Aggregator
Akamai Reports Another DoS in Log4j2 (CVE-2021-45105): What You Need to Know
3 years 2 months ago
The series of vulnerabilities recently discovered in Log4j2 has shocked the internet. As part of our continuing research, on December 17, Hideki Okamoto from Akamai found and responsibly reported an additional denial-of-service (DoS) vulnerability, which was assigned as CVE-2021-45105.
Akamai Threat Research Team
第十二周/20211220红队推送
3 years 2 months ago
【特别推荐】Zero Project:深入研究 NSO 的零点击 iMessage 漏洞
Apache Log4j2漏洞分析与利用
3 years 2 months ago
这是一个影响 Apache Log4j 2.14.1 及更早版本的关键 (CVSSv3 10) 远程代码执行 (RCE) 漏洞
Zero Trust migration: where do I start?
3 years 2 months ago
How to start the journey to zero trust architecture once you have decided it meets your business requirements.
国外网络演习思考
3 years 2 months ago
网络演习在最近几年被越来越多的单位重视,网络演习可以真正验证安全的水平,在攻防的真实对抗中,可以发现安全问题,提高安全建设和运营水平。同时,网络演习重点是考验单位的应急响应、协同合作的各种能力。
Why vulnerabilities are like buses
3 years 2 months ago
How organisations can address the growing trend in which multiple vulnerabilities within a single product are exploited over a short period.
提权-Redis&Postgre&令牌窃取&进程注入
3 years 2 months ago
提权-Redis&Postgre&令牌窃取&进程注入
sakuraのfuzzing lab培训
3 years 2 months ago
sakura
Using CloudFront Relay Cobalt Strike Traffic
3 years 2 months ago
原文发在了我的公众号上,链接为:https://mp.weixin.qq.com/s/NdR6XBFvhSOBsLVVQmTXJg
TonghuaRoot
Static Program Analysis Intruction
3 years 2 months ago
原文发在了我的公众号上,链接为:https://mp.weixin.qq.com/s/jm2I-_L_NUBTYNhEUBv-iA
TonghuaRoot
Google 是如何落地静态代码分析的
3 years 2 months ago
原文发在了我的公众号上,链接为:https://mp.weixin.qq.com/s/9iJNZCQfHg0VbWSFRgwVJg
TonghuaRoot
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
3 years 2 months ago
Continuing with our research into CVE-2021-44228, Akamai has previously written about what the vulnerability is and given recommendations on how to go beyond patching for extra protection. Across the Akamai network, we see traffic from 1.3 billion unique devices daily, with record traffic of 182 Tbps. The threat research team has been investigating this traffic to gain deeper insights into how this vulnerability is being exploited. We want to share more technical findings and what they mean for threat hunters. Here are some implications for defenders and threat hunters to consider
Application Security Threat Research Team
Log4Shell: Rebooting (The Same Old) Security Principles In its Wake
3 years 2 months ago
It can be easy to give in to frustration and pessimism during catastrophic events. But there are signs that not all is lost, even in the world of software dependencies.
IcedID恶意文档钓鱼手法剖析 - zha0gongz1
3 years 2 months ago
未知攻焉知防,未知防焉知攻?
zha0gongz1
Holiday Phishing Trends For 2021
3 years 2 months ago
As Christmas quickly approaches, seasonal phishing trends once again show that attackers are taking advantage of increased online shopping. Fraudsters doubled their efforts in November attacking ecommerce giants such as Amazon. The real attacker focus, however, was cryptocurrency with fraudulent sites...
CTF | 2021 AsuriCTF / NUAACTF Misc 部分官方 WriteUp
3 years 2 months ago
上周末和Asuri战队的师傅们一起办了个AsuriCTF/NUAACTF,喵喵出了两道Misc题目,这里来写写题解和出题思路,顺便复盘一下比赛运维的故事,记录一下心得体会。
MiaoTony
Akamai Recommendations for Log4j Mitigation
3 years 2 months ago
Aparna Rayasam, SVP & GM Application Security, Akamai
Log4shell 小记
3 years 2 months ago
好久没更新博客了~
Sariel.D
冬奥网络安全卫士招募正式启动!
3 years 2 months ago
12月16日,北京冬奥组委技术部组织招募白帽黑客作为“冬奥网络安全卫士”参与北京冬奥会网络安全工作。