小侃威胁情报(一)
威胁情报的体系思考
Aggregator
小侃威胁情报(一)
4 years 4 months ago
威胁情报的体系思考
小侃威胁情报(一)
4 years 4 months ago
威胁情报的体系思考
美国秘密命令谷歌、微软和雅虎交出搜索指定关键词的人员信息
4 years 4 months ago
2021年10月,福布斯发布了一篇关于美国FBI秘密命令谷歌提供任何输入特定搜索词的人员数据,其中提及到多份
美国秘密命令谷歌、微软和雅虎交出搜索指定关键词的人员信息
4 years 4 months ago
2021年10月,福布斯发布了一篇关于美国FBI秘密命令谷歌提供任何输入特定搜索词的人员数据,其中提及到多份
美国秘密命令谷歌、微软和雅虎交出搜索指定关键词的人员信息
4 years 4 months ago
2021年10月,福布斯发布了一篇关于美国FBI秘密命令谷歌提供任何输入特定搜索词的人员数据,其中提及到多份
Mitigating CVE-2021-41773: Apache HTTP Server Path Traversal
4 years 4 months ago
On September 29, Ash Daulton, along with the cPanel Security Team, reported a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.29 to the Apache security team. The issue was fixed within two days, under CVE-2021-41773, and the patch was released on October 4. Apache urged to deploy the fix, as it is already being actively exploited.
Assaf Vilmovsky & Maxim Zavodchik
美国秘密命令谷歌、微软和雅虎交出搜索指定关键词的人员信息
4 years 4 months ago
2021年10月,福布斯发布了一篇关于美国FBI秘密命令谷歌提供任何输入特定搜索词的人员数据,其中提及到多份
金庸武侠赏析 (随记版)
4 years 4 months ago
中秋翻完了《六神磊磊读金庸》,趁着国庆闭环输出些内容。
金庸武侠赏析 (随记版)
4 years 4 months ago
中秋翻完了《六神磊磊读金庸》,趁着国庆闭环输出些内容。
金庸武侠赏析 (随记版)
4 years 4 months ago
中秋翻完了《六神磊磊读金庸》,趁着国庆闭环输出些内容。
Offensive BPF: Detection Ideas
4 years 4 months ago
This post is part of a series about Offensive BPF that I’m working on to learn how BPFs use will impact offensive security, malware and detection engineering.
Click the “ebpf” tag to see all relevant posts.
In the last few posts, we talked about a bpftrace and how attackers can use it to their advantage. This post is about my initial ideas and strategies to detecting malicious usage.
Detecting BPF misuseThere are a set of detection ideas for Blue Teams. Since we primarily talked about bpftrace so far, let’s explore that angle.
Coming Together to Tackle Phishing — For the Greater Good
4 years 4 months ago
Every day, Akamai’s Threat Research team tracks and mitigates phishing attack campaigns to help keep our customers — and their reputations — protected. Recently, they tracked an orchestrated attack campaign comprising more than 9,000 domains and subdomains, mainly targeting victims located in China. The phishing scam was abusing more than 15 high-profile and trusted brands spanning ecommerce, travel, and food & beverage industries. By using well-known brand names, the threat actors attempted to engage victims to participate in a quiz that, once completed, would result in winning an attractive prize. Akamai refers to this malicious modus operandi as a “question quiz” phishing attack campaign.
Akamai Threat Research Team
Attack Campaigns Ramp Up for Organizations Down Under
4 years 4 months ago
DDoS and AppSec attacks impacting the ANZ region (Australia and New Zealand) have been in the headlines of late, with several high profile companies seeing prolonged outages and leading to speculation as to whether the region is being specifically targeted? Let’s take a closer look at the types of attack vectors and malicious activity we’ve seen focused on customers down under.
Tom Emmons
Making the Internet Resilient: Part One
4 years 4 months ago
Think how many websites you visit or videos you stream. Do you check your bank account or transfer money, download apps, play music, share updates on social media, or use the internet for any of the thousands of other digital experiences it enables every day?
Adam Karon
闲聊黑客成长路径
4 years 4 months ago
创造价值绝对是一件美好的事:-)
闲聊黑客成长路径
4 years 4 months ago
创造价值绝对是一件美好的事:-)
闲聊黑客成长路径
4 years 4 months ago
创造价值绝对是一件美好的事:-)
宽字节安全“第二期线下就业班”重磅来袭!!!
4 years 4 months ago
"任何职业都可以成为黑客。" ——引自《黑客伦理与信息时代精神》。线下就业班宽字节安全线下就业班 第二期,于
宽字节安全“第二期线下就业班”重磅来袭!!!
4 years 4 months ago
"任何职业都可以成为黑客。" ——引自《黑客伦理与信息时代精神》。线下就业班宽字节安全线下就业班 第二期,于