"Do what I mean!" - time to focus on developer intent
In this post I propose that the software development community should work on developing and then standardising security-related libraries that focus on what the developer is trying to achieve.
Aggregator
WebPocket渗透测试辅助框架
5 years 8 months ago
WebPocket 是一个轻量级渗透测试辅助框架,使用Python3.7构建。
创新沙盒,谁会是被收购目标? - RSAC2019之二
5 years 8 months ago
前天,Verizon宣布收购2016年创新沙盒入围公司ProtectWise。上周,PANW以5.6亿美元收
「日记」CMakeLists使用笔记
5 years 8 months ago
cmake
Good Bots, Bad Bots, and What You Can Do About Both
5 years 8 months ago
Not all bots are bad, but for those that are, you need a multi-pronged strategy for keeping them off your network.
What MWC 2019 Shows Us About the Future of Connectivity
5 years 8 months ago
The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress...
The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blog.
McAfee
February 2019 Security Releases
5 years 8 months ago
从零搭建配置Cuckoo Sandbox - Vicen
5 years 8 months ago
1.安装依赖 中间可能出现的问题解决: 1. libffi-dev : 依赖: libffi6 (= 3.2.1-4) 但是 3.2.1-6 正要被安装 2. python-magic : 依赖: libmagic1 (< 1:5.25-2ubuntu1.1.1~) 但是 1:5.28-2ubunt
Vicen
powershell命令教程 - Vicen
5 years 8 months ago
Powershell 是运行在windows机器上实现系统和应用程序管理自动化的命令行脚本环境。
Vicen
创新沙盒,由开源商业模式说起 - RSAC2019之一
5 years 8 months ago
创新沙盒评论愈发难写,介绍入围者的文章多到汗牛充栋,读者并不感冒浅尝即止的内容,堆砌华丽词藻更会被嗤之以鼻,亟需找到一些独特的角度才能满足眼界变高的读者们的胃口:抛弃吹捧,透过花哨探究本质,试图不放过产品和业务的弱点。
system call analysis: mount
5 years 9 months ago
Terenceli
现代化网站的渗透测试
5 years 9 months ago
对现代化网站的渗透测试的思考 前言 首先定义本文所说的现代化网站. 现代化网站是指符合以下多个特征的对外服务. 储存,数据库,网站程序等服务器高度分
WinRAR漏洞复现过程
5 years 9 months ago
0x01 漏洞描述
近日Check Point团队爆出了一个关于WinRAR存在19年的漏洞,用它来可以获得受害者计算机的控制。攻击者只需利用此漏洞构造恶意的压缩文件,当受害者使用WinRAR解压该恶意文件时便会触发漏洞。
浮萍
Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in January 2019
5 years 9 months ago
January threat actor activity focused heavily on exploiting a ThinkPHP remote code execution vulnerability and infecting vulnerable Oracle WebLogic systems with a Mirai variant.
TTPs & IOCs & 痛苦金字塔
5 years 9 months ago
之前介绍了 Richard Bejtlich 和 Robert M. Lee 就 hunting 术语定义进行的博客辩论。这次讨论还衍生出关于 TTPs 和 IOCs 的问题。今天的分享将围绕这个话题。
Padding Oracle + CBC 字节翻转学习
5 years 9 months ago
DNS Rebind 在 SSRF 中的作用
5 years 9 months ago
这几天沉迷 hgame, 题目质量还是不错的, 其中有一题用到了 DNS rebind, 这里重新记一下笔记. 因为我估计也没多少人看我博客 233, 就直接写了, 不等比赛结束了.
NCSC advice for Dixons Carphone plc customers
5 years 9 months ago
Advice for Dixons Carphone customers following its data breach.
安卓APP测试之双向证书认证
5 years 9 months ago
0x01 前言
在《安卓APP测试之HOOK大法-Frida篇》文章中有一个双向证书认证没详细说明,经过孔已己的提示,现在补充一下。
浮萍
Opening statement to the Intelligence and Security Committee 20 February 2019
5 years 9 months ago
Speaking Notes for the Opening Statement to the Intelligence & Security Committee by Andrew Hampton, Director-General, Government Communications Security Bureau.