Aggregator

大家好，我是你们好朋友小峰。陆陆续续为大家推出 CTF-Horizontall HackTheBox 系列文章。

Cybersecurity Awareness Month is flying by, and today’s blog identifies different security vulnerabilities that can be exposed if you are unable to keep up with your software updates. We interviewed NIST’s Michael Ogata, a computer scientist in the Applied Cybersecurity Division, and he walked us through different strategies to minimize your cybersecurity risks. Michael also was able to provide cyber tips to improve online safety. This week’s Cybersecurity Awareness Month theme is updating software. How does your work/specialty area at NIST tie into this behavior? Today, mobile applications

ViewState 反序列化利用

Java安全之Spring Security绕过总结 前言 bypass！bypass！bypass！ SpringSecurit使用 使用 @Configuration @EnableWebSecurity //启用Web安全功能 public class AuthConfig { @Bean p

SIEM架构和功能的未来发展趋势是什么？

There are some neat TTPs that I don’t use frequently, and if the time arises, I need to dig up details again. So, I figured to write some of them down, starting with SSH Agent Hijacking.

What is SSH Agent Hijacking?

Short story, if you have keys added to an SSH Agent an adversary with root permissions can use them. If you forward the SSH Agent to another host, an adversary with root permission on that other host can exploit and leverage your keys as well.

漏洞介绍 根据apache官方给出的说明介绍到Apache Commons Text执行变量插值，允许动态评估和扩展属性的一款工具包，插值的标准格式是"${prefix:name}"，其中"prefix"是用于定位org.apache.commons.text.lookup类，执行插值的是Strin

introduce

OS: Windows
Difficulty: Insane
Points: 50
Release: 19 Mar 2022
IP: 10.10.11.151

第一次发现ESG报告还挺好看

第一次发现ESG报告还挺好看

第一次发现ESG报告还挺好看

第一次发现ESG报告还挺好看

第一次发现ESG报告还挺好看

第一次发现ESG报告还挺好看

解读 Permission 注解权限认证流程 Shiro 注解授权简介 授权即访问控制，它将判断用户在应用程序中对资源是否拥有相应的访问权限。 如判断一个用户有查看页面的权限，编辑数据的权限，拥有某一按钮的权限等等。 @RequiresPermissions({"xxx:model:edit"})

Every Patch Tuesday stirs up the community. See Akamai's October insights and recommendations on what to focus on, and patch, patch, patch!

1.环境说明在某个不出网环境中，spring boot jar包启的环境，存在fastjson漏洞，可通过b