Aggregator

Offensive BPF: Sniffing Firefox traffic with bpftrace

3 years 6 months ago

This post is part of a series about Offensive BPF that I’m working on to learn how BPFs use will impact offensive security, malware, and detection engineering. Click the “ebpf” tag to see all relevant posts. One of the issues I ran into when trying out sslsniff-bpfcc was that it did not work with Firefox or Chrome traffic. This post is about me learning how to hook user space APIs with bpftrace using uprobes.

php变量数组传参的一些利用

darkless

3 years 6 months ago

PHP全局变量传参

大家都知道PHP的全局变量有：$GET

darkless

2021中国网络安全产业分析报告解读

SecOps急行军

3 years 6 months ago

个人解读《2021年网络安全产业分析报告》

端内钓鱼，反制蚁剑

赛博回忆录

3 years 6 months ago

要加油学习，不然太菜连挖洞的基础都没有——松鼠A

2021中国网络安全产业分析报告解读

SecOps急行军

3 years 6 months ago

个人解读《2021年网络安全产业分析报告》

Akamai MFA in Action: Single Sign-On is Phish-Proof and Simple to Use

The Akamai Blog

3 years 6 months ago

Breaking news: we just completed an 850-user pilot with Akamai MFA. In this blog, the first in a series, I?ll explain why we switched to Akamai MFA, how we ran our pilot, and employee feedback so far. Check back for my next blog, when we?re midway through our global deployment. A burglar checks for open windows. Neglecting to lock just one is like leaving the door wide open. In the same way, cyber attackers look for the easiest user accounts to take over ? whether that?s network access credentials, email, on-premise applications, or cloud/SaaS applications. If they?re lucky, they can also use the stolen credentials to breach other systems, an action known as lateral movement.

Keith Tomlinson

函数式编程 —— 将 JS 方法函数化 - EtherDream

EtherDream's Blog

3 years 6 months ago

使用函数的风格调用 JS 方法。如何做到简单且无副作用。

EtherDream

进攻性网络安全公司immunityinc

我的安全梦

3 years 6 months ago

immunityinc公司也是成立很久的老牌安全公司了,不过人家以攻促防，了解一下immunityinc公司

October 12th 2021 Security Releases

Node.js Blog: Vulnerability Reports

3 years 6 months ago

准备断更些时日

道哥的黑板报

3 years 6 months ago

写下这个标题估计就已经要被骂死了，谁让自己很厚颜无耻的在前面立下了flag。读者们可能已经注意到我实际上已经

准备断更些时日

道哥的黑板报

3 years 6 months ago

写下这个标题估计就已经要被骂死了，谁让自己很厚颜无耻的在前面立下了flag。读者们可能已经注意到我实际上已经

Video: Understanding Image Scaling Attacks

Embrace The Red

3 years 6 months ago

Today you are in for a special treat. Did you know that an adversary can hide a smaller image within a larger one? This video demonstrates how a small image becomes magically visible when the computer resizes the large image, and also how to mitigate the vulnerability. This is possible when vulnerable code uses insecure interpolation. If you like this one check out the overall Machine Learning Attack Series. Credit for original research, Erwing Quiring, et al.