MasonLiu/PyBot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
7db914a20e
PyBot/JSON/doonsec.json
MasonLiu 7db914a20e update
2024-12-24 21:45:20 +08:00

1602 lines
82 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[
{
"title": "07【邮件安全】如何防护链接类网页钓鱼",
"link": "https://mp.weixin.qq.com/s?__biz=MzI1OTUyMTI2MQ==&mid=2247484749&idx=1&sn=8f6d5bdd820ed71ee2a9680a3d98c257",
"description": "问:\\\\x0a通过邮件发送钓鱼网站也是攻击队常用的社工手段那么如何防护这类邮件攻击\\\\x0a\\\\x0a答\\\\x0a1、对接威胁情报\\\\x0a提炼邮件中的链接包括二维码将url、域名、IP、发件人等IoC信息与威胁情报做匹配。\\\\x0a\\\\x0a2、替换安全二维码\\\\x0a通过邮件网关将邮件中的二维码替换成安全二维码通过代理网关跳转访问目标网站如发现风险可实时拦截。\\\\x0a\\\\x0a3、无头浏览器结合OCR做相似度识别\\\\x0a在沙箱中主动访问链接对目标网站做相似度识别来识别是否",
"author": "十九线菜鸟学安全",
"category": "十九线菜鸟学安全",
"pubDate": "2024-12-24T20:17:00"
},
{
"title": "Adobe ColdFusion 路径遍历漏洞(CVE-2024-53961)安全风险通告",
"link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502682&idx=1&sn=83e2cebbdeddd336724d291651d2bc51",
"description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。",
"author": "奇安信 CERT",
"category": "奇安信 CERT",
"pubDate": "2024-12-24T19:45:44"
},
{
"title": "警惕!“银狐”木马病毒再次出现新变种并更新传播手法",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094410&idx=1&sn=bed5fad50c5baac4a282b84456435ed1",
"description": null,
"author": "网安百色",
"category": "网安百色",
"pubDate": "2024-12-24T19:44:44"
},
{
"title": "【漏洞预警】Apache Hive&Spark信息泄露漏洞CVE-2024-23945",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489351&idx=1&sn=01778ca696e485c04d2862adb19bfa8c",
"description": null,
"author": "飓风网络安全",
"category": "飓风网络安全",
"pubDate": "2024-12-24T19:11:24"
},
{
"title": "【漏洞通告】Adobe ColdFusion任意文件读取漏洞(CVE-2024-53961)",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247523973&idx=1&sn=328a8278946c6ddc659d707dda812940",
"description": "2024年12月24日深瞳漏洞实验室监测到一则Adobe-ColdFusion组件存在任意文件读取漏洞的信息漏洞编号CVE-2024-53961漏洞威胁等级高危。",
"author": "深信服千里目安全技术中心",
"category": "深信服千里目安全技术中心",
"pubDate": "2024-12-24T17:26:55"
},
{
"title": "Kali高手都在用的环境变量技巧学会这些就能实现隐蔽渗透",
"link": "https://mp.weixin.qq.com/s?__biz=MzI5MjY4MTMyMQ==&mid=2247489180&idx=1&sn=aa3275ab6daf3c82fbb961199d189a4d",
"description": "通过掌握这些环境变量管理技巧我们可以更好地控制和优化Kali Linux系统提高渗透测试效率同时保持必要的隐蔽性和安全性。环境变量不仅是简单的配置工具更是一种强大的系统管理和控制机制。",
"author": "HW安全之路",
"category": "HW安全之路",
"pubDate": "2024-12-24T17:14:07"
},
{
"title": "dedecms织梦任意文件上传漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzUxNTMzNw==&mid=2247484054&idx=1&sn=fe0f59eddecc373a8c0f4f6e0f530973",
"description": "dedecms织梦\\\\x0d\\\\x0a漏洞类型通用型\\\\x0d\\\\x0a漏洞版本≤ V5.7.116",
"author": "雾鸣安全",
"category": "雾鸣安全",
"pubDate": "2024-12-24T14:37:37"
},
{
"title": "新的 DroidBot Android 恶意软件针对 77 个银行加密应用程序",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580391&idx=1&sn=2bdac2222c560e9b5607fbdcb854f116",
"description": "为了减轻这种威胁,建议 Android 用户仅从 Google Play 下载应用程序,在安装时仔细检查权限请求,并确保 Play Protect 在其设备上处于活动状态。",
"author": "嘶吼专业版",
"category": "嘶吼专业版",
"pubDate": "2024-12-24T14:00:41"
},
{
"title": "使用LLM混淆恶意 JavaScript,88%的恶意样本可以逃避检测",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493396&idx=1&sn=816812743c54e547f54f05b18b64288d",
"description": null,
"author": "独眼情报",
"category": "独眼情报",
"pubDate": "2024-12-24T14:00:34"
},
{
"title": "Adobe 警告 ColdFusion 存在严重漏洞,并且 PoC 已流出",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493396&idx=5&sn=cf01d14f914941546541b6a0a2f5abec",
"description": null,
"author": "独眼情报",
"category": "独眼情报",
"pubDate": "2024-12-24T14:00:34"
},
{
"title": "RongIOC 一款全自动APT威胁情报拓线工具(APT Automated Tool )(使用教程+实战对比效果)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTY1MTg4Mg==&mid=2247484208&idx=1&sn=ae5a67add3b71e2aec4f047e1f92ae5f",
"description": "RongIOC 一款全自动APT威胁情报拓线工具(APT Automated Tool )(使用教程+实战对比效果)",
"author": "WingBy安全团队",
"category": "WingBy安全团队",
"pubDate": "2024-12-24T13:56:16"
},
{
"title": "RongIOC 一款全自动APT威胁情报拓线工具(APT Automated Tool )(使用教程+实战对比效果)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484405&idx=1&sn=c0993aa055e2c68bacd5f741c127e343",
"description": "RongIOC 一款全自动APT威胁情报拓线工具(APT Automated Tool )(使用教程+实战对比效果)",
"author": "Ting的安全笔记",
"category": "Ting的安全笔记",
"pubDate": "2024-12-24T13:50:08"
},
{
"title": "RongIOC 一款全自动APT威胁情报拓线工具(APT Automated Tool )(使用教程+实战对比效果)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODcwOTA4NA==&mid=2247487707&idx=1&sn=d6d9f18751c0de6108ed9cf7fda14742",
"description": "RongIOC 一款全自动APT威胁情报拓线工具(APT Automated Tool )(使用教程+实战对比效果)",
"author": "fkalis",
"category": "fkalis",
"pubDate": "2024-12-24T13:35:03"
},
{
"title": "CVE-2024-56337Apache Tomcat 修补关键 RCE 漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526417&idx=1&sn=5d19b7fd81e7e92ff3cca973a60ccd22",
"description": null,
"author": "Ots安全",
"category": "Ots安全",
"pubDate": "2024-12-24T12:57:17"
},
{
"title": "【首发 1day】WordPress File Upload 插件存在前台任意文件读取漏洞(CVE-2024-9047)",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247488285&idx=1&sn=97653bb5fd6a2d661776be1026799921",
"description": "安装完毕后,位于 /wp-content/plugins/wp-file-upload/wfu_file_downloader.php 中的wfu_fopen_for_downloader 方法存在fopen 函数导致文件读取操作.",
"author": "星悦安全",
"category": "星悦安全",
"pubDate": "2024-12-24T11:54:54"
},
{
"title": "通杀国内杀软,杀软你怎么不说话",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4Njg3MDk5Ng==&mid=2247486770&idx=1&sn=b8db3e65245e7a65d11c3599425ceb89",
"description": "在网络安全领域,免杀技术是指通过各种手段使恶意代码不被杀毒软件检测到,从而实现隐蔽执行的技术。这在安全测试和渗透测试中尤为重要,因为它可以帮助测试人员模拟真实的攻击场景,评估系统的安全防护能力。",
"author": "朱厌安全",
"category": "朱厌安全",
"pubDate": "2024-12-24T10:27:03"
},
{
"title": "powershell横向渗透样本分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ5MDM3NA==&mid=2247487857&idx=1&sn=a5d37ae0ffa77779a933ad9324b4518b",
"description": null,
"author": "SecretTeam安全团队",
"category": "SecretTeam安全团队",
"pubDate": "2024-12-24T10:06:53"
},
{
"title": "实战自动化加解密&加密场景下的暴力破解",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605533&idx=3&sn=10b918d20ab45ac4b08ffe43015a116d",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-24T09:53:58"
},
{
"title": "本地文件包含发现和利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605533&idx=4&sn=0b44670e74524677e27530426c1546e8",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-24T09:53:58"
},
{
"title": "PbootCMS前台SQL注入漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzcxNTczNA==&mid=2247486906&idx=1&sn=f30579afd864dc32a4b8d966b5fbe1e1",
"description": "我认为这是2024最好用的漏洞你觉得呢",
"author": "Beacon Tower Lab",
"category": "Beacon Tower Lab",
"pubDate": "2024-12-24T09:35:26"
},
{
"title": "满足你 | Tomcat条件竞争RCE利用脚本CVE-2024-50379、CVE-2024-56337",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NzQxNzY2OQ==&mid=2247487679&idx=1&sn=9aada25fb8260f17942f0d8726a6cb7a",
"description": "犀利猪安全,带你上高速~",
"author": "犀利猪安全",
"category": "犀利猪安全",
"pubDate": "2024-12-24T09:23:01"
},
{
"title": "网络钓鱼攻击常用手法盘点与防护建议",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NDkwMDcxNA==&mid=2247485496&idx=1&sn=3372f07b12538909bbb3b5d4fe64b5d3",
