chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-08-26 #629

Closed chainreactorbot closed 1 month ago

chainreactorbot commented 2 months ago

每日安全资讯（2024-08-26）

Security Boulevard
- [ ] USENIX Security ’23 – TRust: A Compilation Framework For In-Process Isolation To Protect Safe Rust Against Untrusted Code
- [ ] Beyond CVSS: Advanced Vulnerability Prioritization Strategies for Modern Threats
- [ ] Understanding Privileged Access Management Pricing in 2024
Doonsec's feed
- [ ] 实战 | 对某外国网站的一次内网渗透练手
- [ ] C/C++逆向：定位main函数（Debug-x86）
- [ ] 刻刀-rust | 脉冲红队快速资产探测综合工具使用指南
- [ ] 算法备案通过了，说说踩过的坑
- [ ] 漏洞复现|漏洞复现|短视频矩阵营销系统漏洞
- [ ] WPA2 与 802.1X：有什么区别？
- [ ] 直面天命：安全该是黑神话！
- [ ] 知识星球 | 历年网安报告合集一键下载；更新数据安全、数据资产、安全大模型技术等专题资料
- [ ] 在Z｜霸王茶姬高薪诚招IoT、移动、数据等安全专家及安全策略、风控、攻防、审计等工程师
- [ ] SRC挖掘-教育行业平台&规则&批量自动化
- [ ] 目标踩点信息收集界的IDE
- [ ] 0824~0825-攻防演练之请防守方重点关注威胁情报样本信息
- [ ] 「议题文档」高级恶意软件开发之RDI的进化
- [ ] CTF分享 | 命令执行-1
- [ ] 【资讯】中央网信办等十部门秘书局（办公厅、综合司）联合印发《数字化绿色化协同转型发展实施指南》
- [ ] 【资讯】吉林省工信厅印发《吉林省数字化车间（生产线）、智能工厂和未来工厂培育认定实施细则（暂行）》
- [ ] 【微信】长按两秒钟隐藏着8个功能！非常实用
- [ ] 又一网安企业半年财报证明：干的越多亏的越多
- [ ] 【海外SRC赏金挖掘】缓存配置错误而绕过授权，拿下严重2000刀！！
- [ ] 小额贷款公司业务信息系统要定为三级
- [ ] 工具化，是众多行业要遵循的核心路线！网安、密码、时空、数据等行业尤为如此！
- [ ] 【漏洞复现】某成科信票务管理系统 TicketManager.ashx SQL注入漏洞
- [ ] 麦当劳Instagram照片墙账户被盗称免费送加密币拉升币价黑客狂赚498万
- [ ] 武器库 | Win11集成化综合漏洞扫描系统[更新]
- [ ] 地市护网爽拿上万分，一次看个爽(文末抽奖)
- [ ] 【安全圈】Steam 崩了！《黑神话：悟空》的天命人们突遇“第八十二难”
- [ ] 【安全圈】某通信公司职员盗用 3400 余户家庭宽带账户、私搭基站贩售流量获刑
- [ ] 【安全圈】福建警方破获一起侵犯公民个人信息案
- [ ] 我是如何学习移动安全的
- [ ] 俄乌冲突两年后的俄罗斯国防工业
- [ ] .NET Remoting反序列化升级版之TypeFilterLevel.Low模式无文件payload任意代码执行
- [ ] 限时抢购｜GEEKCON 2024 中国站早鸟票开售啦
- [ ] 一文理清车端OTA技术栈
- [ ] 某系统用户凭据窃取
- [ ] CVE-2024-38063｜Windows TCP/IP远程代码执行漏洞
- [ ] CVE-2024-39397｜Magento Open Source文件上传远程代码执行漏洞
- [ ] dedecms 两个常见漏洞的复现
- [ ] 推荐一款非常炸裂的shell工具箱
- [ ] 2024笔记本电脑排名前十推荐（轻薄本）
- [ ] 【LSP专享】新增抖音直播下载，助眠视频夏茉高清视频1V
- [ ] 浙江省网络信息安全技术管控中心招人！
- [ ] 论道五·虚无
- [ ] 近期值得关注的IOC（2024-08-25）
- [ ] Telegram 创始人帕维尔·杜罗夫被捕
- [ ] 《黑神话：悟空》发行平台“崩了”，奇安信：60个僵尸网络，攻击一夜暴涨2万倍
- [ ] 奇安信亮相HICOOL2024全球创业者峰会
- [ ] 开源恶意流量检测系统
- [ ] CVE-2024-20693：Windows 缓存代码签名操纵
- [ ] 威胁追踪案例研究：追踪 GootLoader
- [ ] 大华DSS 视频管理系统存在group_saveGroup注入
- [ ] 警惕！你买的充电宝，可能是窃听器
- [ ] 俄罗斯telegram创始人在法国被捕，他会交出解密私钥吗？
- [ ] 星盟安全RE系列|恶意程序分析
- [ ] 记一次恶意APP逆向分析实战
- [ ] 一只行李箱的旅途--2024桂林阳朔
