渗透技巧

NQR Code Phishing with EvilGophish

In the evolving landscape of cybersecurity, adversaries are continually seeking innovative methods to bypass traditional security measures. One suc...

NJoomla: PHP Bug Introduces Multiple XSS Vulnerabilities

Key Information 关键信息 Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Con...

N每日安全动态推送(2-28)

Tencent Security Xuanwu Lab Daily News• Nullcon Goa 2023 | Self-Signed, Why Not! Exploiting Insecure Certificate Validation In iOS And macOS:h...

NKeylogging in the Windows kernel with undocumented data structures

If you are into rootkits and offensive windows kernel driver development, you have probably watched the talk Close Encounters of the Advanced Persi...

NHello Lucee! Let us hack Apple again?

Last year we conducted an in-depth analysis of multiple vulnerabilities within Adobe ColdFusion, we derived valuable insights, one of which revolve...

NLeaking ObjRefs to Exploit HTTP .NET Remoting

Although already considered deprecated in 2009, .NET Remoting is still around. Even where developers might not expect it such as in ASP.NET web app...

N(CVE-2024-21644)Pyload Flask 配置信息泄露漏洞(附POC)

声明:该公众号大部分文章来自作者日常学习,也有部分文章是经过作者授权和其他公众号白名单转载,未经授权,严禁转载,如需转载,联系SheYin。请勿利用文章...

N分析 CVE-2023-51467 – Apache OFBiz 身份验证绕过远程代码执行

介绍Apache OFBiz 是一种开源企业资源规划 (ERP) 解决方案,具有一套旨在简化和自动化各种业务流程的应用程序。值得注意的是,最近的一项发现揭示了 Apache O...

N由ECDSA签名延展性产生的重放

○ 介绍签名延展性指的是:网络中的任何中继节点,不需要获取对应交易的私钥, 而修改该交易签名的能力。而ECDSA自身的签名延展性是指其自身具有延展性,因为...

N简单看下最近的Spring Secrutity、Spring漏洞(CVE-2024-22234、CVE-2024-22243)

最近的这两个cve我看国内很多情报将其评为高危,所以想着去看看原理,看完发现都比较简单,利用要求的场景也相对有限(特别是第一个),所以就随便看下就行了Sp...
1 2 3 408