【开源节流】- 自研安全靶场正式开源
基于 Vue + SpringBoot 构建的前后端分离的 Java 安全靶场,正式开源分享,内容丰富、持续更新、欢迎体验。
Aggregator
浅析JavaScript Obfuscator(二)
7 hours 4 minutes ago
* 距离上次发文已经过去整整两年了,JavaScript Obfuscator版本都升级到了v5.3.0,让我们来看看它都进行了哪些优化调整和功能升级。JavaScript Obfuscator ToolJavaScript Obfuscator官网目前主推的是付费版 VM Obfuscation(虚拟机字节码混淆) 。不过,我们还是先聚焦于它免费开源部分的混淆工具来分析。首先,快速过一遍v5.3
新春杯CTF Pwn题目全解析与Exploit实战指南
7 hours 4 minutes ago
根据源码了解pwn的常见的框架的编写
cyberstrikelab-lab157靶场
7 hours 4 minutes ago
本文章主要记录cyberstrikelab的lab17打靶过程
CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks
7 hours 8 minutes ago
CISA has issued an urgent alert about a critical SQL injection vulnerability in Microsoft Configuration Manager (SCCM). Tracked as CVE-2024-43468, this flaw lets unauthenticated attackers run malicious commands on servers and databases. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 12, 2026, agencies must patch by March 5, 2026, or face federal mandates. […]
The post CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.
Abinaya
某OA系统0Day审计过程
7 hours 15 minutes ago
某OA系统0Day审计过程
新春杯CTF RE题目解析
7 hours 23 minutes ago
re的进阶的知识,补充常见的理论以及新出现的wasm类型
银狐系Winos4远控平台深度剖析:载荷生成、插件驻留与通信模型
7 hours 30 minutes ago
Winos4控制平台、木马上线环节、木马控制环节、通信模型分析
对mssql&mysql一次简洁且详细的总结
7 hours 31 minutes ago
对mssql&mysql一次简洁且详细的总结
DeepAudit开源AI代码审计系统漏洞分析
7 hours 33 minutes ago
对DeepAudit多智能体漏洞挖掘系统开展黑盒审计,发现默认账户泄露、权限绕过、API未授权访问、压缩炸弹等高危漏洞。
New NCSC-Led OT Security Guidance for Nuclear Reactors
7 hours 34 minutes ago
Four Principles Positioning the Nuclear Ecosystem for Long-Term Cyber Resilience
OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC's new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues.
OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC's new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues.
Can AI Ads Pay the Bills?
7 hours 34 minutes ago
OpenAI Tests Promos, Anthropic Rejects Them Amid Rising Compute Costs
OpenAI has a problem: Most users don't pay for access to ChatGPT. The company is now doing what almost every Silicon Valley company before it has done and turning to digital advertising. Whether ads can bridge OpenAI's well-documented revenue gap without users fleeing is another question.
OpenAI has a problem: Most users don't pay for access to ChatGPT. The company is now doing what almost every Silicon Valley company before it has done and turning to digital advertising. Whether ads can bridge OpenAI's well-documented revenue gap without users fleeing is another question.
The ROI Reckoning Is Coming for AI
7 hours 34 minutes ago
CIOs Say Stalled Pilots, Vendor Regret and Growing Fatigue Stifle AI Ambition
These may be the halcyon days for enterprise artificial intelligence, where money and ambition are only hindered by imagination as tech vendors race to gain a competitive edge. But CIOs say they're feeling increasing pressure to show ROI - and the reckoning is coming soon.
These may be the halcyon days for enterprise artificial intelligence, where money and ambition are only hindered by imagination as tech vendors race to gain a competitive edge. But CIOs say they're feeling increasing pressure to show ROI - and the reckoning is coming soon.
Proofpoint Purchases Startup Acuvity to Bolster AI Security
7 hours 34 minutes ago
Deal Targets GenAI Risks, Prompt Injection Attacks and Autonomous Agents
Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks.
Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks.
'Crazy' Hackers Strike Through Remote Monitoring Software
7 hours 34 minutes ago
VoidCrypt Ransomware Variant Taps RMM Tools, Says Huntress
Management isn't the only advocate for employee monitoring software, according to new research from cybersecurity firm Huntress. RMM tools - simultaneously open to remote connections and with privileged local access - are good for wiggling into corporate networks.
Management isn't the only advocate for employee monitoring software, according to new research from cybersecurity firm Huntress. RMM tools - simultaneously open to remote connections and with privileged local access - are good for wiggling into corporate networks.
650 новых датчиков под толщей льда и охота за сверхновыми. Что известно об апгрейде нейтринного телескопа на Южном полюсе
7 hours 35 minutes ago
В лед добавили новые нити датчиков и калибровку, чтобы ловить более слабые сигналы.
Dokploy 漏洞挖掘记录(2RCE+1 目录穿越)
7 hours 47 minutes ago
Dokploy 漏洞挖掘记录(2RCE+1 目录穿越)
DeepAudit源码深度解析
7 hours 59 minutes ago
对DeepAudit的架构以及实现进行了分析
SmarterMain未授权RCE(CVE-2026-24423)漏洞代码分析
8 hours 3 minutes ago
漏洞描述这是SmarterMain的一个未授权RCE漏洞,出现RCE的位置为ConnectToHub API method,具体的漏洞描述如下图所示:环境搭建这里我直接用的docker搭建的环境,命令如下:然后是.net的反编译工具,我使用的是Rider以及dotPeet,这个就凭个人喜好下载了。漏洞代码分析因为.Net的路由大部分都在MailService.dll,所以可以直接看到这个dll中
某CMS代码注入审计
8 hours 4 minutes ago
ChanCMS <=3.3.2的审计过程