Aggregator

Java RMI的各种攻击方式本质上是利用对象传输过程中反序列化实现的

tomcat作为servelt容器，基于tomcat的内存马其实就是对servlet api的操作，如listener,filter或者servlet。

Although Gitlab is not as popular as Github, it’s common to run across it these days. Especially after Microsoft acquired Github it seemed more individuals and organizations flocked over to Gitlab. In this post I want to document a couple of recon commands that are useful post-exploitation, and for blue teamers to watch out for. Let’s assume one has access to a Gitlab Token as a precursor. Let’s walk through some interesting commands and script snippets to leverage to find out more.

介绍 Elkeid-RASP 的 Golang hook 如何实现。

北京银行旗下全资子公司北银金融科技公司具有国企背景，公司高层全部由北京银行派出的领导组成。北银金融科技公司员工同时享受市场化工资待遇、全额五险一金和北京银行员工的免费食堂三餐、培训机会、正式固定办公工位及更衣柜、洗衣券、节日礼品等福利。

0x00 前言 在上一篇文章中介绍了容器相关的风险，本文将目光集中在容器编排平台 K8s 上面，来简单的介绍一 […]

保持对一切的默认不信任（也就是默认怀疑一切），并做好持续验证的工作。

使用pytorch识别计算验证码

当我们决定开源全部课程以后，很多安全行业的同仁，给予了不少的关心。有认为我们倒闭了的，也有老生喊退钱，结果他母亲给公众号点赞的。还有大哥给我介绍精神科医生的......

使用 DFA 实现一个安全、可靠的 HTML 富文本过滤器。

炒一下冷饭：Elevate Privileges via WebClient in Domain Computer

Black Box: Virtual Machine, Clone-and-Pwn. This is a challenge that is two years late about CVE-2020-14364. Enjoy it :)

With Ukraine moving beyond the brink of war with an official invasion by Russia underway, organizations both near and afar must brace for potential repercussions in the form of crippling cyberattacks and intrusions. Already Ukraine has been bombarded with DDoS assaults aimed at taking down government sites, communication providers, and financial institutions.

A lot has happened since we published our January recap blog. Akamai launched a new documentation site on readme.io, we started a new season of Terraform Tapas, and we saw many amazing contributions from our Developer Champions.

Clash RCE

俄乌战争不仅在线下影响着世界，在网络层面带来的损失很可能不亚于实际的空袭与炮击。

CVE-2022-21724 PostgreSQL JDBC Driver RCE 分析

Akamai?s security and network teams use our vast view of internet activity to closely monitor and act upon potential cyber threats, and we are taking appropriate measures to review our defensive posture and ensure the integrity of Akamai systems and the Akamai network.

Two new pieces of NCSC guidance replace Good Practice Guides 43 and 53.

The Technical Enablement and Education team, part of Akamai?s Global Services organization, has won a coveted Brandon Hall Group silver medal for ?Excellence in Technology,? for their automatic hands-on Lab Validation System (LVS). The automatic LVS is used throughout Global Service training courses, as well as in Channel Partner product certification, to provide real-time evaluations quickly and accurately for hands-on lab training associated with learning how to implement Akamai products.