Clik here to view.
Gartner 2017年WAF魔力象限报告:云WAF将替代物理设备成为主流
8 月 7 日,Gartner 发布 2017 年度 Web 应用防火墙(WAF)魔力象限,这是 Gartner 自 2014 年之后连续第四年发布此类报告。报告中照例描述了全球 WAF 市场整体状况,并对主要 WAF 厂商进行了详细的优缺点分析。本年度的 WAF 厂商列表中,国内厂商绿盟和启明星辰也在其中。不过,从详情来看,这二者似乎并不占优势,但有较好的发展潜力。 2017 年度全球 WAF...
View ArticleAll your devs are belong to us: how to backdoor the Atom editor
This is the first in a series of posts highlighting some of the work we put into our recent Blackhat 2017 talk .We'll be digging into our findings, and adding a bit of substance to the ideas presented...
View ArticleClik here to view.
docker registry带ssl认证的私有仓库搭建
1.首先docker pull registry默认下载最新版的镜像,我这边是2.6.2版本 2.这边考虑私有仓库部署的服务器可能没有网络,可以使用docker save -o registry.tar registry:2.6.2保存一个镜像,然后把registry.tar打包到部署包里面,下次使用docker load -i registry.tar加载到本地镜像...
View ArticleRussia's 'Fancy Bear' Hackers Used Leaked NSA Tool 'Eternal Blue" to Target...
Appropriately paranoid travelers have always been wary of hotel Wi-Fi. Now they have a fresh justification of their worst wireless networking fears: A Russian espionage campaign has used those Wi-Fi...
View ArticleRussian Hackers Are Targeting Hotels Across Europe, Researchers Say
A notorious hacking group linked to the Russian government has been using booby-trapped documents to hack hotels across Europe in an apparent attempt to spy on their guests, according to a security...
View ArticleClik here to view.
Researchers Write Malicious Code Into DNA, Infect the Computer That Reads It
From the what-could-possibly-go-wrong department: Scientists have now managed to write executable code into DNA that is theoretically capable of infecting the computer that reads it. It was only a...
View ArticleHow to sign things for Secure Boot
Secure Boot signing The whole concept of Secure Boot requires that there exists a trust chain, from the very first thing loaded by the hardware (the firmware code), all the way through to the last...
View Article[Podcast] Are Cyber War Rooms Necessary?
While some management teams are afraid of a pentest or risk assessment, other organizations particularly financial institutions are well aware of their security risks. They are addressing these risks...
View ArticleClik here to view.
Bypassing Kaspersky 2017 AV by XOR encoding known malware with a twist
One thing that I haven't had a really good look at, coming from a non-pentesting background, is how to avoid anti-virus scanners; so here is my first serious dive into it. I suspect to most this isn't...
View ArticleClik here to view.
【知识】8月14日 - 每日安全知识热点
【知识】8月14日 - 每日安全知识热点 2017-08-14 10:45:55 阅读:707次 点赞(0) 收藏 来源: 安全客 作者:童话 热点概要:如何通过恶意插件在Atom中植入后门、Google CTF 2017 Quals Write-up、从用户模式读取内核内存、CVE-2017-8625:使用CHM bypass...
View ArticleClik here to view.
【技术分享】针对HTTP的隐藏攻击面分析(下)
【技术分享】针对HTTP的隐藏攻击面分析(下) 2017-08-14 10:20:48 阅读:598次 点赞(0) 收藏 来源: 安全客 作者:WisFree 译者:WisFree 预估稿费:200RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿...
View ArticleClik here to view.
【技术分享】针对HTTP的隐藏攻击面分析(中)
【技术分享】针对HTTP的隐藏攻击面分析(中) 2017-08-14 10:07:27 阅读:838次 点赞(0) 收藏 来源: 安全客 作者:WisFree 译者:WisFree 预估稿费:200RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 简介...
View ArticleClik here to view.
阻止了Wannacry的黑客被逮捕,司法辩护也能众筹
通常来说,司法体系是为了保障个体权利;但是当一个有争议的个体被强大的机构指控时,个体由于资源有限很难与之平等对抗。倘若互联网能够迅速将散布在各地的人聚集成一个群体站在这个人背后,那么个体就能拥有更多资源保障自己的权利。尽管中国经历了不少冤案平反,但是几乎没有借助过互联网筹款的力量,美国近日的辩护费众筹事件也许能给我们一些参考。 Marcus...
View ArticleClik here to view.
Trojan found pre-installed on Android phones being sold on Amazon
Security researchers have discovered malicious software built into the firmware of several Android devices. Embedded into the firmware of the affected Android devices isn't any ordinary trojan. The...
View ArticleClik here to view.
Analisi dei dump di Rousseau (Movimento Cinque Stelle) - Parte I: password
Disclaimer Questo blog post e' scritto da evariste.gal0is ed Antonio Sanso . Entrambi gli autori non hanno nessuna affiliazione politica ed il post ha l'unico scopo di fornire un'analisi tecnica di...
View ArticleClik here to view.
默安科技招聘安全专家
默安科技( www.moresec.cn )成立于 2016年,云计算时代的企业安全解决方案提供商,致力于用创新技术解决企业安全问题,将威胁情报技术和人工智能技术融入企业安全防御体系,提供企业在云计算和IOT时代的安全整体解决方案,实现安全威胁数据化、检测响应智能化、攻防对抗常态化。 安全专家(20k-30k) 岗位要求: 1.三年以上安全厂商or互联网公司安全工作经验;...
View ArticleClik here to view.
News in brief: facial recognition planned for Carnival; spy chief backs...
Your daily round-up of some of the other stories in the news Protests at plans to use facial recognition at Carnival Civil liberties groups have protested at plans by London’s Metropolitan Police to...
View ArticleClik here to view.
MalwareTech's arrest shows hacking is still a dangerous game
It has been like this for decades, and it's a hell of a way to live. I'm guessing no one understands this more than a UK-based hacker named Marcus Hutchins, also known online and in press as "...
View ArticleClik here to view.
【技术分享】再谈CVE-2017-7047 Triple_Fetch和iOS 10.3.2沙盒逃逸
【技术分享】再谈CVE-2017-7047 Triple_Fetch和iOS 10.3.2沙盒逃逸 2017-08-14 11:46:50 阅读:495次 点赞(0) 收藏 来源: alibaba.com 作者:@蒸米 0x00 序 Ian...
View ArticleClik here to view.
【技术分享】如何手脱Locky自定义壳
【技术分享】如何手脱Locky自定义壳 2017-08-14 14:11:19 阅读:481次 点赞(0) 收藏 来源: 安全客 作者:我来学英语 译者:我来学英语 预估稿费:130RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言...
View Article
