Aggregator
【双倍快乐2.0】迎新年,庆元旦|LYSRC双倍奖励活动即日开启
2 years 3 months ago
迎新年,庆元旦|LYSRC双倍奖励活动即日开启
COM安全 新型土豆提权 第一部分
2 years 3 months ago
自Window10 1803/Server2016及以上打了微软的补丁后,基于OXID 反射NTLM提权已经失效,代表作如JuicyPotato、SweetPotato,本文将从COM开发与调用开始,寻找替代OXID 反射NTLM提权的方法
COM安全 新型土豆提权 第一部分
2 years 3 months ago
自Window10 1803/Server2016及以上打了微软的补丁后,基于OXID 反射NTLM提权已经失效,代表作如JuicyPotato、SweetPotato,本文将从COM开发与调用开始,寻找替代OXID 反射NTLM提权的方法
Is Stopping a Ransomware Attack More Important Than Preventing One?
2 years 3 months ago
Microsegmentation can stop a ransomware attack from moving laterally across your organization and prevent malicious behavior.
Dan Petrillo & Jim Black
快讯:使用21个漏洞传播的DDoS家族WSzero已经发展到第4个版本
2 years 3 months ago
概述
近期,我们的BotMon系统连续捕获到一个由Go编写的DDoS类型的僵尸网络家族,它用于DDoS攻击,使用了包括SSH/Telnet弱口
Hui Wang
McAfee 2023 Threat Predictions: Evolution and Exploitation
2 years 3 months ago
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for...
The post McAfee 2023 Threat Predictions: Evolution and Exploitation appeared first on McAfee Blog.
McAfee Labs
Elevate Streaming Media with EdgeWorkers and Macrometa Stream Workers
2 years 3 months ago
Elevate players? gaming experiences with Akamai EdgeWorkers and Macrometa Stream Workers.
Durga Gokina
令人惊艳的ChatGPT
2 years 3 months ago
ChatGPT,或许是一个新的里程碑
东软NetEye网络安全互联互通实践
2 years 3 months ago
东软NetEye互联互通技术框架, 在一套平台与架构中能实现集成所有的安全能力,以在分散的IT世界中实现安全、集中的安全监控和操作,用于提升一致的整体安全态势能力,从而提高了安全保护、检测和响应的有效性和效率。
令人惊艳的ChatGPT
2 years 3 months ago
ChatGPT,或许是一个新的里程碑
Not Every Cloud Is Meant for Every Workload
2 years 3 months ago
Understanding which cloud platforms are the best fit for which workloads can maximize your return on investment and your customers? output.
Pavel Despot
5 Cybersecurity Predictions for 2023
2 years 3 months ago
F5 Labs and experts across F5 share their experience from the past twelve months to predict what might be the biggest causes for concern in 2023.
CIS关于网络安全的18条安全控制措施
2 years 3 months ago
CIS是互联网安全中心的缩写,该组织从安全领域专家的视角,针对企业网络不同层面的安全问题,提出了相应的安全保护措施和操作规范,供不同规模的企业参考实施。
WebUI:The easiest attack surface in Chromes
2 years 4 months ago
“WebUI “是一个术语,用于宽泛地描述用网络技术(即HTML、CSS、JavaScript)实现的Chrome浏览器的部分UI。
Chromium中的WebUI的例子。
- Settings (chrome://settings)
sakura
ChatGPT: Imagine you are a database server
2 years 4 months ago
After reading this post about ChatGPT imitating Linux, I wanted it to be a database server.
Let’s try it out!
Imagine you are a Microsoft SQL Server. I type commands, and you reply with the result, and no other information or descriptions. Just the result. Start with exec xp_cmdshell ‘whoami’;
Wow, this looks like a promising start.
And, it “thinks” that it is running as LOCAL SYSTEM - quite funny actually.
TextFormattingRunProperties 利用链 - nice_0e3
2 years 4 months ago
分析 反序列化时会自动调用与GetObjectData函数同样参数的构造函数。所以会走到这里。 TextFormattingRunProperties实现ISerializable接口,在其序列化的构造函数中,进行this.GetObjectFromSerializationInfo("Foregr
nice_0e3
sql注入随笔 - 飘渺红尘✨
2 years 4 months ago
最近挖了一些漏洞,还挺有意思的。这边分享两个需要细节一点才能挖到的sql注入,希望给大家带来一些漏洞挖掘思路。 黑盒是很有意思的,有趣的。 1.搜索功能的隐藏sql注入,post data数据内容如下: {"product":"","offer":"DIV","variant":"*","searc
飘渺红尘✨
Elkeid 社区版 v1.9.1 正式发布
2 years 4 months ago
Elkeid 社区版 v1.9.1 发布
Elkeid 社区版 v1.9.1 正式发布
2 years 4 months ago
Elkeid 社区版 v1.9.1 发布