Aggregator

With Ukraine moving beyond the brink of war with an official invasion by Russia underway, organizations both near and afar must brace for potential repercussions in the form of crippling cyberattacks and intrusions. Already Ukraine has been bombarded with DDoS assaults aimed at taking down government sites, communication providers, and financial institutions.

A lot has happened since we published our January recap blog. Akamai launched a new documentation site on readme.io, we started a new season of Terraform Tapas, and we saw many amazing contributions from our Developer Champions.

Clash RCE

俄乌战争不仅在线下影响着世界，在网络层面带来的损失很可能不亚于实际的空袭与炮击。

CVE-2022-21724 PostgreSQL JDBC Driver RCE 分析

Akamai?s security and network teams use our vast view of internet activity to closely monitor and act upon potential cyber threats, and we are taking appropriate measures to review our defensive posture and ensure the integrity of Akamai systems and the Akamai network.

Two new pieces of NCSC guidance replace Good Practice Guides 43 and 53.

The Technical Enablement and Education team, part of Akamai?s Global Services organization, has won a coveted Brandon Hall Group silver medal for ?Excellence in Technology,? for their automatic hands-on Lab Validation System (LVS). The automatic LVS is used throughout Global Service training courses, as well as in Channel Partner product certification, to provide real-time evaluations quickly and accurately for hands-on lab training associated with learning how to implement Akamai products.

Guidance to help the construction industry improve the security and resilience of their business against cyber threats.

Zabbix的sso凭证绕过捅漂亮国菊花

Examining recent changes to a highly-abused static structure, KUSER_SHARED_DATA, and its exploitation impact.

The year 2021 was definitely challenging for security practitioners. The number of data breaches continued to rise; a report issued by the Identity Theft Resource Center stated that the total number of breaches in the first three quarters of 2021 exceeded the total number of events in all of 2020 by 17%.

不要去考验人性，尤其在这个以匿名、自由运动为起源的行业，一个充满巨大利益诱惑的行业，一个追到了也可能拿“作恶者”没办法的行业。

亮点是对开源生态中从漏洞发现到下游软件漏洞修复整个生命周期中多个时间差测量。

上一篇推文我们主要学习了一些IDA使用小技巧，这次我们来学习IDA脚本编写。本文内容全部来自《IDAPython 初学者指南》，手动翻译成了ida7.5+python3。

这篇文章我们学习了反汇编导航中跳转的快捷键、栈帧、调用约定、局部变量的访问、怎样进入栈视图。还学习了反汇编的一些操作，大家可以自己总结成cheat sheet。接下来数据类型和数据结构部分，怎样建立和导入结构体，bindiff的使用。。。

Our longest-standing Developer Advocate, Mike Elissen, noticed an opportunity to make Akamai?s developer relations even stronger. He co-created Developer Champions, an advocacy program that helps Akamai employees better meet customer needs.

RTASS是一套针对红蓝双方对抗式网络实战攻防演练中：攻击方、防守方、业务方以及企业风险进行评分的框架。RTASS适用于网络红蓝对抗演练、网络实战攻防演习、红队评估、蓝军评估等通过模拟黑客APT手段对企业开展实网攻击的安全评估场景。