准备断更些时日
写下这个标题估计就已经要被骂死了,谁让自己很厚颜无耻的在前面立下了flag。读者们可能已经注意到我实际上已经
Aggregator
Video: Understanding Image Scaling Attacks
4 years 3 months ago
Today you are in for a special treat. Did you know that an adversary can hide a smaller image within a larger one?
This video demonstrates how a small image becomes magically visible when the computer resizes the large image, and also how to mitigate the vulnerability.
This is possible when vulnerable code uses insecure interpolation.
If you like this one check out the overall Machine Learning Attack Series.
赠书 | 《网络威胁情报技术指南》
4 years 3 months ago
作为国内第一本正式出版的、普及威胁情报技术的专业书籍,由天际友盟的技术团队共同编写的《网络威胁情报技术指南》
赠书 | 《网络威胁情报技术指南》
4 years 3 months ago
作为国内第一本正式出版的、普及威胁情报技术的专业书籍,由天际友盟的技术团队共同编写的《网络威胁情报技术指南》
赠书 | 《网络威胁情报技术指南》
4 years 3 months ago
作为国内第一本正式出版的、普及威胁情报技术的专业书籍,由天际友盟的技术团队共同编写的《网络威胁情报技术指南》
赠书 | 《网络威胁情报技术指南》
4 years 3 months ago
作为国内第一本正式出版的、普及威胁情报技术的专业书籍,由天际友盟的技术团队共同编写的《网络威胁情报技术指南》
赠书 | 《网络威胁情报技术指南》
4 years 3 months ago
作为国内第一本正式出版的、普及威胁情报技术的专业书籍,由天际友盟的技术团队共同编写的《网络威胁情报技术指南》
赠书 | 《网络威胁情报技术指南》
4 years 3 months ago
作为国内第一本正式出版的、普及威胁情报技术的专业书籍,由天际友盟的技术团队共同编写的《网络威胁情报技术指南》
weblogic下spring bean RCE的一些拓展
4 years 3 months ago
spring bean rce payload构造之旅
weblogic下spring bean RCE的一些拓展
4 years 3 months ago
spring bean rce payload构造之旅
weblogic下spring bean RCE的一些拓展
4 years 3 months ago
spring bean rce payload构造之旅
weblogic下spring bean RCE的一些拓展
4 years 3 months ago
spring bean rce payload构造之旅
weblogic下spring bean RCE的一些拓展
4 years 3 months ago
spring bean rce payload构造之旅
玄 - 利用blockdlls和ACG保护恶意进程 - zha0gongz1
4 years 3 months ago
## blockdlls Cobalt Strike 3.14版本以后添加了blockdlls功能,它将创建一个子进程并限定该子进程只能加载带有Microsoft签名的DLL。 这个功能可以阻止第三方安全软件向子进程注入DLL,也就无法对子进程进行hook,最终起到保护子进程的效果。 XPN在[博客
zha0gongz1
Video: What is Tabnabbing?
4 years 3 months ago
Tabnabbing is a web application security vulnerability that can be used to perform phishing attacks, so its important to be aware of it as a developer and penetration tester.
It is easy to mitigate and in this short video we cover both attacks and mitigations.
Thanks for reading and happy hacking!
weblogic下spring bean RCE的一些拓展
4 years 3 months ago
spring bean rce payload构造之旅
美团外买APP设备指纹风控分析 - 我是小三
4 years 3 months ago
目录: 一、电商类APP业务风险类型 二、设备指纹在业务中的应用 三、整体框架 四、初始化流程分析 五、反爬虫mtgsig签名 六、设备指纹分析 七、设备指纹攻击 八、黑产工具特征检测 九、总结 一、电商类APP业务风险类型 电商行业的各个业务场景面临不同的风险种类:客户端漏洞利用、协议逆向、注册小
我是小三
Offensive BPF: What's in the bpfcc-tools box?
4 years 3 months ago
This post is part of a series about Offensive BPF that I’m working on to learn about BPF to understand attacks and defenses. Click the “ebpf” tag to see all relevant posts.
In the previous posts I spend time learning about bpftrace which is quite powerful. This post is focused on basics and using existing BPF tools, rather then building new BPF programs from scratch.
Living off the land: bpfcc-toolsPerformance and observability teams are pushing for BPF tooling to be present in production. Due to its usefulness, this is likely going to increase.
Apache 2.4.49 (CVE-2021-41773) 、 2.4.50 (CVE-2021-42013) 检测工具
4 years 3 months ago
漏洞描述Apache HTTPd是Apache基金会开源的一款流行的HTTP服务器。2021年10月8日Ap
Apache 2.4.49 (CVE-2021-41773) 、 2.4.50 (CVE-2021-42013) 检测工具
4 years 3 months ago
漏洞描述Apache HTTPd是Apache基金会开源的一款流行的HTTP服务器。2021年10月8日Ap