Aggregator

过程曲折,功夫不负有心人！ 我是要成为教育王的男人

这周比赛太多了啊，1024这天摸鱼看了看这个“网信柏鹭杯”大学生网络空间安全精英赛，随便水了几题。

利用CodeQL梳理接口

Summary IBM X-Force Incident Command is following a breaking story regarding Nobelium and its ongoing espionage campaign. Nobelium is the same group responsible for the 2020 SolarWinds attack. Threat Type Espionage Overview IBM X-Force Incident Command is following an espionage campaign purportedly being carried out by Nobelium. Tracked by IBM as Hive0099, this group is the same group responsible for the 2020 SolarWinds attacks. Microsoft released an advisory on October 24, 2021 detailing the ongoing nature

【漏洞研究】存在十年之久的PHP-FPM 本地根漏洞

零、影响范围12infected: mysql-connector-java <= 8.0.36fixed:

Business email compromise is anything but awesome. According to the FBI, in 2020 cybercriminals cost US companies 2 billion through exploitation of business email systems. I started an Awesome list to try and compile all of the links that I had previously just kept in my head for reference when doing a BEC investigation. It’s […]

本文来自宽字节安全第一期学员zy投稿。第二期线下培训预计十一月底开班，欢迎咨询。0x01前期ｗｅｂ打点接到某

讲一讲代发现漏洞的白帽子申请 CVE ID 的过程

To begin with

本来没打算写陇剑的内容，线下的流量分析做的一般，patch部分也没有太多可写的，但借着分享的机会，对设

《SRC行业安全测试规范》增加处罚措施说明

Xcheck的C/C++检查引擎介绍与实际漏洞检测案例。

逛推特发现一个新的lolbin

For decades, Akamai has been focused on solving tough problems for our customers. We started by addressing the challenges of the ?World Wide Wait,? and quickly started to leverage our edge network?s scale, proximity to users, and expert operations staff to mitigate security threats for our customers. Today, Akamai has category-leading solutions including DDoS, web app and API protection, bot management, and Zero Trust Network Access. Given the incredible surge in ransomware attacks, we are excited to be adding Zero Trust segmentation to our portfolio through the acquisition of Guardicore.

Ransomware attacks continued to proliferate in Q3 as governments and law enforcement ratchet up the pressure of the cyber extortion economy

新鲜出炉，敬请期待！

阿里云安全团队向Oracle官方报告了MySQL JDBC XXE漏洞

使用文件 Hash 值作为 NPM 包版本号，无需维护每个文件的版本状态

Creating an encrypted HTTPS website depends on a lot more than simply throwing a digital certificate at it and hoping for the best. In fact, Transport Layer Security (TLS) and HTTPS misconfigurations are now so commonplace that in the 2021 OWASP Top 10, Cryptographic Failures now comes in second place....