Aggregator

基于 OpenSSL 实现国密 SM4 加解密(link is external)

她和她的猫
3 years 7 months ago
if (!in_array('sm4-cbc', openssl_get_cipher_methods())) { printf("不支持 sm4\n"); } $key = 'her-cat.com'; $iv = random_bytes(openssl_cipher_iv_length('sm4-cbc')); $plaintext = '她和她的猫'; $ciphertext = openssl_encrypt($plaintext, 'sm4-cbc', $key, OPENSSL_RAW_DATA , $iv); printf("加密结果: %s\n", bin2hex($ciphertext)); $original_plaintext = openssl_decrypt($ciphertext, 'sm4-cbc', $key, OPENSSL_RAW_DATA , $iv); p

UPX Packed Headaches(link is external)

The Akamai Blog
3 years 7 months ago
Researching malware has many challenges. One of those challenges is obfuscated code and intentionally corrupted binaries. To address challenges like this, we've written a small tool in C that could fix intentionally corrupted binaries automatically. We also plan to open-source the project so other researchers could use it too, and perhaps improve and expand upon the tool's capabilities as needed.
Akamai SIRT

A New Attack Surface on MS Exchange Part 3 - ProxyShell!(link is external)

DEVCORE 戴夫寇爾
3 years 7 months ago

This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021! Please visit the following link to read that :)

If you are interesting in more Exchange Server attacks, you can also check our series of articles:

With ProxyShell, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server through an exposed 443 port! Here is the demonstration video:

Managed ad