Hello Hacking8!

This post is part 3 of the series: The foundations of end-to-end encryption and contains excerpts from my book Black Hat Rust about Security, Rust and Cryptography. When 2 parties, let's say Alice and Bob, want to exchange messages over an insecure channel, they need to find a way to
这篇文章是这个系列的第3部分: 端对端加密的基础，包含了我的书《黑帽锈病: 安全、锈病和密码学》的节选。当两方，比如 Alice 和 Bob，想要在不安全的通道上交换消息时，他们需要找到一种方法

Let us not beat around the bush: Rust is not easy to learn. I think it took me nearly 1 year of full-time programming in Rust to become proficient and no longer have to read the documentation every 5 lines of code. It's a looong journey but absolutely worth it.
让我们不要拐弯抹角: 生锈是不容易学的。我想我花了将近一年的时间在 Rust 中全职编程，才变得精通，不再需要每5行代码就读一次文档。这是一段漫长的旅程，但绝对值得。

I've been interested in functional programming since a friend introduced Haskell to me at University. While I never successfully learned Haskell as it's too far from what I was using day to day (C and Node.js), a new language perfectly mixing imperative and functional programming so that even the most
自从我大学的一个朋友介绍 Haskell 给我之后，我就对函数式编程产生了兴趣。虽然我从来没有成功地学习过 Haskell，因为它离我每天使用的 c 和 Node.js 太远了，但是这是一种完美地混合了命令式编程和函数式编程的新语言

Hacking stories are fictitious adventures backed by real-world hacking techniques. Their sole purpose is education. All characters, places and events in this publication are fictitious and any resemblance to real persons, living or dead, is purely coincidental. Andrei lives a calm and quiet life in the countryside of a small
黑客故事是以现实世界的黑客技术为后盾的虚构冒险。他们唯一的目的就是教育。本书中的所有人物、地点和事件都是虚构的，任何与现实人物的相似之处，无论是活着的还是死去的，都纯属巧合。安德烈过着平静安详的生活，在乡村的一个小小的

Rust is designed by a committee, by choice. If you ever have managed a project, you should smell the unfocused monstrosity coming from 100 KM away. And yet, after many years, I've come to the conclusion that in Rust's case, it's a huge asset instead of a liability. Generics, algebraic
锈是由一个委员会自己选择设计的。如果你曾经管理过一个项目，你应该闻到来自100公里之外没有焦点的怪物。然而，多年之后，我得出结论，在拉斯特的案例中，它是一笔巨大的资产，而不是一项负债。泛型，代数

Last week, I moved my weekly newsletter from Mailchimp to my own program, and the worse happened. Like every week, I write the newsletter from Monday to Wednesday and schedule it for Wednesday afternoon. After editing it and having fixed typos, I scheduled it for 2022-03-23 12:15:00 UTC and started
上周，我把每周一次的时事通讯从 Mailchimp 移到了自己的项目中，结果更糟糕的事情发生了。像每周一样，我从周一到周三写时事通讯，然后把它安排在周三下午。在编辑完毕并修正了拼写错误之后，我将它安排在 UTC 时间2022-03-2312:15:00，然后开始

This post contains excerpts of my book Black Hat Rust Now we have a mostly secure RAT, it's time to expand our reach. Until now, we limited our builds to Linux. While the Linux market is huge server-side, this is another story client-side, with a market share of roughly 2.5%
这篇文章包含了我的书《黑帽锈病》的节选现在我们有了一个基本安全的 RAT，是时候扩大我们的影响范围了。到目前为止，我们将构建限制在 Linux 上。虽然 Linux 市场是巨大的服务器端，但客户端则是另一回事，市场份额约为2.5% 

I sincerely believe that Rust is a huge step forward in terms of software reliability and performance, which directly translate to $$ and time saved. It solves a lot of problems that I face every day as a developer, such as immutability and good abstractions. But like all technologies, it
我真诚地相信 Rust 在软件的可靠性和性能方面是一个巨大的进步，这直接转化为 $和节省的时间。它解决了我作为一个开发人员每天面临的许多问题，比如不变性和良好的抽象。但是就像所有的技术一样，它

