Aggregator

了解原型链污染比较晚，从今年的 TCTF FINAL 到 REDPWN，再到 XNUCA，才算是慢慢开始理解这种攻击的用法以及利用的场景

写这篇的原因是 OGEEK 上一道 LOCAL DTD 的题目，查了一些资料，想赛后整理一下，不过发现 K0rz3n 大佬写的实在是太详细了

使用华为E5885L一年多了，对我而言，它不仅是一款完美的4G便携路由器，而且经过改造之后更是一款渗透利器。尽管这是一款非常美好的产品，但是在安全研究的工作中，还是发现有不少痛点。但是在使用了GL.iNet MIFI之后，完全满足了我的测试需求。尽管能够解决问题，但是某些地

Recently Coinbase published a well written blog post on how they were under attack. The adversaries exploite Firefox 0-days. Details can be found here. One intersting aspect is the following:

“We have also observed the attackers specifically target cloud services, e.g. gmail and others, via browser session token theft via direct access to browser datastores. This activity also offers the opportunity for behavior-based detection, as relatively few processes should be directly accessing those files.”