[ { "title": "CVE-2024-50379|条件竞争Tomcat RCE POC(首发)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486408&idx=1&sn=ac34350ed2c25084cb78cec5ff40275e", "description": "半通杀|Tomcat RCE!无敌!", "author": "TtTeam", "category": "TtTeam", "pubDate": "2025-01-06T14:41:19" }, { "title": "【渗透利器】比proxifier更好用的代理神器,可轻松配置代理--sunnynet", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTY3OTc5Mw==&mid=2247484914&idx=1&sn=ffcae701630227b7da949c2c63b66b04", "description": null, "author": "网安鲲为帝", "category": "网安鲲为帝", "pubDate": "2025-01-06T14:27:36" }, { "title": "实战攻防中的信息收集", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjU2Nzc1Mg==&mid=2247484483&idx=1&sn=8f7983ac3a289460203b71969a365dbe", "description": null, "author": "LHACK安全", "category": "LHACK安全", "pubDate": "2025-01-06T14:00:57" }, { "title": "CVE-2024-43452:针对 Windows 特权提升漏洞的 PoC 漏洞发布", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526837&idx=1&sn=bdc1792b20bbc0e3485123421c3c240c", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2025-01-06T13:53:08" }, { "title": "CVE-2024-47575:FortiManager FortiManager Cloud 缺少身份验证允许执行任意代码或命令", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526827&idx=1&sn=02106475443306b2005d8031e320d35f", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2025-01-06T13:44:09" }, { "title": "ThievingFox——从密码管理器和 Windows 实用程序远程检索凭据", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526827&idx=2&sn=357dc695b40732b89fd8115f61111e9a", "description": "ThievingFox 是一组后漏洞利用工具,用于在渗透测试和类似活动中从工作站和服务器收集凭据。它的工作原理是让目标应用程序加载恶意库,该库执行内存挂钩以收集凭据。", "author": "Ots安全", "category": "Ots安全", "pubDate": "2025-01-06T13:44:09" }, { "title": "【成功复现】爱数AnyShare SMTP_GetConfig 信息泄露漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDgzOTQzNw==&mid=2247502853&idx=1&sn=6116493ef276d07ee2f6c5105fb25d62", "description": "【成功复现】爱数AnyShare SMTP_GetConfig 信息泄露漏洞", "author": "弥天安全实验室", "category": "弥天安全实验室", "pubDate": "2025-01-06T12:18:51" }, { "title": "工具集:PotatoTool【1.3更新】集合解密、分析、扫描、溯源、免杀、提权等功能的网络安全综合工具", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247485088&idx=1&sn=dde3f7615d6d2e96776b49bce1762bea", "description": null, "author": "风铃Sec", "category": "风铃Sec", "pubDate": "2025-01-06T12:17:41" }, { "title": "JAVA XXE 学习总结", "link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247546440&idx=1&sn=1aafdd4bc381662ded1bedaacb7191f8", "description": null, "author": "掌控安全EDU", "category": "掌控安全EDU", "pubDate": "2025-01-06T12:02:15" }, { "title": "从js到高危垂直越权漏洞挖掘", "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614973&idx=1&sn=0cb7f44aa7d6b3d7f0b82a6e1490a6cc", "description": null, "author": "白帽子左一", "category": "白帽子左一", "pubDate": "2025-01-06T12:01:05" }, { "title": "Java安全小记-FastJson反序列化", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247485169&idx=1&sn=804880c5f2fad83f50d7217bbe3dfe60", "description": null, "author": "土拨鼠的安全屋", "category": "土拨鼠的安全屋", "pubDate": "2025-01-06T12:00:23" }, { "title": "浅析CTF中PWN题堆类型的ORW技术", "link": "https://mp.weixin.qq.com/s?__biz=MjM5MjEyMTcyMQ==&mid=2651037243&idx=1&sn=6fcfd1790adc07489a7aa79613c56bfd", "description": "浅析ctf中pwn题堆类型的orw", "author": "SAINTSEC", "category": "SAINTSEC", "pubDate": "2025-01-06T11:52:08" }, { "title": "某华命令执行Rce原理分析", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMjM5NDM3NQ==&mid=2247486194&idx=1&sn=1edc0eb964a23d4ef1d95e0668354d48", "description": null, "author": "进击安全", "category": "进击安全", "pubDate": "2025-01-06T11:45:51" }, { "title": "[溯源]HuntBack(反击狩猎),用于攻防演练中,防守方对恶意ip进行web指纹扫描与识别", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4NTgxNTc5Mg==&mid=2247486805&idx=1&sn=53ec3f82f35a73b14adc666c9ed0ca22", "description": null, "author": "W啥都学", "category": "W啥都学", "pubDate": "2025-01-06T11:41:44" }, { "title": "漏洞通告 | Windows 轻量级目录访问协议 (LDAP) 拒绝服务漏洞", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247507635&idx=1&sn=3ed64fc475689a3cd2c08cc3a146a471", "description": "立即查看漏洞详情", "author": "微步在线研究响应中心", "category": "微步在线研究响应中心", "pubDate": "2025-01-06T10:50:43" }, { "title": "【介质取证】“隐藏”在日志文件里的行为痕迹", "link": "https://mp.weixin.qq.com/s?__biz=MzI0OTEyMTk5OQ==&mid=2247494068&idx=1&sn=7903df1ae2f96b57d88bdccc88dbdb38", "description": null, "author": "平航科技", "category": "平航科技", "pubDate": "2025-01-06T10:01:02" }, { "title": "刷脸登录银行 App 现他人信息,银行回应称“网络抖动带来的极小概率事件”|Windows 曝9.8分漏洞,已有PoC及利用情况", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606244&idx=1&sn=8000e773da8fb2b362bc7283a912db76", "description": null, "author": "黑白之道", "category": "黑白之道", "pubDate": "2025-01-06T09:55:05" }, { "title": "针对 PostgreSQL 数据库的攻击研究", "link": "https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247499743&idx=1&sn=f6f99cdd5962403d8c00657ceaa708a5", "description": null, "author": "信安之路", "category": "信安之路", "pubDate": "2025-01-06T09:37:29" }, { "title": "【漏洞文章】大华智能物联综合管理平台远程代码执行漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMTY1NDc2OA==&mid=2247487256&idx=1&sn=5f02d951d459a7c2ef37977afc806005", "description": null, "author": "小羊安全屋", "category": "小羊安全屋", "pubDate": "2025-01-06T09:13:34" }, { "title": "【漏洞复现】快云服务器助手GetDetail接口文件任意文件读取漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzI1NTE2NzQ3NQ==&mid=2247485521&idx=2&sn=21fccb1beac3a0dcc9a565a36fcfa9a7", "description": null, "author": "网络安全007", "category": "网络安全007", "pubDate": "2025-01-06T09:01:03" }, { "title": "【Nday漏洞分析】ProjectSend 身份认证绕过漏洞(CVE-2024-11680)", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486903&idx=1&sn=0a066aff4189674338d0ffe68e405275", "description": null, "author": "神农Sec", "category": "神农Sec", "pubDate": "2025-01-06T09:00:39" }, { "title": "vulnhub之unknowndevice2的实践", "link": "https://mp.weixin.qq.com/s?__biz=MzA3MjM5MDc2Nw==&mid=2650748903&idx=1&sn=f3265733267791c930270b071e833d0e", "description": null, "author": "云计算和网络安全技术实践", "category": "云计算和网络安全技术实践", "pubDate": "2025-01-06T08:46:59" }, { "title": "内网渗透之ADCS权限维持", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494683&idx=1&sn=ff1e934c2bb0dee6e9959d04e96218c0", "description": "文章前言本篇文章主要介绍如何通过证书服务来实现权限维持的目的基本原理在微软的文档里有一段话\\\\x26quot;当使用PKCA时", "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2025-01-06T08:46:33" }, { "title": "企业安全建设之蜜罐搭建与使用", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494683&idx=2&sn=2fb0376ca472b4a0a1eff27d319df088", "description": "基本介绍HFish是一款基于Golang开发的跨平台多功能主动诱导型开源国产蜜罐框架系统,它从内网失陷检测、", "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2025-01-06T08:46:33" }, { "title": "W&Jsoft-D-Security数据仿泄露系统(DLP)存在任意文件读取漏洞", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NzkxOTQ0OA==&mid=2247484492&idx=1&sn=7da5690238bdb790765079470195bd8e", "description": "W\\\\x26amp;Jsoft-D-Security数据仿泄露系统(DLP)存在任意文件读取漏洞", "author": "菜鸟学渗透", "category": "菜鸟学渗透", "pubDate": "2025-01-06T08:30:31" }, { "title": "【实用工具】Windows应急响应上机排查工具", "link": "https://mp.weixin.qq.com/s?