The profile of attackers is highly diversified. From lone wolves to teams of hackers, developers to analysts, there is definitely not a common profile that fits them all. However, in this section, I will try to portray which profiles should be part of a team conducting offensive operations. This post
攻击者的特征是高度多样化的。从独行侠到黑客团队，从开发人员到分析师，肯定没有一个适合他们所有人的共同配置文件。然而，在这一部分，我将尝试描绘哪些档案应该是一个团队进行进攻行动的一部分。这篇文章

Unfortunately, using threads is not a free and easy win. Concurrency issues are the fear of a lot of developers. Due to their unpredictable behavior, they are extremely hard to spot and debug. They can go undetected for a long time, and then, one day, simply because your system is
不幸的是，使用线程并不是一个自由和容易的胜利。并发性问题是许多开发人员的恐惧。由于其不可预知的行为，它们极难发现和调试。它们可能在很长一段时间内都没有被发现，然后，有一天，仅仅因为你的系统

This post contains excerpts of my book Black Hat Rust where you'll learn Rust, offensive security and cryptography. Bug bounty 101 Bug bounty programs are the uberization of offensive security. No interview, no degree asked. Anyone can join the party and try to make money or a reputation by finding
这篇文章包含了我的书黑帽锈病的摘要，在这里你将学习锈病，攻击性安全和密码学。Bug bounty 101 Bug bounty program 是进攻性安全的 uberization。没有面试，没有学位要求。任何人都可以加入这个政党，通过寻找新的目标来赚钱或者建立声誉

While solving a not-so-easy lifetime problem in Rust related to async closures, I came to think: Is life too short to fight the borrow checker? I mean, don't get me wrong, I love solving problems and the beauty of efficient and correct code, but sometimes, too much is too much.
在解决 Rust 中与异步闭包相关的一个不那么容易的生存期问题时，我开始思考: 生命太短了，无法与借入检查器抗争吗？我的意思是，不要误会我的意思，我喜欢解决问题，喜欢高效正确的代码，但有时候，太多就是太多了。

Building a crawler in Rust: Building a crawler in Rust: Design and Associated Types Building a crawler in Rust: Synchronization (Atomic Types and Barriers) Building a crawler in Rust: Implementing the crawler Building a crawler in Rust: Scraping and Parsing HTML Building a crawler in Rust: Crawling a JSON API
在锈中构建一个爬虫: 在锈中构建一个爬虫: 设计和相关类型在锈中构建一个爬虫: 同步(原子类型和障碍)在锈中构建一个爬虫: 在锈中实现爬虫构建一个爬虫: 在锈中构建一个爬虫: 在 HTML 中构建一个爬虫: 在 JSON API 中爬行

If you have been following this blog for a long time, you may have noticed a recent drop in the quality of the content. There is only one reason: I lost my focus. To be honest, the currents events (pandemic, war) and, more particularly, how they are handled by the
如果你已经关注这个博客很长时间了，你可能已经注意到最近内容质量的下降。只有一个原因: 我失去了注意力。老实说，这些电流事件(大流行病、战争) ，更具体地说，它们是如何被

axum's router does not natively support hostname-based routing, which may be useful if you need to serve multiple applications with a single server. Fortunately, it's easy to compose multiple Routers to route your requests depending on the Host header. Here is how. Host based routing First, we define our two
Axum 的路由器本身不支持基于主机名的路由，如果您需要使用单台服务器为多个应用程序服务，那么这种路由可能非常有用。幸运的是，很容易组合多个路由器根据主机头路由请求。以下是如何做到这一点。基于主机的路由首先，我们定义两个

