| 2024-09-20 |
The real slim shady || Ivanti Endpoint Manager (EPM) Pre-Auth RCE |
|
|
| 2024-09-18 |
解密 ClassFinal 加密的 Java Jar 包 |
|
|
| 2024-09-12 |
Introducing the URL validation bypass cheat sheet |
|
|
| 2024-09-11 |
Tomcat CVE-2024-21733漏洞简单复现、分析 |
|
|
| 2024-09-06 |
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed) |
|
|
| 2024-08-28 |
Splitting the email atom: exploiting parsers to bypass access controls |
|
|
| 2024-08-28 |
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail |
|
|
| 2024-08-28 |
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle |
|
|
| 2024-08-28 |
SaaS多租户自动化渗透平台-架构笔记 |
|
|
| 2024-08-28 |
CTF - 羊城Web题解(近况) |
|
|
| 2024-08-26 |
xrecon is a powerful web fingerprinting tool with CDN detection capabilities |
|
|
| 2024-08-25 |
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! |
|
|
| 2024-08-25 |
A Patchdiffing Journey – TP-Link Omada |
|
|
| 2024-08-25 |
Gotta cache 'em all: bending the rules of web cache exploitation |
|
|
| 2024-08-25 |
Google Chrome 123 RCE |
|
|
| 2024-08-23 |
Rethinking the Security Threats of Stale DNS Glue Records |
|
|
| 2024-08-22 |
魔形女再袭?最新Android通杀漏洞CVE-2024-31317分析与利用研究 |
|
|
| 2024-08-16 |
如何巧妙构建“LDAPS”服务器利用JNDI注入 |
|
|
| 2024-08-15 |
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE |
|
|
| 2024-08-11 |
详解:L4LB四层负载均衡IP伪造漏洞 |
|
|
| 2024-08-08 |
XenForo RCE via CSRF |
|
|
| 2024-08-08 |
SonicWall SMA100 Stored XSS to RCE |
|
|
| 2024-08-08 |
Listen to the whispers: web timing attacks that actually work |
|
|
| 2024-08-07 |
From opcode to code: how AI chatbots can help with decompilation |
|
|
| 2024-08-07 |
结合 Jimureport 的某个漏洞披露看 Aviator 表达式注入 |
|
|
| 2024-08-07 |
从零开始搭建本地安全 AI 大模型攻防知识库 |
|
|
| 2024-07-31 |
Becoming any Android app via Zygote command injection |
|
|
| 2024-07-26 |
JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory |
|
|
| 2024-07-25 |
CVE-2024-36401 JDK 11-22 通杀内存马 |
|
|
| 2024-07-24 |
wb近期流传漏洞-验真情报合集 |
|
|
| 2024-07-22 |
使用eUICC卡片将手机变成eSIM手机 |
|
|
| 2024-07-20 |
复盘《CrowdStrike技术故障引起Windows系统蓝屏导致全球航空、银行等行业大规模服务中断事件》 |
|
|
| 2024-07-19 |
首发0day-1Panel面板最新前台RCE漏洞(内附Poc) |
|
|
| 2024-07-19 |
最近CDN供应链事件的曲折分析与应对-业务安全 |
|
|
| 2024-07-17 |
网络安全求职宝典(2024开源版) |
|
|
| 2024-07-16 |
供应链投毒后,我们的选择还剩下哪些? |
|
|
| 2024-07-16 |
Chaining Three Bugs to Access All Your ServiceNow Data |
|
|
| 2024-07-16 |
实战攻防中高版本JDK反射类加载浅析 |
|
|
| 2024-07-14 |
价值75K刀的Sei Protocol漏洞分享 |
|
|
| 2024-07-12 |
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution |
|
|
| 2024-07-10 |
Google CTF 2024 Quals Writeups |
|
|
| 2024-07-10 |
Python Web内存马多框架植入技术详解 |
|
|
| 2024-07-04 |
GeoServer property RCE注入内存马 |
|
|
| 2024-07-04 |
关于 "CVE-2024-2961 glibc iconv exploitation (part 2)" 注解 |
|
|
| 2024-07-02 |
Phishing or What?? How I Got Access to the Internal Email of a Company |
|
|
| 2024-07-02 |
Inside Xerox WorkCentre: Two Unauthenticated RCEs |
|
|
| 2024-06-27 |
MongoDB NoSQL Injection with Aggregation Pipelines |
|
|
| 2024-06-27 |
Swagger API Exploit 1.2 |
|
|
| 2024-06-27 |
Ransacking your password reset tokens |
|
|
| 2024-06-26 |
plORMbing your Django ORM |
|
|
| 2024-06-26 |
