Aggregator

2024年1月25日，Jenkins 官方披露 CVE-2024-23897 Jenkins CLI 任意文件读取漏洞。

2024年1月25日，Jenkins 官方披露 CVE-2024-23897 Jenkins CLI 任意文件读取漏洞。

2024年1月25日，Jenkins 官方披露 CVE-2024-23897 Jenkins CLI 任意文件读取漏洞。

今天整理文件时，突然看到了两三年前写的蜜罐，现在看来也没什么用了，里面用到的漏洞早就都修复了，索性就开源了吧，后续有类似的漏洞出来也可以依据这个来修改下。

开源地址：

Once you've migrated to the cloud, you need to prioritize your cloud cybersecurity. These three resources from CIS can help.

This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’ blog post, we highlighted that the sleep mask is a common target for in-memory YARA signatures. In that post we recommended using the evasive sleep mask option to scramble the [...]

Read More... from Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM

The post Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM appeared first on Cobalt Strike.

roadmap

之前在 iosre看到一张比较系统的iOS逆向学习路线图，因为接触过一段时间macOS上服务的漏洞挖掘，所以对*OS安全还是挺有兴趣的，也一直想系统性地学习下iOS逆向，之前的一直不成体系，也很零碎，正好对着这个图重构下知识体系。

It’s been four years since the release of The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. Since then, many organizations have found it highly valuable for building or improving their privacy programs. We’ve also been able to add a variety of resources to support its implementation. We’re proud of how much has been accomplished in just a few short years, but we’re not resting on our laurels. As another, more famous, Dylan once said, “the times they are a-changin’.” For example, the past year has seen the release of the NIST AI Risk

工业互联网是传统制造业数字化转型的必然选择，工控设备数据安全在工业数据安全中具有关键地位。本文旨在探讨数据安全体系建设中，围绕工控设备数据构建的防御机制和薄弱点。通过具体案例揭示工业数据安全问题的实际影响。

CounterCraft's co-founder, Dan Brett, explains how they turn the tables so that social engineering can be used to protect organisations from attackers.