女科学家带过三个19本的学生，其中两个是指导TA们参加国赛拿了奖，其中两个是跟着她做科研学到不少本领，这两个两个有一个交集，总共三个人。三人中只参加国赛的那个，昨天硕士复试通过。剩下两个跟着搞科研的，昨天也硕士复试通过，还是硕博连读。不过这仨分给别的导师了，女科学家自己另招了一个19本 ...全文

helen都要出狱了//@Nek0m1m1:都是证据

Check out my 🪵

When are people going to introduce PCIDSS for ID numbers

Re * noting we have yet to solve the redirection challenge which may need to be file handles.

Re @subtee you may get value exploring this as a generic way to hoover canaries.

So the important concept is the second phase. Sniffing condrv on Windows allows us to build Yara rules to detect tool console output even if redirecte...

RT Florian Roth ⚡: Awesome idea and write up 👌

Does anyone have worked examples of where homomorphic encryption has been used in the real-world to hand?

RT Nicolas Krassas: Detecting Mimikatz with Busylight

GitHub - cactuschibre/CVE-2022-35914-poc -

RT Akshat: Prototype Pollution!!!!!, a less talked about bug with a greater impact. Read my new blog "Prototype Pollution 101".

Want to detect Mimikatz? then try this one simple trick..

RT Clint Gibler: 📈 A Guide to Improving Security Through Infrastructure-as-Code Epic post by @nccgroupinfosec's @wucpi with ~90 references * How to...

如果在1980年用一万元人民币购买黄金，放到现在值多少钱？是否比投资理财要好？_小城生活网 这是非常好的一个问题。很多不懂的说投资黄金可以保值，其实在发展中国家里通胀率比较高，黄金的涨幅是跑不过通胀率的。 网页链接

你没有理解到我说的，你说的是单一的通胀。你说的差距恰好可以理解成经济水平发展的倍数，这个也是巨大的。//@zerofabric:您这么比不是特别合适。80年代万元户的生活水准，远不如今天的房奴，也不是顿顿能吃肉的。比较生活必需品的价格吧，90年代初，鸡蛋大约是2.7元一斤，现在超市一般的鸡蛋差

巧解马尔科夫过程 - yuange1975 - 博客园 还是这种可以修改编辑的好，可以随时修改错误，增加一些新内容。 网页链接

10%通涨，40年45倍。这油条40年左右不到40年，差不多是60倍了。

支持封杀

Re @AstroJordy 🔥🔥

Re @NASASpaceflight 💯

RT Tesla:

Re @FabrePierrejean @rinz0h @C5pider

Manage to Coerce WebDav connection, but why is it not 'relaying', or 'capturing'? What the...?

Re @gynvael It asks me if I'm ready, N just says command not found.

Re @gynvael N doesn't work for no.

Re @_EthicalChaos_ Yeah :/

Re @_EthicalChaos_ :'(

Re @nnwakelam Can you control the host header?

Re @Sh0ckFR :-) In France you have some of the most respectable researchers. But because they're so respectable and important, you'll often find that ...

Re @Sh0ckFR Random blue team guy at AV company goes and thinks he’s next level because he reads Twitter and runs to their boss and “oh shit new TTP,...

Re @Sh0ckFR I kind of grew out of dropping TTPs because blue team and large corporates are just benefiting freely off it.

Re @Sh0ckFR :-) well we aren’t about to drop real legit TTPs on Twitter 😂

Re Anyone got a NTLM -> ADCS RPC Enrollment code?

Relay to ADCS Web Enrollment for ESC8 fails if the CA has expired right?

Re @buffaloverflow So SSRF an internal host because NTLM auth can work in trusted zone or something like that?

Re @Sh0ckFR By the way I'm not French. J'utilise un traducteur.

Re @hackerm00n @pentestmatt I thought I'd be all "consultant" and ask about concerns that time.

Re @hackerm00n @pentestmatt Usually if sat on site, had time where we spent 2 hours talking to client about the concerns, took 5 minutes of sitting do...

Re @smaury92 @frycos yep:-)

Re @frycos Yep, a new attack interface in Java.:-D

Rendering HTML in Java Swing application, Cobalt Strike ,etc., could lead to RCE with some gadgets. It’s absolutely an awesome find.

RT Ollie Whitehouse: Weekly summary is out: -🇷🇺 ops using Office vulns -🇨🇳 ops in the 🇬🇧 -🇰🇵 ops evolve their macOS game -🇰...

RT 5pider: The Havoc Framework

LA School District Ransomware Attackers Now Threaten to Leak Stolen Data

Two new Exchange Server zero-days in the wild

RT b33f | 🇺🇦✊: Really good analysis of Cobalt Strike RCE 🥃🔫

你说的中国？你的数据差距太远吧。//@ExcitedVczh:按肠粉算的话，30年前跟现在比人民币也是通胀了三倍左右，但是按房价算不得了//@yuange1975fuckwb:美国确实是通胀比较低的，但是这个数据也有很大的水分。美国最近30年通涨肯定也远不止3倍。中国官方的数据其实通胀率也不高，但是真实数据是

漏洞分析洋洋洒洒写了一大篇，最后一看结论分析了个寂寞。做技术还是要严谨些，引用最近同事经常说的一句话：脱离攻防，一切白忙。 从反制Cobalt Strike到CVE-2022-39197再到RCE的探索之路

童年