宽字节安全“第二期线下就业班”重磅来袭!!!
"任何职业都可以成为黑客。" ——引自《黑客伦理与信息时代精神》。线下就业班宽字节安全线下就业班 第二期,于
Aggregator
Holiday Readiness, Part Three: What you Should be Thinking About Two Months Out?Performance Optimizations
3 years 5 months ago
October is here, and that means we are less than two months away from the busiest weekend of the year. Parts one and two of the Holiday Readiness blog series covered topics ranging from security checklists to disaster recovery strategies and flash crowd management. If you haven?t had a chance to review those topics and checklists, now is a critical time to start to ensure you are ready for the traffic rush the holiday season brings.
Michael Hansen
EAA Client Escalation of Privilege Vulnerability on Windows
3 years 5 months ago
This post covers the details of CVE-2021-40683 (CVSS 6.5), the vulnerability impacting the Akamai Enterprise Application Access (EAA) Client running on Windows systems, for which Akamai has provided a patch to its customers.
Akamai
CPU漏洞详解
3 years 5 months ago
1. 导言性能测试对于 Linux 发行版来说至关重要,Alibaba Cloud Linux 2 也是如此。(Alibaba Cloud Linux 2 是阿里巴巴操作系统团队推出的一款...
21cnbao
利用项目配置文件进行 RCE - IDE Trust Project 功能探究
3 years 5 months ago
最近发现在打开 IDEA, VSCode 项目时候, 都增加了 “信任此项目的提示”. 结合这些 IDE 的特点, 确实可能存在在打开项目时产生 RCE 的风险, 特别是进行代码审计的安全人员, 会经常打开未知的项目. 正常人肯定不会贸然的执行未知的代码, 但是对于打开项目时这个弹出的框框, 可能并不会特别在意. 接下来分析一些通过这些配置来进行 RCE 的方法.
将EXE程序通过Powershell形式实现无文件运行
3 years 5 months ago
[TOC]
# 实践研究
> 本篇文写了挺久了,18年底进行总结编写,一直忘记发出来,当时在想否能将某个EXE使用PowerShell通过无文件的方式进行利用,于是就在网上搜索了各种资料,搜索到...
Poacher
宽字节安全“第二期线下就业班”重磅来袭!!!
3 years 5 months ago
"任何职业都可以成为黑客。" ——引自《黑客伦理与信息时代精神》。线下就业班宽字节安全线下就业班 第二期,于
宽字节安全“第二期就业班”重磅来袭!!!
3 years 5 months ago
"任何职业都可以成为黑客。" ——引自《黑客伦理与信息时代精神》。线下就业班宽字节安全线下就业班 第二期,于
国庆节快乐
3 years 5 months ago
祝各位公众号的关注者国庆节快乐,身体健康、工作顺利、阖家幸福!
国庆节快乐^_^
3 years 5 months ago
终于在国庆前把X-C2的GUI完成大半了。
免杀杂谈-Golang篇
3 years 6 months ago
免杀杂谈-Golang篇
好消息|PeckShield协助Eleven Finance收回450万美元
3 years 6 months ago
9月30日,PeckShield 协助 Eleven Finance 追回 450 万美元。据链上追踪信息显示,攻击者已于下午15时57分返还所获全部虚拟资产。
Offensive BPF! Getting started.
3 years 6 months ago
Over the last few years eBPF has gained a lot of traction in the Linux community and beyond.
eBPF’s offensive usage is also slowly getting more attention. So, I decided to dive into the topic from a red teaming point of view to learn about it to raise awareness and share the journey.
Similar to the format of my Machine Learning Attack Series, there will be a serious of posts around BPF usage in offensive settings, and also how its misuse can be detected.
宽字节首期内网渗透线上课开班啦!!!
3 years 6 months ago
前言宽字节安全首次推出 内网渗透 课程。系统性的讲解 内网渗透 从 0 到 1 的攻击手法,深入各个安全机制
宽字节第二期线下培训开始招生啦!!!
3 years 6 months ago
线下就业班宽字节安全线下培训班 第二期,于 2021 年 11 月 25 号开班。为什么选择我们宽字节有自己
数字观星国庆POC&指纹活动十一开启!
3 years 6 months ago
十月一号是祖国成立七十二周年,数字观星携全体员工为庆贺国庆来临开启新一轮的POC&指纹平台活动。
Attacking a Macro Security Problem with Micro-segmentation
3 years 6 months ago
Ransomware is everywhere. And the shift of workloads to the cloud and employees to work-from-home models has only expanded the attack surface, creating new opportunities for attackers to leverage. Companies need Zero Trust solutions that not only defend against threat actors gaining access to enterprise systems, but also mitigate the impact of infections that slip through the cracks.
Charlie Gero
外买APP设备指纹风控分析三(设备指纹)
3 years 6 months ago
设备指纹技术是使用更多的信息来完成对终端设备的唯一性识别,在业务中可以有效辨别设备是真实用户还是机器在注册、登录,及时检测出单设备登入多帐号、防止批量注册、登录等操作行为。
外卖APP设备指纹风控分析二(mtgsig)
3 years 6 months ago
设备指纹技术是使用更多的信息来完成对终端设备的唯一性识别,在业务中可以有效辨别设备是真实用户还是机器在注册、登录,及时检测出单设备登入多帐号、防止批量注册、登录等操作行为。
对网络安全行业的信心不变
3 years 6 months ago
通过社群的力量,让微观生态的每一位安全从业者能够担负起时代赋予的使命 -- 实践群的价值