How I Was Paid $9,000 for a Critical Vulnerability in Adobe Commerce (CVE-2024-34102) |
|
|
| 2024-06-26 |
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) |
|
|
| 2024-06-18 |
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2) |
|
|
| 2024-06-18 |
加密程序:如何应对勒索软件攻击 |
|
|
| 2024-06-18 |
利用codeql查找hsqldb2.7.3最新反序列化链 |
|
|
| 2024-06-18 |
Exploiting (GH-13690) mt_rand in php in 2024 |
|
|
| 2024-06-18 |
XML 相关漏洞风险研究 |
|
|
| 2024-06-18 |
Mitmproxy 数据包解密实战篇 |
|
|
| 2024-06-12 |
网络安全面试指南 |
|
|
| 2024-06-12 |
记一次离谱的内存马 GetShell |
|
|
| 2024-06-07 |
No Way, PHP Strikes Again! (CVE-2024-4577) |
|
|
| 2024-06-06 |
掘金滑块验证码安全升级,继续破解 |
|
|
| 2024-06-06 |
使用前端技术破解掘金滑块验证码 |
|
|
| 2024-06-05 |
Check Point - Wrong Check Point (CVE-2024-24919) |
|
|
| 2024-06-04 |
使用Coze平台对Github Star项目进行分析推送 |
|
|
| 2024-06-04 |
Molding lies into reality || Exploiting CVE-2024-4358 |
|
|
| 2024-06-04 |
CVE-2024-2961:将php://filter任意文件读取提升为远程代码执行(RCE) |
|
|
| 2024-06-03 |
Real World CTF 6th Router4 writeup |
|
|
| 2024-06-03 |
Aj-report 二次就业 |
|
|
| 2024-06-01 |
pen4uin/java-memshell-generator: 一款支持高度自定义的 Java 内存马生成工具 |
|
|
| 2024-05-31 |
Diving deep into Jetbrains TeamCity Part 1 - Analysing CVE-2024-23917 leading to Authentication Bypass |
|
|
| 2024-05-29 |
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks |
|
|
| 2024-05-29 |
Smuggler’s Gambit: Uncovering HTML Smuggling Adversary in the Middle Tradecraft |
|
|
| 2024-05-29 |
Hacking NASA: Critical SSRF + Subdomain Takeover + XSS |
|
|
| 2024-05-28 |
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1) |
|
|
| 2024-05-27 |
Windows 与 Java 环境下的 Redis 利用分析 |
|
|
| 2024-05-27 |
通过 Java Fuzzing 挖掘 Nexus Repository 3 目录穿越漏洞 (CVE-2024-4956) |
|
|
| 2024-05-27 |
Electron Math: 8 Million User Note App Stored XSS -> RCE bypassing nodeintegration via preload.js in electron |
|
|
| 2024-05-27 |
Modern WAF Bypass Techniques on Large Attack Surfaces |
|
|
| 2024-05-23 |
Getting XXE in Web Browsers using ChatGPT |
|
|
| 2024-05-21 |
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js |
|
|
| 2024-05-21 |
我对AI大模型安全的一些探索 |
|
|
| 2024-05-21 |
新版Flask框架下用钩子函数实现内存马的方式 |
|
|
| 2024-05-20 |
调用 ELF 文件任意函数的几种方式 |
|
|
| 2024-05-20 |
某航空WIFI破解,无限制空中上网 |
|
|
| 2024-05-20 |
xz-utils后门漏洞(CVE-2024-3094)学习 |
|
|
| 2024-05-20 |
浅析H3C-CAS虚拟化管理系统权限绕过致文件上传漏洞 |
|
|
| 2024-05-20 |
Vultrap: Build a vulnerability trap server |
|
|
| 2024-05-20 |
以安全的视角浅谈新生代专为AI设计的语言Mojo |
|
|
| 2024-05-07 |
Devfile file write vulnerability in GitLab |
|
|
| 2024-05-07 |
Telegram Web app XSS/Session Hijacking 1-click [CVE-2024–33905] |
|
|
| 2024-05-06 |
The Monsters in Your Build Cache – GitHub Actions Cache Poisoning |
|
|
| 2024-05-06 |
Send()-ing Myself Belated Christmas Gifts - GitHub.com's Environment Variables & GHES Shell |
|
|
| 2024-05-05 |
JDK 17+ FreeMarker SSTI:从 CVE-2023-4450 复现引出 MethodHandle 句柄、named module 机制研究 |
|
|
| 2024-05-03 |
Java 应用安全之 JEB Floating License 绕过 |
|
|
| 2024-04-30 |
云上黑暗森林:打爆云账单,只需要S3桶名 |
|
|
| 2024-04-27 |
NTFS Filesystem: Alternate Data Stream (ADS) |
|
|
| 2024-04-27 |
Rust下的二进制漏洞 CVE-2024-27284 分析 |
|
|
| 2024-04-27 |
CrushFTP后利用提权分析(CVE-2024-4040) |
|
|
| 2024-04-27 |
浅析CrushFTP之VFS逃逸 |
|
|
