Where’s the Money - Supplemental Findings 该文章描述了Diebold Nixdorf Vynamic Security Suite（VSS）中的两个漏洞（CVE-2024-46916和CVE-2024-46917），涉及文件系统完整性检查和删除指令绕过问题。这些漏洞允许攻击者通过特定路径获取代码执行权限或进行信息侦察，尽管被归类为低影响，但在某些版本中仍存在风险。... 2025-8-28 17:23:57 | 阅读: 11 | 收藏 | Blog - Atredis Partners - www.atredis.com lrwxrwxrwx mountpoint security fastboot vss

Uncovering Privilege Escalation Bugs in Lenovo Vantage 这篇文章详细介绍了Atredis在Lenovo Vantage管理平台中发现的三个权限提升漏洞（CVE-2025-6230、CVE-2025-6231和CVE-2025-6232），涉及SQL注入、Registry写入和路径遍历等问题。这些漏洞允许攻击者在系统中获得更高的权限。Lenovo已于7月8日发布了补丁修复这些问题。... 2025-7-9 15:50:39 | 阅读: 11 | 收藏 | Blog - Atredis Partners - www.atredis.com lenovo vantage software appid

A Peek into an In-Game Ad Client 文章描述了作者通过分析游戏Trackmania中的广告来源，发现并研究了 anzus 的DLL文件及其功能。作者使用反编译工具、自动生成的trampoline DLL和mitmproxy等工具，跟踪了 anzus 的函数调用和网络通信，并成功注入了自己的广告到游戏中。... 2025-5-23 14:52:54 | 阅读: 16 | 收藏 | 0day Fans - www.atredis.com anzu library trackmania mitmproxy

3D Printing Flying Probe Test Harnesses: Can you? 文章描述了设计和制造用于测试非标准间距铸件板的定制探针固定装置的过程。通过使用FDM 3D打印机克服了传统探针工具的不足，并展示了成功案例。... 2025-4-25 17:51:13 | 阅读: 7 | 收藏 | Blog - Atredis Partners - www.atredis.com fdm holes pins harness printer

Node is a loader 文章探讨了Node.js支持C++插件及其作为DLL加载器的应用，利用node-gyp构建插件，并通过Zig语言实现示例代码。... 2025-3-7 19:36:32 | 阅读: 2 | 收藏 | 0day Fans - www.atredis.com windows zig loader addons anyopaque

Advisory Blog Series: HIPAA Security Rule Updates 美国HIPAA安全规则更新以应对网络安全威胁和数据泄露问题，新增强制加密、多因素认证等要求，并要求受监管实体定期验证技术保障措施。这些变化可能增加中小型组织的合规负担。目前处于公众意见征求阶段。... 2025-2-19 14:9:11 | 阅读: 2 | 收藏 | Blog - Atredis Partners - www.atredis.com security proposed regulated ephi hhs

Advisory Blog Series: HIPAA Security Rule Updates 美国卫生与公众服务部提议更新《 HIPAA 安全规则》，以应对日益增长的网络安全威胁和数据泄露问题。新规将引入强制性加密、多因素认证等措施，并修改部分定义以适应技术发展。中小型机构可能面临更大挑战，因需更多资源应对新规要求。目前新规仍处于征求意见阶段。... 2025-2-19 14:8:35 | 阅读: 1 | 收藏 | 0day Fans - www.atredis.com security proposed regulated ephi hhs

Ransomware Readiness Part 2 – What Does it Really Mean to be Ready? We’ve all been asked at some point in our lives – “Are you ready?”. That usually strikes me as a... 2024-8-19 19:0:0 | 阅读: 4 | 收藏 | Blog - Atredis Partners - www.atredis.com ransomware insurance security meaningful challenging

Some Thoughts on Becoming Worker Owned So a little over a decade ago, when my cofouners and I started Atredis Partners, I had several fr... 2024-8-2 10:5:24 | 阅读: 3 | 收藏 | Blog - Atredis Partners - www.atredis.com esop atredis founders firm vc

Some Thoughts on Becoming Worker Owned So a little over a decade ago, when my cofouners and I started Atredis Partners, I had several fr... 2024-8-2 10:5:24 | 阅读: 0 | 收藏 | Blog - Atredis Partners - www.atredis.com atredis esop founders anniversary fellow

How to Train Your Large Language Model Large Language Models (LLM) such as those provided by OpenAI (GPT3/4), Google (Gemini), Anthropic (C... 2024-6-7 03:9:1 | 阅读: 8 | 收藏 | Blog - Atredis Partners - www.atredis.com memory ce2bc ollama epoch grad

Hacking Exchange from the Outside In 2024-4-23 01:0:0 | 阅读: 6 | 收藏 | Blog - Atredis Partners - www.atredis.com pipeline2 00007ffc 000000ea

Scrutinizing the Scrutinizer 2024-2-29 23:0:0 | 阅读: 7 | 收藏 | Blog - Atredis Partners - www.atredis.com evp lv perl vg plixer

A LibAFL Introductory Workshop Why LibAFLFuzzing is great! Throwing randomized inputs at a target really fast can have unreasonab... 2023-12-5 07:54:6 | 阅读: 0 | 收藏 | Blog - Atredis Partners - www.atredis.com corpus fuzzer executions objectives libafl

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit 2023-10-13 18:47:0 | 阅读: 0 | 收藏 | Blog - Atredis Partners - www.atredis.com security client atredis proposal engagements

Symbolic Triage: Making the Best of a Good Situation 2022-11-1 02:40:45 | 阅读: 14 | 收藏 | www.atredis.com symbolic violation debugger pml crash

Part 1: Ransomware – To Pay or Not to Pay The consultants here at Atredis Partners have delivered a lot of Incident Response table-top exercis... 2022-8-23 01:50:54 | 阅读: 23 | 收藏 | www.atredis.com ransomware attackers firm paying advance

Researching Crestron WinCE Devices 2022-7-2 21:33:2 | 阅读: 8 | 收藏 | www.atredis.com crestron simpl toolbox lpz ssh

Veni, MIDI, Vici — Conquering CVE-2022-22657 and CVE-2022-22664 Recently, Apple pushed two security fixes for issues in the way GarageBand and Logic Pro X parsed... 2022-3-29 22:0:0 | 阅读: 31 | 收藏 | www.atredis.com garageband midi atredis timidity 000053

Unauthenticated Remote Code Execution Chain in SysAid ITIL -- CVE-2021-43971, CVE-2021-43972, CVE-2021-43973, CVE-2021-43974 2022-1-6 23:0:0 | 阅读: 100 | 收藏 | www.atredis.com sysaid premises itil