MasonLiu/PyBot
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
f1ee2d1092
PyBot/resources/JSON/doonsec.json
MasonLiu fd7a51f24b 大型更新优化
2025-01-22 14:03:36 +08:00

1602 lines
80 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[
{
"title": "JWT原理及利用",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDgzOTk2Mg==&mid=2247484651&idx=1&sn=9cd5604806e7af154fa2c88241523b12",
"description": null,
"author": "无尽藏攻防实验室",
"category": "无尽藏攻防实验室",
"pubDate": "2025-01-22T08:00:27"
},
{
"title": "一些木马反制技巧",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247510449&idx=1&sn=954231b814fb3c633b2bac2dc12665b3",
"description": null,
"author": "李白你好",
"category": "李白你好",
"pubDate": "2025-01-22T08:00:23"
},
{
"title": "13,000个MikroTik路由器因恶意垃圾邮件和网络攻击被僵尸网络劫持",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4MzMzOTQ4Mw==&mid=2453672513&idx=1&sn=955e9169d886553304f98bc40ed4718e",
"description": null,
"author": "独角鲸网络安全实验室",
"category": "独角鲸网络安全实验室",
"pubDate": "2025-01-22T07:30:41"
},
{
"title": "JBoss 4.x JBossMQ JMS反序列化",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247495179&idx=2&sn=dce36e9b572732a9fddfa1774bcea24c",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2025-01-22T07:00:26"
},
{
"title": "ViewState反序列化漏洞详解",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MzkwNDU1Mw==&mid=2247485410&idx=1&sn=c516da4c5bcf9729e270e70dc0c6e61d",
"description": null,
"author": "信安路漫漫",
"category": "信安路漫漫",
"pubDate": "2025-01-22T07:00:14"
},
{
"title": "网络空间测绘 -- ScopeSentryV1.5.4",
"link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515682&idx=1&sn=7012ed1bd01016412f4a2ac7075c393c",
"description": null,
"author": "Web安全工具库",
"category": "Web安全工具库",
"pubDate": "2025-01-22T00:01:21"
},
{
"title": "第6天基础入门-抓包技术&HTTPS协议&APP&小程序&PC应用&WEB&转发联动",
"link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515682&idx=2&sn=b88c75c1bbebb784ce683d00c4f1c092",
"description": null,
"author": "Web安全工具库",
"category": "Web安全工具库",
"pubDate": "2025-01-22T00:01:21"
},
{
"title": "攻防靶场(47)一个dirsearch的坑 Katana",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NjA3Mzk2NQ==&mid=2247495899&idx=1&sn=1dba3bd5431bcf4961d53a9827d4d6ef",
"description": "基于 ATTCK 的 OSCP PG Play 靶场通关攻略",
"author": "OneMoreThink",
"category": "OneMoreThink",
"pubDate": "2025-01-22T00:01:01"
},
{
"title": "泛微e-office 11.0 RCE",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518417&idx=1&sn=c64f9f43e83925e92db0882d722b0d76",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2025-01-22T00:00:19"
},
{
"title": "面向脚本小子的360QVM",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247490013&idx=1&sn=7e26877ef21d278dc1123cec293fb880",
"description": null,
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-21T22:09:21"
},
{
"title": "pikachu - Sql Inject(SQL注入)",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk1NzI2NDQyMw==&mid=2247484457&idx=1&sn=17d8821d1d5ef9421535eeb992d948c2",
"description": null,
"author": "泷羽Sec-风",
"category": "泷羽Sec-风",
"pubDate": "2025-01-21T21:43:00"
},
{
"title": "魔改MD5 后续分析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NTg0MjMzNQ==&mid=2247484191&idx=1&sn=7b5c362ad62a7ee899465d707ff4a199",
"description": null,
"author": "逆向成长日记",
"category": "逆向成长日记",
"pubDate": "2025-01-21T20:06:22"
},
{
"title": "7-Zip 漏洞允许通过绕过网络标记执行任意代码",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094668&idx=2&sn=b4a3efa0f4f65c3bbcf7595b75c318bd",
"description": null,
"author": "网安百色",
"category": "网安百色",
"pubDate": "2025-01-21T19:29:56"
},
{
"title": "红队开发让自己的Shellcode实现SMC",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDgyMTM1Ng==&mid=2247484959&idx=1&sn=80aa30e9e097b748ac86ff032e7de6ee",
"description": "红队开发让自己的Shellcode实现SMC",
"author": "黑晶",
"category": "黑晶",
"pubDate": "2025-01-21T18:46:41"
},
{
"title": "CTF:Phar反序列化漏洞学习笔记",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MjgwMzIxMA==&mid=2247484807&idx=1&sn=abe41dbf3b287ee6084ee20f4fb0503f",
"description": "Phar反序列化漏洞学习笔记",
"author": "小话安全",
"category": "小话安全",
"pubDate": "2025-01-21T18:37:14"
},
{
"title": "如何加强无线网络安全防护?",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyMjAyODU1NA==&mid=2247491749&idx=1&sn=7151a1e9296aa7b3b3e079cff3f62306",
"description": null,
"author": "北京路劲科技有限公司",
"category": "北京路劲科技有限公司",
"pubDate": "2025-01-21T18:10:40"
},
{
"title": "SM4-DFA攻击",
"link": "https://mp.weixin.qq.com/s?__biz=MzI4NTE1NDMwMA==&mid=2247485218&idx=1&sn=20400378564395d60a92dc9ce6d32ffb",
"description": null,
"author": "小白技术社",
"category": "小白技术社",
"pubDate": "2025-01-21T18:03:34"
},
{
"title": "反射式注入技术浅析",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458589041&idx=1&sn=d6ac5ccbfd4e3343e192ddbf90411481",
"description": "看雪论坛作者IDzzzhangyu",
"author": "看雪学苑",
"category": "看雪学苑",
"pubDate": "2025-01-21T17:59:59"
},
{
"title": "APT拓线学习路线",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NTUyNTI5OA==&mid=2247486395&idx=1&sn=d1cdd28f589ef3352372512cc0df0dde",
"description": null,
"author": "扫地僧的茶饭日常",
"category": "扫地僧的茶饭日常",
"pubDate": "2025-01-21T17:46:08"
},
{
"title": "Ansible fetch模块详解轻松从远程主机抓取文件",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5OTc5MjM4Nw==&mid=2457386542&idx=1&sn=981b9fb404b0f3ba4a32948d435c8198",
"description": "自动化运维的过程中我们经常需要从远程主机下载文件到本地以便进行分析或备份。Ansible的fetch模块正是为了满足这一需求而设计的。",
"author": "攻城狮成长日记",
"category": "攻城狮成长日记",
"pubDate": "2025-01-21T17:32:48"
},
{
"title": "经过身份验证的 Havoc-Chained-RCE",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247526949&idx=2&sn=a23000160f33bae7a7589095bf21016b",
"description": null,
"author": "Ots安全",
"category": "Ots安全",
"pubDate": "2025-01-21T17:28:20"
},
{
"title": "【工具推荐】URLFinder-x 信息收集工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyMjE1NzQ2MA==&mid=2247489693&idx=1&sn=863b69941138430cfea082dc27487823",
"description": "URLFinder-x是一个优化后的URLFinder工具通过对URLFinder代码的简单重构。将会完成部分灯塔的WebInfoHunter功能与URLFinder进行融合。它能够通过自定义的正则表达式对网页中的各种敏感信息进行提取。",
"author": "暗魂攻防实验室",
"category": "暗魂攻防实验室",
"pubDate": "2025-01-21T15:36:28"
},
{
"title": "靶机复现-pikachu靶场文件包含漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk1NzI5NzA3NQ==&mid=2247486308&idx=1&sn=601c9ad58c9c5920f7f64cae97900a7b",
"description": null,
"author": "泷羽SEC-ohh",
"category": "泷羽SEC-ohh",
"pubDate": "2025-01-21T15:28:51"
},
{
"title": "谈一谈红队中的社工钓鱼姿势",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMjIxNjExNg==&mid=2247486211&idx=1&sn=a2ccdcdcc382b939cc1f37f123ab48c2",
"description": "和师傅利用丰富的实战经验教你在红队行动中如何针对JY、YL、ZW行业进行社工钓鱼",
"author": "沃克学安全",
"category": "沃克学安全",
"pubDate": "2025-01-21T14:59:56"
},
{
"title": "寻找 Electron 应用程序中的常见错误配置 - 第 1 部分",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486427&idx=1&sn=2460224bbe4c5fb4beaacda03068d9a3",
"description": null,
"author": "securitainment",
"category": "securitainment",
"pubDate": "2025-01-21T14:49:08"
},
{
"title": "新型物联网僵尸网络现身,疯狂劫持设备发动大规模 DDoS 攻击",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247580915&idx=2&sn=49c81661b58dadfafc5d8436f0511377",
