Aggregator

目录: 一、电商类APP业务风险类型 二、设备指纹在业务中的应用 三、整体框架 四、初始化流程分析 五、反爬虫mtgsig签名 六、设备指纹分析 七、设备指纹攻击 八、黑产工具特征检测 九、总结 一、电商类APP业务风险类型 电商行业的各个业务场景面临不同的风险种类：客户端漏洞利用、协议逆向、注册小

This post is part of a series about Offensive BPF that I’m working on to learn about BPF to understand attacks and defenses. Click the “ebpf” tag to see all relevant posts. In the previous posts I spend time learning about bpftrace which is quite powerful. This post is focused on basics and using existing BPF tools, rather then building new BPF programs from scratch. Living off the land: bpfcc-tools Performance and observability teams are pushing for BPF tooling to be present in production.

漏洞描述Apache HTTPd是Apache基金会开源的一款流行的HTTP服务器。2021年10月8日Ap

威胁情报的体系思考

Guidance to help you assess the security of voice, video and messaging communication services.

On September 29, Ash Daulton, along with the cPanel Security Team, reported a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.29 to the Apache security team. The issue was fixed within two days, under CVE-2021-41773, and the patch was released on October 4. Apache urged to deploy the fix, as it is already being actively exploited.

2021年10月，福布斯发布了一篇关于美国FBI秘密命令谷歌提供任何输入特定搜索词的人员数据，其中提及到多份

中秋翻完了《六神磊磊读金庸》，趁着国庆闭环输出些内容。

This post is part of a series about Offensive BPF that I’m working on to learn how BPFs use will impact offensive security, malware and detection engineering. Click the “ebpf” tag to see all relevant posts. In the last few posts, we talked about a bpftrace and how attackers can use it to their advantage. This post is about my initial ideas and strategies to detecting malicious usage. Detecting BPF misuse There are a set of detection ideas for Blue Teams.

Every day, Akamai?s Threat Research team tracks and mitigates phishing attack campaigns to help keep our customers ? and their reputations ? protected. Recently, they tracked an orchestrated attack campaign comprising more than 9,000 domains and subdomains, mainly targeting victims located in China. The phishing scam was abusing more than 15 high-profile and trusted brands spanning ecommerce, travel, and food & beverage industries. By using well-known brand names, the threat actors attempted to engage victims to participate in a quiz that, once completed, would result in winning an attractive prize. Akamai refers to this malicious modus operandi as a ?question quiz? phishing attack campaign.

DDoS and AppSec attacks impacting the ANZ region (Australia and New Zealand) have been in the headlines of late, with several high profile companies seeing prolonged outages and leading to speculation as to whether the region is being specifically targeted? Let?s take a closer look at the types of attack vectors and malicious activity we?ve seen focused on customers down under.

Think how many websites you visit or videos you stream. Do you check your bank account or transfer money, download apps, play music, share updates on social media, or use the internet for any of the thousands of other digital experiences it enables every day?

创造价值绝对是一件美好的事:-)

"任何职业都可以成为黑客。" ——引自《黑客伦理与信息时代精神》。线下就业班宽字节安全线下就业班 第二期，于

This post is part of a series about Offensive BPF that I’m working on to learn how BPFs use will impact offensive security, malware and detection engineering. Click the “ebpf” tag to see all relevant posts. In the last post we talked about a basic bpftrace script to install a BPF program that runs commands upon connecting from a specific IP with a specific magic source port. This post will dive into this idea more by leveraging more a complex solution.

Summary According to multiple sources, an Apache zero-day vulnerability that purportedly was being exploited in the wild has been patched. The vulnerability involved the HTTP Web Server project, as reported by The Record. Overview An actively exploited vulnerability in Apache's HTTP Web Server has been patched as of Monday, October 4. The vulnerability, CVE-2021-41773, affects only Apache web servers running version 2.4.49 and involves a bug in how the Apache server converts different URL path schemes. This

A lot has already been written about the Facebook outage earlier this week. In case you missed it (if that?s possible), Facebook, Facebook Messenger, Instagram, and WhatsApp were all down for several hours on Monday. Facebook provided an update on the cause of the outage late Monday, citing a configuration change on their backbone routers as the root cause, with additional details in a subsequent blog post.

Understand why it's important to refine your organization?s approach. See how to enact a security model that protects your business and enables growth.

GitHub Link https://github.com/hac425xxx/heap-exploitation-in-real-world 概述 本文将以多个真实的堆相关的漏洞以及一些高质量的研究文章为例，介绍在真实漏洞场景下的堆利用技巧，主要是介绍各种现实漏洞场景的堆布局技巧。 vuln o

DNS is better known, but some recent high-profile outages are a reminder that Border Gateway Protocol (BGP) failures can take sites down too.