Aggregator

A Vote of Confidence for Election Security

2 years 5 months ago

CISA has released its free Cybersecurity Toolkit to help election authorities prepare for possible threats. Read more to learn about its offerings.

Drew Reinders

CTF-Forge HackTheBox渗透测试（四）

红日安全

2 years 5 months ago

大家好，我是你们好朋友小峰。陆陆续续为大家推出 CTF-Horizontall HackTheBox 系列文章。

Cybersecurity Awareness Month 2022: Updating Software

NIST | Cybersecurity Insights

2 years 5 months ago

Cybersecurity Awareness Month is flying by, and today’s blog identifies different security vulnerabilities that can be exposed if you are unable to keep up with your software updates. We interviewed NIST’s Michael Ogata, a computer scientist in the Applied Cybersecurity Division, and he walked us through different strategies to minimize your cybersecurity risks. Michael also was able to provide cyber tips to improve online safety. This week’s Cybersecurity Awareness Month theme is updating software. How does your work/specialty area at NIST tie into this behavior? Today, mobile applications

Michael Ogata

DotNet安全-ViewState反序列化利用

7bits安全团队

2 years 5 months ago

ViewState 反序列化利用

Java安全之Spring Security绕过总结 - nice_0e3

nice0e3

2 years 5 months ago

Java安全之Spring Security绕过总结前言 bypass！bypass！bypass！ SpringSecurit使用使用 @Configuration @EnableWebSecurity //启用Web安全功能 public class AuthConfig { @Bean p

nice_0e3

Gartner：2022年SIEM（安全信息与事件管理）市场分析

专注安管平台

2 years 5 months ago

SIEM架构和功能的未来发展趋势是什么？

TTP Diaries: SSH Agent Hijacking

Embrace The Red

2 years 5 months ago

There are some neat TTPs that I don’t use frequently, and if the time arises, I need to dig up details again. So, I figured to write some of them down, starting with SSH Agent Hijacking. What is SSH Agent Hijacking? Short story, if you have keys added to an SSH Agent an adversary with root permissions can use them. If you forward the SSH Agent to another host, an adversary with root permission on that other host can exploit and leverage your keys as well.