Aggregator

平时只在书上看到，现在遇到了。

The phishing landscape is constantly evolving. Over the years, it has evolved into a more scalable threat, with an overwhelming amount of campaigns being launched daily. Phishing also changed when criminals started adding more capabilities and features to their toolkits, which make the phishing websites long lived and difficult to detect.

This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see related posts. Overview: How Husky AI was built, threat modeled and operationalized Attacks: Some of the attacks I want to investigate, learn about, and try out A few weeks ago while preparing demos for my GrayHat 2020 - Red Team Village presentation I ran across “Image Scaling Attacks” in Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning by Erwin Quiring, et al.

These skillsets can help you jump the cybersecurity skills gap by training security experts from the ground up.

端层【数据防泄漏】的规划、设计和落地解决方案！

本报告部分引自Week in OSINT栏目，每周推荐好玩实用的工具，站点，技巧，文章等，适用于任何领域的研究人员，分析测试人员。

This week, some of the brightest subject matter experts from across the U.S. and beyond gathered virtually to talk about women in cybersecurity, recognizing that the internet is filled with both opportunities and risks, and that it’s up to all of us to defend, protect and secure critical internet infrastructure. Called Uniting Women in Cyber […]

The post Harnessing the Momentum of Women in Cybersecurity appeared first on Verisign Blog.

IoT has tremendous possibilities to transform our world but will fall short of expectations if the underlying infrastructure cannot support the rapid exchange of massive amounts of information from billions of simultaneous and intermittent connections. Akamai Edge Cloud is designed to enable the potential of IoT by utilizing the deep knowledge we've gained operating one of the world's largest edge networks.

安全运营是应用安全管控体系建设的能力支撑，而安全运营平台则是为安全运营做好工具支撑，提供更高效、更便捷的运营方式和途径。

Akamai Technical Academy is a training program designed for people who have an interest and aptitude for technology but may not come from a traditional technical background. Up until now, we have successfully onboarded over 140 incredible people in three Akamai locations: Cambridge (MA, US), San Jose (Costa Rica) and Krakow (Poland).

2020年10月27日星期二

Malicious actors never rest and have always worked remotely. That simple realization hit home during recent global events. Specifically, Akamai saw an increase in malware traffic of over 400% between March 9 and May 11, 2020 from corporate devices, most of which were being used outside of a traditional office environment.

A few years back the Blue Team of a company asked to be targeted in a Red Team Operation. That was a really fun, because Rules of Engagement commonly prevent targeting Blue Teams. Blue’s infrastructure, systems and team members are often out of scope, unfortunately. Blue team infrastructure is a gold mine for credentials, recon but also for remote code execution! Often companies do not have adequate protection, procedures (MFA, multi-person attestation), monitoring and auditing in place when it comes to accessing data from endpoint agents.

这周打了一下ByteCTF，发现差距还是很大的，现在的很多堆菜单题都上2.31，新版本的题目需要多熟悉熟悉。

分析

checksec

在渗透测试系列教程中介绍了XSS漏洞的原理和利用方法，实际上 XSS 网络钓鱼 也是一种高效的攻击手段。网络

While conducting threat research on phishing evasion techniques, Akamai came across threat actors using obfuscation and encryption, making the malicious page harder to detect. The criminals were using JavaScript to pull this off....

10月25日对于VIPKID SRC是个特别的日子，我们有些话想对您说～

周六不放假休息，还在这加班搞 CTF？ 10 月 24 日不睡觉、凌晨两点钟我还在水群，结果在 USTC@LUG 的群里看见有人在打 Bilibili 的 CTF。我刚刚好一年（指 370 天）没有打过 CTF 了（上一次打正式的 CTF 还是去年参加的 USTC Hackergame 2019），所以想着来玩玩。虽然 CTF 结束之前不应该分享和公开 Write Up 和题解，不过 Bilibili 这 CTF 既然这么离谱，那我也没必要按照常理出牌。

目录: 一、行业背景 二、什么是可信ID？ 三、可信ID的应用场景 四、可信ID原理分析 五、如何攻破可信ID，可信ID是否真的可信？ 六、总结 一、行业背景 随着全球范围内移动业务的全面发展，采取移动为主策略的营销人员具有独特的优势，能够为他们的品牌带来最大的成功。根据Zenith估计，到2020

今年苹果秋季发布会上苹果介绍对用户隐私保护继续升级。从官方披露的公开信息来看，iOS 14的用户隐私保护更新将让用户更加知悉自己个人数据的使用情况，并进一步约束App追踪用户隐私的能力。