Aggregator

Java ASM3学习(2) - tr1ple

tr1ple(Wfzsec)
5 years ago
1.编译后的方法区,其中存储的代码都是一些字节码指令 2.Java虚拟机执行模型: java代码是在一个线程内部执行,每个线程都有自己的执行栈,栈由帧组成,每个帧表示一个方法的调用,每调用一个方法,都将将新的帧压入执行栈,方法返回时(不管是整成return还是异常返回),该方法对应的帧都将出栈,即按
tr1ple

Brazil Targeted by Phishing Scam Harnessing COVID-19 Fears

The Akamai Blog
5 years ago
Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.
Or Katz

从更深层面看Shiro Padding Oracle漏洞

小陈的Life
5 years ago
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序

临时处理OCSP域名无法访问的问题

Holmesian Blog
5 years ago
之前的文章有提到过OCSP,现在本站用的 SSL 证书换成了 Let's Encrypt ,近期由于众所周知的原因,国内无法直接访问 Let's Encrypt 的 OSCP 域名,导致出现了不...
Holmesian

Java Instrumentation插桩技术学习 - tr1ple

tr1ple(Wfzsec)
5 years ago
Instrumentation基础 openrasp中用到了Instrumentation技术,它的最大作用,就是类的动态改变和操作。 使用Instrumentation实际上也可以可以开发一个代理来监视jvm的上运行的程序,可以动态的替换类的定义,就可以达到虚拟机级别的AOP实现,随时可以为应用增
tr1ple

Hunting for credentials and building a credential type reference catalog

Embrace The Red
5 years ago
Adversaries are leveraging widely exposed clear text credentials to gain access to sensitive information. At times the term “harvesting credentials” is used when red teamers emulate these attacks - which is something that appears to be more opportunistic and I would propose that security teams start to actively hunt for credential exposure that can put their organization at risk – in case you are not yet doing that. Actively hunting for credential exposure The idea of credential hunting is targeted and focused, leveraging intelligence about systems and combing it with powerful search techniques to identify exposure.

Managed ad