"description": null,
"author": "嘶吼专业版",
"category": "嘶吼专业版",
"pubDate": "2025-01-21T14:00:43"
},
{
"title": "通过FOFA进行威胁情报发现全攻略",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIwMzY4OQ==&mid=2247489659&idx=1&sn=485eb8f8619c23ce8bb4f49693628d3e",
"description": null,
"author": "FOFA",
"category": "FOFA",
"pubDate": "2025-01-21T14:00:26"
},
{
"title": "【漏洞预警】MongoDB Mongoose未授权 代码注入漏洞CVE-2025-2306",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489492&idx=1&sn=4b8abb9528ef28b6575cae48afa08082",
"description": null,
"author": "飓风网络安全",
"category": "飓风网络安全",
"pubDate": "2025-01-21T13:40:52"
},
{
"title": "Cadiclus 使用PowerShell辅助Linux 系统提权",
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NzczNTM1MQ==&mid=2247485176&idx=2&sn=24552267de043160c9a84d4e782b4f19",
"description": null,
"author": "云梦安全",
"category": "云梦安全",
"pubDate": "2025-01-21T12:58:29"
},
{
"title": "SecScan强大的端口扫描与漏洞扫描工具——梭哈",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MzY3MDE5Mg==&mid=2247483957&idx=1&sn=3feb5e6886dc42f9ee7a4bf5a9f2d088",
"description": null,
"author": "Secu的矛与盾",
"category": "Secu的矛与盾",
"pubDate": "2025-01-21T12:50:31"
},
{
"title": "【实战案例】STEAM登陆算法JS逆向分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDYwNTcyNA==&mid=2247487394&idx=1&sn=4ce52339a1c82a403790301f76cc9591",
"description": "Js逆向实战案例",
"author": "Sec探索者",
"category": "Sec探索者",
"pubDate": "2025-01-21T12:29:20"
},
{
"title": "工具集BucketVulTools 【存储桶配置不当漏洞检测插件】",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247485258&idx=1&sn=246608a49aed8e510181444e787070c4",
"description": null,
"author": "风铃Sec",
"category": "风铃Sec",
"pubDate": "2025-01-21T12:18:40"
},
{
"title": "回顾新姿势:击穿星巴克获取 1 亿用户详细信息",
"link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491486&idx=1&sn=c327645f6be711c7ab8401b5442bbfcc",
"description": "有一种攻击叫做: 次级上下文穿越攻击。",
"author": "实战安全研究",
"category": "实战安全研究",
"pubDate": "2025-01-21T11:45:27"
},
{
"title": "锐捷-Smartweb管理系统-密码信息泄露漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTg3ODc5OA==&mid=2247484275&idx=1&sn=09de46038ff584ab2e4f04beb9323471",
"description": null,
"author": "骇客安全",
"category": "骇客安全",
"pubDate": "2025-01-21T11:00:15"
},
{
"title": "【奇安信情报沙箱】警惕伪装为文档的恶意快捷方式(LNK)文件",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247513822&idx=1&sn=9d52dc150c8ee53e3af6d7ae908c596b",
"description": "奇安信威胁情报中心近期发现一个恶意ZIP压缩包其中包含一个LNK文件会触发powershell执行创建一个EXE文件该EXE通过计划任务实现持久化与C2通信并窃取多种数据。根据分析关联到名为ZIZI Stealer的恶意软件",
"author": "奇安信威胁情报中心",
"category": "奇安信威胁情报中心",
"pubDate": "2025-01-21T10:52:19"
},
{
"title": "【漏洞与预防】MSSQL数据库弱口令漏洞预防",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTQ0MjE1NQ==&mid=2247496466&idx=1&sn=85d35deb77fc1bd39b867706687280c5",
"description": null,
"author": "solar应急响应团队",
"category": "solar应急响应团队",
"pubDate": "2025-01-21T10:31:33"
},
{
"title": "HTB-Backfire",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTQxOTA3Ng==&mid=2247489333&idx=1&sn=a9109e8e65d3f02f524a65942f7f523c",
"description": null,
"author": "Jiyou too beautiful",
"category": "Jiyou too beautiful",
"pubDate": "2025-01-21T09:57:05"
},
{
"title": "谈一谈红队种的钓鱼姿势(下)",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650607107&idx=3&sn=180dd13fa2c03e46b12f00ebd24010b2",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2025-01-21T09:53:07"
},
{
"title": "一个支持被动代理的调用 KIMI AI 进行越权漏洞检测的工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650607107&idx=4&sn=259fcba73be50f943c126eb6e146fb91",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2025-01-21T09:53:07"
},
{
"title": "代码审计之XX系统二次注入到RCE",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODg3NzExNw==&mid=2247488424&idx=2&sn=92e385d353f41346efc84ab8dd40cbcf",
"description": null,
"author": "WK安全",
"category": "WK安全",
"pubDate": "2025-01-21T09:46:51"
},
{
"title": "玄机MSSQL注入流量分析-WriteUp By 小乐【文末抽奖】",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMTQ4NzE2Ng==&mid=2247495166&idx=1&sn=5e76beff571aebd4d1ece90cfae177a7",
"description": null,
"author": "EDI安全",
"category": "EDI安全",
"pubDate": "2025-01-21T09:00:50"
},
{
"title": "DCOM 技术内网实战,通过 ExcelDDE 和 ShellBrowserWindow 实现横向移动",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247498360&idx=1&sn=8ee091f555c386b755c5300547ac08fe",
"description": null,
"author": "dotNet安全矩阵",
"category": "dotNet安全矩阵",
"pubDate": "2025-01-21T08:20:51"
},
{
"title": "Jeecg-boot密码离线爆破",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247489036&idx=1&sn=01173a4de12510e78bea19aeb02ca130",
"description": null,
"author": "白帽学子",
"category": "白帽学子",
"pubDate": "2025-01-21T08:11:47"
},
{
"title": "漏洞预警 | Fortinet FortiOS与FortiProxy身份验证绕过漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247492106&idx=1&sn=24a16b5a8753b2c225c2b40ba13cc668",
"description": "FortiOS和FortiProxy存在身份验证绕过漏洞攻击者可通过精心构造的请求利用Node.js WebSocket模块绕过身份验证并获取超级管理员权限。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2025-01-21T08:02:13"
},
{
"title": "漏洞预警 | 飞企互联FE业务协作平台SQL注入、远程代码执行和任意文件上传漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247492106&idx=2&sn=b34e8532a2316c79e30ac8b4f056ad4c",
"description": "飞企互联FE业务协作平台存在SQL注入、远程代码执行和任意文件上传漏洞攻击者可通过该漏洞获取敏感信息、执行任意命令和上传shell文件建议相关用户及时更新。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2025-01-21T08:02:13"
},
{
"title": "漏洞预警 | 九思OA任意文件读取漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247492106&idx=3&sn=09eac68654025a44625cdc87fced6098",
"description": "九思OA的/jsoa/GetRawFile接口存在任意文件读取漏洞未经身份验证的攻击者可以通过该漏洞读取服务器任意文件从而获取服务器敏感信息。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2025-01-21T08:02:13"
},
{
"title": "SimpleHelp远程访问软件曝高危漏洞可导致文件窃取、权限提升和远程代码执行",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447900082&idx=1&sn=dc3053c2d874f9da5853c72c38c7c519",
"description": "网络安全研究人员披露了SimpleHelp远程访问软件中的多个安全漏洞这些漏洞可能导致信息泄露、权限提升和远程代码执行。Horizon3.ai研究员Naveen Sunkavally在一份技术报告中指出这些漏洞“极易被逆向和利用。",
"author": "技术修道场",
"category": "技术修道场",
"pubDate": "2025-01-21T08:01:18"
},
{
"title": "XXL-job漏洞综合利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzU5MjgwMDg1Mg==&mid=2247484742&idx=1&sn=6d549c467e115dc1e740ed698f4fab70",
"description": null,
"author": "夜组科技圈",
"category": "夜组科技圈",
"pubDate": "2025-01-21T08:01:04"
},
{
"title": "抓包分析ssl协议",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxNTg1MDYxNA==&mid=2247489153&idx=1&sn=9466f7053d54e9d8d911fb610298a706",
"description": "通过抓包分析ssl协议的建立连接的原理",
"author": "泷羽sec-何生安全",
"category": "泷羽sec-何生安全",
"pubDate": "2025-01-21T08:00:42"
},
{
"title": "rust免杀项目生成器实现免杀模板动态化、私有化",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247493348&idx=1&sn=b6a26485145636d5ea638fc33d1af2d4",
"description": null,
"author": "夜组安全",
"category": "夜组安全",
"pubDate": "2025-01-21T08:00:37"
},
{
"title": "DAST动态应用安全测试之burp联动Xray",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484275&idx=1&sn=72810d8fc63e8c4befe88445be45909d",
