伪程序员,信息安全从业者。
Joined June 2018
- Tweets 521
- Following 1,106
- Followers 3,276
- Likes 2,579
118 Photos and videos
23 Apr 2024
为安全爱好者、研究人员和赏金猎人汇总国内外优质安全文章、最新漏洞及安全更新等。
简化信息获取过程,每天花几分钟浏览即可,通过爬虫 RSS 订阅方式获取的 78 个热门的安全站点最近更新内容,👇:
http[s]://forum.ywhack.com/today_security.php
3
13
115
7,860
19 Apr 2024
团队开发的 [EZ] 自动化扫描工具开放的社区版:github.com/m-sec-org/EZ
相较于 xray、goby 等工具实现了根据指纹打 POC,社区版内置 6000 常见的系统指纹与基础漏洞扫描模块,不打 POC 仅做指纹识别也非常高效.
近期上线的EzHelper插件助手,仅需安装一个浏览器插件即可进行自动化Web漏洞探测.
1
12
78
5,827
18 Apr 2024
看到一款覆盖比较全的综合解密工具:hxxps://github.com/wafinfo/DecryptTools
支持22种加解密 密码查询功能
另外再推荐一下一些没覆盖到的通用系统在线解密:hxxps://forum.ywhack.com/decrypt.php
9900 的默认备密码查询:hxxps://forum.ywhack.com/password.php
更多🔧:bountytips.php
19
99
4,819
OOB payload script for identify RCE.
- Sometimes curl or wget is removed due to system hardening.
- In the case of Blind RCE, we may miss it unfortunately. We need to make as many cases as possible.
- Code: hahwul.com/2022/03/11/bypass…
1
31
108
17 Dec 2021
棱角社区第10期网络攻防周报:
在线阅读:hxxps://forum.ywhack.com/report.php?10
仓库地址:github.com/EdgeSecurityTeam/…
同时安全资料库也收集更新了 106 个关于信息安全非常优秀的资料:
hxxps://forum.ywhack.com/infosec.php
16
17
44
Log Dependencies with Log4j2 Checklist
Log类组件包含log4j2自查表😃
github.com/LoRexxar/log_depe…
14
28
10 Dec 2021
目前Github或各种渠道流传的一些Log4j自查工具小心携带后门,不要随意下载互联网的自查工具或相关的一些附件等,警防钓鱼🎣~
4
47
9 Dec 2021
今晚对于JB小子来说是'狂欢'的一夜,拿着工具全网乱扫,完全不顾后果...希望大家都能严格遵守底线,非授权情况下不要进行恶意攻击行为!
6
1
36
Blackhold retweeted
8 Dec 2021
Rapid7 analysis for CVE-2021-44077. PoC inside. attackerkb.com/topics/qv2aD8…
4
29
48
Blackhold retweeted
8 Dec 2021
📢 New article released!
📝 Process Ghosting - EDR Evasion
pentestlaboratories.com/2021… #pentestlaboratories #redteam #blueteam
2
178
373
Blackhold retweeted
6 Dec 2021
Previously unauthed AMF deserialization in VMware vCenter Server? Maybe. attackerkb.com/assessments/c…
4
34
101
Blackhold retweeted
28 Nov 2021
🚨 CYBER MONDAY DEALS! 🚨
We have two excellent deals on offer.
1/ Free IP WHOIS API access!
2/ A hugely discounted premium plan!
Full details are in this thread 👇🧵
2
78
60
Blackhold retweeted
25 Nov 2021
WordPress Plugin Update Confusion
vavkamil.cz/2021/11/25/wordp…
4
37
109
26 Nov 2021
每周安全攻防周报,第七期:
仓库:github.com/EdgeSecurityTeam/…
阅读:forum.ywhack.com/report[.]ph…
本期覆盖 2021年11月19日——2021年11月25日 期间安全动态。(2021-11-26)
1
9
Blackhold retweeted
22 Nov 2021
Unlocking the Vault :: Unauthenticated Remote Code Execution against CommVault Command Center srcincite.io/blog/2021/11/22…
Proof of Concept Exploit: srcincite.io/pocs/cve-2021-%…
A zero-day research collaboration with @jstnkndy, @BrandonPrry and @steventseeley
1
71
155
Blackhold retweeted
20 Nov 2021
Slides for our @nohatcon talk on hacking dlink routers with ghidra2cpg: drive.google.com/file/d/17yn… - Congratulations @ursachec on your first security conference talk! Many thanks to @0x4D5A for the work on ghidra2cpg as well.
2
66
164