06a", "description": "漏洞描述K8s Node对外开启10250(Kubelet API)和10255端口(readonly AP", "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2024-12-13T07:00:46" }, { "title": "技术控必看:JDBC攻击全解析,一篇带你深入核心", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247517713&idx=1&sn=0b5347b5542a6442c28d186dd95c10a5", "description": "JDBC Attack漫谈", "author": "Z2O安全攻防", "category": "Z2O安全攻防", "pubDate": "2024-12-13T00:04:33" }, { "title": "免杀基础-进程遍历的方式", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517640&idx=1&sn=41e3091a9189473c37b96505c31d784a", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2024-12-13T00:01:29" }, { "title": "广联达OA系统漏洞批量检测工具 - GlodonScan", "link": "https://mp.weixin.qq.com/s?__biz=MzUyMTA0MjQ4NA==&mid=2247551275&idx=2&sn=6b84b6daf3d7d3e6a6137ca9a7253946", "description": null, "author": "LemonSec", "category": "LemonSec", "pubDate": "2024-12-13T00:01:11" }, { "title": "记一次网上阅卷系统漏洞挖掘", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486347&idx=1&sn=85137a0acb6c87cbba9b0be502bbad60", "description": null, "author": "扫地僧的茶饭日常", "category": "扫地僧的茶饭日常", "pubDate": "2024-12-13T00:00:15" }, { "title": "大众和斯柯达汽车存在漏洞,导致发动机故障和车主数据被盗", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505156&idx=1&sn=8b9e9979adb64197311a0dbe6ec5ff74", "description": null, "author": "网络研究观", "category": "网络研究观", "pubDate": "2024-12-12T23:59:45" }, { "title": "苹果通过 iOS 18.2 更新修复了密码应用程序中的加密漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505156&idx=3&sn=c456598d99353e763fbdc160fe0f3444", "description": null, "author": "网络研究观", "category": "网络研究观", "pubDate": "2024-12-12T23:59:45" }, { "title": "Burp Suite for Pentester:软件漏洞扫描程序和 Retire.js", "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485958&idx=1&sn=5b9296ea0c9d303950e55b2e9f337108", "description": "不仅我们看到的前端或看不到的后端,都会导致应用程序易受攻击。动态 Web 应用程序本身包含很多内容,无论是 JavaScript 库、第三方功能、功能插件还是其他内容。但是,如果安装的功能或插件本身易受攻击怎么办?", "author": "三沐数安", "category": "三沐数安", "pubDate": "2024-12-12T23:54:32" }, { "title": "LNK钓鱼攻击不只是简单的左移右移(文末代码)", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTUwNzAyOA==&mid=2247484367&idx=1&sn=08d275a8f0411e601dafa3ec654cb7c1", "description": null, "author": "悟盾", "category": "悟盾", "pubDate": "2024-12-12T23:00:50" }, { "title": "OSINT工具Maigret进入GitHub排名前3", "link": "https://mp.weixin.qq.com/s?__biz=MzU5Mjk3MDA5Ng==&mid=2247486440&idx=1&sn=1687ebb14b495fab8460ab5accd7fb06", "description": "Maigret 工具是只通过用户名收集一个人的信息,通过检查大量网站上的帐户并从网页收集所有可用信息", "author": "军机故阁", "category": "军机故阁", "pubDate": "2024-12-12T22:33:09" }, { "title": "一文带你详解MSI武器化", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDg3OTc0OA==&mid=2247489055&idx=1&sn=42b5e2676724c459cb811749218c6b53", "description": null, "author": "Relay学安全", "category": "Relay学安全", "pubDate": "2024-12-12T21:54:30" }, { "title": "【漏洞预警】Apache Struts 文件上传漏洞(CVE-2024-53677)", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNzQzNDI5OQ==&mid=2247486633&idx=1&sn=ce9d691bace642433060f9e374fae37d", "description": "近日,安全聚实验室监测到 Apache Struts 中存在文件上传漏洞 ,CVSS:9. 5xa0此漏洞允许未经身份验证的攻击者可以操纵文件上传参数以启用路径遍历,这可能导致上传可用于执行远程代码执行的恶意文件。", "author": "安全聚", "category": "安全聚", "pubDate": "2024-12-12T21:14:45" }, { "title": "(二维码) 在浏览器隔离环境中实现 C2 通信的突破", "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485678&idx=1&sn=ac70475ca373f1941323a62d687151b6", "description": null, "author": "securitainment", "category": "securitainment", "pubDate": "2024-12-12T19:20:37" }, { "title": "浅析libc2.38版本及以前tcache安全机制演进过程与绕过手法", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458585913&idx=2&sn=5c4eaeec34a6b48ede70a3c2a1b22aca", "description": "看雪论坛作者ID:是气球呀", "author": "看雪学苑", "category": "看雪学苑", "pubDate": "2024-12-12T18:01:15" }, { "title": "高危!Apache Struts文件上传漏洞安全风险通告", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NjY2MTIzMw==&mid=2650620155&idx=2&sn=25816eda1386048700d085e49807bf55", "description": "亚信安全建议受影响用户尽快采取相关安全措施。", "author": "亚信安全", "category": "亚信安全", "pubDate": "2024-12-12T17:52:02" }, { "title": "创宇安全智脑 | Mitel MiCollab 企业协作平台任意文件读取(CVE-2024-41713)等80个漏洞可检测", "link": "https://mp.weixin.qq.com/s?__biz=MzIwNjU0NjAyNg==&mid=2247490057&idx=1&sn=898cb42cbed7532cef5ba97f53508c92", "description": "创宇安全智脑是基于知道创宇16年来AI+安全大数据在真实攻防场景中的经验积累构建的下一代全场景安全智能算力平台", "author": "创宇安全智脑", "category": "创宇安全智脑", "pubDate": "2024-12-12T17:30:49" }, { "title": "Shiro框架漏洞看了你就会了(含靶场复现)", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568491&idx=1&sn=636c74804b027a06692725d2766cf513", "description": null, "author": "马哥网络安全", "category": "马哥网络安全", "pubDate": "2024-12-12T17:01:22" }, { "title": "【漏洞通告】Apache Struts 2远程代码执行漏洞安全风险通告", "link": "https://mp.weixin.qq.com/s?