Aggregator

Security metrics are an interesting topic. Over the years I used “scores” as a tool to identify and shine light on problematic areas or highlight lack of engineering and security quality of certain teams. A security score should not seen as an objective or absoulte measure, but it allows to compare systems with each other at a relative scale, and by sharing the score it makes people ask questions. I have seen showing management ask vivid questions when they see a chart with their service and a score next to it:

分享几个小视频。（滑稽脸）

从二进制角度对CobaltStrike Beacon的一个简单分析...

从二进制角度对CobaltStrike Beacon的一个简单分析...

从二进制角度对CobaltStrike Beacon的一个简单分析...

从二进制角度对CobaltStrike Beacon的一个简单分析...

从二进制角度对CobaltStrike Beacon的一个简单分析...

从二进制角度对CobaltStrike Beacon的一个简单分析...

从二进制角度对CobaltStrike Beacon的一个简单分析...

freebsd内核内存分配器安全特性分析

2020 对我来说是比较难忘的一年，工作上负责的项目进展不合预期，生活上因为疫情被困在家里，没法出去旅游，压力很大经常失眠。不过回顾这一年，经过不断的反思和复盘，自己的认知能力得到了很大提高，解...

记录了一次简单的渗透过程，多种工具配合使用。

This is the first in a multi-part blog series on cryptography and the Domain Name System (DNS). As one of the earliest protocols in the internet, the DNS emerged in an era in which today’s global network was still an experiment. Security was not a primary consideration then, and the design of the DNS, like […]

The post The Domain Name System: A Cryptographer’s Perspective appeared first on Verisign Blog.

今天我们将从三个方面来探讨一下MQTT的安全性，分别是登陆认证问题、权限控制问题以及Broker自身安全性的问题。

今天我们将从三个方面来探讨一下MQTT的安全性，分别是登陆认证问题、权限控制问题以及Broker自身安全性的问题。