Aggregator
crmeb java版本CMS fastjson利用 - sevck
1 year 9 months ago
4.5K start 2K fork的项目,之前用了低版本的fastjson,新版本修复了。 https://gitee.com/ZhongBangKeJi/crmeb_java 之前用1.2.56版本fastjson,1.2.68公开的有fastjson commons-io AutoClosea
sevck
帝都买房记 - sevck
1 year 9 months ago
最近一直理财不行,基金、股市都不稳定,年后回来突发奇想决定买房,从想买、到看房、购房,1天完成,当天就交了定金。 大致流程: 看房前准备→实地看房→排号选房→提交购房资质审核资料,认购→草签,网签合同→付首付款→办理贷款→审批放贷→验房收房→交税→办房本 整理一下购房(新房、商品房)流程,供参考:
sevck
MOVEit SQLi Zero-Day (CVE-2023-34362) Exploited by CL0P Ransomware Group
1 year 9 months ago
Akamai Security Intelligence Group, which has been examining the MOVEit vulnerability and its exploitation, provides recommendations for detection and mitigation.
Akamai Security Intelligence Group
BT最新版一处RCE&后门&登录漏洞 - sevck
1 year 9 months ago
审计搞了宝塔好几个版本,花了也不算短时间,屯了3个洞 1.一个命令执行 (有一定利用条件,最开始不能回显,配合DNSLOG完成回显) 2.一个不死后门(非官方,自留后门,用来持续维持权限) 适用 Linux/windows 测试版本: linux 7.9.8 Windows 6.7.0 Window
sevck
GreyNoise Round Up: Product Updates - May 2023
1 year 9 months ago
May brought more product enhancements to user workflows, data coverage… and of course, more interesting tags! Twenty four to be exact, as we continue to improve our product to help our customers monitor emerging threats and identify benign actors. We improved our sensor coverage to include coverage in the country of Ghana, plus we made some helpful improvements to our bulk analysis, RIOT dataset, and APIs.
反诈法在一线:基层民警处理电诈行政处罚的三大难题怎么破?
1 year 9 months ago
《反电信网络诈骗法》的出台为打击电信网络诈骗的刑行衔接提供了依据,但是在实践中也存在诸多争议。基层民警就适用《反诈法》作行政处罚提出了三个问题和思考。
docker安全实战3: 亲自动手设置多容器架构
1 year 9 months ago
文末暗号
Analyzing Broken User Authentication Threats to JSON Web Tokens
1 year 9 months ago
Nitzan Namer
系统架构设计师之启动(一)
1 year 9 months ago
在N年之前,自己参加过一次系统架构设计师考试,由于准备不充分,或者说基本上没有什么准备,导致了最终的失败,之后的几年,慌慌张张中几乎忘却了此事,在后面的工作中,经常因为到由于系统知识很多细节了解不清晰,对于总体没有轮廓,走了不少弯路,所以,想借此考试,系统性的补充下专业知识,提升一下自己的专业技能,也可以让自己在此后的工作中更得心应手。
aomandeshangxiao
慎用!!一个干掉所有EDR/XDR的工具:终结者
1 year 9 months ago
文末暗号
Labs API: It’s Playtime
1 year 9 months ago
Introducing the Labs API Playground, a powerful tool designed to provide users quick access to data and an Early-Access/Beta API experience. Whether you’re a seasoned GreyNoise user (welcome back!) or just starting your journey (welcome aboard!), this playground will enable you to explore and interact with our data in new ways.
How a Sneaker Bot Earned $2M Profit from One Shoe Drop
1 year 9 months ago
Explore a highly automated attack against a sneaker manufacturer and learn how resellers optimize their bots for success, and profit!
国光的 macOS Monterey 12.X 配置记录
1 year 9 months ago
自从去年我的电脑经历了各种挫折之后,新的一年到了,虽然矿难还没有真正的到来,但是 AMD RX6600 XT 显卡 居然在 macOS 12.1 版本支持驱动了,于是就果断剁手了,新的系统,新的配置,这篇文章就此诞生了。
国光
U.S. Department of Commerce Announces CHIPS for America R&D Leaders
1 year 9 months ago
CHIPS for America was established by historic legislation to bring semiconductor manufacturing back to the U.S.
Sarah Henderson
HTTP 网关 GZIP 页面零开销注入 JS - EtherDream
1 year 9 months ago
不解压 gzip 流量的情况下往 html 中注入 js 代码
EtherDream
从JustCTF 2023 中学到的一点关于 sqlite3 代码执行的方法
1 year 9 months ago
Swing
docker安全实战2: 揭秘docker架构
1 year 9 months ago
文末暗号
Building a More Secure Routing System: Verisign’s Path to RPKI
1 year 9 months ago
This blog was co-authored by Verisign Distinguished Engineer Mike Hollyman and Verisign Director – Engineering Hasan Siddique. It is based on a lightning talk they gave at NANOG 87 in February 2023, the slides from which are available on the NANOG website. At Verisign, we believe that continuous improvements to the safety and security of […]
The post Building a More Secure Routing System: Verisign’s Path to RPKI appeared first on Verisign Blog.
Verisign
New Building Standard Paves the Way for Collapse-Resistant Structures
1 year 9 months ago
A new building standard can help engineers prevent the worst.
Sarah Henderson