Aggregator

全局符号表(GOT表)hook实际是通过解析SO文件，将待hook函数在got表的地址替换为自己函数的入口地址，这样目标进程每次调用待hook函数时，实际上是执行了我们自己的函数。 GOT表其实包含了导入表和导出表，导出表指将当前动态库的一些函数符号保留，供外部调用，导入表中的函数实际是在该动态库中

F5 Labs' Ray Pompon writes for HelpNetSecurity, discussing the grey areas of threat research and some common issues researchers encounter.

6月30日，首届工业互联网安全精英邀请赛颁奖典礼在2018年第二十二届中国国际软件博览会“软件之夜”盛典上隆重…

Gootkit malware uses misleading code to hinder manual research and automated analysis.

The Fourth of July is characterized by barbeques, fireworks, and patriotism – and now cyberattacks! Just this past Independence Day,...

The post Popular Social Media App Timehop Hit With Huge Data Breach appeared first on McAfee Blog.

新项目用的 PHP 7.1.13 版本，在使用过程中发现 浮点类型 数据经过 json_encode 之后会出现精度问题。 举个例子： $data = [ 'stock' => '100', 'amount' => 10, 'price' => 0.1 ]; var_dump($data); echo json_encode($data); 输出结果： array(3) { ["stock"]=> string(3) "100" ["amount"]=> int(10) ["price"]=> float(0.1) } { "stock":"100",

7月5日上午，2018年工业信息安全技能大赛开幕赛，西部赛区初赛启动仪式在四川大学望江校区体育馆正式拉开帷幕。…

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations.

记录在FastJson反序列化RCE漏洞分析和利用时的一些细节问题。

F5 Labs' Preston Hogue writes for SecurityWeek, discussing how the trend towards digital transformation is bringing data together in a way that provides intelligence to malicious actors.

Email has been the norm for decades now, as most digitally connected people use it to communicate in both their...

The post Gmail Users: App Developers Can Potentially Read Your Private Emails appeared first on McAfee Blog.

Policy（即策略）是在特定模型或者资源中组织授权逻辑的类，用来处理用户授权动作。 比如在博客程序中会有一个 Article 模型，这个模型就会有一个相应的 ArticlePolicy 来对用户

An F5 Labs researcher snoops on Tor exit node traffic from a load balancer. What he finds will shock you. SHOCK YOU.

IoT安全测试之通信测试环境及过程总结。

BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).

Verisign just released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. Verisign observed that 58 percent of DDoS attacks […]

The post Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types appeared first on Verisign Blog.