Re @PPathole @HamblinZeke @DrKnowItAll16 @stevenmarkryan @paraga Checking

Re @PinballReed @crikey_news @ummjackson @cameronwilson My kids wrote better code when they were 12 than the nonsense script Jackson sent me. Like I s...

Re @crikey_news @ummjackson @cameronwilson You falsely claimed ur lame snippet of Python gets rid of bots. Ok buddy, then share it with the world …

Re @HamblinZeke @DrKnowItAll16 @stevenmarkryan What’s going on @paraga?

I have some new tricks about JDBC attack interface, would you like to invite me?😆

SideWinder carried out over 1,000 attacks since April 2020

#BHUSA Adversary Emulation and Active Defense course provides an all-encompassing, introductory, hands-on experience that exposes participants to core...

Formal-Methods-Assisted Fuzzing!

See you in finals (?) 🤣

CVE-2022-1942 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-30034 Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An...

CVE-2022-29725 An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP f...

CVE-2022-29712 LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param p...

CVE-2022-29711 LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

CVE-2022-31500 In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

CVE-2020-28246 A Server-Side Template Injection (SSTI) was discovered in

Re @_ITZ_MG @Nouureldin_Ehab Thats a good choice haha 🙂

CVE-2022-30190 (Follina) 这个漏洞在我的标准里可以算是"神洞"了，品相远比CVE-2021-40444要高。每次看到这种漏洞都有着“惋惜”的感觉[尴尬] ... 比较有意思8挂的是这个漏洞是crazyman 4月11日看到样本后在4月12日提交给MSRC，结果微软回复了个经典用语：“I finally had time to look at this criti ...全文

基于“理性人”假设固然有问题，基于“高尚人”假设就更荒谬了。

ALPHV ransomware group continues to up the ante by targeting local governments in the United States. Recent posts target White Hall, Ohio, a small cit...

Re @mysmartlogon Send you something soon

Re @mysmartlogon Technically it’s already public so you collecting it wouldn’t be a problem right.

SQL injection to Remote Command Execution (RCE)

XLoader Botnet: Find Me If You Can

Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina

Awesome List of iOS Application Security and Penetration Testing

RT Alfred Lindgren: Re @Dinosn I think Mitmproxy2Swagger is useful for you. You can automatically reverse-engineer REST APIs by just running the apps ...

K0Otkit - Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters

Re @aroly Thanks for emailing the details over and for the latest update. If you have any further issues, please let us know.

Re @ROHITSH42367350 You can do it! We believe in you!

Re @ITSecurityguard Speedrunning your hacking carreer like a pro!

👨‍💻 💍 🏖 Sounds like you are having the week of your life! Cheers on the rest of your life! We're happy to be a small part of it!

Re @YuraDoc1 @PiyushThePal Nicely done!

Make the server forge requests for you? 🔨🤯 This is SSRF in 100 seconds 👇

RT Ghassan Karame: Are you completing your Master’s degree or PhD in system security or distributed systems security in the coming few months? I'm lo...

CVE-2021-3555 A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote c...

GitHub 上的开源技术教程：《基于 JavaScript 的区块链、Solidity、Web3 全栈开发教程》。通过这个教程，你将学到关于区块链、Web 开发、智能合约、密码学、NFT 等各类技术栈原理与应用。GitHub：github.com/smartcontractkit/full-blockchain-solidity-course-js

2002 年的《Firefly》是我非常喜欢的电视剧。在这部剧的设定里，未来全世界就剩了两大帝国：中国、美国。然后两大帝国又联手成立了星际联合政府。所以剧中角色动不动就来一句中文。各种系统操作界面也有中文。我看了里面的那些中文后，就试图搞清楚制作者是怎么想起来把这些汉字排列到一起的。“万丈 ...全文

共轴无人机折叠后基本就是一根短棒，很省空间。可能这也是为什么无论以色列的 Spike Firefly 还是捷克的 PHOLOS 都选择了这种结构，而不是民用领域常见的四轴、六轴系统。这类东西以色列称之为“战术游荡武器系统”。大的可以反装甲目标。小的可用于城市特种作战，特别是对付狙击手。视频中是以色 ...全文

长方体混凝土移动工程局的工友们每年六一前夕有个传统项目。去年我告诉赵贤辉，明年工友们做项目时带上我，今年他又把我给忘了。他给我的理由是，群里都是小朋友，四哥。这意思是我老了，干不了活了？

由于防疫管控，学校所在地没有公交车发往西站，学校让会开车的教师志愿报名，开私家车去学校接即将毕业离校的学生，再给送去西站。媳妇报名了，排班到明天出车。晚饭后我带她去熟悉西站南广场地形，不进地下停车场，直接去地面即停即走落客区。往回返时，看着一家家门窗锁闭的大小店铺，我叹了口气，民 ...全文

汽车车联网#汽车安全# GeekPwn的微博视频

给你们一点对庄严法庭的感性认识：网页链接 //@Blade-黑铁桐人:心疼这位兄弟……

#网安法实施五年来# 在《网络安全法》五周年座谈会上，我建议要免费帮扶中小微企业构建数字安全能力，做到#数字安全一个都不能少#。 周鸿祎的微博视频

调试时总是能碰上调试手段本身的BUG，命太苦了，都成宿命了。山寨的、野鸡的就不提了，微软自己的调试手段啊，唉，命真的苦。

internet-dataset，这个 GitHub 仓库收录了各种通过搜索引擎获取的数据集，整体数据量将近 50G，其中包括域名、网页、反向索引等数据。GitHub：github.com/RimoChan/internet-dataset

《DedeCMS 文件上传漏洞分析》作者：天融信阿尔法实验室网页链接DedeCMS由上海卓卓网络科技有限公司研发的国产PHP网站内容管理系统；具有高效率标签缓存机制；允许对类同的标签进行缓存，在生成 HTML的时候，有利于提高系统反应速度，降低系统消耗的资源。众多的应用支持；为用户提供 ...全文

简单分析了下，这块比较容易被忽略。

Re @stevenmarkryan Very strange indeed!

CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations