Aggregator

看到一篇笔风挺意思的文章让安全团队快速倒闭的十条建议，模仿也写了几条关于安全产品的忠告建议，行之是否有效，也请自行甄别尝试，过程所产生的一切风险责任由践行者承担~~1、不必重视安全产品运营，交由...

去年写的文章，没发出来，给公众号增加点内容，也留点笔记

从机制上对 Spring Cloud Gateway RCE进行了详细分析

0x01 写在前面本周二（3.1）的时候Spring官方发布了 Spring Cloud Gateway CVE 报告其中编号为 CVE-2022-22947 Spring Cloud Gate...

去年写的文章，没发出来，给公众号增加点内容，也留点笔记写在前面自2017年3月15日 fastjson 1.2.24版本被爆出反序列化漏洞以来，其就成为了安全人员中的重 点研究对象，即使后来 f...

简介CVE-2021-30632是V8引擎的类型混淆漏洞。攻击者可通过构造JIT code

喵呜，随便来记录一下Hgame Week2的一点点WriteUp。

一年一度杭电举办的Hgame又来了。第一周的时候做了不少题，这里来随便水一下WriteUp。

Xcheck的扩展规则介绍

0x00 前言 最近逛知识星球的时候发现 Spring Cloud GateWay 出现了一个 SPEL 漏洞 […]

子域名爆破,是发现多资产的一个很好的方法,在子域名爆破中,经常会遇到泛解析问题 什么是泛解析呢(参考百度百科)? 泛域名解析是：*.域名解析到同一IP。 域名解析是：子域名.域名解析到同一IP。 这为我们去做子域名爆破,带来了极大的不便,以前子域名爆破常用的是layer子域名挖掘机. 不过layer

Practical, relatively easy to perform actions that companies of different security postures can take immediately, based on the overall maturity of their existing security program. Because saying "just patch" isn't helpful.

恭喜他又老了一岁|･ω･｀)

See how Apple worked with Akamai to launch iCloud Private Relay. Learn about the service and how it can be best leveraged for Akamai customers.

2021, a year of creating a more diverse tech future with The Akamai Foundation.

Over the past week, Akamai Security Researchers have detected and analyzed a series of TCP reflection attacks, peaking at 11 Gbps at 1.5 Mpps, that were leveled against Akamai customers. The attack, amplified with a technique called TCP Middlebox Reflection, abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack.

Java RMI的各种攻击方式本质上是利用对象传输过程中反序列化实现的

Although Gitlab is not as popular as Github, it’s common to run across it these days. Especially after Microsoft acquired Github it seemed more individuals and organizations flocked over to Gitlab. In this post I want to document a couple of recon commands that are useful post-exploitation, and for blue teamers to watch out for. Let’s assume one has access to a Gitlab Token as a precursor. Let’s walk through some interesting commands and script snippets to leverage to find out more.

介绍 Elkeid-RASP 的 Golang hook 如何实现。