Sources

glzjin 赵

LFYSEC

The Heart of DolphinScheduler: In-Depth Analysis of the Quartz Scheduling Framework

不安全

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

g0tmi1k

DVWA - Brute Force (Medium Level) - Time Delay

g0tmi1k

DVWA Brute Force (Low Level) - HTTP GET Form [Hydra, Patator, Burp]

g0tmi1k

Law enforcement doxxing raises risk profile for threat actors

Coveware Blog - Ransomware

Ransomware actors pivot away from major brands in Q2 2024

Coveware Blog - Ransomware

RaaS devs hurt their credibility by cheating affiliates in Q1 2024

Coveware Blog - Ransomware

Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory

NCC Group Research Blog

Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats

NCC Group Research Blog

Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation

NCC Group Research Blog

Sources

glzjin 赵

通过 VulDB 提交漏洞并获取 CVE 漏洞编号指南

懒猫微服：小巧身材，大大满足——从颜值到功能的全方位体验

GZCTF平台隐藏积分榜记录

EtherDream's Blog

前端黑魔法 —— 如何让自己的函数变成原生函数 - EtherDream

前端黑魔法 —— 隐藏网络请求的调用栈 - EtherDream

HTTP 网关 GZIP 页面零开销注入 JS - EtherDream

LFYSEC

LoRexxar's Blog

PHP CGI Windows平台远程代码执行漏洞（CVE-2024-4577）分析与复现

人与代码的桥梁-聊聊SAST

Joern In RealWorld (3) - 致远OA A8 SSRF2RCE

奇安信CERT

【在野利用】Apple 多个在野高危漏洞安全风险通告

【已复现】Palo Alto Networks PAN-OS身份认证绕过漏洞(CVE-2024-0012)安全风险通告第二次更新

【在野利用】Palo Alto Networks PAN-OS 身份认证绕过漏洞(CVE-2024-0012)安全风险通告

绿盟科技CERT

【分析复现】XZ供应链后门漏洞（CVE-2024-3094）处置手册

【漏洞通告】XZ-Utils供应链后门漏洞（CVE-2024-3094）

【安全事件】年关将至，警惕以税务稽查名义的微信蠕虫钓鱼

不安全

Smashing Security podcast #394: Digital arrest scams and stream-jacking

Quickpost: The Electric Energy Consumption Of A Soundbar

The Heart of DolphinScheduler: In-Depth Analysis of the Quartz Scheduling Framework

g0tmi1k

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

DVWA - Brute Force (Medium Level) - Time Delay

DVWA Brute Force (Low Level) - HTTP GET Form [Hydra, Patator, Burp]

Coveware Blog - Ransomware

Law enforcement doxxing raises risk profile for threat actors

Ransomware actors pivot away from major brands in Q2 2024

RaaS devs hurt their credibility by cheating affiliates in Q1 2024

NCC Group Research Blog

Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory

Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats

Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation

Sources

glzjin 赵

EtherDream's Blog

LFYSEC

LoRexxar's Blog

奇安信CERT

绿盟科技CERT

不安全

g0tmi1k

Coveware Blog - Ransomware

NCC Group Research Blog

Managed ad