__biz=MzIxOTk0ODY0NQ==&mid=2247485387&idx=1&sn=59722752cf6054be5cf5ff0645012d04", "description": "在上机排查过程中,通过“事件查看器”逐个查看系统日志太过繁琐。这样的话,我们可以通过此工具一键对系统日志进行分类核查,有效提高上机研判、处置能力。", "author": "如棠安全", "category": "如棠安全", "pubDate": "2025-01-06T08:15:40" }, { "title": "免杀系列 - 无法让管理员找到你的木马进程", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ5MDM3NA==&mid=2247487937&idx=1&sn=f424ff0e311911b564ad87924e90b994", "description": null, "author": "SecretTeam安全团队", "category": "SecretTeam安全团队", "pubDate": "2025-01-06T08:08:29" }, { "title": "【神兵利器】GRS内网穿透工具", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247504721&idx=1&sn=e25858d7e5772aa1d94b191a42a49d49", "description": null, "author": "菜鸟学信安", "category": "菜鸟学信安", "pubDate": "2025-01-06T08:03:20" }, { "title": "记一次某道CMS审计过程", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247510233&idx=1&sn=0159324632f603442a3a7b5d5bec845c", "description": null, "author": "李白你好", "category": "李白你好", "pubDate": "2025-01-06T08:01:49" }, { "title": "Hacking Scanner 一键渗透扫描器", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247493163&idx=1&sn=cd8f69d7ecc43e8bc09da662d0094ede", "description": null, "author": "夜组安全", "category": "夜组安全", "pubDate": "2025-01-06T08:01:01" }, { "title": "X-Ways Forensics 包含报告表/标签的使用", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTU3NTY0Nw==&mid=2247489479&idx=1&sn=a196e28523a7438789bb56901d775f8d", "description": "关于包含报告表/标签功能,笔者也是在一次偶然之中领悟到了其强大之处,因为之前一直都认为报告表功能并无大用。现在,标签列是我分析页面中 的常驻列,并且往往处在较为靠前的位置。笔者希望能通过本文介绍包含报告表/标签的强大之处和高效用法。", "author": "网络安全与取证研究", "category": "网络安全与取证研究", "pubDate": "2025-01-06T08:00:57" }, { "title": "漏洞预警 | WordPress Plugin Tutor SQL注入漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491992&idx=1&sn=fbd0590c31f7e295b5743345888e231c", "description": "WordPress插件Tutor LMS的/wp-admin/admin-ajax.php接口存在SQL注入漏洞,未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-06T08:00:30" }, { "title": "漏洞预警 | 友数聚CPAS审计管理系统SQL注入和任意文件读取漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491992&idx=2&sn=1e67ec9b7cddeda507a7d80598525961", "description": "友数聚CPAS审计管理系统存在SQL注入和任意文件读取漏洞,未经身份验证的攻击者可以通过该漏洞获取敏感信息,建议相关用户及时更新。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-06T08:00:30" }, { "title": "工具 | Hfish", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491992&idx=4&sn=22a306b858e629b4d99395f890731306", "description": "HFish是一款社区型免费蜜罐。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-06T08:00:30" }, { "title": "Ember Bear APT 攻击模拟", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247504432&idx=1&sn=89ec75cbd0580342d7cde65855139ace", "description": "这是对 (Ember Bear) APT 组织针对乌克兰能源组织的攻击的模拟,攻击活动于 2021 年 4 月活跃,攻击链开", "author": "安全狗的自我修养", "category": "安全狗的自我修养", "pubDate": "2025-01-06T07:09:53" }, { "title": "浅谈密码相关原理及代码实现", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518163&idx=1&sn=e2b7200747c06902d53e3556d78d9c31", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2025-01-06T00:12:23" }, { "title": "安卓逆向2025 -- Frida学习之环境搭建", "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037473&idx=1&sn=fc63b8d78a7113b33bc9630af30dce5b", "description": null, "author": "逆向有你", "category": "逆向有你", "pubDate": "2025-01-06T00:00:29" }, { "title": "Windows 11 BitLocker被绕过,来提取卷加密密钥", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247498072&idx=2&sn=d5947fa42d47876f2c6a88dfd33a2479", "description": null, "author": "河南等级保护测评", "category": "河南等级保护测评", "pubDate": "2025-01-06T00:00:20" }, { "title": "黑客利用 DoS 漏洞禁用 Palo Alto Networks 防火墙", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491876&idx=1&sn=1ffb723d73f1a24290998ff19c4f929e", "description": null, "author": "犀牛安全", "category": "犀牛安全", "pubDate": "2025-01-06T00:00:00" }, { "title": "记两次内网入侵溯源", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247543401&idx=1&sn=529638018a2a223edc0be924bf6d9d30", "description": null, "author": "Hacking黑白红", "category": "Hacking黑白红", "pubDate": "2025-01-05T23:26:58" }, { "title": "国外红队大佬内核+系统级后门维持骚姿势【附代码】", "link": "https://mp.weixin.qq.com/s?__biz=MzI1Mjc3NTUwMQ==&mid=2247538309&idx=1&sn=dd64f573e068a0ec20c175049061bcb5", "description": null, "author": "教父爱分享", "category": "教父爱分享", "pubDate": "2025-01-05T23:19:42" }, { "title": "Windows注册表 IFEO注入", "link": "https://mp.weixin.qq.com/s?__biz=MzU0NDI5NTY4OQ==&mid=2247486252&idx=1&sn=aa3c25ab63b811804e30eea2e29263b0", "description": null, "author": "暴暴的皮卡丘", "category": "暴暴的皮卡丘", "pubDate": "2025-01-05T22:44:13" }, { "title": "国密测评抓取APP的TCP握手报文", "link": "https://mp.weixin.qq.com/s?__biz=MzU4NzU4MDg0Mw==&mid=2247489518&idx=1&sn=81e228fe4680b9ad6e061a9bb9396839", "description": null, "author": "安全初心", "category": "安全初心", "pubDate": "2025-01-05T22:32:13" }, { "title": "研究人员发布针对 Windows LDAP 漏洞的 PoC 漏洞利用程序", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505530&idx=4&sn=d74d0d52adbd4477bc0279d88f92f1e3", "description": null, "author": "网络研究观", "category": "网络研究观", "pubDate": "2025-01-05T21:27:48" }, { "title": "Windows 曝9.8分漏洞,已有PoC及利用情况", "link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247633558&idx=3&sn=52cfdbc169143c290a49fffc945d77d6", "description": null, "author": "商密君", "category": "商密君", "pubDate": "2025-01-05T19:15:38" }, { "title": "通过模拟功能实现提权(Bugcrowd)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4NjY3OTQ3NA==&mid=2247486466&idx=1&sn=a30b93ae9f1bcb37ae3d5fbb97c3f608", "description": null, "author": "玲珑安全", "category": "玲珑安全", "pubDate": "2025-01-05T18:55:21" }, { "title": "通过模拟功能实现提权(Bugcrowd)", "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTYwMzc5OQ==&mid=2247500656&idx=1&sn=8cd3d32e7a74ea7a64d7e7932730f768", "description": null, "author": "芳华绝代安全团队", "category": "芳华绝代安全团队", "pubDate": "2025-01-05T18:53:58" }, { "title": "【漏洞复现】内训宝 SCORM 模块存在任意文件上传漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzI1NTE2NzQ3NQ==&mid=2247485511&idx=1&sn=24c216754ea9f84396bd3159a2ec4b0f", "description": "内训宝 SCORM 模块存在任意文件上传漏洞|附复现过程!", "author": "网络安全007", "category": "网络安全007", "pubDate": "2025-01-05T16:26:41" }, { "title": "【渗透 Tips】解决Edge的IE模式下无法抓包情况", "link": "https://mp.weixin.qq.com/s?