Aggregator
Pwning a Cisco RV340 漏洞分析(CVE-2022-20705 和 CVE-2022-20707
2 years 6 months ago
Swing
CVE-2021-42342 Goahead 环境变量注入漏洞分析
2 years 6 months ago
Swing
What Are The Spring4Shell Vulnerabilities?
2 years 6 months ago
Despite how they sound, Spring4Shell and the related vulnerabilities in the Spring Framework aren’t exactly like Log4Shell. Learn how they work and what you can do.
李姐姐开源DNSLog工具eyes.sh
2 years 6 months ago
响应Lake2大佬的号召,我开通了这个公众号,用于记录一点零散的文字总结,第一篇,以发一个小工具开始。
分享一下我当初学习CodeQL的所有笔记及总结
2 years 6 months ago
这里有我当初学习CodeQL的时候记录的所有的笔记,还有一些我自己的总结,一股脑公开了,希望对你有用🤷♀️ 至于文档的顺序,我并没有整理
关于spring core 文件写入 poc
2 years 6 months ago
spring 的rce的写文件的poc 是有严重缺陷
Spring Framework RCE分析(CVE-2022-22965)
2 years 6 months ago
3月29日,Spring Framework 存在远程代码执行漏洞,在 JDK 9 及以上版本环境下,远程攻
混合办公(Hybrid Work)安全的“三年”技术落地趋势推演
2 years 6 months ago
混合办公(Hybrid Work)安全的三年技术落地趋势推演。"端到端零信任"大的版图。
Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild
2 years 7 months ago
Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching campaigns for crypto-mining, ddos, ransomware, and as a golden ticket to break into organizations for the next years to come.
Akamai Threat Research Team
Mitigating Spring Core ?Spring4Shell? Zero-Day
2 years 7 months ago
When Spring, the Java-based application, fell victim to cyberattacks, Akamai's Adaptive Security Engine detected zero-day attacks and protected customers against them.
Akamai Threat Research Team
Use of Russian technology products and services following the invasion of Ukraine
2 years 7 months ago
Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why.
Spring 参数绑定的分析以及甲方自查
2 years 7 months ago
春天
Caging the Malicious Insider Application
2 years 7 months ago
The applications we need to run inside our organizations can turn malicious, so how can we architect for this?
如何解析并白嫖xray yml V2 poc
2 years 7 months ago
从去年开始 xray的yml poc升级到了v2版本和v1版本相比,执行流程上有了较大变化
Lapsus$ Group Heists Ramp Up
2 years 7 months ago
Summary
***UPDATED March 30, 2022***
The Lapsus$ group is ramping up its already breakneck pace of infiltration, exfiltration, and extortion campaigns against several high profile companies including Microsoft, NVIDIA, Samsung, and others.
Threat Type
Threat Group
Overview
***UPDATE #4, March 30, 2022***
Lapsus$ returns from its self-imposed hiatus to compromise Globant, a software services company. Images of data extracted as well as credentials for the DevOps structure were posted on the group's Telegram
Welcome to Edge Diagnostics
2 years 7 months ago
After more than a year of dedication and hard work, we are delighted to officially announce the launch of our new Edge Diagnostics application on March 30, 2022. Diagnosing network and content issues quickly and effectively is critical to your success! Therefore the aim is to make the existing diagnostic tools faster, easier to navigate, more user-friendly, and with improved functionality and a developer focus in mind.
Amit Mohanty
Meet Anthony Hogg: Senior Enterprise Architect and Lifelong Learner
2 years 7 months ago
At Akamai and across the tech industry at large, best practices and tools are constantly evolving. To keep up with these changes, a passion for learning is key, especially among those who support and enable others. One Senior Enterprise Architect on Akamai?s Advanced Solutions team, Anthony Hogg, truly embodies this value.
Chuck Freedman
CVE-2022-22947 Spring Cloud Gateway漏洞分析从0到1
2 years 7 months ago
Spring Cloud Gateway是Spring Cloud官方推出的第二代网关框架,取代Zuul网关。网关作为流量的,在微服务系统中有着非常作用,网关常见的功能有路由转发、权限校验、限流控制等作用。
安全对抗,从统计学到人工智能(一)
2 years 7 months ago
写在前面一直有一个想法,想把统计学的知识复习一下,边复习边尝试把统计学应用到安全对抗领域中。之前一直写的都是