Aggregator

How a Jenkins dynamic routing vulnerability becomes an attacker’s infection vector for installing and executing a cryptominer.

Managing teams come with challenges as well as rewards. Managers drive individual and team performance, and the best managers drive employee connection and engagement. Akamai believes that employees are our biggest asset; by effectively and efficiently integrating them into the...

作者: 我是小三博客: http://www.cnblogs.com/2014asm/由于时间和水平有限，本文会存在诸多不足，希望得到您的及时反馈与指正，多谢! 工具环境: android 4.4.4、IDA Pro 7.0、jeb3、sklearn机器学习库目录 ：为什么是零感验证？验证码的发展史

用JEB打开，首先扫一眼AndroidManifest.xml的相关信息 从包名可以看出 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fvszbl92-1569599143824)(https://i.loli.net/2019/09/27/ybnJIaoRwrq3tsX.png)] 是一个androlua项目，稍微搜一下就可以知道是用Lua写android。所以...

At Akamai, our internships are both unique and meaningful. What do we mean by this? Well, we believe an internship should add real, significant value to an intern's skill-set. So, not only do they get to learn on the job...

To Begin With

上周末参加了 OGEEK 网络安全挑战赛决赛，最终在队友的 carry 下躺赢，拿到第三名的成绩。运气比较好，拿到了一

Learn what SQL injection is, how attackers use it to access sensitive data, and how to protect your organization from these attacks.

本以为研究生的生活可以摸鱼，没想到研讨课一下子分了个讲v8的课题，没办法，只有硬着头皮上了。 参考资料： V8 […]

2019年9月，是美国第一个内部人员威胁意识月，这是由美国国防部联合其它联邦机构发起的。活动具体联合承担主体

泛微 e-cology OA 远程代码执行漏洞复现，想一起学习的可以在公众号内寻找作者

August 2019 was slowest month on record F5 researchers have seen in new threat activity. But while active exploitation slowed, new reconnaissance campaigns grew.

距离你的复现成功只差这篇文章！

说是题目，其实就是飞秋0day 233 之前虽然听说过各种windows的pwn 软件停止更新已久，保护都没开，是比较古老的玩意儿了 于是很容易搜到各种POC 例如0x49D03F处的整形溢出 v54是输入进来的字符串，因此可以提供4294967295=0xffffffff=-1从而使memcpy发生缓冲区溢出的异常，然后通过覆盖SEH的方式进行利用 通过cyclic生成字符串填入，可以测出溢...

In this post, Guardicore Labs provides an in-depth analysis of the attack campaign, focusing on victim analysis and attack infrastructure.

Assessing the cyber security threat to UK Universities

Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made...

Known for redirection attacks, recent Trickbot banking trojan campaigns use server-side injection and target fewer victims.

CommonsCollection在java反序列化的源流中已经存在了4年多了，关于其中的分析也是层出不穷，本文旨在整合分析一下ysoserial中CommonsCollection反序列化漏洞的多种利用手段，从中探讨一下漏洞的思路。

介绍 MD5消息摘要算法（英语：MD5 Message-Digest Algorithm），一种被广泛使用的密码散列函数，可以产生出一个128位（16字节）的散列值（hash value），用于确保信息传输完整一致。[1] 有些人把MD5列为加密算法，这其实是不正确的，因为MD5计算本身就是不可逆的