unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
This blog post discusses two erroneous computation patterns in Golang. By erroneous computationwe m...
2022-2-7 20:0:0 | 阅读: 29 |
收藏
|
research.nccgroup.com
memory
computation
erroneous
blockchain
evm
Estimating the Bit Security of Pairing-Friendly Curves
IntroductionThe use of pairings in cryptography began in 1993, when an algorithm developed b...
2022-2-3 17:15:0 | 阅读: 19 |
收藏
|
research.nccgroup.com
pairing
curves
security
elliptic
discrete
Testing Infrastructure-as-Code Using Dynamic Tooling
Erik Steringer, NCC GroupOverviewTL;DR: Go check out https://github.com/ncc-erik-stering...
2022-2-3 00:30:0 | 阅读: 13 |
收藏
|
research.nccgroup.com
cloud
github
security
iac
identify
Machine Learning for Static Analysis of Malware – Expansion of Research Scope
IntroductionThe work presented in this blog post is that of Ewan Alexander Miles (former UCL...
2022-2-1 00:2:34 | 阅读: 21 |
收藏
|
research.nccgroup.com
precision
recall
benign
benignware
xgboost
10 real-world stories of how we’ve compromised CI/CD pipelines
by Aaron Haymore, Iain Smart, Viktor Gazdag, Divya Natesan, and Jennifer FernickMainstream a...
2022-1-13 18:0:0 | 阅读: 35 |
收藏
|
research.nccgroup.com
runners
privileged
jenkins
gitlab
containers
Impersonating Gamers With GPT-2
In this blog post, I’m going to recount the story of my quest to train OpenAI’s large language m...
2022-1-12 17:0:0 | 阅读: 17 |
收藏
|
research.nccgroup.com
mythic
gpt
chatbot
synthesis
machine
NCC Group’s 2021 Annual Research Report
Following the popularity of our first Annual Research Report in 2020, we present to you now for...
2022-1-10 23:0:0 | 阅读: 68 |
收藏
|
research.nccgroup.com
security
windows
software
ransomware
Tool Release – insject: A Linux Namespace Injector
tl;dr Grab the release binary from our repo and have fun. Also, happy new year; 2021 couldn’t en...
2022-1-8 13:20:6 | 阅读: 29 |
收藏
|
research.nccgroup.com
insject
setns
library
overruns
processes
Detecting anomalous Vectored Exception Handlers on Windows
tl;drAt least one commercial post exploitation framework is using Vect...
2022-1-4 00:24:3 | 阅读: 27 |
收藏
|
research.nccgroup.com
veh
pvectored
tprintf
On the malicious use of large language models like GPT-3
(Or, “Can large language models generate exploits?”)While attacking machine learning systems...
2022-1-1 06:30:0 | 阅读: 33 |
收藏
|
research.nccgroup.com
gpt
security
openai
codex
Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs
by Drew Wade, Emily Liu, and Siddarth AdukiaTL; DRWe studied a range of Canadian provinc...
2022-1-1 03:17:0 | 阅读: 20 |
收藏
|
research.nccgroup.com
vaccination
qr
ontario
verifier
proofs
Tool Update – ruby-trace: A Low-Level Tracer for Ruby
We released ruby-trace back in August to coincide with my DEF CON 29 talk on it and parasitic tracin...
2022-1-1 01:59:0 | 阅读: 17 |
收藏
|
research.nccgroup.com
6236
cfunc
2147483648
topn
cfp
Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches
BackgroundJava Virtual Machines (JVMs) provide a number of mechanisms to...
2021-12-30 06:38:0 | 阅读: 26 |
收藏
|
research.nccgroup.com
agents
shouganaiyo
jvmti
loader
hotspot
Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
Vendor: LenovoVendor URL: https://www.lenovo.com/Versions affected: 1.1....
2021-12-16 07:29:55 | 阅读: 33 |
收藏
|
research.nccgroup.com
attacker
lenovo
processes
Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers
The Microcontroller (MCU) is the heart of an embedded device, where the main firmware executes i...
2021-12-16 00:49:38 | 阅读: 22 |
收藏
|
research.nccgroup.com
firmware
security
memory
FPGAs: Security Through Obscurity?
BackgroundFor the uninitiated, an FPGA is a field-programmable array of logic that is ty...
2021-12-14 17:14:31 | 阅读: 19 |
收藏
|
research.nccgroup.com
fpgas
security
bitstream
hardware
development
Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
In June 2021, WhatsApp engaged NCC Group to conduct a security assessment...
2021-12-13 22:48:06 | 阅读: 17 |
收藏
|
research.nccgroup.com
opaque
jennifer
fernick
ke
library
log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
tl;dr Run add our new tool, -javaagent:log4j-jndi-be-gone-1.0.0-standalone.jar to all of your JV...
2021-12-13 08:55:00 | 阅读: 70 |
收藏
|
research.nccgroup.com
log4j
jndi
log4shell
weird
Log4Shell: Reconnaissance and post exploitation network detection
Note: This blogpost will be live-updated with new information. NCC Group’s...
2021-12-13 04:15:23 | 阅读: 139 |
收藏
|
research.nccgroup.com
fox
log4j
suricata
srt
classtype
Announcing NCC Group’s Cryptopals Guided Tour!
Hello and welcome to NCC Group’s Cryptopals guided tour! This post is the first in a series of e...
2021-12-10 19:00:00 | 阅读: 24 |
收藏
|
research.nccgroup.com
wiki
cryptopals
python
hamming
talking
Previous
12
13
14
15
16
17
18
19
Next