Aggregator

提取SSH通信会话密钥、利用会话密钥对SSH加密数据进行解密

Submit #664984 / VDB-327317

Submit #664982 / VDB-327316

Submit #664974 / VDB-327315

Submit #664970 / VDB-327314

Submit #664969 / VDB-327313

Submit #664983 / VDB-155560

Submit #664981 / VDB-257668

Submit #664980 / VDB-257663

Submit #664975 / VDB-158963

Submit #664922 / VDB-327312

这篇文章开始给师傅们演示了下资产收集的过程，从对一个目标站点的信息收集再到对该资产站点的渗透测试，给师傅们分享了几个RCE漏洞的过程，还有之前一个前台SQL注入的案例，包括后面利用JS接口文档，找到对应的阿里云AK/SK泄露，再利用CF进行root权限接管，还有就是JWT爆破相关导致未授权的漏洞，最后面给师傅们分享下隐私合约的漏洞。

本文详解NTFS备用数据流特性，探讨其在隐蔽存储、绕过检测中的应用，并结合CVE-2025-8088分析通过WinRAR路径遍历实现ADS自动执行的方法。

FBI Assistant Director Brett Leatherman said “this is ‘stop-what-you’re-doing and patch immediately’ vulnerability.”

Perimeter Leak题目描述After weeks of exploits and privilege escalation you've gained access to what you hope is the final server that you can then use to extract out the secret flag from an S3 bucket.It w

文剖析AI越狱的五类组合攻击技术，结合历史与政治敏感场景，揭示生成式AI安全机制的脆弱性及防御挑战。

A vulnerability has been found in Mozilla Firefox and classified as critical. This issue affects the function document.write of the component DOM. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2010-3765. The attack is possible to be carried out remotely. Moreover, an exploit is present. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Microsoft Windows 7/Server 2003/Server 2008/Vista/XP. Affected by this vulnerability is an unknown functionality of the component TrueType Font Handling. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2011-3402. The attack is possible to be carried out remotely. Moreover, an exploit is present. Applying a patch is the recommended action to fix this issue.