"description": null,
"author": "渝安全Sec",
"category": "渝安全Sec",
"pubDate": "2024-12-24T09:02:36"
},
{
"title": "Java反序列化漏洞 | log4j2远程代码执行漏洞原理+漏洞复现",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486527&idx=1&sn=0e5b1a7c579ad31c1583a45c71bd41c2",
"description": "log4j2漏洞分析",
"author": "神农Sec",
"category": "神农Sec",
"pubDate": "2024-12-24T09:01:20"
},
{
"title": "记录灯塔收集学校信息攻击薄弱点站点拿到5K+的敏感信息",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyMDM4NDM5Ng==&mid=2247489612&idx=1&sn=291e47b42397fc383959e1330678e52a",
"description": null,
"author": "安全洞察知识图谱",
"category": "安全洞察知识图谱",
"pubDate": "2024-12-24T08:30:48"
},
{
"title": "使用 Burpsuite 暴力破解网站登录页面",
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486133&idx=1&sn=1d8b9a9f0136678a40e6bfa797288836",
"description": "在本文中,我们使用 Burp Suite 对 Web 应用程序进行暴力破解,但还有许多其他著名的渗透测试工具在暴力攻击中非常有用。",
"author": "三沐数安",
"category": "三沐数安",
"pubDate": "2024-12-24T08:30:47"
},
{
"title": "Webshell自动解密流量分析工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NzU1Mjk4Mw==&mid=2247492247&idx=1&sn=b92494a69a4271e924f2f2c625d16dac",
"description": "通过获取到的webshell流量、url、key来还原攻击者使用webshell所做的操作目前已完成以下功能。",
"author": "Hack分享吧",
"category": "Hack分享吧",
"pubDate": "2024-12-24T08:30:31"
},
{
"title": ".NET | 详解通过Win32函数实现本地提权",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247497683&idx=1&sn=9d02e2022258556da5cc2df0550f652f",
"description": null,
"author": "dotNet安全矩阵",
"category": "dotNet安全矩阵",
"pubDate": "2024-12-24T08:29:48"
},
{
"title": "漏洞预警 | CyberPanel命令执行漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491825&idx=1&sn=3f17b8321f3d7a18c621a9631b58033f",
"description": "CyberPanel的/websites/submitWebsiteCreation接口存在命令执行漏洞经过授权的攻击者可以通过此接口执行任意命令获取服务器权限从而造成数据泄露、服务器被接管等严重的后果。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-24T08:01:03"
},
{
"title": "漏洞预警 | SitecoreCMS任意文件读取漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491825&idx=2&sn=10017681ee52f6f356351fc448cb1d45",
"description": "Sitecore的/-/speak/v1/bundles/bundle.js接口存在任意文件读取漏洞未经身份验证的攻击者可以通过该漏洞读取服务器任意文件从而获取服务器大量敏感信息。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-24T08:01:03"
},
{
"title": "Windows 主机信息自动化狩猎工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487157&idx=1&sn=33e23b2a68ac64785f2804e5200cfa8a",
"description": null,
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-24T07:55:42"
},
{
"title": "FTP匿名登录",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247497243&idx=1&sn=069103e7418d78149cef12a332678450",
"description": null,
"author": "泷羽Sec",
"category": "泷羽Sec",
"pubDate": "2024-12-24T07:44:17"
},
{
"title": "【神兵利器】红队Shellcode免杀框架",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494149&idx=1&sn=fab06a0ca89ddda6d7305b4a978b703f",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-24T07:03:44"
},
{
"title": "内网渗透之无文件落地攻击",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494149&idx=2&sn=7e3fcd76f9f1a64bff2a1b21c9be7a41",
"description": "文章前言所谓的\\\\x26quot;无文件落地攻击\\\\x26quot;是指恶意程序文件不直接落地到目标系统的磁盘空间中的一种攻击手法,常用于逃避传",
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-24T07:03:44"
},
{
"title": "Lazarus黑客利用CookiePlus恶意软件攻击核电部门",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247506354&idx=1&sn=3fd6654a84875b878cfb4f586dff84df",
"description": "朝鲜黑客组织拉撒路集团正将攻击目标对准核电行业。该组织通过复杂精密的行动,试图渗透国防、航空航天和加密货币等高安全行业,现在似乎将核工业组织也纳入攻击范围。卡巴斯基观察到拉撒路集团一个月内向至少两名与核相关的员工发送含恶意文件的档案。",
"author": "网空闲话plus",
"category": "网空闲话plus",
"pubDate": "2024-12-24T06:58:38"
},
{
"title": "如何保护企业中的敏感数据?加密与访问控制详解",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NDc0Njk1MQ==&mid=2247486578&idx=1&sn=00c0200f09082585ed2b64083885d7b8",
"description": null,
"author": "信息安全动态",
"category": "信息安全动态",
"pubDate": "2024-12-24T06:00:22"
},
{
"title": "蓝凌EKP V16 未授权SQL注入漏洞分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517803&idx=1&sn=bbf1338350e2628431ec7659eb014097",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2024-12-24T00:05:47"
},
{
"title": "Bazaar v1.4.3 任意文件读取漏洞(CVE-2024-40348)",
"link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515310&idx=1&sn=0d5a90a6415efced680b61d90b5d0c8c",
"description": null,
"author": "Web安全工具库",
"category": "Web安全工具库",
"pubDate": "2024-12-24T00:02:58"
},
{
"title": "安卓逆向 -- 某游戏打开开发者面板",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652037321&idx=1&sn=2f643b5615cf72406df9d57ba120fdb4",
"description": null,
"author": "逆向有你",
"category": "逆向有你",
"pubDate": "2024-12-24T00:02:24"
},
{
"title": "【漏洞预警】Poppler越界读取漏洞(CVE-2024-56378)",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489345&idx=1&sn=91726b817300dc5b41e7c6a25ef449d4",
"description": null,
"author": "飓风网络安全",
"category": "飓风网络安全",
"pubDate": "2024-12-23T21:55:11"
},
{
"title": "漏洞公开——从弱口令到通杀",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247517735&idx=1&sn=7d8c311aaec65b40784ae780af73519b",
"description": "实战思路定期公开",
"author": "Z2O安全攻防",
"category": "Z2O安全攻防",
"pubDate": "2024-12-23T21:32:42"
},
{
"title": "文件上传漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMjU5MzgzMQ==&mid=2247485143&idx=1&sn=ca184c882a6f45a7b1160c5e65116d61",
"description": null,
"author": "AlertSec",
"category": "AlertSec",
"pubDate": "2024-12-23T19:56:00"
},
{
"title": "【安全圈】Diicot 威胁组织利用高级恶意软件攻击 Linux",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652066835&idx=4&sn=66217b60f43298ef9b36aff4b47463a1",
"description": null,
"author": "安全圈",
"category": "安全圈",
"pubDate": "2024-12-23T19:00:16"
},
{
"title": "安全卫士 | 魔方安全漏洞周报",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzA5NDc0MA==&mid=2649291940&idx=2&sn=017c601f071172c54e31467605898ee7",
"description": "成事在微,筑防于先。魔方安全提醒您:注意企业网络空间资产安全!",
"author": "魔方安全",
"category": "魔方安全",
"pubDate": "2024-12-23T18:30:54"
},
{
"title": "iDRAC 到域管理员",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526408&idx=2&sn=91bf23c4c28ad0158f7d706a5450dbe3",
"description": null,
"author": "Ots安全",
"category": "Ots安全",
"pubDate": "2024-12-23T18:09:20"
},
{
"title": "AB PLC与CIP协议安全研究",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NjI5NzY1OA==&mid=2247511883&idx=1&sn=6b260626239bffe0ea7ae7914f7b8b38",
"description": "揭秘AB PLC与CIP协议的关联。",
"author": "珞安科技",
"category": "珞安科技",
"pubDate": "2024-12-23T18:04:44"
},
{
"title": "【已复现】Apache Tomcat存在远程代码执行漏洞CVE-2024-56337",
"link": "https://mp.weixin.qq.com/s?__biz=MzUzOTE2OTM5Mg==&mid=2247490225&idx=1&sn=afd97fcef9e2132344f804a84347ba7f",
"description": null,
"author": "安恒信息CERT",
"category": "安恒信息CERT",
"pubDate": "2024-12-23T17:57:02"
},
{
"title": "【已复现】Apache Tomcat存在远程代码执行漏洞CVE-2024-50379",
"link": "https://mp.weixin.qq.com/s?__biz=MzUzOTE2OTM5Mg==&mid=2247490225&idx=2&sn=885da3c3fa05d39949c5718797a96226",
"description": null,
"author": "安恒信息CERT",
"category": "安恒信息CERT",
"pubDate": "2024-12-23T17:57:02"
},
{
