Aggregator

190919 pwn-第五空间final_十生

5 years 1 month ago

说是题目，其实就是飞秋0day 233 之前虽然听说过各种windows的pwn 软件停止更新已久，保护都没开，是比较古老的玩意儿了于是很容易搜到各种POC 例如0x49D03F处的整形溢出 v54是输入进来的字符串，因此可以提供4294967295=0xffffffff=-1从而使memcpy发生缓冲区溢出的异常，然后通过覆盖SEH的方式进行利用通过cyclic生成字符串填入，可以测出溢...

whklhhhh

The Massive Propagation Of The Smominru Botnet

The Akamai Blog

5 years 1 month ago

In this post, Guardicore Labs provides an in-depth analysis of the attack campaign, focusing on victim analysis and attack infrastructure.

Ophir Harpaz

The cyber threat to Universities

NCSC Feed

5 years 1 month ago

Assessing the cyber security threat to UK Universities

New DDoS Vector Observed in the Wild: WSD Attacks Hitting 35/Gbps

The Akamai Blog

5 years 1 month ago

Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made...

Jonathan Respeto

Tricky Trickbot Runs Campaigns Without Redirection

F5 Labs

5 years 1 month ago

Known for redirection attacks, recent Trickbot banking trojan campaigns use server-side injection and target fewer victims.

玩转ysoserial-CommonsCollection的七种利用方式分析

Fintech安全之路

5 years 1 month ago

CommonsCollection在java反序列化的源流中已经存在了4年多了，关于其中的分析也是层出不穷，本文旨在整合分析一下ysoserial中CommonsCollection反序列化漏洞的多种利用手段，从中探讨一下漏洞的思路。

Hook Java API以获得MD5计算前数据 - luoyesiqiu

博客园_luoyesiqiu

5 years 1 month ago

介绍 MD5消息摘要算法（英语：MD5 Message-Digest Algorithm），一种被广泛使用的密码散列函数，可以产生出一个128位（16字节）的散列值（hash value），用于确保信息传输完整一致。[1] 有些人把MD5列为加密算法，这其实是不正确的，因为MD5计算本身就是不可逆的

luoyesiqiu