隐隐感受到一种很不符合人民情感的带货方式...

近些年我们总能听到关于“老年暴走团”的新闻，他们组成队伍，在街上呼啸而过，踏过行进线路上的所有东西。藉由数年前沈阳《宝可梦Go》玩家和暴走团发生的冲突，我们找到了一些暴走团的成员，想了解一下他们的想法和生活。

4岁以下的孩子谈不上任何自控能力。也谈不上“熊孩子”。嫌婴儿吵，本质上是把婴儿看成和自己一样的人，或者说把自己看成和婴儿一样，才会觉得婴儿抢占了自己的资源。家长的态度……其实我也不觉得家长应该因此致歉，社会应该照顾和忍让婴儿，当然10岁还在车厢里呼啸而过就该扔下去了…

GitHub 上一个强大的图像标记基础模型：Recognize Anything Model (RAM)。 RAM 采用一种新的图像标记范例，可高精度地识别任何常见类别，并利用大规模图像文本对进行训练，而不是手动注释。GitHub：github.com/xinyu1205/Recognize_Anything-Tag2TextRAM 的开发包括四个关键步骤：1. 通过自动 ...全文

缺德呗

I sTiLL mEaSuRe WiTh A rUlEr https://t.co/ENYUbJHk17

PythonMemoryModule: load dll and unmanaged exe entirely from memory https://securityonline.info/pythonmemorymodule-load-dll-and-unmanaged-exe-entirely...

IRCP: A robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers https://www.reddit.com/r/netsec/comments/14377...

Rust Binary Analysis, Feature by Feature https://www.reddit.com/r/ReverseEngineering/comments/143ap4o/rust_binary_analysis_feature_by_feature/

LinkedInDumper - Tool To Dump Company Employees From LinkedIn API http://www.kitploit.com/2023/06/linkedindumper-tool-to-dump-company.html

Popular AI tool MLflow hit with more LFIs, exploit tool updated https://www.reddit.com/r/netsec/comments/143d3rw/popular_ai_tool_mlflow_hit_with_more_...

HTB: TwoMillion https://0xdf.gitlab.io/2023/06/07/htb-twomillion.html

JADXecute: JADX-gui scripting plugin for dynamic decompiler manipulation https://securityonline.info/jadxecute-jadx-gui-scripting-plugin-for-dynamic-d...

This CHI'23 paper "A Usability Evaluation of AFL and libFuzzer with CS Students" (written by Prof. Matthew Smith @m42smith & team) seems helpful for p...

I found the SALTWATER sample from the #Barracuda ESG report on CVE-2023-2868 on VT The funny thing is: s/o appended a 0x00 so that it got a different ...

搞了1400个子账户作为充值地址，一个充值地址对应5个钱包，可以支持9000个号 https://t.co/APXEVzdwo0

Re @PentestCorner Nice, I'll try that out.

Re @sinchan607 We've just run a check, and the hash is matching. If you're still having problems, can you email support@portswigger.net with a screens...

Re @_sawzeeyy Hi, are you seeing this behavior on our latest version? If yes, please email support@portswigger.net, as we are investigating similar re...

Re @manuel_tiedtke It is currently in v2023.6 (Early Adopter), which was released yesterday

Re @manuel_tiedtke It was an oversight on our part, and unfortunately, the hotkeys for Organiser were left out. But they are included in the latest re...

《网络安全学术顶会——USENIX Security '23 夏季论文清单、摘要与总结》作者：riusksk网页链接

有个老港片，好像是姜大卫演的，讲一个人为练绝世剑法，要让自己心无挂碍，所以先把爱人杀了。这大概就是最早的“上岸第一剑，先斩意中人”。//@laminin:配经典语录：我来晚了！//@黄斌:再大胆一点！就没有设想过有一天，自己的骨灰会被从飞机上撒入大海吗？

不建议用“鸭鼠”的说法。因为这个读音在沪语地区有别的意思……

今年360智脑押对两道高考作文题，我的书也押对了一道。上海高考作文题和我的书名《超越好奇》撞上了，上海出题老师没准在机场看到了我的书呢。回到解题，我认为好奇是所有认知的基础，也是我们探索这个世界的原动力。然而，光有好奇心还远远不够，超越好奇心的是学习力和内驱力。也欢迎感兴趣的朋友们 ...全文

Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability, a nice XSS-based takeover scenario by Amit Elbirt https://bit.ly/45PgEbQ

https://www.obsidiansecurity.com/blog/saas-ransomware-observed-sharepoint-microsoft-365/

When hackers hack the hackers https://www.reddit.com/r/netsec/comments/143ia7v/when_hackers_hack_the_hackers/

Honda API flaws exposed customer data, dealer panels, internal docs https://www.bleepingcomputer.com/news/security/honda-api-flaws-exposed-customer-da...

CEO guilty of selling counterfeit Cisco devices to military, govt orgs https://www.bleepingcomputer.com/news/security/ceo-guilty-of-selling-counterfei...

SignatureGate - Bypassing AV/EDRs by exploiting 10 years old CVE https://www.reddit.com/r/netsec/comments/143kxef/signaturegate_bypassing_avedrs_by_ex...

ByteDance Accused Of Helping China Spy On Hong Kong Activists https://packetstormsecurity.com/news/view/34699/ByteDance-Accused-Of-Helping-China-Spy-O...

Global Malware Attack Imitates VPN and Security Apps on Android Phones https://www.hackread.com/android-malware-imitates-vpn-security-apps/

Microsoft stashes nearly half a billion in case LinkedIn data drama hits https://go.theregister.com/feed/www.theregister.com/2023/06/02/microsoft_link...

Deepfake Cyber Attack Hits Russia: Fake Putin Message Broadcasted https://www.hackread.com/deepfake-cyber-attack-russia-fake-putin-message/

Cisco fixes AnyConnect bug giving Windows SYSTEM privileges https://www.bleepingcomputer.com/news/security/cisco-fixes-anyconnect-bug-giving-windows-s...

Facebook clickbait leads to money scam for users https://www.malwarebytes.com/blog/threat-intelligence/2023/06/thousands-of-malicious-google-cloud-run...

Barracuda Urges Immediate Replacement of Hacked ESG Appliances https://thehackernews.com/2023/06/barracuda-urges-immediate-replacement.html

Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-cli...

MOVEit Transfer Exploited to Drop File-Stealing SQL Shell https://www.sentinelone.com/blog/moveit-transfer-exploited-to-drop-file-stealing-sql-shell/

Clop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bug https://securityaffairs.com/147195/cyber-crime/clop-ransomw...

Abusing undocumented features to spoof PE section headers https://secret.club/2023/06/05/spoof-pe-sections.html

RT Y4er: Nacos Hessian RCE https://y4er.com/posts/nacos-hessian-rce/

RT Haifei Li: Finally! We have published the basic details of the three MSMQ bugs I discovered and reported last year. Check out here https://cpr-zero...

RT Kev: This video shows my PoC for libssh CVE-2023-2283 (authentication bypass vuln). The attacker logs in with ED25519 authentication, despite not k...

RT Octoberfest7: Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted...

Not sure who drinks bud light. Now I know. https://twitter.com/grahamallen_1/status/1666595885361274880

Re @MattWalshBlog Incredibly disturbing thread

Re @SethDillon Yeah, that was weird

Re @alx ?