Aggregator

攻击者可以操纵文件上传参数以启用路径遍历，在某些情况下，这可能导致上传可用于执行远程代码执行的恶意文件。

本文主要工作： 实现了一个LLM引导的协议模糊器。提出三种基于LLM的模糊器变异策略，每种策略解决了协议模糊测试的特定挑战。本文实现了灰盒模糊测试算法并命名为CHATAFL。目前该工具已在github开源。

Github发现一个很棒的工具，通过JDI实现了Tomcat 各个版本 Jetty，Spring，Struts，Jersey等中间价框架的路由扫描

感谢您对小米安全的帮助与支持！

2023.12.07：Google推出了最新的人工智能模型 Gemini （双子座），看演示视频： https://www.youtube.com/watch? […]

技术无善恶，考验的是人心

简述

本文是insane难度的HTB Coder机器的域渗透部分，其中Bloodhound AD Enumeration, ADCS CVE-2022-26923等域渗透提权细节是此box的特色，主要参考0xdf’s blog coder walkthrough和HTB的coder官方writeup paper记录这篇博客加深记忆和理解，及供后续做深入研究查阅，备忘。

清华大学网络与信息安全实验室学术论文分享活动

OpenAI seems to have implemented some mitigation steps for a well-known data exfiltration vulnerability in ChatGPT. Attackers can use image markdown rendering during prompt injection attacks to send data to third party servers without the users' consent. The fix is not perfect, but a step into the right direction. In this post I share what I figured out so far about the fix after looking at it briefly this morning.

前言本来该系列只有八篇，这篇是由于之前设计题目的过程中，别人给出了多个我没想到的解法思路，所以就专门写了这个

In the blog we discuss the importance of securing your Atlassian products, provide valuable insights on various IP activities, and offer friendly advice on proactive measures to protect your organization.

In the relatively short history of ransomware crime, very few of the professional criminals behind these attacks have ever been brought to justice. So many crimes, so few arrests, and there’s no mystery as to why: Ransomware criminals typically operate from countries with weak or no laws against what they do, and sometimes (stand up, […]

The post Europol Makes New Ransomware Arrests. But Will It Make Any Difference? appeared first on Ransomware.org.

-赛博昆仑漏洞安全通告-【复现】金蝶天燕未授权远程代码执行漏洞风险通告

We add two IoT CVEs and discuss the other sorts of traffic we see regularly.