Why vulnerabilities are like buses
How organisations can address the growing trend in which multiple vulnerabilities within a single product are exploited over a short period.
Aggregator
提权-Redis&Postgre&令牌窃取&进程注入
3 years ago
提权-Redis&Postgre&令牌窃取&进程注入
sakuraのfuzzing lab培训
3 years ago
sakura
Using CloudFront Relay Cobalt Strike Traffic
3 years ago
原文发在了我的公众号上,链接为:https://mp.weixin.qq.com/s/NdR6XBFvhSOBsLVVQmTXJg
TonghuaRoot
Static Program Analysis Intruction
3 years ago
原文发在了我的公众号上,链接为:https://mp.weixin.qq.com/s/jm2I-_L_NUBTYNhEUBv-iA
TonghuaRoot
Google 是如何落地静态代码分析的
3 years ago
原文发在了我的公众号上,链接为:https://mp.weixin.qq.com/s/9iJNZCQfHg0VbWSFRgwVJg
TonghuaRoot
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
3 years ago
Continuing with our research into CVE-2021-44228, Akamai has previously written about what the vulnerability is and given recommendations on how to go beyond patching for extra protection. Across the Akamai network, we see traffic from 1.3 billion unique devices daily, with record traffic of 182 Tbps. The threat research team has been investigating this traffic to gain deeper insights into how this vulnerability is being exploited. We want to share more technical findings and what they mean for threat hunters. Here are some implications for defenders and threat hunters to consider
Application Security Threat Research Team
Log4Shell: Rebooting (The Same Old) Security Principles In its Wake
3 years ago
It can be easy to give in to frustration and pessimism during catastrophic events. But there are signs that not all is lost, even in the world of software dependencies.
IcedID恶意文档钓鱼手法剖析 - zha0gongz1
3 years ago
未知攻焉知防,未知防焉知攻?
zha0gongz1
Holiday Phishing Trends For 2021
3 years ago
As Christmas quickly approaches, seasonal phishing trends once again show that attackers are taking advantage of increased online shopping. Fraudsters doubled their efforts in November attacking ecommerce giants such as Amazon. The real attacker focus, however, was cryptocurrency with fraudulent sites...
CTF | 2021 AsuriCTF / NUAACTF Misc 部分官方 WriteUp
3 years ago
上周末和Asuri战队的师傅们一起办了个AsuriCTF/NUAACTF,喵喵出了两道Misc题目,这里来写写题解和出题思路,顺便复盘一下比赛运维的故事,记录一下心得体会。
MiaoTony
Akamai Recommendations for Log4j Mitigation
3 years ago
Aparna Rayasam, SVP & GM Application Security, Akamai
冬奥网络安全卫士招募正式启动!
3 years ago
12月16日,北京冬奥组委技术部组织招募白帽黑客作为“冬奥网络安全卫士”参与北京冬奥会网络安全工作。
Livery Delivers a Seamless Low Latency Streaming Experience with Help from Akamai
3 years ago
Our new normal has ushered in the advent of hybrid events ? a mix of in-person and virtual events. This has made seamless live streaming with active participation of the audience, both live and remote, more important than ever. Amsterdam-headquartered company Livery is an end-to-end SaaS solution running on the Akamai content distribution network (CDN), which is perfectly suited for interactive sports, interactive learning, and live commerce productions. We?re delighted that they have chosen to work with us to deliver the experience their clients have come to love.
Ina Christova
Codeql 挖洞?
3 years ago
挖洞神器 codeql?
Log4j_RCE_Tool V1.0 保姆级使用教程
3 years ago
工具经过了三个版本的迭代,现在已经发布了V1.0正式版,该版本由之前版本的默认内置常见参数方式改为更科学的爬虫爬取参数,自动进行参数识别(识别登陆表单、搜索表单、以及其他常见表单等),提高了测试的准确率与覆盖率;
[译] 不,Web3 不是去中心化
3 years ago
加密货币社区对元宇宙和 Web3 的狂热仍在继续,大量投资人和开发者前仆后继加入其中。但是,Web3 真的能实现支持者们的种种愿景吗?亦或是另一个镜中月、水中花?也许让历史照进现实,能给我们答案。
Sukka
Magecart Skimmers Are Alive and Well ? Constant Vigilance Is Required
3 years ago
Magecart skimmers are here to stay, and they?re becoming more sophisticated, more creative, and harder to detect. In this post, we reveal a new skimmer infrastructure that targets ecommerce sites all over the world with advanced methods of detection evasion and obfuscation.
Roman Lvovsky
大咖话安全第十四期 | 林鹏:企业网络安全防御建设
3 years ago
随着科技的进步,网络的发展越来越完善,企业网络的规模也在日益扩大,一旦企业网络安全失去保障,轻则影响正常办公
Log4shell中被忽视的威胁:BurpSuite插件
3 years ago
log4shell可以说是这几天最火爆的漏洞,对于红队人员,算是过了个早年。