Aggregator

前言 前些日子有人问到我溯源反制方面的问题，我就想到了MySQL任意文件读取这个洞，假设你在内网发现或扫到了

前言 前些日子有人问到我溯源反制方面的问题，我就想到了MySQL任意文件读取这个洞，假设你在内网发现或扫到了

前言 前些日子有人问到我溯源反制方面的问题，我就想到了MySQL任意文件读取这个洞，假设你在内网发现或扫到了

应厂商需求加🔐，待合适时间重新开放，请勿二次外泄

My parents were first-generation immigrants from India. They worked hard, made Singapore their home and took all and any challenges head on. They have always lived by the simple philosophy, 'to be the change'. It's a philosophy that I try to live too, and in many ways it's what attracted me to Akamai not too long ago.

手把手教你搭建钓鱼Wi-Fi

手把手教你搭建钓鱼Wi-Fi

手把手教你搭建钓鱼Wi-Fi

Today I’m gonna talk about a class of application security issues I ran across a few times over the years. In particular, let’s discuss race conditions when it comes to files with sensitive content and permissions.

Race conditions can allow an adversary to gain access to sensitive information on machines. Assume a system creates a file that contains sensitive information and afterwards applies permissions to lockdown that file.

Understanding the race condition

Let’s look at a practical example seen in the wild a few times. Imagine code like this:

.

.

.

.

Fofa采集工具-自修改版本

Fofa采集工具-自修改版本

Fofa采集工具-自修改版本

又一个0day来了，我该怎么办？

刚刚收到宝塔推送安全更新推送短信，请宝塔用户务必重视

刚刚收到宝塔推送安全更新推送短信，请宝塔用户务必重视

刚刚收到宝塔推送安全更新推送短信，请宝塔用户务必重视