Aggregator

01阅读须知此文所节选自小报童《.NET 内网实战攻防》专栏，主要内容有.NET在各个内网渗透阶段与Windows系统交互的方式和技巧，对内网和后渗透感兴趣的朋友们可以订阅该电子报刊，解锁更多的报刊内

01阅读须知此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等（包括但不限于）进行检测或维护参考，未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直

Don't let this happen to you before your next trip.gettyForget pickpockets and lost luggage. The bi

R3 RootKit病毒技术研究入门

安全分析与研究专注于全球恶意软件的分析与研究RootKit简介 RootKit是一种特殊的恶意软件，它的功能是在安装目标上隐藏自身及指定的文件、进程和网络连接等信息，比较多见到的是Rootkit一般都

A vulnerability was found in Codiad 2.4.3. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument short_name leads to cross site scripting. This vulnerability is traded as CVE-2014-9582. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

当前文章所介绍的仅仅是用于SRC当中的技巧，所以不会更深层次的利用。有回显的XXE尝试读取 /etc/passwd文件。<?xml version="1.0"?

A vulnerability was found in Aigaion 1.3.4. It has been classified as critical. Affected is an unknown function of the file indexlight.php. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2010-4503. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in PHP 4.2.3. Affected is the function phpinfo of the file soinfo.php. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2002-1954. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigno leads to sql injection. This vulnerability was named CVE-2025-0561. The attack can be initiated remotely. Furthermore, there is an exploit available.

美政府力邀 ChatGPT 产品主管出庭作证，希望增强对谷歌的反垄断指控；券商提出「猜想」声称「小米收购蔚来」，两车企高管双双否认；最新产品坠毁后，亚马逊暂停所有商业无人机配送服务

TikTok 呼吁美政府明确声明「不执行禁令」，否则将于 19 日被迫「关闭」TikTok 当地时间 1 月 17 日发布声明称，美国白宫和司法部最新声明未能向服务提供商提供必要的明确性和保证，而这些

A vulnerability was found in Skulltag. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2008-2748. The attack may be launched remotely. Furthermore, there is an exploit available.

Krueger Krueger is a Proof of Concept (PoC) .NET post-exploitation tool for remotely killing Endpoint Detection and Response (EDR) as apart of lateral movement procedures. Krueger accomplishes this task by utilizing Windows Defender Application...

The post Krueger: Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC appeared first on Penetration Testing Tools.

ShellSweep “ShellSweep” is a PowerShell/Python/Lua tool designed to detect potential webshell files in a specified directory. ShellSheep and its suite of tools calculate the entropy of file contents to estimate the likelihood of a...

The post ShellSweep: detect potential webshell files in a specified directory appeared first on Penetration Testing Tools.

What is PurpleLab? This solution will allow you to easily deploy an entire lab to create/test your detection rules, simulate logs, play tests, download and run malware and mitre attack techniques, restore the sandbox,...

The post PurpleLab: Revolutionizing Cybersecurity Testing with Speed and Simplicity appeared first on Penetration Testing Tools.

written on Sunday, January 19, 2025 When I developed Werkzeug (andlater Fl

A vulnerability classified as critical has been found in Apple tvOS up to 12.2.1. Affected is an unknown function of the component WebKit. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2019-8623. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sun JDK 1.3.1/1.4.2/1.5.0/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component BMP Image Parser. The manipulation leads to numeric error. This vulnerability is known as CVE-2007-2788. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.