chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-07-08 #586

Closed chainreactorbot closed 3 months ago

chainreactorbot commented 4 months ago

每日安全资讯（2024-07-08）

Private Feed for M09Ic
- [ ] nightRainy starred crisprss/Extracted_WD_VDM
- [ ] kpcyrd starred evilsocket/llama3-cake
- [ ] kpcyrd starred bilelmoussaoui/oo7
- [ ] kpcyrd starred fmckeogh/usb-pd-rs
- [ ] zer0yu starred Rvn0xsy/zipcreater
- [ ] zer0yu started following BushidoUK
- [ ] zer0yu starred pbombnz/Spoof-My-Device
- [ ] zer0yu starred seahop/titan
- [ ] uknowsec starred Areizen/JNI-Frida-Hook
- [ ] esrrhs starred xfangfang/wiliwili
- [ ] esrrhs starred huangqian8/SwitchScript
Recent Commits to cve:main
- [ ] Update Sun Jul 7 22:29:31 UTC 2024
- [ ] Update Sun Jul 7 14:30:33 UTC 2024
- [ ] Update Sun Jul 7 06:27:38 UTC 2024
Doonsec's feed
- [ ] 2024年，还能报计算机专业吗？
- [ ] 加入T00ls，与网络安全精英同行！
- [ ] 从Scala Chain看新切入面
- [ ] 秦安：俄卫星神奇解体，砸中美GPS和星链卫星，美俄已经直接冲突
- [ ] 王常胜：引敌为友、化友为敌，会将国家推向孤立和危险境地
- [ ] 牟林：是和平计划，还是最后通牒？
- [ ] 《诗词游记》第340期：卦台可触天
- [ ] 《诗词游记》第341期：昨夜麦积雨
- [ ] 逆向学习汇编篇 -- 硬件断点的概念、特点及其在调试过程中的关键应用
- [ ] 逆向学习汇编篇 -- 如何处理硬件和软件断点
- [ ] Spring Boot Actuator未授权内存分析方法
- [ ] 网络安全学习资料 -- 文件包含+命令执行
- [ ] AI视频项目：老旧照片转视频
- [ ] 威胁情报周报（7.1~7.7）
- [ ] 2024HW必修漏洞集合（PDF下载）
- [ ] 红队实战教学 -- Metasploit Framework的使用
- [ ] SecMet#5期智能代码审计：机遇、挑战与解决方案
- [ ] 《hw之荣耀黑客》1
- [ ] 汽车区块链市场：驶向41亿美元的未来
- [ ] 铤而走险-诈骗站点溯源
- [ ] RIP-2的增强特性，RIP-2比RIP-1强在哪里？
- [ ] 红队快速打点漏洞检测工具 | POC-bomber
- [ ] 红队技巧 -- 自启持久化
- [ ] linux高级usb安全开发与源码分析视频更新到165节啦
- [ ] 东半球顶级赛事开幕！“矩阵杯”网络安全大赛见证顶尖战队巅峰对决
- [ ] 【资讯】人工智能全球治理上海宣言（全文）
- [ ] 【资讯】湖南省政府办公厅印发《湖南省专利转化运用专项行动实施方案》
- [ ] 【资讯】内蒙古自治区工信厅印发《2024年度法治政府建设工作计划》
- [ ] 一名间谍罪犯的狱中自白
- [ ] Remote Code Execution RCE漏洞详解
- [ ] 格密码学习笔记(十二)NTRU加密体系
- [ ] 6月，师傅们终于迈过了4W这道坎！
- [ ] 影响 300 万款苹果 iOS / macOS 应用，CocoaPods 平台漏洞披露
- [ ] 新的 OpenSSH 漏洞可能导致 Linux 系统以 Root 身份进行 RCE
- [ ] 洞见者：布热津斯基思想述评
- [ ] 某UI众人帮悬赏任务系统审计(0day)
- [ ] 开源堡垒机那么多，该如何选择？
- [ ] 产线终端桌面云用户最关心的十个问题！详解来了
- [ ] 知识星球 | 请问有收到网安上门检查的通知吗？网安新兴赛道厂商有哪些？
- [ ] 车联网安全入门之仿真一辆车的通信网络
- [ ] 『SDC 2024』创新议题等你来投！早鸟票抢购中
- [ ] VMP源码分析：反调试与绕过方法
- [ ] 实录来了！国新办举行“推动高质量发展”系列主题新闻发布会（工业和信息化部）
- [ ] 2024世界人工智能大会｜国内首份“大模型安全实践”报告发布
- [ ] 2024世界人工智能大会闭幕，一文回顾AI界大咖都说了些啥？
- [ ] 【漏洞复现】亿赛通电子文档安全管理系统 PolicyAjax Sql注入漏洞
- [ ] 服务排查脚本完善 | Windows 应急响应
- [ ] 生态合作伙伴招募
- [ ] 你真的会Webpack加密算法逆向吗？
- [ ] 贵州省政务服务中心信息安全防护项目数据安全和云安全服务及密码改造子项的招标
- [ ] 麒麟信安串通投标被禁止参加军队采购1年
- [ ] 第一次的pentest show总结
- [ ] 你用一栋办公楼怎么装得下我对世界的思考
- [ ] 一图读懂数据安全分级分类规则
- [ ] CCF-快手大模型探索者基金启动！诚邀申报五大前沿研究方向！
- [ ] 2023年国内数字安全市场规模为973.7亿元，附2024中国数字安全产业年度报告
- [ ] 到底哪个吊一点？
- [ ] l-l VV打油诗
