Aggregator

提权-Redis&Postgre&令牌窃取&进程注入

提权-Redis&Postgre&令牌窃取&进程注入

sakuraのfuzzing lab培训<

Continuing with our research into CVE-2021-44228, Akamai has previously written about what the vulnerability is and given recommendations on how to go beyond patching for extra protection. Across the Akamai network, we see traffic from 1.3 billion unique devices daily, with record traffic of 182 Tbps. The threat research team has been investigating this traffic to gain deeper insights into how this vulnerability is being exploited. We want to share more technical findings and what they mean for threat hunters. Here are some implications for defenders and threat hunters to consider

It can be easy to give in to frustration and pessimism during catastrophic events. But there are signs that not all is lost, even in the world of software dependencies.

未知攻焉知防，未知防焉知攻？

12月16日，北京冬奥组委技术部组织招募白帽黑客作为“冬奥网络安全卫士”参与北京冬奥会网络安全工作。

12月16日，北京冬奥组委技术部组织招募白帽黑客作为“冬奥网络安全卫士”参与北京冬奥会网络安全工作。

12月16日，北京冬奥组委技术部组织招募白帽黑客作为“冬奥网络安全卫士”参与北京冬奥会网络安全工作。

As Christmas quickly approaches, seasonal phishing trends once again show that attackers are taking advantage of increased online shopping. Fraudsters doubled their efforts in November attacking ecommerce giants such as Amazon. The real attacker focus, however, was cryptocurrency with fraudulent sites...

上周末和Asuri战队的师傅们一起办了个AsuriCTF/NUAACTF，喵喵出了两道Misc题目，这里来写写题解和出题思路，顺便复盘一下比赛运维的故事，记录一下心得体会。

12月16日，北京冬奥组委技术部组织招募白帽黑客作为“冬奥网络安全卫士”参与北京冬奥会网络安全工作。

挖洞神器 codeql？

挖洞神器 codeql？

挖洞神器 codeql？