"description": "burpsuite联动Xray",
"author": "simple学安全",
"category": "simple学安全",
"pubDate": "2025-01-21T08:00:19"
},
{
"title": "网络资产探测方法",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655264161&idx=2&sn=ce8c8e20248a21fdea3841deeb4b2d53",
"description": null,
"author": "计算机与网络安全",
"category": "计算机与网络安全",
"pubDate": "2025-01-21T07:57:56"
},
{
"title": "【oscp】IMF缓冲区提权靶机渗透",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247498138&idx=1&sn=d0066efd3259923adb91d7f83ff8249f",
"description": null,
"author": "泷羽Sec",
"category": "泷羽Sec",
"pubDate": "2025-01-21T07:44:15"
},
{
"title": "紧急警告新0day漏洞被用于攻击暴露接口的防火墙",
"link": "https://mp.weixin.qq.com/s?__biz=MzA4MzMzOTQ4Mw==&mid=2453672508&idx=1&sn=2ef1e2465b743680a61cd2ed51fdfad7",
"description": null,
"author": "独角鲸网络安全实验室",
"category": "独角鲸网络安全实验室",
"pubDate": "2025-01-21T07:31:40"
},
{
"title": "应急 | 隐藏型暗链的排查与解决",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NzkwMTYyOQ==&mid=2247488331&idx=1&sn=b60eafcc6b3ee72e1ca7a6ad1d4935f9",
"description": "喜欢但不让你知道是暗恋,黑你但不让你察觉是暗链。",
"author": "不秃头的安全",
"category": "不秃头的安全",
"pubDate": "2025-01-21T07:29:19"
},
{
"title": "强强联手Xray与Burp的网络安全探秘之旅",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNzg3NzQxMQ==&mid=2247485689&idx=1&sn=1d111a99cde5d6981f9dddbbab83e646",
"description": null,
"author": "泷羽Sec-sky",
"category": "泷羽Sec-sky",
"pubDate": "2025-01-21T02:00:32"
},
{
"title": "网站指纹识别工具WhatWeb 解析及指纹编写",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk1NzIzNDgzNA==&mid=2247484457&idx=1&sn=443ce490f0bf8b341e939428bb68236b",
"description": null,
"author": "慕云MY",
"category": "慕云MY",
"pubDate": "2025-01-21T00:04:43"
},
{
"title": "Catcher外网打点指纹识别+Nday漏洞验证工具|指纹识别",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODE2MjkxMQ==&mid=2247489950&idx=1&sn=8471a28c7c14a45df7f2091f0c5866cd",
"description": "Catcher重点系统指纹漏洞验证工具适用于外网打点资产梳理漏洞检查。在面对大量的子域名时Catcher可将其进行指纹识别将已经识别成功的指纹进行对应的漏洞验证并对域名进行cdn判断将未使用cdn域名进行端口扫描。",
"author": "渗透安全HackTwo",
"category": "渗透安全HackTwo",
"pubDate": "2025-01-21T00:01:01"
},
{
"title": "攻防靶场(46)不提权怎么拿root权限 Monitoring",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NjA3Mzk2NQ==&mid=2247495858&idx=1&sn=d01342e00b146a1b59ee40a2749798c3",
"description": "基于 ATTCK 的 OSCP PG Play 靶场通关攻略",
"author": "OneMoreThink",
"category": "OneMoreThink",
"pubDate": "2025-01-21T00:00:28"
},
{
"title": "【漏洞预警】ZZCMS index.php SQL注入漏洞(CVE-2025-0565)",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489485&idx=1&sn=e5ea1e03489d9276fac40db96a823bb7",
"description": null,
"author": "飓风网络安全",
"category": "飓风网络安全",
"pubDate": "2025-01-20T23:42:26"
},
{
"title": "如何mongodb未授权访问漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzU1NjczNjA0Nw==&mid=2247486273&idx=1&sn=9a0ebba7a700f0ae0410be83b4b1df00",
"description": "文章背后有福利2025年三沐数安红包封面。",
"author": "三沐数安",
"category": "三沐数安",
"pubDate": "2025-01-20T22:59:05"
},
{
"title": "常见几种网络协议分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxNTg1MDYxNA==&mid=2247489128&idx=1&sn=313dc6f577ec674a9a177d748316db7b",
"description": "主要通过分析协议原理再通过wireshark抓包分析",
"author": "泷羽sec-何生安全",
"category": "泷羽sec-何生安全",
"pubDate": "2025-01-20T22:38:45"
},
{
"title": "梦里挖edu src的步骤",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247490011&idx=1&sn=b84ffdb0597e4d6c90da739f541f310c",
"description": null,
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-20T21:43:55"
},
{
"title": "Linux系统沦陷只需1分钟这些文件权限配置千万别踩坑",
"link": "https://mp.weixin.qq.com/s?__biz=MzI5MjY4MTMyMQ==&mid=2247489749&idx=1&sn=7962c59b247991746167fa1a11ae454e",
"description": "在 Linux 系统中,文件权限是保护数据安全和控制用户访问的基础。作为一名从业者,深入了解文件权限的运作机制对于发现错误配置至关重要,而这些配置可能导致权限提升或数据泄露。",
"author": "HW安全之路",
"category": "HW安全之路",
"pubDate": "2025-01-20T21:33:07"
},
{
"title": "pikachu靶机-sql注入",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk1NzI5NzA3NQ==&mid=2247486295&idx=1&sn=62db4342ca546762d7dad726b689a216",
"description": null,
"author": "泷羽SEC-ohh",
"category": "泷羽SEC-ohh",
"pubDate": "2025-01-20T21:03:58"
},
{
"title": "从信息泄露到越权再到弱口令",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496915&idx=1&sn=ab34ad81c6b8fa8f2d00b9513c025fa4",
"description": null,
"author": "迪哥讲事",
"category": "迪哥讲事",
"pubDate": "2025-01-20T20:30:37"
},
{
"title": "利用 Windows 常见日志文件系统零日漏洞 CVE-2024-49138",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094653&idx=1&sn=0a8f46713971d1eae5f9bc98fe0e3049",
"description": null,
"author": "网安百色",
"category": "网安百色",
"pubDate": "2025-01-20T19:36:58"
},
{
"title": "严重远程代码执行漏洞CVE-2024-53691在QNAP 系统中被发现",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094653&idx=2&sn=c69dfb1b57a25f58f75e9a9f5422bd0c",
"description": null,
"author": "网安百色",
"category": "网安百色",
"pubDate": "2025-01-20T19:36:58"
},
{
"title": "黑客滥用微软VSCode 远程隧道绕过安全工具",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651312480&idx=3&sn=b0c12a4dddb00af1b5562fe19c9287c8",
"description": "VSCode远程隧道功能正被攻击者利用以绕过安全措施部署恶意脚本。",
"author": "FreeBuf",
"category": "FreeBuf",
"pubDate": "2025-01-20T19:35:46"
},
{
"title": "Hannibal一款基于C的x64 Windows代理",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651312480&idx=4&sn=f4a2e1bfaa023f53f89e41093fef9be4",
"description": "广大研究人员可以使用该工具进行安全防御端的C编程训练。",
"author": "FreeBuf",
"category": "FreeBuf",
"pubDate": "2025-01-20T19:35:46"
},
{
"title": "【安全圈】黑客滥用 Microsoft VSCode 远程隧道绕过安全工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652067503&idx=3&sn=0b2738a898f48ebbcd35b935ea9b9b9b",
"description": null,
"author": "安全圈",
"category": "安全圈",
"pubDate": "2025-01-20T19:01:22"
},
{
"title": "【安全圈】无需拆卸笔记本电脑即可访问 Windows 11 BitLocker 加密文件",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652067503&idx=4&sn=17aa39950a2ad339c5c9189715ebc4f2",
"description": null,
"author": "安全圈",
"category": "安全圈",
"pubDate": "2025-01-20T19:01:22"
},
{
"title": "T1059.009 命令执行云API异常调用",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NDcyMjU2OQ==&mid=2247484541&idx=1&sn=c834b9f4ff672abc3b456507acb31eeb",
"description": "本文主要介绍「T1059.009 云API异常调用」检测的规则编写帮助安全团队提高针对云环境的防护能力场景。",
"author": "SecLink安全空间",
"category": "SecLink安全空间",
"pubDate": "2025-01-20T18:38:01"
},
{
"title": "面向脚本小子的360QVM",
"link": "https://mp.weixin.qq.com/s?__biz=MzU0NDc0NTY3OQ==&mid=2247488404&idx=1&sn=767ba5298bab860a12d1a405c60ff539",
"description": null,
"author": "老鑫安全",
"category": "老鑫安全",
"pubDate": "2025-01-20T18:34:50"
},
{
"title": "PyPI 恶意包窃取Discord 开发人员的认证令牌",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247522124&idx=2&sn=98991414f4675f83bbb4a3935a2f16e1",
"description": "速修复",
"author": "代码卫士",
"category": "代码卫士",
"pubDate": "2025-01-20T18:23:00"
},
{
"title": "开源工具 rsync 爆重大漏洞,黑客可越界写入缓冲区执行代码",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458588763&idx=2&sn=987fea6e7bc8cce2c77f2e2035072ac4",
"description": "开源同步工具 rsync 被曝存在多个高危漏洞,攻击者可利用漏洞远程执行代码,全球超 66 万台服务器受影响。",
"author": "看雪学苑",
"category": "看雪学苑",
"pubDate": "2025-01-20T17:59:35"
},
{
