Aggregator

实际工作中的一些思考，欢迎交流

我爱这精彩的世界 交织着太多的悲喜 我爱这精彩的电影 如梦幻如空花 我那总沉默的朋友 你让我感觉到力量 曾在我心中的伤痛 如过眼的云烟

术语WordPressWordPress是一个以PHP和MySQL为平台的自由开源的博客软件和内容管理系统。WordPress具有插件架构和模板系统。截至2018年4月，排名前1000万的网站中...

术语WordPressWordPress是一个以PHP和MySQL为平台的自由开源的博客软件和内容管理系统。WordPress具有插件架构和模板系统。截至2018年4月，排名前1000万的网站中...

根据安全团队定制化协同管理项目安全，可快速查找历史漏洞，快速预览漏洞分布图，项目域名自动归类，批量导出报告，脱离编写报告苦恼。

CobaltStrike是一款渗透测试神器，支持http/https、tcp、smb等多种通信方式。

在hvv防守方、应急响应等场景中，都有检测CobaltStrike的需求。

Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the data required to use advanced features in Adaptive Acceleration such as Script Manager, Automatic Server Push, and Automatic Preconnect.

本文介绍beyondProd的实现架构、关键技术。

推荐阅读这篇文章。有攻有防，砥砺前行。推荐语只能 120 字，我把其它的想法和解决方案附在文末。

JumpServer 是全球首款开源的堡垒机

渗透过程中在有数据库权限的情况下如何解密?

通过对源代码的阅读，记录如下

This post is part of a series about Offensive BPF that I’m working on to learn how BPFs use will impact offensive security, malware, and detection engineering. Click the “ebpf” tag to see all relevant posts. One of the issues I ran into when trying out sslsniff-bpfcc was that it did not work with Firefox or Chrome traffic. This post is about me learning how to hook user space APIs with bpftrace using uprobes.

要加油学习，不然太菜连挖洞的基础都没有——松鼠A

个人解读《2021年网络安全产业分析报告》

Breaking news: we just completed an 850-user pilot with Akamai MFA. In this blog, the first in a series, I?ll explain why we switched to Akamai MFA, how we ran our pilot, and employee feedback so far. Check back for my next blog, when we?re midway through our global deployment. A burglar checks for open windows. Neglecting to lock just one is like leaving the door wide open. In the same way, cyber attackers look for the easiest user accounts to take over ? whether that?s network access credentials, email, on-premise applications, or cloud/SaaS applications. If they?re lucky, they can also use the stolen credentials to breach other systems, an action known as lateral movement.

使用函数的风格调用 JS 方法。如何做到简单且无副作用。

immunityinc公司也是成立很久的老牌安全公司了,不过人家以攻促防，了解一下immunityinc公司

写下这个标题估计就已经要被骂死了，谁让自己很厚颜无耻的在前面立下了flag。读者们可能已经注意到我实际上已经

Today you are in for a special treat. Did you know that an adversary can hide a smaller image within a larger one? This video demonstrates how a small image becomes magically visible when the computer resizes the large image, and also how to mitigate the vulnerability. This is possible when vulnerable code uses insecure interpolation. If you like this one check out the overall Machine Learning Attack Series.

作为国内第一本正式出版的、普及威胁情报技术的专业书籍，由天际友盟的技术团队共同编写的《网络威胁情报技术指南》