Aggregator

In part 2 of his Cloud Blog Trilogy, Andrew explains why it's better for everyone if cloud providers are willing to be open about how they run their services.

Highlighting guidance which will help you secure your servers

Guidance for enterprise administrators, small businesses and home users in relation to the recently published 'Krack' vulnerability in Wi-Fi networks protected by WPA2.

代码嵌套几百个 if(...)if(...)if(...)if(...)if(...) 会怎样？

如何打穿几千台的内网域渗透？当然是靠 WMI 横向移动了

1.更改请求方式 这是一种检查绕过验证码的简单方法，只需更改“请求的请求方法”并删除验证码参数 示例 POST — — -> GET (POST请求转GET) #更有效 POST — — -> PUT (POST请求转PUT) 2.删除参数或使用先前使用的验证码 3.修改JSON请求到正常请求 有时

翻译自英文文章：《Enriching Threat Intelligence Platforms Capabilities》。文章讲述一个丰富化的威胁情报平台的实现思路，以扩展当前 TIP 中的...

前言 Java技术栈漏洞目前业已是web安全领域的主流战场，随着IPS、RASP等防御系统的更新迭代，Java攻防交战阵地已经从磁盘升级到了内存里面。 在今年7月份上海银针安全沙龙上，我分享了《Java内存攻击技术漫谈》的议题，个人觉得PPT承载的信息比较离散，技术类的内容还是更适合用文章的形式来分

With DDoS, we typically observe a moderate degree of attacker persistence. DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out.

Summary Multiple sources, including T-Mobile, have reported on a data breach that occurred against the cellular communications company. The data breach affects more than 100 million of T-Mobile's customers. Threat Type Data Breach Overview First reported by Vice on Saturday, August 14, T-Mobile has suffered a data breach that purportedly affects more than 100 million of its customers. More than 106GB of data, including social security numbers, names, addresses, IMEI numbers, and driver license information a

0x01 背景前言我是个记性不太好的人，因此平日里会去写写弄弄把零碎的想法记录下来。之前内容排版上大多都是按照自己的习惯、语言上的常识，在看完阮一峰老师的中文技术文档写作风格指南 之后觉得挺有必...

前言Java技术栈漏洞目前业已是web安全领域的主流战场，随着IPS、RASP等防御系统的更新迭代，Java

百万级开源HIDS解决方案的策略建设思路

郑重声明：文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途以及盈利等目

《关键信息基础设施安全保护条例》已经2021年4月27日国务院第133次常务会议通过，现予公布，自2021年9月1日起施行。

企业防御之安全运营数据分析

Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).

With 35 medals at stake, the last full day of competition during the games in Tokyo generated the highest video streaming traffic for 30-plus customers on the Akamai Intelligent Edge Platform. Medal matches for baseball, basketball, and soccer, along with several track and field finals, drove related traffic to 10 Tbps on Saturday, August 7.

一、前言 在之前某次渗透测试中，发现一个ASP.NET的站点，通过数据库权限提权拿下系统之后发现站点的密码是经过几次编码和不可逆加密算法存储的。导致无法通过管理员的账号密码登录系统（因为当时是个比较重要的系统，因此需要账号密码来登录后台），因此最后的解决办法就是通过加密算法生成一个新的密码，再写入数

4.用户态睡眠以sleep为例来说明任务在用户态是如何睡眠的。首先我们通过strace工具来看下其调用的系统调用：$stracesleep1 ... close(3)...