Aggregator

Kimsuky攻击活动利用RDP漏洞与恶意软件实施定向渗透；APT29 再次针对欧洲外交官发起网络钓鱼攻击；Slow Pisces 使用新的定制 Python 恶意软件瞄准开发者；DarkHotel 组织最新 RPC 攻击组件披露

Windows漏洞CVE-2025-24054遭活跃利用，攻击者通过文件下载窃取NTLM凭据！

Hobbits Hobbits is a software platform for analyzing, processing and visualizing bits. The Hobbits GUI is the central tool of the platform and will be the primary focus of this document. The Hobbits Runner...

The post hobbits: multi-platform GUI for bit-based analysis, processing, and visualization appeared first on Penetration Testing Tools.

Nemesis Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data...

The post Nemesis: An offensive data enrichment pipeline appeared first on Penetration Testing Tools.

上一年雖然止步於初賽，但之後找了時間復現了一下決賽，大概花了2、3周才復現完( 還是在有文章參考的情況下 )，內容很多，大致包括保護分析、vm分析、透視、自瞄實現。今年的決賽比較不同，他給了2種外掛，考察的是外掛功能的分析和外掛檢測，如下圖

上一年雖然止步於初賽，但之後找了時間復現了一下決賽，大概花了2、3周才復現完( 還是在有文章參考的情況下 )，內容很多，大致包括保護分析、vm分析、透視、自瞄實現。今年的決賽比較不同，他給了2種外掛，考察的是外掛功能的分析和外掛檢測，如下圖

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Canadian Cyber Agency Warns of Rising Chinese Cyberthreats.
The Canadian Center for Cybersecurity on Tuesday said it has observed "increasing levels" of malicious cyberactivity from China-linked hackers, including the group tracked Salt Typhoon. Exposed edge devices are at risk of attacks can be detected through mass scanning.

Researchers Say Chinese Mobile Route Firms Dominate Global Interconnect Industry
A report warns U.S. allies and countries across the globe are using Chinese-owned and controlled mobile routing firms in a move that could risk national security interests and potentially expose billions of users to passive and active surveillance from Beijing.

Case Resolves HHS OCR Scrutiny of Two Security Incidents
A Guam public hospital has agreed to pay federal regulators $25,000 and implement a corrective action plan to settle potential HIPAA violations - including a failure to conduct a comprehensive risk analysis - identified during an investigation into two security incidents.

Australia-Based Firm Adds Cloud, Red/Blue Team Skills to Infosys' Cyber Arsenal
With a planned $63 million acquisition of The Missing Link, Infosys deepens its cybersecurity capabilities and strengthens its global cloud and risk assessment services. The acquisition adds to its cyberdefense centers and enhances red/blue team capabilities and digital transformation support.

Canadian Cyber Agency Warns of Rising Chinese Cyberthreats.
The Canadian Center for Cybersecurity on Tuesday said it has observed "increasing levels" of malicious cyberactivity from China-linked hackers, including the group tracked Salt Typhoon. Exposed edge devices are at risk of attacks can be detected through mass scanning.

Researchers Say Chinese Mobile Route Firms Dominate Global Interconnect Industry
A report warns U.S. allies and countries across the globe are using Chinese-owned and controlled mobile routing firms in a move that could risk national security interests and potentially expose billions of users to passive and active surveillance from Beijing.

Case Resolves HHS OCR Scrutiny of Two Security Incidents
A Guam public hospital has agreed to pay federal regulators $25,000 and implement a corrective action plan to settle potential HIPAA violations - including a failure to conduct a comprehensive risk analysis - identified during an investigation into two security incidents.

Australia-Based Firm Adds Cloud, Red/Blue Team Skills to Infosys' Cyber Arsenal
With a planned $63 million acquisition of The Missing Link, Infosys deepens its cybersecurity capabilities and strengthens its global cloud and risk assessment services. The acquisition adds to its cyberdefense centers and enhances red/blue team capabilities and digital transformation support.

A vulnerability has been found in CSZ CMS 1.3.0 and classified as problematic. This vulnerability affects unknown code of the component Site Settings. The manipulation of the argument Site Name leads to cross site scripting. This vulnerability was named CVE-2024-27734. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Petrol Pump Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_invoices.php. The manipulation of the argument Address leads to cross site scripting. This vulnerability was named CVE-2024-27743. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Book Store Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /bsms_ci/index.php/category. The manipulation of the argument Category leads to cross site scripting. This vulnerability is known as CVE-2023-49539. The attack can be launched remotely. There is no exploit available.