Aggregator

“极客、好奇心、坚定”！悬镜技术合伙人张弛接受安在媒体人物专访，揭秘悬镜二进制SCA技术背后黑客大佬的故事。

“极客、好奇心、坚定”！悬镜技术合伙人张弛接受安在媒体人物专访，揭秘悬镜二进制SCA技术背后黑客大佬的故事。

六年前，悬镜安全创始人兼CEO子芽，这位未名湖畔的筑梦人，接受了安在的专访（新锐 | 悬镜安全子芽：未名湖畔的筑梦人），那时的悬镜安全正处在数字供应链安全代码疫苗技术十年磨一剑的产品商业化应用落地的实

“极客、好奇心、坚定”！悬镜技术合伙人张弛接受安在媒体人物专访，揭秘悬镜二进制SCA技术背后黑客大佬的故事。

#系统资讯 微软在 Windows 11 中开发了一种新颖的文件分享方式：文件拖拽到屏幕顶部中间位置时自动弹出分享菜单。目前该菜单可以调用 Microsoft Teams、新版 Out

HEDnsExtractor A suite for hunting suspicious targets, exposing domains, and phishing discovery Features Implementing workflows with yaml 🔥 Adds support to work with multiple domains as target 🔥 Regex support VirusTotal Integration Adds support...

The post HEDnsExtractor: A suite for hunting suspicious targets, expose domains and phishing discovery appeared first on Penetration Testing Tools.

#系统资讯 Linux Kernel 6.14 合并的最新代码将内核模块签名算法由默认的 SHA1 改成 SHA512 从而提高安全性。SHA1 算法因为存在弱点正在逐渐被弃用，所以现

ESXi勒索软件攻击利用SSH隧道逃避检测，威胁行为者通过未受监控的ESXi设备持久存在并获取访问权限，严重威胁企业虚拟化环境安全。

A vulnerability, which was classified as problematic, has been found in Apple Mac OS X up to 10.2.8. This issue affects some unknown processing of the component pppd. The manipulation leads to symlink following. The identification of this vulnerability is CVE-2004-0824. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it provides. This empowers users...

The post SmuggleFuzz: HTTP/2 based downgrade and smuggle scanner appeared first on Penetration Testing Tools.

PoolParty A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title – The Pool Party You Will Never Forget: New Process Injection Techniques Using...

The post PoolParty: A set of fully-undetectable process injection techniques appeared first on Penetration Testing Tools.

DeepSeek 升至美区苹果应用榜第一，曾现短时闪崩1 月 27 日，DeepSeek 登顶中国区应用商店免费应用排行榜，同时也在美区苹果 App Store 免费榜升至第一位，超越 Google

机构：AI 软件市场规模将在 2024 年增长 32% 至 970 亿美元； TikTok 恢复运营后陷入「审查风波」，官方回应； 抖音发布 2024 年平台治理报告：严打虚假信息与网络水军

Key TakeawaysThis intrusion began with the download and execution of a Cobalt Strike

Key Takeaways Case Summary This intrusion began near the end of January 2024 when the user downloaded and executed a file using the same name (setup_wm.exe) and executable icon, as … Read More

A vulnerability was found in Hccgmbh myCare2x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument ln leads to cross site scripting. This vulnerability is handled as CVE-2012-4262. The attack may be launched remotely. Furthermore, there is an exploit available.

命名管道是进程间通信中常用的一种机制，它提供了高效、安全的双向数据传输能力，尤其适用于同一台计算机上的多个进程之间通信，甚至可以通过网络与远程计算机进行数据交换。在 .NET 中，NamedPipeS

01.NET漏洞背景微软的.NET技术广泛应用于全球企业级产品，包括其知名的Exchange、SharePoint等，国内如某友的Cloud、某通的T系列、某蝶的云产品等也广泛采用。各行业核心业务均依

回顾2024年度，在网络安全的攻防博弈中，攻击者通过不断创新与优化攻击手段，展现了更为复杂和隐蔽的攻击方式。从安全防御绕过到本地权限提升，再到内网信息收集和内网代理通道的建立，每一步都为后续的横向移动