__biz=MzIzNDU5Mzk2OQ==&mid=2247486346&idx=1&sn=abef247f01a77843ed143f35d85ae810", "description": null, "author": "阿呆攻防", "category": "阿呆攻防", "pubDate": "2025-01-05T16:07:40" }, { "title": "JS逆向系列17-Hook_cookie v0.2脚本原理解析", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNTcwOTgxMQ==&mid=2247485234&idx=1&sn=3948bce9c853c43f96632533b5ef236a", "description": null, "author": "Spade sec", "category": "Spade sec", "pubDate": "2025-01-05T15:47:51" }, { "title": "2024 数证杯流量分析WP", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518156&idx=1&sn=6b52ea6ce0a870f4a425c6cdbc325f5e", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2025-01-05T10:45:23" }, { "title": "针对潜在危险的 Windows LDAP 漏洞的利用代码已发布", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247498048&idx=2&sn=76a1a1db4b128f834fc607a9518b2f8d", "description": null, "author": "河南等级保护测评", "category": "河南等级保护测评", "pubDate": "2025-01-05T00:12:58" }, { "title": "安卓逆向 -- 某TV抓包和jce响应解析", "link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037449&idx=1&sn=37bae8ad1d88fb2fe194256e6326e768", "description": null, "author": "逆向有你", "category": "逆向有你", "pubDate": "2025-01-05T00:01:26" }, { "title": "(滥用) ClickOnce 实现可信任意代码执行", "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486184&idx=1&sn=5c1bd5ddbc40812af82fbfa7a9f22770", "description": null, "author": "securitainment", "category": "securitainment", "pubDate": "2025-01-04T23:04:05" }, { "title": "网络抓包神器:Tcpdump实用技巧与案例解析", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247569384&idx=1&sn=3dda4be3d2a2361e8de95a139536e7b4", "description": null, "author": "马哥网络安全", "category": "马哥网络安全", "pubDate": "2025-01-04T17:01:47" }, { "title": "【成功复现】大华智能物联综合管理平台远程代码执行漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDgzOTQzNw==&mid=2247502826&idx=1&sn=59edd406e818caad16fece8fe8cb6fc0", "description": "【成功复现】大华智能物联综合管理平台远程代码执行漏洞", "author": "弥天安全实验室", "category": "弥天安全实验室", "pubDate": "2025-01-04T16:06:44" }, { "title": "Steam假入库深入解析", "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTc0NDY2Nw==&mid=2247484579&idx=1&sn=59e527ca060e26343855dce02d6e5eb5", "description": null, "author": "冲鸭安全", "category": "冲鸭安全", "pubDate": "2025-01-04T10:00:36" }, { "title": "漏洞预警 | Apache MINA反序列化漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491972&idx=1&sn=307a01116d071dca48ffee093d16aaab", "description": "Apache MINA存在反序列化漏洞,攻击者可通过向受影响的应用程序发送特制的恶意序列化数据,利用不安全的反序列化过程触发该漏洞,从而可能导致远程代码执行。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-04T08:03:54" }, { "title": "漏洞预警 | 卓软计量业务管理平台任意文件读取漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491972&idx=3&sn=ff471839b4b2ae7ac321141a08593a64", "description": "卓软计量业务管理平台的/HuameiMeasure/image.ashx接口存在任意文件读取漏洞,未经身份验证的攻击者可以通过该漏洞读取服务器任意文件,从而获取服务器大量敏感信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-04T08:03:54" }, { "title": "工具 | Metasploit", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491972&idx=4&sn=c8de45b234450a36e9a22d0bb76734bb", "description": "Metasploit Framework是一款开源安全漏洞检测工具。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-04T08:03:54" }, { "title": "警报升级!超 15,000 台 Four-Faith 路由器正遭黑客攻击,利用默认密码即可入侵!", "link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899916&idx=1&sn=c7bd48c8e4031bc1a4a427c4014293c9", "description": "安全紧急关注!据 VulnCheck 最新披露,知名工业物联网路由器制造商Four-Faith旗下两款路由器存在严重安全漏洞(CVE-2024-12856),目前正遭受黑客大规模攻击!更危险的是,利用该漏洞竟只需默认密码!", "author": "技术修道场", "category": "技术修道场", "pubDate": "2025-01-04T08:00:17" }, { "title": "【oscp】Tr0ll 靶机全系列(1-3),FTP被玩坏了", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247497565&idx=1&sn=0495a32e8e257d65c7ad14810a22fa74", "description": null, "author": "泷羽Sec", "category": "泷羽Sec", "pubDate": "2025-01-04T07:44:56" }, { "title": "使用 Azure 上的 Dapr 保护微服务:实现端到端安全性", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247504388&idx=1&sn=fe35c01f86f69c8072a03db66361d2a8", "description": "在微服务领域,各个服务跨网络进行通信,安全性至关重要。随着分布式系统和微服务架构", "author": "安全狗的自我修养", "category": "安全狗的自我修养", "pubDate": "2025-01-04T07:09:11" }, { "title": "无文件恶意软件 – 检测、响应和预防", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247498040&idx=1&sn=df0fee8a13e4cae93c015af689d05822", "description": null, "author": "河南等级保护测评", "category": "河南等级保护测评", "pubDate": "2025-01-04T07:05:19" }, { "title": "【神兵利器】红队浏览器凭据提取工具", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494577&idx=1&sn=beae3d675ef8ab93ef534f4998553621", "description": null, "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2025-01-04T07:00:24" }, { "title": "安卓app抓包总结", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518123&idx=1&sn=7c1cb512d57a482e7d7486845b297182", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2025-01-04T02:01:04" }, { "title": "攻防靶场(31):日志投毒与文件包含漏洞 Solstice", "link": "https://mp.weixin.qq.com/s?__biz=MzI0NjA3Mzk2NQ==&mid=2247495429&idx=1&sn=38b21b3d0a81ed449647cb0de481cac6", "description": "基于 ATTCK 的 OSCP PG Play 靶场通关攻略", "author": "OneMoreThink", "category": "OneMoreThink", "pubDate": "2025-01-04T01:17:57" }, { "title": "双击劫持:攻击者可以悄无声息地窃取用户账户", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505495&idx=3&sn=6b53d706b8c196758b7385fb31f0e0a8", "description": "两次鼠标点击之间的时间足以让黑客交换网页并诱骗受害者意外授权访问或转账。", "author": "网络研究观", "category": "网络研究观", "pubDate": "2025-01-04T00:30:41" }, { "title": "新的“DoubleClickjacking”攻击针对 OAuth 进行帐户接管", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247505495&idx=5&sn=9bd1c23d7430a1486c6ad45a04a34d50", "description": null, "author": "网络研究观", "category": "网络研究观", "pubDate": "2025-01-04T00:30:41" }, { "title": "【高危漏洞预警】Windows LDAP远程代码执行漏洞(CVE-2024-49112)", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489400&idx=1&sn=c983947941f4637d6fade0c80b18ea2c", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2025-01-03T22:37:58" }, { "title": "【已复现】Windows 轻量级目录访问协议 (LDAP) 拒绝服务漏洞(CVE-2024-49113)安全风险通告", "link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502708&idx=1&sn=30ee0bf007924eb359c6c609b3ba1cb7", "description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。", "author": "奇安信 CERT", "category": "奇安信 CERT", "pubDate": "2025-01-03T22:18:20" }, { "title": "【官方WP】第一届solar杯·应急响应挑战赛官方题解", "link": "https://mp.weixin.qq.com/s?__biz=MzkyOTQ0MjE1NQ==&mid=2247495983&idx=1&sn=bb47c9dee278873726ca0100d04cbd8e", "description": null, "author": "solar应急响应团队", "category": "solar应急响应团队", "pubDate": "2025-01-03T21:42:17" }, { "title": "至少35个Chrome扩展被劫持,新细节揭示了黑客的攻击手法", "link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094510&idx=2&sn=59af44a0186be3732b3d8f628d21e3a9", "description": null, "author": "网安百色", "category": "网安百色", "pubDate": "2025-01-03T19:30:23" }, { "title": "XXE注入", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMjU5MzgzMQ==&mid=2247485197&idx=1&sn=49e2d5bf917ae79c1b8c38d4f8a3817f", "description": null, "author": "AlertSec", "category": "AlertSec", "pubDate": "2025-01-03T19:01:18" }, { "title": "【成功复现】大华智能物联综合管理平台远程代码执行漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDgzOTQzNw==&mid=2247502820&idx=1&sn=5ebcb4158f712c89ddc3f0c5b1ee0bed", "description": "【成功复现】大华智能物联综合管理平台远程代码执行漏洞", "author": "弥天安全实验室", "category": "弥天安全实验室", "pubDate": "2025-01-03T18:50:36" }, { "title": "记一次护网通过外网弱口令一路到内网", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486374&idx=1&sn=6ba0b2da64f7d7dd0708f8840bb32147", "description": "记一次护网通过外网弱口令一路到内网", "author": "扫地僧的茶饭日常", "category": "扫地僧的茶饭日常", "pubDate": "2025-01-03T18:33:02" }, { "title": "大量 Four-Faith 路由器因严重漏洞面临远程攻击风险", "link": "https://mp.weixin.qq.com/s?