"title": "【风险通告】Rsync存在多个高危漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzUzOTE2OTM5Mg==&mid=2247490287&idx=1&sn=70c96ed0de707107589c47460e4867aa",
"description": null,
"author": "安恒信息CERT",
"category": "安恒信息CERT",
"pubDate": "2025-01-20T17:50:21"
},
{
"title": "Sudo命令的配置及使用",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMzg3MzMyOA==&mid=2247486396&idx=1&sn=4aca226484545835541c9edc133330b5",
"description": null,
"author": "泷羽Sec-小篮子",
"category": "泷羽Sec-小篮子",
"pubDate": "2025-01-20T17:50:18"
},
{
"title": "记一次APP加密数据包的解密过程与思路",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNTIwNTkyNg==&mid=2247553107&idx=1&sn=874a6fafd2f922ebd0db2628b94065f4",
"description": "针对一次app加密数据包的分析和解密简单提供下在js中寻找加密方法的思路。",
"author": "蚁景网络安全",
"category": "蚁景网络安全",
"pubDate": "2025-01-20T17:36:07"
},
{
"title": "PHP反序列化新手入门学习总结",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNTY3Nzc3Mg==&mid=2247489128&idx=1&sn=7c23d82479bf5d80e28b015657b7098d",
"description": "最近写了点反序列化的题才疏学浅希望对CTF新手有所帮助有啥错误还请大师傅们批评指正。",
"author": "蚁景网安",
"category": "蚁景网安",
"pubDate": "2025-01-20T16:30:28"
},
{
"title": "浅谈恶意样本の反沙箱分析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247519225&idx=1&sn=f568a13c7b2f6c75b7858cd1c36e0f16",
"description": null,
"author": "亿人安全",
"category": "亿人安全",
"pubDate": "2025-01-20T15:58:18"
},
{
"title": "因WordPress新漏洞全球数百万网站面临被攻击风险",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492526&idx=1&sn=247ea35cbbd8abee04db13ecd2a84025",
"description": "近日一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。",
"author": "白泽安全实验室",
"category": "白泽安全实验室",
"pubDate": "2025-01-20T15:31:50"
},
{
"title": "Chrome浏览器的Google账户接管研究",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5OTEzMjc4OA==&mid=2247489027&idx=1&sn=60e2dc88ec5d060e0324c3d237433b41",
"description": "本文探讨Chrome浏览器中Google账户接管技术分析其登录机制提出通过修改token_service和导入Cookies实现接管。同时介绍绕过Cookies文件锁定的方法如VSS、低级磁盘读取和句柄复制为安全研究提供参考。",
"author": "君立渗透测试研究中心",
"category": "君立渗透测试研究中心",
"pubDate": "2025-01-20T14:54:59"
},
{
"title": "30个木马隐藏技巧与反制策略 不容错过!",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MzY1NDc2MA==&mid=2247484252&idx=1&sn=1f1840133486c232c3eb72350ce09f9a",
"description": null,
"author": "StaticCodeAnalysis",
"category": "StaticCodeAnalysis",
"pubDate": "2025-01-20T14:28:31"
},
{
"title": "渗透实战|某若依框架的接口测试",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODg3NzExNw==&mid=2247488422&idx=1&sn=7579dc74e4a9024c4383a577fdfcf587",
"description": null,
"author": "WK安全",
"category": "WK安全",
"pubDate": "2025-01-20T14:04:44"
},
{
"title": "开源SOC实现十三-事件响应平台IRIS",
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NDg0ODkwMQ==&mid=2247486148&idx=1&sn=a9f54ea4d1abf2499d8c1b942e8f98bb",
"description": "何通过工具协助用户完成时间响应调查成为了这一期分享的重点。对于事件响应平台比较耳熟能详的就是Hive但今天给大家介绍的是另一个事件响应调查平台IRIS。",
"author": "格格巫和蓝精灵",
"category": "格格巫和蓝精灵",
"pubDate": "2025-01-20T12:20:40"
},
{
"title": "Log4j CVE-2017-5645反序列化漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NDg3NjE5MQ==&mid=2247485278&idx=1&sn=d2763b1dec8419157ee3f7234cb8f4f5",
"description": null,
"author": "0xh4ck3r",
"category": "0xh4ck3r",
"pubDate": "2025-01-20T12:01:06"
},
{
"title": "供应链 | 迂回攻击",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247547402&idx=1&sn=f32e6837400541a9aed45bb95eaa4c26",
"description": null,
"author": "掌控安全EDU",
"category": "掌控安全EDU",
"pubDate": "2025-01-20T12:00:48"
},
{
"title": "【漏洞通告】Rsync多个漏洞安全风险通告",
"link": "https://mp.weixin.qq.com/s?__biz=MzU4NjY4MDAyNQ==&mid=2247497009&idx=1&sn=70c58fc6187adfcab699f9a29cd91695",
"description": "近日嘉诚安全监测到Rsync发布安全公告确认其服务端进程Rsyncd存在多个漏洞鉴于漏洞危害较大嘉诚安全提醒相关用户尽快更新至安全版本避免引发漏洞相关的网络安全事件。",
"author": "嘉诚安全",
"category": "嘉诚安全",
"pubDate": "2025-01-20T11:57:46"
},
{
"title": "攻防|记一些木马反制技巧",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606873&idx=3&sn=538894f7d36ffec1e6910cb5498d316f",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2025-01-20T11:19:03"
},
{
"title": "MS14-068 漏洞复现",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247486007&idx=1&sn=754dfb823942baaf0606ffee489adcef",
"description": null,
"author": "土拨鼠的安全屋",
"category": "土拨鼠的安全屋",
"pubDate": "2025-01-20T11:01:05"
},
{
"title": "渗透实战|某若依框架的接口测试",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDA5NzUzNA==&mid=2247489287&idx=1&sn=f41513777731e0e98fcea97136c76f04",
"description": null,
"author": "藏剑安全",
"category": "藏剑安全",
"pubDate": "2025-01-20T10:51:53"
},
{
"title": "【漏洞分享】万能门店小程序管理系统存在任意文件读取漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNzMxODkzMw==&mid=2247485719&idx=1&sn=594e1286af1bd496465685b0b9d35ff8",
"description": null,
"author": "HK安全小屋",
"category": "HK安全小屋",
"pubDate": "2025-01-20T10:18:46"
},
{
"title": "【漏洞预警】Rsync缓冲区溢出漏洞风险通告",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NjU0OTQyMg==&mid=2247484324&idx=1&sn=86bc6803db897c208c21fdbf04f469f5",
"description": "攻击者只需要拥有对Rsync服务器匿名读取的权限通过向开放在互联网上的Rsync服务端口默认873/TCP发送特定探测或恶意请求包来触发该漏洞成功利用该漏洞可在Rsyncd上远程执行任意操作",
"author": "企业安全实践",
"category": "企业安全实践",
"pubDate": "2025-01-20T10:17:09"
},
{
"title": "中间件安全|Tomcat漏洞汇总",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MTc1MjY5OQ==&mid=2247486238&idx=1&sn=0d0e11190ce7cebaf3d1a0e829230713",
"description": null,
"author": "Cyb3rES3c",
"category": "Cyb3rES3c",
"pubDate": "2025-01-20T10:08:04"
},
{
"title": "2025年首个满分漏洞PoC已公布可部署后门",
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525630&idx=1&sn=182e03ee16660b42ea31e0e2bc98b62f",
"description": "漏洞能够在受影响系统上执行未经身份验证的远程代码。",
"author": "乌雲安全",
"category": "乌雲安全",
"pubDate": "2025-01-20T10:02:54"
},
{
"title": "一款针对APK文件的数据收集与分析工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525630&idx=2&sn=aa6f4b15975a796a85417efe2232a184",
"description": "该工具可帮助研究人员扫描目标APK文件中的URI、端点和敏感信息。",
"author": "乌雲安全",
"category": "乌雲安全",
"pubDate": "2025-01-20T10:02:54"
},
{
"title": "Confluence认证后RCECVE-2024-21683",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMDY3MzQyNQ==&mid=2247484792&idx=1&sn=c4cc7279d562c9286b0ab2291a614eeb",
"description": null,
"author": "OneTS安全团队",
"category": "OneTS安全团队",
"pubDate": "2025-01-20T10:01:54"
},
{
"title": "Apache HTTP Server 安装教程",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDQ0NzQwNA==&mid=2247485889&idx=1&sn=f35b21ecb125ddcc633da8b68e92df16",
"description": null,
"author": "网络个人修炼",
"category": "网络个人修炼",
"pubDate": "2025-01-20T10:01:09"
},
{
"title": "JNDI与RMI、LDAP相关的安全问题探讨",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5MjEyMTcyMQ==&mid=2651037423&idx=1&sn=6b7f8812be505c1193b6e1a81932983e",
"description": "JNDI与RMI、LDAP相关的安全问题探讨",
"author": "SAINTSEC",
"category": "SAINTSEC",
"pubDate": "2025-01-20T09:17:22"
},
{
"title": "从任意文件下载到getshell",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247487164&idx=1&sn=412aa31ec8766c85ae1e6870bf5c79ba",
"description": null,
"author": "神农Sec",
"category": "神农Sec",
"pubDate": "2025-01-20T09:01:02"
},
{