- [ ] [提权漏洞] CVE-2024-38054 特权提升漏洞 win11可用含利用脚本
- [ ] 电报（Telegram）应用程序创始人是谁，什么原因导致他被逮捕？
- [ ] 蓝队技战法总结
- [ ] SecLists：安全测试伴侣，渗透测试资源收集项目
- [ ] 【漏洞分享】用友GRP-U8 漏洞利用用友GRP-U8 userInfoWeb SQL注入
- [ ] 以色列经济在加沙冲突中的损失评估
- [ ] 华为交换机如何检查设备的运行情况，记住这11个命令即可！
- [ ] 漏洞挖掘 | 记一次Spring横向渗透
- [ ] 掌控安全CTF挑战赛送【黑神话：悟空】直面天命！
- [ ] IDOR导致上万医疗保险文件泄露
- [ ] 【2024-08-25】每日安全资讯
- [ ] 震惊！Telegram 创始人Pavel Durov在法国机场被捕！
- [ ] telegram创始人被捕
- [ ] 金融公司大量财务文件被窃！亚信安全《勒索家族和勒索事件监控报告》(2024年第29期）
- [ ] Explain-MySQL分析和优化查询的核心工具
- [ ] 一图读懂丨全球首部《人工智能法案》正式生效，划重点→
- [ ] 因数据安全问题，交银信托吃百万罚单！（附网络与数据安全典型案例）
- [ ] 使“upx -d”解包变得不可能！
- [ ] 活动总结|Hacking Group 0772&0771A联谊活动
- [ ] 无敌了！强烈建议网工运维今年拿下软考！
- [ ] 实战 | 某外汇常用CMS通用未授权RCE
- [ ] 如何同时Ping多个IP地址，一个小技巧节约N小时？
- [ ] TG“电报”创始人在法国被捕，会影响各位大黑客吗？
- [ ] Telegram“电报”创始人在法国被捕
- [ ] 网络安全职场必备的七种工作态度
- [ ] 我国0day研究能力探究
- [ ] Telegram 首席执行官 Pavel Durov 在法国被捕
- [ ] 黑客可以接管科沃斯家用机器人来监视其主人
- [ ] 一种ATT&CK 尚未收录的持久化技术
- [ ] 月球土壤可以变成水源
- [ ] 震惊！他被捕了!
- [ ] Bug 赏金狩猎 — 完整指南（第 3 部分）
- [ ] 媒体报道｜《黑神话：悟空》玩家过多致Steam崩了？知道创宇李伟辰：DDoS攻击在游戏行业非常常见，黑客以此谋利
- [ ] 【流量分析】Java框架Shiro、工具利用、漏洞复现以及流量特征分析
Twitter @Nicolas Krassas
- [ ] New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html
- [ ] Hackers can take over Ecovacs home robots to spy on their owners https://securityaffairs.com/167508/hacking/researchers-hacked-ecovacs-devices.html
- [ ] Telegram Founder Pavel Durov Reportedly Arrested in France https://hackread.com/telegram-founder-pavel-durov-arrested-in-france/
- [ ] PHPStan: PHP Static Analysis Tool https://meterpreter.org/phpstan-php-static-analysis-tool/
- [ ] Flow Analyzer: help in testing and analyzing OAuth 2.0 Flows https://meterpreter.org/flow-analyzer-help-in-testing-and-analyzing-oauth-2-0-flows/
- [ ] ShellSweepX: A Precision Tool for Web Shell Detection https://securityonline.info/shellsweepx-a-precision-tool-for-web-shell-detection/
unSafe.sh - 不安全
- [ ] Mac executable creation issue
- [ ] USENIX Security ’23 – TRust: A Compilation Framework For In-Process Isolation To Protect Safe Rust Against Untrusted Code
- [ ] LM Studio – 有电脑就能用，开源、傻瓜、一站式部署本地大语言模型｜然后，像 ChatGPT 那样提问
SecWiki News
- [ ] SecWiki News 2024-08-25 Review
A Few Thoughts on Cryptographic Engineering
- [ ] Is Telegram really an encrypted messaging app?
