Defender与svchost
Defender与svchost
Aggregator
伪装成10086官网流量的Cobalt Strike木马深度分析
5 days 11 hours ago
海量IP地址字符串转码生成shellcode、Beacon木马伪造Referer请求头为10086官网
线下活动|CiGA Game Jam 2026 广州荔湾少数派站召集令
5 days 11 hours ago
虽迟但到!CGJ2026 广州荔湾站来啦!本次活动定位为小型 Game Jam,意在复刻最经典的古早 GJ 味道,比较放松,没有评比环节,只有公园、音乐、猫咪、饮品、讨论交流和分享!做人呐,最重要是开
甲骨文调整永久免费套餐资源上限 超限自动关闭以及按量付费将产生费用
5 days 11 hours ago
2026年6月15日 10:59云计算, 科技资讯00.58K
泛微e9分析思路
5 days 11 hours ago
本文基于泛微e9(9.00.210804版本),系统阐述OA系统的安全审计方法。文章涵盖环境搭建、六大类路由(/weaver/、/api/、/services/*、/dwr/*等)的分析,详细剖析SecurityMain安全过滤机制、XssRequestWeblogic参数过滤、登录绕过等技术要点。通过FileDownloadLocation文件读取、browser.jsp SQL注入等实战案例,
【漏洞通告】Nginx远程代码执行漏洞(CVE-2026-42945)
5 days 11 hours ago
阅读: 6通告编号 NS-2026-00152026-05-14TAG:Nginx、ngx_http_rewrite_
速速自查!500stars 云利用工具投毒分析
5 days 11 hours ago
云 AccessKey 利用工具集投毒
【已复现】Linux内核Fragnesia权限提升漏洞(CVE-2026-46300)
5 days 11 hours ago
阅读: 1通告编号 NS-2026-00142026-05-14TAG:Linux、kernel、CVE-2026-46300漏洞危害:
copy failed 原理详解
5 days 11 hours ago
Copy Fail (CVE-2026-31431) 是 Linux 内核身份验证加密模块中的一个逻辑错误。它允许**非特权用户向任意可读文件的页缓存中写入 4 字节的任意数据,并且支持多次写入**
AMSI对抗技术
5 days 11 hours ago
AMSI对抗技术
伪装为HelloGPT安装程序的银狐木马样本分析
5 days 11 hours ago
在野银狐样本分析
JDK 21 反序列化过滤器绕过与 Post-TemplatesImpl 利用链构造
5 days 11 hours ago
Java 反序列化、ObjectInputFilter、JEP 415、Gadget Chain、JDK 21、绕过技术、SignedObject
提示词注入原理及注入开源模型的一种特定手法
5 days 11 hours ago
简单讲讲chat_template。
ASM 劫持:绕过、篡改与无痕驻留
5 days 11 hours ago
通过Attach API动态注入Agent,利用ASM在字节码层面改写目标类的方法体,实现认证逻辑的运行时绕过、业务逻辑的精确篡改,以及Agent自身的无痕持久化。
NSO Group WhatsApp Attack: Meta Exposes New Spyware Exploits
5 days 11 hours ago
In the mercenary realm of commercial surveillance, judicial injunctions rarely deter those who have engineered lucrative empires upon human vulnerabilities. Recently, Meta disclosed audacious new attempts by the notorious NSO Group to compromise WhatsApp...
The post NSO Group WhatsApp Attack: Meta Exposes New Spyware Exploits appeared first on Information Security News.
ddos
复现 ICLR 2026 在审《TrojanPraise》:从 12% 到 42% 的 LoRA 越狱调参实战
5 days 11 hours ago
一个越狱调参实验
【漏洞研究】多层内容解析链引发的 XSS 语义错位绕过及根因分析
5 days 11 hours ago
在 Markdown、公式渲染等富内容处理场景下,由于第三方组件与浏览器底层(HTML、URL、JS 解析器)在实体解码、协议提取和规范化处理上存在机制差异,极易引发解析层面的语义错位,导致了XSS防御体系的 Bypass
Critical Ivanti Sentry Exploit Endangers Corporate Gateways
5 days 11 hours ago
A single day of delayed patching could transform a corporate security gateway into a highly convenient ingress point for malicious actors. Shadowserver experts recently reported massive exploitation attempts targeting a critical Ivanti Sentry vulnerability....
The post Critical Ivanti Sentry Exploit Endangers Corporate Gateways appeared first on Information Security News.
ddos
提示词注入也能获得上万美元赏金?Gemini App 漏洞分析
5 days 11 hours ago
分析最近 Gemini App 的两个间接提示词注入漏洞,总结间接提示词注入实战攻击手法
Apple Container Machines Bring Linux to Mac
5 days 11 hours ago
Apple wants to make life easier for developers who write code on a Mac but deploy their finished applications to Linux. At WWDC, the company introduced container machines. These are persistent Linux virtual machines...
The post Apple Container Machines Bring Linux to Mac appeared first on Information Security News.
ddos