Aggregator

断断续续坚持了2个月，今天终于把《大明王朝1566》给听完了，讲的是明朝嘉靖三十九年到嘉靖四十五年之间，围绕

前言 距离上次写博客转眼已过去快三年，“空白”的这三年中也曾遇到很多有趣可成文的东西，但是因各种原因未能在此畅快抒怀。而在忙中偷闲的时候，也曾反省自己，以免迷失。回想最初入行安全的时候，全因一本早期的黑客杂志而对漏洞研究有了独特的热情，再后来在Wooyun看过前辈们精彩的漏洞之后更加坚定的将漏洞研究

前言近日，谷歌云威胁情报团队开源了一组YARA规则，以帮助防御者标记和识别Cobalt Strike及其版本

前几天看了两篇文章，觉得很不错，写一笔，就当笔记记录。 第一篇文章:https://jinone.github.io/bugbounty-dom-xss/ 作者写了自己通过自动化挖dom xss，差不多赚了3w刀左右。他分享了一些不错的漏洞案例。这里很感谢作者，无私分享思路出来，也给大家有了喝口汤的

世界杯激战正酣，网络赌球违法犯罪行为也在蠢蠢欲动。近年来，非法第四方支付平台已经成为网络犯罪的聚集、流转资金的重要渠道之一。

DDoS cyberattacks targeting European customers on the Akamai Prolexic platform are increasing worldwide, In response, Akamai unveiled its new DDoS solution.

EdgeWorkers and EdgeKV lets you set feature flags that tailor content to different website visitors.

We spotted a new Microsoft Exchange zero day and more security infrastructure vulns, as well as all of the usual suspects, in this month’s installment on vulnerability targeting.

第一届PKU GeekGame来了，题目的点套的太多了，太顶了，打得比较自闭。

As more organizations move to hardware tokens and password-less auth (e.g. Yubi-keys, Windows Hello for Business,…) attackers will look for other ways to to trick users to gain access to their data. One novel phishing technique is by using the OAuth2 Device Authorization Grant. This post describes how it works with Microsoft AAD as example. Attacker initiates the phishing flow The attacker starts a Device Code flow by issuing a request to the device code token endpoint (e.

Focus on API security as part of your digital bonding strategy, because APIs are already connecting your business activities.

友情转载

这么重大的新闻不得提前来爆个料！

Misconfigurations with MFA setups are not uncommon when using AAD, especially when federated setups or Pass Through Authentication is configured I have seen MFA bypass opportunities in multiple production tenants. A common misconfiguration is that MFA is enforced at the federated identity provider, but AAD is forgotten and ROPC authentication still succeeds against AAD. To learn more about ROPC, check out the previous post about the topic. This post focuses on the ropci features that can be leveraged post-exploitation.

随便写写

只要肯努力，就会有进步

小公司的DevOps原则

Akamai?s partnerships with Teneo and Bytes Software Solutions help us to adapt, grow, and innovate in an ever-changing landscape.