Last week we saw how to design a crawler. Today we are going to see implementation details: how to use Rust's synchrnoization primitives to make our crawler as efficient as possible. This post is an excerpts of my book Black Hat Rust Building a crawler in Rust: Building a crawler
上周我们学习了如何设计一个爬行器。今天我们将看到实现细节: 如何使用 Rust 的同步化原语来使我们的爬虫尽可能高效。这篇文章是我的书黑帽锈病建立一个铁锈履带: 建立一个履带

The software industry when we hear the word "security" There is no one month without some popular dependencies found to be compromised or backdoored. I've already written about how easy it is to insert a stealth backdoor in a software package, so today we are going to see how attackers
当我们听到“安全”这个词的时候，软件行业没有一个月不会发现一些流行的依赖项被破坏或者被撤销。我已经写过在软件包中插入隐形后门是多么容易，所以今天我们将看到攻击者是如何做到的

Building a crawler in Rust: Building a crawler in Rust: Design and Associated Types Building a crawler in Rust: Synchronization (Atomic Types and Barriers) Building a crawler in Rust: Implementing the crawler Building a crawler in Rust: Scraping and Parsing HTML Building a crawler in Rust: Crawling a JSON API
在锈中构建一个爬虫: 在锈中构建一个爬虫: 设计和相关类型在锈中构建一个爬虫: 同步(原子类型和障碍)在锈中构建一个爬虫: 在锈中实现爬虫构建一个爬虫: 在锈中构建一个爬虫: 在 HTML 中构建一个爬虫: 在 JSON API 中爬行

The Hare programming language was announced a few days ago, and, at first glance, its syntax looks similar to Rust. So, why would (smart) people bother to create a new language which aims to fulfill the same niche as Rust (system programming), with a similar syntax, but without generics? Rust
Hare 编程语言是几天前发布的，乍一看，它的语法类似于 Rust。那么，为什么(聪明的)人们会不厌其烦地创建一种新的语言，它的目标是完成与 Rust (系统编程)相同的小生境，具有相似的语法，但没有泛型？铁锈

TL;DR: Use npm ci in your CI/CD pipelines and npm install on your machine. When running npm install, you may notice that the command modifies your package-lock.json file from time to time. There are many reasons for that: different versions of npm (or other package managers) may have been used
在 CI/CD 管道中使用 npm CI，并在计算机上安装 npm。在运行 npm 安装时，您可能会注意到命令修改了包锁。时不时的打开 json 文件。原因有很多: 可能使用了不同版本的 npm (或其他包管理器)

Building a crawler in Rust: Building a crawler in Rust: Design and Associated Types Building a crawler in Rust: Synchronization (Atomic Types and Barriers) Building a crawler in Rust: Implementing the crawler Building a crawler in Rust: Scraping and Parsing HTML Building a crawler in Rust: Crawling a JSON API
在锈中构建一个爬虫: 在锈中构建一个爬虫: 设计和相关类型在锈中构建一个爬虫: 同步(原子类型和障碍)在锈中构建一个爬虫: 在锈中实现爬虫构建一个爬虫: 在锈中构建一个爬虫: 在 HTML 中构建一个爬虫: 在 JSON API 中爬行

Over the decades, Humans have proved to be pretty bad at producing bug-free software. Trying to apply our approximative, fuzzy thoughts to perfectly logical computers seems doomed. While the practice of code reviews is increasing, especially with the culture of Open Source becoming dominant, the situation is still far from
在过去的几十年里，人类已经被证明在生产无 bug 的软件方面相当糟糕。试图将我们近似的、模糊的思维应用到逻辑完美的计算机上似乎注定要失败。虽然代码审查的实践正在增加，特别是随着开源文化占据主导地位，但情况仍然远远不是这样

Life is too short to manually upgrade the packages of your machine twice a week, so here is how to automate the software updates of an Ubuntu server (20.04 or 22.04). First, you need to install unattended-upgrades: $ sudo apt install unattended-upgrades Then configure it: $ sudo dpkg-reconfigure -plow unattended-upgrades
生命如此短暂，无法每周两次手动升级你机器的软件包，所以这里是如何自动升级 Ubuntu 服务器的软件(20.04或22.04)。首先，您需要安装无人参与的升级: $sudo apt install unattended-updates 然后配置它: $sudo dpkg-reconfigure-plow unattended-updates

