Cybersecurity information flow

以极低成本提高安全运营能力，释放安全工程师生产力。

We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat landscape, has garnered industry-wide recognition. This accolade reaffirms Wallarm's position at the forefront of [...]
The post Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award appeared first on Wallarm.

" 我们非常高兴地宣布，Wallarm 在“最佳API安全产品”类别中荣获了备受瞩目的2024网络安全卓越奖。我们坚定不移地致力于创新解决方案，保护数字生态系统，加强API安全，以应对不断变化的网络安全威胁格局，赢得了业界广泛认可。这一荣誉重申了Wallarm在 [...]\n\n荣获2024网络安全卓越奖——最佳API安全产品：Wallarm首度亮相。"

Hello啊 各位看雪的大佬们在家天天玩游戏 无聊的一~ 在一个风和日丽的下午 我躺在床上玩手机 偶然间看到一个交流群里面 有人在收所谓的dwm反截图 于是就起来研究了一番 ...

前言 昨天一个师傅给了我一道 linux kernel pwn 题目，然后我看了感觉非常有意思，题目也不算难（在看了作者的提示下），所以就花时间做了做，在这里简单记录一下。这个题是 BFS Lab 2022 年的一道招聘题？还有一道 window 利用相关的，但我不太会，这两道题目做出来就可以获得 ...

An open-source protocol designed to create high-performance, local-first, peer-to-peer, end-to-end encrypted applications that facilitate seamless …

说明：本篇文章成型很久，现在已退役，后期完善不足，各位师傅将就看吧前篇地址：钉子户的迁徙之路（一）：https://bbs.kanxue.com/thread-281631.htm 4.三迁钉子户 1. 灵魂呼叫（question_5） 从上面分析可知由于 ret2csu 长度为 0x80， ...

该间谍组织已被观察到以非政府组织、媒体机构、教育机构、活动家和法律服务机构为目标。

本文记录在一次SRC挖掘过程中发现的用户枚举导致了敏感信息泄露以及水平越权。难度不大，分享一些漏洞挖掘的思路。

发布时间:2024-05-06 演讲时间:0000-00-00 12:00am 演讲时长:30-Minute
Tags:['Mobile', 'Exploit Development & Vulnerability Discovery'] 无附件
<div><span>The advent of 5G technology promises to revolutionize the mobile communication landscape, offering faster speeds and more secure connections. However, this technological leap also introduces many security challenges, particularly within the 5G baseband in mobile phones. Our research introduces 5GBaseChecker, the first ever dynamic security testing framework designed to uncover logical vulnerabilities, e.g., authentication bypass in the protocol implementations of 5G basebands. With the design of new automata learning and differential testing techniques, 5GBaseChecker not only identifies 0-day vulnerabilities but also facilitates the systematic root cause analysis of the security flaws in commercial 5G basebands. With 5GBaseChecker, we tested 17 commercial 5G basebands and 2 open-source 5G baseband (UE) implementations and uncovered 13 unique 0-day vulnerabilities and 65 vulner

发布时间:2024-05-02 演讲时间:0000-00-00 12:00am 演讲时长:40-Minute
Tags:['Platform Security', 'Application Security: Offense'] 无附件
<div><span>The security architecture of modern operating systems is intricate and layered. To effectively challenge these defenses, attackers must extensively audit the security policies of the operating system across various dimensions. In July 2023, the speaker redirected their focus from Android and IoT vulnerabilities to those within macOS. This transition was motivated by an intent to adapt methodologies typically employed by Android security researchers for use in macOS environments, which subsequently led to the identification of numerous vulnerabilities.</span></div><div><span><br></span></div><div><span>In this presentation, the speaker will explore the implementation and vulnerabilities of macOS security mechanisms, including TCC, sandboxing, and application management mechanisms. </span></div><div><span><br></span></div><div><span>Additionally, the speaker will introduce a generic 

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.
[GitHub]LINKSYS AC1900 EA7500v3 IGD UPnP Stack Buffer Overflow Remote Code Execution Vulnerability

" 缓冲区溢出漏洞：LINKSYS EA7500 3.0.1.207964 版本允许远程攻击者通过向IGD UPnP发送HTTP请求来执行任意代码。\n[GitHub] LINKSYS AC1900 EA7500v3 IGD UPnP 堆栈缓冲区溢出远程代码执行漏洞"

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address.
[GitHub](CVE-2023-31290) Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023.

