Aggregator

”我还活着“系列

WEB 滴~ http://117.51.150.246/index.php?jpg=TmpZMlF6WXhOamN5UlRaQk56QTJOdz09 观察链接可发现jpg的值是文件名转hex再base64编码两次得到，由此得到任意文件读取漏洞 读取index.php http://117.51.1

More stories from CISOs who describe how they would “do it over” again in some of their early security program deployments.

Attackers are using IP addresses in the Netherlands, United States, and China to target systems in Europe over SIP, Microsoft SMB, and SSH.

CWPP产品市场的“前世今生”……

前言 挖src也将近两个月了,写篇博客总结一下. 首先挖洞成果 3中危 2低危, 收入~2k. 真实菜到扣脚,收入连泡面都吃不起.只挖了bilibili

RSAC2019已近余波消散，再回头看看会上的热点，并以此展开写创新，是个不错的选择。无论议题或大厂展台或初创博览，创新处处可见。如果参与者自己未曾留意或根本看不到，从而评论说缺乏创新，那未免大大委屈了此次业界盛会。

cheating 是 CTF 里的一道 PWN 题，主要攻击点就在于格式化字符串漏洞的利用。

In March, threat actors focused on targeting vulnerabilities released in the last few months. WordPress Easy SMTP Plugin Authentication Bypass vulnerability attacks had the most impact during that time frame.

如果在安装 ESXi 的时候提示找不到网卡，这篇笔记可能会有帮助。

在 Linux 上安装 AnyConnect 比想象中的还要复杂很多。

做了一天水了几道题发现自己比较菜，mfc最后也没怼出来，被自己菜哭 easycpp c++的stl算法，先读入一个数组，再产生一个斐波拉契数列数组 main::{lambda(int)#1}::operator() 是相加函数 使用transform调用lambda(int)#1让数组从第二位到最后

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Security Update Update Tuesday

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Security Update Update Tuesday

想起来前段时间搞了JEB3的泄露版，找了个安卓题来试试手 结果发现这题目也挺有意思的23333 提供的题目文件是一个二进制，十六进制查看器发现头部标着ANDROID BACKUP，显然就是个应用的备份文件了 查了一下可以通过abe.jar来解包，试了一下发现解出来的文件是乱码，毫无标志 于是找了一下文件解析，发现第三行为压缩标志位，源文件为0表示未压缩，于是将它改成1，再次解包，得到两个应用 看...

Analysis of public breach reports showed a relationship between business models and breach vectors, with injection and phishing the leading causes.

Jobs in the STEM and Tech fields are growing at "three times the pace of non-STEM jobs." The rise of technological advances means the tech industry is not slowing down anytime soon. In the next decade, there will be 1...

此篇教程将会介绍如何在 Debian 环境下进行基础 Trojan 安装与配置。

Re1-easyCpp IDA打开发现一大堆模板很丑，但仔细看一下其实只有一堆变量来回操作而已 基本上就是各种STL和vector的用法，算法名都保留下来了所以难度下降很多 基本流程是接收输入、生成斐波那契数列的十六项 然后对输入依次使用transform和accumulate算法 分别是遍历vector中的一元运算和二元运算 运算都是自定义的方法，双击算法进去可以看到lambda函数 tra...