What Is a TCP Three-Way Handshake?
The TCP three-way handshake is one of the critical building blocks of the internet. It facilitates the smooth and consistent flow of information across and among different networks without compromising security.
Aggregator
为 CodeQL 自定义规则编写测试文件
3 years 1 month ago
本文主要介绍如何为自定义的 CodeQL 规则创建测试文件,以及如何使用 test run 子命令执行测试。
浅析DevOps中结合IAST的落地介绍 - admin-神风
3 years 1 month ago
前言 这篇博客打算重点介绍一下IAST相关的内容,以及IAST如何在DevSecOps中的CI/CD中的结合。做一期大杂烩,同时也是对我这半年多来的实习一次技术总结。 大致需要了解的内容为: CI/CD的介绍 DevOps的介绍 IAST的介绍 在Jenkins流水线引入IAST CI/CD的介绍
admin-神风
警钟长鸣,勿忘国耻,吾辈自强
3 years 1 month ago
Web应用组件自动化发现的探索
3 years 1 month ago
另一种方式的指纹识别
DDoS Chart Toppers?BPS, PPS and RPS Greatest Hits
3 years 1 month ago
New to the scene, monster-sized botnet M?ris is raising some eyebrows with giant requests per second (rps) attacks as shared by Cloudflare (17.2M rps, reported August 19), Yandex (peaking at 21.8M rps on September 5), and KrebsOnSecurity (2M rps on September 9). Some commentary came in on Slashdot, The Record, and The Hacker News.
Tom Emmons
美团外买APP设备指纹风控分析一(初始化)
3 years 1 month ago
设备指纹技术是使用更多的信息来完成对终端设备的唯一性识别,在业务中可以有效辨别设备是真实用户还是机器在注册、登录,及时检测出单设备登入多帐号、防止批量注册、登录等操作行为。
Learn How Akamai Enables AI Powered Analytics Tools to Reduce Water Losses
3 years 1 month ago
The Accelerator Program, a flagship initiative of Akamai India?s Corporate Social Responsibility Trust, enables early-stage innovations for water conservation. Over the past two years, along with our mentoring partner, the International Center for Clean Water (ICCW; an initiative of the Indian Institute of Technology Madras), we onboarded two social innovators as Cohort 1 grantees: Ashoka Trust for Research in Ecology and the Environment and Foundation for Environmental Monitoring, and two social innovators as Cohort 2 grantees, SmartTerra and Jaljeevika.
Sushma Shashidhara
Kinsing evolves, adds Windows to attack list
3 years 1 month ago
The campaign was first seen by the Akamai SIRT on February 16, 2021, and appears to be targeting both Windows and Linux systems. The botnet caught our interest because it has shown to be highly active across a diverse set of geographical regions, including the Americas, Europe, and Asia.
Evyatar Saias
Capoae Malware Ramps Up: Uses Multiple Vulnerabilities and Tactics to Spread
3 years 1 month ago
Recently, there has been a plethora of UPX packed crypto-mining malware written in Golang targeting Linux systems and web applications popping up in the news. The malware?s primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they?ve been infected, these systems are then used to mine cryptocurrency. I?ve named the sample I examined for this post ?Capoae,? based on the code?s output to my terminal.
Larry Cashdollar
【公告】请移步 Red0 安全团队公众号
3 years 1 month ago
本公众号为个人安全技术分享号,已运营近4年时间,期间感谢大家的持续关注!近期,由于个人工作繁忙
VirusTotal APK 病毒检测统计 2021-08
3 years 1 month ago
VirusTotal (简称 VT), 是谷歌旗下一家免费提供可疑文件扫描服务的网站. VT 上有超过50家反病毒引擎提供实时扫描服务. 我们每天收集用户上传到 VT 的 APK 样本以及各家引擎的扫描结果, 并通过保守的策略筛选出数万的良性和恶意样本, 然后统计各家引擎的病毒检测结果.
每天, 我们会生成一个包含各家检测数据的 CSV 文件. 文件中会列出样本的 MD5 哈希值, 标签 (0 标示良性样本, 1 标示恶意样本), 以及各家的检测结果 (0 表示检测为良性样本, 1 表示检测为恶意样本). 每个月的 CSV 文件会被打包并上传到亚马逊 AWS S3. 有兴趣的读者可以下载检验各家杀毒引擎的检测结果.
以下为检测结果的下载链接:
https://virustotal-results.s3-us-west-1.amazonaws.com/VirusTotal_Results_20210801_20210831.zip
下面的表格列出了各家杀毒引擎的统计结果, 其中各列的含义如下:
- Vendor
Lifan Xu
VirusTotal APK Malware Detection Data 2021-08
3 years 1 month ago
At Trustlook, we monitor live feed from VirusTotal (VT). On a daily basis, we collect APK samples from VT along with detection results from Anti-Virus (AV) vendors hosted on VT. Using a conservative labeling policy, we are able to select thousands of benign and malicious APK samples from millions of
Lifan Xu
是谁掏空了 Nowswap?
3 years 1 month ago
去中心化交易所 Nowswap 遭到闪电贷攻击,攻击者掏空了 Nowswap 的流动资金池。
从Leetcode的回文子串中学习动态规划和中心扩散法 - admin-神风
3 years 1 month ago
动态规划和中心扩散法的学习 例题来自LeetCode的第五题--求最长的回文子串 题目:给你一个字符串s,找到s中最长的回文子串。 示例: 输入:s="babad" 输出:"bab" or "aba" 输入:s="cbbd" 输出:"bb" 常规解题 我之前的思路就是遍历字符串,然后反转字符串看看是
admin-神风
浅谈Layer2网络溯源
3 years 1 month ago
浅谈Layer2网络交易分析
u011721501
Confluence Server Webwork OGNL Injection (CVE-2021-26084): How Akamai Helps You Protect Against Zero-Day Attacks
3 years 1 month ago
Recently Atlassian has disclosed a critical RCE (Remote Code Execution) vulnerability in its Confluence server and Data Center products (CVE-2021-26084), which might allow unauthenticated users to execute arbitrary code on vulnerable servers.
Assaf Vilmovsky , Abdeslam Bella & Maxim Zavodchik
Akamai?s Flagship Customer Enablement Program, Akamai University, Wins Gold ?Excellence in Learning? Award
3 years 1 month ago
The Technical Enablement and Education team, part of Akamai?s Global Services organization, has won a coveted Brandon Hall Group Gold award for ?Best Customer Training Program,? for Akamai?s flagship customer training and enablement program, Akamai University.
Magdalena Frankiewicz
RASP关键技术与相关产品调研
3 years 1 month ago
RASP(Runtime application self-protection,运行时应用自我保护)是一种新型应用安全保护技术,能实时检测和阻断攻击,使应用程序具备自我保护能力
Apple Patches NSO Zero-Click Zero Day Vulnerability
3 years 1 month ago
Summary
Apple has issued a patch for a zero-click, zero-day vulnerability that can allow for the installation of a spyware program called Pegasus.
Overview
A vulnerability in Apple OS's has allowed for the execution and installation of the Pegasus spyware on phones of at least four Bahraini activists and possibly many more. A report from Citizen Lab details the vulnerability and inner workings of the Pegasus spyware. The vulnerability mainly targets users of iMessage by delivering a malicious link that doe