GODNSLOG | 开源一个新鲜的DNSLOG
A dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Aggregator
Beware of the Shadowbunny! at BSides Singapore
5 years 4 months ago
Excited to announce that I will be presenting at BSides Singapore this year.
The topic is adversarial usage of virtual machines during lateral movement. And we will also cover threat hunting and detection ideas.
I have been referring to this technique as the Shadowbunny over the years. :)
The conferences is on September 24th-25th, it will be all virtual and free to attend. Check out the BSidesSG 2020 website and schedule for other talks and details.
Jackson反序列化漏洞
5 years 4 months ago
今天又看到有一些安全预警平台爆出的Jackson反序列漏洞,要求把Jackson升级到2.9.10.6,所以在下面对漏洞原理和适用范围做一下分析,并给出poc。
Jackson反序列化漏洞
5 years 4 months ago
今天又看到有一些安全预警平台爆出的Jackson反序列漏洞,要求把Jackson升级到2.9.10.6,所以在下面对漏洞原理和适用范围做一下分析,并给出poc。
Jackson反序列化漏洞
5 years 4 months ago
今天又看到有一些安全预警平台爆出的Jackson反序列漏洞,要求把Jackson升级到2.9.10.6,所以在下面对漏洞原理和适用范围做一下分析,并给出poc。
Jackson反序列化漏洞
5 years 4 months ago
今天又看到有一些安全预警平台爆出的Jackson反序列漏洞,要求把Jackson升级到2.9.10.6,所以在下面对漏洞原理和适用范围做一下分析,并给出poc。
Jackson反序列化漏洞
5 years 4 months ago
今天又看到有一些安全预警平台爆出的Jackson反序列漏洞,要求把Jackson升级到2.9.10.6,所以在下面对漏洞原理和适用范围做一下分析,并给出poc。
How Credential Stuffing Bots Bypass Defenses
5 years 4 months ago
Website logins are under constant assault, with attackers quickly modifying their bots to evade simplistic defenses.
How Credential Stuffing Bots Bypass Defenses
5 years 4 months ago
Website logins are under constant assault, with attackers quickly modifying their bots to evade simplistic defenses.
MySQL蜜罐获取攻击者微信ID
5 years 4 months ago
前言 前些日子有人问到我溯源反制方面的问题,我就想到了MySQL任意文件读取这个洞,假设你在内网发现或扫到了
MySQL蜜罐获取攻击者微信ID
5 years 4 months ago
前言 前些日子有人问到我溯源反制方面的问题,我就想到了MySQL任意文件读取这个洞,假设你在内网发现或扫到了
MySQL蜜罐获取攻击者微信ID
5 years 4 months ago
前言 前些日子有人问到我溯源反制方面的问题,我就想到了MySQL任意文件读取这个洞,假设你在内网发现或扫到了
深信服 EDR RCE 简析
5 years 4 months ago
应厂商需求加🔐,待合适时间重新开放,请勿二次外泄
Sariel.D
Becoming a Comms and Analyst Relations Leader, Rita Aspen - Head, Communications & Analyst Relations, APJ
5 years 4 months ago
My parents were first-generation immigrants from India. They worked hard, made Singapore their home and took all and any challenges head on. They have always lived by the simple philosophy, 'to be the change'. It's a philosophy that I try to live too, and in many ways it's what attracted me to Akamai not too long ago.
Rita Aspen
手把手带你搭建钓鱼Wi-Fi热点[1]
5 years 4 months ago
手把手教你搭建钓鱼Wi-Fi
手把手带你搭建钓鱼Wi-Fi热点[1]
5 years 4 months ago
手把手教你搭建钓鱼Wi-Fi
手把手带你搭建钓鱼Wi-Fi热点[1]
5 years 4 months ago
手把手教你搭建钓鱼Wi-Fi
Race conditions when applying ACLs
5 years 4 months ago
Today I’m gonna talk about a class of application security issues I ran across a few times over the years. In particular, let’s discuss race conditions when it comes to files with sensitive content and permissions.
Race conditions can allow an adversary to gain access to sensitive information on machines. Assume a system creates a file that contains sensitive information and afterwards applies permissions to lockdown that file.
Understanding the race conditionLet’s look at a practical example seen in the wild a few times. Imagine code like this:
从乙方到甲方 | 我所亲历的信息安全建设之变迁【1】
5 years 4 months ago
.
从乙方到甲方 | 我所亲历的信息安全建设之变迁【1】
5 years 4 months ago
.