Aggregator

前言 2019 工控安全比赛第一场的一道固件逆向的题目，好像也比较简单，好多人都做出来了。这里就分别从静态和动态调试分析复现一下这个命令执行的洞。 赛题说明 题目给的场景倒是挺真实的：路由器在处理 tddp 协议时出现了命令注入，导致了远程命令执行。就是后面做出来的这个答案的格式咋提交都不对...

对于采用 intent 参数的 Activity Manager 命令，您可以使用以下选项指定 intent：

Kazakhstan is now asking its citizens to install digital certificates so that it can decrypt all online communications. Their methods, however, may leave the population vulnerable to cyber attacks for many years to come.

在 "XposedBridge源码" 中,反射字段的方法封装在 类里面.下面来看看Xposed是如何获取和设置字段的值的 获取字段的值 获取字段的值有许多个方法,有获取基本类型字段的值的方法(getIntField,getLongField,getDoubleField...),也有获取对象类型字段

MLSRC与你相约第四届SSC安全峰会

Similar to April and May, threat actors in June continued targeting the deserialization vulnerabilities found in Oracle WebLogic to mine cryptocurrency.

不想说小红书，无他，有容乃大~

At Akamai, we believe innovation is only possible when the various viewpoints and experiences of a collective, culminate to make a great idea. It is the variety of these ideas which is important. Why does diversity of thought matter? When...

What you need to know before buying artificially intelligent security products

In June 2019, logs on my personal website recorded markers that were clearly Remote File Inclusion (RFI) vulnerability attempts. The investigation into the attempts uncovered a campaign of targeted RFI attacks that currently are being leveraged to deploy phishing kits....

上周跟yitao探讨2019年Gartner EPP MQ魔力象限的时候，回想起当年第一次看Gartner

搞了快三个小时才出来_(:з」∠)_几乎白给 雷泽太强了！ 简单逆向后可以知道 该程序具有注册和登陆功能 注册后会给name赋值为userx，而get_flag的需求为name==adminx passwd成员存储原始密码加盐（随机数）加密后的结果 code成员存储其他成员加盐（随机数）加密后的结果 登录时校验passwd和code Struct: 00000000 User ...

A vast majority of organisations have no visibility into encrypted traffic, nor do they have protection against automated attackers. F5 Labs' Preston Hogue writes for CSO Australia, discussing the integrity of encryption.

Attackers use the Domain Name System (DNS) as a weapon against unsuspecting victims to bring down their websites.

也许再过几年，我也会不记得当时的好多细节了...

首先声明一下，笔者并不投资美股，当初关注网络安全ETF开放式基金的情况，只是单纯希望从资本市场的角度来认知和

Find out why we care so much about application security, how applications have grown into the weird beasts that they are today, and how our work fits into the bigger picture of securing and running an application.