Aggregator

这是最好的时代，也是最坏的时代。

It's 2021, but the anxiety, fear, uncertainty, and stress caused by the COVID-19 pandemic in 2020 is very much alive today.

Account takeovers (ATOs), in which criminals impersonate legitimate account owners in order to take control of an account, cause tremendous pain for businesses in all industries. This pain may be monetary, such as losses from stolen accounts, but may also include a number of related problems, like regulatory and legal issues, lost customers, and the inability to gain new consumers due to a lack of trust. Losses from ATOs and new account fraud are estimated at more than $10 billion annually in the United States alone.

新春大吉！

IPCdump allows software based firewall developers, researchers, and linux users to explore the Inter-process-communication (IPC) channels.

博采众长，融会贯通

It's a lot of fun to imagine and design the best team. As managers, it's rare that we get to build a team from the ground up and all at once.

Thanks to the unique perspectives we have via the Akamai Intelligent Edge Platform, we're able to observe massive amounts of web traffic and data that provide insights across the various industries Akamai serves. In the wake of Super Bowl LV, we're sharing some observations on gambling traffic and social media activity, two categories that are complementary to the game. We'll also look at how online viewing has increased over the past 10 years of live streaming the

该文章是业界最准确的SCA介绍，阅读后可以收获理解这个领域和白盒扫描的区别。 第三方组件安全问题是本质是软件工程，源代码控制问题而不是依赖项管理的安全问题，建立“持续”的信任关系的复杂性具有挑战性。

Join the Industrial Control System Community of Interest (ICS COI), and help build CNI expertise across the UK.

起因之前有谈到过 Go 语言的交叉编译，虽然七七八八写了一堆，但是实际上的可操作性还是比较差的，当时使用go-ui-crossbuild项目也已经超过3年没有维护了。最近从各个方面感受到了 do...

Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.

Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term.

Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term.

腾讯御见UEBA（用户实体行为分析）面向政务、金融、能源等行业的办公安全、数据安全、员工行为管理，使用一系列

During the COVID-19 pandemic, I wanted to extend the local WiFi in my home to reach all the floors. The goal was to have full connectivity from every location in the house.

Phishing continues to be a major attack vector, and it's surprising just how many security incidents and breaches start with an employee clicking on a link in a carefully crafted phishing email (and sometimes doing the same with a not-so-well crafted phishing email -- see this example).

The beginning of a new year is a time to look back and reflect on the previous one. December 31st is also the end date of our annual Krakow Internship Program.

Over the halfway point! (I appreciate week 6 was a while ago, I haven’t had a chance to clean up my write up for this until now). This week we’re looking at email authentication again, trying to identify the actual date of an email. I scraped this one by with only hours to spare, and […]

The other day I read this blog post about “The Death of Manual Red Teams” and I thought I’d take a moment to comment on it to provide an alternative perspective. In my opinion the premise of the blog post is backwards, highlighting a lack of understanding of what red teaming is about. For instance the following sentence in the post seems quite incorrect: “Red teaming is the process of using existing, already known security bugs and vulnerabilities to hack a system.