从 CVE-2020-17144 看实战环境的漏洞武器化
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
Aggregator
从 CVE-2020-17144 看实战环境的漏洞武器化
5 years 3 months ago
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
从 CVE-2020-17144 看实战环境的漏洞武器化
5 years 3 months ago
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
从 CVE-2020-17144 看实战环境的漏洞武器化
5 years 3 months ago
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
从 CVE-2020-17144 看实战环境的漏洞武器化
5 years 3 months ago
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
从 CVE-2020-17144 看实战环境的漏洞武器化
5 years 3 months ago
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
从 CVE-2020-17144 看实战环境的漏洞武器化
5 years 3 months ago
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
从 CVE-2020-17144 看实战环境的漏洞武器化
5 years 3 months ago
漏洞本身有趣的成因和触发条件,在利用时无需明文密码,只要具备NTHash即可成功,在利用方式上会相对更加灵活。同时,存在漏洞的功能点本身具备持久化功能,利用成功后将直接进行持久化行为,在不修复漏洞的情况下将永远存在。
Actively protecting pen testers and pen testing assets
5 years 3 months ago
Today FireEye shared that they were victim of a cyberattack and internal red teaming tooling was accessed by adversaries. More details in this NYT article.
This reminded me that I wanted to do a post on actively protecting pen testers and pen testing assets for a while.
Against persistent adversaries it is only a matter of time when they succeed, not if they will succeed. The big question is do you know when an adversary starts poking around, and when they succeed?
The Three Main Cybersecurity Career Paths
5 years 3 months ago
We explore the three general job roles and skill sets in cybersecurity: engineering defenses, testing security, and responding to cyberattacks.
The Three Main Cybersecurity Career Paths
5 years 3 months ago
We explore the three general job roles and skill sets in cybersecurity: engineering defenses, testing security, and responding to cyberattacks.
The Three Main Cybersecurity Career Paths
5 years 3 months ago
We explore the three general job roles and skill sets in cybersecurity: engineering defenses, testing security, and responding to cyberattacks.
Tomcat容器攻防笔记之Servlet内存马
5 years 3 months ago
人望山,鱼窥荷
Tomcat容器攻防笔记之Servlet内存马
5 years 3 months ago
人望山,鱼窥荷
Tomcat容器攻防笔记之Servlet内存马
5 years 3 months ago
人望山,鱼窥荷
Tomcat容器攻防笔记之Servlet内存马
5 years 3 months ago
人望山,鱼窥荷
Tomcat容器攻防笔记之Servlet内存马
5 years 3 months ago
人望山,鱼窥荷
Security Update Guide: Let's keep the conversation going
5 years 3 months ago
Hi Folks,
We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able to run the new application.
Security Update Guide: Let's keep the conversation going
5 years 3 months ago
Hi Folks,
We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able to run the new application.
Phishing Summary 2020—Trends and Highlights
5 years 3 months ago
2020 was a challenging year for many of us, as the COVID-19 pandemic disrupted life and introduced challenges in almost all elements of living. 2020 was also challenging from a cybersecurity point of view, as nearly the entire workforce moved...
Or Katz