Cybersecurity information flow

攻击者在其发布项目的环境依赖文件requirements.txt中添加恶意URL，以获取其恶意篡改的流行开源模块，从而在受害者电脑中植入窃密...

显示在2023年有49.6%的互联网流量竟来自机器人，比上一年增长 2%，达到自2013年以来观察到的最高水平。

Impacket专注于提供对数据包的简单编程访问，以及协议实现本身的某些协议（例如SMB1-3和MSRPC）。

The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
[GitHub]Extract useful information from PANOS support file for CVE-2024-3400

" 全球保护功能中存在命令注入漏洞，特定版本的PAN-OS软件以及独特的功能配置可能使未经身份验证的攻击者能够在防火墙上下执行具有root权限的任意代码。PAN-OS 10.2、PAN-OS 11.0和PAN-OS 11.1的修复程序正在开发中，预计将于2024年4月14日发布。云NGFW、Panorama设备和服务器接入不受此漏洞影响。所有其他版本的PAN-OS也不会受到影响。\n\n[GitHub]从PANOS支持文件中提取有关CVE-2024-3400的有用信息。"

Read text section bytes and format it for shellcode (64bit ELF only)

影响厂商:Revive Adserver 奖励: 危险等级:None
" 登录页面密码猜测攻击"

影响厂商:b'Revive Adserver'(https://hackerone.com/revive_adserver) 
" 登录页面密码猜测攻击"

Open Source EDR for Windows

Free, simple, and intuitive online database design tool and SQL generator.

Various one-off pentesting projects written in Nim. Updates happen on a whim.

🔥 Turn entire websites into LLM-ready markdown

真相 | 国际金融公司雇佣前间谍？ https://mp.weixin.qq.com/s/vvtqJz0liAVa1hlI_BWD3Q

Bishop Fox shares limited details about mitigation bypasses for PAN-OS CVE-2024-3400 in an effort to be maximally useful for defenders, while minimally useful for opportunistic attackers.

" 主教狐狸（Bishop Fox）在尽量确保对防御者最有帮助的同时，尽可能减少对机会主义攻击者的利用，分享了关于PAN-OS CVE-2024-3400缓解绕过的有限细节。"

The official Meta Llama 3 GitHub site

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
[GitHub]Finding Palo Alto devices vulnerable to CVE-2024-3400.

" 全球保护功能中存在命令注入漏洞，特定版本的PAN-OS软件和独特的特性配置可能使未经身份验证的攻击者能够在防火墙上以root权限执行任意代码。PAN-OS 10.2、PAN-OS 11.0 和 PAN-OS 11.1 的修复方案正在开发中，预计将于2024年4月14日发布。云NGFW、Panorama设备和服务器接入不受此漏洞影响。所有其他版本的PAN-OS同样不受影响。\n\n[GitHub] 发现Palo Alto设备易受CVE-2024-3400攻击。"

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect against cyber threats, while penetration testing is a specific activity where security teams test system vulnerabilities.

" 客户通常将进攻性安全与渗透测试混淆，然而它们在网络安全领域中具有不同的目的。进攻性安全是一个涵盖防范网络威胁的战略的宽泛术语，而渗透测试则是安全团队测试系统漏洞的具体活动。"

有新的漏洞组件被发现啦,组件ID:Sentry
Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more.

有新的漏洞组件被发现啦,组件ID:Docker
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `

Admin to Kernel code execution using the KSecDD driver

@ 目录 前言 环境搭建 前置知识 漏洞分析 漏洞利用 总结 参考 前言 最近在学习 Maglev 相关知识，然后看了一些与其相关的 CVE，感觉该漏洞比较容易复现，所以先打算复现一下，本文还是主要分析漏洞产生的原因，基础知识笔者会简单说一说，更多的还是需要读者自己去学习 这里说一下为什 ...

Artifact for ICSE 2023

某集团企业生产网（私有云或机房数据中心）、办公网终端均使用同一个AD域，那么其生产服务器是否需要脱域或其它方式整改？

Catcher(捕手) 重点系统指纹漏洞验证工具，适用于外网打点，资产梳理漏洞检查。

一、前言 本报告调查了我们从2022年7月初到2023年1月底在受CUJO AI保护的消费者网络中观察到的物联
Read More