Aggregator

大家好！这里是219攻防实验室！你一定没有听说过我们，因为我们刚成立不久。219攻防实验室专注于前沿攻防研究

myeclipse 报错 integrity check error

web 安全 不安全的HTTP方法

Optimize network performance with SD-WAN integration to automatically route traffic to the nearest Akamai Secure Internet Access point of presence.

无规范不成架构

背景在linux系统上执行二进制文件一般会用到execve系统调用，比如下面的执行sleep 1000[ro

The holiday season is around the corner, which means phishing season is too. Akamai Security Research details the new ways adversaries are abusing the holidays.

Every Patch Tuesday stirs up the community. See Akamai's November insights and recommendations on what to focus on, and patch, patch, patch!

Forrester?s quick start cards cover 18 common issues with cloud migrations and operations, and suggest actions to mitigate each one.

不只是双倍积分奖励

Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly...

The post The Medibank Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.

环境

• ubuntu22.04
• ADS + optee-fvp

调用流程梳理

这里直接从optee-examples中最简单的hello world入手来看的，从宏观上来看整个调用流程是 :

1
CA --> optee client --> tee driver --> ATF --> TEE --> TA

本文是实战中遇到的一个技术点。很多时候我们使用内存马都是反序列化漏洞利用后一条龙直接植入。但有时候我们也会遇到命令拼接等问题获取到的权限，此时仅仅有命令执行而非代码执行的权限。常规的jsp马、cc等手段均无法作为后门，我们该怎么办？

对一些 Android 逻辑漏洞的梳理。

Background

TrapFuzz的思路Fuzzing Android native库，这就是个简单的Demo，只针对黑盒的库。

前言

在今年的ByteCTF中，我出了一道pwn题目，距离上一次打比赛/出题已经过去很久了，所以传统的 heap trick 就没有考虑，而是从我日常工作中挖掘的安全风险入手，简化场景，出了一道 chatroom ，看起来像一个web的奇怪题目。