Aggregator

资深 = 理论深度+行动实践+经验积累

网络安全和隐私保护是公司的最高纲领安全支撑组织架构SDL实践需求设计开发阶段上线前测试时应急响应供应链安全白

新基建 | 智慧生活，从智能安全开始

友情转载，欢迎下载阅读。

这雨夜太漫长 失眠的我 在谁梦里 歌唱　　搞安全的应该都知道端口扫描在渗透测试、漏洞扫描过程中的重要性，其与

今天凑空研究了下Supervisord，这是一款linux进程管理工具，使用python开发，主要用于在后台

之前写了一个基于python的一句话木马客户端程序，这个程序的作用大致就是为了绕过防护设备，使敏感数据能在网

Fork炸弹（fork bomb）在计算机领域中是一种利用系统

最近重新拜读了道哥的经典力作《白帽子讲Web安全》一书，发觉好书看一遍是不够的，每次品味都有不同的味道。道哥

不要神化国外的安全建设Twitter的苦衷要解决的问题设计安全方案的原则访问控制架构注意事项不要神化国外的安

C++OXID_Find 通过OXID解析器获取Windows远程主机上网卡地址

云服务在宣传时往往会强调：永远在线、永远可用、永不丢失。但是我们心里都明白，现实离这个差远了。GitHub 在过去 30 天累计宕机 5 次，这已经是非常严重的事故了。既然如此，我们应该信赖云计算以及其他 PaaS、SaaS 业务么？如何衡量一个云服务的可靠程度？

F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.

中间件漏洞可以说是最容易被web管理员忽视的漏洞，原因很简单，因为这并不是应用程序代码上存在的漏

sunshine师傅提到的端口复用方案，实践并分享一下。

Cred stuffing isn't going away. Shape's Jarrod Overson writes for InformationSecurityBuzz, examining the ROI of cred stuffing for attackers, and the evolution to "imitation attacks".

Previously I talked about remotely debugging Chrome, and we also covered the latest Microsoft Edge browser along the way. These features allow an adversary to gain access to authentication tokens and cookies. See MITRE ATT&CK Technique T1539: Steal Web Session Cookie as well for this. What about Firefox? For a while I was wondering if (my favorite) browser Firefox has such debugging features as well, and how one could detect malware trying to exploit it.

致力于打造一款好用的CVE威胁情报服务。

A technique on Windows that is less known is how to do basic port-proxying. Proxying ports is useful when a process binds on one (maybe only the local) interface and you want to expose that endpoint on another network interface. Let’s say you have an existing process that listens only on the loopback interface, and you want to expose it remotely. Or there are two network interfaces and you want expose traffic from one to the other (maybe some evil persistence for port 3389) - or think of basic pivoting.