"title": "警惕全球超190,000台Android设备感染后门程序包括国内知名品牌的手机设备",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492482&idx=1&sn=5659f4a8b3130b6eb9ecc4905ec2fb89",
"description": "近日一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。",
"author": "白泽安全实验室",
"category": "白泽安全实验室",
"pubDate": "2024-12-23T17:06:38"
},
{
"title": "『红蓝对抗』分块传输绕过WAF学习",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2MDU5MDE2MA==&mid=2247484140&idx=1&sn=a9efe827ca71dabf4f827faba8678652",
"description": "『红蓝对抗』分块传输绕过WAF学习",
"author": "网络安全杂记",
"category": "网络安全杂记",
"pubDate": "2024-12-23T16:45:15"
},
{
"title": "【处置手册】Apache Tomcat条件竞争代码执行漏洞CVE-2024-50379/CVE-2024-56337",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjE3ODkxNg==&mid=2247488790&idx=1&sn=376728eef98af14fb13112cf8db0c80d",
"description": "近日绿盟科技CERT监测到Apache发布安全公告修复了Apache Tomcat条件竞争代码执行漏洞CVE-2024-50379/CVE-2024-56337。CVSS评分9.8目前漏洞细节与PoC已公开请相关用户尽快防护。",
"author": "绿盟科技CERT",
"category": "绿盟科技CERT",
"pubDate": "2024-12-23T16:07:01"
},
{
"title": "路径遍历漏洞技巧手法",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzUxNTMzNw==&mid=2247484048&idx=1&sn=75765ca273ebe45ec635d0c1d6037b66",
"description": null,
"author": "雾鸣安全",
"category": "雾鸣安全",
"pubDate": "2024-12-23T15:55:25"
},
{
"title": "一文学会XXE漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484213&idx=1&sn=af96b8c4532bba3b51fec6ef7648873d",
"description": "XXE漏洞",
"author": "simple学安全",
"category": "simple学安全",
"pubDate": "2024-12-23T14:47:02"
},
{
"title": "面向红队的 Active Directory 枚举",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485994&idx=1&sn=60ebae95f855eb610099776123d60fe5",
"description": null,
"author": "securitainment",
"category": "securitainment",
"pubDate": "2024-12-23T13:37:24"
},
{
"title": "记一次红队渗透通关某金融单位",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTUxMzk2NQ==&mid=2247485881&idx=1&sn=09f8f2355a6967317149b16f93d9954b",
"description": null,
"author": "安全君呀",
"category": "安全君呀",
"pubDate": "2024-12-23T12:34:59"
},
{
"title": "【$$$$】从信息收集到攻破Okta",
"link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247614773&idx=1&sn=8068fe691c21122e9ef909e34b8c7e8b",
"description": null,
"author": "白帽子左一",
"category": "白帽子左一",
"pubDate": "2024-12-23T12:03:57"
},
{
"title": "一次异常艰难的渗透测试",
"link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491285&idx=1&sn=0f06f5aebcc3fca484698c3598d8b633",
"description": null,
"author": "实战安全研究",
"category": "实战安全研究",
"pubDate": "2024-12-23T11:46:57"
},
{
"title": "IIS中间件漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTMxNDM3Ng==&mid=2247488752&idx=1&sn=f5d1b413360eaaa586e8547d31c4dbce",
"description": null,
"author": "丁永博的成长日记",
"category": "丁永博的成长日记",
"pubDate": "2024-12-23T10:16:37"
},
{
"title": "Tomcat RCE | CVE-2024-56337远程代码执行带复现视频及POC",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NzQxNzY2OQ==&mid=2247487630&idx=1&sn=6cf205a3fab2e22c6d42abce80395724",
"description": "犀利猪安全,带你上高速~",
"author": "犀利猪安全",
"category": "犀利猪安全",
"pubDate": "2024-12-23T10:14:16"
},
{
"title": "Apache Tomcat 安全配置与优化指南",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ0NzQwNA==&mid=2247485751&idx=1&sn=e71b15fafbae32f12199a2b2750794fd",
"description": null,
"author": "网络个人修炼",
"category": "网络个人修炼",
"pubDate": "2024-12-23T10:00:45"
},
{
"title": "攻防记一次5KW资产的渗透测试",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605454&idx=3&sn=64577c6b6ced302f81154522580d5893",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-23T09:50:43"
},
{
"title": "一款ShellCode在线免杀处理平台",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605454&idx=4&sn=9e9bffc8f58257e0f370cc5e6a02a4e0",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-23T09:50:43"
},
{
"title": "【POC开发系列01】Pocsuite3框架的使用与poc的编写",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMDc1NzU1Ng==&mid=2247484143&idx=1&sn=0909bc6a1e1608db5396bd53d3516603",
"description": "本篇文章我们将详细讲述pocsuite3框架的使用以及该框架下的poc编写方法",
"author": "天欣安全实验室",
"category": "天欣安全实验室",
"pubDate": "2024-12-23T09:05:58"
},
{
"title": "[溯源]HuntBack(反击狩猎)用于攻防演练中防守方对恶意ip进行web指纹扫描与识别",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMTUwOTY1MA==&mid=2247489823&idx=1&sn=9772f4b0d90fa409e8931007756be5b2",
"description": null,
"author": "知攻善防实验室",
"category": "知攻善防实验室",
"pubDate": "2024-12-23T09:02:34"
},
{
"title": "不会取证取证总结少Windows内存取证超详细解题过程看过来",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486496&idx=1&sn=b4a673d2771b2822c6f886dbe6125c11",
"description": "内存取证解题思路!",
"author": "神农Sec",
"category": "神农Sec",
"pubDate": "2024-12-23T09:01:58"
},
{
"title": "vulnhub之PumpkinGarden的实践",
"link": "https://mp.weixin.qq.com/s?__biz=MzA3MjM5MDc2Nw==&mid=2650748882&idx=1&sn=88419dd89bf91aef4fa7578913b7060a",
"description": null,
"author": "云计算和网络安全技术实践",
"category": "云计算和网络安全技术实践",
"pubDate": "2024-12-23T08:50:03"
},
{
"title": "深度剖析 CVE-2024-56145Craft CMS 高危漏洞的利用与防御",
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NzczNTM1MQ==&mid=2247485075&idx=1&sn=68db2f838cf34395ab94bbc562be7cf5",
"description": null,
"author": "云梦安全",
"category": "云梦安全",
"pubDate": "2024-12-23T08:39:35"
},
{
"title": "Apache Tomcat 高危远程代码执行漏洞CVE-2024-56337",
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NzczNTM1MQ==&mid=2247485075&idx=2&sn=b8aebda4d9773c722dd15d51bc6b357b",
"description": null,
"author": "云梦安全",
"category": "云梦安全",
"pubDate": "2024-12-23T08:39:35"
},
{
"title": "工具集Golin【等级保护核查工具】",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484989&idx=1&sn=7ba70977add1f57de829b1fb3072f82c",
"description": null,
"author": "风铃Sec",
"category": "风铃Sec",
"pubDate": "2024-12-23T08:35:37"
},
{
"title": "本地文件包含发现和利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NzU1Mjk4Mw==&mid=2247492246&idx=1&sn=22d9e0d72a237a1ac703eb164beac473",
"description": "LFImap是一款本地文件包含发现和利用工具主要版本1.0即将推出,其中包含大量新功能和模块。",
"author": "Hack分享吧",
"category": "Hack分享吧",
"pubDate": "2024-12-23T08:31:00"
},
{
"title": "漏洞预警 | Apache Tomcat条件竞争漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491824&idx=1&sn=1e180df542cc81f8ccd126fa3a1a793a",
"description": "Apache Tomcat中JSP编译期间存在检查时间使用TOCTOU竞争条件漏洞攻击者可绕过Tomcat的大小写敏感性检查导致上传的文件被错误地当作JSP文件处理从而导致远程代码执行。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-23T08:02:27"
},
{
"title": "漏洞预警 | 蓝凌OA SSRF漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491824&idx=2&sn=00d3f008f7a8e6862f85e636c1729047",
"description": "蓝凌OA存在SSRF漏洞未经身份验证攻击者可通过该漏洞读取系统重要文件导致网站处于极度不安全状态。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-23T08:02:27"
},
{
"title": "漏洞预警 | 国威数字程控交换机远程代码执行漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491824&idx=3&sn=182280414c04ee47c247bae26a93c39e",
"description": "国威HB1910数字程控电话交换机的/modules/ping/generate.php接口存在远程代码执行漏洞未经身份验证的攻击者可以通过该漏洞远程执行任意代码从而控制目标服务器。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-23T08:02:27"
},
{
"title": "记录灯塔收集学校信息攻击薄弱点站点拿到5K+的敏感信息",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247504475&idx=1&sn=36083786102a2ec27f8cf89539bb085a",