When you want to maximize the uptime of your servers, you need a way to update the kernel to fix security vulnerabilities without having to reboot the machines. For that, Canonical provides livepatch: a way to apply live security patches to the Ubuntu's kernel, without the need to reboot. And
当您希望最大化服务器的正常运行时间时，需要一种方法来更新内核以修复安全漏洞，而不必重新启动机器。为此，Canonical 提供了 livepatch: 一种将现场安全补丁应用到 Ubuntu 内核的方法，无需重新启动。还有

Building a crawler in Rust: Building a crawler in Rust: Design and Associated Types Building a crawler in Rust: Synchronization (Atomic Types and Barriers) Building a crawler in Rust: Implementing the crawler Building a crawler in Rust: Scraping and Parsing HTML Building a crawler in Rust: Crawling a JSON API
在锈中构建一个爬虫: 在锈中构建一个爬虫: 设计和相关类型在锈中构建一个爬虫: 同步(原子类型和障碍)在锈中构建一个爬虫: 在锈中实现爬虫构建一个爬虫: 在锈中构建一个爬虫: 在 HTML 中构建一个爬虫: 在 JSON API 中爬行

After the darkness came the Sun, and today I have some happiness to share. This is why I decided to offer a big discount on my book Black Hat Rust for 1 week. To activate the discount, use the coupon code: HAPPY2022 Buy Now!
黑暗过后，太阳升起，今天我有一些快乐可以分享。这就是为什么我决定提供一个大的折扣，我的书黑帽锈为1周。激活折扣，使用优惠券代码: happy2022立即购买！

A few weeks ago, I wrote: ""I believe that Rust moves too fast" and "a programming language is a platform". Some people raised good objections, so I thought it would be good to write a follow-up to explain my thoughts. Nowadays, everyone wants to be agile, move fast, and break
几周前，我写道: “我认为 Rust 发展得太快了”，“编程语言是一个平台”。有些人提出了很好的反对意见，所以我认为写一篇后续文章来解释我的想法是很好的。现在，每个人都想变得敏捷，快速移动，突破

This morning I woke up, and my smartphone told me that it was not available for use because it needed to install an update. As a security-conscious nerd, I kindly accepted and let it do its stuff. 15 minutes later, it is usable again. When arriving at my office, my
今天早上我醒来，我的智能手机告诉我，它不能使用，因为它需要安装一个更新。作为一个有安全意识的书呆子，我好心地接受了，让它做自己的事情。15分钟后，它又可用了。当我到达办公室时，我的

Building a crawler in Rust: Building a crawler in Rust: Design and Associated Types Building a crawler in Rust: Synchronization (Atomic Types and Barriers) Building a crawler in Rust: Implementing the crawler Building a crawler in Rust: Scraping and Parsing HTML Building a crawler in Rust: Crawling a JSON API
在锈中构建一个爬虫: 在锈中构建一个爬虫: 设计和相关类型在锈中构建一个爬虫: 同步(原子类型和障碍)在锈中构建一个爬虫: 在锈中实现爬虫构建一个爬虫: 在锈中构建一个爬虫: 在 HTML 中构建一个爬虫: 在 JSON API 中爬行

I personally find bitsquatting attacks mind-blowing! The idea is that computers suffer from memory errors where one or more bits are corrupted, they are different than their expected value. It can come from electromagnetic interference or cosmic rays (!). This post is an excerpts of my book Black Hat Rust
我个人觉得蹲点攻击很刺激！这个想法是，计算机遭受内存错误，一个或多个位损坏，他们不同于他们的预期值。它可能来自电磁干扰或宇宙射线.这篇文章是我的书《黑帽锈病》的一个节选

