Aggregator

DarkCloud Stealer是一款由vc6编写信息窃取程序，本文对其一个样本进行分析后发现，攻击者通过多重内存反射加载试图绕过杀软。

工具脚本、批量探测

mobileISCC mobile 邦布出击安装apk点击右下角的按钮，进入图鉴界面，百度各种邦布的种类，一个一个试，可以得到三段base64加密的文本邦布图鉴 - 绝区零WIKI_BWIKI_哔哩哔哩然后将三段base64拼接起来，循环解码三次base64得到一串明文尝试打开解压得到的db文件，提示非数据库文件，经查询是经过sqlcipher加密，那么此前得到的明文应该就是解密的keyflag是

分析高版本Fastjson组件getter调用过程中的限制成因，以及一步步尝试探索通过动态代理技术代理安全接口，规避Fastjson对危险类的黑名单检查，使反序列化时通过代理接口转发调用到恶意类的getter方法（如TemplatesImpl的getOutputProperties），从而绕过黑名单限制触发漏洞。

先知社区Q&A

2025ISCCpwn合集

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been classified as critical. Affected is the function __scm_smc_call. The manipulation of the argument __scm leads to null pointer dereference. This vulnerability is traded as CVE-2024-57985. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.10.234/6.6.82/6.12.17/6.13.5. Affected is the function early_memmap of the file mm/early_ioremap.c. The manipulation leads to excessive iteration. This vulnerability is traded as CVE-2025-21872. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1. This issue affects the function cpu_stop_signal_done of the component hrtimers. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-21816. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been classified as problematic. Affected is an unknown function of the component io_uring. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-21863. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.17/6.13.5. This affects an unknown part of the component bnxt_re. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-21885. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3 and classified as critical. This issue affects the function bpf_local_storage_map_free. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2024-58088. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.16/6.13.4/6.14-rc3. It has been rated as critical. Affected by this issue is the function arena_map_free. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2025-21851. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.16/6.13.4. Affected by this issue is the function copy_to_kernel_nofault of the component Kernel Memory Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-21869. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2 and classified as critical. This vulnerability affects unknown code of the component etas_es58x. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-21773. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2. Affected by this vulnerability is the function io_buffer_list of the component io_uring. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-21836. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.80/6.12.17/6.13.5 and classified as problematic. Affected by this issue is the function perf_iterate_ctx. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-21889. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2 and classified as critical. Affected by this issue is some unknown functionality of the component sn-f-ospi. The manipulation leads to divide by zero. This vulnerability is handled as CVE-2025-21793. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. This affects the function vsock_proto::psock_update_sk_prot. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21854. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. It has been declared as critical. Affected by this vulnerability is the function winwing_init_led. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-58021. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.