Manage Akamai Features at the Edge with EdgeWorkers and EdgeKV
EdgeWorkers and EdgeKV lets you set feature flags that tailor content to different website visitors.
Aggregator
一些网络安全方面的基础科普 - P2 操作系统安全从入门到放弃
3 years 1 month ago
这是一些我很久之前写的课件,当时还年轻,写的肯定有诸多不好的地方,还请见谅
这篇文章主要是介绍了基础概念,详细的分析请关注后续
VeroFess
一份面向Linux下高版本Java的Minecraft参数优化教程
3 years 1 month ago
VeroFess
强制让小米AOD只能亮五分钟的机型保持AOD常亮
3 years 1 month ago
为了轻薄买了个小米的Civi,然后发现AOD五分钟就灭了,你这ADO了个寄吧.jpg
解决方式也很简单,adb shell 进去, 执行
VeroFess
一些网络安全方面的基础科普 - P1 识别恶意软件
3 years 1 month ago
这几天看到了一些比较肆虐而且比较常见的互联网病毒传播,所以专门写篇文章聊一聊这个问题
特别一提,由于本文的性质,本文章为公共领域文章,即在世界范围内放弃本文的所有权利,故任何人都可以以任何方式转载或重新发布
当然,如果你可以保留指向本文章的链接那
VeroFess
Sensor Intel Series: Top CVEs in October 2022
3 years 1 month ago
We spotted a new Microsoft Exchange zero day and more security infrastructure vulns, as well as all of the usual suspects, in this month’s installment on vulnerability targeting.
Sensor Intel Series: Top CVEs in October 2022
3 years 1 month ago
We spotted a new Microsoft Exchange zero day and more security infrastructure vulns, as well as all of the usual suspects, in this month’s installment on vulnerability targeting.
CTF | 2021 PKU GeekGame 1st WriteUp
3 years 1 month ago
第一届PKU GeekGame来了,题目的点套的太多了,太顶了,打得比较自闭。
MiaoTony
Device Code Phishing Attacks
3 years 1 month ago
As more organizations move to hardware tokens and password-less auth (e.g. Yubi-keys, Windows Hello for Business,…) attackers will look for other ways to to trick users to gain access to their data.
One novel phishing technique is by using the OAuth2 Device Authorization Grant.
This post describes how it works with Microsoft AAD as example.
Attacker initiates the phishing flowThe attacker starts a Device Code flow by issuing a request to the device code token endpoint (e.g. https://login.microsoftonline.com/{tenant}.onmicrosoft.com/oauth2/v2.0/devicecode).
Four Steps: Effective API Security Using a Digital Bonding Strategy
3 years 1 month ago
Focus on API security as part of your digital bonding strategy, because APIs are already connecting your business activities.
Abigail Ojeda
A Third of Global Organizations Were Breached Over Seven Times in the Past Year
3 years 1 month ago
【招聘】知其安诚招人才
3 years 1 month ago
友情转载
【招聘】知其安诚招人才
3 years 1 month ago
友情转载
【招聘】知其安诚招人才
3 years 1 month ago
友情转载
【招聘】知其安诚招人才
3 years 1 month ago
友情转载
【招聘】知其安诚招人才
3 years 1 month ago
友情转载
PWNHUB2022冬季赛|年度终局之战,RW赛前试炼
3 years 1 month ago
这么重大的新闻不得提前来爆个料!
PWNHUB2022冬季赛|年度终局之战,RW赛前试炼
3 years 1 month ago
这么重大的新闻不得提前来爆个料!
Ropci deep-dive for Azure hackers
3 years 1 month ago
Misconfigurations with MFA setups are not uncommon when using AAD, especially when federated setups or Pass Through Authentication is configured I have seen MFA bypass opportunities in multiple production tenants.
A common misconfiguration is that MFA is enforced at the federated identity provider, but AAD is forgotten and ROPC authentication still succeeds against AAD.
To learn more about ROPC, check out the previous post about the topic.
This post focuses on the ropci features that can be leveraged post-exploitation.
第三届企业安全建设实践群峰会深圳分会随想
3 years 1 month ago
随便写写