Aggregator

在现代安全运营中，安全运营团队每天都需要处理大量复杂的安全数据...

在现代安全运营中，安全运营团队每天都需要处理大量复杂的安全数据...

在现代安全运营中，安全运营团队每天都需要处理大量复杂的安全数据...

在现代安全运营中，安全运营团队每天都需要处理大量复杂的安全数据...

在现代安全运营中，安全运营团队每天都需要处理大量复杂的安全数据...

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Wordpress Theme XStore 9.3.8 - SQLi

Apache OFBiz 18.12.12 - Directory Traversal

Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

htmlLawed 1.2.5 - Remote Code Execution (RCE)

This post is part of a series about machine learning and artificial intelligence. Adversaries often leverage supply chain attacks to gain footholds. In machine learning model deserialization issues are a significant threat, and detecting them is crucial, as they can lead to arbitrary code execution. We explored this attack with Python Pickle files in the past. In this post we are covering backdooring the original Keras Husky AI model from the Machine Learning Attack Series, and afterwards we investigate tooling to detect the backdoor.

『数智人文与文本挖掘』知识星球建立，用心分享，感恩遇见！

我要传播鬼故事

同事们做了个小工具，可以辅助阅读长文章。对我有用的场景是两个。

Some time ago i discovered the work of some researchers about SCCM, i was very interested by their research and as i reading i thought that i really need a lab to test all these cool attacks ! Thanks a lot to my colleague Issam (@KenjiEndo15), who start the project and provide me some of ansible roles to start from ! After few hours, days, weeks of install, ansible recipe creation, try and ...

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

愿轻微违法犯罪人可以不再蒙受牢狱之灾！

愿轻微违法犯罪人可以不再蒙受牢狱之灾！