__biz=MzU3MzU4NjI4OQ==&mid=2247515719&idx=1&sn=01c1fdb783a2a11f73b6961114c9435b", "description": "大量 Four-Faith 路由器因严重漏洞面临远程攻击风险", "author": "河北镌远网络科技有限公司", "category": "河北镌远网络科技有限公司", "pubDate": "2025-01-03T18:29:17" }, { "title": "CTF内存取证分析", "link": "https://mp.weixin.qq.com/s?__biz=MzAwMDQwNTE5MA==&mid=2650247701&idx=1&sn=94fe6a6f6082bce230d3c856a36f17ba", "description": "在CTF中,内存取证一般指对计算机及相关智能设备运行时的物理内存中存储的临时数据进行获取与分析,提取flag或者与flag相关重要信息。", "author": "白帽子", "category": "白帽子", "pubDate": "2025-01-03T17:20:30" }, { "title": "CTF内存取证分析", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTA4OTI5NA==&mid=2247519162&idx=1&sn=3b94e0cea3cc0ad094a93cf56c558227", "description": "在CTF中,内存取证一般指对计算机及相关智能设备运行时的物理内存中存储的临时数据进行获取与分析,提取flag或者与flag相关重要信息。", "author": "Tide安全团队", "category": "Tide安全团队", "pubDate": "2025-01-03T17:01:13" }, { "title": "某应用虚拟化系统远程代码执行", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247488036&idx=1&sn=954fe8e1b962684bfaca2d857754c333", "description": "攻击者可以通过该漏洞执行任意代码,导致系统被攻击与控制。", "author": "蚁景网安", "category": "蚁景网安", "pubDate": "2025-01-03T16:31:09" }, { "title": "文件读取漏洞实战利用", "link": "https://mp.weixin.qq.com/s?__biz=MzkwODM3NjIxOQ==&mid=2247502201&idx=1&sn=f9dbc0640e326e3c63591c0ae5c533b0", "description": null, "author": "WIN哥学安全", "category": "WIN哥学安全", "pubDate": "2025-01-03T14:50:33" }, { "title": "记一次某OA渗透测试有意思的文件上传漏洞挖掘经历以及分析", "link": "https://mp.weixin.qq.com/s?__biz=MzkzODQzNTU2NA==&mid=2247486273&idx=1&sn=25043aaddb4c641195e99dbfd8312447", "description": null, "author": "天启互联网实验室", "category": "天启互联网实验室", "pubDate": "2025-01-03T14:50:32" }, { "title": "冒充会议应用程序的加密窃取恶意软件瞄准 Web3 专业人士", "link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580607&idx=2&sn=10ada78214e70c6f1985fdf417fd885e", "description": "用户在未首先验证该软件是否合法,然后使用 VirusTotal 等多引擎防病毒工具进行扫描的情况下,切勿安装用户通过社交媒体推荐的软件。", "author": "嘶吼专业版", "category": "嘶吼专业版", "pubDate": "2025-01-03T14:03:51" }, { "title": "Wireshark 抓包过滤命令(一篇文章足矣)", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzIwNTY1OA==&mid=2247510409&idx=1&sn=afbf5afae3222b62d6d0e754b16263d5", "description": "通过一篇文章,让你掌握常用的Wireshark 抓包过滤命令。网工必藏!", "author": "kali笔记", "category": "kali笔记", "pubDate": "2025-01-03T12:39:05" }, { "title": "工具集:NacosExploit【Nacos漏洞综合利用工具2.0】", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247485072&idx=1&sn=cd5c7085fac45bf2a9d30a905608af8c", "description": null, "author": "风铃Sec", "category": "风铃Sec", "pubDate": "2025-01-03T12:17:18" }, { "title": "【首发 1day】WordPress Crypto 插件存在前台任意用户登录漏洞(CVE-2024-9989)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247488533&idx=1&sn=3bd41daca34f543f26361bb54f403b16", "description": "WordPress 的 Crypto 插件容易受到身份验证绕过攻击,这使得未经身份验证的攻击者可以以站点上的任何现有用户(例如管理员)身份登录", "author": "星悦安全", "category": "星悦安全", "pubDate": "2025-01-03T12:04:07" }, { "title": "Java安全小记-RMI反序列化", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247484934&idx=1&sn=259dd188a23582d453f9cf4ea280fc2c", "description": null, "author": "土拨鼠的安全屋", "category": "土拨鼠的安全屋", "pubDate": "2025-01-03T11:30:58" }, { "title": "文件读取漏洞实战利用", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMjIxNjExNg==&mid=2247486122&idx=1&sn=fe8e6f4bc0f3516c35c83887e341c6a7", "description": null, "author": "沃克学安全", "category": "沃克学安全", "pubDate": "2025-01-03T11:19:04" }, { "title": "实战-关于KEY泄露API接口利用", "link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525435&idx=1&sn=548c6faedbee74d38aa1a25ab6fb8c10", "description": null, "author": "乌雲安全", "category": "乌雲安全", "pubDate": "2025-01-03T11:00:33" }, { "title": "【漏洞文章】大华智能物联综合管理平台远程代码执行漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkyMTY1NDc2OA==&mid=2247487254&idx=1&sn=01268baaacf70df064ef36219af22e7c", "description": null, "author": "小羊安全屋", "category": "小羊安全屋", "pubDate": "2025-01-03T10:50:32" }, { "title": "Bug Bounty Tips 0003", "link": "https://mp.weixin.qq.com/s?__biz=MzA4NDQ5NTU0MA==&mid=2647690567&idx=1&sn=7b91b491be931acd75da26cd09f349b6", "description": "Bug Bounty Tips!", "author": "Rsec", "category": "Rsec", "pubDate": "2025-01-03T10:09:00" }, { "title": "利用文件读取加条件竞争Getshell", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606113&idx=3&sn=e21303612212b045e3beeac557a9502a", "description": null, "author": "黑白之道", "category": "黑白之道", "pubDate": "2025-01-03T09:54:14" }, { "title": "Burp Suite 插件 BurpGPT,可执行额外的被动扫描,以发现高度定制的漏洞,并可以运行任何类型的基于流量的分析。", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606113&idx=4&sn=3a58d4a332d17dd134f29e1888743162", "description": null, "author": "黑白之道", "category": "黑白之道", "pubDate": "2025-01-03T09:54:14" }, { "title": "针对Windows LDAP 零点击 RCE 漏洞的 PoC 利用工具发布", "link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793722&idx=3&sn=5967bc25cd58dbddd6903bdc12c80132", "description": "利用漏洞可以零点击攻击windows系统。", "author": "军哥网络安全读报", "category": "军哥网络安全读报", "pubDate": "2025-01-03T09:01:19" }, { "title": ".NET | SCM权限维持在红队实战中的应用", "link": "https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247497904&idx=1&sn=5676b3ef2333f9be869e7dc21307792d", "description": null, "author": "dotNet安全矩阵", "category": "dotNet安全矩阵", "pubDate": "2025-01-03T08:58:00" }, { "title": "0Day-OURPHP建站系统存在未授权访问漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzUzMDQ1MTY0MQ==&mid=2247506520&idx=1&sn=34e28b190e59f2ddf4e3ed081340efd1", "description": null, "author": "狐狸说安全", "category": "狐狸说安全", "pubDate": "2025-01-03T08:55:11" }, { "title": "获取Telegram的用户IP地址", "link": "https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247496407&idx=2&sn=6d9e73e76942241736b521f64f10358a", "description": "最近有个需求,查了些资料发现,Telegram有语音通话功能,也可以类似QQ一样通过语音通话的连接获取对方的", "author": "Khan安全攻防实验室", "category": "Khan安全攻防实验室", "pubDate": "2025-01-03T08:38:53" }, { "title": "Linux权限管理全攻略:读懂权限机制,一文带你快速上手!", "link": "https://mp.weixin.qq.com/s?__biz=MzI1NzI5NDM4Mw==&mid=2247498514&idx=1&sn=06727077972d2b50ea0fa48b787d4636", "description": null, "author": "Docker中文社区", "category": "Docker中文社区", "pubDate": "2025-01-03T08:28:05" }, { "title": "开源代码漏洞扫描器 OSV-Scanner 新增修复和离线功能", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4Njc0Mjc3NQ==&mid=2247486620&idx=1&sn=a3c9f75946a17f69bb762ac9e19442ee", "description": "最新版本1.9.2的实验性功能:指导性纠正是非常有发展潜力的。", "author": "wavecn", "category": "wavecn", "pubDate": "2025-01-03T08:14:07" }, { "title": "【漏洞复现】朗速ERP后台管理系统FileUploadApi接口文件存在文件上传漏洞||附POC", "link": "https://mp.weixin.qq.com/s?__biz=MzI1NTE2NzQ3NQ==&mid=2247485496&idx=2&sn=f883374d1a9a9eab5602921437412041", "description": "朗速ERP系统FileUploadApi接口文件存在文件上传漏洞", "author": "网络安全007", "category": "网络安全007", "pubDate": "2025-01-03T08:01:26" }, { "title": "漏洞预警 | Adobe ColdFusion反序列化漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491967&idx=1&sn=f272d94e20068861012bfdc0fb0343c4", "description": "Adobe ColdFusion存在路径遍历漏洞,该漏洞可能导致未经身份验证的远程攻击者绕过应用程序的访问限制,从而读取受限目录之外的文件或目录,成功利用该漏洞可能导致敏感信息泄露或系统数据被操纵。