"description": "记录如何拿到一所学校该如何攻打,寻找漏洞的手法和思路。",
"author": "菜鸟学信安",
"category": "菜鸟学信安",
"pubDate": "2024-12-23T08:00:40"
},
{
"title": "补丁警报发现关键的Apache Struts漏洞CVE-2024-53677",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4MzMzOTQ4Mw==&mid=2453672473&idx=1&sn=b1f42abfb69489f1d38f2bf96dcc303b",
"description": null,
"author": "独角鲸网络安全实验室",
"category": "独角鲸网络安全实验室",
"pubDate": "2024-12-23T07:35:42"
},
{
"title": "攻击者利用Microsoft Teams和AnyDesk部署DarkGate恶意软件",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4MzMzOTQ4Mw==&mid=2453672480&idx=1&sn=c6d20e503d4e736b176f872609c9287d",
"description": null,
"author": "独角鲸网络安全实验室",
"category": "独角鲸网络安全实验室",
"pubDate": "2024-12-23T07:10:00"
},
{
"title": "社工钓鱼手法总结",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494138&idx=2&sn=b2c884b2d49ab83d6dc02309979fc363",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-23T07:03:46"
},
{
"title": "干货 | 极致反沙箱-银狐样本分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247493443&idx=1&sn=34120f8dd4249bba2ef71c4931878755",
"description": null,
"author": "星落安全团队",
"category": "星落安全团队",
"pubDate": "2024-12-23T00:20:13"
},
{
"title": "记一次某站运营环境的测试过程从信息泄露到Getshell|挖洞技巧",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODE2MjkxMQ==&mid=2247489522&idx=1&sn=c9c7f94c7a412133b181cf0cccaadc03",
"description": "在某个工作日收到客户发来的链接说需要打点然后就开始了这次的渗透路程。通过分析目标网站发现其使用FastAdmin框架且基于ThinkPHP5。利用该框架的前台getshell漏洞并通过修改请求UA获取敏感信息。",
"author": "渗透安全HackTwo",
"category": "渗透安全HackTwo",
"pubDate": "2024-12-23T00:00:22"
},
{
"title": "实战自动化加解密&加密场景下的暴力破解",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247517732&idx=1&sn=a729b548786bfa19bc1710d30a1c7edf",
"description": "实战自动化加解密\\\\x26amp;加密场景下的暴力破解",
"author": "Z2O安全攻防",
"category": "Z2O安全攻防",
"pubDate": "2024-12-22T21:09:20"
},
{
"title": "HTB_Unrested(思路)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMjYyMjA3Mg==&mid=2247485355&idx=1&sn=1daf8e542791e21a08caefb9ce458e5d",
"description": "HTB-Unrested+linux(Med)+CVE-2024-42327(时间盲注)-\\\\x26gt;RCE-\\\\x26gt;sudo -l(nmap)",
"author": "羽泪云小栈",
"category": "羽泪云小栈",
"pubDate": "2024-12-22T20:31:43"
},
{
"title": "关于AWD的小结",
"link": "https://mp.weixin.qq.com/s?__biz=MzAwNTc5MTMyNg==&mid=2247500072&idx=1&sn=2b761dedd7c1caedbe68c644c1292ec6",
"description": null,
"author": "Gh0xE9",
"category": "Gh0xE9",
"pubDate": "2024-12-22T20:27:36"
},
{
"title": "【漏洞复现】CVE-2024-50623",
"link": "https://mp.weixin.qq.com/s?__biz=MzUxMTk4OTA1NQ==&mid=2247484851&idx=1&sn=52c5df6c1e8f7e240e5d705a9adb8fbc",
"description": null,
"author": "混子Hacker",
"category": "混子Hacker",
"pubDate": "2024-12-22T19:22:38"
},
{
"title": "自定义Shellcode",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDg3OTc0OA==&mid=2247489116&idx=1&sn=bdf3e93ba0fbb448b76dd8dc2a816813",
"description": null,
"author": "Relay学安全",
"category": "Relay学安全",
"pubDate": "2024-12-22T18:48:29"
},
{
"title": "记录一次RCE无回显突破内网隔离",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMzcwMDU5OA==&mid=2247484107&idx=1&sn=efc2381710f01860a5727090f7f992f4",
"description": "在攻防演练的时候常常遇到无回显的情况怎么办呢你还在用DNSLog外带内容还是在用文件写入Web访问读取",
"author": "RongRui安全团队",
"category": "RongRui安全团队",
"pubDate": "2024-12-22T17:21:16"
},
{
"title": "一个不起眼的 PHP 漏洞如何导致 Craft CMS 出现 RCE",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526407&idx=2&sn=c861b76793e01721eca83cd6cd50d901",
"description": null,
"author": "Ots安全",
"category": "Ots安全",
"pubDate": "2024-12-22T15:02:56"
},
{
"title": "记一次逻辑漏洞修改任意用户密码",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTQwNjQ4OA==&mid=2247484039&idx=1&sn=84848557aee5ef51ec87d5cd74607656",
"description": "任意用户重置密码漏洞小结",
"author": "UF安全团队",
"category": "UF安全团队",
"pubDate": "2024-12-22T14:38:01"
},
{
"title": "【首发1day详情】CVE-2024-51479 全网首发漏洞复现分析+POC (Next.js权限绕过)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTY1MTg4Mg==&mid=2247484206&idx=1&sn=c6c8bc748d9cd6b3305a188a37b8c6b9",
"description": "【首发1day详情】CVE-2024-51479 全网首发漏洞复现分析+POC (Next.js权限绕过)",
"author": "WingBy安全团队",
"category": "WingBy安全团队",
"pubDate": "2024-12-22T14:05:22"
},
{
"title": "【首发1day详情】CVE-2024-51479 全网首发漏洞复现分析+POC (Next.js权限绕过)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484401&idx=1&sn=71dcfb268f5852a19c75d24153bb827e",
"description": "【首发1day详情】CVE-2024-51479 全网首发漏洞复现分析+POC (Next.js权限绕过)",
"author": "Ting的安全笔记",
"category": "Ting的安全笔记",
"pubDate": "2024-12-22T13:57:48"
},
{
"title": "【首发1day详情】CVE-2024-51479 全网首发漏洞复现分析+POC (Next.js权限绕过)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODcwOTA4NA==&mid=2247487524&idx=1&sn=0ba60c7c544d38db55c6cc9723985528",
"description": "【首发1day详情】CVE-2024-51479 全网首发漏洞复现分析+POC (Next.js权限绕过)",
"author": "fkalis",
"category": "fkalis",
"pubDate": "2024-12-22T13:50:36"
},
{
"title": "武器化 WDAC终结 EDR",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485954&idx=1&sn=8d45f8b0393a54ad7969755cce063a71",
"description": null,
"author": "securitainment",
"category": "securitainment",
"pubDate": "2024-12-22T13:38:00"
},
{
"title": "CVE-2024-56145Craft CMS 漏洞利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493290&idx=1&sn=87dbe8e4fb12dd7dc0b236623fe5f4be",
"description": null,
"author": "独眼情报",
"category": "独眼情报",
"pubDate": "2024-12-22T10:51:58"
},
{
"title": "针对安全人员攻击者窃取了39万个WordPress凭证",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651310355&idx=3&sn=0d23a5233269e89ec783afae8e697609",
"description": "受害者包括红队成员、渗透测试员、安全研究人员甚至其他一些黑客。",
"author": "FreeBuf",
"category": "FreeBuf",
"pubDate": "2024-12-22T10:02:27"
},
{
"title": "武装你的burpsuite",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247504474&idx=1&sn=8aa7b9f0b2409a39abc14ed2346ce7e6",
"description": null,
"author": "菜鸟学信安",
"category": "菜鸟学信安",
"pubDate": "2024-12-22T09:30:16"
},
{
"title": "Fortinet 无线管理器惊现严重漏洞,黑客可轻松获取管理员权限!",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447899799&idx=1&sn=bf5134fc99d34ec1f16199c151fa25ef",
"description": "Fortinet xa0近日披露了 Fortinet 无线管理器 (FortiWLM) 中的一个严重漏洞 (CVE-2023-34990),该漏洞允许远程攻击者通过精心构造的 Web 请求执行未经授权的代码或命令,从而接管设备。",
"author": "技术修道场",
"category": "技术修道场",
"pubDate": "2024-12-22T09:19:40"
},
{
"title": "AWS 管理员身份危机:第 1 部分",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503976&idx=1&sn=ef8e6af551f64ca713aabc929bb21aac",
"description": "BLUF每条攻击路径都需要一个目的地。这是在 AWS 中描述目标的正式方式。在只有数据平面访问权限的云提供商中,我们将注意力从管理员的武断定义转移到我们关心的资源",
"author": "安全狗的自我修养",
"category": "安全狗的自我修养",
"pubDate": "2024-12-22T09:08:34"
},
{
"title": "Frida 逆向一个 APP",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTg0MjQ5OA==&mid=2247487503&idx=1&sn=45012c2e9db4cd2a2d6daf529acdbdec",
"description": null,
"author": "CISSP",
"category": "CISSP",
"pubDate": "2024-12-22T09:01:23"
},
{
"title": "FortiWLM 曝关键漏洞,攻击者可获得管理员权限",
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247633268&idx=3&sn=98f0293cc6251ab7304f147afa79483c",
"description": null,
"author": "商密君",
"category": "商密君",
