Aggregator

供应链攻击

谈谈扩展 Kubernetes 的几种策略，CNI、CSI、CRI、设备插件、调度框架和准入控制等

本题的核心考点是利用 HPACK 在同一个 connection 的不同的 stream 中使用相同的 Indexing Tables 这一特性导致的 Header 字段重用。

首发于 https://xz.aliyun.com/t/9276 概述 Fortify是一款商业级的源码扫描工具，其工作原理和codeql类似，甚至一些规则编写的语法都很相似，其工作示意图如下： 首先Fortify对源码进行分析（需要编译），然后提取出相关信息保存到某个位置，然后加载规则进行扫描，扫

文章首发于 https://xz.aliyun.com/t/9277 概述 和 codeql，Fortify 相比 Joern不需要编译源码即可进行扫描，适用场景和环境搭建方面更加简单。 环境搭建 首先安装 jdk ，然后从github下载压缩包解压即可 https://github.com/Shi

首发于 https://xz.aliyun.com/t/9275 概述 codeql 是一个静态源码扫描工具，支持 c, python, java 等语言，用户可以使用 ql 语言编写自定义规则识别软件中的漏洞，也可以使用ql自带的规则进行扫描。 环境搭建 codeql的工作方式是首先使用codeq

随机UA, JSP升级,返回包加密

Summary Palo Alto's Unit 42 revisits the phishing trends they observed over the past year, gaining deeper insight into the various COVID-related topics that attackers might try to exploit. Attackers continued to change their tactics to adapt to the latest pandemic trends. Threat Type Phishing Overview Palo Alto's Unit 42 revisits the phishing trends they observed over the past year, gaining deeper insight into the various COVID-related topics that attackers might try to exploit.Attackers continued to change

Summary Four new vulnerabilities for SolarWinds' Orion platform have been disclosed. One vulnerability is rated as Critical, two are rated as High, and one is rated as medium. Threat Type Vulnerability Overview SolarWinds released details on four new disclosed vulnerabilities. The first vulnerability, rated as critical, if successfully exploited could allow for remote code execution. This vulnerability requires an authenticated user in order to exploit this vulnerability. The second and third vulnerabilitie

Summary The Mozilla Foundation has issued three High-rated security advisories that address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Threat Type Vulnerability Overview The Mozilla Foundation has released Firefox 87, Firefox ESR 78.9, and Thunderbird 78.9 to cover multiple vulnerabilities. All three advisories have been rated as High. The potential impact from successful exploitation of the most serious vulnerability is the remote execution of arbitrary code. For further details, pl

Java Agent 从入门到内存马（上）

微软Exchange漏洞攻击者行为分析

At Akamai, the Enterprise Security Red Team (ESRT) continuously strives to evaluate the security of both our external and internal services.

Summary Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium. Threat Type Vulnerability Overview Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements o

Summary Microsoft has finally fixed a vulnerability initially disclosed by a Tenable researcher back in January 2021. Threat Type Vulnerability Overview A component of Microsoft's Sysinternals utility was found in January 2021 to be vulnerable to privilege escalation. According to the release notes from Microsoft: "This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necess

Summary In mid-February, several vulnerabilities were attacked, according to researchers with Unit 42 of Palo Alto Networks. As of this writing, the attacks are ongoing. Unit 42 provides information about these attacks and the malware discovered during analysis. Threat Type Malware Overview Threat actors have been busy with exploits against several vulnerabilities, some of which are rated as critical. Among the vulnerabilities being exploited are VisualDoor, CVE-2020-25506, CVE-2021-27561, CVE-2021-27562, C

Summary PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products. Threat Type Vulnerability Overview PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products. This content update is compatible with IBM QRadar Network Security Firmware v

众所周知，C 语言中使用字符数组来表示字符串，并在字符串末尾使用空字符 \0 标识字符串结束。 如果字符串中包含 \0 或者二进制数据，就会导致 strlen 函数获取的长度跟字符

本篇我们继续分享一些关于华为智联旗下小豚AI摄像头的研究内容

Summary A variety of threat actors have been exploiting the ProxyLogon vulnerability in order to carry out malicious activities. Sophos identified the operators of the Black KingDom ransomware also taking advantage of this exploit in a recent campaign. Threat Type Ransomware Overview Sophos published a blog post analyzing Black KingDom's use of the ProxyLogon exploit to distribute its ransomware payloads. After exploiting ProxyLogon ( CVE-2021-27065 ) on vulnerable on-premise versions of Microsoft Exchange