Java安全之Shiro权限绕过 - nice_0e3
Java安全之Shiro权限绕过 前言 简单总结一些Shiro的权限绕过。 Shiro权限绕过漏洞 CVE编号 漏洞说明 漏洞版本 CVE-2016-6802 Context Path 路径标准化导致绕过 shrio <1.3.2 CVE-2020-1957 Spring 与 Shiro 对于 "/
Aggregator
0xagent Patch for 4.5
2 years 8 months ago
4.5 发布已经有相当一段时间了,前不久刚拿到jar。听说暗桩的东西很多,看了一下对比之前的版本确实是这样的
浅析 Redlock 分布式锁实现原理
2 years 8 months ago
前言 不知不觉中,这篇文章在我的草稿箱已经躺了半年多了。 起初写这篇文章是准备做一次技术分享,后来因为一些原因将分享的主题换成了什么是惊群问题 ,这篇文章也
CTFd性能优化笔记-DNUICTF
2 years 8 months ago
这篇文章需要密码才能浏览的说 ~☆
白帽酱
In Search of Memory
2 years 8 months ago
人之所以是人,印证着康德的观点;而你之所以是你,则印证了洛克的观点
朱德是如何从旧军阀转变为共产主义战士的
2 years 8 months ago
探寻朱老总当时的心路历程
Capture The Ether Writeup
2 years 8 months ago
Swing
黑产江湖之Crypto大盗(上)
2 years 8 months ago
State-Sponsored的黑客团体/手握0Day操控者Botnet的匿名者/有能力挖操作系统网络服务智能合约漏洞的蝙蝠侠们,并未涉及。枭隼被击落、棕熊被射倒、巨鲸被捕获之后,以拷贝的形式在散布于暗网的各个角落。永不消失。一鲸落,万物生
黑产江湖之Crypto大盗(下)
2 years 8 months ago
这是一个紧张的10分钟。时间在流逝,在任何时候,那块平板电脑都会被停用,所以他们必须以最快的速度,在这段时间内切到尽可能多的号码。干得好的话,一个激活者一个晚上可以通过这样操作赚取超过10万美元
[初探ELK]ElasticSearch&Kiban安装及遇到的坑
2 years 8 months ago
[TOC]
# ElasticSearch安装部署
## 1.安装
通过官方网站:https://www.elastic.co/cn/downloads/past-releases/elasti...
Poacher
各个阶段 Exchange 的利用手法
2 years 8 months ago
各个阶段 Exchange 的利用手法,一份可以阅读的攻击路书。
黑产江湖之Crypto大盗(上)
2 years 8 months ago
State-Sponsored的黑客团体/手握0Day操控者Botnet的匿名者/有能力挖操作系统网络服务智能合约漏洞的蝙蝠侠们,并未涉及。枭隼被击落、棕熊被射倒、巨鲸被捕获之后,以拷贝的形式在散布于暗网的各个角落。永不消失。一鲸落,万物生
Password Safety & Security Best Practices: Passwords vs Passphrases
2 years 8 months ago
NIST and the UK's NCSC currently recommend not enforcing frequent password changes, and instead to use longer passphrases over shorter passwords. We take a look at the math to see what really makes sense, and arrive at some straightforward suggestions.
OpenSSL update assessment, and Node.js project plans
2 years 8 months ago
CCP scheme to be run by the UK Cyber Security Council
2 years 8 months ago
The NCSC hands over administration of the Certified Cyber Professional scheme, with details to be announced at CYBERUK 2022.
Phishing Is Still a Security Challenge
2 years 8 months ago
Phishing is not a new security problem. In fact, it?s been around since the earliest days of email when most users received numerous emails from African kings or other high-ranking officials who promised them great riches if they simply provided their bank account details. Things have changed a lot since then.
Jim Black
赛博回忆录2021年TOP 10文章榜单
2 years 8 months ago
之前说好的评选星球2021的TOP 10文章榜单,拖了几个月属实拖延症了,终于这个榜单在五一前尘埃落定了。经
Threat report on application stores
2 years 8 months ago
This report outlines the risks associated with the use of official and third party app stores.
An Attack Surface Workout for Web Application and API Attacks
2 years 8 months ago
WAF Attacks have been increasing dramatically over the last 9 months. These attacks cut across industries, geos and customers. Growth has largely been driven by Local File Inclusion (lfi) attacks, which took the lead from SQL Injection attacks in early 2021 before just taking off in the fall.
Tom Emmons
Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting
2 years 8 months ago
Less Victims of Ransomware are Paying, even as Cybercriminals Shift from
Big Game to Big Shame Hunting
Bill Siegel