In Hacking Stories #1 - The Evil Twin I teased the simplicity and effectiveness of an evil twin attack. Now it's time to see how to perform it in practice. The most effective phishing attack I ever witnessed was not an email campaign. It was an evil twin attack. The
在黑客故事 # 1-邪恶双胞胎我取笑的简单性和有效性的邪恶双胞胎攻击。现在是时候看看如何在实践中实现它了。我见过的最有效的钓鱼攻击不是电子邮件攻击。这是一次邪恶的双胞胎袭击。这个

By default, Rust produces fairly large binaries, which may be annoying when building a RAT. A larger executable means more resources used on the system, longer and less reliable downloads, and easier to be detected. We will see a few tips to reduce the size of a Rust executable. Note
默认情况下，Rust 生成相当大的二进制文件，这在构建 RAT 时可能会令人讨厌。更大的可执行文件意味着系统上使用的资源更多，下载时间更长，更不可靠，并且更容易被检测到。我们将看到一些提示，以减少大小的锈病可执行文件。注意

Tests are not meant to be manually run each time you write code. It would be a bad usage of your precious time. Indeed, Rust takes (by design) a loooong time to compile. Running tests on your own machine more than a few times a day would break your focus.
测试并不意味着在每次编写代码时都要手动运行。这会浪费你宝贵的时间。实际上，“锈病”需要花费很长时间来编译。每天在自己的机器上运行多次测试会分散注意力。

Malicious bots can cause a lot of damages to your websites whether it be stealing your content or scanning for vulnerabilities. Here is how to defend against them. This post is an excerpts of my book Black Hat Rust A zip bomb is a specifically crafted archive abusing the compression
恶意的机器人会对你的网站造成很大的损害，无论是窃取你的内容还是扫描漏洞。下面是如何防御它们的方法。这篇文章是我的书《黑帽锈弹》的一个节选，这是一个专门滥用压缩的精心制作的档案

#SDL 业务方有防止api被滥用的需求,我就想起来了这个鬼...

This release adds a number of enhancements to Burp Scanner, including several new JWT-based scan checks and an option to skip unauthenticated crawling when you've provided application logins. The BApp
这个版本增加了一些对 Burp Scanner 的改进，包括几个新的基于 jwt 的扫描检查，以及在提供应用程序登录时跳过未经身份验证的爬行选项。应用程序

If you’re on the hunt for cracked software or games, be warned. Rogue ISO archive files are looking to infect your systems with ChromeLoader. If you think campaigns such as this only target Windows users, you’d sadly be very much mistaken. The attack sucks in several operating systems and even uses mobiles as bait to draw in additional victims.
Of PowerShells and ISOs
An optimal disc image (ISO) is a disk image containing everything written to an optical disc. If someone copied a DVD or CD-ROM, they may end up with an ISO. With the right software, these files can be mounted and read as if the device was reading from a physical disc.
If a malware author claims to be offering cracked or pirated versions of games or software, an ISO is frequently what’s on offer. They may be promoted on social media, video sites, game crack portals, or torrents. Sadly for would-be file downloaders, they’re frequently booby trapped with malware.
PowerShell is a way to automate tasks and comes complete with  a command line interfa

Google is urging Chrome users to update the browser now in order to fix a critical flaw.
Article Link: Time to update: Google Chrome 102 arrives with 32 security fixes, one critical | ZDNet
1 post - 1 participant
Read full topic
谷歌敦促 Chrome 用户现在就更新浏览器，以修复一个关键缺陷。
文章链接: 是时候更新了: Google Chrome 102带有32个安全修复程序，其中一个至关重要 | ZDNet
1名1岁以后的参与者
阅读完整主题

Recent research has identified that a number of Quanta Cloud Technology (QCT) servers are vulnerable to the well-known ‘Pantsdown’ vulnerability. This post explores the business ramifications of this issue.
Article Link: QCT & Pantsdown: An Executive Summary - Eclypsium
1 post - 1 participant
Read full topic
最近的研究表明，一些广达云技术(Quanta Cloud Technology，QCT)服务器容易受到众所周知的“ Pantsdown”漏洞的攻击。这篇文章探讨了这个问题的商业影响。
文章链接: QCT & Pantsdown: a Executive Summary-Eclypsium
1名1岁以后的参与者
阅读完整主题

