PyCmd 加密隐形木马
之前写了一个基于python的一句话木马客户端程序,这个程序的作用大致就是为了绕过防护设备,使敏感数据能在网
Aggregator
Fork炸弹漏洞
5 years 6 months ago
Fork炸弹(fork bomb)在计算机领域中是一种利用系统
浅谈DDos攻击与防御
5 years 6 months ago
最近重新拜读了道哥的经典力作《白帽子讲Web安全》一书,发觉好书看一遍是不够的,每次品味都有不同的味道。道哥
给Twitter设计个安全修复方案
5 years 6 months ago
不要神化国外的安全建设Twitter的苦衷要解决的问题设计安全方案的原则访问控制架构注意事项不要神化国外的安
给Twitter设计个安全修复方案
5 years 6 months ago
不要神化国外的安全建设Twitter的苦衷要解决的问题设计安全方案的原则访问控制架构注意事项不要神化国外的安
null 2.0 - Call for Initiative
5 years 6 months ago
Take up the initiative, start a null chapter in your city We are starting the new era of our open security community as null 2.0 and we would like to make an open appeal to all the people who want to be a part of this wonderful security community.
OXID_Find:通过OXID解析器获取Windows远程主机上网卡地址
5 years 6 months ago
C++OXID_Find 通过OXID解析器获取Windows远程主机上网卡地址
OXID_Find:通过OXID解析器获取Windows远程主机上网卡地址
5 years 6 months ago
C++OXID_Find 通过OXID解析器获取Windows远程主机上网卡地址
谈谈云服务和 SLA
5 years 6 months ago
云服务在宣传时往往会强调:永远在线、永远可用、永不丢失。但是我们心里都明白,现实离这个差远了。GitHub 在过去 30 天累计宕机 5 次,这已经是非常严重的事故了。既然如此,我们应该信赖云计算以及其他 PaaS、SaaS 业务么?如何衡量一个云服务的可靠程度?
Sukka
Introducing the Cryptonice HTTPS Scanner
5 years 6 months ago
F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.
Introducing the Cryptonice HTTPS Scanner
5 years 6 months ago
F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.
GCSB condemns targeting of COVID-19 vaccine development by cyber-actors
5 years 6 months ago
The Director-General of the Government Communications Security Bureau (GCSB) Andrew Hampton is aware of the cyber-security advisory issued by the United Kingdom, United States and Canada regarding state sponsored malicious cyber activity targeting organisations involved in COVID-19 vaccine development.
浅谈中间件漏洞与防护
5 years 6 months ago
中间件漏洞可以说是最容易被web管理员忽视的漏洞,原因很简单,因为这并不是应用程序代码上存在的漏
浅谈中间件漏洞与防护
5 years 6 months ago
中间件漏洞可以说是最容易被web管理员忽视的漏洞,原因很简单,因为这并不是应用程序代码上存在的漏
浅谈中间件漏洞与防护
5 years 6 months ago
中间件漏洞可以说是最容易被web管理员忽视的漏洞,原因很简单,因为这并不是应用程序代码上存在的漏
frsocks+protoplex+流量重定向实现端口复用
5 years 6 months ago
sunshine师傅提到的端口复用方案,实践并分享一下。
frsocks+protoplex+流量重定向实现端口复用
5 years 6 months ago
sunshine师傅提到的端口复用方案,实践并分享一下。
How Credential Stuffing Is Evolving
5 years 6 months ago
Cred stuffing isn't going away. Shape's Jarrod Overson writes for InformationSecurityBuzz, examining the ROI of cred stuffing for attackers, and the evolution to "imitation attacks".
Remotely debugging Firefox instances
5 years 6 months ago
Previously I talked about remotely debugging Chrome, and we also covered the latest Microsoft Edge browser along the way.
These features allow an adversary to gain access to authentication tokens and cookies. See MITRE ATT&CK Technique T1539: Steal Web Session Cookie as well for this.
What about Firefox?For a while I was wondering if (my favorite) browser Firefox has such debugging features as well, and how one could detect malware trying to exploit it.
CVE-Flow:CVE EXP监控和预测
5 years 6 months ago
致力于打造一款好用的CVE威胁情报服务。