ongoing by Tim Bray
- [ ] Mozart Requiem
Recent Commits to cve:main
- [ ] Update Sun Aug 25 22:30:30 UTC 2024
- [ ] Update Sun Aug 25 14:33:18 UTC 2024
- [ ] Update Sun Aug 25 06:35:56 UTC 2024
Private Feed for M09Ic
- [ ] HuYlllc pushed to console in chainreactors/malice-network
- [ ] theLSA starred KTH-LangSec/server-side-prototype-pollution
- [ ] theLSA starred LivingInSyn/netgear_hashcat_wordlist
- [ ] theLSA starred bunkerity/bunkerweb
- [ ] theLSA starred UndeadSec/DockerSpy
- [ ] theLSA starred helviojunior/hookchain
- [ ] theLSA starred miurla/morphic
- [ ] theLSA starred OSPG/binwalk
- [ ] theLSA starred xv0nfers/V8-sbx-bypass-collection
- [ ] theLSA starred canyie/MagiskEoP
- [ ] theLSA starred xv0nfers/V8sandbox_bypass
- [ ] theLSA starred h0ny/NacosExploit
- [ ] theLSA starred nmmapper/python3-nmap
- [ ] theLSA starred zen-browser/desktop
- [ ] theLSA starred Chenyme/Chenyme-AAVT
- [ ] theLSA starred linkedin/Liger-Kernel
- [ ] theLSA starred BASI-LABS/parseltongue
- [ ] theLSA starred AabyssZG/Chrome-RCE-Poc
- [ ] gh0stkey starred nanxiaobei/resso
- [ ] gh0stkey starred rust-lang-cn/rust-by-example-cn
- [ ] gh0stkey released CaA 1.0 at gh0stkey/CaA
- [ ] Rvn0xsy starred lionsoul2014/ip2region
- [ ] su18 starred jdr2021/OSSFileBrowse
Sandfly Security Blog RSS Feed
- [ ] Agentless Password Auditing for Linux White Paper
奇客Solidot–传递最新科技情报
- [ ] NASA 宣布波音 Starliner 宇航员将搭乘 SpaceX Crew-9 返回地面
- [ ] Telegram CEO 在法国机场被捕
看雪学苑
- [ ] .NET Remoting反序列化升级版之TypeFilterLevel.Low模式无文件payload任意代码执行
- [ ] 限时抢购｜GEEKCON 2024 中国站早鸟票开售啦
黑海洋 - WIKI
- [ ] 内网穿透大全
- [ ] 黑群晖一键修复：root、AME、DTS、转码、CPU型号等
- [ ] 黑群晖：全球区账号注册教程、群晖安装及洗白教程、常见问题解决
- [ ] PVE 6.8内核开启核显SR-IOV 教程
- [ ] 安卓应用一键隐藏（免root）
奇安信威胁情报中心
- [ ] 近期值得关注的IOC（2024-08-25）
青衣十三楼飞花堂
- [ ] 一只行李箱的旅途--2024桂林阳朔
极客公园
- [ ] Telegram CEO 被法国警方逮捕；IBM 在华上千员工被突然关闭访问权限；中国移动入股荣耀 | 极客早知道
丁爸情报分析师的工具箱
- [ ] 【情报实战】沙利文近期为什么要访华？
迪哥讲事
- [ ] SRC挖掘-教育行业平台&规则&批量自动化
Over Security - Cybersecurity news aggregator
- [ ] Traderie - 364,898 breached accounts
- [ ] Pavel Durov, fondatore di Telegram, arrestato in Francia. Perché questo può essere un problema per Internet
- [ ] Stealthy 'sedexp' Linux malware evaded detection for two years
- [ ] Audit finds notable security gaps in FBI's storage media management
- [ ] Medusa ransomware group: an IT services company in Houston suffers a cyber attack with data loss
dotNet安全矩阵
- [ ] .NET内网实战：通过回调函数执行Shellcode
- [ ] .NET 安全攻防知识交流社区
- [ ] .NET 一款体积极小用于规避WAF的Shell
Have I Been Pwned latest breaches
- [ ] Traderie - 364,898 breached accounts
Troy Hunt's Blog
- [ ] Weekly Update 414
The Hacker News
- [ ] Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures
- [ ] New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules
Security Affairs
- [ ] France police arrested Telegram CEO Pavel Durov
- [ ] SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8
- [ ] Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION
- [ ] U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog
TorrentFreak
- [ ] ‘Bonus’ Episode of ‘House of the Dragon’ Comes With a Nasty Surprise for Pirates
Your Open Hacker Community
- [ ] Question about wordlists
Social Engineering
- [ ] How to see through people's defenses
Full Disclosure
- [ ] Re: [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication
- [ ] SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP
Technical Information Security Content & Discussion
- [ ] SLUBStick risk assessment for embedded systems
Computer Forensics
- [ ] Passed CHFI!
- [ ] I am trying to find large log files of real breaches, regardless of tech
Dark Space Blogspot
- [ ] Come Sarà Polkadot 2.0? Coretime, Dot Burn e JAM