Eclypsium research has identified that Quanta Cloud Technology (QCT) server models are vulnerable to the well-known ‘Pantsdown’ BMC vulnerability (CVE-2019-6260). We have developed a proof-of-concept exploit demonstrating how even an unsophisticated attacker with remote access to the operating system could leverage this vulnerability to gain code execution within the BMC of QCT servers.
Article Link: Quanta Servers (Still) Vulnerable to Pantsdown - Eclypsium
1 post - 1 participant
Read full topic
Eclypsium 研究已经确定，量子云技术(QCT)服务器模型容易受到众所周知的“ Pantsdown”BMC 漏洞(CVE-2019-6260)的攻击。我们开发了一个概念验证漏洞，演示了即使是一个能够远程访问操作系统的简单攻击者也可以利用这个漏洞在 BMC 的 QCT 服务器上获得代码执行。
文章链接: 广达服务器(仍然)容易受到 Pantsdown-Eclypsium 的攻击
1名1岁以后的参与者
阅读完整主题

2022年第一季度发现，洗钱黑产与上游犯罪呈链条式发展，存在明显的相互依存关系，特别是对资金流转需求巨大的电信网络诈骗产业。

A county in New Jersey is still dealing with the aftermath of a ransomware attack that began on Tuesday, highlighting the disruptions that cyberattacks can wreak on local governments.
Officials in Somerset County — which has a population of about 350,000 and is just north of Princeton University — announced on Tuesday that its email system was down.
The county had to create temporary Gmail accounts so that residents can contact “critical departments such as the County Commissioners, Health, Emergency Operations, the County Clerk, Sheriff, and Surrogate.”
County officials urged anyone coming to county offices to call ahead to confirm that services were available.
The county was forced to cancel a Board of Commissioners meeting but County Administrator Colleen Mahr said the county is still able to perform most functions.
“That said, we have activated our Emergency Operations Center and our Continuity of Operations of Government Plan,” Mahr said. “It is our assumption that this situation will remain in effect at

背景
和master节点kube api-server通信的组件有很多，包括：
kubelet
calico
scheduler
kubectl
某些pod可能会和kube api-server通信
这些组件和api-server通信时用的是什么身份，可以操作哪些api资源呢？
本文使用的k8s集群是用kubekey搭建，命令是./kk create cluster --with-kubernetes v1.21.5 --with-kubesphere v3.2.1
kubectl的身份和权限
kubectl用的是什么身份？
kubectl默认会用到.kube/config配置，其中包含证书信息
root@ip-172-31-14-204:~# cat .kube/config apiVersion: v1 ... users: - name: kubernetes-admin user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJSm9rTE5qWVk0UG93RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBMU1qVXdNRE13TURWYUZ3MHlNekExTWpVd01ETXdNRFphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTI5L25vcEVJWE9JVXl0MngKRUFETUNod01idkhaWU90c2xYdFBsYnNYRXJPOXpmYzBIMi9UV2p2dUFHUDRwaVhPaG5sSnYvRmtKTVVCbk1HWgpmV3VrdU1vTStOSDZkMERFVjlsMUNYUk9BOEhlRStacXBtYmVvbTV3SWdsYlZIeXFzdTZNb2VySTZkYnFqcEdSCmpJUzVyb0tNQU94OFNYRlJxUFZaaEtIdkhFUTk2RE

