开源信息收集周报#65
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
Aggregator
开源信息收集周报#65
4 years 8 months ago
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
开源信息收集周报#65
4 years 8 months ago
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
Machine Learning Attack Series: Repudiation Threat and Auditing
4 years 8 months ago
This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see related posts.
Overview: How Husky AI was built, threat modeled and operationalized Attacks: The attacks I want to investigate, learn about, and try out In this post we are going to look at the “Repudiation Threat”, which is one of the threats often overlooked when performing threat modeling, and maybe something you would not even expect in a series about machine learning.
A New Skimmer Uses WebSockets and a Fake Credit Card Form to Steal Sensitive Data
4 years 9 months ago
A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As I write this blog post, the attack is still active and exfiltrating data.
Gal Meiri
What Is Phishing? How to Recognize and Avoid It
4 years 9 months ago
"What is phishing" is still a relevant question we're answering as the attack type and techniques evolve, victimizing even the most tech-savvy users.
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
实战笔记之Host 标头漏洞挖掘(一)
4 years 9 months ago
介绍两种实战中碰到的案例!!第二种案例自己瞎折腾的,结果......
迂回渗透某APP站点 - don0t
4 years 9 months ago
本文主要从技术角度探讨某次渗透目标拿取数据的过程,不对目标信息做过多描述,未经本人许可,请勿转载。今年开年以来由于各种原因,自己心思也不在渗透上,没怎么搞渗透,除了这次花了比较长时间搞得一个目标外,就是上次护网打了一个垃圾的域了。本文要描述的渗透过程由于断断续续搞了比较长的时间,中间走了不少弯路耽误了不少时间。
don0t
Vulnerability Descriptions in the New Version of the Security Update Guide
4 years 9 months ago
With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.
Vulnerability Descriptions in the New Version of the Security Update Guide
4 years 9 months ago
With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.
ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析
4 years 9 months ago
ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析
ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析
4 years 9 months ago
ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析
ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析
4 years 9 months ago
ECShop最新4.1.0前台免登录SQL注入0day漏洞披露与分析