http://wechat.doonsec.com/Mzk2NDE3NTc0Ng.xmlThe latest security articles about WeChat official accountzh-CNSun, 30 Mar 2025 23:42:23 GMTPyRSS2Gen-1.1.0http://blogs.law.harvard.edu/tech/rsshttp://wechat.doonsec.com/http://wechat.doonsec.com/static/front/img/doonsec_bak3.pnghttps://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483910&idx=1&sn=eed5f306d1ff24fbb2e7fda8961053fc泷羽sec-siznwaa泷羽sec-siznwaa2025-03-30T12:49:14https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483825&idx=1&sn=6cabd093b0a33f4b60d2f1171f1de80f泷羽sec-siznwaa泷羽sec-siznwaa2025-03-29T19:44:30https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483706&idx=1&sn=b3dbccfc5b022c45dcf592273cf26797泷羽sec-siznwaa泷羽sec-siznwaa2025-03-28T00:59:50https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483699&idx=1&sn=c1f7c190cc91ff25079a80f953f7c8ec泷羽sec-siznwaa泷羽sec-siznwaa2025-03-28T00:57:27https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483688&idx=1&sn=cdf0fc8bf8bf9a2959bf69e6b6092468泷羽sec-siznwaa泷羽sec-siznwaa2025-03-28T00:51:20https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483684&idx=1&sn=e3fb026f89eda00be81fe7e7b2663c51泷羽sec-siznwaa泷羽sec-siznwaa2025-03-28T00:01:08https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483679&idx=1&sn=08be6295181283b549db62f94c46cb51泷羽Sec-siznwaa泷羽Sec-siznwaa2025-01-28T17:59:41https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483671&idx=1&sn=eaacd0f7f00918544a6559f980874846更优雅的nignx内存马后门，ebpf 内核马\\x0d\\x0a\\x0d\\x0a全链路内存马系列之 nginx 内存马和ebpf 内核使用\\x0d\\x0a\\x0d\\x0a本项目不含有完整的利用工具，仅提供无害化测试程序、防御加固方案，以及研究思路讨论泷羽Sec-siznwaa泷羽Sec-siznwaa2025-01-20T16:05:13https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483669&idx=1&sn=cc2477515de4ad11a40075859f8b2a16Reqable是新一代API调试 + API测试一站化解决方案。Reqable具有全平台、免登录、轻量级、高性能、无广告等优点，理念是让API更快更简单，现已支持Windows、Mac、Linux、Android和iOS五大平台。泷羽Sec-siznwaa泷羽Sec-siznwaa2025-01-14T20:58:17https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483667&idx=1&sn=9daefc005715b510c4832af84a8a9c70攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，通过该未授权/敏感信息/越权隐匿我们可以：\\x0d\\x0a\\x0d\\x0a1、发现通过某接口可以进行未授权/越权获取到所有的账号密码、私钥、凭证泷羽Sec-siznwaa泷羽Sec-siznwaa2025-01-13T11:02:40https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483664&idx=1&sn=7ba6dbb66f98b8cfce56e0a9b46a2011最近使用了一下灵兔宝盒，介绍： 开箱即用！265种windows渗透工具合集--灵兔宝盒，。不过用起来不太顺手，首先burpsuite_pro V2024.4不能正常使用，然后又试了一下xshell，发现也不行。干脆多添加一些工具进去二开泷羽Sec-siznwaa泷羽Sec-siznwaa2025-01-12T12:03:22https://mp.weixin.qq.com/s?__biz=Mzk2NDE3NTc0Ng==&mid=2247483660&idx=1&sn=6a77e78a183da35fe17ede360c8c2253ChatViewTools是一款微信聊天工具搜刮工具，可以用于红队微信聊天记录快速取证。是逆向Ormicron/chatViewTool后更改而来\\x0d\\x0a\\x0d\\x0a做了大量的更新和性能优化，与原版相比优化了泷羽Sec-siznwaa泷羽Sec-siznwaa2025-01-11T11:34:58