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-03T08:00:36" }, { "title": "漏洞预警 | 用友NC XML实体注入漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491967&idx=2&sn=835396913c02e3d69338f769abed1682", "description": "用友NC的/uapws/service/nc.pubitf.rbac.IUserPubServiceWS接口存在XML实体注入漏洞,未经身份验证攻击者可通过该漏洞读取系统重要文件、数据库配置文件等等,导致网站处于极度不安全状态。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-03T08:00:36" }, { "title": "漏洞预警 | 用友BIP信息泄露漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491967&idx=3&sn=ae28506ae28775537a4e202b2f314308", "description": "用友BIP的/bi/api/Portal/GetUserList和/bi/api/SemanticModel/GetOlapConnectionList接口存在信息泄露漏洞,攻击者可利用该漏洞获取管理员的账号密码相关信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-03T08:00:36" }, { "title": "Berserk Bear APT 攻击模拟", "link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247504381&idx=1&sn=8c30fe56c4afbb2ea4c5f72791d5cec6", "description": "这是对 (Berserk Bear) APT 集团针对全球关键基础设施和能源公司的攻击的模拟,", "author": "安全狗的自我修养", "category": "安全狗的自我修养", "pubDate": "2025-01-03T07:16:51" }, { "title": "代码审计 - MCMS v5.4.1 0day挖掘", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518041&idx=1&sn=07f9f7aae2aead67b9b4558d64c61cef", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2025-01-03T02:00:28" }, { "title": "权限维持 | 绕过360核晶、火绒、添加Windows 服服务", "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247493775&idx=1&sn=8bfa4ae6e8947d7404efb0226f2facfe", "description": "动态绕过360核晶、火绒6、defender 添加Windows 服务\\\\x0d\\\\x0a权限维持", "author": "星落安全团队", "category": "星落安全团队", "pubDate": "2025-01-03T00:30:51" }, { "title": "【免杀技术】致盲组件 - AMSI内存修复 (修改一个字节就能绕过AMSI?)", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247518064&idx=1&sn=66793f4f20c456ce2161e989ec998c32", "description": "【免杀技术】致盲组件 - AMSI内存修复 (修改一个字节就能绕过AMSI?)", "author": "Z2O安全攻防", "category": "Z2O安全攻防", "pubDate": "2025-01-03T00:02:34" }, { "title": "朝鲜黑客“Lazarus”利用新型恶意软件攻击核组织", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491873&idx=1&sn=a4488c39b846fb700b050fcbf22938d0", "description": null, "author": "犀牛安全", "category": "犀牛安全", "pubDate": "2025-01-03T00:00:00" }, { "title": "【工具更新】BurpSuite最新2024.11版Windows/Mac(附下载)", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NjQ5MTM1MA==&mid=2247492751&idx=1&sn=96485ef795e87b2d49db56d3a3a778ac", "description": null, "author": "信安404", "category": "信安404", "pubDate": "2025-01-02T21:39:31" }, { "title": "防范XXE漏洞:XXE攻击详解与应对策略", "link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTEwNTE1Mw==&mid=2247485171&idx=1&sn=0058b76345fc8ac04545cbf80cdc99e0", "description": "XXE(XML External Entity)漏洞是一个严重的安全漏洞。当应用程序允许 XML 引用外部实体时,恶意用户可以构造特定内容,从而导致以下危害", "author": "SDL安全", "category": "SDL安全", "pubDate": "2025-01-02T19:48:07" }, { "title": "MAC地址在网络安全中扮演什么角色?详解设备识别与访问控制", "link": "https://mp.weixin.qq.com/s?__biz=MzI5MjY4MTMyMQ==&mid=2247489459&idx=1&sn=62ef1680ac037b39a732c63a197a41ba", "description": "在网络安全领域,MAC地址(Media Access Control Address)扮演着至关重要的角色。作为网络接口的唯一标识符,MAC地址在OSI模型的第二层运作,为计算机、路由器和智能手机等硬件设备提供永久性的物理地址。", "author": "HW安全之路", "category": "HW安全之路", "pubDate": "2025-01-02T19:42:27" }, { "title": "基于Go编写的windows日志分析工具 - windows_Log", "link": "https://mp.weixin.qq.com/s?__biz=MzIzNTE0Mzc0OA==&mid=2247486019&idx=1&sn=8439ff27faf464050b0494d7e78f0540", "description": "基于Go编写的windows日志分析工具", "author": "GSDK安全团队", "category": "GSDK安全团队", "pubDate": "2025-01-02T19:11:53" }, { "title": "【漏洞预警】Apache Arrow代码执行漏洞(CVE-2024-52338)", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489395&idx=1&sn=256650cb87713ff212758abde0e2facc", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2025-01-02T18:19:44" }, { "title": "Hyper-V拒绝服务漏洞CVE-2024-43633分析", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587938&idx=1&sn=501d4121b0437af290d817483a675882", "description": "看雪论坛作者ID:王cb", "author": "看雪学苑", "category": "看雪学苑", "pubDate": "2025-01-02T18:02:56" }, { "title": "使用规则管理新功能,进行新年的第一场代码审计!", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247527377&idx=1&sn=986b33d2912d6d5f6b9351fdac951c6d", "description": "妈妈说再也不怕牛牛搞不定代码审计的规则们了", "author": "Yak Project", "category": "Yak Project", "pubDate": "2025-01-02T17:30:49" }, { "title": "服务器配置不出网后还存在的威胁", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247569304&idx=2&sn=00dcbff84e7abeb8c65f2e6d09d7f634", "description": null, "author": "马哥网络安全", "category": "马哥网络安全", "pubDate": "2025-01-02T17:03:56" }, { "title": "如何像使用专业版一样使用 Burp Suite 社区版", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjY1MjY3OQ==&mid=2247488133&idx=1&sn=53302814fe126ac230ccce904cf1bc81", "description": null, "author": "CatalyzeSec", "category": "CatalyzeSec", "pubDate": "2025-01-02T17:02:36" }, { "title": "SSTI模板注入漏洞详解(附一键getshell工具)", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTY2ODE1NA==&mid=2247484948&idx=1&sn=480a76ee02ac812d7b8f4f5635fff7b4", "description": "SSTI漏洞详解", "author": "Z0安全", "category": "Z0安全", "pubDate": "2025-01-02T16:23:33" }, { "title": "记一次JS中的漏洞挖掘", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247519026&idx=1&sn=1199efa3c2e527406ee3ae0ae85e550d", "description": null, "author": "亿人安全", "category": "亿人安全", "pubDate": "2025-01-02T16:17:52" }, { "title": "黑客攻击导致至少16个Chrome浏览器扩展程序被入侵,影响超过60万用户", "link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492498&idx=1&sn=10ab1206b0915453dfe9f606e7ed2126", "description": "近日,一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。", "author": "白泽安全实验室", "category": "白泽安全实验室", "pubDate": "2025-01-02T16:03:01" }, { "title": "数百万用户中招!Chrome扩展开发者遭遇钓鱼攻击", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MDYwMjE3OQ==&mid=2247485982&idx=1&sn=cbe958859fd50288f3c1e6cfdc8cfdb0", "description": "黑客通过钓鱼攻击目标Chrome扩展开发者,成功注入恶意代码,窃取用户数据,影响了至少35个扩展和260万用户。", "author": "安全威胁纵横", "category": "安全威胁纵横", "pubDate": "2025-01-02T14:58:03" }, { "title": "LdapNightmare 一个 PoC 工具,用于针对 CVE-2024-49112 易受攻击 Windows Server", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526666&idx=1&sn=51464a34472921949f23f7dfe3591e96", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2025-01-02T14:46:45" }, { "title": "BootExecute EDR 绕过", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526666&idx=3&sn=6edcf1ab2673cf3ca5395796ae2cf38d", "description": "Boot Execute 允许本机应用程序(具有 NtProcessStartup 入口点且仅依赖于 ntdll.dll 的可执行文件)在 Windows 操作系统完全初始化之前运行。这甚至发生在 Windows 服务启动之前。", "author": "Ots安全", "category": "Ots安全", "pubDate": "2025-01-02T14:46:45" }, { "title": "新的 IOCONTROL 恶意软件用于关键基础设施攻击", "link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580564&idx=1&sn=b8689abfa62f761f32105a853f2ec51d", "description": "该恶意软件以“iocontrol”名称存储在“/usr/bin/”目录中,使用模块化配置来适应不同的供应商和设备类型,针对广泛的系统架构。", "author": "嘶吼专业版", "category": "嘶吼专业版", "pubDate": "2025-01-02T14:01:51" }, { "title": "Bug Bounty Tips 0002", "link": "https://mp.weixin.qq.com/s?