转载:零信任安全产品的变与不变
抓住零信任的金线,是理解和落地零信任的第一步,本文作者基于多年甲方实践,带着对零信任深刻的理解和认知,深入洞悉身份和权限对于零信任的灵魂所在,预祝创业成功,为市场和客户带来更好的零信任产品。
Aggregator
职等你来,零鉴科技招人啦!
2 years 4 months ago
叮~你有一份offer待查收!
gospray - Simple LDAP bind-based password spray tool
2 years 4 months ago
On a network and need credentials? Try password spraying the domain controller directly.
A few years ago, I wrote this password spray tool called gospray that was used succesfully in a couple of engagements since. It does an LDAP bind directly against the domain controller to validate credentials. This doesn’t require an SMB server (or other servers) as target. So, it’s pretty quiet and number of concurrent Go routines is configurable.
REvil的故事——身世之谜
2 years 4 months ago
REvil的第一次,起于上一代勒索GandCrab 金盘洗手,退出江湖的前一个月
Commons BeanUtils反序列化
2 years 4 months ago
前言前面在cc2和cc4中我们使用了PriorityQueue类,这个类在cb链中也得到了利用,所以我们来学习一下cb链Apache Commons BeanutilsBeanUtils主要提供...
M1kael
In-App Browsers and Akamai Client-Side Protection & Compliance
2 years 4 months ago
Learn how Akamai's Client-Side Protection & Compliance tracks In-App browser injections to make sure sensitive information is kept safe and private.
Gal Meiri
针对U盘文件的盗与防攻略
2 years 4 months ago
近年来,使用U盘作为介质完成的网络攻击屡见不鲜。本文介绍分析一种在不获取主机控制权限条件下对U盘文件进行读取的方法。
jsoninclude.include.non_null 不起作用问题
2 years 4 months ago
@JsonInclude(JsonInclude.Include.NON_NULL) 注解,1、类上加注解 2、把不起作用属性名改为非驼峰命名法,亦有效。3、属性前加 @JsonProperty 注解,
aomandeshangxiao
Akamai?s Perspective on September?s Patch Tuesday
2 years 4 months ago
Every Patch Tuesday stirs up the community. See Akamai's September insights and recommendations on what to focus on, and patch, patch, patch!
Akamai Security Intelligence Group
September 23rd 2022 Security Releases
2 years 4 months ago
Record-Breaking DDoS Attack in Europe
2 years 4 months ago
On Monday, September 12, 2022, Akamai successfully detected and mitigated the now-largest DDoS attack ever launched.
Craig Sparling & Max Gebhardt
通过websocket在IIS上实现socks5代理
2 years 4 months ago
半块西瓜皮
Kcon 2022
2 years 4 months ago
2022,KCon将以“+1进阶,护航未来”为主题,迈步向前1、名侦探的下午茶:Hunting with Provenance2、构建可审计的公有云安全环境3、Magic in RASP-att...
Hack Inn
VirusTotal APK 病毒检测统计 20220101-20220831
2 years 4 months ago
VirusTotal (简称 VT), 是谷歌旗下一家免费提供可疑文件扫描服务的网站. VT 上有超过50家反病毒引擎提供实时扫描服务. 我们每天收集用户上传到 VT 的 APK 样本以及各家引擎的扫描结果, 并通过保守的策略筛选出数万的良性和恶意样本, 然后统计各家引擎的病毒检测结果.
每天, 我们会生成一个包含各家检测数据的 CSV 文件. 文件中会列出样本的 MD5 哈希值, 标签 (0 标示良性样本, 1 标示恶意样本), 以及各家的检测结果 (0 表示检测为良性样本, 1 表示检测为恶意样本). CSV 文件会被打包并上传到亚马逊 AWS S3. 有兴趣的读者可以下载检验各家杀毒引擎的检测结果.
以下为检测结果的下载链接:
https://virustotal-results.s3-us-west-1.amazonaws.com/VirusTotal_Results_20220101_20220831.zip
下面的表格列出了各家杀毒引擎的统计结果, 其中各列的含义如下:
- Vendor: 杀毒引擎厂商名称
Lifan Xu
VirusTotal APK Malware Detection Data 20220101-20220831
2 years 4 months ago
At Trustlook, we monitor live feed from VirusTotal (VT). On a daily basis, we collect APK samples from VT along with detection results from Anti-Virus (AV) vendors hosted on VT. Using a conservative labeling policy, we are able to select thousands of benign and malicious APK samples from millions of
Lifan Xu
【原创】论如何优雅的注入Java Agent内存马 - rebeyond
2 years 4 months ago
回顾 优雅的构造JPLISAgent 获取JVMTIEnv指针 Windows平台 Linux平台 组装JPLISAgent 动态修改类 Windows平台 Linux平台 植入内存马 后记 参考 回顾 2018年,《利用“进程注入”实现无文件复活 WebShell》一文首次提出memShell(内
rebeyond
Nancy 反序列化漏洞分析 - nice_0e3
2 years 4 months ago
Nancy 反序列化漏洞分析 前言 找一个有意思的NET反序列化案例来看看,水篇文 漏洞分析 Github下载https://github.com/NancyFx/Nancy.Demo.Samples 运行启动 部分工具类在dll中,封装成dll进行引用 漏洞代码位于 Nancy.Security.
nice_0e3
CVE-2022-34747 ZyXel NAS设备格式化字符串漏洞分析与复现
2 years 4 months ago
ZyXel NAS产品中的某个特定二进制程序中存在一个格式化字符串漏洞,可导致攻击者通过精心构造的UDP数据包实现越权远程代码执行。
Takedown: removing malicious content to protect your brand
2 years 4 months ago
How to protect your brand from being exploited online.
CVE-2021-3493 Ubuntu overlayfs privilege escalation vulnerability analysis
2 years 4 months ago
Terenceli