Following #POC2023 I did some analysis on CVE-2023-36911 (x64 & x86). I looked at more recent and older versions (small differences). I'll have a short write-up later but here is a basic repro based on what was disclosed by KunLun Lab in the talk ❤️ youtube.com/watch?v=5clY-W…

Face difficulties in finding bugs. Then you want more knowledge and skill. Try --> bugbountyhunting.com A large collection of articles with examples of finding different types of vulnerabilities: XSS, SSRF, SQLI, RCE, IDOR.

To date I've already written 644 pages to help the security community and, hopefully, more articles will be released in the coming months: 9. exploitreversing.com/2024/01/03/exp… 8. exploitreversing.com/2023/04/11/exp… 7. exploitreversing.com/2023/01/05/mal… 6. exploitreversing.com/2022/11/24/mal… 5. exploitreversing.com/2022/09/14/mal… 4.

关于如何安慰人。 难过是一种心情，而不是需要解决什么问题，能够解决的问题也不会让人难过。 我们都知道有人更惨，但别人的悲惨并不会减少我的难过，这时候需要的不是坚强，而是可以不用那么坚强。 与其说解决什么问题，不如说让对方感受到你的心意。 我会一直在这里，直到你不需要为止。

JOJO'S BIZARRE ADVENTURE (2012)

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot

高中的学校门口时候亲眼见过一个“民科”

《C++那些事》一个适合初学者从入门到进阶的仓库，解决了面试者与学习者想要深入 C++ 及如何入坑 C++ 的问题。 主页 light-city.github.io/stories_things/ Github github.com/Light-City/CPl…

PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338) securityonline.info/poc-exploit-re…

Hey folks! 在这里介绍我们过去十个月在开发的下一代 AI 生产力工具 flowith! flowith 🫡 这是一款基于二维画布、节点式、支持动态 UI 的 AI 内容生成工具。让你在创造内容时大幅度提升效率、并更容易进入心流的状态。 - 基于画布的交互：不同于传统聊天式 UI，你可以在一个类 Figma

看着不错，体验一下试试

这个库用了各种 1day 漏洞，类似 pdd 用的 LaunchAnyawhere 那种(不止一个）。有个很简单的方法查看自己用的 App 有没有用了这个库的，去系统设置，账号那里看看有没有被自动添加不认识的账号。

Try all the google dorks I use w/ this tool: taksec.github.io/google-dorks-b…

Nice introduction to Windows kernel exploitation for beginners Part 1: mdanilor.github.io/posts/hevd-0/ Part 2: mdanilor.github.io/posts/hevd-1/ Part 3: mdanilor.github.io/posts/hevd-2/ Part 4: mdanilor.github.io/posts/hevd-3/ Part 5: mdanilor.github.io/posts/hevd-4/ #windows #infosec

Today, I’m launching hackyx.io, a search engine for cybersecurity. It’s a community project, and open source so anyone can index a new link on it. There are already more than 20k ctf writeup and bug bounty reports indexed. What feature do you want me to add on it ?

Has anyone succeeded in replicating CVE-2024-32021? I have tested with multiple vulnerability versions on ubuntu with no success.🥲 #CVE-2024-32021 #git #linux #security

⚠️⚠️ CVE-2024-24919 Technical Details Released for Check Point Remote Access VPN 0-Day Flaw 🎯55k+ Results are found on the en.fofa.info nearly year. FOFA Link🔗: en.fofa.info/result?qbase64… FOFA Query: app="Check_Point-SSL-Network-Extender" PoC🔖:

Researcher Unveils PoC for Windows Bluetooth Service RCE Vulnerability securityonline.info/researcher-unv…