"pubDate": "2024-12-22T09:01:08"
},
{
"title": "记一次溯源真实案例",
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525329&idx=1&sn=f4dc7aef56d1aba18bd74175fa9c5c28",
"description": "每年的七月至八月对于安全圈的小伙伴来说那肯定是忙碌的两个月,各行各业都在开展不大不小的攻防演练...。",
"author": "乌雲安全",
"category": "乌雲安全",
"pubDate": "2024-12-22T09:00:21"
},
{
"title": "CVE-2024-12727Sophos Firewall SQL注入漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485745&idx=1&sn=d1090b68df39020f6ad17405afe7f029",
"description": "CVE-2024-12727Sophos Firewall SQL注入漏洞",
"author": "信安百科",
"category": "信安百科",
"pubDate": "2024-12-22T08:00:24"
},
{
"title": "CVE-2024-49112Windows 轻量级目录访问协议LDAP远程代码执行漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485745&idx=2&sn=5b11dd987b70d63bd327eea23f305e74",
"description": "CVE-2024-49112Windows 轻量级目录访问协议LDAP远程代码执行漏洞",
"author": "信安百科",
"category": "信安百科",
"pubDate": "2024-12-22T08:00:24"
},
{
"title": "新手小白如何挖掘cnvd通用漏洞之存储xss漏洞利用xss钓鱼",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487133&idx=1&sn=1a65a357b5fb4ed4bd2928654519d005",
"description": null,
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-22T07:55:22"
},
{
"title": "【神兵利器】GRS内网穿透工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494137&idx=1&sn=96df8db8f17208fea146568a13c609c3",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-22T07:04:07"
},
{
"title": "应急响应记录之水坑挂马事件分析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494137&idx=2&sn=e1f2f1f8c19153cc8e6aa796e5b83fbb",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-22T07:04:07"
},
{
"title": "PE文件代码注入",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517788&idx=1&sn=5bf26f6dbafbcb94f439e8a8f6a0cf3f",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2024-12-22T02:00:30"
},
{
"title": "新手小白如何挖掘cnvd通用漏洞之存储xss漏洞利用xss钓鱼",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486364&idx=1&sn=6376e5a20c87ec8e5f291c09a4e13f16",
"description": null,
"author": "扫地僧的茶饭日常",
"category": "扫地僧的茶饭日常",
"pubDate": "2024-12-22T00:00:47"
},
{
"title": "SQLMAP注入神器MySQL注入使用总结",
"link": "https://mp.weixin.qq.com/s?__biz=MzA3NTc0MTA1Mg==&mid=2664712104&idx=1&sn=4c7af6bf68b87554a6183444c12996a8",
"description": null,
"author": "小兵搞安全",
"category": "小兵搞安全",
"pubDate": "2024-12-21T22:34:56"
},
{
"title": "CVE-2024-56337 Apache Tomcat - 通过启用写入功能的默认 servlet 进行 RCE",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493261&idx=1&sn=519cd25d6df0692babe00f4c41ffdee9",
"description": null,
"author": "独眼情报",
"category": "独眼情报",
"pubDate": "2024-12-21T20:18:46"
},
{
"title": "【新day】CVE-2024-56145Craft CMS 模板注入导致 RCE",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODcwOTA4NA==&mid=2247487494&idx=1&sn=de643d61ba91eb9452c98cebeb61a56a",
"description": "【新day】CVE-2024-56145Craft CMS 模板注入导致 RCE",
"author": "fkalis",
"category": "fkalis",
"pubDate": "2024-12-21T18:50:36"
},
{
"title": "CVE-2024-53677Apache Struts 2S2-067远程代码执行漏洞POC",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485730&idx=1&sn=4a11c334dc821e3cebf6e8642e236341",
"description": "CVE-2024-53677Apache Struts 2远程代码执行漏洞POC",
"author": "信安百科",
"category": "信安百科",
"pubDate": "2024-12-21T18:15:40"
},
{
"title": "CVE-2024-50379Apache Tomcat竞争条件远程代码执行漏洞POC",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485730&idx=2&sn=ee2e3210c82a61b26acfc5ba94b512ca",
"description": "CVE-2024-50379Apache Tomcat竞争条件远程代码执行漏洞POC",
"author": "信安百科",
"category": "信安百科",
"pubDate": "2024-12-21T18:15:40"
},
{
"title": "【bWAPP】越权攻防实战",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTU2NjA1Mw==&mid=2247495244&idx=2&sn=db714a74ed1e7bc1dd8b62d608311ee0",
"description": "我这一生如履薄冰,你说我能走到对岸吗?",
"author": "儒道易行",
"category": "儒道易行",
"pubDate": "2024-12-21T18:00:26"
},
{
"title": "新的Windows权限提升漏洞 SSD 咨询 cldflt 基于堆的溢出 (PE)",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526269&idx=2&sn=be4f2144eee49c7ab4153c1c05760a33",
"description": null,
"author": "Ots安全",
"category": "Ots安全",
"pubDate": "2024-12-21T15:35:59"
},
{
"title": "OtterRoot Netfilter 通用型 Linux 本地提权 1-day 漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485930&idx=1&sn=b212c0f73f12ef7a741f99bb4b8fd2e1",
"description": null,
"author": "securitainment",
"category": "securitainment",
"pubDate": "2024-12-21T13:37:57"
},
{
"title": "哥斯拉Godzilla二开环境配置",
"link": "https://mp.weixin.qq.com/s?__biz=MzU5NjYwNDIyOQ==&mid=2247484759&idx=1&sn=13419dbd0d2b4e2f2134476460f5188b",
"description": "Java8 失败了,所以使用 java11",
"author": "走在网安路上的哥布林",
"category": "走在网安路上的哥布林",
"pubDate": "2024-12-21T13:37:23"
},
{
"title": "【已复现】Apache Tomcat 远程代码执行漏洞(CVE-2024-56337)安全风险通告",
"link": "https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247502658&idx=1&sn=e1de6decc572e58a32c667c1ecd2ec0b",
"description": "致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。",
"author": "奇安信 CERT",
"category": "奇安信 CERT",
"pubDate": "2024-12-21T13:26:32"
},
{
"title": "【翻译】身份验证失效:利用高级身份验证漏洞的完整指南",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NzgzMjUzOA==&mid=2247485358&idx=1&sn=c180edecfc5c80fefafb15baea7e06d5",
"description": null,
"author": "安全视安",
"category": "安全视安",
"pubDate": "2024-12-21T12:24:51"
},
{
"title": "新手小白如何挖掘cnvd通用漏洞之存储xss漏洞利用xss钓鱼",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247546135&idx=1&sn=cbfb468158bc82d35028d522eaa3ab4d",
"description": null,
"author": "掌控安全EDU",
"category": "掌控安全EDU",
"pubDate": "2024-12-21T12:02:14"
},
{
"title": "利用 LFI 和文件上传进行 Web 服务器攻击",
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486074&idx=1&sn=692559a9a408094530ae7fc4be428396",
"description": "在本文中,您将了解如何通过 FILE INCLUSION 漏洞绕过高安全性中的文件上传漏洞。以及如何绕过本地文件包含以获取受害者 PC 的反向连接。",
"author": "三沐数安",
"category": "三沐数安",
"pubDate": "2024-12-21T09:30:17"
},
{
"title": "从信息泄露到越权再到弱口令",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605407&idx=3&sn=ff5e919d615a969b10d176323b99e285",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-21T09:09:40"
},
{
"title": "Tomcat综合利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605407&idx=4&sn=b6af55a1866ce006ae647248c39d159a",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-21T09:09:40"
},
{
"title": "【玄机】哥斯拉 4.0 流量分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491281&idx=1&sn=977cb76a49ffa177ac3ff88883f2faaf",
"description": "后台私信获取玄机邀请码!!!",
"author": "实战安全研究",
"category": "实战安全研究",
"pubDate": "2024-12-21T09:03:45"
},
{
"title": "曹县 Lazarus APT组织被发现利用 CookiePlus 恶意软件攻击核工程师",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793589&idx=1&sn=bde4cb81b3bd2bf7ae988ed976019283",
"description": "卡巴大叔不厚道,人家几万人在替你们打仗,你还写将军黑客部队的报告。",
"author": "军哥网络安全读报",
"category": "军哥网络安全读报",
"pubDate": "2024-12-21T09:01:11"
},
{
"title": "红蓝对抗 | 基于某商全流量设备端口复用流量分析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486389&idx=1&sn=47227bcc89e5592a142bcf06ca47105a",
"description": "红蓝对抗!",
"author": "神农Sec",
"category": "神农Sec",
"pubDate": "2024-12-21T09:00:38"
},
{
