NHow I Prevented a Mass Data Breach – $15,000 bounty – @bxmbn
In July 2023, I received an invite of a significant bug bounty program, with massive assets in-scope, my approach mirrored what I typically do when...
NThe Windows Registry Adventure #1: Introduction and research results
In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. ...
NNo, LLM Agents can not Autonomously Exploit One-day Vulnerabilities
I recently came across media coverage of a research paper titled LLM Agents can Autonomously Exploit One-day Vulnerabilities. This paper is from th...
NHow hackers can read your chats with ChatGPT or Microsoft Copilot
What information can be extracted from intercepted AI chatbot messages? 可以从截获的 AI 聊天机器人消息中提取哪些信息? Naturally, chatbots send mes...
NSifting through the spines: identifying (potential) Cactus ransomware victims
This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Q...
NWindows主机入侵检测与防御内核技术深入解析
一第1章内网安全与主机防御 1.1复杂问题的简单起源 一切起源于很多年前的一个下午,办公室里的电脑刚经过大规模的折腾...
N使用 VIM 进行代码审计
作为一个安服仔,代码审计是一项必备的技能。说好听点是 code review,说直白点就是看代码。说起代码审计这件事,大家都比较关注 source、sink、漏洞模式,而...
N第十五届蓝桥杯大赛网络安全赛项个人赛Writeup
爬虫协议题目内容:小蓝同学在开发网站时了解到了一个爬虫协议,该协议指网站可建立一个特别的txt文件来告诉搜索引擎哪些页面可以抓取,哪些页面不能抓取,而...
N二次注入简单介绍
基本介绍这里所谓的二次注入其实就是将可能导致SQL注入的字符先存入到数据库中,而当我们再次调用这个恶意构造的字符时就可以触发SQL注入,这一种注入在平时...
Nparadigm 2022 ctf ——Hint-finance
题目分析题目提供了三个合约,要求我们调用isSolved函数成功返回true。要求我们拿走金库中百分之九十九的初始代币,也就是题目提供的三个代币地址,根据Ether...