Aggregator

背景 在复现vulhub上的漏洞ActiveMQ Deserialization Vulnerability (CVE 2015 5254)时，发现官方文档给出反弹shell的payload 其他部分倒是没什么说的，只是对其中的形如{command,parameter}的方式执行命令不是很理解，遂查

(0) 前言Burpsuite的Intruder功能可以对目标进行多线程爆破，比如账号密码爆破，验证码爆破等

F5 Labs' David Warburton writes for Venafi, explaining one of the key strategies for improving the use of OCSP for certificate revocation.

前言 前两天朋友给我发来一个题目，问我能不能用C语言链表实现。 13个人围成一圈，从第1个人开始顺序报号1，2，3。凡报到“3”者退出圈子，找出最后留在圈

看完三篇文章应该就懂了csp是干嘛的。 https://www.cnblogs.com/Wayou/p/intro_to_content_security_policy.html https://www.w3.org/TR/CSP3/ http://drops.xmd5.com/static/dro

We surveyed infosec professionals from organizations with at least 5,000 employees to investigate the qualitative differences in running a security program at scale. We also distill 5 principles you can use to have a better chance at success.

笔者就今年的十大科技趋势做一次通俗易懂的解读方便大家理解。每个部分都包含具体的落地案例，会让你觉得这些科技就在身边。

F5 Labs' David Warburton writes for Venafi, discussing the different methods for checking a certificate's status, and their relative benefits.

看bolt，破thunder

看bolt，破thunder

看bolt，破thunder

看bolt，破thunder

看bolt，破thunder

有针对性的熟悉东西审计就是快

有针对性的熟悉东西审计就是快

有针对性的熟悉东西审计就是快

有针对性的熟悉东西审计就是快

Introduction This is a paper published in ACSAC 2018. In this paper, the author introduces a method to automatically generate exploitation primitives during the web browser exploitation. In this paper, the author uses CVE-2016-9079 as an example to demonstrate their work, which happens to be analysed in my post before. In this post, I’d like […]