lisenMiller

摘要： File Inclusion vulnerability In the PHP Configuration,"allow_url_include" wrapper by-default set to "Off" which instruct PHP not ot load remote HTTP o 阅读全文

摘要： ThemeBleed exploit Windows run the Theme.exe which occupy the 445 port.We need to open the services interface and stop the service. 1.Generate the The 阅读全文

摘要： CONNECT between windows and linux Bloodhound Collection Grab the latest copy of SharpHound.exe from the Bloodhound repo,upload it to Outdated,working 阅读全文

摘要： 碰瓷类型 X-Frame-Options 风险名称 点击劫持：X-Frame-Options响应头丢失 风险级别 中风险 风险描述 返回的响应头信息中没有包含x-frame-options头信息设置，点击劫持(ClickJacking)允许攻击者使用一个透明的iframe，覆盖在一个网页上，然后诱使 阅读全文

摘要： PyWhisker If we use pyWhisker,we need to have credential. With creds,I can try to remotely run PyWhisker.It fails: python3 /opt/pywhisker/pywisker.py 阅读全文

摘要： Briefly Microsoft ensure that a new local escalate loophole. This loophole allow low permission user access the system file of Windows. The user which 阅读全文

摘要： WSUS Introduction WSUS is a Microsoft solution for administrators to deploy Microsoft product updates and patches across an environment in a scalable 阅读全文

摘要： RECON TLS certificate openssl s_client -showcerts -connect 10.10.11.202:3269 | openssl x509 -noout -text- "openssl s_client" initiates an SSL/TLS conn 阅读全文

摘要： ESC1 utilization conditions: ESC1 needs to meet following requirements to use successfully 1.Have permission to accquire certificate 2.the value of pk 阅读全文

摘要： BRIEF ADCS（Active Directory certificate service).There are a lot enterpirse CA set up to issue certificates using certificate template definitions,whi 阅读全文