Aggregator

前几天AK了个腾讯的T-Star高校挑战赛，题目比较偏向Misc和Web，这里记录一下解题过程。

It?s all too common that IT security tools and practices come at the cost of productivity. Even physical security has this trade-off. There would be no rush to arrive at the airport an hour early if it weren?t for the extensive security measures that flying entails. As a result of this trade-off, our concern often isn?t if we can increase security in our networks ? rather, it?s if the increased security is worth the impact on the business.

Summary A critical flaw in Atlassian's Jira software that could be used to bypass authentication has been identified. Atlassian has issued an advisory detailing the versions vulnerable to the exploit. Threat Type Vulnerability Overview Be advised that X-Force Incident Command is tracking the disclosure of an authentication bypass vulnerability in Jira's web authentication framework, Seraph. Tracked as CVE-2022-0540 , the vulnerability scores a 9.9 CVSS score. A specially crafted HTTP request sent to vulnera

WSO2 proxy SSRF漏洞 WSO2-2019-0598

前言 CVE-2022-22947是Spring Cloud Gateway的一个SpEL命令注入漏洞，前一阵 …

继续阅读“CVE-2022-22947 注入哥斯拉内存马”

生擒0Day，活捉Botbet

前言

师兄们曾在牛客上总结了自己的秋招，在反复阅读的过程中深受鼓舞，所以在我的秋招基本告一段落之后也是选择记录下来，为社区贡献一点微薄之力。

We have big news this month. You may have already heard that we acquired Linode, creating the world?s most distributed compute platform. In addition, we have release announcements and new developer content to share with you!

A technical analysis of a new variant of the SparrowDoor malware.

WSO2 fileupload 任意文件上传漏洞 CVE-2022-29464

Elkeid 静态检测插件 scanner_clamav 介绍

深圳/上海，运维服务经理、中级数据运营专员、中高级应用运维工程师、桌面运维等

结合Spring Cloud Gateway 漏洞实现了一下Netty内存马

想起星战中的尤达大师

深圳，数据安全、安全运营

X-Force Executive Update Serial: 2022-IRIS-13309  | Date: 2022-04-22 | TLP: GREEN ICS Cyber Threat Landscape Expands with Discovery of Incontroller Summary Incontroller, a malware framework designed to enable a range of actions against industrial control systems (ICS) devices and networks, expands the ICS-specific cyber threat landscape. This framework was discovered before known use in operational networks, a unique development in the history of the relatively small number of ICS-specific malware families,