Aggregator

向抗击新冠肺炎疫情斗争牺牲烈士，和逝世同胞深切哀悼

博客迁移 博客迁移至：https://h4lo.github.io/

The Canadian threat landscape was characterized by a large amount of attack traffic from in-county systems, which can be the most difficult to filter.

CyberChef是一个很好很强大的程序,很实用。

由于官方发布的线上地址使用了google统计，为了安全，还是自己搭建或者本地使用。本地就仅限于自己的电脑才可使用。所以搭建自己线上的可以随时使用，方便许多。同时配合Open in CyberChef这个浏览器插件就更加方便。

直接下载官方生成的包，下载地址：https://github.com/gchq/CyberChef/releases

我这里直接上传到github，并且启用github pages。然后绑定解析自己的域名即可线上访问。我这里搭建好的无google统计的地址：https://cyberchef.bacde.me

接下来安装Open in CyberChef 这个chrome插件。插件地址:https://chrome.google.com/webstore/detail/open-in-cyberchef/aandeoaihmciockajcgadkgknejppjdl/related

这样就可以直接右键发送到自己的cyberchef，方便了很多。使用效果如下：

Recently, researchers at Akamai observed phishing attacks leveraging recycled kits in a series of campaigns taking advantage of the Coronavirus (COVID-19) health crisis. Phishing kits that have been previously deployed over the last several months are now being used again in order to reach a new pool of potential victims: those working from home due to self-isolation, mandated quarantine, or corporate policy during the pandemic.

了解决策引擎，助力大数据风控

The Australian threat landscape closely mirrored the threats we observed in Asia, with an added focus on NetBIOS port 139.

Announcement After countless evenings and weekends in coffee shops, and multiple vacations with the laptop, I’m excited to announce that my first book has been published. It took 18 months from writing the first words (at Victrola Coffee Roasters on Capitol Hill by the way) to finishing this project just a few days ago. Looking back its amazing how this all came together. The first intial draft had 100 pages, and in the end it ended up being 524 pages.

环境准备： pom: <!-- https://mvnrepository.com/artifact/com.mchange/c3p0 --> <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> <ver

Guardicore Labs uncovers an attack campaign that?s been under the radar for almost two years, breaching MS-SQL servers and infecting them with remote-access tools and cryptominers.

0x01 概述本文将介绍使用docker一键快速部署ezXSS，让你快速实现xss盲打。

三大运行商频段分配 2G/3G/4G 2G P-GSM，基准GSM-900频带 E-GSM，扩展GSM-900频带（包括基准GSM-900频带） R-GSM，铁路GSM-900频带（包括基准和扩展GSM-900频带） T-GSM，集群无线系统-GSM ER-GSM900，即为Extended Rai

0x01 概述移动APP测试需要一个好的模拟器，之前一直用夜神的，但是广告太多，找了好久，终于找到一个好用的，推荐给大家。

作为该专题的第二篇文章，将以一款智能灯泡为例，对BLE设备的分析方法进行简单介绍，同时对上一篇文章中的BLE基础知识做一个回顾。

安装

入口: https://help.semmle.com/codeql/codeql-cli/procedures/get-started.html
下载地址: https://github.com/github/codeql-cli-binaries/releases
license: https://securitylab.github.com/tools/codeql/license

这个是之前受邀在freebuf公开课的视频，主要是使用零信任架构进行远程办公，过程的一些考虑和实际使用情况，和公众号之前的图文内容差不多，略有扩充。

作为这个专题的第一篇文章，我们将这篇中简要叙述一下BLE协议和Android关于BLE相关的接口，这些内容比较倾向于基础知识，在专题后续的文章中有很多处都会用到这些知识点。