https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Conviso AppSec

Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents

The Jenkins team released an advisory (CVE-2024-43044) for an arbitrary file read vulnerability that allows an agent to be able to read files

搞车联网不懂嵌入式，搞什么搞
https://github.com/m3y54m/Embedded-Engineering-Roadmap

GitHub

GitHub - m3y54m/Embedded-Engineering-Roadmap: A comprehensive roadmap for aspiring Embedded Systems Engineers, featuring a curated…

A comprehensive roadmap for aspiring Embedded Systems Engineers, featuring a curated list of learning resources. - m3y54m/Embedded-Engineering-Roadmap

CVE-2024-45163: Remote DoS Exploit in Mirai Botnet

https://pastebin.com/raw/6tqHnCva

https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/

Chebuya

Unauthenticated remote code execution on BYOB via arbitrary file write+command injection

PoC: https://github.com/chebuya/exploits/tree/main/BYOB-RCE Your browser does not support the video tag. Summary BYOB (Build Your Own Botnet) is an open-source post-exploitation framework for students, researchers and developers with support for Linux, Windows…

Linux 内核 DIRTYPAGE 利用

最近一直在搞自己的事情和玩，大概休息到明年，不会弃坑的

https://x.com/evi1_f4iry/status/1784794451833209292?t=vNCovGzolxZYEUrM57cJgg&s=35

X (formerly Twitter)

夏 evi1_f4iry Xena (@evi1_f4iry) on X

好久没用emacs了，发现网上的等宽方法还是原来的几种，我不喜欢加行距也不喜欢中英输入时行高发生抖动，就又写了一个新的函数，利用行号字体控制实际行高和中文等高避免抖动，中英字体和行号字体都可以使用喜欢的字体，而且方便测试出合适的比例和字号，如下 https://t.co/TOnOzPnz1K

人生啊，各有各命，何必操心别人

https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies

www.elastic.co

In-the-Wild Windows LPE 0-days: Insights & Detection Strategies — Elastic Security Labs

This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.