Twitter
信息源 时间
Twitter
Nicolas Krassas
Dinosn 原文
Microsoft uses carrot and stick with Exchange Online admins https://go.theregister.com/feed/www.theregister.com/2023/03/30/microsoft_hardening_exchang...
Twitter
Nicolas Krassas
Dinosn 原文
Court Orders GitHub To Reveal Who Leaked Twitter's Source Code https://packetstormsecurity.com/news/view/34479/Court-Orders-GitHub-To-Reveal-Who-Leake...
Twitter
Nicolas Krassas
Dinosn 原文
Bypassing PowerShell Strong Obfuscation, (Thu, Mar 30th) https://isc.sans.edu/diary/rss/29692
Twitter
Nicolas Krassas
Dinosn 原文
New AlienFox toolkit steals credentials for 18 cloud services https://www.bleepingcomputer.com/news/security/new-alienfox-toolkit-steals-credentials-f...
Twitter
Marcel Böhme👨‍🔬
mboehme_ 原文
Re - Use machine learning to generate a high-knowledge fuzzer. - Make it simple, fast, and generic.
Twitter
Marcel Böhme👨‍🔬
mboehme_ 原文
Re ⚠️Challenge: Maintenance / support for new features is very difficult. 💡Idea Fuzzing tools should learn and evolve. https://t.co/CHEhm7z00Z
Twitter
Marcel Böhme👨‍🔬
mboehme_ 原文
Re History: 1. Give fuzzing tools "knowledge": Peach, LangFuzz, jsfunfuzz 2. Simple, fast, generic, EASY: AFL 3. Make fuzzing "smarter". Let it figure...
Twitter
Marcel Böhme👨‍🔬
mboehme_ 原文
Christian Holler (@mozdeco) about the Future of Fuzzing. #Dagstuhl https://t.co/2ZI7DT2yCG
Twitter
Marcel Böhme👨‍🔬
mboehme_ 原文
Re @Jon_Whittle_ @mchri5taki5 @kayseesee @moarbugs @AndreasZeller Agree. ☹️ Unfortunately also a result of invitations ≠ acceptance.
Twitter
Marcel Böhme👨‍🔬
mboehme_ 原文
🏰 Glad that Dagstuhl is in-person again! //@mchri5taki5 @kayseesee @moarbugs @AndreasZeller https://www.dagstuhl.de/en/seminars/seminar-calendar/se...
Twitter
Thuan Pham
thuanpv_ 原文
RT Marcel Böhme👨‍🔬: 🏰 Glad that Dagstuhl is in-person again! //@mchri5taki5 @kayseesee @moarbugs @AndreasZeller https://www.dagstuhl.de/en/...
Twitter
Thuan Pham
thuanpv_ 原文
RT Andreas Zeller: I got a 2.5 Million EUR @ERC_Research Advanced Grant #ERCAdG (my 2nd)! In the project "Semantics of Software Systems" (S3), we will...
Twitter
Rasta Mouse
_RastaMouse 原文
RT dr4k0nia: I am joining @nextronsystems as a threat researcher. I am looking forward to working with the team and advancing the detection of .NET ma...
Twitter
☣ KitPloit - Hacker Tools
KitPloit 原文
ThunderCloud - Cloud Exploit Framework http://www.kitploit.com/2023/03/thundercloud-cloud-exploit-framework.html #Exploit #Python #SSO https://t.co/mJ...
Twitter
☣ KitPloit - Hacker Tools
KitPloit 原文
MSI Dump - A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner https://ift.tt...
Twitter
👑 OFJAAAH 👑
ofjaaah 原文
RT ProjectDiscovery.io: A bug bounty hunters guide to building a fast one-shot recon script! 🚀 🎯 DNS enum subfinder, shuffldns, haktrails, pured...
Weibo
page 沈沉舟
沈沉舟 原文
#不肯放弃治疗的渣渣们#If you want to learn about the cultural relics, you may ask the museum's curator for help.The two political parties decided to cooperate and form a coalition government.You need to add detergent when you use washing machines.Salmon roe is one of Lucy's  ...全文
Weibo
page tombkeeper
tombkeeper 原文
子女教育和家族传承真是个世界性难题。目前看来唯一靠谱的方法还是广种博收,用数量对抗概率。//@来去之间:转发微博
Weibo
page exp-sky
exp-sky 原文
理想是可以推动历史的。
Weibo
page 周鸿祎
周鸿祎 原文
360GPT认为孙悟空能碾压灭霸 周鸿祎的微博视频
Weibo
page 周鸿祎
周鸿祎 原文
马斯克请愿叫停GPT-5研发,我认为不发展才是最大的不安全#周鸿祎聊chatgpt# 周鸿祎的微博视频
Weibo
page GitHubDaily
GitHubDaily 原文
转发微博
Twitter
vx-underground
vxunderground 原文
Re @DarkNiltus vx-underground is a library, not a stock broker. However, our recommendation is to invest 100% of your revenue into pizza.
