Aggregator

该漏洞主要是由于SerializationBinder的错误使用导致反序列化白名单的绕过，从而实现任意命令执行。触发漏洞的功能与CVE-2021-42321一致。

Sustainability professionals from around the world convened in New York City for Climate Week NYC 2022, exploring the theme of the week to ?get it done.?

Read about our new Postman collections, the latest Akamai PowerShell release, our improvements to Edge Diagnostics, and how to quickly integrate Linode with Akamai.

This blog will officially wrap up our 2022 Cybersecurity Awareness Month blog series — today we have a special interview from Marian Merritt, deputy director, lead for industry engagement for the National Initiative for Cybersecurity Education (NICE)! Marian will be discussing the importance of recognizing and reporting phishing incidents in detail. A phishing attack is an attempt to fool an individual into sharing private information or taking an action that gives criminals access to your accounts, your computer, login credentials or even your network. This week’s Cybersecurity Awareness

1024 程序员节快乐

《Web安全攻防从入门到精通》获奖名单

这是真事不是~~

前言示意图学习这个知识点之后，就可以面向数据库操作了先就是简单的与数据库交互的操作,但在这之前需要下载自己需要的对应数据库驱动这里以mysql为例：mysql的驱动package com.mte...

在某次的HW行动中，遇到某目标单位的数据库审计系统开放到了公网上，在尝试了默认口令口发现可以进入到后台。但是只是进入后台不足以完成任务，于是就开始了此次对此数据库审计系统的RCE挖掘之旅。

长远目标当然不仅仅是关个机

#Merlin 远控二次开发## 源码分析###

Internet threats have made businesses (and people) vulnerable. Learn how to maintain effective security against cyberthreats with Secure Internet Access.

0x00 前言

本文的测试目标是一个抓包的APP，可以使用hook或者代理的方式来获取高级功能，如解密HTTPS流量、重写HTTP请求以及重放等功能。由于个人账户（没有付费成为苹果开发者账号）的限制，注入打包后，无法正常使用抓包功能，因此算是一篇半成品，不过本文主要提供一些思路以及介绍一下数据之间的转换。

0x00 前言

前段时间有这样一个需求，需要抓一下IOS端下appsflyer这个平台的数据，于是就帮忙看了一下。这里其实和APP没多大关系，需要接入appsflyer这个平台的APP就可以，然后将抓包获取的加密数据进行解密。

0x00 前言

某CMS的验证码是简单的计算验证码，都是一位数的加减乘除运算，之前尝试用分割的方法识别，但成功率较低。后来采用了pytorch训练后进行识别，可以达到98%以上的识别率，于是整理一下过程，水一篇文章。

0x01 前言

5月中旬的时候，猿人学举行了一个APP爬虫大赛，共设10题，主要涉及Android反混淆，双向认证，tls指纹对抗等技术。而且只需要答对一题就有参与奖，即可获得一件猿人学定制T恤。另外第一题不涉及so，仅涉及java层加密。为了T恤，立马去报了名参赛。

Summary SOCRadar, a cyber intelligence company, has reported that they have discovered a data leakfrom a Microsoft Azure Blob Storage location. Microsoft has acknowledged the incident. However, details on the severity of the leak vary between Microsoft and the SOCRadar report. Threat Type Data Leak Overview Microsoft has published a blog on their Security Response Center in response to a report from a cyber intelligence company called SOCRadar. SOCRadar discovered and reported on a data leak in a misconfig

Great news! An article about ropci is in the latest free issue of the Pentest Magazine! The article has a lot more info then my ropci blog post or the info on the ropci Github repo. Get your copy and check it out! It also has an article about Nuclei, one of my favorite tools. Cheers. Link: https://pentestmag.com/product/pentest-open-source-pentesting-toolkit

This post will highlight a pattern I have seen across multiple production Microsoft Azure Active Directory tenants which led to MFA bypasses using ROPC. The key take-away: Always enforce MFA! Sounds easy, but there are often misconfigurations and unexpected exceptions. So, test your own AAD tenant for ROPC based MFA bypass opportunities. Github: https://github.com/wunderwuzzi23/ropci Update: The latest free issue of Pentest Magazine has a ropci article. Check it out. What is ROPC?

Widespread adoption of multicloud architecture presents challenges in securing applications. Learn about the benefits of deploying security controls on the edge.