每日安全动态推送(3-1)
Tencent Security Xuanwu Lab Daily News• ? CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK (found via automated binary anal...
Reverse-engineering the ModR/M addressing microcode in the Intel 8086 processor
One interesting aspect of a computer's instruction set is its addressing modes, how the computer determines the address for a memory access. The In...
Issue 2373: Arm Mali CSF: kbase_kcpu_command_queue UAF in kbase_csf_kcpu_queue_enqueue()
Tested version VX504X08X-SW-99002-r40p0-01eac0. Tested using CONFIG_MALI_NO_MALI on X86-64. kbase_csf_kcpu_queue_enqueue() locks the kctx->csf....
CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK
Disclosure timeline May 26, 2022: BugProve reports the issue to Silicon Labs. May 26, 2022: Silicon Labs acknowledges the issue. Aug 3, 2022: Silic...
Using HDMI radio interference for high-speed data transfer
This story, too, begins with noise. I was browsing the radio waves with a software radio, looking for mysteries to accompany my ginger tea. I had s...
推荐系统[四]:精排-详解排序算法LTRpoitwise, pairwise, listwise相关评价指标,超详细知识指南。
0.前言召回排序流程策略算法简介推荐可分为以下四个流程,分别是召回、粗排、精排以及重排:召回是源头,在某种意义上决定着整个推荐的天花板;粗排是初筛,...
【技术分享】利用注意力过滤网络检测音频重放攻击
攻击者可能会使用各种技术来欺骗自动语音验证系统( automatic speaker verifification),以使其接受他们为真实用户。同时,反欺骗方法旨在使系统能够抵御此...
Relaying Everything: Coercing Authentications Episode 1 – MSSQL
Somedays ago, we’ve updated mssqlclient[.]py, adding many new commands. One of them, the xp_dirtree option, allows us to coerce incoming NTLM authe...
A New Vector For “Dirty” Arbitrary File Write to RCE
Arbitrary file write (AFW) vulnerabilities in web application uploads can be a powerful tool for an attacker, potentially allowing them to escalate...
Malware Dev 01 – 免杀之 PPID Spoofing 原理解析
写在最前 如果你是信息安全爱好者,如果你想考一些证书来提升自己的能力,那么欢迎大家来我的 Discord 频道 Northern Bay。邀请链接在这里: https://discor...