最近更新
时间 | 节点 | |
---|---|---|
2023年2月4日 03:20 | malware.news | Wicked Good Development Episode 26: Tom Cools Article Link: Wicked Good Development Episode 26: Tom Cools 1 post - 1 participant Read full topic |
2023年2月4日 03:20 | malware.news | Igor’s Tip of the Week #126: Non-returning functions Some functions in programs do not return to caller: well-known examples include C runtime functions like exit(), abort(), assert() but also many others. Modern compilers can exploit this knowledge to optimize the code better: for example, the code which would normally follow such a function call does not need to be generated which decreases the program size. Other functions, which call non-returning functions unconditionally also become non-returning, which can lead to further optimizations. Well-known functions IDA uses function names to mark well-known non-returning functions. The list of such names is stored in the file cfg/noret.cfg, which can be edited to add more names if necessary: Marking non-returning functions manually Instead of editing noret.cfg, you can also mark a function as non-returning manually on a case-by-case basis. This can be done by editing function properties: Edit > Functions > Edit Function… in the main menu, Edit Function… in the context menu or the Alt–P shortcut. Another option i |
2023年2月4日 03:20 | malware.news | [Control systems] Mitsubishi security advisory (AV23-064) Article Link: [Control systems] Mitsubishi security advisory (AV23-064) - Canadian Centre for Cyber Security 1 post - 1 participant Read full topic |
2023年2月4日 03:20 | malware.news | Microsoft accuses Iran’s government of cyber operation against Charlie Hebdo Microsoft’s Digital Threat Analysis Center says a hacking group within the Iranian government is behind a cyber operation that targeted French satirical magazine Charlie Hebdo. The group — which Microsoft calls Neptunium and the U.S. Justice Department calls Emennet Pasargad — claimed in January it had stolen the personal information of 200,000 Charlie Hebdo customers after hacking into one of the magazine’s databases. In several social media posts under the name Holy Souls, the group marketed samples of the stolen data that included names, phone numbers, addresses, emails and more from subscribers to the magazine. Holy Souls published the stolen data on YouTube and on several hacker forums, amplifying the posts across several social media platforms. According to Microsoft, the attack was orchestrated in response to the magazine’s decision to hold a cartoon contest asking readers to submit drawings ridiculing Iranian Supreme Leader Ali Khamenei. “The issue featuring the winning cartoons was to be published in |
2023年2月4日 03:20 | malware.news | [Control systems] Baicells security advisory (AV23-065) Article Link: [Control systems] Baicells security advisory (AV23-065) - Canadian Centre for Cyber Security 1 post - 1 participant Read full topic |
2023年2月4日 03:20 | malware.news | VMware workstation 17.0.1 fixes arbitrary file deletion issue - https://www.vmware.com/security/advisories/VMSA-2023-0003.html, (Fri, Feb 3rd) Article Link: https://isc.sans.edu/diary/rss/29508 1 post - 1 participant Read full topic |
2023年2月4日 03:20 | malware.news | VMware security advisory (AV23-066) Article Link: VMware security advisory (AV23-066) - Canadian Centre for Cyber Security 1 post - 1 participant Read full topic |
2023年2月4日 03:20 | malware.news | Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack A Tallahassee hospital has been forced to divert patients to other facilities and cancel all non-emergency surgical procedures after being hit by a cyberattack that began on Thursday night. Tallahassee Memorial HealthCare – one of the biggest hospitals serving a 21-county region in north Florida and south Georgia – said they have had to take their IT systems offline due to the security issue. “We are also diverting EMS patients and will only be accepting Level 1 traumas from our immediate service area. All non-emergency surgical and outpatient procedures have been canceled and rescheduled,” the hospital said in a statement on Friday. “As a result of this issue, we have rescheduled non-emergency patient appointments. Patients will be contacted directly by their provider and/or care facility if their appointment is affected.” Hospital officials said it has created protocols to deal with system downtime designed to minimize disruption and noted that its IT department discovered the attack quickly before working |
2023年2月4日 03:20 | malware.news | DOD's Open Cyber Recommendations Date Back to 2012 The Defense Department’s Office of Inspector General points out longstanding unmet requests in a report rounding up recent cybersecurity oversight. Article Link: DOD's Open Cyber Recommendations Date Back to 2012 - Nextgov 1 post - 1 participant Read full topic |
2023年2月4日 03:20 | malware.news | Unpacking NullMixer - Identifying and Unraveling ASPack (Part 2) Article Link: Unpacking NullMixer - Identifying and Unraveling ASPack (Part 2) - YouTube 1 post - 1 participant Read full topic |
2023年2月4日 02:52 | Github_POC | y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment [GitHub]The vulnerable recurrence docker environment for CVE-2022-44268 |
2023年2月4日 02:52 | Github_POC | CVE-2022-31144 (2022-07-20) SpiralBL0CK/CVE-2022-31144 Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4. [GitHub]CVE-2022-31144 dos pt redis, not finished yet or too soon, this can be turned into rce but oh well if you smart enough |
2023年2月4日 02:52 | Github_POC | galoget/ResponsiveFileManager-CVE-2022-46604 [GitHub]Responsive FileManager v.9.9.5 vulnerable to CVE-2022–46604. |
2023年2月4日 02:52 | Github_POC | Ashifcoder/CVE-2022-44268-automated-poc [GitHub]An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image in Image Magic. |
2023年2月4日 02:10 | Github关注 | ASkyeye forked ASkyeye/NTDLLReflection from TheD1rkMtr/NTDLLReflection Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll … |
2023年2月4日 02:04 | 颖奇L'Amore | |
2023年2月4日 02:00 | Hex Rays | Igor’s Tip of the Week #126: Non-returning functions Some functions in programs do not return to caller: well-known examples include C runtime functions like exit(), abort(), assert() but also many others. Modern compilers can exploit this knowledge to optimize the code better: for example, the code which would normally follow such a function call does not need to be generated which decreases the [...] |
2023年2月4日 01:52 | 知名组件CVE监控 | CVE-2023-25135 有新的漏洞组件被发现啦,组件ID:vBulletin vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1. |
2023年2月4日 01:51 | 知名组件CVE监控 | CVE-2022-48140 有新的漏洞组件被发现啦,组件ID:DedeCMS DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. |
2023年2月4日 01:51 | burp | Serious security hole plugged in infosec tool binwalk Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’ |
2023年2月4日 01:51 | 360漏洞预警 | CVE-2023-21608:Adobe Acrobat Reader 任意代码执行漏洞通告 2023年02月03日,360CERT监测发现Adobe Acrobat Reader任意代码执行漏洞的漏洞细节在互联网公开,漏洞编号为 `CVE-2023-21608` ,漏洞等级: `高危` ,漏洞评分: `7.8` 。该漏洞 `POC` 和 `EXP` 已公开。 |
2023年2月4日 01:10 | Github关注 | |
2023年2月4日 00:50 | 来自Phithon推荐 | |
2023年2月4日 00:30 | Github关注 | byt3bl33d3r starred joewalnes/websocketd Turn any program that uses STDIN/STDOUT into a WebSocket server. Like inetd, but for WebSockets. |
2023年2月4日 00:30 | SecWiki周报 | |
2023年2月4日 00:30 | freebuf | |
2023年2月4日 00:10 | T00ls论坛 | |
2023年2月4日 00:10 | T00ls论坛 | |
2023年2月3日 23:50 | hackone | Mystery with a leaked token and Reusability of email confirmation link leading to Account Takeover 影响厂商:Sorare 奖励:300.0USD 危险等级:low |
2023年2月3日 23:50 | T00ls论坛 |