"title": "微软已经修复Microsoft 365在Windows Server 2016/2019上崩溃的问题",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzNDIxODkyMg==&mid=2650085823&idx=1&sn=2501753cd0ef472e55467e073c23cd99",
"description": null,
"author": "信安在线资讯",
"category": "信安在线资讯",
"pubDate": "2025-01-20T09:00:22"
},
{
"title": "OperationGiỗ Tổ Hùng Vươnghurricane浅谈新海莲花组织在内存中的技战术",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247513780&idx=1&sn=a2650f77b1b7a4b73b27ec637bef04d1",
"description": "新海莲花组织最早出现于2022年中2023年底转入不活跃状态2024年11月重新活跃并被快速制止。文章分享了新海莲花组织在内存中的技战术分析同时通过2024年3月的两波 0day 供应链事件,最终确认攻击者位于 UTC +7 时区。",
"author": "奇安信威胁情报中心",
"category": "奇安信威胁情报中心",
"pubDate": "2025-01-20T09:00:15"
},
{
"title": "vulnhub之devt-improved的实践",
"link": "https://mp.weixin.qq.com/s?__biz=MzA3MjM5MDc2Nw==&mid=2650748941&idx=1&sn=f517f6f8a9afd7e24af92452e9c111a5",
"description": null,
"author": "云计算和网络安全技术实践",
"category": "云计算和网络安全技术实践",
"pubDate": "2025-01-20T08:55:39"
},
{
"title": "AUTOSAR OS模块详解(三) Alarm",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTYxOTcxMw==&mid=2247493207&idx=1&sn=096f29df6e477e6be9cf48163bc7840d",
"description": "本文主要介绍AUTOSAR OS的Alarm并对基于英飞凌Aurix TC3XX系列芯片的Vector Microsar代码和配置进行部分讲解。",
"author": "汽车电子嵌入式",
"category": "汽车电子嵌入式",
"pubDate": "2025-01-20T08:13:44"
},
{
"title": "【永不空军!】| 360核晶等杀软环境下钓鱼思路分享",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484316&idx=1&sn=ab9ac916c896017f20ab1efeb8dc19cb",
"description": "【钓鱼思路】| 360核晶等杀软环境下钓鱼思路分享",
"author": "半只红队",
"category": "半只红队",
"pubDate": "2025-01-20T08:06:02"
},
{
"title": "漏洞预警 | Apache Linkis任意文件读取漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247492105&idx=1&sn=6b3de2fc54f10c818f7f5d69cf9011df",
"description": "Apache Linkis存在文件读取漏洞由于其数据源管理模块未对传入的JDBC URL中的参数做限制攻击者可以通过该漏洞读取服务器任意文件从而获取大量敏感信息。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2025-01-20T08:01:01"
},
{
"title": "HeavenlyBypassAV免杀工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzU5MjgwMDg1Mg==&mid=2247484736&idx=1&sn=9345ab4dadf3371f4e9ff6abbd3f8621",
"description": null,
"author": "夜组科技圈",
"category": "夜组科技圈",
"pubDate": "2025-01-20T08:00:19"
},
{
"title": "【oscp】FristiLeaks1.3-提权靶机渗透",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247498051&idx=1&sn=2e39d1f1fb5c356a5e1b2f9ab3325168",
"description": null,
"author": "泷羽Sec",
"category": "泷羽Sec",
"pubDate": "2025-01-20T07:45:06"
},
{
"title": "锐捷-SSL-VPN-越权访问漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTg3ODc5OA==&mid=2247484268&idx=1&sn=9b38caee54f9f1217b1e27269fc22a09",
"description": null,
"author": "骇客安全",
"category": "骇客安全",
"pubDate": "2025-01-20T03:00:46"
},
{
"title": "渗透测试C2工具 -- XiebroC2",
"link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247499215&idx=1&sn=d2fe2e3a30d617b429ea2cecb63020bd",
"description": null,
"author": "网络安全者",
"category": "网络安全者",
"pubDate": "2025-01-20T00:01:11"
},
{
"title": "第5天基础入门-反弹SHELL&不回显带外&正反向连接&防火墙出入站&文件下载",
"link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247499215&idx=2&sn=71d89c0efdc0f976fc560ca8cc628269",
"description": null,
"author": "网络安全者",
"category": "网络安全者",
"pubDate": "2025-01-20T00:01:11"
},
{
"title": "CVE-2024-13025-Codezips 大学管理系统 faculty.php sql 注入分析及拓展",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247518348&idx=1&sn=c0faf8a6a240edb462faa9205bd3a22a",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2025-01-20T00:01:04"
},
{
"title": "易受攻击的 Moxa 设备使工业网络面临攻击",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491972&idx=1&sn=bfd5fb18fdc8cbb6d1b4b232bf172ad5",
"description": null,
"author": "犀牛安全",
"category": "犀牛安全",
"pubDate": "2025-01-20T00:00:00"
},
{
"title": "梦里挖edu src的步骤",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTg3ODYxNg==&mid=2247485081&idx=1&sn=118dc9ec93b8776d4fd28b1acbb90a5a",
"description": null,
"author": "信安一把索",
"category": "信安一把索",
"pubDate": "2025-01-19T22:32:02"
},
{
"title": "春秋杯WP | 2024春秋杯冬季赛第三天题目部分解析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDA5NjgyMg==&mid=2247501315&idx=1&sn=d85a30ae678cadbcaa0d69068c18dc6d",
"description": "2024 春秋杯冬季赛收官日,赛事部分解析重磅揭晓",
"author": "春秋伽玛",
"category": "春秋伽玛",
"pubDate": "2025-01-19T21:49:42"
},
{
"title": "Spring Boot SpEL表达式注入",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247495119&idx=2&sn=37204cbd2cf1d2f0cb8f26b27cbe8757",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2025-01-19T21:25:42"
},
{
"title": "x64 调用栈欺骗",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486407&idx=1&sn=1609112b647f5e4c95d0e5958a985c8c",
"description": null,
"author": "securitainment",
"category": "securitainment",
"pubDate": "2025-01-19T21:17:29"
},
{
"title": "工具推荐 Windows应急响应的得力助手-Hawkeye",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247490004&idx=1&sn=c71efdc86fe2c3d43d7909ea025b9a49",
"description": "文末附下载地址",
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-19T20:14:56"
},
{
"title": "SSRF",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247490002&idx=1&sn=e641f844e1d2db88d1e130d70cf87c97",
"description": null,
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-19T20:12:27"
},
{
"title": "一次通用cnvd案例分享",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247490002&idx=2&sn=d5528443216703026dbb5befe50a87c2",
"description": "弱口令加JDBC漏洞利用-任意文件读取",
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-19T20:12:27"
},
{
"title": "域渗透系列 - 通过 DNS 进行Kerberos Relay",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzQzNzc3OQ==&mid=2247484366&idx=1&sn=319ac331499931353829a877e7b50aa8",
"description": "Kerberos Relay 是一种Kerberos认证协议缺陷的攻击技术。本系列将深入解析其原理、攻击条件及防御措施与你一同揭开他的神秘面纱。",
"author": "WH0sec",
"category": "WH0sec",
"pubDate": "2025-01-19T19:30:23"
},
{
"title": "【安全圈】CL-UNK-0979 利用 Ivanti Connect Secure 中的零日漏洞获取网络访问权限",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652067480&idx=4&sn=8dc7094933166fceeb2e467f38e23545",
"description": null,
"author": "安全圈",
"category": "安全圈",
"pubDate": "2025-01-19T19:01:46"
},
{
"title": "【CobaltStrike】CS4.9.1 特战版 | 自破解+二开+BUG修复+配置优化",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5NzUyNTI1Nw==&mid=2247496347&idx=1&sn=80922d559ccaec11588d8ba216b8a118",
"description": "CS 4.9.1 特战版在官方原版 Cobalt Strike 4.9.1的基础上进行破解、二开和修复 BUG并且对配置文件进行了优化。",
"author": "无影安全实验室",
"category": "无影安全实验室",
"pubDate": "2025-01-19T18:21:57"
},
{
"title": "渗透测试信息收集指南",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mjg4MTQxMw==&mid=2247485699&idx=1&sn=4fd6df9190ce90e533d1295d9cf63761",
"description": "帮助渗透测试人员系统地收集目标信息,包括域名、子域名、技术栈、开放端口等,为后续的安全评估与漏洞挖掘提供全面、准确的数据支持。",
"author": "泷羽Sec-Ceo",
"category": "泷羽Sec-Ceo",
"pubDate": "2025-01-19T17:35:56"
},
{
"title": "【工具推荐】一款渗透测试信息收集集成工具--密探 v1.19 版",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMDg1MzIwNA==&mid=2247486619&idx=1&sn=a495cb820bd0b97ffd0e75d04cfb8d5a",
"description": "密探借鉴FindSomeThing、SuperSearchPlus 御剑文件扫描、dirsearch、JSFinder、fofaviewer等工具集合了多个模块的功能",
"author": "泷羽Sec-underatted安全",
"category": "泷羽Sec-underatted安全",
