Aggregator

Questions to ask your suppliers that will help you gain confidence in their cyber security.

快快抓住2020年的小尾巴，来VIPKID SRC挖洞叭

Zabbix Server的trapper命令处理，存在命令注入漏洞，可导致远程代码执行。

The presence of public "over the top" DNS resolution alternatives is a strong motivator for ISPs to invest in making their DNS resolution infrastructure the best that it can be. Resolvers are the glue that binds subscribers to their fixed and mobile broadband services. Operators of public DNS services will play a significant role in controlling the user experience and gain goodwill if they succeed in persuading subscribers to use their resolvers. Worse, when public DNS services fail, it's probable that subscribers will blame their service provider because they may not understand the critical role DNS plays, or may not even remember they switched their DNS settings!

Cyberattacks in Q3 2020 targeted WordPress and other content management systems, IoT devices, and the State of Israel.

快看！这个号还活着！

珠玉在侧，如珠在渊

框架只是帮助你搭建一套逻辑，但用在哪儿，怎么用，还要结合各公司实际情况。

Unfortunately, today's sophisticated web application threats have gained some advantages over typical WAFs: Favorable odds -- WAFs must correctly identify attacks 100% of the time, whereas attackers have the luxury of only needing to find a single bypass or evasion Temporary fixes -- Many WAFs use a "whack-a-mole" response tactic by only denying the individual attack request, allowing the attacker to make repeated attempts Persistence -- If left unimpeded, attackers may eventually find some type of payload obfuscation that minimizes detection effectiveness The confluence of these advantages should concern WAF customers. Let's take a closer look at the typical web attacker methodology to see why.

我就是想吐槽下国内的SolarWinds事件分析。其实对于供应链类的安全攻击，并不是说被攻击者完全束手无策，这个事件正好可以让我们学习下一流攻击者的手法，然后落地成我们自己的检测逻辑

这篇文字来自 heige 投稿，我好像很久都没打理本懒号了，突然感觉也挺对得起本懒号的名字...

本报告部分引自Week in OSINT栏目，每周推荐好玩实用的工具，站点，技巧，文章等，适用于任何领域的研究人员，分析测试人员。

教你如何在CTF大赛中快速的解出安卓破解类题目

在以往的攻防对抗中，我们关注的更多的是主机，但当我们把目光投向数据，以数据为核心防护资产时，我们该如何对数据安全建立纵深防御机制呢？

这几个月来，发生了很多事情，也就耽误了些思考和总结的时间。现在，收拾收拾重新出发。

“我与我周旋久，宁作我” - 《世说新语·品藻》

FART脱壳机理论上来讲能脱大多数壳，但是仍有例外，需要自行摸索

本文分享了VIPKID安全团队在内网穿透反向代理软件frp的部分安全实践，希望可以抛砖引玉，欢迎各位安全小伙伴一起讨论学习。

The presence of public "over-the-top" DNS resolution alternatives is a strong motivator for internet service providers (ISPs) to invest in making their DNS resolution infrastructure the best that it can be. Resolvers are the glue that binds subscribers to their fixed and mobile broadband services.

2020 has shown both record-busting bps and pps attacks and the most prolific DDoS extortion campaign recorded by Akamai.