Genesis Marketplace, a Digital Fingerprint Darknet Store
Insights into Genesis Marketplace, a black market trading in digital identity.
Aggregator
Authenticated Resolution and Adaptive Resolution: Security and Navigational Enhancements to the Domain Name System
4 years 3 months ago
The Domain Name System (DNS) has become the fundamental building block for navigating from names to resources on the internet. DNS has been employed continuously ever since its introduction in 1983, by essentially every internet-connected application and device that wants to interact online. Emerging from an era where interconnection rather than information security was the […]
The post Authenticated Resolution and Adaptive Resolution: Security and Navigational Enhancements to the Domain Name System appeared first on Verisign Blog.
Burt Kaliski
国内在线车联网平台(道路运输车辆卫星定位系统)安全威胁分析报告
4 years 3 months ago
本报告研究成果由灯塔实验室知风Zhifeng.io安全研究团队发布报告编号:C-03 一、前言 车联网技术本身…
Z-0ne
Toward Inclusive Language in Software
4 years 3 months ago
Erik Nygren
渗透中的数据转发技巧
4 years 3 months ago
思路
渗透测试中,必须使用代理服务器,所以首先假设我们有一台具有公网IP的服务器,作为攻击机。
内网是相对的,有时进入DMZ区,发现要使用VPN进入目标网段。在这里讨论只一台受害主机的攻击路径,认为是最小元,需要得出一个方法论,这个方法论将适
Gorgias
利用网络安全保险进行第三方安全准入
4 years 3 months ago
今年我干了一件自己觉得还挺新鲜的事情
CVE-2020-26674: VPS9 upgrade components susceptible to MITM vulnerability
4 years 3 months ago
Mike Zhang
开源信息收集周报#66
4 years 3 months ago
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
IoT Vulnerability Assessment of the Irish IP Address Space
4 years 3 months ago
Vulnerability assessment of IoT devices in Ireland detailing the biggest threats, most at-risk and highly exposed devices.
Nexpose常见问题排查
4 years 3 months ago
大家都是专业人才,太专业的我就不多介绍了,这次介绍的纯属是关于Nexpose产品本身相关的问题排查方法和思路,大多是跟环境相关的,其中因系统环境和网络环境导致的问题居多,供大家参考。
为什么 Linux 需要 Swapping
4 years 3 months ago
Linux 触发 Swapping 的时机以及执行路径
The dangers of firewall misconfigurations
4 years 3 months ago
Dave Burton
November 2020 Security Releases
4 years 3 months ago
Safeguard Identity Data at the Source
4 years 3 months ago
When your customers create an account on your website or application, they are entrusting their valuable information with you in order to establish a relationship. To maintain that relationship, they need to have faith that you will protect their information.
Megan Freshley
Smogcloud - AWS external network asset discovery platform
4 years 3 months ago
TonghuaRoot
【VK技术分享】Docker安全实践
4 years 3 months ago
此文章总结了VIPKID安全团队基于Docker技术的安全实践,希望同各位安全小伙伴一起探讨学习。
知名网络空间普查与网络测绘组织研究报告 第二期-Shodan篇
4 years 3 months ago
Shodan(Shodan.io)是一个主机、联网设备搜索引擎,被誉为“黑暗谷歌”和“互联网上最可怕的搜索引擎…
Z-0ne
Tomcat容器攻防笔记之Filter内存马
4 years 3 months ago
新品上架
Hacking all the cars之Tesla API分析与利用(下)
4 years 3 months ago
该系列文章将通过逆向的方式分析Tesla远程api,并自己编写代码实现远程控制Tesla汽车。该篇文章为第二篇,将主要讲解websocket抓包分析与编程实现对Tesla的远程控制。如果你还没看第一篇,请先查看第一篇内容Hacking All The Cars - Tesla 远程API分析与利用(上)。
0x00 Websocket通信分析Tesla的召唤功能除自动召唤外,还支持手动的前进与后退功能。要想手机APP可以使用召唤功能,需要先在车机中开启召唤功能。
在测试时,建议寻找一块比较大的空地,然后设置抓包,使用手机APP进行操作。通过burpsuite抓到的数据包可知,召唤功能主要通过websocket来实现。但是分析过程中可以发现,burpsuite只显示了连接地址和发送的数据内容,并没有显示其请求的头,所以,当直接去连接时会返回401错误。
在这个时候就需要还一个工具了,本文选择使用charles。这个工具针对websocket的支持非常友好,不仅可以看到请求头,还针对发送与接收以不同的颜色区分显示出来,十分方便分析。
The elephant in the data centre
4 years 3 months ago
A new white paper from the NCSC explains the potential benefits of adopting a cloud-system.