Welcome to another edition of What’s New in Sysdig in 2022! The “What’s new in Sysdig” blog is now under my control! Hello, I’m Wes MacKay, a Sales Engineer based out of Dallas, TX working with the Sysdig US West Corporate team. I’m way too passionate about containerization, personal cloud storage, and automating my home life. In my spare time, I’m always looking for better Thai and Sushi restaurants in my area.
This month’s highlights include a new feature Sysdig Advisor for faster troubleshooting and Container Drift for detecting deviation of code in runtime.
Sysdig Platform Architecture
Sysdig Platform Audit Trail
We are happy to announce that Sysdig Platform Architecture now supports the capability of tracking, logging, and reporting on all changes in the system. This is enabled by default for all SaaS customers. Event forwarding support for this feature will also be included in the near future.
For additional information, please visit our Release notes for Secure and Monitor.
Sysdig for Cloud
Sysdig earn

实现else模块的中间代码生成
作者：tyler_download 发表于 2022/05/26 17:46:13 原文链接 https://blog.csdn.net/tyler_download/article/details/124980772
阅读：1

有新的漏洞组件被发现啦,组件ID:Docker
Docker Desktop 4.3.0 has Incorrect Access Control.

桌面4.3.0的访问控制不正确。

#渗透测试 RedGuard是一个C2设施前置流量控制工具。 这个要配置合理,不然可能导致该上线的没上线。之前马子做了防虚拟机,结果...

#MISC  适用于GNOME Shell 图形化界面的一个剪贴板增强工具，感觉还挺不错的，可以在使用 kali ...

List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly

Microsoft is warning Windows domain admins to implement mitigations against an authentication weakness related to Active Directory.
Article Link: Microsoft: Here's how to defend Windows against these new privilege escalation attacks | ZDNet
1 post - 1 participant
Read full topic
Microsoft 警告 Windows 域管理员针对与 activedirectory 相关的身份验证弱点实现安全缓解。
文章链接: 微软: 这里是如何抵御这些新的权限提升攻击的 Windows | ZDNet
1名1岁以后的参与者
阅读完整主题

Kaspersky Managed Detection and Response (MDR) helps organizations to complement existing detection capabilities or to expand limited in-house resources to protect their infrastructure from the growing number and complexity of threats in real time. We collect telemetry from clients’ networks and analyze it using machine learning and artificial intelligence, plus human threat-hunting analysts. Kaspersky SOC investigates alerts and notifies the client if there is something bad going on, providing response actions and recommendations.
MDR in 2021 in numbers
In 2021:
Kaspersky MDR received 414K alerts.
74% of received alerts were processed by SOC analysts, 6.67% of which were related to real incidents reported to customers via the MDR portal
4% of all incidents are related to only one alert
14% of incidents were high-severity, 66% medium-severity, and 20% low-severity
The average identification time of high-severity incidents was 41.4 minutes
7% of high-severity incidents were targeted attacks; 18% were ethical o

一款基于docker的渗透测试工具箱，致力于做到渗透工具随身携带、开箱即用。减少渗透测试工程师花在安装工具、记忆工具使用方法上的时间和精力。

恶意的CS服务器

师傅们，jdbc的URL可控有啥方法能jndi注入不，能加载Oracle数据库驱动类和MySQL数据库驱动类

Here is a small update of my tool to analyze Cobalt Strike beacons.
1768_v0_0_14.zip (http)
MD5: 6E8494125F4DDB044556182C8A196DD1
SHA256: D8CFCC735666D90BB160E30C7AD7100B0520FAC2929277E7B1DAD1CFFD0B3EC8

Article Link: Update: 1768.py Version 0.0.14 | Didier Stevens
1 post - 1 participant
Read full topic
这里是一个小更新我的工具，以分析钴罢工信标。
1768 _ v0 _ 0 _ 14.zip
5:6E8494125F4DDB044556182C8A196DD1
SHA256: D8CFCC735666D90BB160E30C7AD7100B0520FAC2929277E7B1DAD1CFFD0B3EC8

