Oracle ADF Faces 反序列化RCE
环境搭建安装Oracle19c,安装的时候这里要选AL32UTF8image.png接下来会卡在42%,多等
Aggregator
CVE-2022-21445 Oracle JDeveloper ADF Faces反序列化漏洞影响众多Oracle产品
2 years 9 months ago
近日Oracle通报了一个反序列化漏洞CVE-2022-21445,未经身份认证的远程攻击者可利用该漏洞实现反序列化操作导致任意代码执行。任何基于ADF Faces框架开发的程序都受到此漏洞的影响,包括Oracle的多个产品。
Akamai?s Observations of Confluence Zero Day (CVE-2022-26134)
2 years 9 months ago
The Atlassian Confluence vulnerability is here to stay. See Akamai's research into the stats two weeks after the advisory was released.
Chen Doytshman
Post Exploitation: Sniffing Logon Passwords with PAM
2 years 9 months ago
Pluggable Authentication Modules (PAM) on Unix based systems are useful to change logon behavior and enforce authentication via various means.
In “Red Team Strategies” the chapter “Protecting the Pentester” walks the reader through the configuration of a PAM module to get notified in real-time via a pop-up when someone logs on to the machine (e.g. system compromise).
But there are also bad things that can be done with PAM (especially post-exploitation) and this is what this post is about.
CVE-2022-25167 Apache Flume JNDI 注入漏洞分析与复现
2 years 9 months ago
近日监测到 Apache 发布安全的公告,修复了一个存在于 Apache Flume 中的代码执行漏洞CVE-2022-25167,攻击者可通过发送特制的 JNDI 查找,从而在目标系统上执行任意代码。
Hack-The-Box-walkthrough[phoenix]
2 years 9 months ago
253
RASP| Spring data mongodb spel(CVE-2022-22980)
2 years 9 months ago
Spring Data MongoDB 是一个开源项目,它提供了与 MongoDB 文档数据库的集成。近日监控到 Spring Data MongoDB 爆出 SpEL 表达式注入漏洞 CVE-2022-22980
What?s New for Developers: June 2022
2 years 9 months ago
Read about our recent Terraform updates and managed database services, our latest Meet the Developer articles, and stream videos on edge computing.
Jessica Capuano Mora
潮汐平台与开发大赛
2 years 9 months ago
在提笔写文章的时候,忽然发现6月已经过了大半了,时光总是匆匆的感觉。6月其实花了很多时间去研究一个叫做潮汐平台的东西.
Celebrating Women Engineers Today and Every Day at Verisign
2 years 9 months ago
Today, as the world celebrates International Women in Engineering Day, we recognize and honor women engineers at Verisign, whose own stories have helped shape dreams and encouraged young women and girls to take up engineering careers. Here are three of their stories: Shama Khakurel, Senior Software Engineer When Shama Khakurel was in high school, she […]
The post Celebrating Women Engineers Today and Every Day at Verisign appeared first on Verisign Blog.
Ellen Petrocci
Windows自启动技术-注册表 - nice_0e3
2 years 9 months ago
Windows自启动技术-注册表 注册表自启动 Windows的Run和RunOnce注册表项可以让用户登陆系统时自动启动一些程序。 其中涉及到的注册表项如下: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY
nice_0e3
Bots Are Scalping Israeli Government Services
2 years 9 months ago
Bots can be used for good, but can also be nefarious. In this post, see Akamai's research on the Israeli Gamken bot copycat.
Gon Avnon
The Relentless Evolution of DDoS Attacks
2 years 9 months ago
Explore how DDoS attacks are practically unrecognizable from those of the past few years thanks to constant innovation in the threat landscape
Craig Sparling & Max Gebhardt
安全团队的演进及个人定位思考
2 years 9 months ago
作者:404notfound@柳星。此文仅代表个人观点,与团队、公司无关,如有不妥之处,一定要提醒我,我改!
安全团队的演进及个人定位思考
2 years 9 months ago
作者:404notfound@柳星。此文仅代表个人观点,与团队、公司无关,如有不妥之处,一定要提醒我,我改!
探寻Java文件上传流量层面waf绕过姿势
2 years 9 months ago
作者介绍Y4tacker真是太牛逼了,新一代的java王子,每天一花活又强又卷年纪轻轻还有女朋友。头像还这么
Windows自启动技术-快速启动目录 - nice_0e3
2 years 9 months ago
Windows自启动技术快速启动目录 前言 最近比较忙,整理一点琐碎的东西 自启动技术 在windows 系统中,存在很多可以实现开启自启动的地方。windows系统下有自带的快速启动文件夹。只要程序放到这个快速启动目录下,系统在启动的时候会自动加载并且运行这个程序,实现开机启动。 快速启动的目录不
nice_0e3
Confluence CVE-2022-26134 漏洞分析
2 years 9 months ago
Confluence CVE-2022-26134 漏洞分析 调试环境配置 这里在 p牛的 vulhub 的基 […]
KpLi0rn
上海观安信息招聘售前-数据安全方向
2 years 9 months ago
上海观安信息招聘售前数据安全方向,诚聘精英。
上海观安信息招聘售前-数据安全方向
2 years 9 months ago
上海观安信息招聘售前数据安全方向,诚聘精英。