unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Spelunking in Comments and Documentation for Security Footguns
When we perform security assessments at Include Security, we like to have a holistic view of th...
2024-11-21 03:0:43 | 阅读: 2 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
security
library
hop
redirecturl
footguns
Vulnerabilities in Open Source C2 Frameworks
Application and source code security assessments are the primary focus of our work at Include S...
2024-9-19 03:23:24 | 阅读: 25 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
teamserver
c2
sliver
havoc
agents
Coverage Guided Fuzzing – Extending Instrumentation to Hunt Down Bugs Faster!
We at IncludeSec sometimes have the need to develop fuzzing harnesses for our clients as part o...
2024-4-26 02:30:28 | 阅读: 6 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
jerryscript
jerry
ecma
buildid
Discovering Deserialization Gadget Chains in Rubyland
At Include Security we spend a good amount of time extending public techniques and creating new...
2024-3-14 02:32:24 | 阅读: 18 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
marshal
dry
rails
payload
privatecall
Improving LLM Security Against Prompt Injection: AppSec Guidance For Pentesters and Developers – Part 2
Summary of Key PointsThis is part two of the series of blog posts on prompt injection....
2024-2-9 03:42:3 | 阅读: 10 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
embedding
injection
embeddings
poem
llm
Improving LLM Security Against Prompt Injection: AppSec Guidance For Pentesters and Developers
By Abraham Kang, Managing Consultant, Include SecuritySummaryPrompt Injection is the Ac...
2024-1-24 04:36:10 | 阅读: 16 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
llm
injection
gpt
robots
denied
Think that having your lawyer engage your penetration testing consultancy will help you? Think again.
Guest Post: Neil Jacobs (deals with cyber law stuff)Many companies engage their pen tes...
2023-10-27 00:0:0 | 阅读: 18 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
client
attorney
advice
consultant
capital
Impersonating Other Players with UDP Spoofing in Mirror
Mirror is an open-source multiplayer game framework for Unity. The history of Mirror is pretty...
2023-4-19 00:0:0 | 阅读: 8 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
mirror
sn
client
attacker
kcp
Mitigating SSRF in 2023
Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server...
2023-3-21 00:6:37 | 阅读: 11 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
ssrf
library
flask
network
attacker
Hacking Unity Games with Malicious GameObjects, Part 2
Hello again!In the last post I talked about a way I found to execute arbitrary code in Unit...
2022-9-14 00:0:0 | 阅读: 5 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
unity
prefab
unityengine
gameobject
animation
Reverse Engineering Windows Printer Drivers (Part 2)
In our blog last post (Part 1), we discussed how you can find and extract drivers from executab...
2022-8-31 00:0:0 | 阅读: 13 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
dot4
driverentry
ghidra
ctl
windows
Reverse Engineering Windows Printer Drivers (Part 1)
Note: This is Part 1 in a series of posts discussing security analysis of printer drivers extra...
2022-8-6 00:0:0 | 阅读: 9 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
printer
wework
windows
kext
analysis
Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app
This post discusses the process of searching top GitHub projects for mass assignment vulnerabil...
2022-7-27 02:0:55 | 阅读: 14 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
github
mass
assignment
stars
Working with vendors to “fix” unfixable vulnerabilities: Netgear BR200/BR500
By Erik CabetasIn the summer of 2021 Joel St. John was hacking on some routers and printers...
2022-5-20 03:17:40 | 阅读: 10 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
netgear
security
br200
br500
Drive-By Compromise: A Tale Of Four Wifi Routers
The consumer electronics market is a mess when it comes to the topic of security, and...
2021-10-1 09:58:2 | 阅读: 8 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
security
firmware
wizard
attacker
Issues with Indefinite Trust in Bluetooth
At IncludeSec we of course love to hack things, but we also love to use our skills an...
2021-8-25 22:37:45 | 阅读: 7 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
security
analysis
wisec
Customizing Semgrep Rules for Flask/Django and Other Popular Web Frameworks
We customize and use Semgrep a lot during our security assessments at IncludeSec because it hel...
2021-7-23 02:47:12 | 阅读: 6 |
收藏
|
Include Security Research Blog - blog.includesecurity.com
semgrep
flask
django
positives
security
Previous
-65
-64
-63
-62
-61
-60
-59
-58
Next