Aggregator

Information for red teaming macOS and info on real world TTPs are still a bit sparse. That makes it difficult for defenders to know what attackers do on macOS compared to Windows. Some organizations might have a bigger blind spot when it comes to macOS. This post describes how an adversary can grab hashes from a macOS machine, how to convert it to a hashcat friendly format and use hashcat to crack it.

Despite how they sound, Spring4Shell and the related vulnerabilities in the Spring Framework aren’t exactly like Log4Shell. Learn how they work and what you can do.

响应Lake2大佬的号召，我开通了这个公众号，用于记录一点零散的文字总结，第一篇，以发一个小工具开始。

这里有我当初学习CodeQL的时候记录的所有的笔记，还有一些我自己的总结，一股脑公开了，希望对你有用🤷‍♀️ 至于文档的顺序，我并没有整理

spring 的rce的写文件的poc 是有严重缺陷

3月29日，Spring Framework 存在远程代码执行漏洞，在 JDK 9 及以上版本环境下，远程攻

混合办公（Hybrid Work）安全的三年技术落地趋势推演。"端到端零信任"大的版图。

Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching campaigns for crypto-mining, ddos, ransomware, and as a golden ticket to break into organizations for the next years to come.

When Spring, the Java-based application, fell victim to cyberattacks, Akamai's Adaptive Security Engine detected zero-day attacks and protected customers against them.

Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why.

春天

The applications we need to run inside our organizations can turn malicious, so how can we architect for this?

从去年开始 xray的yml poc升级到了v2版本和v1版本相比，执行流程上有了较大变化

Summary ***UPDATED March 30, 2022*** The Lapsus$ group is ramping up its already breakneck pace of infiltration, exfiltration, and extortion campaigns against several high profile companies including Microsoft, NVIDIA, Samsung, and others. Threat Type Threat Group Overview ***UPDATE #4, March 30, 2022*** Lapsus$ returns from its self-imposed hiatus to compromise Globant, a software services company. Images of data extracted as well as credentials for the DevOps structure were posted on the group's Telegram

After more than a year of dedication and hard work, we are delighted to officially announce the launch of our new Edge Diagnostics application on March 30, 2022. Diagnosing network and content issues quickly and effectively is critical to your success! Therefore the aim is to make the existing diagnostic tools faster, easier to navigate, more user-friendly, and with improved functionality and a developer focus in mind.

At Akamai and across the tech industry at large, best practices and tools are constantly evolving. To keep up with these changes, a passion for learning is key, especially among those who support and enable others. One Senior Enterprise Architect on Akamai?s Advanced Solutions team, Anthony Hogg, truly embodies this value.

Spring Cloud Gateway是Spring Cloud官方推出的第二代网关框架，取代Zuul网关。网关作为流量的，在微服务系统中有着非常作用，网关常见的功能有路由转发、权限校验、限流控制等作用。

写在前面一直有一个想法，想把统计学的知识复习一下，边复习边尝试把统计学应用到安全对抗领域中。之前一直写的都是