__biz=MzU4NjY4MDAyNQ==&mid=2247496866&idx=1&sn=bbb30a60616ec1cf4ea6804a05eac048", "description": "近日,嘉诚安全监测到Apache Struts 2中存在一个远程代码执行漏洞,鉴于漏洞危害较大,嘉诚安全提醒相关用户尽快更新至安全版本,避免引发漏洞相关的网络安全事件。", "author": "嘉诚安全", "category": "嘉诚安全", "pubDate": "2024-12-12T16:46:17" }, { "title": "【漏洞通告】GitLab Kubernetes Proxy Response NEL头注入漏洞安全风险通告", "link": "https://mp.weixin.qq.com/s?__biz=MzU4NjY4MDAyNQ==&mid=2247496866&idx=2&sn=0e95d9823e9072e35edb8a094e4fc18f", "description": "近日,嘉诚安全监测到GitLab社区版(CE)和企业版(EE)中存在Kubernetes Proxy Response NEL头注入漏洞,鉴于漏洞危害较大,嘉诚安全提醒相关用户尽快更新至安全版本,避免引发漏洞相关的网络安全事件。", "author": "嘉诚安全", "category": "嘉诚安全", "pubDate": "2024-12-12T16:46:17" }, { "title": "【漏洞通告】Apache Struts 2 任意文件上传漏洞(S2-067)(CVE-2024-53677)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247523950&idx=1&sn=c7f7b9fa14789faf8a6c75b897452a46", "description": "2024年12月12日,深瞳漏洞实验室监测到一则Apache-Struts2组件存在任意文件上传漏洞的信息,漏洞编号:CVE-2024-53677,漏洞威胁等级:严重。", "author": "深信服千里目安全技术中心", "category": "深信服千里目安全技术中心", "pubDate": "2024-12-12T16:34:01" }, { "title": "【风险通告】Apache Struts存在文件上传漏洞(CVE-2024-53677)", "link": "https://mp.weixin.qq.com/s?__biz=MzUzOTE2OTM5Mg==&mid=2247490197&idx=1&sn=9ffaa9babf02fbd7ab419b9c4a23da71", "description": null, "author": "安恒信息CERT", "category": "安恒信息CERT", "pubDate": "2024-12-12T16:29:08" }, { "title": "【风险通告】GitLab存在敏感信息泄露漏洞(CVE-2024-11274)", "link": "https://mp.weixin.qq.com/s?__biz=MzUzOTE2OTM5Mg==&mid=2247490197&idx=2&sn=f905ddb46575c4bbf932f4af33a4738a", "description": null, "author": "安恒信息CERT", "category": "安恒信息CERT", "pubDate": "2024-12-12T16:29:08" }, { "title": "网安必备 Burp Suite工具介绍", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MDY1MzUzNw==&mid=2247497998&idx=1&sn=295d05fc562e35a631e557fb29288bae", "description": null, "author": "长风实验室", "category": "长风实验室", "pubDate": "2024-12-12T16:19:32" }, { "title": "Zabbix SQL 注入 CVE-2024-42327 POC已公开", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3MDk0OTc1Nw==&mid=2247487889&idx=2&sn=0912f0715b90ec7999f942aa0df0a5f3", "description": "CVE-2024-42327 的 PoC 发布", "author": "剁椒鱼头没剁椒", "category": "剁椒鱼头没剁椒", "pubDate": "2024-12-12T15:37:30" }, { "title": "【攻击手法分析】勒索病毒如何轻松绕过安全设备防线:第二篇-流量致盲,无声突破", "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTQ0MjE1NQ==&mid=2247494587&idx=1&sn=761d5ecda1eb25d36828bee7b5e10eed", "description": null, "author": "solar应急响应团队", "category": "solar应急响应团队", "pubDate": "2024-12-12T15:35:59" }, { "title": "CNNVD关于Apache Struts安全漏洞的通报", "link": "https://mp.weixin.qq.com/s?__biz=MzAxODY1OTM5OQ==&mid=2651462062&idx=1&sn=6d04ce844444272812e3be3b061bf062", "description": "近日,国家信息安全漏洞库(CNNVD)收到关于Apache Struts安全漏洞(CNNVD-202412-1393、CVE-2024-53677)情况的报送。", "author": "CNNVD安全动态", "category": "CNNVD安全动态", "pubDate": "2024-12-12T15:31:28" }, { "title": "渗透实战 | 组合拳从0-1 Getshell过程", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NzkwMTYyOQ==&mid=2247488085&idx=1&sn=a4a5660879f0df6f6a27786650a755be", "description": null, "author": "不秃头的安全", "category": "不秃头的安全", "pubDate": "2024-12-12T15:22:18" }, { "title": "如何阻止利用 CVE-2024-49040", "link": "https://mp.weixin.qq.com/s?__biz=MzAxNjg3MjczOA==&mid=2247486345&idx=1&sn=7544b47f2c754b4742fa9ac39bfe763a", "description": null, "author": "卡巴斯基网络安全大百科", "category": "卡巴斯基网络安全大百科", "pubDate": "2024-12-12T15:00:39" }, { "title": "Apache Struts 文件上传漏洞(CVE-2024-53677)安全风险通告", "link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502622&idx=1&sn=b09b74ae58ce913511ebc0fee0ec7fef", "description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。", "author": "奇安信 CERT", "category": "奇安信 CERT", "pubDate": "2024-12-12T15:00:20" }, { "title": "【漏洞通告】Apache Struts任意文件上传漏洞S2-067(CVE-2024-53677)", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjE3ODkxNg==&mid=2247488729&idx=1&sn=a0e9eae2466686a1ed32088d958a1046", "description": "近日,绿盟科技CERT监测到Apache发布安全公告,修复了Apache Struts任意文件上传漏洞S2-067(CVE-2024-53677)。由于文件上传功能存在逻辑缺陷,未经身份验证的攻击者可以通过控制文件上传参数进行路径遍历", "author": "绿盟科技CERT", "category": "绿盟科技CERT", "pubDate": "2024-12-12T14:29:41" }, { "title": "主机侧命令执行监测的规避", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NzYzODU5NQ==&mid=2247484894&idx=1&sn=513ddea2f76c9a5bc7e6b7e6986b9c25", "description": "在网络安全领域,规避主机侧命令执行监测是关键技术之一。