Aggregator

Security metrics are an interesting topic. Over the years I used “scores” as a tool to identify and shine light on problematic areas or highlight lack of engineering and security quality of certain teams. A security score should not seen as an objective or absoulte measure, but it allows to compare systems with each other at a relative scale, and by sharing the score it makes people ask questions.

分享几个小视频。（滑稽脸）

从二进制角度对CobaltStrike Beacon的一个简单分析...

freebsd内核内存分配器安全特性分析

2020 对我来说是比较难忘的一年，工作上负责的项目进展不合预期，生活上因为疫情被困在家里，没法出去旅游，压力很大经常失眠。不过回顾这一年，经过不断的反思和复盘，自己的认知能力得到了很大提高，解...

记录了一次简单的渗透过程，多种工具配合使用。

This is the first in a multi-part blog series on cryptography and the Domain Name System (DNS). As one of the earliest protocols in the internet, the DNS emerged in an era in which today’s global network was still an experiment. Security was not a primary consideration then, and the design of the DNS, like […]

The post The Domain Name System: A Cryptographer’s Perspective appeared first on Verisign Blog.

今天我们将从三个方面来探讨一下MQTT的安全性，分别是登陆认证问题、权限控制问题以及Broker自身安全性的问题。

Freebsd提供了一个有意思的安全功能，fork的进程号可以随机化。

At Akamai, we all contribute to our diverse, inclusive, and engaged culture. One in which we each have a voice and are empowered to have a meaningful impact on our business and its direction. It's by fostering this culture across teams that we're able to achieve the company's guiding principles. For all of us, it means putting our clients, employees and communities front and center in our daily work.

今天在某技术群里看到大家都在讨论一个技术文章，然后就点击去看了下。

Freebsd的jail模型是一个纯粹的沙箱模型，用来限制进程的一些行为，是一种安全机制。

阿里云爬虫风险管理（Anti-Bot Service，简称Anti-Bot）针对原生App端提供安全SDK解决方案。为App提供可信通信、防机器脚本滥刷等安全防护，有效识别高风险手机、猫池、牧场等特征。

在昨日(2021/1/5)，Apache Flink发布安全更新，修复了由蚂蚁安全非攻实验室发现的2个高危漏洞

We considered the shape of the coming year in cybersecurity. Phishing, APTs, malware, old vulnerabilities… it’s not all bad … well, actually, it is.