Aggregator

CVE-2022-3723(issue1378239)是谷歌发现的在野漏洞，然而至今该issue仍未公开。我们以此为例阐述如何绕过最新Chrome v8沙箱，并将该CVE完整exp公开。

因创新业务壳儿、yo停止运营，现更新创新类产品范围如下：● 创新类产品一般业务：陌陌极速版、赫兹、对对、贴贴

1. 通告信息近日，安识科技A-Team团队监测到一则Apache NiFi组件存在代码注入漏洞的信息，漏洞

This is a joint blog written by the Cobalt Strike and Outflank teams. It is also available on the Outflank site. Over the past few months there has been increasing collaboration and knowledge sharing internally between the Cobalt Strike and Outflank R&D teams. We are excited about the innovation opportunities made possible by this teamwork and [...]

Read More... from Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places

The post Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places appeared first on Cobalt Strike.

.NET ByPass系列 Shell加载字节码

原文出自这里

笔者加载位于当前执行程序所在目录下的 "net-calc.dll" 文件的字节码内容，内容很简单启动一个新进程弹出计算器,并将其存储在 assemblyBytes变量，代码如下

byte[] assemblyBytes = File.ReadAllBytes(Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "net-calc.dll"));

List<byte[]> data = new List<byte[]>();

data.Add(this.assemblyBytes);

var e1 = data.Select(Assembly.Load);

Func<Assembly, IEnumerable> map_type = (Func<Assembly, IEnumerable>)Delegate.CreateDelegate(typeof(Func<Assembly, IEnumerable>), typeof(Assembly).GetMethod("GetTypes"));

var e2 = e1.SelectMany(map_type);

var e3 = e2.Select(Activator.CreateInstance).ToList();

然后使用LINQ-SelectMany操作符合并两个序列后产生一个新的序列结果，通过LINQ这个能力可以联合Aseembly.Load和Aseembly::GetTypes，再借用LINQ-Select操作符投影Activator.CreateInstance反射创建一个Aseembly对象，这样就可以实现命令执行


实际场景下这种加载外部文件的方式不太友好，我们知道Assembly.Load有多个重载方法，其中有一个重载支持byte[]类型的参数，如此我们可以通过System.IO.File.ReadAllBytes方法读取文件字节码

byte[] assemblyBytes = {0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0xB8 .......... }

运行时如下图


不能上传附件，工具无法传上来

1 个帖子 - 1 位参与者

阅读完整话题

随着通讯反诈技术升级和国民防诈意识增强，境外诈骗号码拨打电话接通率、作案成功率大大降低，境外诈骗分子转而使用境内固定电话联系被害人。通过固定电话拨号，更容易取得被害人信任，已严重侵害人民群众财产安全，亟需引起重视。

Citrix has disclosed CVE-2023-3519, a remote code execution vulnerability, but further scrutiny reveals multiple vulnerabilities.

During our latest webinar we discussed some common use cases using GreyNoise with other SOAR platforms. The main goal of using GreyNoise with other SOAR platforms is to more quickly identify either opportunistic attacks, get better insight into how infrastructure is being used, as well as enriching alerts using RIOT data to IP's associated with common business services.

通过使用此平台api结合swaks工具进行伪造发件人，从而大大提高钓鱼邮件的可信度。

近源渗透的一种攻击手法，通过无线键鼠攻击来达到远距离操控键鼠，实现上线C2。

详细分析 CVE-2023-29300 的漏洞成因，并提出一些后续的研究方向。

A common attack vector that LLM apps face is data exfiltration, in particular data exfiltration via Image Markdown Injection is a common vulnerability. Microsoft fixed the vulnerability in Bing Chat, ChatGPT is still vulnerable as Open AI “won’t fixed” the issue, and Anthropic just mitigated this vulnerability in Claude. This post documents the Anthropic Claude data exfiltration vulnerability and the mitigation put in place. The Vulnerability - Image Markdown Injection As a quick recap, imagine a large language model (LLM) returns the following text:

大哥们，我又来吹牛比了。之前那个思科用的洞其实很low的。这次我们玩点刺激的，也是用的一个low洞，随机开箱。

免杀利器，助你成为无敌红队！

1. 环境安装： docker run -d -p 3000:3000 --name metabase met […]