unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
A brief look at Windows telemetry: CIT aka Customer Interaction Tracker
tl;drWindows version up to at least version 7 contained a telemetry source called Customer I...
2022-4-12 22:6:46 | 阅读: 28 |
收藏
|
research.nccgroup.com
cit
bitmaps
windows
filetime
Public Report – Google Enterprise API Security Assessment
During the autumn of 2021, Google engaged NCC Group to perform a review of...
2022-4-8 04:6:20 | 阅读: 32 |
收藏
|
research.nccgroup.com
jennifer
fernick
stig
criteria
Conti-nuation: methods and techniques observed in operations post the leaks
Authored by: Nikolaos Pantazopoulos, Alex Jessop and Simon BiggsExecu...
2022-3-31 20:57:16 | 阅读: 20 |
收藏
|
research.nccgroup.com
ransomware
network
cobalt
lateral
windows
Whitepaper – Double Fetch Vulnerabilities in C and C++
Double fetch vulnerabilities in C and C++ have been known about for a numb...
2022-3-28 21:0:0 | 阅读: 28 |
收藏
|
research.nccgroup.com
whitepaper
varying
outcomes
draws
Mining data from Cobalt Strike beacons
Since we published about identifying Cobalt Strike Team Servers in the wild just over three year...
2022-3-26 00:18:44 | 阅读: 43 |
收藏
|
research.nccgroup.com
beacon
cobalt
beacons
dissect
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Mooncake ExploitThis blog post describes an unchecked return value vulnerability found and...
2022-3-24 21:13:5 | 阅读: 148 |
收藏
|
research.nccgroup.com
afp
dsi
netatalk
adouble
eid
Tool Release – ScoutSuite 5.11.0
We’re proud to announce the release of a new version of our open-source, m...
2022-3-17 01:39:58 | 阅读: 50 |
收藏
|
research.nccgroup.com
cloud
github
scout
1added
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
Vendor: AppleVendor URL: https://www.apple.com/Systems Affected: macOS M...
2022-3-16 03:34:53 | 阅读: 43 |
收藏
|
research.nccgroup.com
xar
richard
30833
security
warren
Microsoft announces the WMIC command is being retired, Long Live PowerShell
Category: Detection and Threat HuntingWhat is WMIC?The Windows Management Instrumen...
2022-3-10 09:15:37 | 阅读: 39 |
收藏
|
research.nccgroup.com
powershell
windows
winlog
malicious
microsoft
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors:Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Ex...
2022-3-4 03:5:4 | 阅读: 34 |
收藏
|
research.nccgroup.com
sharkbot
c2
ats
transfers
BrokenPrint: A Netgear stack overflow
SummaryVulnerability detailsBackground on ReadySHAREReaching the vulnerable memcpy()Reachi...
2022-2-28 20:43:54 | 阅读: 24 |
收藏
|
research.nccgroup.com
client
kc
buf2
dcd
printer
Conference Talks – March 2022
This month, members of NCC Group will be presenting their work at the following conferences:...
2022-2-28 16:30:0 | 阅读: 15 |
收藏
|
research.nccgroup.com
snap
security
microsoft
software
jennifer
Hardware & Embedded Systems: A little early effort in security can return a huge payoff
Editor’s note: This piece was originally published by embedded.com There’s no shortage o...
2022-2-23 05:5:22 | 阅读: 13 |
收藏
|
research.nccgroup.com
security
development
firmware
hardware
memory
Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
During October 2021, O(1) Labs engaged NCC Group’s Cryptography Services t...
2022-2-23 02:49:34 | 阅读: 15 |
收藏
|
research.nccgroup.com
fernick
jennifer
mina
ocaml
consultants
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
SummaryYou said "Reverse Engineering"?Vulnerability detailsBackgroundReaching the vulnerable f...
2022-2-18 17:53:28 | 阅读: 49 |
收藏
|
research.nccgroup.com
pjl
abrt
crash
ssh
Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark
As one of the proud contributors to the Center for Internet Security (CIS) Microsoft 365 Foundat...
2022-2-18 16:30:0 | 阅读: 22 |
收藏
|
research.nccgroup.com
microsoft
phishing
defender
spamming
cloud
Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
Written by Catalin VisinescuOn November 3, 2021, Zero Day Initiative Pwn2Own announced that NCC Gr...
2022-2-17 18:25:41 | 阅读: 72 |
收藏
|
research.nccgroup.com
cvisinescu
ubi
ubi0
vol
ubifs
Detecting Karakurt – an extortion focused threat actor
Authored by: Simon Biggs, Richard Footman and Michael Mullentl;drN...
2022-2-17 18:9:42 | 阅读: 33 |
收藏
|
research.nccgroup.com
karakurt
utilised
cirt
strongly
BAT: a Fast and Small Key Encapsulation Mechanism
In this post we present a newly published key encapsulation mechanism (KEM) called BAT. It is a...
2022-2-15 02:39:1 | 阅读: 21 |
收藏
|
research.nccgroup.com
kem
lattice
saber
A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
This blog post discusses two erroneous computation patterns in Golang. By erroneous computationwe m...
2022-2-7 20:0:0 | 阅读: 29 |
收藏
|
research.nccgroup.com
memory
computation
erroneous
blockchain
evm
Previous
11
12
13
14
15
16
17
18
Next