Aggregator
DotNet安全-ViewState反序列化利用
2 years 6 months ago
ViewState 反序列化利用
CTF-Forge HackTheBox渗透测试(四)
2 years 6 months ago
大家好,我是你们好朋友小峰。陆陆续续为大家推出
CTF-Horizontall HackTheBox 系列文章。
100块钱捡了一张矿卡是一种什么样的体验
2 years 6 months ago
100块钱捡了一张矿卡是一种什么样的体验
2 years 6 months ago
Cybersecurity Awareness Month 2022: Updating Software
2 years 6 months ago
Cybersecurity Awareness Month is flying by, and today’s blog identifies different security vulnerabilities that can be exposed if you are unable to keep up with your software updates. We interviewed NIST’s Michael Ogata, a computer scientist in the Applied Cybersecurity Division, and he walked us through different strategies to minimize your cybersecurity risks. Michael also was able to provide cyber tips to improve online safety. This week’s Cybersecurity Awareness Month theme is updating software. How does your work/specialty area at NIST tie into this behavior? Today, mobile applications
Michael Ogata
DotNet安全-ViewState反序列化利用
2 years 6 months ago
ViewState 反序列化利用
Java安全之Spring Security绕过总结 - nice_0e3
2 years 6 months ago
Java安全之Spring Security绕过总结 前言 bypass!bypass!bypass! SpringSecurit使用 使用 @Configuration @EnableWebSecurity //启用Web安全功能 public class AuthConfig { @Bean p
nice_0e3
Gartner:2022年SIEM(安全信息与事件管理)市场分析
2 years 6 months ago
SIEM架构和功能的未来发展趋势是什么?
TTP Diaries: SSH Agent Hijacking
2 years 6 months ago
There are some neat TTPs that I don’t use frequently, and if the time arises, I need to dig up details again. So, I figured to write some of them down, starting with SSH Agent Hijacking.
What is SSH Agent Hijacking? Short story, if you have keys added to an SSH Agent an adversary with root permissions can use them. If you forward the SSH Agent to another host, an adversary with root permission on that other host can exploit and leverage your keys as well.
Apache Commons Text远程代码执行漏洞(CVE-2022-42889)分析 - admin-神风
2 years 6 months ago
漏洞介绍 根据apache官方给出的说明介绍到Apache Commons Text执行变量插值,允许动态评估和扩展属性的一款工具包,插值的标准格式是"${prefix:name}",其中"prefix"是用于定位org.apache.commons.text.lookup类,执行插值的是Strin
admin-神风
Hack-The-Box-walkthrough[Perspective]
2 years 6 months ago
253
Uber在ESG报告上披露的数据安全内容
2 years 6 months ago
第一次发现ESG报告还挺好看
Uber在ESG报告上披露的数据安全内容
2 years 6 months ago
第一次发现ESG报告还挺好看
Uber在ESG报告上披露的数据安全内容
2 years 6 months ago
第一次发现ESG报告还挺好看
Uber在ESG报告上披露的数据安全内容
2 years 6 months ago
第一次发现ESG报告还挺好看
解读 Permission 注解权限认证流程 - nice_0e3
2 years 6 months ago
解读 Permission 注解权限认证流程 Shiro 注解授权简介 授权即访问控制,它将判断用户在应用程序中对资源是否拥有相应的访问权限。 如判断一个用户有查看页面的权限,编辑数据的权限,拥有某一按钮的权限等等。 @RequiresPermissions({"xxx:model:edit"})
nice_0e3
Akamai?s Perspective on October?s Patch Tuesday 2022
2 years 6 months ago
Every Patch Tuesday stirs up the community. See Akamai's October insights and recommendations on what to focus on, and patch, patch, patch!
Akamai Security Intelligence Group
bcel环境下打入springboot内存马
2 years 6 months ago
1.环境说明在某个不出网环境中,spring boot jar包启的环境,存在fastjson漏洞,可通过b
bcel环境下打入springboot内存马
2 years 6 months ago
1.环境说明在某个不出网环境中,spring boot jar包启的环境,存在fastjson漏洞,可通过b