Aggregator

授人以鱼不如授人以渔。在绕过杀软的同时利用漏洞，就是我接下来给大家讲的技术手段。

课程基于原著，涵盖书中未尽之精华

BT集团因Black Basta勒索软件攻击关闭部分服务器，尽管服务未受影响，但数据泄露风险引发关注。

看雪论坛作者ID：Jtian

A vulnerability has been found in Allaire ColdFusion Server up to 4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file openfile.cfm. The manipulation leads to improper privilege management. This vulnerability is known as CVE-1999-0477. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Airspan WiMax ProST 4.1. Affected by this vulnerability is an unknown functionality of the component Administration Panel. The manipulation leads to improper authentication. This vulnerability is known as CVE-2008-1262. The attack can be launched remotely. Furthermore, there is an exploit available.

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to solve Capture The Flag (CTF) challenges without human intervention.  It utilizes a two-module architecture: a planner to create commands and a summarizer to understand the hacking process’s current state by employing contextual information from past commands to make future decisions and […]

The post HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

用数据说话

Is it possible to install app on smartphone over the WIFI?

A vulnerability, which was classified as critical, was found in Apache Struts. Affected is an unknown function of the component CookieInterceptor. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2012-0392. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Boozt Standard 0.9.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.cgi of the component Administration Interface. The manipulation of the argument name leads to memory corruption. This vulnerability is known as CVE-2002-0098. The attack can be launched remotely. Furthermore, there is an exploit available.

其它两个0day的补丁将于12月18日推出

速更新

The National Crime Agency has made scores of arrests in a bid to bring down two major Russian money laundering networks

Why I Forked OpenBazaar

太好了是渗透测试高级技巧第三篇，我们有救了！

A vulnerability classified as problematic has been found in PickPlugins Related Posts, Inline Related Posts, Contextual Related Posts, Related Content Plugin up to 2.0.58 on WordPress. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-10937. It is possible to initiate the attack remotely. There is no exploit available.

聊透大模型行业最关心的问题。

有料、不卷、速来！创新大会 2025 全议程公布

意外从网友UID(3525972251)处看到17_angr_arbitrary_jump的简单解