Aggregator

这篇文章翻译自一篇多年之前的论文，原文作者是 Tarjei Mandt。原文系统地描述了 win32k 的用户模式回调机制以及相关的原理和思想，可以作为学习 win32k 漏洞挖掘的典范。早前曾经研读过，近期又翻出来整理了一下翻译，在这里发出来做个记录。原文链接在文后可见。

Security response headers are a critical security capability that all organizations should consider. This blog post is the first in a series that will discuss different security headers and go in-depth with how to configure them for maximum benefit.

F5 Labs' Preston Hogue writes for SecurityWeek, discussing how attackers might be targeting your data with an eye on a larger prize.

能够进入Gartner报告，对于国内很多公司来说，是一个很重要的荣誉。但是实际能进入的公司，却是凤毛麟角。下面我从我们青藤入围的经验来总结介绍一下进入Gartner报告的一些经验。

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks...

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blog.

F5 Labs' Ray Pompon writes for Help Net Security, discussing the dismayingly low number of firms whose CISO owns application security.

Introduction These days I think there is still necessity to write a tutorial series on Linux Kernel exploitation and hope to summarize the kernel exploitation techniques as following: (1) Kernel Debugging (2) Return-oriented-Programming in Kernel (3) Kernel Mitigation: KASLR, SMEP, SMAP (4) Kernel Space Memory Allocator: SLAB Allocator In this post, I will introduce how […]

中国人民公安大学 Chinese people’ public security university 网络对抗技术 实验报告 实验四 恶意代码技术 学生姓名 年级 2015 区队 四 指导教师 高见 信息技术与网络安全学院 2016年11月7日 实验任务总纲 2018—2019 学年 第 一 学期

中国人民公安大学 Chinese people’ public security university 网络对抗技术 实验报告 实验三 密码破解技术 学生姓名 年级 2015 区队 四 指导教师 高见 信息技术与网络安全学院 2016年11月7日 实验任务总纲 2016—2017 学年 第 一 学期

Many of us know that using a VPN (Virtual Private Network) adds an extra layer of security to our Wi-Fi...

The post The VORACLE OpenVPN Attack: What You Need to Know appeared first on McAfee Blog.

Seventeen years after the opportunity for abuse was made public, attackers are finding new ways to make use of this unpatched web crawler service.

Seventeen years after the opportunity for abuse was made public, attackers are finding new ways to make use of this unpatched web crawler service.

Seventeen years after the opportunity for abuse was made public, attackers are finding new ways to make use of this unpatched web crawler service.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team

Time for a Cyber Safety Check-Up? Aussies love the internet. And the statistics just confirm it. In 2018, 88% of...

The post Stay Smart Online Week 2018 appeared first on McAfee Blog.

0x00 前言 Java反序列化的漏洞爆发很久了，此前一直想学习一下。无奈Java体系太过于复杂，单是了解就花了我很久的时间，再加上懒，就一直拖着，今天恰好有空，参考@iswin大佬两年前的分析，我自己跟踪了一下流程，并按自己的想法重写了一下POC，在此做个记录。 0x01 漏洞环境搭建 首先我们需

Termux是一个 Android 终端模拟器以及提供 Linux 环境的应用程序。跟许多其他应用程序不同，无需 root 设备也无需进行设置。它是开箱即用的！它会自动安装好一个最基本的 Linux 系统，当然也可以使用 APT 软件包管理器来安装其他软件包。总之，你可以让你的 Android 设备