先知社区更新日志(2025-03-29)
先知社区更新日志(2025-03-29)
Aggregator
WolvCTF2025(WebAK)
5 hours 42 minutes ago
周末看了看wolvCTF发现一些trick
Next.js 中间件鉴权绕过漏洞 (CVE-2025-29927)
5 hours 45 minutes ago
Next.js 中间件鉴权绕过漏洞 (CVE-2025-29927)
2025CISCN&长城杯半决赛 PWN Prompt详细题解
6 hours 10 minutes ago
赛后复现
.NET 2025年3月份红队武器库和资源汇总
6 hours 13 minutes ago
.NET 安全攻防知识交流社区
6 hours 13 minutes ago
.NET 内网实战:通过 slui.exe 绕过 UAC 实现提权
6 hours 13 minutes ago
深入剖析路由器FOTA固件升级流程:从解包到逆向分析
6 hours 20 minutes ago
本文以D-Link DWR-932路由器为例,系统性地剖析了物联网设备中FOTA(固件无线升级)技术的实现流程与安全机制。通过逆向工程与动态分析,揭示了FOTA从固件下载、解包校验到刷写重启的全链路细节,重点拆解了fotad、appmgr、prefota等核心组件的协同逻辑。研究发现,DWR-932采用多进程通信(如Unix域套接字appmgr.us)与分阶段状态机管理升级流程,通过flash_e
NSSCTF Round#28 WEB题解
6 hours 37 minutes ago
NSSCTF Round#28 WEB题解
Bottle框架的模板引擎安全问题分析
6 hours 37 minutes ago
文章主要对python中Bottle框架的模板引擎渲染的安全漏洞问题进行原理分析和利用
我用NodeJS+electron自研了个C2和木马并绕过了360+火绒内存扫描(附源码)
6 hours 41 minutes ago
NodeJs可以写后端、electron又可以打包成exe,还可以通过主进程命令执行,那么不就可以自研一个C2了吗
LLVM:现代编译器框架与恶意代码分析
6 hours 43 minutes ago
LLVM IR 在网络安全中的应用
PolarCTF靶场 WEB方向java题目全题解
6 hours 44 minutes ago
ezjava、CB链、Fastjson、ezJson、CC链、FastJsonBCEL、SnakeYaml、PolarOA、PolarOA2.0、一写一个不吱声、ezUtil
2025-软件系统安全攻防半决赛Wp
6 hours 45 minutes ago
2025-软件系统安全攻防半决赛Wp
防御间接提示注入攻击
6 hours 50 minutes ago
大语言模型(LLMs)的最新进展极大地提升了各种自然语言处理(NLP)任务的性能。其卓越的泛化能力使得LLMs不仅在通用任务中表现出色,还为集成应用的开发提供了强大的技术支持。在这些集成应用中,LLMs通常作为骨干,通过附加工具或扩展文本信息来帮助用户完成复杂任务
2025软件安全赛pwn encoder
6 hours 52 minutes ago
2025软件安全赛pwn encoder题解
Daily Dose of Dark Web Informer - 29th of March 2025
7 hours 36 minutes ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer - Cyber Threat Intelligence
PolarCTF网络安全2025春季个人挑战赛-Writeup
7 hours 37 minutes ago
PolarCTF网络安全2025春季个人挑战赛-Writeup
CVE-2024-34095 | Adobe Acrobat Reader up to 20.005.30574/24.002.20736 use after free (apsb24-29)
7 hours 41 minutes ago
A vulnerability classified as critical was found in Adobe Acrobat Reader up to 20.005.30574/24.002.20736. This vulnerability affects unknown code. The manipulation leads to use after free.
This vulnerability was named CVE-2024-34095. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-34096 | Adobe Acrobat Reader up to 20.005.30574/24.002.20736 use after free (apsb24-29)
7 hours 41 minutes ago
A vulnerability, which was classified as critical, has been found in Adobe Acrobat Reader up to 20.005.30574/24.002.20736. This issue affects some unknown processing. The manipulation leads to use after free.
The identification of this vulnerability is CVE-2024-34096. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com