Aggregator

kali工具包详解目录

作为一个充满泡沫和噱头的新概念，Web3 和元宇宙在区块链的社区中掀起了一波浪潮。鼓吹者坚信 Web3 就是互联网的未来、不惜砸下大把的金钱和精力、希望能在未来中捞一杯羹；而大部分人保持观望的态度。是时候来一点 Web3 的反对意见了。

关于log4j1.x 和 logback 的鸡肋 RCE 讨论

0x01 写在前面对 log4j2 漏洞的后续研究中，发现一些有趣的东西，记录分享一下0x02 log4j 真的在任何情况不存在 JNDI注入吗？首先提出一个问题，log4j 真的在任何情况不存...

The log4j security vulnerability is one of the most widespread cybersecurity vulnerabilities in recent years. Here's a non-technical explanation of it.

利用飞机上的时间，自创一套信息安全BP的能力模型，欢迎探讨。

应急响应必备手册

CVE-2021-44228

面对铺天盖地的修复方案，甲方人员加班的手忙脚乱，但是还是要冷静下来不可以乱修

反射修复log4j2

0x01 写在前面2021 年 12 月 9 号注定是一个不眠之夜，著名的Apache Log4j 项目被爆存在远程代码执行漏洞，且利用简单，影响危害巨大，光是引入了 log4j2 依赖的组件都...

Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This includes deploying an update to our existing Apache WAF rules to include mitigation for this Zero Day CVE, and updating the Log4j library to version 2.15.0 or later.

作为非安全圈（主要是门槛不够，进不去）非著名喷子，今天不谈技术，不谈漏洞，回归喷子本质。

纸质书正式发售，赠书 10 本

Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could...

The post Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. appeared first on McAfee Blog.

Apache Log4j2某些功能存在递归解析功能，攻击者可直接构造恶意请求，触发远程代码执行漏洞。漏洞利用无需特殊配置，Apache Struts2、Apache Solr、Apache Druid、Apache Flink等均受影响。

See how Akamai helped open-source logging library Log4j fight against a critical unauthenticated remote code execution (RCE) vulnerability and reduce customer exposure.

先是在野0day 《Grafana未授权任意文件读取》传出，随后更劲爆的《Apache Log4j2远程代码执行》的POC、EXP相继出现，后者的payloads传播速度之快、以及影响范围之广，使其在业内堪称 “核弹级” 漏洞。

We?re proud to announce the 1.0 release of the Property Manager extension to Visual Studio Code and Eclipse. With the new Property Manager extension, you can edit and validate Property Manager API (PAPI) JSON rule trees right from your integrated development environment (IDE). It allows you to make and validate critical changes to your configuration closer to your DevOps environment. Once you've updated and validated the configuration file in your IDE, you can easily push it back to the platform with PAPI or Akamai command-line interface (CLI).