Aggregator

拿起你的IDA跟我一起bypass cobaltstrike beacon config scan吧

最近在做的一款配音产品，非常适合自媒体作者，读者朋友们，如果你有配音需求，可以考虑下魔音工坊。 网址：https://voice-maker.mobvoi.com/ 购买会员的话，找我有优惠。后台私信我，或者公众号里找一下我的联系方式。

等了几天，裁判终于审核了第一批报告，拿到了700分。办公室响起一片欢呼声，团队士气大振，大家再接再厉，最终在系统关闭前，共拿下数千分，还不包括已提交但在审的十余份报告。结束合影，所有人鼓掌相庆，不再是2019年那种过度疲惫后终于解脱的宁静。

最近AppSpider迎来了一个不小的更新，此次更新中比较重要的就是关于引擎本身支持X64处理器，这代表这扫描器本身的性能将会有更大的发挥空间

/** * 方法描述：判断某一Service是否正在运行 * * @param context 上下文 * @param serviceName Service的全路径： 包名 + service的类名 * @return true 表示正在运行，false 表示没有运行 */ public static boolean isServiceRunning(Context context, String serviceName) {.

PS：全文4000+字，把Twistlock掰开揉碎给大家讲讲，能完整看完的人可能不多，能耐心看完应该会有所收获

Exploring OAuth exchanges for financial-grade API security in banking and financial services applications and the threat of authorization code interception attacks

Note: This article originally appeared in Verisign’s Q3 2020 Domain Name Industry Brief. Verisign is deeply committed to protecting our critical internet infrastructure from potential cybersecurity threats, and to keeping up to date on the changing cyber landscape.  Over the years, cybercriminals have grown more sophisticated, adapting to changing business practices and diversifying their approaches […]

The post Cybersecurity Considerations in the Work-From-Home Era appeared first on Verisign Blog.

Everything you need to know about the 19 Academic Centres of Excellence in Cyber Security Research (ACE-CSR) in one place

本报告部分引自Week in OSINT栏目，每周推荐好玩实用的工具，站点，技巧，文章等，适用于任何领域的研究人员，分析测试人员。

宝爸宝妈的育儿IT知识画册赏析

BITTER又名蔓灵花、APT-C-08，疑似来自南亚地区，主要攻击目标为巴基斯坦和中国。本文对BITTER的历史样本进行一个概要分析，是总结，也是学习。

This is Part 1 of a 3-part blog series highlighting some of the distinguishing aspects of Akamai's DNS services, Edge DNS and Global Traffic Management.

OpenRASP介绍OpenRASP即应用运行时自我保护，绕过OpenRASP进行SQL注入。

0x01 简介

一款关于Shiro 1.2.4反序列化漏洞利用的回显工具。最新版本为v2.4。

What a journey it has been. I wrote quite a bit about machine learning from a red teaming/security testing perspective this year. It was brought to my attention to provide a conveninent “index page” with all Husky AI and related blog posts. Here it is. Machine Learning Basics and Building Husky AI Getting the hang of machine learning The machine learning pipeline and attacks Husky AI: Building a machine learning system MLOps - Operationalizing the machine learning model Threat Modeling and Strategies Threat modeling a machine learning system Grayhat Red Team Village Video: Building and breaking a machine learning system Assume Bias and Responsible AI Practical Attacks and Defenses Brute forcing images to find incorrect predictions Smart brute forcing Perturbations to misclassify existing images Adversarial Robustness Toolbox Basics Image Scaling Attacks Stealing a model file: Attacker gains read access to the model Backdooring models: Attacker modifies persisted model file Repudiation Threat and Auditing: Catching modifications and unauthorized access Attacker modifies Jupyter Notebook file to insert a backdoor CVE 2020-16977: VS Code Python Extension Remote Code Execution Using Generative Adversarial Networks (GANs) to create fake husky images Using Microsoft Counterfit to create adversarial examples Backdooring Pickle Files Backdooring Keras Model Files and How to Detect It Miscellaneous Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries Husky AI Github Repo Conclusion As you can see there are many machine learning specific attacks, but also a lot of “typical” red teaming techniques that put AI/ML systems at risk.

In this post we will explore Generative Adversarial Networks (GANs) to create fake husky images. The goal is, of course, to have “Husky AI” misclassify them as real huskies. If you want to learn more about Husky AI visit the Overview post. Generative Adversarial Networks One of the attacks I wanted to investigate for a while was the creation of fake images to trick Husky AI. The best approach seemed by using Generative Adversarial Networks (GANs).

如题，工作一年的生活小结。前三部分和第四部分可以视

如题，工作一年的生活小结。前三部分和第四部分可以视