安全,算法,数据,灌水(上)
打了三天游戏。太堕落了。
Aggregator
Attackers Use New, Sophisticated Ways to Install Cryptominers
5 years 3 months ago
How a Jenkins dynamic routing vulnerability becomes an attacker’s infection vector for installing and executing a cryptominer.
Maximizing Onboarding: Giving managers the skills for success
5 years 3 months ago
Managing teams come with challenges as well as rewards. Managers drive individual and team performance, and the best managers drive employee connection and engagement. Akamai believes that employees are our biggest asset; by effectively and efficiently integrating them into the...
Andrew Heifetz
基于设备指纹零感验证系统 - 我是小三
5 years 3 months ago
作者: 我是小三博客: http://www.cnblogs.com/2014asm/由于时间和水平有限,本文会存在诸多不足,希望得到您的及时反馈与指正,多谢! 工具环境: android 4.4.4、IDA Pro 7.0、jeb3、sklearn机器学习库目录 :为什么是零感验证?验证码的发展史
我是小三
190927 re-某恶作剧APK的分析
5 years 3 months ago
用JEB打开,首先扫一眼AndroidManifest.xml的相关信息
从包名可以看出
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fvszbl92-1569599143824)(https://i.loli.net/2019/09/27/ybnJIaoRwrq3tsX.png)]
是一个androlua项目,稍微搜一下就可以知道是用Lua写android。所以...
whklhhhh
From the Beginning: Internships With Akamai
5 years 3 months ago
At Akamai, our internships are both unique and meaningful. What do we mean by this? Well, we believe an internship should add real, significant value to an intern's skill-set. So, not only do they get to learn on the job...
Akamai
Want to see inside the dome?
5 years 3 months ago
September 2019 is the 30th Anniversary of the GCSB’s satellite communications interception station at Waihopai in Marlborough.
OGEEK 2019 OZero writeup
5 years 3 months ago
To Begin With
上周末参加了 OGEEK 网络安全挑战赛决赛,最终在队友的 carry 下躺赢,拿到第三名的成绩。运气比较好,拿到了一
xmsec
What Is SQL Injection?
5 years 3 months ago
Learn what SQL injection is, how attackers use it to access sensitive data, and how to protect your organization from these attacks.
V8学习笔记 starctf 2019 oob
5 years 3 months ago
本以为研究生的生活可以摸鱼,没想到研讨课一下子分了个讲v8的课题,没办法,只有硬着头皮上了。 参考资料: V8 […]
pzhxbz
从第一个“全国内部人员威胁意识月”看美国内部威治理战略
5 years 3 months ago
2019年9月,是美国第一个内部人员威胁意识月,这是由美国国防部联合其它联邦机构发起的。活动具体联合承担主体
泛微 e-cology OA 远程代码执行漏洞复现 - PaperPen
5 years 3 months ago
泛微 e-cology OA 远程代码执行漏洞复现,想一起学习的可以在公众号内寻找作者
PaperPen
Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in August 2019
5 years 3 months ago
August 2019 was slowest month on record F5 researchers have seen in new threat activity. But while active exploitation slowed, new reconnaissance campaigns grew.
CVE-2019-5475:Nexus2 yum插件RCE漏洞复现 - PaperPen
5 years 3 months ago
距离你的复现成功只差这篇文章!
PaperPen
190919 pwn-第五空间final_十生
5 years 3 months ago
说是题目,其实就是飞秋0day 233
之前虽然听说过各种windows的pwn
软件停止更新已久,保护都没开,是比较古老的玩意儿了
于是很容易搜到各种POC
例如0x49D03F处的整形溢出
v54是输入进来的字符串,因此可以提供4294967295=0xffffffff=-1从而使memcpy发生缓冲区溢出的异常,然后通过覆盖SEH的方式进行利用
通过cyclic生成字符串填入,可以测出溢...
whklhhhh
The Massive Propagation Of The Smominru Botnet
5 years 3 months ago
In this post, Guardicore Labs provides an in-depth analysis of the attack campaign, focusing on victim analysis and attack infrastructure.
Ophir Harpaz
The cyber threat to Universities
5 years 3 months ago
Assessing the cyber security threat to UK Universities
New DDoS Vector Observed in the Wild: WSD Attacks Hitting 35/Gbps
5 years 3 months ago
Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made...
Jonathan Respeto
Tricky Trickbot Runs Campaigns Without Redirection
5 years 3 months ago
Known for redirection attacks, recent Trickbot banking trojan campaigns use server-side injection and target fewer victims.
玩转ysoserial-CommonsCollection的七种利用方式分析
5 years 3 months ago
CommonsCollection在java反序列化的源流中已经存在了4年多了,关于其中的分析也是层出不穷,本文旨在整合分析一下ysoserial中CommonsCollection反序列化漏洞的多种利用手段,从中探讨一下漏洞的思路。