Aggregator
攻击者拼手速!详解去中心化工具洗白Liquid被盗9,000多万美元
3 years 6 months ago
据 PeckShield「派盾」统计,目前中心化机构被盗后,通过去中心化服务进行洗钱的案例还屈指可数,但类似的洗钱手段已经在 DeFi Protocols(去中心化协议)攻击、跑路中呈现出增长的趋势。
攻击者拼手速!详解去中心化工具洗白Liquid被盗9,000多万美元
3 years 6 months ago
据 PeckShield「派盾」统计,目前中心化机构被盗后,通过去中心化服务进行洗钱的案例还屈指可数,但类似的洗钱手段已经在 DeFi Protocols(去中心化协议)攻击、跑路中呈现出增长的趋势。
Office EPS文件解析漏洞分析
3 years 6 months ago
对Office EPS文件解析漏洞成因和利用分析
Holiday Readiness, Part Two: What you Should be Thinking About Three Months Out?Capacity Planning
3 years 6 months ago
Welcome back to the Holiday Readiness blog series. We hope part one has kept you busy over the past month as you continue to improve your security posture. If you haven?t finished all of the security checklist items, don?t worry ? there is still time before Black Friday and Cyber Monday.
Michael Hansen
Video: Web Application Security Fundamentals
3 years 6 months ago
In this 25 minute video I’m explaining the foundations of Web Application Security.
The video covers the basic building blocks of web applications, such as HTML, HTTP, JavaScript and Cookies. Furthermore core web applications security concepts such as the Same-Origin Policy are discussed in detail.
The goal is to provide foundational knowledge to help grasp security vulnerabilities, such as XSS, CSRF, SQLi, tab-nabbing, etc. later on.
In the past I have trained and presented content like this to thousands of engineers at large organizations and cloud providers, hence its quite optimized for best learning and comprehension outcome.
CobaltStrike流量伪装与安全配置
3 years 6 months ago
YangHao
基于HTTP协议的WAF绕过
3 years 6 months ago
在实际攻击场景中,攻击者在进行web漏洞攻击时常常会碰到WAF(网站应用级入侵防御系统)的阻拦,为了测试绕过WAF的防御,安全人员也研究了各种各样的姿势。本文就针对基于HTTP协议的WAF绕过思路进行了梳理。
通过加载class提高Neo-reGeorg兼容性
3 years 6 months ago
一种提升jsp脚本兼容性的通用方法
GrabCON CTF 2021 WP
3 years 6 months ago
GrabCON CTF 2021的wp
通过加载class提高Neo-reGeorg兼容性
3 years 6 months ago
一种提升jsp脚本兼容性的通用方法
PHP 8 新特性介绍
3 years 6 months ago
前言 距离 PHP 8 发布已经有一年多了,这个版本是 PHP 语言的主版本更新,包含了很多新功能与优化项,并改进了类型系统、错误处理,目前已经迭代到 PHP 8.0.10 版本。 由于更新的
【礼遇中秋】LYSRC双倍积分活动,强势来袭!
3 years 6 months ago
各位白帽子yyds,快到碗里来!
Zero Trust: Is it right for me?
3 years 7 months ago
The first in a series of blogs to ease your journey towards a zero trust architecture.
Linux下内存马进阶植入技术
3 years 7 months ago
无agent文件的条件下使用Java Instrumentation API
Linux下内存马进阶植入技术
3 years 7 months ago
无agent文件的条件下使用Java Instrumentation API
Passwords ? Extinction Event Looming?
3 years 7 months ago
Passwords are the bane of users and security teams? lives. Despite years of security teams educating users about not using 123456 as a password, not recycling passwords across multiple personal and professional accounts, and implementing even more rigorous password rules and investments in password manager tools, these combinations of letters, numbers, and special characters remain a rich target for attackers.
Richard Meeus
PeckShield:欺诈手段日新月异 蔓延至 DeFi 领域
3 years 7 months ago
本月共发生 35 起安全事件,DeFi 安全事件 22 起,交易所重大安全事件 3 起,智能合约安全事件 2 起,重大勒索事件 1 起,欺诈事件 7 起。
PeckShield:欺诈手段日新月异 蔓延至 DeFi 领域
3 years 7 months ago
本月共发生 35 起安全事件,DeFi 安全事件 22 起,交易所重大安全事件 3 起,智能合约安全事件 2 起,重大勒索事件 1 起,欺诈事件 7 起。
August 31 2021 Security Releases
3 years 7 months ago