Aggregator

F5 BIG-IP 是美国 F5 公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。近日，F5官方公布流量管理用户界面（TMUI）使用程序的特定页面中存在一处远程代码执行漏洞（CVE-2020-5902）

该文被密码保护。

最近网上智能手表非常的火，于是在闲鱼上淘了一个30块的智能手表，经过一番折腾后。。

解决OSSEC Agent 3.6.0 无法注册问题

Cybersecurity experts are falling prey to seven myths in the effort to protect their business. Shape's Daniel Woods writes for Forbes, explaining where these myths have led us astray, and how to keep the useful bits while discarding the chaff.

Learn about the technical controls that leading regulators around the world endorse for an effective and secure Open Banking initiative.

本篇文章将会介绍一些我目前使用的安全、隐私和实用相关的 Firefox 扩展。

Since March, the COVID crisis has caused massive disruption to every area of life and work. It has tested us, as individuals and as a business. Akamai has taken a very human-centric approach during the pandemic. Our guiding principle has been to do what is right for the health and safety of employees, customers and partners. I feel proud of this, because when I think about what I'm grateful for, it really does come down to people. I'm grateful to be working for a company that is keeping people connected to the world through technology. I'm grateful to be among smart, immensely resilient colleagues. And I'm grateful to have friends and family who are sticking together. Ultimately, it's the humanity that matters.

Amazon Bug Bounty! Great news: Amazon is now offering bounties via a security vulnerabiltiy research program Bad news: AWS is out of scope! When I read this I remembered that a few years ago I found persistent Cross-Site-Scripting on the AWS Console. This post is a write up on how I found the XSS back then, techniques I used and how they evolved over the years and Amazon’s response. AWS Console and Cross Site Scripting The story is that I had just created an AWS account and started using the service.

I’m excited that Feedspot ranked this blog (Embrace the Red) the number #10 pentest blog out there. Subscribe and check-in regularly for new content related to offensive security engineering, penetration testing and red teaming. You can also follow me on Twitter @wunderwuzzi23. Cheers.

To begin with

今年 TCTF Web 题目比原来要多，但还是那么强（做不出来

easyphp

这道题被非预期了，正确解法也是在看到一叶飘零的

欢迎各位关注我的视频号，会有一些好玩的AI产品和不一样的分享。

这是一本适合从安全小白到企业安全负责人阅读的安全书籍，作者将自己多年丰富的安全经验融入此书，通俗易懂，雅俗共赏，既可作为安全工程师的工具手册，解决各类常见的安全问题，也可以指导安全负责人如何从0到1系统地建设企业安全体系，非常值得推荐！

0x00 前言

懒了，原本要保证每个月至少输出一篇blog，翻了翻做的笔记，不是不能拿出来讲的就是片段化的知识点，要

0x01 概述本文将介绍安卓模拟器环境下面使用tcpdump抓包的方法，适合小白用户查看。

Apache Dubbo Provider默认反序列漏洞（CVE-2020-1948） 0x01 搭建漏洞环境 漏洞介绍 2020年06月23日， 360CERT监测发现Apache Dubbo 官方发布了Apache Dubbo 远程代码执行的风险通告，该漏洞编号为CVE-2020-1948，漏洞

在那么多为了better life奋斗的人里面，总有几个是为了better world的。

银行卡信息读取器？太强了