Forwarded from 鳖频道 (ω)
Pseudorandom Thoughts
锐评ASUS 灵耀14 Ultra 9 32GB:OOBE会发烫而且高配版没有蓝色注定它只能是个相对失败的笔记本 键程和喇叭还可以,屏幕没玻璃覆盖扣分,轻薄是真挺轻薄的
感觉显卡/ACPI驱动每个星期都能崩一次,不禁让人想到是不是NSA塞在Intel驱动里的后门发力了
💊1
Forwarded from vx-underground
June 11th a Microsoft engineer accidentally leaked 4GB of Microsoft PlayReady internal code. It was leaked on the Microsoft Developer Community. The leak includes:
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
Forwarded from bupt.moe
#security
OpenSSH 发现 RCE。影响范围
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
OpenSSH 发现 RCE。影响范围
8.5p1 <= OpenSSH < 9.8p1 。https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
说个恶心的,一些TLS证书厂商会在公司TLS证书还有三个甚至两个月过期的时候直球打电话给业务部门,恐吓说证书即将过期/不合规/需要更换/……等各种,堪比当年的某菲安全对着GitHub公共库一键发射 SCA issue
Pseudorandom Thoughts
锐评ASUS 灵耀14 Ultra 9 32GB:OOBE会发烫而且高配版没有蓝色注定它只能是个相对失败的笔记本 键程和喇叭还可以,屏幕没玻璃覆盖扣分,轻薄是真挺轻薄的
已经用了2个月,强烈不建议买,实在受不了ASUS弱智的固件 开机空转 CPU 73摄氏度 了,在考虑换个 Magicbook/ThinkBook X
Forwarded from 没处说的话
https://mp.weixin.qq.com/s/rtgOCzg_Dc9DbMBRLi2UdA
笑点解析:手机为主的N要素认证这么多年,全国数据都快被脱干净了,终于想起来当年做过eID
笑点解析:手机为主的N要素认证这么多年,全国数据都快被脱干净了,终于想起来当年做过eID
OffSec Learn Unlimited半年回顾:
发现OffSec系列考试我每考一次能轻4斤😰
OSWA二十天刷完所有课程+靶机
五台靶机每台后台10分getshell 10分 一战 60/100 二战 80/100 刚提交报告不知道能不能拿证
OSCP半年慢慢摸刷完课程 PG几乎没做。根据官方统计,PG都刷完的人肯定能过CP
AD整块60分 三台靶机getshell 10分 提权10分 要求必须是交互式shell 一战 40/100 二战先歇了
下一场是OSDA,我还没开始学呢(雾)
看考试类型总觉得300系列可能比200还简单点(没那么要求脑洞)
我是2024年1月报的LU,但前面太摸鱼了,拖到6月才考,现在想来至少前几个月可以直接先约考试逼一下自己 把OSWP OSDA和OSWA考下来的 现在要4个月搞完OSCA3,有点紧张了。
发现OffSec系列考试我每考一次能轻4斤😰
OSWA二十天刷完所有课程+靶机
五台靶机每台后台10分getshell 10分 一战 60/100 二战 80/100 刚提交报告不知道能不能拿证
OSCP半年慢慢摸刷完课程 PG几乎没做。根据官方统计,PG都刷完的人肯定能过CP
AD整块60分 三台靶机getshell 10分 提权10分 要求必须是交互式shell 一战 40/100 二战先歇了
下一场是OSDA,我还没开始学呢(雾)
看考试类型总觉得300系列可能比200还简单点(没那么要求脑洞)
我是2024年1月报的LU,但前面太摸鱼了,拖到6月才考,现在想来至少前几个月可以直接先约考试逼一下自己 把OSWP OSDA和OSWA考下来的 现在要4个月搞完OSCA3,有点紧张了。