Aggregator

0x00 前言

AWS在IAM服务提供了一个Role的功能，Role的话就是可以扩大自己的权限，比如说一个user可

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network.

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network.

ZoomEye vs Shodan vs Censys 的一些看法。

还记得2018年京东举办的“黑客趴”吗？各路黑客大神都来了！

还记得2018年京东举办的“黑客趴”吗？各路黑客大神都来了！

还记得2018年京东举办的“黑客趴”吗？各路黑客大神都来了！

还记得2018年京东举办的“黑客趴”吗？各路黑客大神都来了！

还记得2018年京东举办的“黑客趴”吗？各路黑客大神都来了！

还记得2018年京东举办的“黑客趴”吗？各路黑客大神都来了！

The widespread adoption of cloud services is causing a widespread expansion of the attack surface. F5 Labs' David Warburton writes for CSO Australia, discussing how you can still manage risk in an outsourced world.

A group calling themselves "Cozy Bear" has been emailing various companies with an extortion letter, demanding payment and threatening targeted DDoS attacks if their demands are not met....

Success is a tricky word to define. It means something different to everyone and can only be measured by an individual themselves. Often, success is seen as being about what an individual achieves, rather than about who they grow to...

好久没清理qq好友了,也不知道你过得好不好,反正你肯定是被盗了,我也不打王者荣耀干嘛发给我呢?打开这个网址扫

好久没清理qq好友了,也不知道你过得好不好,反正你肯定是被盗了,我也不打王者荣耀干嘛发给我呢?打开这个网址扫

好久没清理qq好友了,也不知道你过得好不好,反正你肯定是被盗了,我也不打王者荣耀干嘛发给我呢?打开这个网址扫

好久没清理qq好友了,也不知道你过得好不好,反正你肯定是被盗了,我也不打王者荣耀干嘛发给我呢?打开这个网址扫

关于我来到乙方业务后的所见所闻

关于我来到乙方业务后的所见所闻

intro

起因是看到v2ex有人发了个送E卡的推广 https://www.v2ex.com/t/618739#reply392 里面有说抽奖的方式

1 2 3 4 5 6 import random seed = [第 300 楼的用户 ID] random.seed(seed) print(sorted(random.sample(range(1, 300), 5)))

选择第300楼的用户名作为种子，然后抽奖 一般来说，种子确定了，生成的随机数的序列就确定了。 python2 3之间生成序列不同，但是 python2或python3自己的小版本内序列是相同的

那么能否控制中奖楼层呢？

attack

第300楼的用户ID是唯一的输入，而这个 ID是可以控制的，可以注册一个用户名，在第300楼回复即可。顺手写了个脚本来爆破可以生成指定中奖楼层的种子的代码

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 #!/usr/bin/env python # coding: utf-8 # In[5]: import random import string from itertools import product # In[96]: def find(seed, target): random.seed(seed) t = random.sample(range(1,300), 5) c = 0 for i in target: if i in t: c += 1 return c == len(target) # In[100]: count = 1 result = [] asc = string.ascii_letters+string.digits for s in product(asc, repeat=15): count += 1 if not count%100000: print("count: {:,d}".format(count)) s = "".join(s) if find(s, [1,2, 3,4]): # print(s) print(count, s) result.append(s) break # In[95]: print(set(result)) for seed in set(result): random.seed(seed) print(random.sample(range(1,300),5))

这是计算密集型，可以多进程，但是我是丢到服务器上跑的，只有一个CPU :) 所以就单进程吧

result

秒速爆破出来可以生成包含1,2,3位指定数字的种子

1 # trafbpcszonjeil hpscybwevjuzlkr 生成 1，2，3

三十分钟跑到了可以生成包含四位指定随机数的种子 [1,2,3,4]

1 2 3 4 5 6 7 8 9 In [1]: seed = 'aaaaaaaaaaeNWk4' In [2]: import random In [3]: random.seed(seed) In [4]: random.sample(range(1,300),5) Out[4]: [1, 59, 3, 2, 4]