"pubDate": "2025-01-19T15:18:38"
},
{
"title": "【工具分享】Swagger API Exploit 1.2 - 信息泄露利用工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTkwMTI5Mw==&mid=2247488641&idx=1&sn=af12c4534abac0d07a82bbdb894ba5a7",
"description": "这是一个 Swagger REST API 信息泄露利用工具。 主要功能有:\\\\x0d\\\\x0a\\\\x0d\\\\x0a遍历所有API接口自动填充参数",
"author": "星悦安全",
"category": "星悦安全",
"pubDate": "2025-01-19T15:00:21"
},
{
"title": "救命我真的学会了RMI远程方法调用",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNzU5MDMxOA==&mid=2247484226&idx=1&sn=461786564bedfa8b4bcf3ac4724f564c",
"description": "RMIRemote Method Invocation远程方法调用是Java提供的一种机制允许一个Java对象调用另一个运行在不同JVMJava虚拟机中的Java对象的方法。",
"author": "Eureka安全",
"category": "Eureka安全",
"pubDate": "2025-01-19T14:32:56"
},
{
"title": "30个木马隐藏技巧与反制策略 不容错过!",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk1NzIzMTgyNA==&mid=2247483724&idx=1&sn=8c7090e2d24427a061e9294e63f3745c",
"description": null,
"author": "泷羽sec-玄色",
"category": "泷羽sec-玄色",
"pubDate": "2025-01-19T12:32:59"
},
{
"title": "基于Electron的应用程序安全测试基础 — 提取和分析.asar文件的案例研究",
"link": "https://mp.weixin.qq.com/s?__biz=MzI4NTcxMjQ1MA==&mid=2247615220&idx=1&sn=a4e4a726a9269dc640344d8a43034079",
"description": null,
"author": "白帽子左一",
"category": "白帽子左一",
"pubDate": "2025-01-19T12:01:01"
},
{
"title": "银狐肆虐,小白该如何防范,如何自动化狩猎钓鱼站点---文末附自动化检测程序",
"link": "https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484329&idx=1&sn=20c31baba359a00aaa54f36bd93f9bcd",
"description": "如何利用油猴脚本自动化检测钓鱼站点",
"author": "也总想挖RCE",
"category": "也总想挖RCE",
"pubDate": "2025-01-19T11:43:17"
},
{
"title": "攻防实战,进入某校内网",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606800&idx=3&sn=990d0438b26e59119c79ba0c75cc675d",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2025-01-19T09:17:17"
},
{
"title": "OneThink文件缓存漏洞及日志读取",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NDg3NjE5MQ==&mid=2247485265&idx=1&sn=cfeefce93d801ab805be4f712eb7925f",
"description": null,
"author": "0xh4ck3r",
"category": "0xh4ck3r",
"pubDate": "2025-01-19T09:03:04"
},
{
"title": "30个木马隐藏技巧与反制策略 不容错过!",
"link": "https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247517920&idx=1&sn=06ebdeb5a3a115e30eb525aba1ed71d1",
"description": null,
"author": "HACK之道",
"category": "HACK之道",
"pubDate": "2025-01-19T08:59:47"
},
{
"title": "vulnhub靶场【Mr-robot靶机】根据数据包分析进行相关处理",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxNTg1MDYxNA==&mid=2247488941&idx=1&sn=0a8fdf003c9834b0dadc4b9551115a08",
"description": null,
"author": "泷羽sec-何生安全",
"category": "泷羽sec-何生安全",
"pubDate": "2025-01-19T08:00:47"
},
{
"title": "strust2_CVE-2024-53677漏洞复现",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxOTI5NzY4MA==&mid=2247486096&idx=1&sn=dee2f6b912c394e375ccb0dc69bb1de5",
"description": "CVE-2024-53677漏洞复现...",
"author": "夺旗赛小萌新",
"category": "夺旗赛小萌新",
"pubDate": "2025-01-19T01:07:24"
},
{
"title": "中东政府机构和 ISP供应商正在遭受Eagerbee 恶意软件攻击",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491971&idx=1&sn=8710612006b7fc91e46ecdfb9ce34c3c",
"description": null,
"author": "犀牛安全",
"category": "犀牛安全",
"pubDate": "2025-01-19T00:01:13"
},
{
"title": "1314个自定义goby-poc1月8日更新",
"link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247499201&idx=1&sn=d479b7a4fca1420e0d84bc8efa5959af",
"description": null,
"author": "网络安全者",
"category": "网络安全者",
"pubDate": "2025-01-19T00:01:05"
},
{
"title": "【PWN】Edit堆溢出2.23无show函数",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NDYwOTcxNg==&mid=2247485181&idx=1&sn=9eb1f4bf24e5e5ff17f484fad2c76691",
"description": "2.23堆溢出无show函数利用fastbin attack打free@got为system@plt",
"author": "智佳网络安全",
"category": "智佳网络安全",
"pubDate": "2025-01-18T23:17:52"
},
{
"title": "通过“Typora + PicGo + 腾讯云” 组合方法解决发布图片显示失效的问题",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk1NzI2NDQyMw==&mid=2247484256&idx=1&sn=398751629c02160c7518f9fe44341c1e",
"description": null,
"author": "泷羽Sec-风",
"category": "泷羽Sec-风",
"pubDate": "2025-01-18T22:24:06"
},
{
"title": "CTFSHOW渗透赛(复盘+思路延伸)",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247489995&idx=1&sn=d62c2abc72ea72681037cb84feaea5b2",
"description": "比赛一共五章设置13个FLAG本篇以此记录过程+揣测出题思路考点+进行实战案例回忆的延伸(仅供个人参考,量大管饱)",
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-18T21:30:34"
},
{
"title": "vulnhub靶场【jangow靶机】反弹shell的流量及端口选择",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247489995&idx=2&sn=a6509021c8a5f578f22b978a23bffcf3",
"description": null,
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-18T21:30:34"
},
{
"title": "银狐叒进化?清理不掉!一线应急响应工程师教你如何手工处理",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247489995&idx=3&sn=34f8cda58fa253c24141b98c5589294a",
"description": "银狐叒进化,溯源不了,清理不掉!一线应急响应工程师教你如何手工处理",
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-18T21:30:34"
},
{
"title": "图解正向代理 vs 反向代理:到底有啥区别?",
"link": "https://mp.weixin.qq.com/s?__biz=MzIyMzIwNzAxMQ==&mid=2649464547&idx=1&sn=f0c26c998e650cb170914046e7ed5ee4",
"description": "学网络,尽在网络技术联盟站!",
"author": "网络技术联盟站",
"category": "网络技术联盟站",
"pubDate": "2025-01-18T21:15:21"
},
{
"title": "春秋杯WP | 2024春秋杯冬季赛第二天题目部分解析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDA5NjgyMg==&mid=2247501228&idx=1&sn=4386f7eff6698e6921d12895041c9a18",
"description": "2024春秋杯冬季赛第二天部分解析揭晓。",
"author": "春秋伽玛",
"category": "春秋伽玛",
"pubDate": "2025-01-18T21:07:19"
},
{
"title": "Linux服务器中毒教你一步步精准判断和快速处置",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyNTExOTY1Nw==&mid=2247527911&idx=1&sn=8705fa0202976a1f106844025794d83c",
"description": null,
"author": "网络技术干货圈",
"category": "网络技术干货圈",
"pubDate": "2025-01-18T20:54:04"
},
{
"title": "vulnhub靶场【Lampiao靶机】提权之脏牛提权",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxNTg1MDYxNA==&mid=2247488884&idx=1&sn=e27d1ae2b776c935534dcebc4a7c3f1f",
"description": null,
"author": "泷羽sec-何生安全",
"category": "泷羽sec-何生安全",
"pubDate": "2025-01-18T20:41:23"
},
{
"title": "木马反制技巧",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTYwMTk4Mw==&mid=2247488211&idx=1&sn=a4a634096a3ea78aa825239e2869897b",
"description": null,
"author": "网安探索员",
"category": "网安探索员",
"pubDate": "2025-01-18T20:02:28"
},
{
"title": "x64 返回地址欺骗",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247486365&idx=1&sn=59b5d17aa8bcd8631da39637f55d722d",
"description": null,
"author": "securitainment",
"category": "securitainment",
"pubDate": "2025-01-18T19:59:00"
},
{
"title": "SSRF",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMjU5MzgzMQ==&mid=2247485221&idx=1&sn=fb4cf74dd862bc8792a0af77a45d1bdc",
"description": null,
"author": "AlertSec",
"category": "AlertSec",
"pubDate": "2025-01-18T19:24:52"
},
{
"title": "【安全圈】高危rsync被爆出多个安全漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652067460&idx=1&sn=7e41cdf5b76e20186089903f7171a588",
"description": null,
"author": "安全圈",
"category": "安全圈",
"pubDate": "2025-01-18T19:00:39"
},
{
"title": "独特上篮方式突破短信发送限制上分 企业src意外之喜系列第六集",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDQ5NDM3OA==&mid=2247484006&idx=1&sn=93736f0bca7b3de26866dfae3775651b",
