Aggregator

这篇文章最早写于今年6月，时值FireEye宣布出售产品业务给私募财团STG。笔者作为一个长期关注FireEye的前产品经理，比较感兴趣这次分拆出售的原因以及带给Mandiant未来发展的变化，对此做了进一步分析，现分享给大家。

【HTB系列】Driver

目录: 一、产品概述 1.1、App端防护能决哪些安全问题 1.2、如何为应用开启App防护 二、产品整体框架 三、初始化逻辑 四、环境检测与设备指纹 五、签名流程 六、算法还原 七、总结 一、产品概述 对旧版产品本感兴趣的可以移步到这里：https://mp.weixin.qq.com/s/S6B

一、分析背景 2021年已经接近尾声，回顾今年的 crypto currency 市场，在大洋彼岸，NFT 无疑是最具热点的话题和方向。随着 OpenSea 等平台的崛起，市面上的 NFT 项目也层出不穷。 卫报：NFT市值突破220亿美金 众所周知，NFT 项目强依赖于社区与热点，那么我们如何评估一个 NFT 项目的优劣，如何才能为投资行为提供强有力的支撑依据呢？ 在本文中，笔者分享一下前段时间与加密货币行业某一级市场 VC 合作的 NFT 相关的数据分析实践。 二、评估指标介绍

我们会继续免费。

To me, Diversity & Inclusion means a new way of thinking and engaging with society. It seems to be one of the most popular phrases that every person sees on the internet every day. I have been appointed as an ambassador of D&I for Akamai?s Asia-Pacific Japan region, and have been learning the essential principles along with some of my colleagues for the past several months.

App防护提供的SDK安全方案解决以下原生App端的安全问题： 恶意注册、撞库 短信、验证码接口被刷 薅羊毛、抢红包 恶意秒杀限时限购商品 恶意查票、刷票（例如，机票、酒店等场景） 价值资讯爬取（例如，价格、征信、融资、小说等内容）

App防护提供的SDK安全方案解决以下原生App端的安全问题： 恶意注册、撞库 短信、验证码接口被刷 薅羊毛、抢红包 恶意秒杀限时限购商品 恶意查票、刷票（例如，机票、酒店等场景） 价值资讯爬取（例如，价格、征信、融资、小说等内容）

前言 在 上一篇文章 中，我们知道了 Yar 通信协议的格式及作用，还提到了在 Yar 客户端发送请求前和收到响应后，需要先对数据进行编码与解码才能继续进一步操作。 今天我们

I decided to pursue a career in IT after working as a support engineer for internal employees as part of my very first job. It immediately opened my eyes to something that I found as interesting as I did shocking: Lots of people don?t understand information security ? and what?s more, they don?t protect their personal data.

关于Log4j2系列漏洞的原理、绕过及修复的完整总结。

The Log4Shell vulnerability is here to stay. There is a lot of speculation about the scope and true impact of the vulnerability: While many have labeled it ?severe,? information is limited on how widespread the risk is. In order to shed some light on the issue, Akamai Threat Labs is utilizing its visibility into numerous data centers worldwide to assess the actual risk Log4Shell poses to organizations.

With a comprehensive security stack, Akamai?s application security solutions defend your entire ecosystem from threats. But before you can reap the benefits that come with application security, you need to create a configuration with Akamai?s APIs. Our Developer Advocacy team is here to walk you through the process so you can achieve Infrastructure as Code ? or, as we like to call it here, Akamai as Code. Akamai as Code has the ability to support all the DevSecOps practices you know and love, such as automating repetitive tasks and streamlining configurations and workflows, along with reducing manual work and errors.

在攻防对抗过程中，为了防止蓝队从IIS日志中分析到有用的信息，需要对IIS特定日志进行隐藏。

定位写日志逻辑

The series of vulnerabilities recently discovered in Log4j2 has shocked the internet. As part of our continuing research, on December 17, Hideki Okamoto from Akamai found and responsibly reported an additional denial-of-service (DoS) vulnerability, which was assigned as CVE-2021-45105.

【特别推荐】Zero Project：深入研究 NSO 的零点击 iMessage 漏洞

这是一个影响 Apache Log4j 2.14.1 及更早版本的关键 (CVSSv3 10) 远程代码执行 (RCE) 漏洞

How to start the journey to zero trust architecture once you have decided it meets your business requirements.