SolarWinds PM反序列化漏洞分析 - nice_0e3
SolarWinds PM反序列化漏洞分析 前言 这段时间一直对Net的反序列化的一些漏洞利用比较有兴趣,简单跟跟漏洞 XmlSerializer 反序列化 在此之前先来熟悉一下XmlSerializer的反序列化漏洞 反序列过程:将xml文件转换为对象是通过创建一个新对象的方式调用XmlSeria
Aggregator
网络安全的三大支柱和攻击向量
3 years 8 months ago
身份高于账户,权限细于身份
网络安全的三大支柱和攻击向量
3 years 8 months ago
身份高于账户,权限细于身份
网络安全的三大支柱和攻击向量
3 years 8 months ago
身份高于账户,权限细于身份
网络安全的三大支柱和攻击向量
3 years 8 months ago
身份高于账户,权限细于身份
网络安全的三大支柱和攻击向量
3 years 8 months ago
身份高于账户,权限细于身份
网络安全的三大支柱和攻击向量
3 years 8 months ago
身份高于账户,权限细于身份
网络安全的三大支柱和攻击向量
3 years 8 months ago
身份高于账户,权限细于身份
GeekPwn祝大家中秋快乐,团圆美满!
3 years 9 months ago
GeekPwn祝大家中秋快乐,团圆美满!
GeekPwn祝大家中秋快乐,团圆美满!
3 years 9 months ago
GeekPwn祝大家中秋快乐,团圆美满!
GeekPwn祝大家中秋快乐,团圆美满!
3 years 9 months ago
GeekPwn祝大家中秋快乐,团圆美满!
GeekPwn祝大家中秋快乐,团圆美满!
3 years 9 months ago
GeekPwn祝大家中秋快乐,团圆美满!
PeckShield 祝大家中秋快乐
3 years 9 months ago
中秋佳节共团圆,PeckShield 祝大家中秋快乐
PeckShield 祝大家中秋快乐
3 years 9 months ago
中秋佳节共团圆,PeckShield 祝大家中秋快乐
PeckShield 祝大家中秋快乐
3 years 9 months ago
中秋佳节共团圆,PeckShield 祝大家中秋快乐
PeckShield 祝大家中秋快乐
3 years 9 months ago
中秋佳节共团圆,PeckShield 祝大家中秋快乐
PeckShield 祝大家中秋快乐
3 years 9 months ago
中秋佳节共团圆,PeckShield 祝大家中秋快乐
PeckShield 祝大家中秋快乐
3 years 9 months ago
中秋佳节共团圆,PeckShield 祝大家中秋快乐
PeckShield 祝大家中秋快乐
3 years 9 months ago
中秋佳节共团圆,PeckShield 祝大家中秋快乐
Malicious Python Packages and Code Execution via pip download
3 years 9 months ago
This week I learned about a design flaw with pip download, which allows an adversary to run arbitrary code.
I assumed that running pip install means anything could happen, but pip download seems a bit surprising.
Both seem useful for red teaming though.
BackgroundThis post from Yehuda Gelb named Automatic Execution of Code Upon Package Download on Python Package Manager which the Security Now! podcast pointed me towards.
The post highlights that just running pip download can compromise your computer.