本文深入探讨了使用Windows API进行信息收集和规避策略,为网络安全专业人士提供了实用的技术指导。", "author": "T00ls安全", "category": "T00ls安全", "pubDate": "2024-12-12T14:11:02" }, { "title": "我很高兴与您分享我的最新研究成果 - “DCOM 上传和执行”一种先进的横向移动技术", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525704&idx=2&sn=5ff65e8e375a4f73c4a15acf5f327056", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-12T12:54:15" }, { "title": "新型 DCOM 横向移动攻击,忘记 PSEXEC:DCOM 上传并执行后门", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525704&idx=3&sn=b9107e935aaac816be457034f7fde725", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-12T12:54:15" }, { "title": "Emlog-Pro 2.4.1最新版存在命令执行漏洞(RCE)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247488031&idx=1&sn=39bd2bcb7698b56ca816ae62312cf3c2", "description": "emlog-pro-2.4.1版本存在命令执行漏洞,远程攻击者可以利用此漏洞,执行任意代码并获取敏感信息。\\\\x0d\\\\x0a影响版本:emlog-pro-2.4.1", "author": "星悦安全", "category": "星悦安全", "pubDate": "2024-12-12T12:10:49" }, { "title": "太棒辣 | 感谢大哥带我学习关于验证码逻辑漏洞这些事", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDg2MDIxNQ==&mid=2247485214&idx=1&sn=a126b82447490aba7c8486d38e147729", "description": "犀利猪安全,带你上高速~", "author": "Jie安全", "category": "Jie安全", "pubDate": "2024-12-12T11:51:35" }, { "title": "自制Python网络安全工具 (2)【SQL 注入检测工具】【官网实时更新】", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MzgwMDE2Mw==&mid=2247488242&idx=1&sn=03418bc7151e6bc9449d6c3ab010c18c", "description": "Python 网络安全工具,涵盖漏洞扫描、密码破解、渗透测试、数据包嗅探、取证分析等领域。每个工具都添加了 丰富的描述、实现思路,以及核心 Python 库,逐步完善所有代码,请关注官网。", "author": "黑客驰", "category": "黑客驰", "pubDate": "2024-12-12T11:46:53" }, { "title": "【2024-12-12】每日安全资讯", "link": "https://mp.weixin.qq.com/s?__biz=MzIzNDU5NTI4OQ==&mid=2247488074&idx=1&sn=1154b0e4998f167930f9e30aa3994785", "description": "【2024-12-12】每日安全资讯", "author": "知机安全", "category": "知机安全", "pubDate": "2024-12-12T11:32:16" }, { "title": "实战自动化加解密&加密场景下的暴力破解", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMjIxNjExNg==&mid=2247486039&idx=1&sn=cbc383b06034ab3d9530cc65d6ea6383", "description": "Yu9师傅教你如何拥有“写轮眼”透视加密", "author": "沃克学安全", "category": "沃克学安全", "pubDate": "2024-12-12T11:23:11" }, { "title": "【高危漏洞预警】Apache Struts2文件上传限制不当漏洞可导致远程代码执行", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489303&idx=1&sn=67a0e75e16ceeb84736dfdecec8929a1", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2024-12-12T10:51:55" }, { "title": "【漏洞预警】GitLab CE/EE需授权输入验证不当漏洞可导致敏感信息泄露", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489303&idx=2&sn=48d2b3a20b0b6aa648b31928fb3c1c2a", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2024-12-12T10:51:55" }, { "title": "干货|一文搞懂加密流量检测的解决方法和技术细节", "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247179&idx=3&sn=c77255cfee1fdc55e200f0175714f97b", "description": null, "author": "e安在线", "category": "e安在线", "pubDate": "2024-12-12T10:15:48" }, { "title": "如何使用simplewall安全地配置Windows 过滤平台(WFP)", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQyODI4Ng==&mid=2247495174&idx=3&sn=2d8439f8048b82ec785a789d371751a9", "description": "该工具能够帮助广大研究人员以安全的方式配置WFP。", "author": "网络安全与人工智能研究中心", "category": "网络安全与人工智能研究中心", "pubDate": "2024-12-12T10:15:40" }, { "title": "Windows 权限提升漏洞检测工具集", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650604901&idx=4&sn=8b22298458041ebc0c7de6e73309a1cf", "description": null, "author": "黑白之道", "category": "黑白之道", "pubDate": "2024-12-12T10:04:23" }, { "title": "2024年最全的Nmap扫描案例集合(含15个常用场景分类,102个命令组合)", "link": "https://mp.weixin.qq.com/s?__biz=MzU3MjczNzA1Ng==&mid=2247493947&idx=2&sn=22e2049c5b7a89bd775d5cb827f55576", "description": "本文收集了Nmap扫描的15个场景的命令使用场景, 每个场景中列出了命令的参数组合及含义,方便使用查阅。", "author": "龙哥网络安全", "category": "龙哥网络安全", "pubDate": "2024-12-12T10:00:25" }, { "title": "十一月安全通告", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3Mzg1OTYyMQ==&mid=2247487648&idx=1&sn=8c4d211b5db20df0304363083209be8f", "description": null, "author": "中龙技术", "category": "中龙技术", "pubDate": "2024-12-12T09:00:50" }, { "title": "新的 DCOM 攻击利用 Windows Installer 服务部署隐蔽后门", "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793461&idx=1&sn=04f25b71012dff47f9a7245f2e18778a", "description": "Deep Instinct 的技术博客详细介绍了该攻击……", "author": "军哥网络安全读报", "category": "军哥网络安全读报", "pubDate": "2024-12-12T09:00:37" }, { "title": "记一次接口fuzz+逻辑漏洞拿下证书站高危", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486316&idx=1&sn=99516f099d6a519939789425766585b8", "description": null, "author": "扫地僧的茶饭日常", "category": "扫地僧的茶饭日常", "pubDate": "2024-12-12T09:00:19" }, { "title": "内网渗透的步骤_内网渗透思路", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247484415&idx=1&sn=34083aa1286bc790ebb9ab59d5ff8a1a", "description": "内容有长,耐心看完", "author": "富贵安全", "category": "富贵安全", "pubDate": "2024-12-12T08:55:22" }, { "title": "一网打尽!20种绕过CDN查找真实IP的实用方法", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMDM4NDM5Ng==&mid=2247489313&idx=1&sn=fddc5049d2f1cc034240b8c50879457d", "description": "绕过CDN查找真实IP是网络安全与渗透测试中的一项重要技能。