浅谈DDos攻击与防御
最近重新拜读了道哥的经典力作《白帽子讲Web安全》一书,发觉好书看一遍是不够的,每次品味都有不同的味道。道哥
Aggregator
给Twitter设计个安全修复方案
5 years 8 months ago
不要神化国外的安全建设Twitter的苦衷要解决的问题设计安全方案的原则访问控制架构注意事项不要神化国外的安
给Twitter设计个安全修复方案
5 years 8 months ago
不要神化国外的安全建设Twitter的苦衷要解决的问题设计安全方案的原则访问控制架构注意事项不要神化国外的安
null 2.0 - Call for Initiative
5 years 8 months ago
Take up the initiative, start a null chapter in your city We are starting the new era of our open security community as null 2.0 and we would like to make an open appeal to all the people who want to be a part of this wonderful security community.
OXID_Find:通过OXID解析器获取Windows远程主机上网卡地址
5 years 8 months ago
C++OXID_Find 通过OXID解析器获取Windows远程主机上网卡地址
OXID_Find:通过OXID解析器获取Windows远程主机上网卡地址
5 years 8 months ago
C++OXID_Find 通过OXID解析器获取Windows远程主机上网卡地址
谈谈云服务和 SLA
5 years 8 months ago
云服务在宣传时往往会强调:永远在线、永远可用、永不丢失。但是我们心里都明白,现实离这个差远了。GitHub 在过去 30 天累计宕机 5 次,这已经是非常严重的事故了。既然如此,我们应该信赖云计算以及其他 PaaS、SaaS 业务么?如何衡量一个云服务的可靠程度?
Sukka
Introducing the Cryptonice HTTPS Scanner
5 years 8 months ago
F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.
Introducing the Cryptonice HTTPS Scanner
5 years 8 months ago
F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.
Introducing the Cryptonice HTTPS Scanner
5 years 8 months ago
F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.
浅谈中间件漏洞与防护
5 years 8 months ago
中间件漏洞可以说是最容易被web管理员忽视的漏洞,原因很简单,因为这并不是应用程序代码上存在的漏
浅谈中间件漏洞与防护
5 years 8 months ago
中间件漏洞可以说是最容易被web管理员忽视的漏洞,原因很简单,因为这并不是应用程序代码上存在的漏
浅谈中间件漏洞与防护
5 years 8 months ago
中间件漏洞可以说是最容易被web管理员忽视的漏洞,原因很简单,因为这并不是应用程序代码上存在的漏
GCSB condemns targeting of COVID-19 vaccine development by cyber-actors
5 years 8 months ago
The Director-General of the Government Communications Security Bureau (GCSB) Andrew Hampton is aware of the cyber-security advisory issued by the United Kingdom, United States and Canada regarding state sponsored malicious cyber activity targeting organisations involved in COVID-19 vaccine development.
frsocks+protoplex+流量重定向实现端口复用
5 years 8 months ago
sunshine师傅提到的端口复用方案,实践并分享一下。
frsocks+protoplex+流量重定向实现端口复用
5 years 8 months ago
sunshine师傅提到的端口复用方案,实践并分享一下。
How Credential Stuffing Is Evolving
5 years 8 months ago
Cred stuffing isn't going away. Shape's Jarrod Overson writes for InformationSecurityBuzz, examining the ROI of cred stuffing for attackers, and the evolution to "imitation attacks".
腾讯蓝军安全通告:WebLogic远程代码执行漏洞(CVE-2020-14645)
5 years 8 months ago
Oracle官方发布WebLogic安全更新,修复严重漏洞。
Remotely debugging Firefox instances
5 years 8 months ago
Previously I talked about remotely debugging Chrome, and we also covered the latest Microsoft Edge browser along the way.
These features allow an adversary to gain access to authentication tokens and cookies. See MITRE ATT&CK Technique T1539: Steal Web Session Cookie as well for this.
What about Firefox?For a while I was wondering if (my favorite) browser Firefox has such debugging features as well, and how one could detect malware trying to exploit it.
CVE-Flow:CVE EXP监控和预测
5 years 8 months ago
致力于打造一款好用的CVE威胁情报服务。