Aggregator

The L in Linux Stands for Lateral Movement

1 year 4 months ago

Stiv Kupchik

8Base Ransomware: A Heavy Hitting Player

1 year 4 months ago

The 8Base ransomware group has remained relatively unknown despite the massive spike in activity in Summer of 2023. The group utilizes encryption paired with “name-and-shame” techniques to compel their victims to pay their ransoms. 8Base has an opportunistic pattern of compromise with recent victims spanning across varied industries. Despite the high amount of compromises, the … Continued

The post 8Base Ransomware: A Heavy Hitting Player appeared first on VMware Security Blog.

Deborah Snyder, Fae Carlisle, Dana Behling and Bria Beathley

几行代码实现 Sliver 样本上线通知

Medi0cr1ty

1 year 4 months ago

Sliver是一个好用的 C2 平台，支持多协议，样本混淆，代理，交互式 Shell ，并集成部分后渗透工具。

CVE-2022-42475-FortiGate-SSLVPN-HeapOverflow

Swing'Blog 有恨无人省

1 year 4 months ago

CVE-2022-42475

Swing

IT-OT Security Convergence Key to Optimizing Risk Management

Trend Micro | Newsroom (Cyberthreat )

1 year 4 months ago

Inclusion in Tech: Discover Diverse Career Paths for Women in Tech

The Akamai Blog

1 year 4 months ago

Hema Patel discusses inclusive career paths, cancel culture in the workplace, and defying the traditional education limitations for women in tech.

Tashema Nichols-Jones

漏洞分析｜死磕Jenkins漏洞回显与利用效果

GobySec

1 year 4 months ago

Jenkins 反序列化漏洞作为优化案例，分享我们的解决漏洞问题的方式。

CSO们关注的软件供应链安全十个关键问题

墨菲安全

1 year 5 months ago

万字长文：和超过 180家各行业企业的安全负责人和一线工程师们一起交流关于企业软件供应链治理问题过程的一些收获，把大家讨论和关心的共性问题做一些总结和提炼，然后也结合在软件供应链产品上的一些思考，分享给大家

New techniques added to the NCSC’s ‘risk management toolbox’

NCSC Feed

1 year 5 months ago

Refreshed guidance published to help practitioners manage cyber risk.

sql server注入rce实践 - 飘渺红尘✨

博客园_飘渺红尘

1 year 5 months ago

背景:在漏洞挖掘中，合理的利用sql注入，可以把注入转换成rce，使一个高危漏洞变成严重漏洞。在红蓝对抗中，利用注入rce，实现内网横向移动。笔者基于漏洞挖掘和红蓝对抗上遇到的sql server注入做了个sql server的rce实践总结。 1.如何判断sql server是否可以rce? se

飘渺红尘✨