Aggregator

IoT has tremendous possibilities to transform our world but will fall short of expectations if the underlying infrastructure cannot support the rapid exchange of massive amounts of information from billions of simultaneous and intermittent connections. Akamai Edge Cloud is designed to enable the potential of IoT by utilizing the deep knowledge we've gained operating one of the world's largest edge networks.

安全运营是应用安全管控体系建设的能力支撑，而安全运营平台则是为安全运营做好工具支撑，提供更高效、更便捷的运营方式和途径。

Akamai Technical Academy is a training program designed for people who have an interest and aptitude for technology but may not come from a traditional technical background. Up until now, we have successfully onboarded over 140 incredible people in three Akamai locations: Cambridge (MA, US), San Jose (Costa Rica) and Krakow (Poland).

2020年10月27日星期二

Malicious actors never rest and have always worked remotely. That simple realization hit home during recent global events. Specifically, Akamai saw an increase in malware traffic of over 400% between March 9 and May 11, 2020 from corporate devices, most of which were being used outside of a traditional office environment.

A few years back the Blue Team of a company asked to be targeted in a Red Team Operation. That was a really fun, because Rules of Engagement commonly prevent targeting Blue Teams. Blue’s infrastructure, systems and team members are often out of scope, unfortunately. Blue team infrastructure is a gold mine for credentials, recon but also for remote code execution! Often companies do not have adequate protection, procedures (MFA, multi-person attestation), monitoring and auditing in place when it comes to accessing data from endpoint agents.

这周打了一下ByteCTF，发现差距还是很大的，现在的很多堆菜单题都上2.31，新版本的题目需要多熟悉熟悉。

分析

checksec

在渗透测试系列教程中介绍了XSS漏洞的原理和利用方法，实际上 XSS 网络钓鱼 也是一种高效的攻击手段。网络

While conducting threat research on phishing evasion techniques, Akamai came across threat actors using obfuscation and encryption, making the malicious page harder to detect. The criminals were using JavaScript to pull this off....

10月25日对于VIPKID SRC是个特别的日子，我们有些话想对您说～

周六不放假休息，还在这加班搞 CTF？ 10 月 24 日不睡觉、凌晨两点钟我还在水群，结果在 USTC@LUG 的群里看见有人在打 Bilibili 的 CTF。我刚刚好一年（指 370 天）没有打过 CTF 了（上一次打正式的 CTF 还是去年参加的 USTC Hackergame 2019），所以想着来玩玩。虽然 CTF 结束之前不应该分享和公开 Write Up 和题解，不过 Bilibili 这 CTF 既然这么离谱，那我也没必要按照常理出牌。

目录: 一、行业背景 二、什么是可信ID？ 三、可信ID的应用场景 四、可信ID原理分析 五、如何攻破可信ID，可信ID是否真的可信？ 六、总结 一、行业背景 随着全球范围内移动业务的全面发展，采取移动为主策略的营销人员具有独特的优势，能够为他们的品牌带来最大的成功。根据Zenith估计，到2020

今年苹果秋季发布会上苹果介绍对用户隐私保护继续升级。从官方披露的公开信息来看，iOS 14的用户隐私保护更新将让用户更加知悉自己个人数据的使用情况，并进一步约束App追踪用户隐私的能力。

ISC BIND sends immediate and authoritative NXDOMAIN responses to recursive lookups of LAN addresses by default. This prevents recursive lookup servers from sending meaningless requests to other DNS servers on the Internet. This tutorial will cover how recursive reverse lookups of LAN addresses can be enabled in BIND for lab environments and other special cases.

SauronEye-Modify:快速查找目标终端文件并压缩打包上传oss

本文是团队成员N0b1e6的原创技术文章！正文开始-----------------------------

This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see related posts. Overview: How Husky AI was built, threat modeled and operationalized Attacks: Some of the attacks I want to investigate, learn about, and try out I wanted to explore the “Adversarial Robustness Toolbox” (ART) for a while to understand how it can be used to create adversarial examples for Husky AI.

Get Around the Cybersecurity Skills Gap by Nurturing Cyberdefenders Within Your Own Organization

本报告部分引自Week in OSINT栏目，每周推荐好玩实用的工具，站点，技巧，文章等，适用于任何领域的研究人员，分析测试人员。

Avoiding common problems when moving to the cloud.