Aggregator

技术无善恶，考验的是人心

简述

本文是insane难度的HTB Coder机器的域渗透部分，其中Bloodhound AD Enumeration, ADCS CVE-2022-26923等域渗透提权细节是此box的特色，主要参考0xdf’s blog coder walkthrough和HTB的coder官方writeup paper记录这篇博客加深记忆和理解，及供后续做深入研究查阅，备忘。

清华大学网络与信息安全实验室学术论文分享活动

清华大学网络与信息安全实验室学术论文分享活动

清华大学网络与信息安全实验室学术论文分享活动

清华大学网络与信息安全实验室学术论文分享活动

OpenAI seems to have implemented some mitigation steps for a well-known data exfiltration vulnerability in ChatGPT. Attackers can use image markdown rendering during prompt injection attacks to send data to third party servers without the users’ consent. The fix is not perfect, but a step into the right direction. In this post I share what I figured out so far about the fix after looking at it briefly this morning.

前言本来该系列只有八篇，这篇是由于之前设计题目的过程中，别人给出了多个我没想到的解法思路，所以就专门写了这个

前言本来该系列只有八篇，这篇是由于之前设计题目的过程中，别人给出了多个我没想到的解法思路，所以就专门写了这个

In the blog we discuss the importance of securing your Atlassian products, provide valuable insights on various IP activities, and offer friendly advice on proactive measures to protect your organization.

In the relatively short history of ransomware crime, very few of the professional criminals behind these attacks have ever been brought to justice. So many crimes, so few arrests, and there’s no mystery as to why: Ransomware criminals typically operate from countries with weak or no laws against what they do, and sometimes (stand up, […]

The post Europol Makes New Ransomware Arrests. But Will It Make Any Difference? appeared first on Ransomware.org.

-赛博昆仑漏洞安全通告-【复现】金蝶天燕未授权远程代码执行漏洞风险通告