Aggregator

SIEM市场持续增长，SaaS化显著，尚未受XDR影响，但需不断变革和易用

Zoho ManageEngine ADAudit Plus (CVE-2022-28219 )漏洞分析 前言 看到y4er师傅文章分析的zoho xxe的一些有意思组合利用方式，学习一下 漏洞分析 反序列化 <servlet> <servlet-name>CewolfServlet</servle

Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of...

The post The Optus Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.

文件重定向是一个文件重定位到另外一个文件。重定向后，当一个文件的发生打开，读写这些行为，就会变成另外一个文件的打开,读写。 文件重定向多用于过风控，改机，多开等场景中。 实现 作为实现重定向的一方，有许多实现方式，下面的例子是用frida脚本hook libc.so下的open函数，在open函数被

Threat Intelligence feeds are an integral part of any security strategy. In this new research see how Akamai researchers were able to find 8 million malicious domains every month to further protect our customers.

Zoho ManageEngine ServiceDesk Plus (CVE-2021-44077) 漏洞分析 碎碎念 “思绪慢慢下沉” 漏洞分析 命令执行 该项目用的是struts2架构的，先来看web.xml文件配置 <servlet> <servlet-name>action</servle

Advanced Windows Task Scheduler Playbook - Part.3 from RPC to lateral movement

Summary X-Force is tracking the disclosure that Optus, Australia's second-largest wireless carrier, was a victim of a cyberattack on September 22, 2022. According to reports from reputable sources, the PII of approximately 9.8 million Australians has been stolen. Threat Type Data Leak Overview On September 22, 2022, Optus, Australia's second-largest wireless carrier, disclosed that they had been the victim of a cyber attack. Further investigation provided by reputable sources then disclosed that the data

Forrester?s 2022 evaluation of web application firewalls ranks Akamai as a Leader with the top score among all evaluated vendors in the attack detection criterion.

主论坛1、可信密态计算：密态时代的基础设施技术2、macOS+混合符号执行3、蓝军视角剖析BYOVD实战利用4、All in one：基于运行时单探针插桩的代码疫苗技术5、被动资产识别 从人工到AI

CVE-2022-39197 Cobalt Strike < 4.7.1 RCE Analyze

这一期内容千万不要错过～

Akamai plans to add more than a dozen data centers, equipped with Linode?s full product suite ? across North America, APAC, LATAM and Europe by the end of 2023.

0x00 前言就在前几天，无敌的北辰少爷向CS官方提交了一个RCE漏洞，通过该漏洞可以在捕获攻击者的beac

Summary An internal investigation by security researchers from WhatsApp has found and disclosed two critical vulnerabilities in its signature software. Threat Type Vulnerability Overview IBM X-Force Incident Command is monitoring a pair of critical vulnerabilities in Meta's WhatsApp software. The vulnerabilities were discovered internally by security researchers and responsibly disclosed after a software upgrade was issued. Older versions of the software are still vulnerable and include all versions includi

What does the future look like for consumer-to-internet and OTT media services in India? Here are six thought-provoking insights from CXOs.

一款可自定义自动字典生成器---火花(spark) 前言 外网前台没有rce现在点越来越难打。 只有后台才可能有点希望。 爆破越来越重要了。 所以才耗时来写个工具 工具介绍 定向字典生成,多重组合排序。 支持字符长短限制。 支持字符复杂的限制。 简单md5碰撞。 社工字典生成。

github https://github.com/G0mini/spark 希望表哥多点的start

1 个帖子 - 1 位参与者

阅读完整话题

VMware Workspace ONE Access(CVE-2022-22954)漏洞分析 碎碎念 “像让这个世界听听自己的意见” 环境搭建 导入ova的时候要设置下fqdn，配置数据库就安装完成了 启动脚本在/opt/vmware/horizon/workspace/bin目录下 setenv

Recommended authentication models for organisations looking to move 'beyond passwords'.

十月好礼请签收