psproc源码阅读 - 2
main中接下来的函数都比较重要,所以这里就分段来介绍了。arg_parse(argc,argv);/* check for invalid combination of arguments */ar...
Aggregator
A Log4j Retrospective Part 2: Data Exfiltration and Remote Code Execution Exploits
3 years 2 months ago
Akamai CTO Charlie Gero shows how the Log4j threat surface could extend to unpatchable embedded and IoT devices.
Charlie Gero
psproc源码阅读 - 1
3 years 2 months ago
好久没有写文章了(2021年一年都没写……),随便开点新坑,从简单的代码来读起。从psproc工程下的ps代码开始。display.c: /***** no comment */int main...
leonwxqian
Cypherpunks Write Code 1
3 years 2 months ago
在1990年代早期,一群数学家,不务正业者,黑客,和业余爱好者围绕着一个共同的信念走在一起,即,互联网要么会拆除人造的墙,要么会为一个奥威尔式的国家奠定基础。
这是Reason的Youtube频道2020年10月发布的关于密码朋克Cypherpunks的系列报道Cypherpunks Write Code。(https://www.youtube.com/watch?v=YWh6Yzr12iQ)
本公众号做了硬编码的中文字幕。
宋宝华:谈一谈Linux写时拷贝(COW)的安全漏洞(1)
3 years 2 months ago
COW技术,爆出了巨大的漏洞,让父子进程间可以向对方泄露写过的新数据,成为了Linux内核的惊天大瓜。
21cnbao
Crunchbase数据看网安行业2021
3 years 2 months ago
刚好周末看到几篇Crunchbase的年终投融资和并购数据分析,从中摘出部分内容,供大家参考。
山高人为峰,路远脚作尺
3 years 2 months ago
现实与理想之间,不变的是跋涉,暗淡与辉煌之间,不变的是开拓;没有比脚更长的路,没有比人更高的山。
Secure Your Kubernetes Clusters to Stop Ransomware
3 years 2 months ago
While containers offer speed and flexibility that have not been possible before in the data center, they are also exposed to security threats such as ransomware, cryptomining, and botnets.
Ravit Greitser & Yuval Goldberg
A Log4j Retrospective Part 1: Vulnerability Background
3 years 2 months ago
Learn about the widely used Java-based logging library Log4j and how its vulnerability and other capabilities presented a major opportunity to attackers.
Charlie Gero
Abuse and Fraud Prevention's Co-Created Future ? Predictions for 2022 and Beyond
3 years 2 months ago
Explore some of the Akamai Abuse and Fraud Prevention team?s predictions for the future of abuse and fraud protection in 2022 and beyond.
Christine Ferrusi Ross
Yar 源码阅读笔记:客户端的同步调用
3 years 2 months ago
前言 今天这篇文章,主要介绍 Yar 客户端是如何实现远程调用的,进一步了解各个模块在远程调用的过程中都做了些什么。 客户端介绍 Yar 客户端的远程调用分为同步调用和并
FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond
3 years 2 months ago
A deconstruction of FluBot 5.0’s new communication protocol and other capabilities FluBot uses to hide, making it difficult for researchers and security solutions to detect.
年轻人如何挖掘第一个RCE
3 years 2 months ago
0x00 引言这些年看到几个很有灵性的年轻人从一个啥也不懂的脚本小子一年时间就成长为业内漏洞挖掘机,一路交流
聊聊新类型ASPXCSharp
3 years 2 months ago
聊聊蚁剑新类型ASPXCsharp与ASP.NET下的内存马
Yar 源码阅读笔记:数据传输模块
3 years 2 months ago
前言 在前面几篇文章中,更多的是在研究 Yar 传输的内容,比如协议的格式是什么样的、如何对数据进行编码等等。 今天这篇文章,主要介绍 Yar 编码模块的结构体定义,以及
Log4j Zero-Day Vulnerability
3 years 2 months ago
Summary
IBM X-Force Incident Command is following a recent disclosure regarding a vulnerability in the in the Log4j Java library. A report by LunaSec details the vulnerability as well as mitigation strategies for the vulnerability.
Threat Type
Vulnerability
Overview
***UPDATE #9, January 5, 2021***
One of the largest cryptocurrency platforms in Vietnam (ONUS) has been hacked using the Log4Shell vulnerability. The payment software used by ONUS, Cyclos was compromised and escalated due to misconfigurations an
深信服 SSL VPN Nday - RCE
3 years 2 months ago
🔐 uid=0(root) gid=0(root) groups=0(root)
Sariel.D
深信服 SSL VPN Nday - Pre Auth 修改绑定手机
3 years 2 months ago
应厂商需求加🔐,待合适时间重新开放,请勿二次外泄
Sariel.D
深信服 SSL VPN Nday - Pre Auth 任意密码重置
3 years 2 months ago
应厂商需求加🔐,待合适时间重新开放,请勿二次外泄
Sariel.D
深信服 SSL VPN Nday - Pre Auth
3 years 2 months ago
🔐 内部分享
Sariel.D