.NET 内网攻防实战电子报刊
01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了,引入小报童也是为了弥补知识星球
Aggregator
Sharp4Shell:.NET 一款集交互与横向于一体的内网渗透神器
8 months 2 weeks ago
CVE-2025-33063 | Microsoft Windows up to Server 2025 Storage Management Provider out-of-bounds (EUVD-2025-17773)
8 months 2 weeks ago
A vulnerability has been found in Microsoft Windows and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Storage Management Provider. The manipulation leads to out-of-bounds read.
This vulnerability is known as CVE-2025-33063. Attacking locally is a requirement. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-24065 | Microsoft Windows up to Server 2025 Storage Management Provider out-of-bounds (EUVD-2025-17747)
8 months 2 weeks ago
A vulnerability classified as problematic was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Storage Management Provider. The manipulation leads to out-of-bounds read.
This vulnerability is known as CVE-2025-24065. Attacking locally is a requirement. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-24069 | Microsoft Windows up to Server 2025 Storage Management Provider out-of-bounds (EUVD-2025-17748)
8 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Microsoft Windows. This affects an unknown part of the component Storage Management Provider. The manipulation leads to out-of-bounds read.
This vulnerability is uniquely identified as CVE-2025-24069. The attack needs to be approached locally. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-47969 | Microsoft Windows 11 22H2/11 23H2/11 24H2/Server 2025 Virtualization-Based Security information disclosure (EUVD-2025-17767)
8 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Microsoft Windows 11 22H2/11 23H2/11 24H2/Server 2025. This issue affects some unknown processing of the component Virtualization-Based Security. The manipulation leads to information disclosure.
The identification of this vulnerability is CVE-2025-47969. Local access is required to approach this attack. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-33050 | Microsoft Windows DHCP Server Service protection mechanism (EUVD-2025-17745)
8 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 2022 23H2/Server 2025. Affected by this issue is some unknown functionality of the component DHCP Server Service. The manipulation leads to protection mechanism failure.
This vulnerability is handled as CVE-2025-33050. The attack may be launched remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-33057 | Microsoft Windows up to Server 2025 Local Security Authority null pointer dereference (EUVD-2025-17741)
8 months 2 weeks ago
A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Local Security Authority. The manipulation leads to null pointer dereference.
This vulnerability is known as CVE-2025-33057. The attack can be launched remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-33069 | Microsoft Windows 11 24H2/Server 2025 App Control for Business signature verification (EUVD-2025-17739)
8 months 2 weeks ago
A vulnerability classified as problematic was found in Microsoft Windows 11 24H2/Server 2025. Affected by this vulnerability is an unknown functionality of the component App Control for Business. The manipulation leads to improper verification of cryptographic signature.
This vulnerability is known as CVE-2025-33069. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-40912 | MIK CryptX up to 0.064 on Perl LibTomCrypt vulnerable third-party component (Issue 507 / EUVD-2025-18140)
8 months 2 weeks ago
A vulnerability was found in MIK CryptX up to 0.064 on Perl. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component LibTomCrypt. The manipulation leads to dependency on vulnerable third-party component.
This vulnerability is known as CVE-2025-40912. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
某红队高级免杀样本分析
8 months 2 weeks ago
某红队高级免杀样本分析
撕掉“银狐们”的“隐身衣”:黑产猎人,上线!
8 months 2 weeks ago
黑产猎人,Go!
cyberstrikelab-Lab9靶机 WP
8 months 2 weeks ago
该挑战涉及三个阶段渗透测试:首先利用CMSeasy SQL注入获取管理员账号并上传webshell获取flag01;然后搭建内网代理,利用SMB弱口令(administrator:qwe123!@#)获取域内机器用户凭证获得flag02;最后利用AD-CS漏洞,创建虚假机器账号申请证书,执行DCSync获取域控administrator哈希,成功拿下flag03。整个过程展示了完整的域渗透技巧链。
ChatGPT o3 API 80% price drop has no impact on performance
8 months 2 weeks ago
ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance. [...]
Mayank Parmar
【资讯】全球特定国家每日动态2025.6.11
8 months 2 weeks ago
各国动态既反映了全球化时代国家发展的共性(外交合作、经济改革、应对安全挑战),又因地缘位置、资源条件、政权特性等因素呈现差异化路径。改革与合作的推进速度、内部矛盾的解决能力,将决定各国未来在全球格局中的定位。
【技巧】情报分析师如何使用马甲账户?
8 months 2 weeks ago
什么是马甲?马甲,也称为研究账户,是一种在线虚构身份,用于掩盖 OSINT 调查员的真实身份并获取需要账户才能访问的信息。
企业数字化水平评测如何开展?威努特整体能力解读对标
8 months 2 weeks ago
威努特全线能力支撑企业数字化测评、数字化转型的要求。
大模型AI Infra安全威胁(一)
8 months 2 weeks ago
AI Infra安全问题不仅局限于单个模型或系统组件的防护,而是需要从整体架构设计出发,构建一种纵深防御(defense-in-depth)机制。这包括基于零信任的访问控制体系、多模态输入的恶意检测机制、安全的模型推理隔离技术,以及可信执行环境(TEE)、联邦学习框架下的隐私保护协议等
一场由迪奥包引发的蒙古国权力雪崩
8 months 2 weeks ago
2025年6月3日深夜,蒙古国议会大厦的灯光刺破乌兰巴托的夜空。当计票器定格在"44:38"的瞬间,执政四年
Telegram的阴影:当"最安全"的通讯工具成为情报蜜罐
8 months 2 weeks ago
本文约3960字,预计阅读时间11分钟。一项震撼全球的调查揭露了令人震惊的真相。