chainreactors / picker

将你的repo变为讨论社区

GNU General Public License v3.0

104 stars 19 forks source link

[每日信息流] 2024-08-05 #612

Closed chainreactorbot closed 3 weeks ago

chainreactorbot commented 1 month ago

每日安全资讯（2024-08-05）

Doonsec's feed
- [ ] 一句话总结各朝代灭亡原因
- [ ] 【0day】易捷OA ShowPic存在任意文件读取漏洞
- [ ] 秦安：中东箭在弦上不得不发，最危险的地方在哪里？
- [ ] 牧之野：马翔宇“没有未来”
- [ ] 《诗词游记》第350期：登上平南川
- [ ] Redis7.x安装系列教程(二)主从部署&原理详解
- [ ] 【HW-day】用友NC Cloud queryStaffByName SQL注入漏洞【附poc】
- [ ] 黑客(红队)攻防中LLMNR/NBNS欺骗和desktop.ini获取哈希(hash)
- [ ] 漏洞预警用友 NC querypsninfo SQL注入漏洞
- [ ] 到底谁是安全行业的屠龙少年？
- [ ] 网络工程师必知：动态路由协议有哪些？
- [ ] Upload-Lab第5关：如何巧妙利用.user.ini配置文件绕过黑名单验证
- [ ] 威胁情报周报（7.29~8.4）
- [ ] [Win11]集成化综合漏洞扫描系统
- [ ] (Nday)IP网络广播服务平台存在任意文件上传漏洞
- [ ] 某攻防演练｜从404页面到接管阿里云
- [ ] APP渗透|呆哥说稳了！通杀！六个方案带你无脑APP脱壳
- [ ] 集中化护网招人
- [ ] 零信任和AI
- [ ] 【资讯】国务院印发《关于促进服务消费高质量发展的意见》
- [ ] 【资讯】公安部公布5起针对企业财会人员实施电信网络诈骗的典型案例
- [ ] 【资讯】浙江省经信厅就《浙江省加快培育独角兽企业行动方案（2024—2027年）（征求意见稿）》公开征求意见
- [ ] GoogleVRP上的验证绕过进行帐户前接管
- [ ] 一线大厂是如何实施代码向后移植的
- [ ] 【新】IP网络广播服务平台任意文件上传漏洞
- [ ] 网络安全超值圈子推荐-小白菜安全
- [ ] 【漏洞预警】D-LINK DI-8100 远程命令执行漏洞（CVE-2024-7436）
- [ ] 一款支持高度自定义的 Java 内存马生成工具 - java-memshell-generator
- [ ] 浅谈RDP与输入法的奇妙碰撞
- [ ] 接口文档下的渗透测试
- [ ] 润乾报表dataSphereServlet接口存在任意文件读取漏洞
- [ ] 润乾报表dataSphereServlet接口存在任意文件上传漏洞
- [ ] 润乾报表InputServlet接口存在任意文件读取漏洞
- [ ] 润乾报表InputServlet接口存在任意文件上传漏洞
- [ ] 喰星云-数字化餐饮服务系统not_finish.php存在SQL注入漏洞
- [ ] 喰星云-数字化餐饮服务系统not_out_depot.php存在SQL注入漏洞
- [ ] 喰星云-数字化餐饮服务系统shelflife.php存在SQL注入漏洞
- [ ] 喰星云-数字化餐饮服务系统stock.php存在SQL注入漏洞
- [ ] 骑车摔伤，右手骨折，公众号暂停更新一百天
- [ ] 涉“文件传输助手”，国安部紧急提醒
- [ ] 一款java漏洞集合工具
- [ ] 浅谈红队攻防之道-钓鱼小技巧
- [ ] 从AWVS低危到通杀任意文件读取
unSafe.sh - 不安全
- [ ] Chinese StormBamboo APT compromised ISP to deliver malware
- [ ] Surge in Magniber ransomware attacks impact home users worldwide
- [ ] The Ethics of Local LLMs: Responding to Zuckerberg's "Open Source AI Manifesto"
- [ ] USENIX Security ’23 – NeuroPots: Realtime Proactive Defense against Bit-Flip Attacks in Neural Networks
- [ ] Cypherpunks Write Code: Pertsev, Semenov, Storm, and Tornado Cash
- [ ] A Simplified Guide for the"Dockerazition" of Ruby and Rails With React Front-End App
- [ ] Obs163｜Yanki外掛製作Anki 克漏字(Cloze)閃卡技巧，同場加映翏央填空模板
- [ ] 七月 Notion 动态：中文版或将上线、AI 功能迎来更新
- [ ] Step-by-Step Guide to Publishing Your First Python Package on PyPI Using Poetry: Lessons Learned
Security Boulevard
- [ ] USENIX Security ’23 – NeuroPots: Realtime Proactive Defense against Bit-Flip Attacks in Neural Networks
SecWiki News
- [ ] SecWiki News 2024-08-04 Review
ArthurChiao's Blog
- [ ] 大模型 RAG 基础：信息检索、文本向量化及 BGE-M3 embedding 实践（2024）
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] Devika v1 Path Traversal via snapshot_path
- [ ] Tourism Management System v2.0 - Cross Site Scripting (XSS)
- [ ] Computer Laboratory Management System v1.0 - Incorrect access control
Private Feed for M09Ic
- [ ] Rvn0xsy starred childe/gohangout
- [ ] INotGreen forked INotGreen/ShellCodeFrame from TonyChen56/ShellCodeFrame
- [ ] FunnyWolf starred Aegrah/PANIX
- [ ] LloydLabs starred oschwald/geoip2-golang
- [ ] INotGreen starred BambiZombie/FrchannelPlus
- [ ] Rvn0xsy starred petermcd/ssh-pam-login-logger
