CVE-2020-7961 Liferay Portal 复现分析 - tr1ple
漏洞说明: Liferay是一个开源的Portal(认证)产品,提供对多个独立系统的内容集成,为企业信息、流程等的整合提供了一套完整的解决方案,和其他商业产品相比,Liferay有着很多优良的特性,而且免费,在全球都有较多用户. 该洞是个反序列化导致的rce,通过未授权访问其api传递json数据进
Aggregator
栈溢出笔记-第二天 - Afant1
5 years 11 months ago
上一篇,计算缓冲区大小是通过IDA和gdb调试计算出来的,这次有个小trick. 我们可以用调试工具(例如 gdb)查看汇编代码来确定这个距离,也可以在运行程序时用不断增加输入长度的方法来试探(如果返回地址被无效地址例如“AAAA”覆盖,程序会终止并报错)。 来到vulnerable函数调用。cyc
Afant1
栈溢出笔记-第一天 - Afant1
5 years 11 months ago
1、 最简单函数调用栈图如下 (vc++6.0编译出的汇编代码): push 2,push 1将俩个参数压栈, call 0040100A :将eip要执行的下一条指令入栈,在执行jmp 0040100A push ebp :ebp入栈,保留调用前的栈底 mov ebp,esp 提升堆栈 sub E
Afant1
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 11 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 11 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 11 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 11 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
5 years 11 months ago
向抗击新冠肺炎疫情斗争牺牲烈士,和逝世同胞深切哀悼
博客迁移 - H4lo
5 years 11 months ago
博客迁移 博客迁移至:https://h4lo.github.io/
H4lo
Cyberthreats Targeting Canada, Winter 2019
5 years 11 months ago
The Canadian threat landscape was characterized by a large amount of attack traffic from in-county systems, which can be the most difficult to filter.
Cyberthreats Targeting Canada, Winter 2019
5 years 11 months ago
The Canadian threat landscape was characterized by a large amount of attack traffic from in-county systems, which can be the most difficult to filter.
Cyberthreats Targeting Canada, Winter 2019
5 years 11 months ago
The Canadian threat landscape was characterized by a large amount of attack traffic from in-county systems, which can be the most difficult to filter.
搭建自己的CyberChef
5 years 11 months ago
CyberChef是一个很好很强大的程序,很实用。
由于官方发布的线上地址使用了google统计,为了安全,还是自己搭建或者本地使用。本地就仅限于自己的电脑才可使用。所以搭建自己线上的可以随时使用,方便许多。同时配合Open in CyberChef这个浏览器插件就更加方便。
直接下载官方生成的包,下载地址:https://github.com/gchq/CyberChef/releases
我这里直接上传到github,并且启用github pages。然后绑定解析自己的域名即可线上访问。我这里搭建好的无google统计的地址:https://cyberchef.bacde.me
接下来安装Open in CyberChef 这个chrome插件。插件地址:https://chrome.google.com/webstore/detail/open-in-cyberchef/aandeoaihmciockajcgadkgknejppjdl/related
这样就可以直接右键发送到自己的cyberchef,方便了很多。使用效果如下:
Threat Actors Recycling Phishing Kits in New Coronavirus (COVID-19) Campaigns
5 years 11 months ago
Recently, researchers at Akamai observed phishing attacks leveraging recycled kits in a series of campaigns taking advantage of the Coronavirus (COVID-19) health crisis. Phishing kits that have been previously deployed over the last several months are now being used again in order to reach a new pool of potential victims: those working from home due to self-isolation, mandated quarantine, or corporate policy during the pandemic.
Or Katz
Hunting Tips Mindmap
5 years 11 months ago
全面了解风控决策引擎
5 years 11 months ago
了解决策引擎,助力大数据风控
全面了解风控决策引擎
5 years 11 months ago
了解决策引擎,助力大数据风控
全面了解风控决策引擎
5 years 11 months ago
了解决策引擎,助力大数据风控
Cyberthreats Targeting Australia, Winter 2019
5 years 11 months ago
The Australian threat landscape closely mirrored the threats we observed in Asia, with an added focus on NetBIOS port 139.
Cyberthreats Targeting Australia, Winter 2019
5 years 11 months ago
The Australian threat landscape closely mirrored the threats we observed in Asia, with an added focus on NetBIOS port 139.