__biz=MzA4NDQ5NTU0MA==&mid=2647690563&idx=1&sn=4ef423617c04f0a34addc6d0a0226104", "description": "Bug Bounty Tips", "author": "Rsec", "category": "Rsec", "pubDate": "2025-01-02T13:25:10" }, { "title": "【漏洞复现】SecFox运维安全管理与审计系统FastJson反序列化漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzI1NTE2NzQ3NQ==&mid=2247485484&idx=1&sn=105f7b834b3da70b77523462ca24ac4b", "description": "SecFox运维安全管理与审计系统FastJson反序列化漏洞复现详细过程!", "author": "网络安全007", "category": "网络安全007", "pubDate": "2025-01-02T12:03:34" }, { "title": "Java安全小记-Commons-Collections1反序列化", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247484773&idx=1&sn=123602ba59ef673ba01cb5225b30e419", "description": null, "author": "土拨鼠的安全屋", "category": "土拨鼠的安全屋", "pubDate": "2025-01-02T11:31:59" }, { "title": "一款高性能哥斯拉内存代理插件", "link": "https://mp.weixin.qq.com/s?__biz=MzI5NTUzNzY3Ng==&mid=2247488940&idx=1&sn=ad2213ad2da95b67450fe89fbfb0bcbf", "description": null, "author": "SecHub网络安全社区", "category": "SecHub网络安全社区", "pubDate": "2025-01-02T11:22:34" }, { "title": "警惕!国产工业路由器零日漏洞疑遭攻击者利用", "link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247359&idx=1&sn=f31ecbd205f72292f49cf6cab4e276a6", "description": "警惕!国产工业路由器零日漏洞疑遭攻击者利用", "author": "e安在线", "category": "e安在线", "pubDate": "2025-01-02T11:20:57" }, { "title": "Linux渗透实战之Nullbyte靶场提权", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486760&idx=1&sn=4436f1e24f83b27846a8d050810fff1d", "description": "提权!", "author": "神农Sec", "category": "神农Sec", "pubDate": "2025-01-02T10:36:56" }, { "title": "面向JS漏洞挖掘", "link": "https://mp.weixin.qq.com/s?__biz=MzU5NjA0ODAyNg==&mid=2247485931&idx=1&sn=664afa8dc20695b2d86fddda2830538f", "description": "最近在研究怎么从JS中挖掘更多有用信息,以前在漏洞挖掘的时候没有对js进行细致的挖掘利用,在研究小程序调试解密的时候发现js文件中可获取信息的点、可挖掘漏洞的点还是很多的,花了一段时间积攒了一些漏洞场景,就有了这篇文章了~~", "author": "凌晨安全", "category": "凌晨安全", "pubDate": "2025-01-02T10:09:44" }, { "title": "警惕!国产工业路由器零日漏洞疑遭攻击者利用", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606042&idx=2&sn=a643b8dd73810f509abdbb3f1c935808", "description": null, "author": "黑白之道", "category": "黑白之道", "pubDate": "2025-01-02T10:02:15" }, { "title": "Azure Airflow 中配置错误可能会使整个集群受到攻击", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTY0MjIwNg==&mid=2247485306&idx=1&sn=dfa665ba5de97366f35f1233624ad7bc", "description": "网络安全研究人员在 Microsoft 的 Azure 数据工厂xa0Apache Airflow 中发现了三个安全漏洞", "author": "星尘安全", "category": "星尘安全", "pubDate": "2025-01-02T10:01:04" }, { "title": "【攻防演练】针对溯源反制的思考", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247485408&idx=1&sn=5ce4f37d02eaddc3d60c578ccb17224e", "description": null, "author": "富贵安全", "category": "富贵安全", "pubDate": "2025-01-02T09:03:17" }, { "title": "PHP_webshell免杀01-变量绕过", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNTcwOTgxMQ==&mid=2247485200&idx=1&sn=469aa3987e94119b78e8c1908a1a1f77", "description": null, "author": "Spade sec", "category": "Spade sec", "pubDate": "2025-01-02T09:00:28" }, { "title": "面向JS漏洞挖掘", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMzI3OTczNA==&mid=2247487963&idx=1&sn=f152d932bd0d1e3b3513328ced8cf98f", "description": "最近在研究怎么从JS中挖掘更多有用信息,以前在漏洞挖掘的时候没有对js进行细致的挖掘利用,在研究小程序调试解密的时候发现js文件中可获取信息的点、可挖掘漏洞的点还是很多的,花了一段时间积攒了一些漏洞场景,就有了这篇文章了~~", "author": "千寻安服", "category": "千寻安服", "pubDate": "2025-01-02T08:57:23" }, { "title": "工具集:Befree【代理池工具】", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247485064&idx=1&sn=191220ed279c2be53143d739529b524a", "description": null, "author": "风铃Sec", "category": "风铃Sec", "pubDate": "2025-01-02T08:49:35" }, { "title": "【免杀手法】红队免杀木马快速生成", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494516&idx=1&sn=ba05bd2a798f4d5943bf08abb734ad45", "description": null, "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2025-01-02T08:38:31" }, { "title": "JRMP通信攻击过程及利用介绍", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494516&idx=2&sn=98352908d6489fcf5fe0862ca0352daa", "description": null, "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2025-01-02T08:38:31" }, { "title": "Zebo-0.1.0 和 Cometlogger-0.1 中的 Python 恶意软件被发现窃取用户数据", "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486165&idx=1&sn=db8306ba27ab37b90c6c1f0d759c9b13", "description": "为了防范这些威胁,至关重要的是断开互联网连接、隔离受感染的系统、使用信誉良好的防病毒软件以及在必要时重新格式化系统。", "author": "三沐数安", "category": "三沐数安", "pubDate": "2025-01-02T08:30:33" }, { "title": "【技术分享】文件上传XSS漏洞的利用方式", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMTY1MTIzOA==&mid=2247484520&idx=1&sn=f5521e504c8b6e019aad5f78b8fdcf54", "description": "本文讲述了在无法解析利用的废弃文件上传漏洞的前提下,去触发XSS漏洞,来进行水报告的一种思路方式。在SRC挖掘时碰到过上传HTML文件触发XSS漏洞,被确认为XSS存储漏洞给奖励的,但是大多数的SRC厂商都是不收的,不过项目上水报告很好用。", "author": "剁椒Muyou鱼头", "category": "剁椒Muyou鱼头", "pubDate": "2025-01-02T08:30:17" }, { "title": "快速识别网络钓鱼攻击的8种迹象", "link": "https://mp.weixin.qq.com/s?__biz=MzU4NjY3OTAzMg==&mid=2247514613&idx=2&sn=4212277eea3f9fb277c2559d80852fad", "description": "网络钓鱼已成为最常见、也最容易得逞的攻击手段之一。随着网络技术的不断发展,钓鱼攻击的伪装手段也变得愈发狡诈,攻击频次不断提升,各种新奇", "author": "天津恒御科技有限公司", "category": "天津恒御科技有限公司", "pubDate": "2025-01-02T08:15:42" }, { "title": "ysoSimple:简易的Java漏洞利用工具,集成Java、Hessian、XStream、Shiro550反序列化等", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247493133&idx=1&sn=58da466e03801a32a4977feb65c2ac71", "description": null, "author": "夜组安全", "category": "夜组安全", "pubDate": "2025-01-02T08:11:14" }, { "title": "漏洞预警 | 蓝凌OA SSRF漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491966&idx=2&sn=0109569e3097888c035be7756d35dae4", "description": "蓝凌OA存在SSRF漏洞,未经身份验证攻击者可通过该漏洞读取系统重要文件,导致网站处于极度不安全状态。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-02T08:01:25" }, { "title": "漏洞预警 | 泛微E-Bridge SQL注入漏洞", "link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491966&idx=3&sn=9d8938cb9e5e52e23bd52f350b6a80a2", "description": "泛微E-Bridge的/taste/checkMobile接口存在SQL注入漏洞,未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。", "author": "浅安安全", "category": "浅安安全", "pubDate": "2025-01-02T08:01:25" }, { "title": "X-Ways Forensics 功能介绍——事件列表功能", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTU3NTY0Nw==&mid=2247489471&idx=1&sn=c63c57513f5c0f910e79851dfa724f28", "description": null, "author": "网络安全与取证研究", "category": "网络安全与取证研究", "pubDate": "2025-01-02T08:00:48" }, { "title": "紧急!Palo Alto Networks 防火墙遭 DoS 攻击,黑客利用 CVE-2024-3393 漏洞致其瘫痪!", "link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899899&idx=1&sn=2f85cb1a3466fd4c8372b3207ce3c810", "description": "Palo Alto Networks 近日发布紧急安全警告, PAN-OS 软件的 DNS Security 功能存在严重拒绝服务 (DoS) 漏洞 (CVE-2024-3393),黑客正利用该漏洞发动攻击,迫使防火墙重启,甚至进入维护模式", "author": "技术修道场", "category": "技术修道场", "pubDate": "2025-01-02T08:00:47" }, { "title": "多接口版MD5解密工具源码", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3MTE0NTg4OQ==&mid=2247484083&idx=1&sn=38539eb625ffe5cf76a9fb658dd06351", "description": null, "author": "HackTips", "category": "HackTips", "pubDate": "2025-01-02T07:57:13" }, { "title": "利用UEFI内存Dump绕过BitLocker加密,支持Windows11(24H2)", "link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492812&idx=1&sn=a68182005a3969d84629af1888276b9f", "description": "在上一篇文章主要介绍了利用外部硬件设备进行信号截取的方式获取数据, 