20种详细的用于绕过CDN并找到网站的真实IP地址方法,供参考。", "author": "安全洞察知识图谱", "category": "安全洞察知识图谱", "pubDate": "2024-12-12T08:31:05" }, { "title": "DMC Airin Blog Plugin 反序列化 CVE-2024-52413分析", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMDY1NzA2Mw==&mid=2247483820&idx=1&sn=a23aeb71510508774f10b307c7147e14", "description": null, "author": "fraud安全", "category": "fraud安全", "pubDate": "2024-12-12T08:30:20" }, { "title": "探索开源 C2 框架中的漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ5MDM3NA==&mid=2247487448&idx=1&sn=7ee29c06eeab215458a3c97c371e9d36", "description": null, "author": "SecretTeam安全团队", "category": "SecretTeam安全团队", "pubDate": "2024-12-12T08:01:10" }, { "title": "漏洞预警 | WordPress Plugin Automations SQL注入漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491701&idx=1&sn=be4218ea093c0ed8f548e499518fa818", "description": "Automations的/?bwfan-track-id接口存在SQL注入漏洞,未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-12T08:00:13" }, { "title": "漏洞预警 | Veeam Service Provider Console远程代码执行和信息泄露漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491701&idx=2&sn=986dca366576ab77940040ab4b163181", "description": "Veeam Service Provider Console存在远程代码执行和信息泄露漏洞,攻击者可利用该漏洞执行任意代码、获取敏感信息,建议相关用户及时更新。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-12T08:00:13" }, { "title": "漏洞预警 | Progress WhatsUp Gold远程代码执行漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491701&idx=3&sn=a5686e3902d307406a535d6aff1858a3", "description": "Progress Software WhatsUp Gold存在注册表覆盖远程代码执行漏洞,成功利用该漏洞允许攻击者绕过正常的安全机制,获得对受影响系统的完全控制权,从而可能执行任意代码、窃取敏感信息、破坏系统功能或部署持久化恶意软件。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-12T08:00:13" }, { "title": "【MalDev-10】免杀-2", "link": "https://mp.weixin.qq.com/s?__biz=MzIzODMyMzQxNQ==&mid=2247484343&idx=1&sn=491225b73b55711f66cddec178cd8201", "description": "本章主要讲解动态检测逃逸和AMSI绕过技术和代码实战", "author": "高级红队专家", "category": "高级红队专家", "pubDate": "2024-12-12T07:19:11" }, { "title": "Go — :恶意软件开发 (第五部分)", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503855&idx=1&sn=3676f21744684a6b641ae533b27f2664", "description": "欢迎回来!在前面的部分中,我们设置了 TCP 服务器和客户端,支持远程命令执行并轻松处理文件上传和下载", "author": "安全狗的自我修养", "category": "安全狗的自我修养", "pubDate": "2024-12-12T07:11:07" }, { "title": "Microsoft December 2024 Patch Tuesday修复了正在被活动利用的零日漏洞", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247492928&idx=1&sn=618a18a9ab07e6b70e505bce60fbc6ba", "description": null, "author": "黑猫安全", "category": "黑猫安全", "pubDate": "2024-12-12T07:00:20" }, { "title": "SAP修复了NetWeaver的Adobe文档服务中的严重SSRF漏洞", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247492928&idx=2&sn=6bdb83f91406f4b7ff13d4d7e532349b", "description": null, "author": "黑猫安全", "category": "黑猫安全", "pubDate": "2024-12-12T07:00:20" }, { "title": "安卓逆向 -- 去除软件中的恶意捆绑下载教程", "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037209&idx=1&sn=fd49b8e7ef4bb6c555d48988c94ed6ac", "description": null, "author": "逆向有你", "category": "逆向有你", "pubDate": "2024-12-12T00:00:59" }, { "title": "XXE漏洞检测工具", "link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515150&idx=1&sn=cdde4c00dd188d786d3e826d01dcb79a", "description": null, "author": "Web安全工具库", "category": "Web安全工具库", "pubDate": "2024-12-12T00:00:44" }, { "title": "干货 | 自动化快速收集内网配置文件信息", "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491971&idx=1&sn=f502f6aa694aa22f8408b4fdb8b52e1d", "description": null, "author": "星落安全团队", "category": "星落安全团队", "pubDate": "2024-12-12T00:00:44" }, { "title": "免杀基础-IAT隐藏", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517626&idx=1&sn=b73a3191f060c5718cc7907226ff0421", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2024-12-12T00:00:28" }, { "title": "ShellCode在线免杀处理平台", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDYxMTc0Mg==&mid=2247484180&idx=1&sn=b0cb2b085e2fca7f38cca70541c0f14c", "description": null, "author": "渗透云记", "category": "渗透云记", "pubDate": "2024-12-11T23:59:16" }, { "title": "【漏洞预警】Ivanti Cloud Services Application身份验证绕过漏洞(CVE-2024-11639)", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489295&idx=1&sn=a839ca79c296bf8e27e6b58259673990", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2024-12-11T23:48:04" }, { "title": "[历史文章]红队基础设施建设与改造(二)——深入理解sqlmap(上)", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE3MzAxOA==&mid=2247485286&idx=1&sn=bfea0a0504a232cc41d56747a6ed4104", "description": "本文剖析了sqlmap的大部分功能点和所有的检测逻辑,同时还会讲到tamper的分析以及tamper的编写", "author": "魔影安全实验室", "category": "魔影安全实验室", "pubDate": "2024-12-11T22:41:04" }, { "title": "JAVA安全-模板注入-FreeMarker", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MzkwNzI1OQ==&mid=2247485562&idx=1&sn=485e361d6f72c063b471c3b6e8ba4a5e", "description": "由于传播、利用本公众号菜狗安全所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,公众号菜狗安全及作者不为此承担任何责任,一旦造成后果请自行承担!