- [ ] Rvn0xsy starred leaningtech/webvm
MaskRay
- [ ] lld 19 ELF changes
Recent Commits to cve:main
- [ ] Update Sun Aug 4 22:38:50 UTC 2024
- [ ] Update Sun Aug 4 14:33:37 UTC 2024
- [ ] Update Sun Aug 4 06:31:18 UTC 2024
Exploit-DB.com RSS Feed
- [ ] [webapps] Devika v1 - Path Traversal via 'snapshot_path'
- [ ] [local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
- [ ] [local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
- [ ] [local] Oracle Database 12c Release 1 - Unquoted Service Path
- [ ] [webapps] Ivanti vADC 9.9 - Authentication Bypass
奇客Solidot–传递最新科技情报
- [ ] 洛杉矶基本收入实验公布结果
- [ ] 黑客入侵 ISP 发动中间人攻击
黑海洋 - WIKI
- [ ] 应急响应--Linux入侵检查思路及防御
Dhole Moments
- [ ] Against XMPP+OMEMO
奇安信威胁情报中心
- [ ] 近期值得关注的IOC（2024-08-04）
dotNet安全矩阵
- [ ] .NET内网实战：模拟Installer关闭Defender
- [ ] .NET 安全攻防知识交流社区
- [ ] .NET 安全代码审计电子专刊
- [ ] .NET 内网攻防实战电子报刊
丁爸情报分析师的工具箱
- [ ] 【论文】反射控制———一个信息操纵理论的形成、发展与应用研究
- [ ] 【反恐】2024年7月全球恐怖主义事件汇总
极客公园
- [ ] 谷歌+始祖鸟，造出世界上第一条动力裤，3万块还卖爆了？
- [ ] 苹果发布会或定档 9 月 10 日；巴菲特狂卖 880 亿美元苹果股票；吉利银河 E5 上市，10.98 万元起 | 极客早知道
情报分析师
- [ ] 美国正在为即将到来的高科技战争做准备（第一部分）
- [ ] 美国正在为即将到来的高科技战争做准备（第二部分）
- [ ] 美国正在为即将到来的高科技战争做准备（第三部分）
吴鲁加
- [ ] Duolingo 如何重新点燃用户增长
航行笔记
- [ ] 21岁郑钦文奥运夺冠的一些启发
DEF CON Announcements!
- [ ] DEF CON Hotline!
迪哥讲事
- [ ] 接口文档下的渗透测试
Over Security - Cybersecurity news aggregator
- [ ] Surge in Magniber ransomware attacks impact home users worldwide
SANS Internet Storm Center, InfoCON: green
- [ ] OOXML Spreadsheets Protected By Verifier Hashes, (Sat, Aug 3rd)
Trend Micro Research, News and Perspectives
- [ ] Bringing Security Back into Balance
Security Affairs
- [ ] Chinese StormBamboo APT compromised ISP to deliver malware
- [ ] Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach
- [ ] Security Affairs Malware Newsletter – Round 5
- [ ] Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION
Full Disclosure
- [ ] Blind SQL Injection - dolphinv7.4.2.
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] So you want to make a career in low-level exploitation? The tragedy of low-level exploitation
- [ ] Help with ISO27005/risk assessment..?
- [ ] Getting knowledge to get into cybersecurity
TorrentFreak
- [ ] Taking Pirated Copies Offline Can Benefit Book Sales, Research Finds
Computer Forensics
- [ ] Computer Archeology: Exploring the Anatomy of an MS-DOS Virus
Information Security
- [ ] Entry-level Job opportunities in Cybersecurity (GRC)
Instapaper: Unread
- [ ] Loss of popular 2FA tool puts security-minded GrapheneOS in a paradox
- [ ] Hackers breach ISP to poison software updates with malware
- [ ] BunkerWeb The Next-Generation Open-Source Web Application Firewall
- [ ] Cybercrime hai ricevuto un MMS Forse è già troppo tardi
Blackhat Library: Hacking techniques and research
- [ ] In Need of mentor
- [ ] Can you extrapolate the code from a device and
Your Open Hacker Community
- [ ] Can't get disassembled code to look right
- [ ] Sql Injection - reflective value(s) found and filtering out
- [ ] How do I bypass mobile network throttling (read desc)
- [ ] Is it possible to hack some apps?
Deep Web
- [ ] What crosses the line as illegal on the deep web