如何在Bugcrowd公共项目中找到50多个XSS漏洞
声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由用户承担全部法律及连带责任,文章作者不承担任何法律及...
Java反序列化命令回显和内存shell(5)
十一、 结合shiroshirodemo地址https://github.com/phith0n/JavaThings/tree/master/shirodemoshiro有个很大的问题在于cookie太长会报错,...
AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
Executive Summary Following Log4Shell, AWS released several hot patch solutions that monitor for vulnerable Java applications and Java containers a...
When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnera...
Exploit Development: Browser Exploitation on Windows – CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2)
Introduction In part one we went over setting up a ChakraCore exploit development environment, understanding how JavaScript (more specifically, the...
FROM PATCH TO EXPLOIT: CVE-2021-35029
Table of contents A brief introduction The Target Firmware Analysis The Web Server Hunting for the vulnerability Analyzing ...
A Year in Review of 0-days Used In-the-Wild in 2021
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and...
每日安全动态推送(04-20)
Tencent Security Xuanwu Lab Daily News• Teaching Burp a new HTTP Transport Encoding:https://www.pentagrid.ch/en/blog/teaching_burp_a_new_http_...
Rikkei Finance 攻击事件分析
声明:该文章仅供区块链安全学习和技术分享,请勿将该文章和文章中提到的技术用于违法活动上,切勿参与区块链相关违法项目,如产生任何后果皆由读者本人承担...
2022starCTF——TreasureHunter
周末 *CTF 的一道智能合约题,继承之前RealWorld的Treasure Hunter合约还蛮长的,附件放在https://github.com/JayxV/Van1sh_Utility/tree/main/202...