Recently, DBAPPSecurity SRC has monitored that XStream has officially released a security update bulletin

I have not done a very thorough analysis of this vulnerability, so I will be relatively conservative in some of my conclusions.

With the introduction of sandboxed mechanism in several major browsers (Chrome, Edge, IE) and word processing software (Office, Adobe Reader) on Windows platform, the demand of Windows kernel privilege vulnerability is also rising.

In an un-arbitrary location of CVE-2021-21972 vmware vcenter and then just execute the webshell.

I found a chain a year ago, but the repair of several chains and I find the sink point and trigger toString point are different, this should be considered a new CVE, here to share out.

External c2 is not much to say, it is a technology to prevent the real c2 address from leaking and wasting resources and time after being banned by the Blue Team.

Boffins disclosed a Bluetooth security vulnerability called BIAS (CVE-2020-10135), which can be used by attackers to spoof remote pairing devices.

Recently, an APT organization began to use Office EPS vulnerability samples to attack again.

Weblogic T3/IIOP Deserialization & XXE Analysis