如有侵权烦请告知,会立即删除并致歉。", "author": "菜狗安全", "category": "菜狗安全", "pubDate": "2024-12-11T21:21:26" }, { "title": "滥用AD-DACL:WriteDacl", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjM0ODAwNg==&mid=2247488298&idx=1&sn=b4b830f847fe5a1b3a41fc2ebe813310", "description": "AD-DACL提权实验 wirteDacl", "author": "TIPFactory情报工厂", "category": "TIPFactory情报工厂", "pubDate": "2024-12-11T20:28:01" }, { "title": "利用 Spring Boot 3.4.0 属性进行远程代码执行", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525604&idx=1&sn=c9c72fb33dcc8aaeecfc286954b468ae", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-11T19:31:52" }, { "title": "(QR)用代码解决问题:浏览器隔离环境中的 C2", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525604&idx=2&sn=b3b779767b6190159934a910889fbe0a", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-11T19:31:52" }, { "title": "LexiCrypt是一种 shellcode 混淆和编码工具", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525604&idx=3&sn=b63d58bb28b803669a136891d243b08a", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-11T19:31:52" }, { "title": "渗透测试小练习(1)尝试一个图形验证码绕过的复现", "link": "https://mp.weixin.qq.com/s?__biz=MzI4NzA1Nzg5OA==&mid=2247485612&idx=2&sn=2a1158f7b17eb1ee8b19889b6f5ffcfd", "description": null, "author": "透明魔方", "category": "透明魔方", "pubDate": "2024-12-11T19:30:21" }, { "title": "2024-12微软漏洞通告", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247520891&idx=1&sn=9535d3e973223031ca7f28abfe0e1260", "description": null, "author": "火绒安全", "category": "火绒安全", "pubDate": "2024-12-11T18:10:27" }, { "title": "【风险通告】微软12月安全更新补丁和多个高危漏洞风险提示", "link": "https://mp.weixin.qq.com/s?__biz=MzUzOTE2OTM5Mg==&mid=2247490187&idx=1&sn=01d384d7accbadf6fc64011e08dfeaa0", "description": null, "author": "安恒信息CERT", "category": "安恒信息CERT", "pubDate": "2024-12-11T18:05:16" }, { "title": "ADCS学习记录", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2MDYxOTQ1Mw==&mid=2247483977&idx=1&sn=4dd3050bfa213454437037b5ac7f472d", "description": null, "author": "舒克的freestyle", "category": "舒克的freestyle", "pubDate": "2024-12-11T18:00:17" }, { "title": "WPForms插件漏洞导致数百万WordPress网站面临Stripe退款风险", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458585644&idx=3&sn=f727f4e41376948f65be9449f4cd865e", "description": "WPForms插件漏洞允许订阅者级别用户执行Stripe退款,建议尽快升级至1.9.2.2版本。", "author": "看雪学苑", "category": "看雪学苑", "pubDate": "2024-12-11T17:59:33" }, { "title": "【漏洞通告】Ivanti Cloud Services Application身份验证绕过漏洞(CVE-2024-11639)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247523947&idx=2&sn=ecf8b93a77abcde7380781b0a7ba958e", "description": "2024年12月11日,深瞳漏洞实验室监测到一则Ivanti Cloud Services Application (CSA)组件存在身份验证漏洞漏洞的信息,漏洞编号:CVE-2024-11639,漏洞威胁等级:严重。", "author": "深信服千里目安全技术中心", "category": "深信服千里目安全技术中心", "pubDate": "2024-12-11T17:45:18" }, { "title": "【漏洞通告】微软2024年12月安全更新通告", "link": "https://mp.weixin.qq.com/s?__biz=MzI1NDQxMDE0NQ==&mid=2247485083&idx=1&sn=b0001d31a1da90591366a8795080ae1b", "description": null, "author": "青藤实验室", "category": "青藤实验室", "pubDate": "2024-12-11T17:30:22" }, { "title": "【工具分享】Nuclei GUI 管理工具(附12W+poc)", "link": "https://mp.weixin.qq.com/s?__biz=MzIyNTIxNDA1Ng==&mid=2659211287&idx=1&sn=648b0bcf5231aa3c73bd8820bc05666c", "description": null, "author": "暗影网安实验室", "category": "暗影网安实验室", "pubDate": "2024-12-11T17:20:45" }, { "title": "干货 | 应急响应常见流程,详解6个关键步骤", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568447&idx=1&sn=463292005dc4912c6cc2edaabca216dc", "description": null, "author": "马哥网络安全", "category": "马哥网络安全", "pubDate": "2024-12-11T17:03:03" }, { "title": "一次接口到源码泄露案例", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNTQwNjQ4OA==&mid=2247484028&idx=1&sn=194a2d97d4b8e720d9998d99eed8f61e", "description": "简单src案例分享", "author": "UF安全团队", "category": "UF安全团队", "pubDate": "2024-12-11T15:57:50" }, { "title": "【漏洞通告】微软12月多个安全漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNzY5OTg2Ng==&mid=2247500373&idx=2&sn=de1d1f63dc8bc0f867a230507640bdc2", "description": null, "author": "启明星辰安全简讯", "category": "启明星辰安全简讯", "pubDate": "2024-12-11T15:39:40" }, { "title": "2024年12月微软补丁日多个高危漏洞安全风险通告", "link": "https://mp.weixin.qq.com/s?__biz=MzU4NjY4MDAyNQ==&mid=2247496850&idx=1&sn=21c9286190406da9b6d1eaf566c9289d", "description": "近日,嘉诚安全监测到Microsoft官方发布了12月份的安全更新公告,共修复了72个漏洞,鉴于漏洞危害较大,嘉诚安全提醒广大Microsoft用户尽快下载补丁更新,避免引发漏洞相关的网络安全事件。", "author": "嘉诚安全", "category": "嘉诚安全", "pubDate": "2024-12-11T15:35:16" }, { "title": "MySQL高交互蜜罐速成", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3MDk0OTc1Nw==&mid=2247487885&idx=1&sn=4abb31169be2bf73e4be862044a5cabc", "description": "会员文章+1", "author": "剁椒鱼头没剁椒", "category": "剁椒鱼头没剁椒", "pubDate": "2024-12-11T15:23:47" }, { "title": "资产管理工具TestNet", "link": "https://mp.weixin.qq.com/s?