N海莲花(APT-Q-31)组织数字武器Rust加载器技术分析

团伙背景海莲花,又名OceanLotus、APT32,奇安信内部跟踪编号APT-Q-31,是由奇安信威胁情报中心最早披露并命名的一个APT组织。自2012年4月起,海莲花针对中国...

NChaMd5 Team 00后登上国际安全顶会BlackHat!

日前,全球顶尖安全技术会议BlackHat Asia在新加坡召开,ChaMd5 Team成员zhefox受邀参会并作主题演讲。 议题介绍 《A Glimpse Into The Protocol: Fuzz Wind...

NCompiler Bugs

EVM是运行Solidity编译出来的Bytecode,如果编译器出问题,造成的结果是毁灭性的(比如之前的Vyper编译器安全事件)。Solidity编译器也在不断更新迭代,我们这...

N代理(ATT&CK篇)

前言大家好,我是Alphabug。时隔许久未写文章,加上最近有很多朋友问我,渗透过程中如何搭建C2代理,以及一些相关原理的问题。于是乎我计划写几篇关于C2代理...

NCVE-2024-24576 Windows 下多语言命令注入漏洞分析

近期来自 Flatt Security Inc. 的 RyotaK 披露了 Windows 下多个编程语言的命令注入漏洞(漏洞被命名为 BatBadBut),其中 Rust 语言对应的漏洞编号为 CVE-20...

NRay OS 2.6.3 Command Injection

# Exploit Title: Ray OS v2.6.3 - Command Injection RCE(Unauthorized) # Description: # The Ray Project dashboard contains a CPU profiling page, and...

NMoodle 3.10.1 – Authenticated Blind Time-Based SQL Injection – “sort” parameter

# Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - 'sort' Parameter # Google Dork: # Date: 04/11/2023 # Exploit Author: Julio ...

NOnline Fire Reporting System OFRS – SQL Injection Authentication Bypass

# Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass # Date: 02/10/2024 # Exploit Author: Diyar Saadi # Vendor Homepag...

NHow a Race Condition Vulnerability Could Cast Multiple Votes

This blog was originally posted on Medium by Dane Sherrets. 这篇博客最初由Dane Sherrets发表在Medium上。 Race condition vulnerabilities make up...

NSoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception...
1 2 3 1,043