渗透技巧
NCVE-2024-20697: WINDOWS LIBARCHIVE REMOTE CODE EXECUTION VULNERABILITY
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Jason McFadyen of the Trend Micro Research ...
NPassbolt: a bold use of HaveIBeenPwned
Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in ...
NFake Dialog Boxes to Make Malware More Convincing
Let’s explore how SpiderLabs created and incorporated user prompts, specifically Windows dialog boxes into its malware loader to make it more convi...
NEvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile
Introduction 介绍 Bots pose a significant threat to the integrity of phishing infrastructure, primarily by automating detection and counter...
NCreateRCE — Yet Another Vulnerability in CreateUri
Akamai researcher Ben Barnea found a critical vulnerability in Microsoft Windows, which was assigned CVE-2023-35628. Akamai 研究员 Ben Barnea 在 Mi...
NBGPWatch — BGP路由分析和诊断平台
PART.1简介本文将介绍BGPWatch,一个提供详细全面BGP路由分析信息和诊断信息的平台。BGPWatch能够展示BGP路由的全面状况,提供与路由劫持相关事件的信息,识...
N进程命令行参数欺骗
本期作者/ shadow攻击者可以通过修改进程内存来伪造可疑程序的命令行参数信息。当通过命令行执行相关命令时,分析人员使用诸如 Procmon,Process Hacker...
N内容劫持 | Electron 安全
0x00 提醒 之前的一篇Electron 安全与你我息息相关文章非常的长,虽然提供了 PDF 版本,但还是导致很多人仅仅是点开看了一下,完读率大概 7.95% 左右,但那篇...
N凭据获取之浏览器
作者:Mac.Asure 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:[email protected] 1. 前言 本文介绍提取三种常见浏览器Pass...
N实战环境中的Redis 延时注入
实战环境中 Redis 延时注入由于传播、利用本公众号所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,本公众号及作者不为此承担任何责...