Aggregator

Windows下shellcode的通用流程是

1. 通过PEB遍历获取DLL模块的地址
2. 搜索DLL模块的导出表获取需要的API
3. 通过API实现特定的功能

早期很多教程借助汇编来实现，但现在

There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface—and with

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week. The activity cluster, also

感谢大家一直以来对阿里云先知的支持！

结合典型案例，客观展现当前信贷欺诈黑灰产作恶流程及行为模式

这篇文章笔者将带领大家一起入门学习V8，pwn方向中，v8也是一个比较有趣的方向！

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company

浩鲸科技电信运营商实践

附已确认攻击IP

常态化攻防演练，斗象APTP助力攻击面暴露面识别，急速排查资产血缘关系，预防丢分可能性，悟空亲测好用！

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity

This vulnerability exists due to a os.path.join function in Python which removes the drive letter from path tokens if the drive in the token matches the drive in the built path. However, the path traversal exists on the /modules/messaging/ endpoint in Splunk Enterprise where Splunk Web is enabled.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure

KCon XCon联合售票开启，名额仅限30人，数量有限先到先得~

数字化的快速发展，让全球网络安全问题日益凸显，“微软蓝屏”类似事件过往偶有发生，未来也可能会出现类似情况。

CheckPoint 的网络安全研究人员最近发现 MuddyWater 黑客一直在使用 BugSleep 恶意软件部署合法的 RMM。

仅限30张，手速拼起~

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mehmet INCE (@mdisec) from PRODAFT' was reported to the affected vendor on: 2024-07-24, 55 days ago. The vendor is given until 2024-11-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.