某APP,JNI层自写算法分析
首先我们登陆抓个包,可以发现有一个sign签名认证,在app与服务端接口安全的问题上,sign是一个很好的办
Aggregator
某APP,JNI层自写算法分析
5 years 4 months ago
首先我们登陆抓个包,可以发现有一个sign签名认证,在app与服务端接口安全的问题上,sign是一个很好的办
某APP,JNI层自写算法分析
5 years 4 months ago
首先我们登陆抓个包,可以发现有一个sign签名认证,在app与服务端接口安全的问题上,sign是一个很好的办
某APP,JNI层自写算法分析
5 years 4 months ago
首先我们登陆抓个包,可以发现有一个sign签名认证,在app与服务端接口安全的问题上,sign是一个很好的办
某APP,JNI层自写算法分析
5 years 4 months ago
首先我们登陆抓个包,可以发现有一个sign签名认证,在app与服务端接口安全的问题上,sign是一个很好的办
攻防视角下的信息收集
5 years 4 months ago
信息收集是指通过各种方式获取所需的信息。信息收集是信息得以利用的第一步,也是关键的一步。---百度百科
Xunruicms
5 years 4 months ago
前言 前几天寻思着想挖几个通用的洞 于是在fofa poc列表上找找目标. 锁定目标为php cms 已有0day. 很快就锁定到了这个迅睿cms. 发现可以在
Guardicore Centra Integration now available on CyberArk Marketplace
5 years 4 months ago
Privileged Access Management is part of a zero-trust model. Guardicore strengthens its offering by integrating with CyberArk.
Sharon Besser
漏洞挖掘技巧
5 years 4 months ago
仅作为个人的漏洞类型和技巧记录 于阅读漏洞报告时记录 类型 不需要特殊技巧 简单就可以确认的类型 GraphQL查询漏洞 Graphql作为一种前端查询
CISOs Share Their Wisdom, Advice, and Strategies
5 years 4 months ago
Learn from the best CISOs how to handle the challenges of aligning technology and compliance with security architecture.
Managing Traffic From the Outset: How GTM Can Make Your Deployments Easier
5 years 4 months ago
Global Traffic Management, or GTM, is a DNS-based load balancing service that offers application owners a level of flexibility and insight that is unmatched by traditional on-prem solutions.
Sam Preston
使用github Action自动化部署 Hugo
5 years 4 months ago
前言 最近由于一直在用的travis-ci出现了迷之bug,加上想尝试一下github action就决定尝试用github action替换tr
Regional Threat Perspectives, Fall 2019: Latin America
5 years 4 months ago
Latin American systems received more attacks from IP addresses within the region that coincidentally did not attack anywhere else in the world.
BurpSuite2021.5.1破解版
5 years 4 months ago
0x01 工具介绍BurpSuite是一款信息安全从业人员必备的集成型的渗透测试工具,它采用自动测试和半自动测试的方式,包含了 Proxy,Spider,Scanner,Intruder,Rep...
独自等待
Book: Cybersecurity Attacks - Red Team Strategies
5 years 4 months ago
Excited to announce the book that I have been working on:
Cybersecurity Attacks - Red Team Strategies
Learn about the foundational tactics, techniques and procedures to elevate your red teaming skills and enhance the overall security posture of your organization by leveraging homefield advantage. Contents and Background Red Team Strategies covers aspects that are not as commonly discussed in literature, including chapters around building and managing a pen test team. However, there is still plenty of technical content included as well.
Regional Threat Perspectives, Fall 2019: Canada
5 years 4 months ago
The U.S. and Canada have 95% of top source traffic countries in common.
burp插件debug - 羊小弟
5 years 4 months ago
java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 -jar burpsuite_community_v2.1.0.jar 通过这篇文章学到的,https://www.freebuf.com/articles
羊小弟
利用SSH隧道构建多级tunnel
5 years 4 months ago
01简介隧道是把一种网络协议封装进另外一种网络协议进行传输的技术。SSH构建隧道有三种方式: 本地转发、远程
Cms代码审计方法
5 years 4 months ago
前言 记录cms挖掘漏洞的几种下手方法 基于危险函数 最常见的应该是这种了 通过搜索常见的危险函数如assert|eval|system|file_
Docker中的Mysql配置问题处理与思考
5 years 4 months ago
hurricane618