Aggregator

今年的 0CTF 一共有三道 web 題，其中一道題目是 client-side 的，我就只解這題而已，順利拿到 first blood，這篇簡單記錄一下心得。

關鍵字列表：

1. CSS injection
2. CSS exfiltration

上個月（2024 年 1 月）的 Intigriti 挑戰非常有趣，出題者是 @kevin_mizu，之前也常在推特上看到他出一些 client-side 相關的題目，而這次的題目品質也一如既往的很好，值得寫一篇紀錄。

題目的連結在這邊，沒有看過的話可以先去看看：https://challenge-0124.intigriti.io/

现在每个人都可以在电脑内置一个10年经验的安全专家了。SecGPT-Mini：是一个可以在普通CPU上运行的网络安全大模型。

现在每个人都可以在电脑内置一个10年经验的安全专家了。SecGPT-Mini：是一个可以在普通CPU上运行的网络安全大模型。

The Role of Editors in Compromise Technical Personnel Visual Studio In early 2021, the cybersecurity community was alarmed by the Lazarus APT group's sophisticated phishing attack targeting security researchers. By embedding malicious event commands ...

Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals

The cooperative agreement is the next step in NIST’s fulfillment of the White House Executive Order on Artificial Intelligence.

针对3CX双供应链攻击事件的深度分析与溯源

最近一直学习在炼丹，开源secgpt-mini！可以在CPU上直接运行的网络安全大模型！

The 1980s brutalism of the British Library in London has been likened to an unwelcoming fortress, and yet the intimidating appearance was no help when ransomware attackers decided to pay it a visit last October. In what is turning out to be one of the worst incidents ever to hit a public U.K. organization, over […]

The post Why Are Ransomware Attacks Becoming More Dangerous? The British Library Attack Gives Us Some Clues appeared first on Ransomware.org.

CIS celebrates the truly awe-inspiring recipients from the 2023 Alan Paller Laureate Program. Check out their stories today.

最近一直学习在炼丹，开源secgpt-mini！可以在CPU上直接运行的网络安全大模型！

Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack AI's basics, applications and broader implications.