Aggregator

跨平台社区化Web指纹识别工具ObserverWard_0x727

CTF Writeup

The NCSC's Cloud Security Research Lead suggests some approaches to help you get confidence in cloud services.

In part 2 of his Cloud Blog Trilogy, Andrew explains why it's better for everyone if cloud providers are willing to be open about how they run their services.

Highlighting guidance which will help you secure your servers

代码嵌套几百个 if(...)if(...)if(...)if(...)if(...) 会怎样？

如何打穿几千台的内网域渗透？当然是靠 WMI 横向移动了

1.更改请求方式 这是一种检查绕过验证码的简单方法，只需更改“请求的请求方法”并删除验证码参数 示例 POST — — -> GET (POST请求转GET) #更有效 POST — — -> PUT (POST请求转PUT) 2.删除参数或使用先前使用的验证码 3.修改JSON请求到正常请求 有时

翻译自英文文章：《Enriching Threat Intelligence Platforms Capabilities》。文章讲述一个丰富化的威胁情报平台的实现思路，以扩展当前 TIP 中的...

前言 Java技术栈漏洞目前业已是web安全领域的主流战场，随着IPS、RASP等防御系统的更新迭代，Java攻防交战阵地已经从磁盘升级到了内存里面。 在今年7月份上海银针安全沙龙上，我分享了《Java内存攻击技术漫谈》的议题，个人觉得PPT承载的信息比较离散，技术类的内容还是更适合用文章的形式来分

With DDoS, we typically observe a moderate degree of attacker persistence. DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out.

Summary Multiple sources, including T-Mobile, have reported on a data breach that occurred against the cellular communications company. The data breach affects more than 100 million of T-Mobile's customers. Threat Type Data Breach Overview First reported by Vice on Saturday, August 14, T-Mobile has suffered a data breach that purportedly affects more than 100 million of its customers. More than 106GB of data, including social security numbers, names, addresses, IMEI numbers, and driver license information a

0x01 背景前言我是个记性不太好的人，因此平日里会去写写弄弄把零碎的想法记录下来。之前内容排版上大多都是按照自己的习惯、语言上的常识，在看完阮一峰老师的中文技术文档写作风格指南 之后觉得挺有必...

前言Java技术栈漏洞目前业已是web安全领域的主流战场，随着IPS、RASP等防御系统的更新迭代，Java

百万级开源HIDS解决方案的策略建设思路

郑重声明：文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途以及盈利等目

《关键信息基础设施安全保护条例》已经2021年4月27日国务院第133次常务会议通过，现予公布，自2021年9月1日起施行。

企业防御之安全运营数据分析

This post is part of the machine learning attack series. It’s been a while that I did a Husky AI and offensive machine learning related post. This weekend I had some time to try out Counterfit. My goal was to understand what Counterfit is, how it works, and use it to turn Shadowbunny into a husky. Let’s get started. What is Counterfit? With Counterfit you can test your machine learning models and endpoints for specific adversarial attacks.