__biz=MzU0MDUxMDEzNQ==&mid=2247489742&idx=1&sn=38637114689c4d4fa20919fc17cf0319", "description": null, "author": "黑客仓库", "category": "黑客仓库", "pubDate": "2024-12-11T15:01:01" }, { "title": "渗透实战|组合拳从0-1 Getshell过程", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDA5NzUzNA==&mid=2247489170&idx=1&sn=32ec815b2befd71f103761e23a6f87e9", "description": null, "author": "藏剑安全", "category": "藏剑安全", "pubDate": "2024-12-11T14:34:11" }, { "title": "Nuclei|图形化|轻量化刷漏洞神器|11000+poc", "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTQyOTk3Mg==&mid=2247484928&idx=1&sn=0d5f72ae7989e53bcc477d6e0f275680", "description": null, "author": "海底生残月", "category": "海底生残月", "pubDate": "2024-12-11T14:29:32" }, { "title": "【风险提示】天融信关于微软2024年12月安全更新的风险提示", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3MDAzMDQxNw==&mid=2247496664&idx=1&sn=61b0c3aaa8d69a3fb1056ffb3f3d3ed4", "description": "2024年12月11日,天融信阿尔法实验室监测到微软官方发布了12月安全更新。此次更新共修复72个漏洞,其中16个严重漏洞、55个重要漏洞、1个中危漏洞。", "author": "天融信阿尔法实验室", "category": "天融信阿尔法实验室", "pubDate": "2024-12-11T14:09:20" }, { "title": "IBM DB2数据库曝严重漏洞,多个版本或面临DoS攻击风险;克罗地亚最大港口运营商遭勒索软件攻击 | 牛览", "link": "https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651133916&idx=2&sn=74b19c9e305f2a4c9339a264238fb1ae", "description": "牛览网络安全全球资讯,洞察行业发展前沿态势!", "author": "安全牛", "category": "安全牛", "pubDate": "2024-12-11T12:22:26" }, { "title": "组合拳从0-1 Getshell过程", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjQyMjcwMw==&mid=2247486746&idx=2&sn=064e435cceb3e68cc85ad60755ba3364", "description": null, "author": "小黑说安全", "category": "小黑说安全", "pubDate": "2024-12-11T12:07:17" }, { "title": "两个硬编码凭证导致接管漏洞案例", "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614639&idx=1&sn=fd9973982ad39d76f3b355943e30411a", "description": null, "author": "白帽子左一", "category": "白帽子左一", "pubDate": "2024-12-11T12:00:22" }, { "title": "利用损坏的文件绕过防病毒软件", "link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492736&idx=1&sn=b5f0252e59634a98b43987a0be02514f", "description": "由于大多数防病毒软件和自动化工具都没有配备 Word 等应用程序中的恢复功能。这使得他们无法准确识别损坏文件的类型,从而导致无法检测和缓解威胁。", "author": "二进制空间安全", "category": "二进制空间安全", "pubDate": "2024-12-11T11:11:11" }, { "title": "linux应急之grep命令在应急实战中的使用", "link": "https://mp.weixin.qq.com/s?__biz=MjM5ODkxMTEzOA==&mid=2247484466&idx=1&sn=26cd7406cb5b3ea19d1332c0a32988ad", "description": "linux应急之grep命令在应急实战中的使用,本文作者:雁过留痕@深信服MSS专家部", "author": "安服仔的救赎", "category": "安服仔的救赎", "pubDate": "2024-12-11T10:01:59" }, { "title": "edu小程序挖掘严重支付逻辑漏洞", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486314&idx=1&sn=6ca1faf4185516060554cb5767910675", "description": null, "author": "扫地僧的茶饭日常", "category": "扫地僧的茶饭日常", "pubDate": "2024-12-11T09:30:47" }, { "title": "微软12月补丁日多个产品安全漏洞风险通告:1个在野利用、17个紧急漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502600&idx=1&sn=2b1a45b44e8988e6121af578a0aece0a", "description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。", "author": "奇安信 CERT", "category": "奇安信 CERT", "pubDate": "2024-12-11T09:25:19" }, { "title": "MySQL高交互蜜罐速成", "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTQzNjIwNw==&mid=2247490682&idx=1&sn=78568f977e21320a93985790fb50b8e8", "description": "会员文章+1", "author": "棉花糖fans", "category": "棉花糖fans", "pubDate": "2024-12-11T09:04:17" }, { "title": "某通用系统0day审计过程", "link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491220&idx=1&sn=33447580838d346357e11ff01107377f", "description": null, "author": "实战安全研究", "category": "实战安全研究", "pubDate": "2024-12-11T09:00:55" }, { "title": "Linux UEFI BootKit样本分析", "link": "https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247489681&idx=1&sn=db979eeea2772c3628882e836b8b6c59", "description": "Linux UEFI BootKit样本分析", "author": "安全分析与研究", "category": "安全分析与研究", "pubDate": "2024-12-11T08:55:19" }, { "title": "Nginx中的正则表达式,location路径匹配规则和优先级", "link": "https://mp.weixin.qq.com/s?__biz=MzI1NzI5NDM4Mw==&mid=2247498433&idx=1&sn=5aa13db5200cd19b51eb2f1a98c3dbf9", "description": null, "author": "Docker中文社区", "category": "Docker中文社区", "pubDate": "2024-12-11T08:31:23" }, { "title": "好用的Nuclei GUI POC管理工具", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4NTUwMzM1Ng==&mid=2247512787&idx=1&sn=1c6cd54a524329190ebb2a2f336a843e", "description": "一个好用的nuclei GUI POC模版管理工具。由于没找到一款比较好用的poc管理器,便自己开发了这个...。", "author": "潇湘信安", "category": "潇湘信安", "pubDate": "2024-12-11T08:30:42" }, { "title": "burpsuite漏洞检测插件", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247488512&idx=1&sn=bbf4eade0ae5bfb2b0fc7528f169bcb7", "description": null, "author": "白帽学子", "category": "白帽学子", "pubDate": "2024-12-11T08:11:51" }, { "title": "【Tools】探索轻量级的无害化钓鱼演练工具,提升网络安全!", "link": "https://mp.weixin.qq.com/s?