Aggregator

HTTP/2 Request Smuggling

The Akamai Blog
4 years 10 months ago
HTTP Request Smuggling (also known as an HTTP Desync Attack) has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different implementations of the HTTP Standards, particularly within proxy servers and Content Delivery Networks (CDNs).These implementation differences with regard to how proxy servers interpret the construction of web requests have led to new request smuggling vulnerabilities. (Direct link to information on new vulnerability).
Ryan Barnett

HTTP/2 Request Smuggling

The Akamai Blog
4 years 10 months ago
HTTP Request Smuggling (also known as an HTTP Desync Attack) has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different implementations of the HTTP Standards, particularly within proxy servers and Content Delivery Networks (CDNs).These implementation differences with regard to how proxy servers interpret the construction of web requests have led to new request smuggling vulnerabilities. (Direct link to information on new vulnerability).
Ryan Barnett

邮箱信息收集

漕河泾小黑屋
4 years 10 months ago
前言web 无法撕口子咋办?钓鱼呗, 钓鱼作为常用渗透手段,本篇文章主要分享一些邮箱信息收集手法。请勿用于非法用途

邮箱信息收集

漕河泾小黑屋
4 years 10 months ago
前言web 无法撕口子咋办?钓鱼呗, 钓鱼作为常用渗透手段,本篇文章主要分享一些邮箱信息收集手法。请勿用于非法用途

ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group

X-Force Exchange - Collection Feed
4 years 10 months ago
Summary IBM Security X-Force researchers have published a blog on Security Intelligence with additional information related to a recent Black Hat speaking engagement on ITG18's TTPs. Threat Type Threat Group, Malware Overview A supplemental blog from IBM Security X-Force researchers has uncovered more information on ITG18 on the heels of a Black Hat speaking engagement. According to researchers, continued analysis led to the observation of the successful compromise of victims within the Iranian reformist mo

邮箱信息收集

漕河泾小黑屋
4 years 10 months ago
前言web 无法撕口子咋办?钓鱼呗, 钓鱼作为常用渗透手段,本篇文章主要分享一些邮箱信息收集手法。请勿用于非法用途

施耐德充电桩漏洞挖掘之旅

BaCde's Blog
4 years 10 months ago

大家好,我是BaCde,今天来说一说2020年底针对施耐德充电桩的漏洞挖掘过程。此次挖掘最终实现了通过远程无需用户交互场景下实现Root权限shell获取(一键远程Rootshell获取)。官方已经于今年7月份公布漏洞补丁以及相应的CVE编号。

0x01 为什么选择施耐德?

作为车联网安全研究来说,充电桩作为车联网必要组成部分,具备实际的研究价值与意义。而面临如此多的品牌,选择哪个目标作为研究对象是面临的第一个问题。为了能够更快的实现我选择了几个衡量指标,包括官方有响应中心、固件可下载、市面上可以买到、互联网上有暴露的目标。分别对应合法性、静态分析、动态测试、漏洞可产生实际的影响。

根据指标通过网络上去收集信息,最终将目标锁定在施耐德。同时,施耐德也在CVE官方的CNA列表中,报送的漏洞可以获得CVE编号。

0x02 目标设定

确定了要研究的对象,接下来就要确定一下我们要实现什么样的效果。这可以使得在分析过程中保持聚焦,不偏离方向。目标设定如下:

  1. 远程获取设备Root权限
  2. 无需登录,无需交互

根据上述设定最直接的方式就是寻找远程命令执行漏洞,即要RCE类型漏洞。

0x03 信息收集

一切准备就绪,开始我们的漏洞挖掘之旅。

UC San Diego Health Attack

X-Force Exchange - Collection Feed
4 years 10 months ago
Summary An attack on the University of California-San Diego Health's system has exposed personally identifiable information to hackers. The university and several news agencies have reported on the breach. Threat Type Data Breach, Phishing Overview A phishing email may have provided attackers with personally identifiable information from patients, employees, and students for an extended period of time. The breach occurred on or around December 2, 2020 and was only discovered March 12, 2021. The attackers m

VirusTotal APK Malware Detection Data 2021-07

Trustlook
4 years 10 months ago

At Trustlook, we monitor live feed from VirusTotal (VT). On a daily basis, we collect APK samples from VT along with detection results from Anti-Virus (AV) vendors hosted on VT. Using a conservative labeling policy, we are able to select thousands of benign and malicious APK samples from millions of

Lifan Xu

Managed ad