Aggregator

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

又是一年 …

又是一年 …

又是一年 …

我们实验室于近期推出了一个工控安全资讯搜集与分享工具（https://cert.plcscan.org），长久…

有续篇还是没续篇，这是一个问题。

有续篇还是没续篇，这是一个问题。

有续篇还是没续篇，这是一个问题。

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

今年是书单汇总的第五年，看得书不多，玩的游戏看的番

今年是书单汇总的第五年，看得书不多，玩的游戏看的番

Bleichenbacher attacks will likely continue to pop up until TLS 1.3 is fully adopted, which could take years.

Bleichenbacher attacks will likely continue to pop up until TLS 1.3 is fully adopted, which could take years.

这个漏洞本是2014年时候被人发现的，本着学习的目的，我来做个详细的分析。漏洞虽然很早了，新版的Drupal甚至已经改变了框架的组织方式。但是丝毫不影响对于漏洞的分析。这是一个经典的使用PDO，但是处理不当，导致SQL语句拼接从而导致注入的问题。从这个问题，以及以往我见过的很多的漏洞来看，我不得不说

In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.