Aggregator

Human nature is to seek simpler and convenient ways to do things. One example is the sometimes onerous task of typing a URL into a web browser's address bar. Since users prefer short, easy-to-remember URLs, an internet trend is to use short domains for websites (e.g., edgedns.zone). With short website names, users benefit from the convenience of fewer characters to remember and type.

2020 年 11 月 11 日，苹果在本年度最后一次 Apple Events 上发布了全新的 ARM 芯片 M1、以及三款搭载了 M1 的 Mac：MacBook Air、MacBook Pro 13‘ 和 Mac Mini。在 WWDC 2020 库克宣布 Apple Silicon 后，这次 Apple Events 再一次掀起了热潮，不少 KOL 都把 M1 奉若神明，不少人...

In our 2020 edition of the Phishing and Fraud Report, we focus on how cybercriminals build and host phishing sites, the tactics they use to avoid detection, and how they’ve capitalized this year on the COVID-19 pandemic.

The second report examining how the NCSC's ACD programme is improving the security of the UK public sector and the wider UK cyber ecosystem.

本报告部分引自Week in OSINT栏目，每周推荐好玩实用的工具，站点，技巧，文章等，适用于任何领域的研究人员，分析测试人员。

This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see related posts. Overview: How Husky AI was built, threat modeled and operationalized Attacks: The attacks I want to investigate, learn about, and try out In this post we are going to look at the “Repudiation Threat”, which is one of the threats often overlooked when performing threat modeling, and maybe something you would not even expect in a series about machine learning.

A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As I write this blog post, the attack is still active and exfiltrating data.

"What is phishing" is still a relevant question we're answering as the attack type and techniques evolve, victimizing even the most tech-savvy users.

介绍两种实战中碰到的案例！！第二种案例自己瞎折腾的，结果......

本文主要从技术角度探讨某次渗透目标拿取数据的过程，不对目标信息做过多描述，未经本人许可，请勿转载。今年开年以来由于各种原因，自己心思也不在渗透上，没怎么搞渗透，除了这次花了比较长时间搞得一个目标外，就是上次护网打了一个垃圾的域了。本文要描述的渗透过程由于断断续续搞了比较长的时间，中间走了不少弯路耽误了不少时间。

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.

ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析

在安全领域，无论是工业界还是学术界，紧跟研（shi

在安全领域，无论是工业界还是学术界，紧跟研（shi

《冷渗透》背景故事：首先解释一下，消失的几个月去了哪————————

作为一只 CS 零基础、信安零基础、CTF 零基础的菜狐狐，苏卡卡今年又来参加 USTC Hackergame 啦！由于一边做题一边总结思路（指写 Write Up），所以苏卡卡应该是第一个发布非官方的 USTC Hackergame 2020 Write Up 的吧（嘿嘿）。 题图来自 USTC Hackergame 2019「Happy LUG」

近日，国家信息安全漏洞库（CNNVD）收到关于Linux kernel 缓冲区错误漏洞(CNNVD-2

个人比较懒，摘抄一段百度百科对于蜜罐的定义，这玩意基本上看标题一眼就能知道是干嘛的蜜罐技术本质上是一种对攻击

My GrayHat Red Team Village talk “Learning by doing: Building and breaking a machine learning system” is now live on YouTube. Check it out: https://www.youtube.com/watch?v=-SV80sIBhqY and smash the Like button! :D Question? I thought of turning the content into a hands-on workshop. Let me know if that would be something that would you would attend? Trying to see if there is interest. Cheers, Johann Twitter: @wunderwuzzi23