- [ ] 融合时间应用，信息化工作会变得与众不同！
- [ ] 最新的Ghostscript漏洞困扰着专家，成为下一个重大漏洞的推动者
- [ ] ctftools-all-in-oneV3.5发布
- [ ] CVE-2024-36401 远程代码执行 (RCE) 漏洞绕过 waf poc
- [ ] 发现适用于 Linux 的 TgRat 间谍软件：tgRat 的强大且先进的 2024 版本
- [ ] 滥用 Cloud Kerberos Trust 从 Azure AD 获取域管理员权限
- [ ] 【车联网】大众高尔夫动力转向ECU破解（4）
- [ ] 某U验证平台任意文件写入
- [ ] 【预警】windows本地提权0day漏洞在暗网售卖（未被证实，还处于第三方校验阶段）
- [ ] CVE-2024-36041：KDE Plasma 漏洞导致未经授权的系统访问
- [ ] GootLoader 恶意软件不断演变，仍通过 SEO 投毒造成严重破坏
- [ ] 配置错误的 Jenkins 服务器成为加密劫持攻击的目标
- [ ] 拜登政府出手封杀卡巴斯基，国家安全面临新挑战
- [ ] 优秀文章分享：利用kerberos的各种特性进行权限维持，文章共三部分从各个方面介绍了如重置krbtgt后的权限维持手法
- [ ] 安全技术测试-第1期
- [ ] 无问社区 | 特色功能上新...
- [ ] 中国工业互联网研究院党委书记田川：持续推进数字化转型促进中小企业高质量发展
- [ ] 网络安全必修课：如何应对SQL注入攻击？
- [ ] 红队在 Azure 上使用Mythic C2语音钓鱼
- [ ] 2024 年 H1 TOP50网络安全统计数据（有关勒索软件、网络钓鱼、行业趋势等的重要见解）
- [ ] 记一次护网通过外网弱口令一路到内网
Security Boulevard
- [ ] Paperclip Maximizers, Artificial Intelligence and Natural Stupidity
- [ ] USENIX Security ’23 – Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps
- [ ] Applying Bloch’s Philosophy to Cyber Security
SecWiki News
- [ ] SecWiki News 2024-07-07 Review
Twitter @Nicolas Krassas
- [ ] Universal Code Execution by Chaining Messages in Browser Extensions https://www.reddit.com/r/netsec/comments/1dxj0wh/universal_code_execution_by_chain...
- [ ] Standard cells: Looking at individual gates in the Pentium processor http://www.righto.com/2024/07/pentium-standard-cells.html
- [ ] Apache fixed a source code disclosure flaw in Apache HTTP Server https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache...
- [ ] Shopify denies it was hacked, links stolen data to third-party app https://www.bleepingcomputer.com/news/security/shopify-denies-it-was-hacked-links-s...
- [ ] Europol says Home Routing mobile encryption feature aids criminals https://www.bleepingcomputer.com/news/security/europol-says-home-routing-mobile-enc...
- [ ] Reversing Nuitka https://www.reddit.com/r/ReverseEngineering/comments/1dxcvvv/reversing_nuitka/
- [ ] Alabama State Department of Education suffered a data breach following a blocked attack https://securityaffairs.com/165389/uncategorized/alabama-state...
- [ ] Researchers Track Identities and Locations of CSAM Users via Malware Logs https://hackread.com/tracking-identities-locations-csam-users-malware-logs/
- [ ] CVE-2024-36041: KDE Plasma Flaw Opens Door to Unauthorized System Access https://securityonline.info/cve-2024-36041-kde-plasma-flaw-opens-door-to-unau...
- [ ] Blackdagger: The New Powerhouse of DevOps, DevSecOps, and MLOps Automation https://meterpreter.org/blackdagger-the-new-powerhouse-of-devops-devsecops-...