__biz=MzIxMTEyOTM2Ng==&mid=2247504263&idx=1&sn=323c7103ef89009186497e79d55e6f0e", "description": null, "author": "释然IT杂谈", "category": "释然IT杂谈", "pubDate": "2024-12-11T08:08:36" }, { "title": "Linux应急处置/漏洞检测工具,支持恶意文件/内核Rootkit/SSH/Webshell/挖矿进程等13类70+项检查", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247492938&idx=1&sn=9557293ff92e8a09b9a07afd780bb77a", "description": null, "author": "夜组安全", "category": "夜组安全", "pubDate": "2024-12-11T08:02:20" }, { "title": "一网打尽!20种绕过CDN查找真实IP的实用方法", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247504386&idx=1&sn=740c83eb35261a329a7e82c91b10f70f", "description": null, "author": "菜鸟学信安", "category": "菜鸟学信安", "pubDate": "2024-12-11T08:00:13" }, { "title": "漏洞预警 | Apache HertzBeat弱口令漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491696&idx=1&sn=8a2073f94177e371f3b84a33c8bd9e5a", "description": "Apache HertzBeat开源实时监控系统存在默认口令漏洞,未经身份验证的攻击者可以通过默认口令登录后台,从而进行任意恶意操作。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2024-12-11T08:00:08" }, { "title": "【MalDev-10】免杀-1", "link": "https://mp.weixin.qq.com/s?__biz=MzIzODMyMzQxNQ==&mid=2247484342&idx=1&sn=6aa22db05980732baa5b1ea0c1b89c34", "description": "本章主要了解免杀机制和静态免杀逃逸代码实战", "author": "高级红队专家", "category": "高级红队专家", "pubDate": "2024-12-11T07:27:18" }, { "title": "Go :恶意软件开发(第四部分)", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503854&idx=1&sn=19dc40fb75672df0cd9591366e118c52", "description": "欢迎回来!在前面的部分中,我们启动并运行了 TCP 服务器和客户端,远程执行系统命令并支持将文件上传到目标计", "author": "安全狗的自我修养", "category": "安全狗的自我修养", "pubDate": "2024-12-11T07:09:22" }, { "title": "【手动修复格式化后的NTFS文件系统】", "link": "https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048087&idx=2&sn=0a9bf3c321f4ddfed72e7124255f1da3", "description": null, "author": "电子物证", "category": "电子物证", "pubDate": "2024-12-11T07:01:02" }, { "title": "WordPress:反向 Shell", "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247485928&idx=1&sn=7b7459637ab0cce49cde301ffbc42b0a", "description": "这篇文章重点介绍 WordPress 安全测试,以探索通过入侵管理控制台来利用 WordPress 的程序。", "author": "三沐数安", "category": "三沐数安", "pubDate": "2024-12-11T00:21:13" }, { "title": "信息收集工具(爬网站JS文件,自动fuzz api接口,指定api接口)", "link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515136&idx=1&sn=f4d3087f366d6847b6147a2eca37f202", "description": null, "author": "Web安全工具库", "category": "Web安全工具库", "pubDate": "2024-12-11T00:03:08" }, { "title": "安卓逆向 -- 非root环境下Frida完全内置apk打包方案及2种注入方式回顾", "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037195&idx=1&sn=e3744f2062b0699864d8021103cb46b3", "description": null, "author": "逆向有你", "category": "逆向有你", "pubDate": "2024-12-11T00:02:51" }, { "title": "基础免杀 从.rsrc加载shellcode上线", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517617&idx=1&sn=19331b74abf03c29e765abf856c2be5f", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2024-12-11T00:01:02" }, { "title": "OpenWrt LuCi 任意文件读取", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486245&idx=1&sn=7cef704c103e484f3bae97c9c723d81d", "description": null, "author": "TtTeam", "category": "TtTeam", "pubDate": "2024-12-11T00:00:57" }, { "title": "【攻防利器】哥斯拉插件 一键注入suo5内存马", "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491875&idx=1&sn=5cde864cf240bdf64df11aad9c32a629", "description": "Suo5MemShell一款哥斯拉后渗透插件\\\\x0d\\\\x0a支持一键注入suo5内存马", "author": "星落安全团队", "category": "星落安全团队", "pubDate": "2024-12-11T00:00:42" }, { "title": "Palo Alto Networks PAN-OS存在远程命令执行漏洞CVE-2024-9474 附POC", "link": "https://mp.weixin.qq.com/s?__biz=MzIxMjEzMDkyMA==&mid=2247487960&idx=1&sn=201e394851f63027036f862d8a36895d", "description": null, "author": "南风漏洞复现文库", "category": "南风漏洞复现文库", "pubDate": "2024-12-10T23:50:02" }, { "title": "[历史文章]红队基础设施建设与改造(一)——Nmap流量特征改造", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE3MzAxOA==&mid=2247485188&idx=1&sn=445e43b043386bf4837aa111e03d656e", "description": "本文是历史文章,首发于2020年11月。