Aggregator
树莓派安装CentOS
6 years 4 months ago
之前在办公室放了块A+型的树莓派跑一些推送、隧道之类的零碎小任务,本来一直都比较稳定,但自从前几个月多加了一个定点爬虫之后就明显性能不足了。恰好这几天收拾老房子的时候找到一块2代的B型版,这简直...
Holmesian
PHP反序列化漏洞新攻击面(BlackHat 2018) - magic_zero
6 years 4 months ago
0x00 前言 入职以来好久没有写过文章了,入职的时间里也和师傅们学到了很多,认识了很多的新朋友。最近因为BlackHat 黑客大会的一个议题,PHP反序列化漏洞利用被挖掘出新的攻击面。这里本着记录学习的目的,有了这篇文章。 0x01 Phar 反序列化 你看到本文,我默认认为你已经对PHP反序列化
magic_zero
How to Hack Back Using Deception—Part 2
6 years 4 months ago
If you’re game to go beyond just delaying and diverting, try some of these creative deception techniques to successfully hack back at attackers.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
6 years 4 months ago
Mike Convertino writes for Dark Reading, discussing how Russia has taken advantage of weak social media regulation to weaponize FUD.
Giving Back through Danny Lewin Community Care Days
6 years 4 months ago
Akamai was fortunate to have Danny Lewin as a co-founder and role model for our business, our culture, and our sense of adventure and accomplishment. It was Danny who helped to instill the Big Idea that we would change the...
Akamai
移动广告作弊技术研究 - bamb00
6 years 4 months ago
APP安装类的广告作弊手段分为三类: 下图中红色表示作弊,灰色表示真实的。 点击作弊 在真实用户的设备上进行模拟点击时,即使真实广告没有显示或者被点击,也会让广告主相信广告已经被点击。这是一种高回报的欺骗方式,因为它只需要一个虚假的点击操作就可以获得广告收入。如下图,某安全产品就采用了模拟点击的方式
bamb00
CHEW on This: How Our Digital Lives Create Real World Risks
6 years 4 months ago
F5 Labs' Preston Hogue writes for SecurityWeek, discussing the CHEW framework for assessing the motives behind attacks.
Android如果有一个任意写入的漏洞,如何将写权限转成执行权限 - bamb00
6 years 4 months ago
这个题目我以为是考的怎么进行提权,结果原来是这样的: 1. DexClassLoader 动态载入应用可写入的 dex 可执行文件 2. java.lang.Runtime.exec 方法执行应用可写入的 elf 文件 3. System.load 和 System.loadLibrary 动态载入
bamb00
How to Hack Back Using Deception—Part 1
6 years 4 months ago
Our systems are under constant attack, so why not try some deception to hack back at attackers? Delaying and diverting are effective methods—and easier to pull off than you might think.
下一座圣杯 - 2018
6 years 4 months ago
每年的下一座圣杯观点文章,介绍笔者认为两年后将初步见证成功的产品方向。
Google CTF Beginner Part2
6 years 4 months ago
hurricane618
CSP绕过总结
6 years 4 months ago
hurricane618
phpmyadmin4.8.1 后台LFI
6 years 4 months ago
hurricane618
August 2018 Security Update Release
6 years 4 months ago
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
MSRC team
August 2018 Security Update Release
6 years 4 months ago
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
MSRC team
关于逆向的一点碎碎念
6 years 4 months ago
考研的知识真无聊 算是无聊时候想水一篇吧。 我记得很清楚,在大一暑假的时候,我看了小甲鱼的od教程,从此踏上了 […]
pzhxbz
August 2018 Security Releases
6 years 4 months ago
qemu/kvm dirty pages tracking in migration
6 years 4 months ago
Terenceli
在 Laravel 登录/注册中使用 mews/captcha 扩展包
6 years 4 months ago
前言 在网站中,为了防止恶意通过数据字典撞库攻击、注册机批量注册账号,会使用一些防范措施,比如图片验证码、手机验证码、手势验证码、Geetest。今天就