- [ ] Misconfigured Jenkins Servers Targeted in Cryptojacking Attacks https://securityonline.info/misconfigured-jenkins-servers-targeted-in-cryptojacking-at...
- [ ] AegiScan: A static dataflow analysis framework for iOS application binaries https://meterpreter.org/aegiscan-a-static-dataflow-analysis-framework-for-...
- [ ] Finding mispriced opcodes with fuzzing https://blog.trailofbits.com/2024/06/17/finding-mispriced-opcodes-with-fuzzing/
MaskRay
- [ ] Linker compatibility and the "User-Agent" problem
unSafe.sh - 不安全
- [ ] Shopify denies it was hacked, links stolen data to third-party app
- [ ] Europol says Home Routing mobile encryption feature aids criminals
- [ ] 科学家研制出第一种无阳极钠固态电池
- [ ] USENIX Security ’23 – Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps
- [ ] 中储粮调查油罐混用事件
- [ ] Security Affairs Malware Newsletter – Round 1
- [ ] SecMet#5期智能代码审计：机遇、挑战与解决方案
- [ ] Refactoring 014 - How to Remove IF
- [ ] How Artificial Intelligence Can Make Our Smart Homes, Smarter
- [ ] Recommendations for Verifying HDR Subjective Testing Workflows: Abstract and Introduction
- [ ] Recommendations for Verifying HDR Subjective Testing Workflows: HDR Standards
- [ ] Recommendations for Verifying HDR Subjective Testing Workflows: Conclusion
- [ ] Recommendations for Verifying HDR Subjective Testing Workflows: HDR Subjective Testing Workflow
Hexacorn
- [ ] Writing a Frida-based VBS API monitor, Take two
- [ ] Writing a Frida-based VBS API monitor
Didier Stevens
- [ ] Update: hash.py Version 0.0.13
Reverse Engineering
- [ ] Browser-based Assembler - Client side only
- [ ] Reversing Nuitka
Security Blog | Praetorian
- [ ] Continuous Threat Exposure Management for Google Cloud
奇客Solidot–传递最新科技情报
- [ ] 科学家研制出第一种无阳极钠固态电池
- [ ] 中储粮调查油罐混用事件
dotNet安全矩阵
- [ ] .NET 通过Windows系统计划任务维权
- [ ] 两个国内最专业的.NET安全知识库
天御攻防实验室
- [ ] 终端入侵对抗：Sysmon还EDR？
青衣十三楼飞花堂
- [ ] 王芳回忆录
安全学术圈
- [ ] SecMet#5期智能代码审计：机遇、挑战与解决方案
看雪学苑
- [ ] 『SDC 2024』创新议题等你来投！早鸟票抢购中
- [ ] VMP源码分析：反调试与绕过方法
情报分析师
- [ ] 用于分析卫星图像的九种开源工具
- [ ] 《每日开源》获取每日开源信息！
丁爸情报分析师的工具箱
- [ ] 【通知】第十期全国开源能力提升培训班—开源尖兵实战训练营7.23-7.28天津开训
- [ ] 【AI速读】兰德建议：加强生物武器蓄意使用调查的能力
极客公园
- [ ] 马斯克：8月初开始第五次星舰试飞：上海发布开放签署式人形机器人治理规则文件；米哈游《绝区零》下载量破5000万 | 极客早知道
Over Security - Cybersecurity news aggregator
- [ ] Husky Owners - 16,502 breached accounts
- [ ] Shopify denies it was hacked, links stolen data to third-party app
- [ ] Europol says Home Routing mobile encryption feature aids criminals
迪哥讲事
- [ ] Spring Boot Actuator未授权内存分析方法
Have I Been Pwned latest breaches
- [ ] Husky Owners - 16,502 breached accounts
Security Affairs
- [ ] Apache fixed a source code disclosure flaw in Apache HTTP Server
- [ ] Security Affairs Malware Newsletter – Round 1
- [ ] Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION
- [ ] Alabama State Department of Education suffered a data breach following a blocked attack
Blackhat Library: Hacking techniques and research
- [ ] any good phishing tools working currently?
TorrentFreak
- [ ] Cloudflare Blocks Pirate Sites After Web Sheriff Filed Laundry List of Violations
Deep Web
- [ ] music video using the dark web (tor browser)?
Technical Information Security Content & Discussion
- [ ] Universal Code Execution by Chaining Messages in Browser Extensions
- [ ] App-Level eBPF Applications - User vs. Kernel Probes
- [ ] Browser-based Assembler - Client Side Only
- [ ] Understanding Authentication in Enterprise Wi-Fi
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] How to get into cyber risk analyst/engineering roles?