Aggregator

翻译自英文文章：《Enriching Threat Intelligence Platforms Capabilities》。文章讲述一个丰富化的威胁情报平台的实现思路，以扩展当前 TIP 中的...

前言 Java技术栈漏洞目前业已是web安全领域的主流战场，随着IPS、RASP等防御系统的更新迭代，Java攻防交战阵地已经从磁盘升级到了内存里面。 在今年7月份上海银针安全沙龙上，我分享了《Java内存攻击技术漫谈》的议题，个人觉得PPT承载的信息比较离散，技术类的内容还是更适合用文章的形式来分

With DDoS, we typically observe a moderate degree of attacker persistence. DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out.

Summary Multiple sources, including T-Mobile, have reported on a data breach that occurred against the cellular communications company. The data breach affects more than 100 million of T-Mobile's customers. Threat Type Data Breach Overview First reported by Vice on Saturday, August 14, T-Mobile has suffered a data breach that purportedly affects more than 100 million of its customers. More than 106GB of data, including social security numbers, names, addresses, IMEI numbers, and driver license information a

0x01 背景前言我是个记性不太好的人，因此平日里会去写写弄弄把零碎的想法记录下来。之前内容排版上大多都是按照自己的习惯、语言上的常识，在看完阮一峰老师的中文技术文档写作风格指南 之后觉得挺有必...

前言Java技术栈漏洞目前业已是web安全领域的主流战场，随着IPS、RASP等防御系统的更新迭代，Java

百万级开源HIDS解决方案的策略建设思路

郑重声明：文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途以及盈利等目

《关键信息基础设施安全保护条例》已经2021年4月27日国务院第133次常务会议通过，现予公布，自2021年9月1日起施行。

企业防御之安全运营数据分析

This post is part of the machine learning attack series. It’s been a while that I did a Husky AI and offensive machine learning related post. This weekend I had some time to try out Counterfit. My goal was to understand what Counterfit is, how it works, and use it to turn Shadowbunny into a husky. Let’s get started. What is Counterfit? With Counterfit you can test your machine learning models and endpoints for specific adversarial attacks.

With 35 medals at stake, the last full day of competition during the games in Tokyo generated the highest video streaming traffic for 30-plus customers on the Akamai Intelligent Edge Platform. Medal matches for baseball, basketball, and soccer, along with several track and field finals, drove related traffic to 10 Tbps on Saturday, August 7.

一、前言 在之前某次渗透测试中，发现一个ASP.NET的站点，通过数据库权限提权拿下系统之后发现站点的密码是经过几次编码和不可逆加密算法存储的。导致无法通过管理员的账号密码登录系统（因为当时是个比较重要的系统，因此需要账号密码来登录后台），因此最后的解决办法就是通过加密算法生成一个新的密码，再写入数

4.用户态睡眠以sleep为例来说明任务在用户态是如何睡眠的。首先我们通过strace工具来看下其调用的系统调用：$stracesleep1 ... close(3)...

1开场白环境：处理器架构：arm64内核源码：linux-5.10.50ubuntu版本：20.04.1代码阅读工具：vim+ctags+cscope无论是任务处于用户态还是内核态，经常会...

前言

关于从加锁的硬盘提取信息的那些事，走了很多弯路。

以前买了NTG55的Head Unit，装配在奔驰E系车型。

将目标设备拆开后，可以发

前言

本文记录了还原车机内NAND Flash文件系统的过程。

恢复过程

车机中高通CPU使用MXIC B162711 NAND Flash存储芯片，一般很少直接用NAND Flash的，除非像高通这样对自己的主控特别自信。

固件载体

固件 (Firmware), 在港澳台称作韧体, 在手机领域又称作字库。它位于非易失性存储(Non-Volatile Memory，NVM)中，可以被读写。在嵌入式领域，最常见的NVM类型是ROM(read-only memory)和Flash

利用 Service Worker 离线化特性，即使服务器被打垮，浏览器也能通过备用站点加载并更新