"title": "Java反序列化GUI利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247488588&idx=1&sn=0bb57826c73dd32965a80cdc979b25b6",
"description": null,
"author": "白帽学子",
"category": "白帽学子",
"pubDate": "2024-12-21T08:11:16"
},
{
"title": "漏洞预警 | Cleo Harmony任意文件读取漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491804&idx=1&sn=9ca9d6fe52223ae2d42a4e122bbad7d6",
"description": "Cleo Harmony的/Synchronization接口存在任意文件读取漏洞未经身份验证的攻击者可以通过漏洞读取服务器任意文件从而获取大量敏感信息。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-21T08:02:04"
},
{
"title": "漏洞预警 | NextChat SSRF漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491804&idx=2&sn=1b58756b842eabe75c03da17279606b8",
"description": "NextChat的/api/webdav/chatgpt-next-web/backup.json接口存在SSRF漏洞由于WebDav API端点上的参数未得到验证攻击者可通过该漏洞获取敏感信息。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-21T08:02:04"
},
{
"title": "漏洞预警 | 网神SecGate3600防火墙任意文件上传漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491804&idx=3&sn=7d2c640fda5f60bb78dd1511bd64f853",
"description": "网神SecGate3600防火墙的/?g=route_ispinfo_import_save接口存在任意文件上传漏洞未授权的攻击者可以通过该漏洞上传任意文件从而控制服务器。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-21T08:02:04"
},
{
"title": "Zabbix从环境搭建到漏洞利用附批量漏洞利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487125&idx=1&sn=2dcb68ae48973292ce0e41ebe7b6d41a",
"description": null,
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-21T07:55:59"
},
{
"title": "CVE-2024-50379|条件竞争Tomcat RCE POC首发",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487125&idx=2&sn=ec3d00ecc8c4f8f61c72585c57ffb1d1",
"description": "半通杀|Tomcat RCE无敌",
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-21T07:55:59"
},
{
"title": "攻击 Entra Connect Sync :第 1 部分",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247503975&idx=1&sn=4ae3deca42d8f1442b973d8ccbe0fad1",
"description": "这是关于攻击者围绕 Active Directory 和 Entra 之间的同步机制进行交易的系列文章中的第一部分。第一篇博文是一篇简短的博文,演示了对 Entra",
"author": "安全狗的自我修养",
"category": "安全狗的自我修养",
"pubDate": "2024-12-21T07:12:27"
},
{
"title": "【神兵利器】Redis漏洞综合利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494056&idx=1&sn=745c6db09be2022a37d4366370e6fa3d",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-21T07:01:13"
},
{
"title": "JAVA安全之RMI命令执行深度刨析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494056&idx=2&sn=1da01719b72f91b74a209b5fc0258df7",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-21T07:01:13"
},
{
"title": "Juniper网络警告Mirai僵尸网络攻击目标转向SSR设备",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247493011&idx=1&sn=998856cbbec33efebe5d1416e0b77fd4",
"description": null,
"author": "黑猫安全",
"category": "黑猫安全",
"pubDate": "2024-12-21T07:01:06"
},
{
"title": "深入Pyd逆向",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517769&idx=1&sn=9dac06bb26a8777dea410cf49dbc8507",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2024-12-21T02:00:42"
},
{
"title": "记一次磕磕绊绊的sql注入漏洞挖掘",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486353&idx=1&sn=652419703f4d5311dac369eb1a1a6014",
"description": null,
"author": "TtTeam",
"category": "TtTeam",
"pubDate": "2024-12-21T00:03:05"
},
{
"title": "记一次溯源真实案例(小孩子别看)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247484995&idx=1&sn=2206bfebf84aad7d71fa7b4c788c9b06",
"description": "牛逼克拉斯",
"author": "富贵安全",
"category": "富贵安全",
"pubDate": "2024-12-21T00:00:47"
},
{
"title": "【漏洞预警】moaluko Store Locator代码执行漏洞(CVE-2024-12571)",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489338&idx=1&sn=d7f3b1f635c785d818ad3b8e32e9d83c",
"description": null,
"author": "飓风网络安全",
"category": "飓风网络安全",
"pubDate": "2024-12-20T23:11:50"
},
{
"title": "记一次攻防演练突破",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxODY1NTkzOA==&mid=2247484398&idx=1&sn=0769f5a0da49b39eb75ef374c9e04a71",
"description": null,
"author": "ON1安全",
"category": "ON1安全",
"pubDate": "2024-12-20T22:56:08"
},
{
"title": "[PoC] Databricks 远程代码执行漏洞 CVE-2024-49194",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247493219&idx=1&sn=dc76c163b7149d91b59b32c45efda63a",
"description": null,
"author": "独眼情报",
"category": "独眼情报",
"pubDate": "2024-12-20T20:33:51"
},
{
"title": "【bWAPP】身份认证攻防实战",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTU2NjA1Mw==&mid=2247495205&idx=1&sn=fe6d6e16bde16500605dc5c2c57457f2",
"description": "我这一生如履薄冰,你说我能走到对岸吗?",
"author": "儒道易行",
"category": "儒道易行",
"pubDate": "2024-12-20T20:00:00"
},
{
"title": "警惕|“银狐”木马病毒再次出现新变种并更新传播手法",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094354&idx=1&sn=081b2c048f399f5dd2d62d3e98f70642",
"description": null,
"author": "网安百色",
"category": "网安百色",
"pubDate": "2024-12-20T19:32:40"
},
{
"title": "Apache Tomcat新漏洞允许攻击者执行远程代码",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094354&idx=2&sn=3a60c2337e04ee15140b801c8002914f",
"description": null,
"author": "网安百色",
"category": "网安百色",
"pubDate": "2024-12-20T19:32:40"
},
{
"title": "Apache Struts2 文件上传漏洞分析CVE-2024-53677",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4Nzc3MTk3Mg==&mid=2247488851&idx=1&sn=efb4d5fe76d020e05760236c16b33ac5",
"description": "Apache Struts 的文件上传逻辑存在缺陷,如果应用程序使用了 FileUploadInterceptor在进行文件上传时攻击者可以操纵文件上传参数来启用路径遍历在某些情况下这可能导致上传可用于执行远程代码执行的恶意文件。",
"author": "中孚安全技术研究",
"category": "中孚安全技术研究",
"pubDate": "2024-12-20T19:30:20"
},
{
"title": "JWT攻击",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMjU5MzgzMQ==&mid=2247485114&idx=1&sn=7cebf9eac29ef5fe18fb1e871163f5c7",
"description": null,
"author": "AlertSec",
"category": "AlertSec",
"pubDate": "2024-12-20T19:00:56"
},
{
"title": "警惕 | 针对财会人员!“银狐”木马新变种伪装成财税文件在微信群传播!",
"link": "https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664232737&idx=6&sn=58f9dbb2ed00a7a02fcc4bfe7e809f16",
"description": "近日,国家计算机病毒应急处理中心和计算机病毒防治技术国家工程实验室依托国家计算机病毒协同分析平台在我国境内再次捕获发现针对我国用户的“银狐”木马病毒的最新变种。",
"author": "中国信息安全",
"category": "中国信息安全",
"pubDate": "2024-12-20T18:59:53"
},
{
"title": "表单动态加固Web应用安全常见威胁的最佳实践",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk3NjczNQ==&mid=2247485460&idx=1&sn=6b1426711305ad4a16d4703608a42626",
"description": "表单动态加固知多少。",
"author": "云科安信Antira",
"category": "云科安信Antira",
"pubDate": "2024-12-20T18:07:48"
},
{
"title": "【bWAPP】XSS跨站脚本攻击实战",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTU2NjA1Mw==&mid=2247495202&idx=1&sn=cffb12f19cf89d6721bae44fbc9841fe",
"description": "我这一生如履薄冰,你说我能走到对岸吗?",
"author": "儒道易行",
"category": "儒道易行",
"pubDate": "2024-12-20T18:00:24"
},
{
"title": "FortiWLM重大安全漏洞曝光远程攻击者可夺管理员权限",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587582&idx=2&sn=4b21c27b28faa9c50e657aba34ad4be4",
"description": "该漏洞允许远程攻击者通过特制的 Web 请求执行未经授权的代码或命令来接管设备",
"author": "看雪学苑",
"category": "看雪学苑",
"pubDate": "2024-12-20T17:59:20"
},
{
"title": "警惕|“银狐”木马病毒再次出现新变种并更新传播手法",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5MzMwMDU5NQ==&mid=2649169607&idx=1&sn=bf43313d9523c361fe4eec13177893d1",
"description": null,
"author": "网络安全和信息化",
