190927 re-某恶作剧APK的分析
用JEB打开,首先扫一眼AndroidManifest.xml的相关信息
从包名可以看出
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fvszbl92-1569599143824)(https://i.loli.net/2019/09/27/ybnJIaoRwrq3tsX.png)]
是一个androlua项目,稍微搜一下就可以知道是用Lua写android。所以...
Aggregator
From the Beginning: Internships With Akamai
5 years 5 months ago
At Akamai, our internships are both unique and meaningful. What do we mean by this? Well, we believe an internship should add real, significant value to an intern's skill-set. So, not only do they get to learn on the job...
Akamai
Want to see inside the dome?
5 years 5 months ago
September 2019 is the 30th Anniversary of the GCSB’s satellite communications interception station at Waihopai in Marlborough.
OGEEK 2019 OZero writeup
5 years 5 months ago
To Begin With
上周末参加了 OGEEK 网络安全挑战赛决赛,最终在队友的 carry 下躺赢,拿到第三名的成绩。运气比较好,拿到了一
xmsec
What Is SQL Injection?
5 years 5 months ago
Learn what SQL injection is, how attackers use it to access sensitive data, and how to protect your organization from these attacks.
V8学习笔记 starctf 2019 oob
5 years 5 months ago
本以为研究生的生活可以摸鱼,没想到研讨课一下子分了个讲v8的课题,没办法,只有硬着头皮上了。 参考资料: V8 […]
pzhxbz
从第一个“全国内部人员威胁意识月”看美国内部威治理战略
5 years 5 months ago
2019年9月,是美国第一个内部人员威胁意识月,这是由美国国防部联合其它联邦机构发起的。活动具体联合承担主体
泛微 e-cology OA 远程代码执行漏洞复现 - PaperPen
5 years 5 months ago
泛微 e-cology OA 远程代码执行漏洞复现,想一起学习的可以在公众号内寻找作者
PaperPen
Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in August 2019
5 years 5 months ago
August 2019 was slowest month on record F5 researchers have seen in new threat activity. But while active exploitation slowed, new reconnaissance campaigns grew.
CVE-2019-5475:Nexus2 yum插件RCE漏洞复现 - PaperPen
5 years 5 months ago
距离你的复现成功只差这篇文章!
PaperPen
Pwn思维导图
5 years 5 months ago
根据ctf-wiki总结栈溢出, 格式化字符串漏洞, 部分堆溢出利用, 制成如下思维导图
pwn.pdf
190919 pwn-第五空间final_十生
5 years 5 months ago
说是题目,其实就是飞秋0day 233
之前虽然听说过各种windows的pwn
软件停止更新已久,保护都没开,是比较古老的玩意儿了
于是很容易搜到各种POC
例如0x49D03F处的整形溢出
v54是输入进来的字符串,因此可以提供4294967295=0xffffffff=-1从而使memcpy发生缓冲区溢出的异常,然后通过覆盖SEH的方式进行利用
通过cyclic生成字符串填入,可以测出溢...
whklhhhh
The Massive Propagation Of The Smominru Botnet
5 years 5 months ago
In this post, Guardicore Labs provides an in-depth analysis of the attack campaign, focusing on victim analysis and attack infrastructure.
Ophir Harpaz
New DDoS Vector Observed in the Wild: WSD Attacks Hitting 35/Gbps
5 years 5 months ago
Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made...
Jonathan Respeto
Tricky Trickbot Runs Campaigns Without Redirection
5 years 5 months ago
Known for redirection attacks, recent Trickbot banking trojan campaigns use server-side injection and target fewer victims.
玩转ysoserial-CommonsCollection的七种利用方式分析
5 years 5 months ago
CommonsCollection在java反序列化的源流中已经存在了4年多了,关于其中的分析也是层出不穷,本文旨在整合分析一下ysoserial中CommonsCollection反序列化漏洞的多种利用手段,从中探讨一下漏洞的思路。
Hook Java API以获得MD5计算前数据 - luoyesiqiu
5 years 6 months ago
介绍 MD5消息摘要算法(英语:MD5 Message-Digest Algorithm),一种被广泛使用的密码散列函数,可以产生出一个128位(16字节)的散列值(hash value),用于确保信息传输完整一致。[1] 有些人把MD5列为加密算法,这其实是不正确的,因为MD5计算本身就是不可逆的
luoyesiqiu
古典《跃迁》摘抄分享
5 years 6 months ago
认知刷新,方法更新与微调。
做好特定领域者
5 years 6 months ago
这就是我的世界观,无论是个人发展,还是做一番事业。
花式栈溢出学习
5 years 6 months ago
hurricane618