Aggregator

COVID-19 has changed our business operation models, and attackers have been adapting quickly. Shape's Dan Woods writes for ITProPortal, describing the emerging trends and how different industries need to adapt.

Finally I got to writing some basic tooling for invoking the Firefox debugging API to send commands to the browser and read the responses. This can be useful for grabbing cookies in the post-exploitation phase. It works for Windows and macOS, should also work on Linux. This technique is probably most useful when we don’t have root or the user’s credentials to decrypt cookies or can’t attach a regular debugger to the browser process.

资深 = 理论深度+行动实践+经验积累

网络安全和隐私保护是公司的最高纲领安全支撑组织架构SDL实践需求设计开发阶段上线前测试时应急响应供应链安全白

新基建 | 智慧生活，从智能安全开始

友情转载，欢迎下载阅读。

这雨夜太漫长 失眠的我 在谁梦里 歌唱　　搞安全的应该都知道端口扫描在渗透测试、漏洞扫描过程中的重要性，其与

今天凑空研究了下Supervisord，这是一款linux进程管理工具，使用python开发，主要用于在后台

之前写了一个基于python的一句话木马客户端程序，这个程序的作用大致就是为了绕过防护设备，使敏感数据能在网

Fork炸弹（fork bomb）在计算机领域中是一种利用系统

最近重新拜读了道哥的经典力作《白帽子讲Web安全》一书，发觉好书看一遍是不够的，每次品味都有不同的味道。道哥

不要神化国外的安全建设Twitter的苦衷要解决的问题设计安全方案的原则访问控制架构注意事项不要神化国外的安

Take up the initiative, start a null chapter in your city We are starting the new era of our open security community as null 2.0 and we would like to make an open appeal to all the people who want to be a part of this wonderful security community.

C++OXID_Find 通过OXID解析器获取Windows远程主机上网卡地址

云服务在宣传时往往会强调：永远在线、永远可用、永不丢失。但是我们心里都明白，现实离这个差远了。GitHub 在过去 30 天累计宕机 5 次，这已经是非常严重的事故了。既然如此，我们应该信赖云计算以及其他 PaaS、SaaS 业务么？如何衡量一个云服务的可靠程度？

F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.

中间件漏洞可以说是最容易被web管理员忽视的漏洞，原因很简单，因为这并不是应用程序代码上存在的漏

sunshine师傅提到的端口复用方案，实践并分享一下。

Cred stuffing isn't going away. Shape's Jarrod Overson writes for InformationSecurityBuzz, examining the ROI of cred stuffing for attackers, and the evolution to "imitation attacks".