Aggregator

Once you've migrated to the cloud, you need to prioritize your cloud cybersecurity. These three resources from CIS can help.

This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’ blog post, we highlighted that the sleep mask is a common target for in-memory YARA signatures. In that post we recommended using the evasive sleep mask option to scramble the [...]

Read More... from Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM

The post Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM appeared first on Cobalt Strike.

roadmap

之前在 iosre看到一张比较系统的iOS逆向学习路线图，因为接触过一段时间macOS上服务的漏洞挖掘，所以对*OS安全还是挺有兴趣的，也一直想系统性地学习下iOS逆向，之前的一直不成体系，也很零碎，正好对着这个图重构下知识体系。

It’s been four years since the release of The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. Since then, many organizations have found it highly valuable for building or improving their privacy programs. We’ve also been able to add a variety of resources to support its implementation. We’re proud of how much has been accomplished in just a few short years, but we’re not resting on our laurels. As another, more famous, Dylan once said, “the times they are a-changin’.” For example, the past year has seen the release of the NIST AI Risk

工业互联网是传统制造业数字化转型的必然选择，工控设备数据安全在工业数据安全中具有关键地位。本文旨在探讨数据安全体系建设中，围绕工控设备数据构建的防御机制和薄弱点。通过具体案例揭示工业数据安全问题的实际影响。

CounterCraft's co-founder, Dan Brett, explains how they turn the tables so that social engineering can be used to protect organisations from attackers.

无法提供摘要。这是一篇受保护的文章。

信创联盟会议网络安全分享交流的笔记，主题是大模型在安全领域的应用探讨。

One of the most unexpected trends of recent years is the way ransomware has turned high-impact cybercrime incidents into a public spectacle. For ransomware criminals, the more public the better. Extra publicity equals more embarrassment for the victim, which even if it doesn’t result in a ransom being paid serves as a warning to future […]

The post Is the Relationship Between Journalists and Ransomware Gangs Healthy? appeared first on Ransomware.org.

Akamai mPulse combines with Akamai EdgeWorkers to visualize any client request and uses its http-request module to let users send their own requests.

We add 6 CVEs to our list and do a brief roundup of some stats from 2023.

This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or the CDEI blog . Our first post in the series introduced the concept of federated learning—an approach for training AI models on distributed data by sharing model updates instead of training data. At first glance, federated learning seems to be a perfect fit for privacy since it completely avoids sharing data

让我们跟随团队成员梅苑师傅的脚步，深入学习 ChatGPT 中的高级 API 攻击以及AI供应链漏洞，踏足AI安全的领域，朝着新方向进发！

网安行业的竞争越来越激烈，作为销售经理，您是否经常面临这样的困境？

Our 2024 guide on web application penetration testing is perfect for beginners. Learn to identify vulnerabilities, exploit weaknesses, and report findings ethically.

从零开始自定义安卓系统(2) 编译redroid 添加redroid补丁 redroid添加了自己的补丁 1 2 3 # apply redroid patches git clone https://github.com/remote-android/redroid-patches.git ~/redroid-patches ~/redroid-patches/apply-patch.sh . 具体补丁内容可以