而本文的实现方式更为方便,只需要一个USB设备就能完成, 实现方法是利用一个名为Memory-Dump-UEFI的工具从内存中提取完整卷加密密钥(FVEK)。", "author": "二进制空间安全", "category": "二进制空间安全", "pubDate": "2025-01-02T07:30:22" }, { "title": "文末获取 | 一款替代Frp完美消除网络特征的内网穿透神器", "link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247493766&idx=1&sn=bc254ad7989b96cbfd9eeeae567eb99e", "description": null, "author": "星落安全团队", "category": "星落安全团队", "pubDate": "2025-01-02T00:00:36" }, { "title": "记一次某红蓝演练经历", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMjY1NDMxMg==&mid=2247485002&idx=1&sn=175696cd5f18931fe426b67081550764", "description": null, "author": "红细胞安全实验室", "category": "红细胞安全实验室", "pubDate": "2025-01-01T23:59:27" }, { "title": "构建一个绕过杀毒软件检测的 RuntimeInstaller Payload Pipeline", "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486112&idx=1&sn=ed6846e7a1992739afc59e3a1136ba82", "description": null, "author": "securitainment", "category": "securitainment", "pubDate": "2025-01-01T23:33:43" }, { "title": "第二十课-系统学习代码审计:Java反序列化基础-fastjson反序列化漏洞原理分析fastjson利用条件分析", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNjY0NDM3OA==&mid=2247484167&idx=1&sn=b3d525b35dd2e4849cdb43db78477e55", "description": "第二十课-系统学习代码审计:Java反序列化基础-fastjson反序列化漏洞原理分析fastjson利用条件分析", "author": "安全随心录", "category": "安全随心录", "pubDate": "2025-01-01T22:50:14" }, { "title": "【翻译】使用 LLM 编写隐秘的恶意 JavaScript,以逃避恶意软件检测,甚至欺骗 VirusTotal", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4NzgzMjUzOA==&mid=2247485433&idx=1&sn=f5e5e19630e7b70daaaad4ff65f13a4d", "description": null, "author": "安全视安", "category": "安全视安", "pubDate": "2025-01-01T20:26:52" }, { "title": "Linux应急响应工具 - LER", "link": "https://mp.weixin.qq.com/s?__biz=MzIzNTE0Mzc0OA==&mid=2247486018&idx=1&sn=f418c5b1882778b2d17bb5f5235f449c", "description": "Linux应急响应工具 - LER", "author": "GSDK安全团队", "category": "GSDK安全团队", "pubDate": "2025-01-01T19:11:56" }, { "title": "PWN入门:三打竞态条件漏洞-DirtyCOW", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587913&idx=2&sn=98c0e76217bf3df9659f9e697ec2775d", "description": "看雪论坛作者ID:福建炒饭乡会", "author": "看雪学苑", "category": "看雪学苑", "pubDate": "2025-01-01T18:00:09" }, { "title": "Azure Airflow 中 Kubernetes RBAC 配置错误可能导致整个集群遭受攻击", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493759&idx=4&sn=633b5f1fd57b44083383dbfa40c96d82", "description": null, "author": "独眼情报", "category": "独眼情报", "pubDate": "2025-01-01T11:13:48" }, { "title": "分享应急响应排查——windows应急响应详细解析", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486709&idx=1&sn=70603444fa226522eb7fc334ead763d0", "description": null, "author": "神农Sec", "category": "神农Sec", "pubDate": "2025-01-01T10:00:31" }, { "title": "Windows环境实现无缝文件同步", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ0NzQwNA==&mid=2247485799&idx=1&sn=4754937e48de965375a73e52aee67067", "description": null, "author": "网络个人修炼", "category": "网络个人修炼", "pubDate": "2025-01-01T10:00:28" }, { "title": "一种难以检测的批量禁用EDR传感检测的攻击手法", "link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492783&idx=1&sn=707997e9eb229d9ece7625a7b7cba2c7", "description": "Windows Defender应用程序控制(WDAC)技术是Windows 10 和 Windows Server 2016 起开始引入并默认启用。它允许组织对其 Windows 设备上允许运行的可执行代码进行精细控制。", "author": "二进制空间安全", "category": "二进制空间安全", "pubDate": "2025-01-01T10:00:19" }, { "title": "记一次从JS源码分析到任意用户登录", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606022&idx=3&sn=84a93bab7256c027deed8208c418cac5", "description": null, "author": "黑白之道", "category": "黑白之道", "pubDate": "2025-01-01T09:37:12" }, { "title": "服务器配置不出网后还存在的威胁", "link": "https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247517628&idx=1&sn=0b204c5d4da4bacb92208c83d3040e43", "description": null, "author": "HACK之道", "category": "HACK之道", "pubDate": "2025-01-01T09:08:21" }, { "title": "【技术分享】Shiro框架下文件读取漏洞快速利用思路", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMTY1MTIzOA==&mid=2247484482&idx=1&sn=6ebfcd11af1fdd86f306e7c16c822820", "description": "本文只讲述了Shiro框架下文件读取漏洞快速利用思路,实际渗透测试时,会碰到各种各样的文件读取下载漏洞,并不一定就是Shiro框架,所以各位朋友就当作一个简单的思路来看就好,实际环境下还是需要随机应变。", "author": "剁椒Muyou鱼头", "category": "剁椒Muyou鱼头", "pubDate": "2025-01-01T09:02:15" }, { "title": "WebShell代码免杀方式", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNTYwMTk4Mw==&mid=2247488152&idx=1&sn=32b64fa1cbb756b6137458408a32ef17", "description": null, "author": "网安探索员", "category": "网安探索员", "pubDate": "2025-01-01T08:30:44" }, { "title": "ZeroEye3.0自动化找白文件,提升免杀效率,实现降本增效", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247488767&idx=1&sn=0e7e75025c1ff2a5bff4b17cbb5f4a6a", "description": null, "author": "白帽学子", "category": "白帽学子", "pubDate": "2025-01-01T08:11:51" }, { "title": "【神兵利器】Windows通用免杀shellcode生成器", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494515&idx=1&sn=b392e81a3b031da86733719a48315b4b", "description": null, "author": "七芒星实验室", "category": "七芒星实验室", "pubDate": "2025-01-01T07:00:29" }, { "title": "【扫盲系列】HTTPS 和 SSL/TLS 协议[8]:国密TLCP之身份鉴别", "link": "https://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247519251&idx=1&sn=38ff208c2f953c25addb38b26d1ea621", "description": "【扫盲系列】HTTPS 和 SSL/TLS 协议[8]:国密TLCP之身份鉴别", "author": "利刃信安", "category": "利刃信安", "pubDate": "2025-01-01T02:43:24" }, { "title": "内核攻防-高权限继承", "link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517955&idx=1&sn=d8555d24bc4f311b2dce16e224a6954b", "description": null, "author": "船山信安", "category": "船山信安", "pubDate": "2025-01-01T02:00:25" }, { "title": "简单的order by注入记录", "link": "https://mp.weixin.qq.com/s?__biz=MzU4Mzc4MDQyOQ==&mid=2247484406&idx=1&sn=4171c1f7807b4d863e01449bcfe50400", "description": null, "author": "安全的黑魔法", "category": "安全的黑魔法", "pubDate": "2025-01-01T00:40:31" }, { "title": "Cleo 远程代码执行漏洞复现(CVE-2024-50623)(附脚本)", "link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515415&idx=1&sn=0302b4a3ffa8ce6ea4ef4b342f977b64", "description": null, "author": "Web安全工具库", "category": "Web安全工具库", "pubDate": "2025-01-01T00:28:39" }, { "title": "【漏洞预警】Apache Traffic Control SQL注入漏洞(CVE-2024-45387)", "link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489384&idx=1&sn=985ccff71c2ce2fbab9504240e929608", "description": null, "author": "飓风网络安全", "category": "飓风网络安全", "pubDate": "2024-12-31T23:53:57" }, { "title": "攻防靶场(29):目录权限和文件权限 ICMP", "link": "https://mp.weixin.qq.com/s?__biz=MzI0NjA3Mzk2NQ==&mid=2247495364&idx=1&sn=9a18611e93f4bff5cce4e0979165ed09", "description": "基于 ATTCK 的OSCP PG Play 靶场 WriteUp", "author": "OneMoreThink", "category": "OneMoreThink", "pubDate": "2024-12-31T22:35:11" }, { "title": "深入浅出API测试|搜集分析与漏洞挖掘实战", "link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496715&idx=1&sn=5df17524d1be3680c48f6168438b7a70", "description": null, "author": "迪哥讲事", "category": "迪哥讲事", "pubDate": "2024-12-31T22:30:54" }, { "title": "警惕!