Administrator Protection Review Windows 11引入Administrator Protection功能，通过创建独立的Shadow Admin账户取代UAC机制，移除自动提升权限的后门，并增加权限提示频率以提升安全性。该功能仍处于开发阶段，部分绕过机制尚未解决。... 2025-6-21 04:42:9 | 阅读: 250 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com shadow bypasses elevation microsoft

Tokenization Confusion 文章探讨了 Facebook 的 Llama Prompt Guard 2 模型如何防止提示注入攻击，并展示了通过修改提示文本（如添加连字符）可以绕过该模型的安全措施。研究还分析了不同分词方法（如 Unigram 和 BPE）对模型识别恶意提示的影响，并指出尽管 Prompt Guard 能够检测大部分恶意提示，但通过特定方式修改文本仍可使其失效。最终强调了持续关注 AI 安全的重要性。... 2025-6-4 21:43:20 | 阅读: 22 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com tokenizer llm vocab llama

The SQL Server Crypto Detour 文章探讨了如何从加密的SQL Server数据库备份中恢复敏感信息。通过分析ManageEngine ADSelfService Plus产品的加密机制，发现其使用了微软文档中的示例密钥，并展示了如何通过逆向工程和暴力破解技术提取解密密钥和域管理员凭据。研究揭示了产品设计中的安全漏洞，并提供了利用现有工具（如Hashcat和John The Ripper）进行攻击的方法。... 2025-4-17 06:54:28 | 阅读: 40 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com database encryption microsoft dmk smk

ADFS - Living in the Legacy of DRS « Back to home It’s no secret that Microsoft have been trying... 2025-1-12 16:21:0 | 阅读: 25 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com adfs oauth2 drs xd

Identity Providers for RedTeamers « Back to home In my previous blog post, I looked at effective... 2024-3-19 07:1:46 | 阅读: 36 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com okta onelogin idp connector

MacOS "DirtyNIB" Vulnerability « Back to home While looking for avenues of injecting code int... 2023-10-5 07:1:46 | 阅读: 21 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com library nib xprotect simulator

Okta for Red Teamers « Back to home For a long time, Red Teamers have been preachin... 2023-10-3 04:1:46 | 阅读: 14 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com okta idp delegated

LAPS 2.0 Internals « Back to home For most security consultant out there working... 2023-8-13 18:3:31 | 阅读: 22 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com laps ncrypt mslaps

PNG Steganography from First Principles « Back to home Steganography is experiencing a revival as a wr... 2023-8-9 18:3:31 | 阅读: 38 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com scanline ihdr idat

Building a Custom Mach-O Memory Loader for macOS - Part 1 « Back to home In the last post we looked at how we could patc... 2023-2-4 18:3:31 | 阅读: 36 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com dyld memory chained loader lc

Restoring Dyld Memory Loading read file error: read notes: is a directory... 2023-1-14 20:3:31 | 阅读: 37 | 收藏 | XPN InfoSec Blog - blog.xpnsec.com dyld memory infos ofi

WAM BAM - Recovering Web Tokens From Office « Back to home This weekend I wanted to take a look at somethi... 2022-10-18 01:40:29 | 阅读: 38 | 收藏 | blog.xpnsec.com microsoft windows memory msa

Exploring SCCM by Unobfuscating Network Access Accounts « Back to home Configuration Manager (or SCCM as it will forev... 2022-7-10 07:0:0 | 阅读: 50 | 收藏 | blog.xpnsec.com client sccm clientid sccm01 network

g_CiOptions in a Virtualized World « Back to home With the leaking of code signing certificates a... 2022-5-15 14:43:29 | 阅读: 25 | 收藏 | blog.xpnsec.com memory dse hvci insig

NTLMquic « Back to home This week, I dusted off my reading list and saw... 2022-4-11 11:0:0 | 阅读: 26 | 收藏 | blog.xpnsec.com windows datacount credconfig tlsconfig

Object Overloading « Back to home Using an OS binary to carry out our bidding has... 2022-2-16 04:1:46 | 阅读: 36 | 收藏 | blog.xpnsec.com symbolic windows loaded dirhandle

Weird Ways to Run Unmanaged Code in .NET « Back to home Ever since the release of the .NET framework, t... 2021-05-05 17:40:46 | 阅读: 147 | 收藏 | blog.xpnsec.com fieldoffset unmanaged marshal memory

Azure Application Proxy C2 « Back to home With the ever-tightening defensive grip on tech... 2021-04-24 22:01:02 | 阅读: 123 | 收藏 | blog.xpnsec.com proxy connector client c2 xcn

Tailoring Cobalt Strike on Target « Back to home We've all been there: you've completed your ini... 2021-02-04 12:00:00 | 阅读: 166 | 收藏 | blog.xpnsec.com beacon configfield c2 cobalt x2e

Bring Your Own VM - Mac Edition « Back to home For a while I've wanted to explore the concept... 2020-12-28 19:53:00 | 阅读: 155 | 收藏 | blog.xpnsec.com aarch64 buildroot ccache bootloader