相信技术的力量 - RSAC 2020 (2)
“人的因素”促使我们更深刻认识到参与网络安全链条中的人员个体的差异和作用,用新技术去弥补防御方弱点、固化人员安全能力推广、并限制攻击者活动空间。
Aggregator
Ransomware Attacks: Cybercriminals Pinpointing Healthcare Organizations
5 years 8 months ago
No One is Invisible to Ransomware Attacks: Cybercriminals Pinpointing Healthcare Organizations In this challenging time, cybercriminals have their eyes on consumers and institutions...
The post Ransomware Attacks: Cybercriminals Pinpointing Healthcare Organizations appeared first on McAfee Blog.
McAfee
Codeql入门教程
5 years 8 months ago
Codeql 入门教程 首发于先知社区 codeql是一个可以对代码进行分析的引擎, 安全人员可以用它作为挖洞的辅助或者直接进行挖掘漏洞,节省进行重复操作的精
Spring Boot + H2数据库JNDI注入
5 years 8 months ago
Spring Boot + H2数据库JNDI注入
Spring Boot + H2数据库JNDI注入
5 years 8 months ago
Spring Boot + H2数据库JNDI注入
Spring Boot + H2数据库JNDI注入
5 years 8 months ago
Spring Boot + H2数据库JNDI注入
Spring Boot + H2数据库JNDI注入
5 years 8 months ago
Spring Boot + H2数据库JNDI注入
Spring Boot + H2数据库JNDI注入
5 years 8 months ago
Spring Boot + H2数据库JNDI注入
Spring Boot + H2数据库JNDI注入
5 years 8 months ago
Spring Boot + H2数据库JNDI注入
Spring Boot + H2数据库JNDI注入
5 years 8 months ago
Spring Boot + H2数据库JNDI注入
Parts of a Whole: Effect of COVID-19 on US Internet Traffic
5 years 8 months ago
Introduction In our previous post, The Building Wave of Internet Traffic, we looked at the traffic patterns across Europe and the effect the COVID-19 pandemic has had. We examined traffic in Italy, Poland, and Spain, and demonstrated how we observed...
Martin McKeay
Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
5 years 8 months ago
Chrome’s remote debugging feature enables malware post-exploitation to gain access to cookies. Root privileges are not required. This is a pretty well-known and commonly used adversarial technique - at least since 2018 when Cookie Crimes was released.
However, remote debugging also allows observing user activities and sensitive personal information (aka spying on users) and controlling the browser from a remote computer.
Below screenshot shows a simulated attacker controlling the victim’s browser and navigating to chrome://settings to inspect information:
管理者的几个特殊能力
5 years 8 months ago
继续聊聊管理工作中踩过的坑。本文体验下付费阅读功能,90%可免费阅读。
管理者的几个特殊能力
5 years 8 months ago
继续聊聊管理工作中踩过的坑。本文体验下付费阅读功能,90%可免费阅读。
管理者的几个特殊能力
5 years 8 months ago
继续聊聊管理工作中踩过的坑。本文体验下付费阅读功能,90%可免费阅读。
Java ASM3学习(2) - tr1ple
5 years 8 months ago
1.编译后的方法区,其中存储的代码都是一些字节码指令 2.Java虚拟机执行模型: java代码是在一个线程内部执行,每个线程都有自己的执行栈,栈由帧组成,每个帧表示一个方法的调用,每调用一个方法,都将将新的帧压入执行栈,方法返回时(不管是整成return还是异常返回),该方法对应的帧都将出栈,即按
tr1ple
Brazil Targeted by Phishing Scam Harnessing COVID-19 Fears
5 years 8 months ago
Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.
Or Katz
从更深层面看Shiro Padding Oracle漏洞
5 years 8 months ago
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序
临时处理OCSP域名无法访问的问题
5 years 8 months ago
之前的文章有提到过OCSP,现在本站用的 SSL 证书换成了 Let's Encrypt ,近期由于众所周知的原因,国内无法直接访问 Let's Encrypt 的 OSCP 域名,导致出现了不...
Holmesian
Java Instrumentation插桩技术学习 - tr1ple
5 years 8 months ago
Instrumentation基础 openrasp中用到了Instrumentation技术,它的最大作用,就是类的动态改变和操作。 使用Instrumentation实际上也可以可以开发一个代理来监视jvm的上运行的程序,可以动态的替换类的定义,就可以达到虚拟机级别的AOP实现,随时可以为应用增
tr1ple