MOSEC会后随想:浏览器安全、web3钱包插件端安全
当黑客攻击目标用户浏览器时,多进程通信处于异常的时候,部分进程会卡死在系统中不会退出,此时多款存在私钥助记符泄漏的钱包,在与其他进程通信过程中将其长期保存在了僵尸进程中,黑客可不费吹灰之力将财产盗走。
Aggregator
MOSEC会后随想:浏览器安全、web3钱包插件端安全
2 years 8 months ago
当黑客攻击目标用户浏览器时,多进程通信处于异常的时候,部分进程会卡死在系统中不会退出,此时多款存在私钥助记符泄漏的钱包,在与其他进程通信过程中将其长期保存在了僵尸进程中,黑客可不费吹灰之力将财产盗走。
Client-Side Protection & Compliance: Fight Threats, Help Meet PCI DSS v4
2 years 8 months ago
Emily Lyons
图片验证码引起的惨案 一个开源验证码库导致的 jumpserver 账户接管漏洞
2 years 8 months ago
前言
jumpserver 前不久出了一个密码重置漏洞 CVE-2023-42820
在当天我就复现了这个漏洞 这个随机数的案例非常有趣 这个漏洞出现在了一个很难想到的位置 是一个由第三方依赖库引起的问题
白帽酱
那些年我看过的番剧、电视剧、电影以及玩过的游戏
2 years 8 months ago
一些不错的作品值得更多的人接触,特此写下那些年我接触过的有趣的娱乐作品,我推荐的作品或是能让人获得新颖的体验,或是能让人思考良久,或是能让人轻松愉快。
<hurricane618
Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series
2 years 8 months ago
October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20 th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month. What is NIST Up to in October? We’ll be using our NIST Cybersecurity Awareness Month website to share information about our events, resources, blogs, and how to stay involved. We will be using our NISTcyber X account as a vehicle to
David Temoshok
共济会最高揭秘
2 years 8 months ago
最近有网友指出安琪拉在巴黎时装周戴的戒指上有“一只眼”。但安琪拉的工作室在国内发出的照片上都把这只眼给 PS 掉了。而众所周知,“一只眼”是共济会、光明会都用的符号。所以很多网友非常担心这背后到底是怎样的阴谋。
共济会最高揭秘
2 years 8 months ago
最近有网友指出安琪拉在巴黎时装周戴的戒指上有“一只眼”。但安琪拉的工作室在国内发出的照片上都把这只眼给 PS 掉了。而众所周知,“一只眼”是共济会、光明会都用的符号。所以很多网友非常担心这背后到底是怎样的阴谋。
共济会最高揭秘
2 years 8 months ago
最近有网友指出安琪拉在巴黎时装周戴的戒指上有“一只眼”。但安琪拉的工作室在国内发出的照片上都把这只眼给 PS 掉了。而众所周知,“一只眼”是共济会、光明会都用的符号。所以很多网友非常担心这背后到底是怎样的阴谋。
共济会最高揭秘
2 years 8 months ago
最近有网友指出安琪拉在巴黎时装周戴的戒指上有“一只眼”。但安琪拉的工作室在国内发出的照片上都把这只眼给 PS 掉了。而众所周知,“一只眼”是共济会、光明会都用的符号。所以很多网友非常担心这背后到底是怎样的阴谋。
共济会最高揭秘
2 years 8 months ago
最近有网友指出安琪拉在巴黎时装周戴的戒指上有“一只眼”。但安琪拉的工作室在国内发出的照片上都把这只眼给 PS 掉了。而众所周知,“一只眼”是共济会、光明会都用的符号。所以很多网友非常担心这背后到底是怎样的阴谋。
Introducing Sift: Automated Threat Hunting
2 years 8 months ago
The blog post introduces Sift, a new tool from GreyNoise that helps threat hunters filter out noise and prioritize investigation of potentially malicious web traffic. Sift uses AI techniques like large language models to analyze HTTP requests seen across GreyNoise's sensor network and generate reports on new and relevant threats. The reports describe and analyze suspicious payloads, estimate the threat level, provide contextual tags/information on associated IPs, and suggest Suricata rules to detect similar traffic. This allows analysts to focus only on the most critical potential threats instead of sifting through millions of requests manually. Sift is currently limited to HTTP traffic but will expand to other protocols soon. The post invites readers to provide feedback on how to further develop Sift's capabilities, such as expanding historical reports, customizing for specific organizations, analyzing submitted PCAPs, and integrating additional GreyNoise data/tools.
业余无线电考试A、B操作证试题速记
2 years 8 months ago
业余无线电守则 体谅:绝对不故意在联络中妨碍他人的乐趣。 忠诚:对同好、俱乐部以及在国内外代表全国业余无线电爱好者的国家协会表示忠诚、鼓励与支持。 进步:掌握先进科学的知识,装备认真有效的电台,以及无可挑剔的操作。 友爱:应要求缓慢耐心的发送,对新手的友好指导和建议,善意的帮助合作,以及考虑别人的利益,这些是业余精神的证明。 ...
有关业余无线电的碎碎念
2 years 8 months ago
可以跳过,直接进入速记阶段。 A 类操作技术能力考试题库有 365 道题,考试环节只考其中的 30 道,对 25 道就能通过考试;大部分与法律法规相关,看一晚上差不多就可以过了。而 B 证的题库有 689 题,除了与 A 证重合的题目之外,新加入了大量电子元件、计算相关的题目,需要辅助记忆。 A、B、C 操作证的简单区别 操作证类别频段功率A30MHz~3000MHz不大于25WB各业余业务和卫星业余业务频段30MHz以下不大于100W,30MHz以上不大于25WC各业余业务和卫星业余业务频段30MHz以下不大于1000W,30MHz以上不大于25W ...
HaE入门到精通:三条影响你一生的HaE规则
2 years 8 months ago
0# 概述最近一段时间项目也比较多,再加上最近还在维护开源项目,所以挺忙的。乘着国庆时间,好好放松一下,顺便借着国庆期间更新一下自己许久未更新的博客哈哈~本篇文章,我们将深入学习著名BurpSu...
AabyssZG
国庆快乐
2 years 8 months ago
守护万家灯火,同庆盛世华诞~
A Closer Look at the Snatch Data Ransom Group
2 years 8 months ago
Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.
BrianKrebs
国庆快乐
2 years 8 months ago
守护万家灯火,同庆盛世华诞~
Microsoft Fixes Data Exfiltration Vulnerability in Azure AI Playground
2 years 8 months ago
Large Language Model (LLM) applications and chatbots are quite commonly vulnerable to data exfiltration. In particular data exfiltration via Image Markdown Injection is quite frequent.
Microsoft fixed such a vulnerability in Bing Chat, Anthropic fixed it in Claude, and ChatGPT has a known vulnerability as Open AI “won’t fix” the issue.
This post describes a variant in the Azure AI Playground and how Microsoft fixed it.
From Untrusted Data to Data ExfiltrationWhen untrusted data makes it into the LLM prompt context it can instruct the model to inject an image markdown element. Clients frequently render this using an HTML img tag and if untrusted data is involved the attacker can control the src attribute.
中秋团圆
2 years 8 months ago
教诲之光 点亮皓月星宸;萤火之光 守护内外安全~