printf("Hello, Real World")
蓄势待发
Aggregator
DCOM Potato
2 years 1 month ago
去年猫猫托梦的两颗土豆。
网络赌球那些“刑”为:跨境网络赌博最新趋势与运作模式
2 years 1 month ago
前面我们提到了网络赌球的大动脉——非法四方支付平台,今天我们来看看跨境网络赌博的全貌,每个环节都很“刑”。
An Overview of MS-RPC and Its Security Mechanisms
2 years 1 month ago
MS-RPC is a widely used protocol, but not much security research is done on it. In this blog, see an overview of MS-RPC and their security mechanisms.
Ben Barnea
impacket编程手册
2 years 1 month ago
全文142页,2022的文字输出到此为止,初学内网才疏学浅,错漏颇多,恳请大佬指正修改,拜谢拜谢,阿里嘎多~
关于接收Apache log4j RCE漏洞的通知
2 years 1 month ago
【双倍快乐2.0】迎新年,庆元旦|LYSRC双倍奖励活动即日开启
2 years 1 month ago
迎新年,庆元旦|LYSRC双倍奖励活动即日开启
COM安全 新型土豆提权 第一部分
2 years 1 month ago
自Window10 1803/Server2016及以上打了微软的补丁后,基于OXID 反射NTLM提权已经失效,代表作如JuicyPotato、SweetPotato,本文将从COM开发与调用开始,寻找替代OXID 反射NTLM提权的方法
Is Stopping a Ransomware Attack More Important Than Preventing One?
2 years 1 month ago
Microsegmentation can stop a ransomware attack from moving laterally across your organization and prevent malicious behavior.
Dan Petrillo & Jim Black
快讯:使用21个漏洞传播的DDoS家族WSzero已经发展到第4个版本
2 years 1 month ago
概述
近期,我们的BotMon系统连续捕获到一个由Go编写的DDoS类型的僵尸网络家族,它用于DDoS攻击,使用了包括SSH/Telnet弱口
Hui Wang
McAfee 2023 Threat Predictions: Evolution and Exploitation
2 years 1 month ago
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for...
The post McAfee 2023 Threat Predictions: Evolution and Exploitation appeared first on McAfee Blog.
McAfee Labs
Elevate Streaming Media with EdgeWorkers and Macrometa Stream Workers
2 years 1 month ago
Elevate players? gaming experiences with Akamai EdgeWorkers and Macrometa Stream Workers.
Durga Gokina
东软NetEye网络安全互联互通实践
2 years 1 month ago
东软NetEye互联互通技术框架, 在一套平台与架构中能实现集成所有的安全能力,以在分散的IT世界中实现安全、集中的安全监控和操作,用于提升一致的整体安全态势能力,从而提高了安全保护、检测和响应的有效性和效率。
令人惊艳的ChatGPT
2 years 1 month ago
ChatGPT,或许是一个新的里程碑
Not Every Cloud Is Meant for Every Workload
2 years 1 month ago
Understanding which cloud platforms are the best fit for which workloads can maximize your return on investment and your customers? output.
Pavel Despot
5 Cybersecurity Predictions for 2023
2 years 1 month ago
F5 Labs and experts across F5 share their experience from the past twelve months to predict what might be the biggest causes for concern in 2023.
CIS关于网络安全的18条安全控制措施
2 years 1 month ago
CIS是互联网安全中心的缩写,该组织从安全领域专家的视角,针对企业网络不同层面的安全问题,提出了相应的安全保护措施和操作规范,供不同规模的企业参考实施。
WebUI:The easiest attack surface in Chromes
2 years 1 month ago
“WebUI “是一个术语,用于宽泛地描述用网络技术(即HTML、CSS、JavaScript)实现的Chrome浏览器的部分UI。
Chromium中的WebUI的例子。
- Settings (chrome://settings)
sakura
ChatGPT: Imagine you are a database server
2 years 1 month ago
After reading this post about ChatGPT imitating Linux, I wanted it to be a database server.
Let’s try it out!
Imagine you are a Microsoft SQL Server. I type commands, and you reply with the result, and no other information or descriptions. Just the result. Start with exec xp_cmdshell ‘whoami’;
Wow, this looks like a promising start.
And, it “thinks” that it is running as LOCAL SYSTEM - quite funny actually.
TextFormattingRunProperties 利用链 - nice_0e3
2 years 1 month ago
分析 反序列化时会自动调用与GetObjectData函数同样参数的构造函数。所以会走到这里。 TextFormattingRunProperties实现ISerializable接口,在其序列化的构造函数中,进行this.GetObjectFromSerializationInfo("Foregr
nice_0e3