"description": "独特上篮方式突破短信发送限制上分",
"author": "两年半网安练习生",
"category": "两年半网安练习生",
"pubDate": "2025-01-18T19:00:27"
},
{
"title": "DVWA漏洞靶场通关手册万字图文解析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjg3NTQ4NA==&mid=2247485767&idx=1&sn=93b546f9ce1febe8901087238dc96ee7",
"description": "DVWA靶场新手钟爱的一个靶场万字图文解析+知识点复习,干货满满快来收藏!!",
"author": "泷羽Sec-Blanks",
"category": "泷羽Sec-Blanks",
"pubDate": "2025-01-18T18:57:05"
},
{
"title": "CVE-2024-53704SonicOS SSLVPN认证绕过漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485778&idx=1&sn=f2bab6ffd22425efb72f8b20eeeab29b",
"description": "CVE-2024-53704SonicOS SSLVPN认证绕过漏洞",
"author": "信安百科",
"category": "信安百科",
"pubDate": "2025-01-18T18:00:14"
},
{
"title": "CVE-2024-55591FortiOS和FortiProxy身份认证绕过漏洞POC",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485778&idx=2&sn=691f85f7d7a345f2ed5607454b84333b",
"description": "CVE-2024-55591FortiOS和FortiProxy身份认证绕过漏洞POC",
"author": "信安百科",
"category": "信安百科",
"pubDate": "2025-01-18T18:00:14"
},
{
"title": "PWN入门误入格式化字符串漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458588749&idx=2&sn=6fc809be9ede10a46f7d204c536cd5bf",
"description": "看雪论坛作者ID福建炒饭乡会",
"author": "看雪学苑",
"category": "看雪学苑",
"pubDate": "2025-01-18T17:59:27"
},
{
"title": "记一次从任意文件下载到getshell",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650606788&idx=3&sn=aaf92b43e956eaffc7241caf6886f23c",
"description": null,
"author": "黑白之道",
"category": "黑白之道",
"pubDate": "2025-01-18T17:40:16"
},
{
"title": "Graphql内审查询漏洞分析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4NDg3NjE5MQ==&mid=2247485250&idx=1&sn=cc481b4d430eb2516b235f762c1047cb",
"description": null,
"author": "0xh4ck3r",
"category": "0xh4ck3r",
"pubDate": "2025-01-18T14:32:23"
},
{
"title": "一次通用cnvd案例分享",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNTQwNjQ4OA==&mid=2247484053&idx=1&sn=f2f7d10b6cf4337e7ab2212e103f702a",
"description": "弱口令加JDBC漏洞利用-任意文件读取",
"author": "UF安全团队",
"category": "UF安全团队",
"pubDate": "2025-01-18T12:42:04"
},
{
"title": "记一次常规的网络安全渗透测试",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247547383&idx=1&sn=6f262a918992dee548e06dea93a0770a",
"description": null,
"author": "掌控安全EDU",
"category": "掌控安全EDU",
"pubDate": "2025-01-18T12:01:45"
},
{
"title": "Java安全小记-Commons-Collections4反序列化",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247485860&idx=1&sn=1b65d29dbab6339bc7842474a6211475",
"description": null,
"author": "土拨鼠的安全屋",
"category": "土拨鼠的安全屋",
"pubDate": "2025-01-18T11:32:24"
},
{
"title": "DataCon2024解题报告WriteUp—漏洞分析赛道",
"link": "https://mp.weixin.qq.com/s?__biz=MzU5Njg1NzMyNw==&mid=2247489123&idx=1&sn=228fa0630cebdc58c6b961b96752dc2f",
"description": "武汉大学“0817iotg”战队分享的解题报告。",
"author": "DataCon大数据安全分析竞赛",
"category": "DataCon大数据安全分析竞赛",
"pubDate": "2025-01-18T11:30:29"
},
{
"title": "Nuclei POC 管理工具附POC地址",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5OTg5NzMzMA==&mid=2247484176&idx=1&sn=f4be63e1e0f295963d861967f27eb595",
"description": "Nuclei POC 管理工具附POC地址",
"author": "蓝猫Sec",
"category": "蓝猫Sec",
"pubDate": "2025-01-18T10:46:51"
},
{
"title": "隧道协议漏洞致数百万联网主机易受攻击,存在漏洞的主机中国最多",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793901&idx=2&sn=1895fae008cad4705b97fb3646076e93",
"description": "研究人员发现隧道协议漏洞,中国受影响主机数量最多。",
"author": "军哥网络安全读报",
"category": "军哥网络安全读报",
"pubDate": "2025-01-18T09:06:26"
},
{
"title": "【工具分享】Docker容器逃逸工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDYwNTcyNA==&mid=2247487388&idx=1&sn=fd42abb9d72889b16444ef3377c5d9f0",
"description": "Docker容器未授权一键逃逸工具",
"author": "Sec探索者",
"category": "Sec探索者",
"pubDate": "2025-01-18T09:01:04"
},
{
"title": "工具推荐 Windows应急响应的得力助手-Hawkeye",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNjQwOTc4MQ==&mid=2247490115&idx=1&sn=f755fe95ac65bcc82047b3f001ef00e3",
"description": "文末附下载地址",
"author": "安全帮",
"category": "安全帮",
"pubDate": "2025-01-18T08:12:39"
},
{
"title": "API全面渗透测试方案",
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247525618&idx=1&sn=6da96ec7eed1306becfda38c73c278a1",
"description": null,
"author": "乌雲安全",
"category": "乌雲安全",
"pubDate": "2025-01-18T08:01:49"
},
{
"title": "漏洞预警 | Ivanti Connect Secure栈溢出漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247492093&idx=1&sn=b27485da37f7eef604851eddd114d810",
"description": "Ivanti Connect Secure存在栈缓冲区溢出漏洞攻击者可能利用该漏洞实现未授权远程代码执行。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2025-01-18T08:01:39"
},
{
"title": "漏洞预警 | CraftCMS模板注入漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247492093&idx=2&sn=d34b7d393afa2629d555d68405f5175b",
"description": "CraftCMS存在模板注入漏洞若开启了PHP配置中的register_argc_argv攻击者可构造恶意请求利用模版注入漏洞执行任意代码控制服务器。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2025-01-18T08:01:39"
},
{
"title": "漏洞预警 | WordPress Plugin Radio Player SSRF漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247492093&idx=3&sn=066c072aeb8c8dca5f78f1c1addfe03a",
"description": "Radio Player的/wp-admin/admin-ajax.php接口存在服务器端请求伪造漏洞未经身份验证攻击者可通过该漏洞读取系统重要文件导致网站处于极度不安全状态。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2025-01-18T08:01:39"
},
{
"title": "掌握现代红队基础设施第 3 部分 — 使用 DNS 记录和 OPSEC 绕过邮件安全网关保护邮件服务",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247504688&idx=1&sn=9e1211dcc443c27b4bfc26fc1fb7639c",
"description": "在“🔒掌握现代红队基础设施”系列的这一部分中,我们探讨了使用 SPF、DKIM 和 D",
"author": "安全狗的自我修养",
"category": "安全狗的自我修养",
"pubDate": "2025-01-18T07:20:31"
},
{
"title": "【神兵利器】Windows平台shellcode免杀加载器",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247495107&idx=1&sn=cbddba591607dc0677186a0c8a14d801",
"description": null,
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2025-01-18T07:02:34"
},
{
"title": "第1天基础入门-Web应用&架构搭建&站库分离&路由访问&配置受限&DNS解析",
"link": "https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247515641&idx=2&sn=811087ab8aa60f14920615cb2077f2ce",
"description": null,
"author": "Web安全工具库",
"category": "Web安全工具库",
"pubDate": "2025-01-18T00:00:47"
},
{
"title": "开源漏洞扫描器Nuclei 漏洞可使恶意模板绕过签名验证",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491970&idx=1&sn=942362e32fb21fcc10dc1e43eafade1a",
"description": null,
"author": "犀牛安全",
"category": "犀牛安全",
"pubDate": "2025-01-18T00:00:00"
},
{
"title": "【漏洞预警】NetVision airPASS信息泄露漏洞(CVE-2025-0455)",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247489480&idx=1&sn=94cd72de934fea315c3cda6436f85fd2",
"description": null,
"author": "飓风网络安全",
"category": "飓风网络安全",
"pubDate": "2025-01-17T23:51:34"
},
{
"title": "【已支持暴露面风险排查】Rsync缓冲区溢出与信息泄露漏洞CVE-2024-12084/CVE-2024-12085",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjE3ODkxNg==&mid=2247488909&idx=1&sn=e2a7822d04927ac12cdb72aaab9a3af2",
"description": "Rsync缓冲区溢出与信息泄露漏洞结合可实现远程代码执行绿盟科技CTEM方案与外部攻击面管理服务EASM支持Rsync暴露面风险排查自动化渗透测试工具EZ已支持验证Rsync服务是否开放匿名访问。请相关用户尽快采取措施进行防护。",
"author": "绿盟科技CERT",
"category": "绿盟科技CERT",
"pubDate": "2025-01-17T23:48:35"
