Aggregator

TA551 (AKA Shathak) deploys the IcedID banking trojan using COVID-19 in Microsoft Word documents containing a malicious macro that drops an installer.

In the constant press of rolling out ever better products and services to our customers, it can be easy-- and often necessary-- to fall into a reactive mode around reliability.

Next week (on March, 9th 2021) I will be speaking at the Hong Kong Information Security Summit 2021. 歡迎, 你好! I was invited to share my thoughts around protecting the modern (and remote) workplace. Of course, my talk is addressing this topic from a red teaming point of view. Conference details are here. The adversary will come to your house The name of the talk is “Red Team Strategies for Helping Protect the Modern Workplace” which might seem less creative, but there is some (hopefullly) good and interesting information in my talk.

This week, Akamai was again recognized as a Leader in the latest The Forrester Wave?: DDoS Mitigation Solutions, Q1 2021.

Recently, many reports of incidents have been making headlines, proving that no business or industry is immune to advanced threat actors. Applying user and entity behavior analytics (UEBA) for the challenging task of the detection of compromised devices over time can play a critical role in enterprises' defense mechanisms.

文章首发地址 https://xz.aliyun.com/t/9205 前言 网上闲逛的时候，发现github有个开源的蓝牙协议栈项目 https://github.com/sj15712795029/bluetooth_stack 看介绍支持STM32，网上支持嵌入式芯片的开源协议栈貌似很少，这里

[胖猴小玩闹]专题从这篇起将开始一个新的系列

.NET反序列化--VIEWSTATE~~~

2021年3月20日，DEF CON CHINA Party ，期待我们的相聚！

一、配置Spring所需依赖 pom.xml项目中添加如下依赖 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org

A colleague asked me to share my thoughts on building a "better team". I confess, I stumbled on the word "better". Better than what exactly?

从基础知识、内存分配、垃圾回收和高级垃圾回收四个部分介绍内存管理技术

SourceMapX是一个批量扫描并恢复sourcemap的源代码文件的脚本。

项目地址:
https://github.com/insightglacier/SourceMapX

安装

该脚本主要由unwebpack-sourcemap项目修改而来，使用Python3编写,需要安装 BeautifulSoup4 and requests.可以使用 pip3 install -r requirements.txt命令进行安装。主要是修改为批量检测并下载，可用于SRC的漏洞挖掘。

OAuth 2.0 有 4 种认证流程： 授权码模式（authorization code） 简化模式（implicit） 密码模式（resource owner password credentials） 客户端模式（client credentials） 下面以微信为例介绍最常见的也是最安全的

新年新气象 ：）

在众多业务模式中，安全运营商成为一些头部厂商竞相选择的方向。安全运营商一词在业内由来已久，但何谓安全运营商，如何成为安全运营商，大家谁都没见过，更不知如何实践，故写此文以探讨。

一、UEBA场景是什么 腾讯御见UEBA（用户实体行为分析）使用一系列分析方法（统计学习、机器学习等）通过

当今的安全团队面临着前所未有的复杂性。IT 环境正在快速变化和扩展，导致数据激增，为了保持企业内部庞大的结构体系与业务的正常运行，从而购置了越来越多的工具。随着大量工具的配备，会出现大量警报，导致安全操作团队产生不可避免的警报疲劳

Having previously decided we need to make a new hire onto our team, part 1 of this series examined how to meet the needs of our team going into the future, instead of just adding surface visible technical skills.

We're proud of the progress Akamai has made in environmental, social, and governance (ESG) performance.