本文主要针对nmap的常见扫描方式和数据包进行分析,进而从源码层面修改后重新编译达到降低针对特征扫描的发现概率。", "author": "魔影安全实验室", "category": "魔影安全实验室", "pubDate": "2024-12-10T22:42:28" }, { "title": "一个平平无奇的登录接口竟能引发账号密码泄露。。。", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247517536&idx=1&sn=22e7ada15b747e5f631d01ebfe025525", "description": "一个平平无奇的登录接口竟能引发账号密码泄露。。。", "author": "Z2O安全攻防", "category": "Z2O安全攻防", "pubDate": "2024-12-10T22:07:07" }, { "title": "OpenWrt Attended SysUpgrade 命令注入漏洞(CVE-2024-54143)安全风险通告", "link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502599&idx=1&sn=08433e68d77f02c833f22ef0e429a3a4", "description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。", "author": "奇安信 CERT", "category": "奇安信 CERT", "pubDate": "2024-12-10T19:45:15" }, { "title": "网安瞭望台第12期:u200bWeb3 公司员工成网络钓鱼新目标、黑客利用 ProjectSend 漏洞对暴露服务器安插后门", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTkwODU3Ng==&mid=2247514233&idx=1&sn=fe7f18f9e6fc67cea439adb40e62ddca", "description": "网安资讯分享\\\\x0d\\\\x0aDAILY NEWS AND KNOWLEDGE", "author": "东方隐侠安全团队", "category": "东方隐侠安全团队", "pubDate": "2024-12-10T19:30:59" }, { "title": "研究员在DeepSeek 和 Claude AI 中发现多个提示注入漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247521736&idx=1&sn=f656ad45da506b8f778e68ff0243d0be", "description": "速修复", "author": "代码卫士", "category": "代码卫士", "pubDate": "2024-12-10T18:10:44" }, { "title": "Nacos 漏洞 Checklist", "link": "https://mp.weixin.qq.com/s?__biz=MzU0NDc0NTY3OQ==&mid=2247488045&idx=1&sn=16a963cb6bf423b58b5d8a688954ada5", "description": "还在等什么,狱卒啊!!!!!!!", "author": "老鑫安全", "category": "老鑫安全", "pubDate": "2024-12-10T18:01:31" }, { "title": "PWN入门:偷吃特权-SetUID", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458585619&idx=1&sn=07fcf75692e40d7d9d1d1c98bcae9fdf", "description": "看雪论坛作者ID:福建炒饭乡会", "author": "看雪学苑", "category": "看雪学苑", "pubDate": "2024-12-10T17:59:33" }, { "title": "【漏洞预警】OpenWrt Attended SysUpgrade命令注入漏洞(CVE-2024-54143)", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489290&idx=1&sn=23aac3e9aa06dfc1b6f591189e48ef86", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2024-12-10T17:48:17" }, { "title": "【漏洞通告】OpenWrt Attended SysUpgrade命令注入漏洞(CVE-2024-54143)", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNzY5OTg2Ng==&mid=2247500362&idx=2&sn=f976039cdb60102871bbd4d9cbf28c60", "description": null, "author": "启明星辰安全简讯", "category": "启明星辰安全简讯", "pubDate": "2024-12-10T16:51:10" }, { "title": "监控告警:夜莺体系中使用Python实现短信告警", "link": "https://mp.weixin.qq.com/s?__biz=MzIzNjU5NDE2MA==&mid=2247489936&idx=1&sn=9cdb305e1d853e58adbf4935c990b54c", "description": "如何在夜莺体系中使用Python调用短信猫实现短信告警。", "author": "网络小斐", "category": "网络小斐", "pubDate": "2024-12-10T15:45:23" }, { "title": "最新发现绕过浏览器隔离技术的攻击方法", "link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492460&idx=1&sn=6690bdcb97e05e17b32a69f5cde0dfe6", "description": "近日,一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。", "author": "白泽安全实验室", "category": "白泽安全实验室", "pubDate": "2024-12-10T15:26:50" }, { "title": "组合拳从0-1 Getshell过程", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNzYxMDQ2MQ==&mid=2247484883&idx=1&sn=d75e99c20c6bf4ea903734339f9fc206", "description": null, "author": "安全绘景", "category": "安全绘景", "pubDate": "2024-12-10T14:52:15" }, { "title": "浅析异常线程检测逻辑(unbacked)", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMzI3MTI5Mg==&mid=2247485355&idx=1&sn=d770dcb4bea5a861657ca34713c5ed2a", "description": "浅析异常线程检测", "author": "安全白白", "category": "安全白白", "pubDate": "2024-12-10T14:38:59" }, { "title": "linux应急之find命令在应急实战中的使用", "link": "https://mp.weixin.qq.com/s?__biz=MjM5ODkxMTEzOA==&mid=2247484465&idx=1&sn=c4302c0daf5601ea4712c5c58d969150", "description": "linux应急之find命令在应急实战中的使用,作者:雁过留痕@深信服MSS专家部", "author": "安服仔的救赎", "category": "安服仔的救赎", "pubDate": "2024-12-10T14:16:59" }, { "title": "干货|一文搞懂加密流量检测的解决方法和技术细节", "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247144&idx=2&sn=7589654db9e7dc80b381dacb0adca8d5", "description": null, "author": "e安在线", "category": "e安在线", "pubDate": "2024-12-10T13:15:32" }, { "title": "第一届数证杯个人赛---流量取证手搓版", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MzEwMDAyNw==&mid=2247485190&idx=1&sn=4dd8c2eca127620360553eec90fb35d9", "description": null, "author": "取证者联盟", "category": "取证者联盟", "pubDate": "2024-12-10T13:00:57" }, { "title": "2024国城杯部分WEB题解", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMDY5OTg5OA==&mid=2247491157&idx=1&sn=e473a5f5a22e03989cec7840815bcb97", "description": null, "author": "ZeroPointZero安全团队", "category": "ZeroPointZero安全团队", "pubDate": "2024-12-10T12:48:22" }, { "title": "Apache Tomcat DoS 漏洞 (CVE-2024-24549)", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525565&idx=1&sn=de38673cb2c5e9ffb292e2d4ad9b6805", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-10T12:37:35" }, { "title": "Sophos MDR 追踪针对印度组织的 Mimic 勒索软件活动", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247525565&idx=2&sn=efe39f2b6b2a55916c448faaf7cff53b", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-10T12:37:35" }, { "title": "PHP反序列化ctf题解", "link": "https://mp.weixin.qq.com/s?__biz=MzU4MjYxNTYwNA==&mid=2247487567&idx=1&sn=095dfb77e7448a1250c271d1a36729a5", "description": null, "author": "白安全组", "category": "白安全组", "pubDate": "2024-12-10T11:02:01" } ]