Aggregator

How to defend your organisation from email phishing attacks.

Life find its way.

仙人把碗扣下，问里面有几颗豆子。然后，仙人就不见了，只剩下那只碗。一开始大家不信他是仙人，以为就是个变戏法的。

A couple of weeks ago hidden prompt injections were discovered and we covered it at the time. This video explains it in more detail, and also highlights implications beyond hiding instructions, including what I call ASCII Smuggling. This is the usage of Unicode Tags Block characters to both craft and deciper hidden messages in plain sight. Using Unicode encoding to bypass security features or execute code (XSS, SSRF,.

新的一年希望自己能多读书，也会把自己的一些感触记录在这里。想到哪写到哪，不成体系，仅为记录。

Taking a data-rich approach to security is the most effective way to stay a step ahead of today?s quickly evolving API threats.

相比於去年跟前年，今年的 web 題難度有顯著降低了不少，變得更平易近人了，靠著隊友的努力拿下了第一名，而 web 題也只剩一題沒解出來。

這次我基本上只解了簡單的 funnylogin 跟難的 safestlist，其他都是隊友解開的，還有另一題 another-csp 有看了一下，因此這篇只會記我有看過的以及比較難的題目。

如果想看其他題，可以參考其他人的 writeup：

1. st98 - DiceCTF 2024 Quals writeup
2. 0xOne - 2024 Dice CTF Write up [Web]

官方提供的所有題目原始碼：https://github.com/dicegang/dicectf-quals-2024-challenges

關鍵字列表：

1. crash chromium
2. slower css style
3. xsleak
4. URL length limit
5. service worker
6. background fetch
7. connection pool + css injection
8. iframe width + css inection

Discover insights into the drawbacks of a proposed ban on open-source SDR, and explore the argument for enhanced security measures to strike a balance between innovation and safeguarding against vulnerabilities in wireless systems.

使用过 React 构建应用的开发者对 React Context 一定不会陌生。在 React 的世界中，相比于把 prop 不断透传给下一层子组件（prop-drilling），React Context 可以更优雅地自上而下将数据从父组件传递到深层级的子组件、并确保数据在不同子组件之间保持一致。不过，Context 绝不是仅属于 React，在 JavaScript 中 Context 一样可以大展拳脚。

七月在野，八月在宇，九月在户，十月蟋蟀入我床下。

当窗外升起第一朵新年烟花时，当躺平了一整个月的欧洲

当窗外升起第一朵新年烟花时，当躺平了一整个月的欧洲

Active Directory attributes play a crucial role in managing user accounts and group memberships within Windows environments. Attributes such as SAMACCOUNTNAME and USERPRINCIPALNAME are often targeted for username enumeration and phishing attacks. The...

Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year

Insecure Container Images Using Trivy: trivy -q -f json : | jq '.[] | select(.Vulnerabilities != null)' This command uses Trivy, a vulnerability scanner for containers, to scan a specific container image (:

玉兔呈祥辞旧岁，金龙献瑞迎新春。癸卯兔年的脚步声逐渐远去，甲辰龙年的钟声即将敲响。

祝愿DataCon的朋友们，福龙高照，蒸蒸日上，虎步龙行，步步无畏！