"category": "网络安全和信息化",
"pubDate": "2024-12-20T17:07:49"
},
{
"title": "钓鱼下载网站传播“游蛇”威胁,恶意安装程序暗藏远控木马",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650209411&idx=1&sn=8a2647a87a29903f801932f1c1fbca72",
"description": "安天智甲终端防御系统可有效查杀该远控木马。",
"author": "安天集团",
"category": "安天集团",
"pubDate": "2024-12-20T17:01:55"
},
{
"title": "什么是入侵防御?它和入侵检测有什么区别?",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568739&idx=1&sn=c6187f99c62b8357f631190c9acd30ca",
"description": null,
"author": "马哥网络安全",
"category": "马哥网络安全",
"pubDate": "2024-12-20T17:01:24"
},
{
"title": "破解密码的8种典型手段与防护建议",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzMyNzMyMA==&mid=2247568739&idx=2&sn=6b3da31aaa900d2f75c825898bb709e5",
"description": "为更有效地提升安全防护水平组织应了解攻击者如何使用下述8种策略来破解密码",
"author": "马哥网络安全",
"category": "马哥网络安全",
"pubDate": "2024-12-20T17:01:24"
},
{
"title": "Zabbix从环境搭建到漏洞利用附批量漏洞利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTk4MzY0MA==&mid=2247487895&idx=1&sn=f6a8e98c8bbd2f91264c648e106570e5",
"description": null,
"author": "琴音安全",
"category": "琴音安全",
"pubDate": "2024-12-20T15:23:21"
},
{
"title": "浏览器扩展逆向指北",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5Mzc4MzUzMQ==&mid=2650260321&idx=1&sn=91e0d5ed04bb22be59dbc752af187320",
"description": null,
"author": "骨哥说事",
"category": "骨哥说事",
"pubDate": "2024-12-20T14:11:46"
},
{
"title": "CVE-2024-21762漏洞分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247546115&idx=1&sn=a2d3f19e56af1f2a02b2d6e5ff9f69bc",
"description": null,
"author": "掌控安全EDU",
"category": "掌控安全EDU",
"pubDate": "2024-12-20T12:01:09"
},
{
"title": "关于接口测试的小总结分享",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247546115&idx=3&sn=e4c78995f9d20f164dfa95b926c9ff35",
"description": "关于接口测试的小总结分享",
"author": "掌控安全EDU",
"category": "掌控安全EDU",
"pubDate": "2024-12-20T12:01:09"
},
{
"title": "APP 渗透测试指南(一)--- 安卓测试环境部署(超级详细)(成为移动黑客手机kali安装最简单教程)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484399&idx=1&sn=42a4ede17fdd3953ad865f8794109c38",
"description": "APP 渗透测试指南(一)--- 安卓测试环境部署(超级详细)(成为移动黑客手机kali安装最简单教程)",
"author": "Ting的安全笔记",
"category": "Ting的安全笔记",
"pubDate": "2024-12-20T11:15:50"
},
{
"title": "APP 渗透测试指南(一)--- 安卓测试环境部署(超级详细)(成为移动黑客手机kali安装最简单教程)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTY1MTg4Mg==&mid=2247484204&idx=1&sn=91c89918c1d6d96e2762dbe58d63bd08",
"description": "APP 渗透测试指南(一)--- 安卓测试环境部署(超级详细)(成为移动黑客手机kali安装最简单教程)",
"author": "WingBy安全团队",
"category": "WingBy安全团队",
"pubDate": "2024-12-20T11:08:27"
},
{
"title": "一款自动化授权测试工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NzU1Mjk4Mw==&mid=2247492225&idx=1&sn=af8405412c7e85b1fdb7d33669be1bf8",
"description": "Authz0是一款自动化授权测试工具可以根据URL和角色与凭证识别未经授权的访问。",
"author": "Hack分享吧",
"category": "Hack分享吧",
"pubDate": "2024-12-20T11:06:01"
},
{
"title": "一网打尽20种绕过CDN查找真实IP的实用方法",
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525317&idx=1&sn=62a4f4c9617b4a0bfb8e30f57cda10b9",
"description": null,
"author": "乌雲安全",
"category": "乌雲安全",
"pubDate": "2024-12-20T11:01:35"
},
{
"title": "面向GPTs的提示词注入攻击分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517760&idx=1&sn=400f76504827398fe752dbf6705e4b03",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2024-12-20T11:00:19"
},
{
"title": "实战 | 记一次无聊闲逛到某设备RCE",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzYxMDQ2MQ==&mid=2247484983&idx=2&sn=beb25e25e4704c8051cf00dfce0b33f3",
"description": null,
"author": "安全绘景",
"category": "安全绘景",
"pubDate": "2024-12-20T10:20:04"
},
{
"title": "攻防演练实战小记",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605364&idx=3&sn=76cf8be7008841466a66cfeb2eb6df5c",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-20T10:06:32"
},
{
"title": "SQL注入漏洞批量检查工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650605364&idx=4&sn=aee1cb28e83f2b6dd706be24fe33bf22",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2024-12-20T10:06:32"
},
{
"title": "Apache Tomcat 安装指南",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ0NzQwNA==&mid=2247485731&idx=1&sn=58aac8f1f7736b6a3b3ec9ae4d65d1ab",
"description": null,
"author": "网络个人修炼",
"category": "网络个人修炼",
"pubDate": "2024-12-20T10:04:40"
},
{
"title": "书接上回 | Tomcat条件竞争RCE该如何深入利用让它持久而并非昙花一现",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NzQxNzY2OQ==&mid=2247487591&idx=1&sn=14d76d32e7522965b528f556598772e4",
"description": "犀利猪安全,带你上高速~",
"author": "犀利猪安全",
"category": "犀利猪安全",
"pubDate": "2024-12-20T09:28:10"
},
{
"title": "MDUT-Extend(MDUT-增强版) V1.2.0 Released",
"link": "https://mp.weixin.qq.com/s?__biz=MzU3Mzg4NTI3MA==&mid=2247484735&idx=1&sn=f0d0bd19347529b234f7bd7a465f4ae7",
"description": null,
"author": "警戒线安全",
"category": "警戒线安全",
"pubDate": "2024-12-20T09:02:00"
},
{
"title": "与俄罗斯有关的 UAC-0125 滥用 Cloudflare Workers 攻击乌克兰军队",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793570&idx=1&sn=56bf9068e2451f7540628c88779e2217",
"description": "俄罗斯黑客攻击乌克兰军队应用。",
"author": "军哥网络安全读报",
"category": "军哥网络安全读报",
"pubDate": "2024-12-20T09:00:55"
},
{
"title": "分享OAuth2.0原理及漏洞挖掘技巧案例分析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247486361&idx=1&sn=38c35d7dfeeb4f23bb79b134d105a9f0",
"description": "OAuth2.0漏洞挖掘!",
"author": "神农Sec",
"category": "神农Sec",
"pubDate": "2024-12-20T09:00:55"
},
{
"title": "CISA 发布移动安全指南",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793570&idx=3&sn=fabae4de36a24a3a35897525ff4c3b20",
"description": "美帝网络安全部门发布的这个移动安全指南特别好,推荐照葫芦画瓢。",
"author": "军哥网络安全读报",
"category": "军哥网络安全读报",
"pubDate": "2024-12-20T09:00:55"
},
{
"title": "记一次溯源真实案例",
"link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491251&idx=1&sn=e1519a3103033cf6a50d9d229f99003c",
"description": null,
"author": "实战安全研究",
"category": "实战安全研究",
"pubDate": "2024-12-20T09:00:18"
},
{
"title": "应急响应(手工)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247484972&idx=1&sn=8ad8205ad2af5fdb84acd1890d73fbfb",
"description": "最全没有之一Win",
"author": "富贵安全",
"category": "富贵安全",
"pubDate": "2024-12-20T08:38:40"
},
{
"title": "工具集DALFox【XSS 扫描工具】",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484959&idx=1&sn=834a924f9f73a7e3135252fb254c98e3",
"description": null,
"author": "风铃Sec",
"category": "风铃Sec",
"pubDate": "2024-12-20T08:35:48"
},
{
"title": "攻防记一次5KW资产的渗透测试",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247518753&idx=1&sn=5094392f1c8946c671e71f0522deb6a8",
"description": null,
"author": "亿人安全",
"category": "亿人安全",
"pubDate": "2024-12-20T08:31:54"
},
{
"title": "漏洞预警 | Apache Struts2文件上传限制不当漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491780&idx=1&sn=9ad859958ef94c4b28503b45631a5cce",
"description": "Apache Struts2存在文件上传限制不当漏洞由于其文件上传中存在逻辑缺陷未经授权的攻击者可以操纵文件上传参数来启用路径遍历上传可用于执行远程代码的恶意文件。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-20T08:02:03"
},
{
"title": "漏洞预警 | 杜特网上订单管理系统SQL注入漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491780&idx=2&sn=c706c7bf32eb530317c380573930ef57",
