渗透技巧
[代码审计] 某盗U/发卡系统 不知道是几day
请遵守法律法规,合法冲浪本文仅作知识分享用一切直接或间接由于本文所造成的后果与本人无关系统简介2024最新UI发卡盗U/支持多语言/更新UI界面/支持多个主流...
Cookie-Monster – BOF To Steal Browser Cookies & Credentials
Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser proces...
How Did I Easily Find Stored XSS at Apple And Earn $5000 ?
Hello there ! Today we’ll talk about stored XSS which I found in Apple. Without further ado let’s get into it ! 嗨,你好!今天我们将讨论我在Apple中...
How I Discovered an RCE Vulnerability in Tesla, Securing a $10,000 Bounty
Myself: 本人: Hello folks, I hope you are all doing well. I am Raguraman (https://www.linkedin.com/in/raguramanhacker/), a Security Researcher, Bu...
pgAdmin 8.3 Remote Code Execution
pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded...
How I Prevented a Mass Data Breach – $15,000 bounty – @bxmbn
In July 2023, I received an invite of a significant bug bounty program, with massive assets in-scope, my approach mirrored what I typically do when...
The Windows Registry Adventure #1: Introduction and research results
In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. ...
Windows主机入侵检测与防御内核技术深入解析
一第1章内网安全与主机防御 1.1复杂问题的简单起源 一切起源于很多年前的一个下午,办公室里的电脑刚经过大规模的折腾...
使用 VIM 进行代码审计
作为一个安服仔,代码审计是一项必备的技能。说好听点是 code review,说直白点就是看代码。说起代码审计这件事,大家都比较关注 source、sink、漏洞模式,而...
Progress Flowmon 任意命令执行漏洞 CVE-2024-2389
漏洞名称Progress Flowmon 任意命令执行漏洞 CVE-2024-2389漏洞复现1、替换需要执行的命令,发送请求GET /service.pdfs/confluence?lang=en&file=`ping d...