SHADEWATCHER: 基于系统审计记录和推荐概念的网络威胁分析
原文标题:SHADEWATCHER: Recommendation-guided Cyber Threat Analysis using System Audit Records原文作者:Zeng J, Wang X, Liu J, et al.发表会议:2022...
PS4 Aux Hax 2: Syscon
In the PS4 Aux Hax series of posts, we’ll talk about hacking parts of the PS4 besides the main x86 cores of the APU. In this entry, we’ll recount s...
PS4 Aux Hax 5: Flawed Instructions Get Optimized
Aaaand we’re back, after an extended delay, to … continue talking about hacking PS4 peripherals ?. This time, the DUT is the PS4 Virtual Reality p...
Android bionic自带内存检查工具排查一次内存泄漏及原理源码解析.
问题概述几天前,收到一个同事的求助: 在做了新的wifi模组匹配后,在做Miracast投屏煲机时,煲机1.5小时左右会退出Miracast. 该同事反馈他们做过相同...
某网络验证平台代码审计
文章首发于: 火线Zone社区(https://zone.huoxian.cn/) 前言 刚过完年的时候在XXX社区看到了这篇文章《记一次渗透实战-代码审计到getshell》 通...
PS4 Aux Hax 4: Belize via CEC
This post describes another way to attain code execution on Aeolia (actually, the southbridge revision on PS4 Pro which was used in this case is na...
TURLA’s new phishing-based reconnaissance campaign in Eastern Europe
This blog post on TURLA was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 11, 2022. Executive Su...
云原生时代下,看懂字节跳动的网络安全防御体系
Bug 是程序员的噩梦,漏洞是软件的杀手。当你写出一个 Bug,影响的可能是几台机器。但当一个漏洞被封装进了无数人所使用的软件里,网络黑灰产们的耳旁就仿佛...
Swagger-UI 从XSS到账户接管
声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由用户承担全部法律及连带责任,文章作者不承担任何法律及...
Math.abs JIT Optimization Bug in JSC
2021年天府杯我们成功完成iPhone 13 pro RCE的目标,这篇文章将会详细介绍其中使用到的Safari JavaScriptCore(JSC) 漏洞,漏洞编号为CVE-2021-30953。 ArithN...