Jade CTF WP
点击蓝字关注我们声明本文作者:CTF战队本文字数:8900阅读时长:约23分钟附件/链接:点击查看原文下载本文属于【狼组安全社区】原创奖励计划,未经许可禁止...
漏洞复现 Adobe ColdFusion upload.cfm 任意文件上传漏洞
0x01 阅读须知融云安全的技术文章仅供参考,此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等(包括但不限于)进行检测或维护参考,未经...
ASIS CTF Quals 2022
This was a fun CTF. I solved all 6 crypto challenges and three other random ones. I decided to write up on all of them, because why not. The six c...
원자력 발전소 관련 기업 대상으로 AppleSeed 유포
ASEC 분석팀은 최근 원자력 발전소 관련 기업 대상으로 AppleSeed 악성코드를 유포하는 정황을 확인하였다. AppleSeed는 북한 관련 조직 중 하나인 Kimsuky ...
SiriSpy – iOS bug allowed apps to eavesdrop on your conversations with Siri
TL;DR: Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirP...
SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
TL;DR A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing rem...
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software application...
Missing Authentication in ZKTeco ZEM/ZMM Web Interface
The ZKTeco time attendance device does not require authentication to use the web interface, exposing the database of employees and their credential...
Windows 0 day漏洞利用可绕过JS文件安全告警
研究人员发现一个新的Windows 0day漏洞,攻击者利用该漏洞可以让恶意JS文件绕过mark-of-the-web安全告警。目前已有攻击者将该0day漏洞利用应用于勒索软件攻击...
Firecracker
Firecracker: Lightweight Virtualization for Serverless Applications今天和大家分享的论文是Firecracker: Lightweight Virtualization for Serverless App...