Aggregator

1.俄乌事件：《亲俄黑客针对挪威多家大型组织发起DDoS攻击》；2.勒索软件：《RansomHouse勒索团伙声称拥有450Gb的AMD数据》；3.高级威胁：《Confucius APT组织近期新活动深入分析》

小贼看剑下次偷文章的时候麻烦先问下作者是否允许，我还以为作者投敌了呢！前言image.png这个洞是在国外A

不知是真是假；甚至不知是人是狗

来自四川大学、银河实验室、御风网络等多位安全专家和知名畅销书籍的作者分别从移动安全、IoT安全、Web安全、物理安全等方面，来分享他们的新攻防思路。安卓应用网络漏洞挖掘技巧四川大学·网络空间安全...

先进攻防社群

近日监测到Apache发布公告，修复了Apache Shiro框架中的一个认证绕过漏洞CVE-2022-32532当使用RegexRequestMatcher进行认证配置时，可以通过构造特殊请求绕过正则表达式检查，从而实现认证绕过。

环境搭建安装Oracle19c，安装的时候这里要选AL32UTF8image.png接下来会卡在42%，多等

近日Oracle通报了一个反序列化漏洞CVE-2022-21445，未经身份认证的远程攻击者可利用该漏洞实现反序列化操作导致任意代码执行。任何基于ADF Faces框架开发的程序都受到此漏洞的影响，包括Oracle的多个产品。

The Atlassian Confluence vulnerability is here to stay. See Akamai's research into the stats two weeks after the advisory was released.

Pluggable Authentication Modules (PAM) on Unix based systems are useful to change logon behavior and enforce authentication via various means. In “Red Team Strategies” the chapter “Protecting the Pentester” walks the reader through the configuration of a PAM module to get notified in real-time via a pop-up when someone logs on to the machine (e.g. system compromise). But there are also bad things that can be done with PAM (especially post-exploitation) and this is what this post is about.

近日监测到 Apache 发布安全的公告，修复了一个存在于 Apache Flume 中的代码执行漏洞CVE-2022-25167，攻击者可通过发送特制的 JNDI 查找，从而在目标系统上执行任意代码。

introduce

OS: Linux
Difficulty: Hard
Points: 40
Release: 05 Mar 2022
IP: 10.10.11.149

Spring Data MongoDB 是一个开源项目，它提供了与 MongoDB 文档数据库的集成。近日监控到 Spring Data MongoDB 爆出 SpEL 表达式注入漏洞 CVE-2022-22980

Read about our recent Terraform updates and managed database services, our latest Meet the Developer articles, and stream videos on edge computing.

在提笔写文章的时候，忽然发现6月已经过了大半了，时光总是匆匆的感觉。6月其实花了很多时间去研究一个叫做潮汐平台的东西.

Today, as the world celebrates International Women in Engineering Day, we recognize and honor women engineers at Verisign, whose own stories have helped shape dreams and encouraged young women and girls to take up engineering careers. Here are three of their stories: Shama Khakurel, Senior Software Engineer When Shama Khakurel was in high school, she […]

The post Celebrating Women Engineers Today and Every Day at Verisign appeared first on Verisign Blog.

Windows自启动技术-注册表 注册表自启动 Windows的Run和RunOnce注册表项可以让用户登陆系统时自动启动一些程序。 其中涉及到的注册表项如下： HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY

Bots can be used for good, but can also be nefarious. In this post, see Akamai's research on the Israeli Gamken bot copycat.

Explore how DDoS attacks are practically unrecognizable from those of the past few years thanks to constant innovation in the threat landscape