国产工业路由器零日漏洞疑遭攻击者利用", "link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247633465&idx=3&sn=ef758b05548bc18a71aefb5a10e8d08f", "description": null, "author": "商密君", "category": "商密君", "pubDate": "2024-12-31T22:05:12" }, { "title": "关于防范SafePay勒索病毒的风险提示", "link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247633465&idx=4&sn=c60fd0fa97ea5028d8cb95970b0bdc35", "description": null, "author": "商密君", "category": "商密君", "pubDate": "2024-12-31T22:05:12" }, { "title": "哥斯拉(Godzilla)流量特征修改", "link": "https://mp.weixin.qq.com/s?__biz=MzU5NjYwNDIyOQ==&mid=2247484795&idx=1&sn=876fe5d839a9e2891885c3d914d36f7a", "description": "哥斯拉(Godzilla)流量特征修改", "author": "走在网安路上的哥布林", "category": "走在网安路上的哥布林", "pubDate": "2024-12-31T20:56:08" }, { "title": "MSSQL注入xp_cmdshell无回显的一些研究", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3MjU5MDc5MA==&mid=2247483776&idx=1&sn=f18cb731b5b0bde68eb5de22dd3ef7c4", "description": null, "author": "小白安全", "category": "小白安全", "pubDate": "2024-12-31T20:21:01" }, { "title": "关于防范SafePay勒索病毒的风险提示", "link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094494&idx=2&sn=dff517feaaf5131c415ba2e422d33315", "description": null, "author": "网安百色", "category": "网安百色", "pubDate": "2024-12-31T19:31:05" }, { "title": "ELF文件结构浅析-解析器和加载器实现", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587912&idx=1&sn=4ad15eeb82b8a9aa74549d38c434f8bc", "description": "看雪论坛作者ID:东方玻璃", "author": "看雪学苑", "category": "看雪学苑", "pubDate": "2024-12-31T18:01:41" }, { "title": "Docker逃逸详解(二)", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNTU3MjA3OQ==&mid=2247484997&idx=1&sn=ad95ee62d94f0aff51a87d4a46002881", "description": "远程API未授权访问逃逸", "author": "安全攻防屋", "category": "安全攻防屋", "pubDate": "2024-12-31T17:47:50" }, { "title": "通过条件竞争实现内核提权", "link": "https://mp.weixin.qq.com/s?__biz=MzkxNTIwNTkyNg==&mid=2247552846&idx=1&sn=f1718b0814dd2d5c433ad291df24d85c", "description": null, "author": "蚁景网络安全", "category": "蚁景网络安全", "pubDate": "2024-12-31T17:40:12" }, { "title": "一个灰常牛皮的全自动WAF绕过脚本", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247569276&idx=2&sn=bbf6efedb8fa3ac08aa7f12322a3585c", "description": null, "author": "马哥网络安全", "category": "马哥网络安全", "pubDate": "2024-12-31T17:00:33" }, { "title": "SRC挖掘之Access验证校验的漏洞挖掘", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247488012&idx=1&sn=03cd5f595007f6e1342a05b1a4342891", "description": "可获取全校师生个人min感信息...", "author": "蚁景网安", "category": "蚁景网安", "pubDate": "2024-12-31T16:30:32" }, { "title": "FICORA、CAPSAICIN 僵尸网络利用旧 D-Link 路由器漏洞发起 DDoS 攻击", "link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486154&idx=1&sn=f07ce16c527fab05e35d43f5cd4daa4a", "description": "Mirai 和 Keksec 僵尸网络变体正在利用 D-Link 路由器中的关键漏洞。了解影响、受影响的设备以及如何保护自己免受这些攻击。", "author": "三沐数安", "category": "三沐数安", "pubDate": "2024-12-31T16:25:49" }, { "title": "瑞斯康达智能网关命令执行漏洞简单分析", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODMwNjQzMA==&mid=2247485755&idx=1&sn=2424459bff9c2f58c6001e3ab850dbd0", "description": "瑞斯康达智能网关命令执行漏洞简单分析", "author": "XK Team", "category": "XK Team", "pubDate": "2024-12-31T16:20:06" }, { "title": "记一次从JS源码分析到任意用户登录", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247518987&idx=1&sn=14661694761c987472aa5a295a74d91a", "description": null, "author": "亿人安全", "category": "亿人安全", "pubDate": "2024-12-31T16:08:20" }, { "title": "【免杀实战】 - R3Kill掉system启动的火绒6.0主程序 * 追加篇", "link": "https://mp.weixin.qq.com/s?__biz=MzkyNDUzNjk4MQ==&mid=2247484820&idx=1&sn=4d47c7cb3ac314eb7144c0e884edc89c", "description": "火绒无法保障计算机安全!!!", "author": "零攻防", "category": "零攻防", "pubDate": "2024-12-31T16:05:16" }, { "title": "通过代码审计用友获取CNVD高危证书", "link": "https://mp.weixin.qq.com/s?__biz=MzkzODQzNTU2NA==&mid=2247486264&idx=1&sn=d66a1443fa5d075f4be3fefff1faf36e", "description": null, "author": "天启互联网实验室", "category": "天启互联网实验室", "pubDate": "2024-12-31T16:01:52" }, { "title": "通过代码审计用友获取CNVD高危证书", "link": "https://mp.weixin.qq.com/s?__biz=MzAxNzkyOTgxMw==&mid=2247493750&idx=1&sn=322743019a204e55a45f57cb47685ea7", "description": null, "author": "哈拉少安全小队", "category": "哈拉少安全小队", "pubDate": "2024-12-31T14:52:53" }, { "title": "【最新】推特蓝V公布 7zip 0day(续篇)7-Zip LZMA 解码器漏洞与缓冲区溢出攻击", "link": "https://mp.weixin.qq.com/s?__biz=Mzg4NzgzMjUzOA==&mid=2247485415&idx=1&sn=42033006d1c3f341464004d58fb21f4a", "description": null, "author": "安全视安", "category": "安全视安", "pubDate": "2024-12-31T14:45:02" }, { "title": "Objection Hook初探", "link": "https://mp.weixin.qq.com/s?__biz=MzkzMzI3OTczNA==&mid=2247487835&idx=1&sn=aa3bb0d6b9d8ab0e1628ff35cae355f5", "description": "Objection 是一个功能强大的移动安全和逆向工程工具,它利用 Frida 来在运行时对 Android 和 iOS 应用进行探索、调试和修改。通过命令行的方式提供丰富的功能选项,适用于安全研究人员和开发者进行移动应用的测试和逆向工程。", "author": "千寻安服", "category": "千寻安服", "pubDate": "2024-12-31T14:01:29" }, { "title": "Telegram 几款手机号码落查、定位工具", "link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247543310&idx=1&sn=ce55a583832cea6baf03c8b2ae181943", "description": null, "author": "Hacking黑白红", "category": "Hacking黑白红", "pubDate": "2024-12-31T13:50:53" }, { "title": "概念验证远程桌面(RDP)会话劫持实用程序", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526560&idx=1&sn=b29d3d2bdc284b67b377900a94b155aa", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-31T13:48:59" }, { "title": "利用 AD CS 错误配置,允许从任何子域到整个林的权限升级和持久化", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526560&idx=2&sn=743c40e7d7cddc4ce1a3929e7da630a8", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-31T13:48:59" }, { "title": "Linux 内核漏洞 CVE-2023-4147:针对权限提升缺陷的 PoC 漏洞已发布", "link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526560&idx=4&sn=f3a9bdb2740228cbc942151a6713f073", "description": null, "author": "Ots安全", "category": "Ots安全", "pubDate": "2024-12-31T13:48:59" }, { "title": "Windows Defender 网络检测驱动程序内部导览", "link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486103&idx=1&sn=a4eaf7b6d33962b75db7a1e9b9881c2f", "description": null, "author": "securitainment", "category": "securitainment", "pubDate": "2024-12-31T13:37:59" }, { "title": "Windows 11 (24H2版本) BitLocker加密绕过方案", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493699&idx=3&sn=051c69db407c416f6a69790ded2dcbd7", "description": null, "author": "独眼情报", "category": "独眼情报", "pubDate": "2024-12-31T12:40:56" }, { "title": "Oracle WebLogic Server 漏洞可让攻击者远程入侵服务器", "link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493699&idx=4&sn=6bbd40cf4080f5974706d1e44302f9b0", "description": null, "author": "独眼情报", "category": "独眼情报", "pubDate": "2024-12-31T12:40:56" }, { "title": "一次曲折的文件上传漏洞", "link": "https://mp.weixin.qq.com/s?__biz=Mzg3NzIxMDYxMw==&mid=2247504295&idx=1&sn=55e32a8a79eebc042916417c79214dd3", "description": null, "author": "听风安全", "category": "听风安全", "pubDate": "2024-12-31T12:32:04" }, { "title": "从CloudFlare配置错误到登录管理后台", "link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614900&idx=1&sn=d1fdd58ff5af1ce9b537af23f4027987", "description": null, "author": "白帽子左一", "category": "白帽子左一", "pubDate": "2024-12-31T12:01:31" } ]