CVE-2022-30287 Horde Webmail PHP反序列化漏洞 “填坑式” 分析
★且听安全★-点关注,不迷路!★漏洞空间站★-优质漏洞资源和小伙伴聚集地!漏洞信息Horde Webmail 是一个开源免费的基于浏览器的通信套件,由 Horde 项目组织负...
Router security in 2021
AUTHORS MARIA NAMESTNIKOVA A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Route...
An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understa...
Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials
Introduction Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking mil...
활발하게 유포 중인 BAT 스크립트 포함한 악성 한글문서 (북한/국방/방송)
ASEC 분석팀은 한글 문서의 정상 기능(OLE 개체 연결 삽입)을 악용하는 APT 문서가 최근 활발하게 유포 중임을 확인하였다. 지난 3월 3일 소개한 “20대 대통...
Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers
Key points PureCrypter is a fully-featured loader being sold since at least March 2021 The malware has been observed distributing a variety of...
主机安全技术剖析-手把手教会你防御Java内存马
书接上文,在上篇文章中我们论述了java内存马的一些基本注入方式,本篇我们将从防御和绕过的方式继续讨论java内存马的攻防实战。 1 防 Agent...
BlockSec成功拦截针对FSWAP的黑客攻击
北京时间2022年6月13日晚,FSWAP项目遭受黑客攻击,黑客通过操纵DEX的pool中资产比例获利。黑客共计发动三笔攻击,BlockSec成功阻断拦截了其中2笔攻击交易,...
CyberBattleSim(内网自动化渗透)研究分析
01 背景知识介绍CyberBattleSim介绍CyberBattleSim是一款微软365 Defender团队开源的人工智能攻防对抗模拟工具,来源于微软的一个实验性研究项目。该项目专注...
04 – 汽车功能安全(ISO 26262)系列: 系统阶段开发 – 技术安全需求(TSR)及安全机制
本篇属于汽车功能安全专题系列第04篇内容,我们主要聊聊,到底什么是技术安全需求(TSR)和安全机制(Safety Mechanism)。在上一篇:''03 - 汽车功能安全(ISO 262...