Aggregator

5月21号，在全球技术领导力峰会（GTLC）上，我做了一个关于数字化转型的分享。近期的工作主要投入在各个产业

 

0x00 关于本文BurpSuite被识别是怎么回事呢？BurpSuite相信大家都很熟悉，但是BurpSuite被识别是怎么回事呢，下面就让小编带大家一起了解吧。BurpSuite被识别，其实就是用源端口检测，大家可能会很惊讶BurpSuite怎么会被识别呢？但事实就是这样，小编也感到非常惊讶。这就是关于BurpSuite被识别的事情了，大家有什么想法呢，欢迎在评论区告诉小编一起讨论哦！
0x01 HTTP/1.1 持久连接关于HTTP的连接管理相关的知识可以在这里找到。在使用了HTTP/1.1的情况下（也就是我们见到的大部分情况），浏览器都会使用下图中第二种情况所说的“持久连接”，即在访问一个网站后不立即关闭连接，在下一次访问的时候直接用已打开的连接，减少握手次数，以降低流量消耗提升访问速度

0x02 Burp和持久连接目前来看，Burp仍然没有支持持久连接，当有用户在社区中询问时，Burp官方回复的是即使在Burp里面设置了不加Connection:close头，Burp依旧会关闭连接。
0x03 如何搞清楚连接是否被复用了从上面的叙述中，我们可以很容易地看出，通过检测连接是否被复用了就可以知道客户端是否启用了Burp代理。但是连接的复用似乎是个比较底层的问题，如何在不亲手实现一个HTTP服务器的时候简单地检测呢？其实回想下TCP的基础知识就发现很简单，相同的连接，源端口也是相同的，那么只需要查看客户端的源端口就可以知道了。
0x04 用Flask实现并测试代码放在 https://github.com/TomAPU/checkburp 了效果如下：


结果表明，通过源端口可以实现检测Burp
0x04 彩蛋在做实验的时候发现有些知名的代理软件在选取源端口的时候和浏览器的特征不一样，我会抽时间更多地研究下。

Recently, Microsoft announced the discovery of yet another attack being launched by the now infamous Nobelium group, which has been responsible for numerous successful attacks, including the widespread SolarWinds breach in 2020.

Leveraging the HackSysExtreme Vulnerable Driver to understand the Windows kernel pool, the impacts of kLFH, and bypassing kASLR from low integrity via out-of-bounds read vulnerabilities.

在美国多家关键机构接连遭勒索软件入侵后，美国司法部决定把这类黑客袭击与恐怖袭击并列为其优先调查事项。根据美国

2016年，我拿着双倍薪酬从阿里跳槽到朋友公司，又降薪7k进入360网络安全研究院，北漂4年以后再转base回到杭州。 这一路挺折腾的，写出来分享给大家。

复现需要一个用户，我这使用的是域管理员账号+SharePoint2016先要创建team site，在sp2

In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth...

The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blog.

Read more about how proper network segmentation can simplify PCI DSS compliance by effectively reducing the number of assets in scope.

frida-ios-dump基于frida提供的强大功能通过注入js实现内存dump然后通过python自动拷贝到电脑生成ipa文件。

Recently I was given approximately 55 VMDKs after a cyber incident to try and identify the root cause. Ideally, these systems would be online so that we could deploy our distributed threat hunting and forensic analysis tool of choice, Velociraptor however this wasn’t a possibility in this scenario. This means I had an interesting problem […]

We're excited to announce the availability of EdgeKV, a distributed key-value store database that enables EdgeWorkers to leverage data stored at the edge when deploying custom code across our serverless computing platform.

记录一下

帮好哥哥转发个招聘（非常好的团队哟😀，速度联系⬇）

A review of 2018-2020 cyberattacks at brokerages, investment funds, payment processors, and financial services organizations as well as API security incidents and open banking.

全球最大的肉类供应商JBS，于5月31日，JBS向外界表示，公司服务器遭到黑客有组织的攻击，受影响的系统包括

Summary JBS, the largest meat supplier in the United States, has published a media statement indicating they have fallen victim to a cyber security attack. Threat Type Breach Overview JBS, a major US meat supplier, published a media statement regarding a cyber security attack against their networks. The servers impacted were those that support their North American and Australian IT networks. In order to prevent the attack from continuing and spreading, JBS shut down affected systems, impacting operations an

短文