Aggregator

Akamai CTO Charlie Gero shows how the Log4j threat surface could extend to unpatchable embedded and IoT devices.

好久没有写文章了（2021年一年都没写……），随便开点新坑，从简单的代码来读起。从psproc工程下的ps代码开始。display.c: /***** no comment */int main...

在1990年代早期，一群数学家，不务正业者，黑客，和业余爱好者围绕着一个共同的信念走在一起，即，互联网要么会拆除人造的墙，要么会为一个奥威尔式的国家奠定基础。 这是Reason的Youtube频道2020年10月发布的关于密码朋克Cypherpunks的系列报道Cypherpunks Write Code。（https://www.youtube.com/watch?v=YWh6Yzr12iQ） 本公众号做了硬编码的中文字幕。

COW技术，爆出了巨大的漏洞，让父子进程间可以向对方泄露写过的新数据，成为了Linux内核的惊天大瓜。

刚好周末看到几篇Crunchbase的年终投融资和并购数据分析，从中摘出部分内容，供大家参考。

现实与理想之间，不变的是跋涉，暗淡与辉煌之间，不变的是开拓；没有比脚更长的路，没有比人更高的山。

While containers offer speed and flexibility that have not been possible before in the data center, they are also exposed to security threats such as ransomware, cryptomining, and botnets.

Learn about the widely used Java-based logging library Log4j and how its vulnerability and other capabilities presented a major opportunity to attackers.

Explore some of the Akamai Abuse and Fraud Prevention team?s predictions for the future of abuse and fraud protection in 2022 and beyond.

前言 今天这篇文章，主要介绍 Yar 客户端是如何实现远程调用的，进一步了解各个模块在远程调用的过程中都做了些什么。 客户端介绍 Yar 客户端的远程调用分为同步调用和并

A deconstruction of FluBot 5.0’s new communication protocol and other capabilities FluBot uses to hide, making it difficult for researchers and security solutions to detect.

0x00 引言这些年看到几个很有灵性的年轻人从一个啥也不懂的脚本小子一年时间就成长为业内漏洞挖掘机，一路交流

聊聊蚁剑新类型ASPXCsharp与ASP.NET下的内存马

前言 在前面几篇文章中，更多的是在研究 Yar 传输的内容，比如协议的格式是什么样的、如何对数据进行编码等等。 今天这篇文章，主要介绍 Yar 编码模块的结构体定义，以及

Summary IBM X-Force Incident Command is following a recent disclosure regarding a vulnerability in the in the Log4j Java library. A report by LunaSec details the vulnerability as well as mitigation strategies for the vulnerability. Threat Type Vulnerability Overview ***UPDATE #9, January 5, 2021*** One of the largest cryptocurrency platforms in Vietnam (ONUS) has been hacked using the Log4Shell vulnerability. The payment software used by ONUS, Cyclos was compromised and escalated due to misconfigurations an

Video game downloads and console updates helped game industry traffic peak at 125% above average on Christmas day according to Akamai, which supports more than 225 game publishers globally.

定义起点、关键路径、终点和时间轴四个维度，排列组合搜寻好的工作想法。

The last weeks of 2021 got quite interesting for security professionals and software engineers. Apache’s log4j library and its now prominent Java Naming and Directory Interface support, which enables easy remote code execution, made the news across the industry. What makes Log4Shell scary is the widespread adoption of the Log4j library amongst Java applications, and the ease of remote exploitation. A dangerous combination. Patches got released, bypasses were discovered more patches were released and so forth.