Aggregator
CodeQL静态代码扫描之实现关联接口、入参、和危险方法并自动化构造payload及抽象类探究
5 years 5 months ago
CodeQL静态代码扫描之实现关联接口、入参、和危险方法并自动化构造payload及抽象类探究
5 years 5 months ago
Linux tracing - kprobe, uprobe and tracepoint
5 years 5 months ago
Terenceli
CobaltStrike Argue 原理 - 翻译文
5 years 5 months ago
突然好奇 argue 原理,于是有了此文
Sariel.D
华硕路由器远程代码执行漏洞通告
5 years 5 months ago
华硕路由器远程代码执行漏洞通告
华硕路由器远程代码执行漏洞通告
5 years 5 months ago
华硕路由器远程代码执行漏洞通告
Special Delivery: Criminals Posing as Amazon Are Out to Steal User’s Data
5 years 5 months ago
One of the joys of online shopping is instant gratification – your purchases arrive on your doorstep in just a few...
The post Special Delivery: Criminals Posing as Amazon Are Out to Steal User’s Data appeared first on McAfee Blog.
McAfee
成神赞歌的前奏
5 years 5 months ago
起码现在是季更博主了呢
成神赞歌的前奏
5 years 5 months ago
起码现在是季更博主了呢
成神赞歌的前奏
5 years 5 months ago
起码现在是季更博主了呢
成神赞歌的前奏
5 years 5 months ago
起码现在是季更博主了呢
成神赞歌的前奏
5 years 5 months ago
起码现在是季更博主了呢
HAProxy 区分流量特征
5 years 5 months ago
无意之中发现博客会间歇性无法访问,具体表现为部分请求长时间被 pengding ,一直处于 stalled 状态,复现条件不明确,时而出现时而正常。一开始还以为是这个评论中描述的因为OCSP 封...
Holmesian
Illusion of Control: Capability Maturity Models and Red Teaming
5 years 5 months ago
Throughout my career I have been fascinated with quality assurance and testing, especially security testing and red teaming. One discussion that comes up frequently is how to measure the maturity of such programs and processes.
My answer is straight forward as there are already existing frameworks that can be leveraged, adjusted and borrowed from to fit the needs of offensive security programs.
You are likely familiar or have at least heard of the Capability Maturity Model Integration from Carnegie Mellon University. In particular CMMI defines five levels to measure software engineering processes as follows:
2020 APR, Vol. 1: APIs, Architecture, and Making Sense of the Moment
5 years 5 months ago
APIs have become critical for business online, but they are also leading to more security incidents, most of which should have been preventable.
2020 Application Protection Report, Volume 1: APIs, Architecture, and Making Sense of the Moment
5 years 5 months ago
Securing APIs demands a new approach. See what we can learn from API incidents and where to begin.
Response to the Office of the Inspector General of Intelligence and Security report on certain events in Afghanistan between 2009 and 2013
5 years 5 months ago
记一次惊心动魄的XSS
5 years 5 months ago
有相同经历的小伙伴来举个爪。
基于Redis的扫描器任务调度设计方案
5 years 5 months ago
最近在研究扫描器任务调度相关的东西,几番折腾后有些个人心得,心想需记录下来,避免遗忘,也当作是