Aggregator

hrms中存在未授权获取信息漏洞，该漏洞是由于系统在数据库查询时权限验证存在缺陷，攻击者通过构造 cookies 绕过权限验证，从而造成未经授权访问漏洞。

OdinLdr Cobaltstrike UDRL for beacon and post-ex tools. Use NtApi call with synthetic stackframe to confuse EDR based on stackframe detection. Beacon Use BeaconUserData structure to give memory information to beacon and allocate memory...

The post OdinLdr: Cobaltstrike Reflective Loader with Synthetic Stackframe appeared first on Penetration Testing Tools.

原生新链-SPring AOP 原生链挖掘思路分析

pcfg_cracker This project uses machine learning to identify password creation habits of users. A PCFG model is generated by training on a list of disclosed plaintext/cracked passwords. In the context of this project, the...

The post pcfg_cracker: perform research into how humans generate passwords appeared first on Penetration Testing Tools.

Introduction “Forensic Image Analysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with...

The post sherloq: open-source digital image forensic toolset appeared first on Penetration Testing Tools.

Ivanti製Ivanti Connect Secure、Policy Secure、ZTAゲートウェイには、スタックベースのバッファーオーバーフローの脆弱性があります。Ivantiは、当該脆弱性を悪用した攻撃を確認しているとのことです。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は、開発者が提供する情報を参照してください。

NodeJs可以写后端、electron又可以打包成exe，还可以通过主进程命令执行，那么不就可以自研一个C2了吗

之前做了VNCTF gets师傅出的一道house of muney后发现自己对ret2dlsolve中的知识点理解的不是很透彻，加上之前接触过的house of banana也是一知半解。所以决定重新学习一下dlresolve，再去深入house of muney和house of banana。同时也想扭过自己对ret2dlsolve的认知（以前一直觉得是板子题，根本不看的。现在看来其实还是有

Apache Mina 是一款基于 Java 的高性能网络应用框架，其核心功能在于简化复杂网络通信的开发流程，同时确保具备可扩展性与高效性。

SwampCTF Re WP本周末的一个国际赛，ctftime rating挺高，质量还可以 SwampCTF第一题简单，剩下两道题都有一定难度，需要一定技巧，本文详细分析了后两题

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

University of Maryland Medical Center Said FBI Is Also Investigating Case
An academic medical center is facing a class action lawsuit alleging one of its pharmacists installed keylogging software on 400 computers over a decade to spy on the personal lives and intimate moments of coworkers. The pharmacist is also facing a criminal investigation, the hospital said.

Espionage Campaign Mainly Targeted European Organizations
A Russian nation state threat actor exploited "lesser known" features of Microsoft Windows remote desktop protocol to target European organizations for espionage. Hackers using RDP to deploy a malicious application and access data from victims.

AI Leaders Call for Proactive US Response Amid Chinese Technology Breakthroughs
The United States risks losing the so-called "AI Cold War" against China unless it abandons traditional containment strategies and adapts to Beijing's advances, panelists told lawmakers Tuesday. "I'm as stunned as all of you about just how fast China has caught up," said Adam Thierer.

Zero Trust Network Access Firm Plans to Enhance Platform and Grow Revenue Faster
Tailscale has landed $160 million in Series C funding to scale its platform and meet growing demand from AI and enterprise firms. The networking company will invest in engineering to support multi-cloud and identity-based networking features.