Twitter
INTIGRITI
intigriti 原文
Re We hope you've enjoyed this thread on CORS vulnerabilities 💜 Follow us @intigriti for more of these threads, and make sure to retweet the first ...
Twitter
INTIGRITI
intigriti 原文
Re 6⃣Loosely-scoped regex Specifically, the Safari web browser sees the use of URL-encoded backticks in the domain name as a valid URL (the same for ...
Twitter
INTIGRITI
intigriti 原文
Re Guess what? The developer will, of course, "temporarily" whitelist that origin as well. After a while, the origin may be forgotten but still whitel...
Twitter
INTIGRITI
intigriti 原文
Re 5⃣Whitelisted third-party dev tools Developers often perform quick tests to check how things work and use third-party developer tools such as code...
Twitter
INTIGRITI
intigriti 原文
Re You can also trigger the same null origin by using a sandboxed iframe, effectively allowing the attacker to target innocent users. https://t.co/jnL...
Twitter
INTIGRITI
intigriti 原文
Re 4⃣ "null" Origin In some cases, developers also permit using "null" origins. The browser usually sets these origins when you make requests from a ...
Twitter
INTIGRITI
intigriti 原文
Re 3⃣Loosely-scoped regex Suppose your target "fixed" the previous issue simply by checking that the origin ends with "example\.com" Even in this cas...
Twitter
INTIGRITI
intigriti 原文
Re Unscoped regex patterns are often the cause of misconfigured CORS. In this case, the pattern only checks if the whitelisted domain is present in th...
Twitter
INTIGRITI
intigriti 原文
Re 2⃣Loosely-scoped regex But this is not always the case.. Most devs make use of regex patterns to validate the origin and try to match it against w...
Twitter
INTIGRITI
intigriti 原文
Re Exploitation of this issue is often easy and can lead to PII leaks in severe cases! https://t.co/kTArRp9Bh8
Twitter
INTIGRITI
intigriti 原文
Re So most of the time, what developers do in this case is they read the value set in the "origin" request header and directly reflect it in the "Acce...
Twitter
INTIGRITI
intigriti 原文
Re 1⃣Let's first start with an obvious one 🔎 The developer wants to allow any domain to connect to their site, so they add a wildcard along with t...
Twitter
INTIGRITI
intigriti 原文
Sometimes when developers configure CORS origin whitelists, they accidentally allow connections from unwanted origins and potentially facilitate data ...
Twitter
INTIGRITI
intigriti 原文
Re @Crypt0g30rgy Nice work! Thanks for sharing 🙂
Twitter
Vincent Yiu
vysecurity 原文
Carpenter draws OpenAI logo before it become hot. https://youtu.be/SnzA7mi4Ygo
Twitter
Nicolas Krassas
Dinosn 原文
RT Patrick Wardle: 🔖 New Blog Post: "Ironing out (the macOS details) of a Smooth Operator"' The 3CX supply chain attack also impacted macOS (+was n...
Twitter
Nicolas Krassas
Dinosn 原文
RT ØxOPOSɆC Mɇɇtuᵽ: Implementation of MemoryModule technique to load a DLL from memory. https://github.com/naksyn/PythonMemoryModule #Hack #...
Twitter
Florian Roth
cyb3rops 原文
Re @tlansec https://t.co/YpyxAdLICS
Twitter
Florian Roth
cyb3rops 原文
I’m sure in a not too distant future blue teamers discuss methods to obfuscate their canaries and red teamers write and share YARA rules to detect th...
Twitter
Florian Roth
cyb3rops 原文
RT Sam ☁️🪵: #3CX quick start Samples https://share.vx-underground.org/SmoothOperator.7z MacOS sample analysis https://twitter.com/patrickwardle/s...
Twitter
ghostlulz
ghostlulz1337 原文
Re @_chatsubo_ Thanks 😊
Twitter
ghostlulz
ghostlulz1337 原文
RT chatsubo: Just finished reading these amazing books on bounty hunting! by @ghostlulz1337 If you're interested in the subject, I highly recommend ch...
Twitter
Hina .•♡
hapycb 原文
Tifa! #FinalFantasy #TifaLockhart #cosplay https://t.co/Z5Y3PFqepo
Weibo
page 沈沉舟
沈沉舟 原文
科研人员一定要有一种精神,努力去解释WHY。女科学家为了努力解释WHY,几次跨了赛道去追寻科学真理。有天,她跟我说,搞科研的乐趣之一在于你做的科学假设得到证实,发现别人尚未发现的啥啥。第二天得到同行进一步证实后,此君在朋友圈发出猪一般的嚎叫,家属不明觉厉中。图文无关。
page
Weibo
page GitHubDaily
GitHubDaily 原文
一些开源的 AI 工具以及模型,包括文本转图像、音频、视频、代码等等。
page
Weibo
page phithon别跟路人甲BB
phithon别跟路人甲BB 原文
在秋叶原中古店买了一个老小三,一个新小三,配我2016年买的新大三,3DS家族现在就差个老大三了 日本·东京
page
Twitter
Elon Musk
elonmusk 原文
Re @Galaxygamerone Coming soon