},
{
"title": "PHP shell 样本分析",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTUxNTU2NQ==&mid=2247489993&idx=1&sn=3b53acaa7d565c6b3cc2567714c70c5e",
"description": null,
"author": "sec0nd安全",
"category": "sec0nd安全",
"pubDate": "2025-01-17T23:37:31"
},
{
"title": "pikachu漏洞靶场通关手册万字图文解析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjg3NTQ4NA==&mid=2247485581&idx=1&sn=e6b9fcb1d7395d24b75c2788fe77c394",
"description": "pikachu漏洞靶场通关手册万字图文解析快快收藏快快学习",
"author": "泷羽Sec-Blanks",
"category": "泷羽Sec-Blanks",
"pubDate": "2025-01-17T23:25:36"
},
{
"title": "【思路详解】国外蓝队是如何进行应急响应分析的?",
"link": "https://mp.weixin.qq.com/s?__biz=MzI1Mjc3NTUwMQ==&mid=2247538465&idx=1&sn=be9d41d653f37167b7530f78a136de0b",
"description": null,
"author": "教父爱分享",
"category": "教父爱分享",
"pubDate": "2025-01-17T23:14:29"
},
{
"title": "PE文件结构节表-手动添加节",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247485253&idx=1&sn=39dc9a0763069bbfcf38b060f94c41c7",
"description": null,
"author": "风铃Sec",
"category": "风铃Sec",
"pubDate": "2025-01-17T22:20:03"
},
{
"title": "SIP 绕过漏洞允许攻击者在 macOS 上安装 RootkitCVE-2024-44243",
"link": "https://mp.weixin.qq.com/s?__biz=MzUxMjc0MTE3Mw==&mid=2247494902&idx=1&sn=e942a959eb4ef9c69caf9dedbf984b16",
"description": "CVE-2024-44243 是一个 macOS 中的 SIP 绕过漏洞,允许攻击者通过修改系统文件和加载恶意内核驱动来安装 rootkit危及系统安全。",
"author": "锋刃科技",
"category": "锋刃科技",
"pubDate": "2025-01-17T22:01:16"
},
{
"title": "春秋杯WP | 2024春秋杯冬季赛第一天题目部分解析",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNDA5NjgyMg==&mid=2247501111&idx=1&sn=4a011a507eca4259d0a1847389cd3db2",
"description": "2024春秋杯冬季赛部分题目解析揭晓。",
"author": "春秋伽玛",
"category": "春秋伽玛",
"pubDate": "2025-01-17T20:59:41"
},
{
"title": "CTFSHOW渗透赛(复盘+思路延伸)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxOTU3MDY4MQ==&mid=2247484440&idx=1&sn=2b6cd12c8b579715098e5dd11dcdfc7a",
"description": "比赛一共五章设置13个FLAG本篇以此记录过程+揣测出题思路考点+进行实战案例回忆的延伸(仅供个人参考,量大管饱)",
"author": "Licharser安全之极",
"category": "Licharser安全之极",
"pubDate": "2025-01-17T20:02:14"
},
{
"title": "针对 Ivanti Connect Secure RCE 漏洞 CVE-2025-0282 发布 PoC",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0NzE4ODk1Mw==&mid=2652094624&idx=2&sn=7e81f2c4eff7aa2a747ed951a160b652",
"description": null,
"author": "网安百色",
"category": "网安百色",
"pubDate": "2025-01-17T19:51:11"
},
{
"title": "vulnhub靶场【jangow靶机】反弹shell的流量及端口选择",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxNTg1MDYxNA==&mid=2247488782&idx=1&sn=d322ab2f3e453bef192895bfda96aa5c",
"description": null,
"author": "泷羽sec-何生安全",
"category": "泷羽sec-何生安全",
"pubDate": "2025-01-17T19:09:59"
},
{
"title": "新的UEFI安全启动漏洞可能允许攻击者加载恶意Bootkit",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651312407&idx=3&sn=038818ab5651a46363c9fda9f15249d1",
"description": "允许攻击者绕过安全启动保护,在启动过程中执行不受信任的代码。",
"author": "FreeBuf",
"category": "FreeBuf",
"pubDate": "2025-01-17T19:04:11"
},
{
"title": "【安全圈】新的 UEFI 安全启动绕过漏洞使系统暴露于恶意 Bootkit",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652067425&idx=3&sn=ca5d0f47ca765e96d6aca2175ef92b2a",
"description": null,
"author": "安全圈",
"category": "安全圈",
"pubDate": "2025-01-17T19:00:48"
},
{
"title": "【漏洞通告】Rsync 缓冲区溢出漏洞(CVE-2024-12084)",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNzY5OTg2Ng==&mid=2247500636&idx=1&sn=689cf133b8d52186aea81c6dc5544f45",
"description": "一、漏洞概述漏洞名称Rsync 缓冲区溢出漏洞CVE IDCVE-2024-12084漏洞类型缓冲区溢出",
"author": "启明星辰安全简讯",
"category": "启明星辰安全简讯",
"pubDate": "2025-01-17T18:30:50"
},
{
"title": "Windwos CVE-2023-29360漏洞的研究与分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTY5NDQyMw==&mid=2247525402&idx=1&sn=7868570982251b31fc9800aa6e26e17b",
"description": null,
"author": "华为安全应急响应中心",
"category": "华为安全应急响应中心",
"pubDate": "2025-01-17T18:11:32"
},
{
"title": "【漏洞通告】疑似CVE-2024-55591POC",
"link": "https://mp.weixin.qq.com/s?__biz=MzUxMTk4OTA1NQ==&mid=2247484912&idx=1&sn=a9cf3afb132950a54b3709c905ee9737",
"description": null,
"author": "混子Hacker",
"category": "混子Hacker",
"pubDate": "2025-01-17T17:26:40"
},
{
"title": "过掉XXAPP frida检测",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5OTg5NzkwNw==&mid=2247485591&idx=1&sn=72688d4a107a0271b564730a7927cd92",
"description": null,
"author": "呼啦啦安全",
"category": "呼啦啦安全",
"pubDate": "2025-01-17T17:17:42"
},
{
"title": "CVE-2023-24860 拒绝服务攻击",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg5MDg3OTc0OA==&mid=2247489395&idx=1&sn=6e54d3c664b63cc91f2a731afdd5e39d",
"description": null,
"author": "Relay学安全",
"category": "Relay学安全",
"pubDate": "2025-01-17T17:11:15"
},
{
"title": "记一次APP加密数据包的解密过程与思路",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTA4OTI5NA==&mid=2247519610&idx=1&sn=2ce94e202fa49e255e26c87e270f65c9",
"description": "针对一次app加密数据包的分析和解密简单提供下在js中寻找加密方法的思路。",
"author": "Tide安全团队",
"category": "Tide安全团队",
"pubDate": "2025-01-17T17:00:21"
},
{
"title": "WordPress常用插件遭入侵百万网站信息或泄露",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MDYwMjE3OQ==&mid=2247486083&idx=1&sn=59da25ede2a7197a3c5374a7a132f44c",
"description": "WordPress插件W3 Total Cache存在严重漏洞攻击者可获取敏感信息影响超百万网站。",
"author": "安全威胁纵横",
"category": "安全威胁纵横",
"pubDate": "2025-01-17T16:17:54"
},
{
"title": "警惕银狐木马的传播",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3Njg1NTk5MQ==&mid=2247502466&idx=1&sn=42967e1ec6f9c1539b500a265a0fa79b",
"description": "自2023年初以来\\\\x26quot;银狐\\\\x26quot;木马活动频发,成为网络安全界关注的焦点。此木马由多个黑灰产团伙采用多种进攻策略和高级技术共同实施,主要目标是企业和机构内的管理、财务、销售及电商人员,通过精心设计和投递远控木马实施钓鱼攻击。",
"author": "搜狐安全",
"category": "搜狐安全",
"pubDate": "2025-01-17T16:07:43"
},
{
"title": "【风险提示】Rsync 缓冲区溢出与信息泄露漏洞CVE-2024-12084 / CVE-2024-12085",
"link": "https://mp.weixin.qq.com/s?__biz=MzIwMDk1MjMyMg==&mid=2247492706&idx=1&sn=764017be0e60cd7249e822c5c3170995",
"description": "检测业务是否受到此漏洞影响,请联系长亭应急服务团队!",
"author": "长亭安全应急响应中心",
"category": "长亭安全应急响应中心",
"pubDate": "2025-01-17T15:48:08"
},
{
"title": "银狐叒进化,溯源不了,清理不掉!",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247534414&idx=2&sn=73bf0833c3bb12ee08861ceb729eee8f",
"description": "不只检不出,还越来越难杀了",
"author": "数世咨询",
"category": "数世咨询",
"pubDate": "2025-01-17T15:00:56"
},
{
"title": "java代码审计常用漏洞总结",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyOTg3ODc5OA==&mid=2247484249&idx=1&sn=c25dc0a120ca4e1fb4012c1a87dc2f96",
"description": null,
"author": "骇客安全",
"category": "骇客安全",
"pubDate": "2025-01-17T14:17:53"
},
{
"title": "【漏洞预警】腾达 AC9 路由器命令注入漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5Mzc4MzUzMQ==&mid=2650260410&idx=1&sn=988abe34121c929686cc403ad733af7d",
"description": null,
"author": "骨哥说事",
"category": "骨哥说事",
"pubDate": "2025-01-17T14:00:50"
},
{
"title": "银狐叒进化?清理不掉!一线应急响应工程师教你如何手工处理",
"link": "https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484308&idx=1&sn=317866f5804db85ce8bea45bc78a6eb6",
"description": "银狐叒进化,溯源不了,清理不掉!一线应急响应工程师教你如何手工处理",
"author": "也总想挖RCE",
"category": "也总想挖RCE",
"pubDate": "2025-01-17T12:15:05"
}
]
Reference in New Issue View Git Blame Copy Permalink