"description": "杜特网上订单管理系统的/ajax/Login.ashx接口存在SQL注入漏洞未经身份验证的攻击者可以通过该漏洞获取数据库敏感信息。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-20T08:02:03"
},
{
"title": "漏洞预警 | GitLab Kubernetes Proxy Response NEL头注入漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491780&idx=3&sn=93fa1f3e603467757cccc4f78afa7774",
"description": "GitLab存在Kubernetes Proxy Response NEL头注入漏洞攻击者可通过在Kubernetes代理响应中注入恶意NEL标头 成功利用该漏洞可能导致会话相关数据泄露,从而实现未授权访问和控制用户账户。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-20T08:02:03"
},
{
"title": "工具 | httpx",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491780&idx=4&sn=d36edca504d04a67452954722ad81f8d",
"description": "Httpx是一款运行速度极快的多功能HTTP安全工具。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-20T08:02:03"
},
{
"title": "FUZZ参数字典 bottleneckOsmosis",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487123&idx=1&sn=14f9f70cd8eeac33dd8eb16464d7c199",
"description": null,
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-20T07:55:30"
},
{
"title": "攻防演练实战小记",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247487123&idx=2&sn=2236f2dc72c5dd68d7377ba4618fb8a7",
"description": "参加了某次地市攻防演练,限制目标单位但不限目标系统,只要能够证明属于攻击单位目标资产的系统均可计分。此次将红队思路进行分享。",
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-20T07:55:30"
},
{
"title": "内网横向移动之RDP Session Hijack",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247494055&idx=2&sn=8d4f56de3f5d039a02a2b16e31a980b1",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-20T07:06:03"
},
{
"title": "Apache Struts RCE 漏洞被公开 PoC 积极利用",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247497894&idx=2&sn=a3d6383d0a7c182a96101ad4591734e1",
"description": null,
"author": "河南等级保护测评",
"category": "河南等级保护测评",
"pubDate": "2024-12-20T04:52:12"
},
{
"title": "Fortinet 警告称其无线局域网管理器 FortiWLM 存在严重漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247493003&idx=1&sn=a66dc3c7877fa2f4288ba75e6e950847",
"description": null,
"author": "黑猫安全",
"category": "黑猫安全",
"pubDate": "2024-12-20T00:20:04"
},
{
"title": "CERT-UA与俄罗斯有关联的 UAC-0125 滥用 Cloudflare Workers 攻击乌克兰军队",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247493003&idx=3&sn=226f21627856f812cd92af2c8b732452",
"description": null,
"author": "黑猫安全",
"category": "黑猫安全",
"pubDate": "2024-12-20T00:20:04"
},
{
"title": "与俄罗斯有关联的 APT29 组织在非法 RDP 攻击中使用了红队工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247493003&idx=4&sn=a4ee9c36c60f0fc6913502685a92b4b6",
"description": null,
"author": "黑猫安全",
"category": "黑猫安全",
"pubDate": "2024-12-20T00:20:04"
},
{
"title": "免杀 | 过360核晶、火绒、defender上线CS、运行mimikatz的万能加载器XlAnyLoader 1.3正式发布!",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247493398&idx=1&sn=23d23f07d66f01906e78850b25fe8b54",
"description": "过360核晶、火绒 、微软 xlanyloader万能加载器",
"author": "星落安全团队",
"category": "星落安全团队",
"pubDate": "2024-12-20T00:06:13"
},
{
"title": "Apache Struts2 文件上传逻辑绕过(CVE-2024-53677)(S2-067)",
"link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247499048&idx=1&sn=8b4ebcd450f2bf1c19eef0d34f7ae4a8",
"description": null,
"author": "网络安全者",
"category": "网络安全者",
"pubDate": "2024-12-20T00:00:37"
},
{
"title": "【漏洞复现】Apache Tomcat竞争条件远程代码执行漏洞CVE-2024-50379",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489333&idx=1&sn=dff7d934b42679e01f662c8f10e27f33",
"description": null,
"author": "飓风网络安全",
"category": "飓风网络安全",
"pubDate": "2024-12-19T23:32:54"
},
{
"title": "水泽-信息收集自动化工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzU0NDc0NTY3OQ==&mid=2247488235&idx=1&sn=9b8854db458754ceff2b98e49a07a6ba",
"description": "一条龙服务只需要输入根域名即可全方位收集相关资产并检测漏洞。也可以输入多个域名、C段IP等具体案例见下文。",
"author": "老鑫安全",
"category": "老鑫安全",
"pubDate": "2024-12-19T22:11:41"
},
{
"title": "【漏洞通告】OpenWrt Attended SysUpgrade 命令注入漏洞CVE-2024-54143",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NjczMzc1NA==&mid=2247486475&idx=4&sn=943a72a40bc01ee1401d16c5b6db3f11",
"description": null,
"author": "安迈信科应急响应中心",
"category": "安迈信科应急响应中心",
"pubDate": "2024-12-19T20:35:26"
},
{
"title": "深入浅出API测试搜集分析与漏洞挖掘实战",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496635&idx=1&sn=34c31d16785a1db6359cc507f1312498",
"description": null,
"author": "迪哥讲事",
"category": "迪哥讲事",
"pubDate": "2024-12-19T20:30:27"
},
{
"title": "Apache Tomcat新漏洞允许攻击者执行远程代码",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651310195&idx=3&sn=d9e83e129b0a14950e2d04cd8ad9576c",
"description": "Apache已发布安全漏洞补丁敦促用户立即升级。",
"author": "FreeBuf",
"category": "FreeBuf",
"pubDate": "2024-12-19T19:04:02"
},
{
"title": "Apache Struts重大漏洞被黑客利用远程代码执行风险加剧",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2MTQwMzMxNA==&mid=2247541073&idx=1&sn=66d200edcdbbb26a0c8618ca749bcfbe",
"description": null,
"author": "安世加",
"category": "安世加",
"pubDate": "2024-12-19T18:36:00"
},
{
"title": "俄罗斯黑客利用RDP代理发动中间人攻击窃取数据",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247521847&idx=1&sn=3574f2fa73eb1444a958326d5c4956db",
"description": "APT29攻击的实体主要位于美国、法国、澳大利亚、乌克兰、葡萄牙、德国、以色列、法国、希腊、土耳其和荷兰。",
"author": "代码卫士",
"category": "代码卫士",
"pubDate": "2024-12-19T18:20:42"
},
{
"title": "Apache Tomcat 最新RCE 稳定复现+分析 保姆级!附复现视频+POC",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODcwOTA4NA==&mid=2247487434&idx=1&sn=52ed8d0b21e6701c0e4503999d9dfeaa",
"description": "CVE-2024-50379稳定复现 保姆级!!附视频+POC",
"author": "fkalis",
"category": "fkalis",
"pubDate": "2024-12-19T18:18:47"
},
{
"title": "【bWAPP】XSS跨站脚本攻击实战",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTU2NjA1Mw==&mid=2247495189&idx=1&sn=222ce09d0825a28d562ba2ca0ae80806",
"description": "别低头,皇冠会掉;别流泪,贱人会笑。",
"author": "儒道易行",
"category": "儒道易行",
"pubDate": "2024-12-19T18:00:40"
},
{
"title": "u200bApache Tomcat高危漏洞曝光远程代码执行风险需警惕",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458587465&idx=2&sn=e5d0f25746dce13de80ec7ed9907263f",
"description": "Apache Tomcat爆出两个严重安全漏洞可导致远程代码执行和拒绝服务攻击官方已发布补丁强烈推荐用户立即升级。",
"author": "看雪学苑",
"category": "看雪学苑",
"pubDate": "2024-12-19T17:59:23"
},
{
"title": "创宇安全智脑 | 灵当 CRM uploadify.php 任意文件上传等70个漏洞可检测",
"link": "https://mp.weixin.qq.com/s?__biz=MzIwNjU0NjAyNg==&mid=2247490111&idx=1&sn=0c1158934db85f02099fd8f3d919c930",
"description": "创宇安全智脑是基于知道创宇16年来AI+安全大数据在真实攻防场景中的经验积累构建的下一代全场景安全智能算力平台",
"author": "创宇安全智脑",
"category": "创宇安全智脑",
"pubDate": "2024-12-19T17:50:42"
},
{
"title": "蓝凌OA-文件读取(在野)",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODkzNjkxMg==&mid=2247483998&idx=1&sn=079d99e58f631ca79a0dda791b7416db",
"description": null,
"author": "Kokoxca安全",
"category": "Kokoxca安全",
"pubDate": "2024-12-19T17:21:30"
},
{
"title": "SharpHunter - Windows 主机信息自动化狩猎工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MTg2NzI5OA==&mid=2247484856&idx=1&sn=e11dcfd0960e7dfb0860e4b56b3fe5f9",
"description": null,
"author": "黑熊安全",
"category": "黑熊安全",
"pubDate": "2024-12-19T17:15:56"
}
]
Reference in New Issue View Git Blame Copy Permalink