Aggregator

每年网络安全行业都会有新的名词出现，中文一般都是4个字，每个名词听起来都很美，给人巨大的想象空间。 网络安全行业内还有些说法，“不能指望一个系统不出漏洞，也不能指望一个安全系统解决所有问题”

Monte Carlo simulations can be a useful tool to uplevel your red teaming skills and provide a different and fresh perspective for highlighting, discussing and presenting findings. Red teaming is about challenging an organization. This includes analyzing business processes and methodologies, including our own. Obviously, using Monte Carlo simulations in the security realm is not my idea. I first ran across the idea in Hubbard’s book about measuring cybersecurity risk. Since then I have been thinking and playing around with applying these methods to security program’s, especially red teaming and threat modeling.

[端午活动]挖洞三倍奖励请查收

How to move your workforce securely to remote access with zero trust networking.

Guardicore Labs has recently picked up Bondnet, a botnet of thousands of compromised servers of varying power. Managed and controlled remotely, the Bondnet is currently used to mine different cryptocurrencies and is ready to be weaponized immediately for other purposes such as mounting DDoS attacks as shown by the Mirai Botnet. Among the botnet?s victims are high profile global companies, universities, city councils and other public institutions.

2020年5月22日，CNVD 通报了 Apache Kylin 存在命令注入漏洞CVE-2020-1956，我们来分析下。

本篇主要介绍基于SOC机器学习检测框架的时间序列建模的一个场景：可疑外网IP周期连接检测。

零信任是由Forrester Research的分析师John Kindervag在2009开发，并在201

这次，也算是无可厚非了。

Longstanding security challenges such as input validation, data exposure, and rate limits are affecting modern gRPC-based applications.

Radon师傅：自助终端设备安全剖析

Solaris篇 总结

Solaris篇 C Shell日志配置

Solaris篇 Bourne-Again Shell日志配置

By: Larry Cashdollar Malware that can target Windows and Linux systems was recently installed on my honeypot. After some investigation, I determined it to be similar to the malware discovered in February of 2019 by Malwarebytes, and later examined by...

1-前言 代码克隆（Code clone），是指存在于

Linux篇日志配置总结

本文是《AI与安全》系列文章的第7篇。 如今，机器学