Aggregator

Laravel反序列化学习

给公司公众号写的一篇文章，最开始也是想写写创新沙盒的全产品分析，后来老板说工作不饱和才写文章，然后我工作当然饱和了，就写写夺冠产品吧

5月14日，XStream官方发布安全更新，修复了一个严重漏洞CVE-2021-29505，通过该漏洞，攻击者构造特定的XML，绕过XStream的黑名单，最终触发反序列化造成任意代码执行。

While examining my honeypot logs and digging through the newly downloaded binaries last week, I noticed a large compressed file. I figured it would be a crypto miner, typically a tar archive and gzip (normally erroneously) compressed. I moved the archive over to my test lab and started examining the contents.

文章首发于 https://forum.butian.net/share/134 前言 代码路径 https://gitee.com/jishenghua/JSH_ERP 软件版本 华夏ERP_v2.3.1 源码审计的流程都是一样，从外部输入点开始跟踪数据流，判断数据处理过程中是否存在一些常见的漏洞

文章首发于 https://forum.butian.net/share/124 概述 上一篇文件介绍了luaqemu的实现，也提到luaqemu并没有对中断相关api进行封装，本节主要基于stm32f205-soc的实现来介绍中断的仿真，并提供一个用于测试qemu设备模拟的裸板程序来测试中断的仿真

文章首发于 https://forum.butian.net/share/123 概述 在嵌入式安全领域常常需要分析各种不同形态的固件，如果需要动态执行某些代码或者对固件进行Fuzzing测试，则需要对固件代码进行仿真，常用的仿真工具一般为qemu和unicorn。unicorn适合模拟执行固件中的

解决了多少问题，解决了多大问题，是衡量个人价值和团队价值的标准之一。

介绍众所周知在企业内部：安全部门、IT部门、负责漏洞管理以及降低企业内部风险的团队所处的环境经常会面对高频的

旧系统在重装之前备份到了 dd 镜像，而重装完了之后发现有些文件遗忘在了原先的 EFI 分区。我将在这篇 post 中简单讲述我是怎么将 dd 镜像里的分区挂载到系统并且取回文件的。

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President Biden acknowledged that the United States and many other governments around the world are facing increasing malicious cyberattacks. In order to prevent, and recover from security incidents, the President is pushing to significantly improve the government's security stack, including the implementation of multi-factor authentication (MFA). In this post, I'll discuss how the government's plan to leverage MFA could be even better.

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems.

In the present age, patients now use smartphone apps to schedule doctor's visits, contact insurance companies, and get prescriptions instead of picking up the phone.

We all know the damage ransomware can do - but how does ransomware actually spread? Our blog shows you how - and how it can be stopped.

背景 互联网上有许多可用的Json序列化和反序列化的工具，例如fastjson，jackson,Gson等等，那么，我为什么还要自己写一个？ 项目不方便依赖其他第三方库。比如有时候我们编写SDK，考虑到SDK体积和用户可能重复依赖而不依赖第三方库 自己想写 介绍 这个项目被我取名为Lson，意为Lu

关于网络安全（物理层面）的启示

本篇文章将介绍如何使用SWD调试门锁

With so many people around the globe seeking socially distanced fun and solace, at-home entertainment has never been more important. XITE aims to offer the best music video experience in the world. Akamai is delighted that this exciting, interactive video platform chose to work with us to provide high-quality, secure online video, which enables XITE to deliver on the experience its fans have come to love.

The 2021 version of F5’s continuing analysis of the application security threat landscape explores ransomware, payment card theft, and account takeover.