栈溢出笔记-第二天 - Afant1
上一篇,计算缓冲区大小是通过IDA和gdb调试计算出来的,这次有个小trick. 我们可以用调试工具(例如 gdb)查看汇编代码来确定这个距离,也可以在运行程序时用不断增加输入长度的方法来试探(如果返回地址被无效地址例如“AAAA”覆盖,程序会终止并报错)。 来到vulnerable函数调用。cyc
Aggregator
栈溢出笔记-第一天 - Afant1
5 years 2 months ago
1、 最简单函数调用栈图如下 (vc++6.0编译出的汇编代码): push 2,push 1将俩个参数压栈, call 0040100A :将eip要执行的下一条指令入栈,在执行jmp 0040100A push ebp :ebp入栈,保留调用前的栈底 mov ebp,esp 提升堆栈 sub E
Afant1
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 2 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 2 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 2 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 2 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 2 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
博客迁移 - H4lo
5 years 2 months ago
博客迁移 博客迁移至:https://h4lo.github.io/
H4lo
Cyberthreats Targeting Canada, Winter 2019
5 years 2 months ago
The Canadian threat landscape was characterized by a large amount of attack traffic from in-county systems, which can be the most difficult to filter.
搭建自己的CyberChef
5 years 2 months ago
CyberChef是一个很好很强大的程序,很实用。
由于官方发布的线上地址使用了google统计,为了安全,还是自己搭建或者本地使用。本地就仅限于自己的电脑才可使用。所以搭建自己线上的可以随时使用,方便许多。同时配合Open in CyberChef这个浏览器插件就更加方便。
直接下载官方生成的包,下载地址:https://github.com/gchq/CyberChef/releases
我这里直接上传到github,并且启用github pages。然后绑定解析自己的域名即可线上访问。我这里搭建好的无google统计的地址:https://cyberchef.bacde.me
接下来安装Open in CyberChef 这个chrome插件。插件地址:https://chrome.google.com/webstore/detail/open-in-cyberchef/aandeoaihmciockajcgadkgknejppjdl/related
这样就可以直接右键发送到自己的cyberchef,方便了很多。使用效果如下:
Threat Actors Recycling Phishing Kits in New Coronavirus (COVID-19) Campaigns
5 years 2 months ago
Recently, researchers at Akamai observed phishing attacks leveraging recycled kits in a series of campaigns taking advantage of the Coronavirus (COVID-19) health crisis. Phishing kits that have been previously deployed over the last several months are now being used again in order to reach a new pool of potential victims: those working from home due to self-isolation, mandated quarantine, or corporate policy during the pandemic.
Or Katz
Hunting Tips Mindmap
5 years 2 months ago
全面了解风控决策引擎
5 years 2 months ago
了解决策引擎,助力大数据风控
全面了解风控决策引擎
5 years 2 months ago
了解决策引擎,助力大数据风控
全面了解风控决策引擎
5 years 2 months ago
了解决策引擎,助力大数据风控
Cyberthreats Targeting Australia, Winter 2019
5 years 2 months ago
The Australian threat landscape closely mirrored the threats we observed in Asia, with an added focus on NetBIOS port 139.
Cybersecurity Attacks - Red Team Strategies has been released.
5 years 2 months ago
Announcement After countless evenings and weekends in coffee shops, and multiple vacations with the laptop, I’m excited to announce that my first book has been published. It took 18 months from writing the first words (at Victrola Coffee Roasters on Capitol Hill by the way) to finishing this project just a few days ago.
Looking back its amazing how this all came together. The first intial draft had 100 pages, and in the end it ended up being 524 pages.
ysoserial-C3P0 分析 - tr1ple
5 years 2 months ago
环境准备: pom: <!-- https://mvnrepository.com/artifact/com.mchange/c3p0 --> <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> <ver
tr1ple
The Vollgar Campaign: MS-SQL Servers Under Attack
5 years 2 months ago
Guardicore Labs uncovers an attack campaign that?s been under the radar for almost two years, breaching MS-SQL servers and infecting them with remote-access tools and cryptominers.
Ophir Harpaz
使用docker一键快速部署ezXSS
5 years 2 months ago
0x01 概述本文将介绍使用docker一键快速部署ezXSS,让你快速实现xss盲打。
独自等待