JWT: A How Not to Guide
JWT brings performance to identity assertion and is being widely adopted, but it’s also garnering the attention of cybercriminals.
Aggregator
开源信息收集周报#58
5 years 4 months ago
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
开源信息收集周报#58
5 years 4 months ago
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
5 years 4 months ago
This year one of my goals was to learn about machine learning and artificial intelligence.
I wrote about my journey before - including what classes I took and books I read, the models and systems I built and operationalized, threat modeling it to learn about practical attacks and defenses. My goal is to be knowledge enough in the AI/ML space enough to be able to help bridge the gap between research and operational red teaming - by doing practical things with life systems.
Smart DNS for the New Network Edge
5 years 4 months ago
People depend on the internet for just about everything: interacting, learning, transacting, traveling, working, and more. At the same time, the wireless evolution to 4G -- and soon 5G and Wi-Fi everywhere -- has given birth to an era of connected cars, smart sensors, and a multitude of other "things" that are growing rapidly and expanding in utility and scope. Leading network providers see new market opportunities with new business models to monetize new services that combine networks and commerce, including:
Bruce Van Nice
VIPKID受邀参加国家网络安全宣传周 “青少年网络信息安全”主题论坛
5 years 4 months ago
9月15日,2020年国家网络安全宣传周“青少年网络信息安全”主题论坛在线举办。
VIPKID受邀参加国家网络安全宣传周 “青少年网络信息安全”主题论坛
5 years 4 months ago
9月15日,2020年国家网络安全宣传周“青少年网络信息安全”主题论坛在线举办。
VIPKID受邀参加国家网络安全宣传周 “青少年网络信息安全”主题论坛
5 years 4 months ago
9月15日,2020年国家网络安全宣传周“青少年网络信息安全”主题论坛在线举办。
New and improved Security Update Guide!
5 years 4 months ago
We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment.
New and improved Security Update Guide!
5 years 4 months ago
We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment.
How to Start Growing and Never Stop
5 years 4 months ago
My heritage is Sri Lankan. But, at the age of 15 I moved to France as a refugee, fleeing a civil war. Starting a new life from scratch in France, without speaking French, was certainly an interesting journey. But I was lucky enough to have support from my parents. They lived by the mantra of "when there's a will, there's a way". And that helped get me into the French education system, where I completed high school and University, before moving to the UK to start my professional career in IT.
Akamai
2020 CISCN 华东北赛区 WEB Writeup
5 years 4 months ago
一共 6 题 WEB, 我一个人拿了 4 个一血, 还有一题全场 0 解. 然而没有 pwn 爷爷依旧被吊打, 而且题目质量是真的差, 明年再打国赛我是傻逼.
Machine Learning Attack Series: Backdooring models
5 years 4 months ago
This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see related posts.
- Overview: How Husky AI was built, threat modeled and operationalized
- Attacks: The attacks I want to investigate, learn about, and try out
- Mitigations: Ways to prevent and detect the backdooring threat
During threat modeling we identified that an adversary might tamper with model files. From a technical point of view this means an adversary gained access to the model file used in production and is able overwrite it.
腾讯代码安全检查Xcheck
5 years 4 months ago
Xcheck是一个由腾讯公司CSIG质量部代码安全检查团队自研的静态应用安全测试(SAST,Static application security testing)工具,致力于挖掘代码中隐藏的安全风险,提升代码安全质量。
腾讯代码安全检查Xcheck
5 years 4 months ago
Xcheck是一个由腾讯公司CSIG质量部代码安全检查团队自研的静态应用安全测试(SAST,Static application security testing)工具,致力于挖掘代码中隐藏的安全风险,提升代码安全质量。
腾讯代码安全检查Xcheck
5 years 4 months ago
Xcheck是一个由腾讯公司CSIG质量部代码安全检查团队自研的静态应用安全测试(SAST,Static application security testing)工具,致力于挖掘代码中隐藏的安全风险,提升代码安全质量。
Machine Learning Attack Series: Perturbations to misclassify existing images
5 years 4 months ago
This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see related posts.
- Overview: How Husky AI was built, threat modeled and operationalized
- Attacks: The attacks I want to investigate, learn about, and try out
The previous post covered some neat smart fuzzing techniques to improve generation of fake husky images.
The goal of this post is to take an existing image of the plush bunny below, modify it and have the model identify it as a husky.
Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution
5 years 4 months ago
Data privacy and security experts tell us that applying the “need to know” principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider — or to other parties — to the minimum the service provider requires to perform a service. This principle is at the heart of […]
The post Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution appeared first on Verisign Blog.
Matt Thomas
The leaky pipe of secure coding
5 years 4 months ago
Helen L discusses how security can be woven more seamlessly into the development process.
MassKeyLogger,一款可能改变钓鱼格局的大杀器
5 years 4 months ago
Cofense Intelligence目前正在跟踪一种叫做Mass Logger的新键盘记录程序,安全研究人员认为,这可能会极大地影响键盘记录程序市场以及网络钓鱼威胁格局。