Ransomware attackers down shift to 'Mid-Game' hunting in Q3 2021
Ransomware attacks continued to proliferate in Q3 as governments and law
enforcement ratchet up the pressure of the cyber extortion economy
Aggregator
【文末免费领门票】KCon 2021 亮点揭秘及议程公布
4 years 2 months ago
新鲜出炉,敬请期待!
【漏洞分析】Oracle MySQL JDBC XXE漏洞(CVE-2021-2471)
4 years 2 months ago
阿里云安全团队向Oracle官方报告了MySQL JDBC XXE漏洞
免费 CDN 玩法 —— 文件一键上传到 NPM - EtherDream
4 years 2 months ago
使用文件 Hash 值作为 NPM 包版本号,无需维护每个文件的版本状态
EtherDream
The 2021 TLS Telemetry Report
4 years 2 months ago
Creating an encrypted HTTPS website depends on a lot more than simply throwing a digital certificate at it and hoping for the best. In fact, Transport Layer Security (TLS) and HTTPS misconfigurations are now so commonplace that in the 2021 OWASP Top 10, Cryptographic Failures now comes in second place.
The 2021 TLS Telemetry Report
4 years 2 months ago
Creating an encrypted HTTPS website depends on a lot more than simply throwing a digital certificate at it and hoping for the best. In fact, Transport Layer Security (TLS) and HTTPS misconfigurations are now so commonplace that in the 2021 OWASP Top 10, Cryptographic Failures now comes in second place....
通过ACL维持域控权限
4 years 2 months ago
半块西瓜皮
Offensive BPF: Understanding and using bpf_probe_write_user
4 years 2 months ago
This post is part of a series about Offensive BPF to learn how BPFs use will impact offensive security, malware, and detection engineering.
Click the “ebpf” tag to see all relevant posts.
Building advanced BPF programsSo far in this Offensive BPF series the focus was on bpftrace to build and run BPF programs.
The next thing I wanted to investigate is what options are available to modify data structures during BPF execution. This is where I hit limitations with bpftrace.
关于BGP那些事儿
4 years 2 months ago
这是Facebook创立以来最严重的一次网络访问事故,在这起故障中,我们又看到了BGP的身影
从虚假的XSS到放弃RCE再到Self-RCE
4 years 2 months ago
文章开始前,说点题外话,接上次转发的文章(端内钓鱼,反制蚁剑)后台反馈下来的消息看,大家普遍都没整明白这波是什么操作
从虚假的XSS到放弃RCE再到Self-RCE
4 years 2 months ago
文章开始前,说点题外话,接上次转发的文章(端内钓鱼,反制蚁剑)后台反馈下来的消息看,大家普遍都没整明白这波是什么操作
从虚假的XSS到放弃RCE再到Self-RCE
4 years 2 months ago
文章开始前,说点题外话,接上次转发的文章(端内钓鱼,反制蚁剑)后台反馈下来的消息看,大家普遍都没整明白这波是什么操作
Over 25% of Malicious JavaScript Is Being Obfuscated
4 years 2 months ago
Last year, Akamai released research on obfuscation techniques being used by cybercriminals to create malicious JavaScript. The code is unreadable, un-debuggable, and as a result, much more challenging to analyze and detect.
Or Katz
《Go语言设计与实现》纸质书诚邀读者评论
4 years 2 months ago
《Go语言设计与实现》纸质书预计11月下旬出版,征集 5 条读者评论作为推荐语!
《Go语言设计与实现》纸质书诚邀读者评论
4 years 2 months ago
《Go语言设计与实现》纸质书预计11月下旬出版,征集 5 条读者评论作为推荐语!
《Go语言设计与实现》纸质书诚邀读者评论
4 years 2 months ago
《Go语言设计与实现》纸质书预计11月下旬出版,征集 5 条读者评论作为推荐语!
《Go语言设计与实现》纸质书诚邀读者评论
4 years 2 months ago
《Go语言设计与实现》纸质书预计11月下旬出版,征集 5 条读者评论作为推荐语!
《Go语言设计与实现》纸质书诚邀读者评论
4 years 2 months ago
《Go语言设计与实现》纸质书预计11月下旬出版,征集 5 条读者评论作为推荐语!
《Go语言设计与实现》纸质书诚邀读者评论
4 years 2 months ago
《Go语言设计与实现》纸质书预计11月下旬出版,征集 5 条读者评论作为推荐语!
《Go语言设计与实现》纸质书诚邀读者评论
4 years 2 months ago
《Go语言设计与实现》纸质书预计11月下旬出版,征集 5 条读者评论作为推荐语!