JVM Shellcode注入探索
前言随着RASP技术的发展,普通webshell已经很难有用武之地,甚至是各种内存马也逐渐捉襟见肘
Aggregator
浅谈数据安全
2 years 9 months ago
两周前受钛资本之邀分享了有关数据安全的一些个人看法,这里把主要观点抽取出来,抛砖引玉,欢迎大家共同探讨。"数
前端性能优化 —— 使用 BMP 图片代替 canvas.toDataURL - EtherDream
2 years 9 months ago
canvas 导出的图片如果只在本地使用,无需使用 toDataURL 方法,直接在原始数据前加上 BMP 文件头即可使用。
EtherDream
支付宝安全招聘实习生,欢迎加入我们
2 years 9 months ago
支付宝安全招聘实习生,欢迎加入我们
OpenSSL security releases require Node.js security releases
2 years 9 months ago
GCSB collaboration with cloud service providers wins industry award
2 years 9 months ago
The ?PhoneHome? DDoS Attack ? Everything You Need to Know
2 years 9 months ago
A vulnerability in enterprise collaboration suite MiCollab by telecommunications company Mitel has been abused for distributed denial-of-service (DDoS) attacks with record-breaking amplification potential.
Sven Dummer
2022 Application Protection Report: DDoS Attack Trends
2 years 9 months ago
Distributed denial-of-service attacks soared in complexity and size during 2021.
我食言了,哈哈哈
2 years 9 months ago
这个号...终于更新了哈...哈哈哈
canvas渗透工具_历史版本6.45安装测试
2 years 9 months ago
windows部署,体验一下canvas6.45历史版本的操作手感.
Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2)
2 years 9 months ago
Leveraging ChakraCore to convert our denial-of-service from part 1 into a read/write primtive and functioning exploit.
Connor McGarr
浏览网页就能泄露手机号的小秘密
2 years 9 months ago
访问网页即可获取你手机号,多用来网站营销等。例如搜索xxx病后,点击推广广告
Akamai Is a Leader in Forrester New Wave: Microsegmentation
2 years 9 months ago
We are excited to be named a Leader in The Forrester New Wave?: Microsegmentation, Q1 2022. We were evaluated alongside eight other vendors in the microsegmentation space and ranked in 10 criteria, including product vision, interface and reporting, host agents, agentless aspect, product, and services support.
Ravit Greitser
Microsoft Windows提权漏洞(CVE-2022-21882)分析
2 years 9 months ago
本文介绍CVE-2022-21882漏洞,以及它如何绕过2021年2月修补的CVE-2021-1732的补丁
GCSB Director-General opening statement to Intelligence and Security Committee
2 years 9 months ago
GCSB Director-General Andrew Hampton opening statement to Intelligence and Security Committee on Tuesday 15 March 2022
VEEAM Backup and Replication Vulnerability
2 years 9 months ago
Summary
A post from Veeam details vulnerabilities in its backup and replication solution. The vulnerability could lead to remote code execution (RCE) in versions 9.5, 10, and 11.
Threat Type
Vulnerability
Overview
Vulnerabilities in Veeam's backup and replication software have the potential to be used for RCE and eventual gaining control over the target system. Scoring 9.8 on the CVSS v3 scale, these vulnerabilities are critical. Patches have been issued for versions 10 and 11. Version 9.5 is no longer sup
如何设定合理的安全工作指标
2 years 9 months ago
震惊!看完这篇《如何设定合理的安全工作指标》后,80%的安全人员惊呼:后悔知道的太迟了!
#今日读书笔记# 如何在业务侧通晒“负面数据”是安全TL必修课
2 years 9 months ago
#今日读书笔记# 如何在业务侧通晒“负面数据”是安全TL必修课
AWS Scaled Command Bash Script - Run AWS commands for many profiles
2 years 9 months ago
One area that I have encountered quite often over the years is that during recon phase of a bug bounty hunt or pentest a set of AWS access keys are being discovered.
Let’s say you found 50 AWS access keys by drooling and hunting through public Github repos and using other nifty tricks and means.
How do you go about checking their validity? And what do they have access to and provide the Bug Bounty Program or Blue Team the dates, times, and IP address when those keys were used?
在即将春暖花开的日子,祝福每一位朋友都能守护好自己和家人,远离疫情。
2 years 9 months ago
在即将春暖花开的日子,祝福每一位朋友都能守护好自己和家人,远离疫情。