文章链接: 更新: 1768. py Version 0.0.14 | Didier Stevens
1名1岁以后的参与者
阅读完整主题

A horrible catfishing scam is using real abuse photos in order to lure in unsuspecting victims on sites like Tinder and Grinder. Recently unearthed by Bleeping Computer, it works like this:
Boy meets good-looking girl on dating site. The longer they talk, boy notices the conversation turning into a confession of abuse, with good-looking girl providing him pictures to back up her story. Good-looking girl then asks boy to “prove” his identity using an ID service which, you’ve guessed it, costs money.
Michael (not his real name) shared screenshots of a portion of his chat records with a “beautiful trans woman” with BleepingComputer.
“I almost fell victim to a uniquely cruel catfishing scheme,” he said.
Michael’s chat session included disturbing images of the alleged abuse. (Source: BleepingComputer)
The woman Michael was chatting with asked that he used a third-party “ID verification” service to prove that he’s not a former sex offender, backing up her request with “evidence” of abuse she’s suffered. “Cassey Que

RSAConference2022将于旧金山时间6月6日召开。大会的Innovation Sandbox（沙盒
Read More

前言
年初的时候，做代码审计的时候whippet师傅给分享下面的这个漏洞，所以拿出来分析一下，确实是个0day，不是，还没人分析过，或许是nday？？？有意思的点儿可能在实现RCE的地方吧。
介绍
nig****UI可以使用WebUI配置nginx的各项功能, 包括http协议转发, tcp协议转发, 反向代理, 负载均衡, ssl证书自动申请、续签、配置等, 最终生成nginx.conf文件并覆盖nginx的默认配置文件, 完成nginx的最终功能配置。
环境搭建
下载源文件直接启动
下载地址github下载源码，手动搜索即可，当前版本为2.7.5
访问8090端口即可
如果自己本地不想安装nginx的话，跳过安装步骤，更改访问目录。
使用docker搭建。搭建环境Ubuntu16.04
拉取镜像
docker pull cym1102/nginxwebui:latest
docker run -itd -v /home/nginxWebUI:/home/nginxWebUI -e BOOT_OPTIONS="--server.port=8080" --privileged=true --net=host cym1102/nginxwebui:latest
docker ps
访问
http://192.168.166.130:8080
初始化管理员设置之后登录
命令执行
漏洞触发点
远程服务器->批量命令
执行ifconfig成功
这里使用whoami的时候容易看不到，刚开始以为不能执行，，，，
可以尝试创建一个文件
ls查看创建成功
当然在构造payload的时候拼接语句的话只要符合linux语法都可。
实现RCE
本来是想能不能直接反弹shell的
这里会直接将&符作为连接符去执行了，使用反斜杠去转译，反斜杠被转译为了双反斜杠，这里尝试了很久没绕过，有兴趣的师傅可以尝试一下
使用base64做编码反弹尝试
base编码格式这里会使用|符号，自然在这里这里行不通，因为直接执行了最后的命令，在linux下使用该符号执行命令，会自动执行最后的语句
使用\防转义
但是这里反斜杠被转译为了双反斜杠，那么这是行不通的，那么这个时候只能选择其它方式实现RCE,使用nc反弹
windows上起的nc，发现回连
此时使用nc反弹已经拿到了shell。
代码分析
后台自带启动功能，必定是能够使用命令去执行，这个点儿的话其实也

Our spam traps recently caught a phishing scam that neatly illustrates some of the tactics scammers use routinely to avoid both human intuition, and automatic detection.
The scam starts with an unsolicited email, of course…
The scam email is ostensibly from the Post Office, an instantly recognisable postal service brand in the UK, and it tells recipients “There is a update in your parcel. item stopped due to unpaid customs fee.” [sic] This is an echo of an extremely popular SMS scam from 2021 that told recipients they had to pay a small postage fee to release a parcel waiting for delivery.
The spelling and grammar in the email is predictably awful, and a little weird—it looks like a bad scan by an optical character reader (OCR). However, despite decades of security advice highlighting poor spelling and grammar as an enormous red flag, the fact is it doesn’t seem to hurt the scammers. So while other tactics have evolved, poor English has persisted.
As simple as it is, and as bad as it seems, the message includ