" 信任钱包核心版本3.1.1之前，以及在信任钱包浏览器扩展版0.0.183之

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
[GitHub][CVE-2024-23897] Jenkins CI Authenticated Arbitrary File Read Through the CLI Leads to Remote Code Execution (RCE)

" Jenkins 2.441及更早版本，LTS 2.426.2及更早版本，在其CLI命令解析器中未禁用一个功能，该功能将在参数中跟随文件路径的'@'字符替换为文件内容，允许未授权的攻击者读取Jenkins控制器文件系统上的任意文件。\n[GitHub][CVE-2024-23897] Jenkins CI通过CLI实现认证任意文件读取，导致远程代码执行（RCE）\n\n（注：信达雅的翻译要求对原文进行一定的修饰和调整，使其更符合中文表达习惯。以上翻译仅供参考。）"

[GitHub](CVE-2023-31290) Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023.

" [GitHub](CVE-2023-31290) Trust Wallet Core 版本小于 3.1.1，如在 Trust Wallet 浏览器扩展版本小于 0.0.183 时，由于熵仅为 32 位，存在资金被盗的风险，此漏洞已在2022年12月和2023年3月野外场景中被利用。"

Enumerate and disable common sources of telemetry used by AV/EDR.

This repo content a cheatsheet page from tailwindcompnents.com

Introduction In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed in private, there was no […]

" 简介\n\n2023年底和2024年初，NCC集团硬件和嵌入式系统实践团队接受了一项任务，对几款智能手机的基带固件进行逆向工程。这其中包括基于nanoMIPS架构的MediaTek 5G基带固件。尽管我们了解到一些针对Ghidra开发的nanoMIPS模块，但在此之前，还没有公开可用的……"

A game demo for Ant engine

GrowingBugRepository: 公开缺陷基准数据集 https://github.com/liuhuigmail/GrowingBugRepository
PyPI生态系统中恶意代码的实证研究 https://mp.weixin.qq.com/s/DYYlg8aCGduHSSjDSMXyIQ

📡 [Monthly Fuzzing] May 2024 📺 Videos/Podcasts Discoveries from Analyzing 141 Real-World ZK-SNARK Vulnerabilities! 🧐 – https://youtu.be/oxvcEXha69c https://youtu.be/oxvcEXha69c 📝 Blogposts/Papers/Slides ImageIO, the infamous iOS Zero Click Attack Vector. – https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html The Windows Registry Adventure #1: Introduction and research results – https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html A Basic Guide to AFL QEMU – https://medium.com/@cy1337/a-basic-guide-to-afl-qemu-495df504b5fb ⚙️ Tools/Repositories what the fuzz: Linux...

" 📡【每月模糊测试】2024年5月📺视频/播客🎥现实世界ZK-SNARK漏洞分析成果！🧐——观看视频：https://youtu.be/oxvcEXha69c\n\n📝博客/论文/幻灯片📚\n1. ImageIO，臭名昭著的iOS零点击攻击向量。🔍——阅读全文：https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html\n2. Windows注册表冒险#1：简介和研究结果。🔬——阅读全文：https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html\n3. AFL QEMU基础知识指南。📚——阅读全文：https://medium.com/@cy1337/a-basic-guide-to-afl-qemu-495df504b5

A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
[GitHub]CVE-2024-34469

[GitHub]CVE-1999-54321

" [GitHub] CVE-1999-54321\n\n[GitHub] 通用漏洞披露：CVE-1999-54321"

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.
[GitHub]Critical use-after-free vulnerability discovered in Tinyproxy

" 在Tinyproxy 1.11.1和Tinyproxy 1.10.0中的HTTP连接头解析过程中存在使用后释放的漏洞。特殊构造的HTTP头可以触发先前已释放内存的重新使用，导致内存损坏，并可能导致远程代码执行。攻击者需要发送一个未认证的HTTP请求来触发此漏洞。\n[GitHub] 在Tinyproxy中发现了关键的使用后释放漏洞。"

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
[GitHub]CVE-2024-27956

" 下列文字翻译为中文：不当过滤SQL命令中使用的特殊元素('SQL注入')漏洞在ValvePress自动项目中允许SQL注入。此问题影响自动项目：从n/a直至3.92.0版本。\n[GitHub]CVE-2024-27956"

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
[GitHub]PoC for Exploiting CVE-2024-31848/49/50/51 - File Path Traversal

" 在使用嵌入式Jetty服务器运行的CData API Server Java版本<23.4.8844中存在路径遍历漏洞，这可能导致未经身份验证的远程攻击者获得对应用程序的完全管理员权限。\n[GitHub]证明利用CVE-2024-31848/49/50/51 - 文件路径遍历\n\n（注：CVE-2024-31848/49/50/51是安全漏洞的编号，此处表示多个漏洞。）"

Trustwave has been positioned in the Leaders Category in the IDC MarketScape for Worldwide Emerging Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc #US50101523 April 2024).

" 信任wave（Trustwave）在2024年全球新兴托管检测与应对（MDR）服务IDC市场景观报告中被列为领导者类别（报告编号：US50101523，2024年4月）。"

Custom Query list for the Bloodhound GUI based off my cheatsheet