Pacu:一款功能强大的AWS漏洞利用框架
今天给大家介绍的是一款名叫Pacu的开源AWS 漏洞利用 框架,该工具可以帮助广大开发人员检测AWS云环境的安全状况。 在Pacu的帮助下,测试人员可以利用AWS账号中的错误配置漏洞,而且可以通过使用模块的方式来扩展工具的功能。当前的模块支持大量常见的攻击场景,包括用户提权、IAM用户植入后门以及攻击存在安全缺陷的Lambda函数等等。 工具安装 Pacu是一款轻量级工具,它要求使用python...
View ArticleUS Dept. of Homeland Security Calls on Blockchain Startups for Anti-Forgery...
The U.S. Department of Homeland Security is seeking innovative blockchain-based solutions from startups to prevent the forgery and counterfeiting of digital documents. The United States Department of...
View ArticleVertcoin loses over $100,000 in 51% attack: report
Vertcoin (VTC) has fallen prey to a 51% attack, with some estimates suggesting losses have already surpassed $100,000 as a result of double spend transactions on the chain. It is the latest example of...
View Article热点 |外交部回应孟晚舟被拘押一事是否会影响中美经贸磋商
铅笔道12月6日获悉,针对华为公司首席财务官孟晚舟被拘押一事,外交部发言人耿爽表示,“ 中方已就此事分别向加方、美方表明严正立场,要求对方立即对拘押理由作出澄清,立即释放被拘押人员,切实保障当事人的合法、正当权益。 中美双方应当按照两国元首达成的共识,加紧磋商,争取尽早达成一个互利双赢的协议。” 以下为外交部发言人耿爽主持例行记者会记录:...
View ArticleMicronaut Tutorial: Part 2: Easy Distributed Tracing, JWT Security and AWS...
Key Takeaways Micronaut provides seamless integration with several distributed tracing solutions, such asZipkin and Jaeger Several security solutions are provided "out-of-the-box" with the framework,...
View ArticleBest antivirus software: 14 top tools
The AV-TEST Institute recently tested the most popular windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Only six of the 18 products tested earned...
View ArticleThaumaturgic Security
Contributed article from Edward Amoroso ( @hashtag_cyber ) I love to ask tech start-up founders what it was that prompted formation of their business. I’m usually listening to see if they are driven...
View ArticleTrustology raises $8 million to safeguard digital assets
Trustology has raised $8 million in a seed investment for technology and services to help private and institutional investors make sure that their digital assets are safe. The money comes from Two...
View ArticleVenafi and DigiCert Machine Identity Protection Partnership Delivers New...
SALT LAKE CITY (BUSINESS WIRE) #Cybersecurity ― Venafi , the leading provider of machine identity protection, and DigiCert, the world’s leading provider of TLS/SSL, IoT and other PKI solutions, today...
View ArticleWindows 10 security question: How do miscreants use these for post-hack...
Black HatCrafty infosec researchers have figured out how to remotely set answers to windows 10’s password reset questions “without even executing code on the targeted machine”. Thanks to some...
View ArticleTrezor One vs Trezor Model T
In today’s cryptocurrency market, there are a wide variety of wallets available. However, one brand, in particular, has managed to set itself above the others. It is considered by many as the number...
View ArticleIntro to NFC Payment Relay Attacks
isclaimer This is a simple intro to relay attacks using NFC payment data. I will add different types of relays during next year. Intro A NFC payment relay is an attack that could be described as...
View Article从DirectX到Windows内核――几个CVE漏洞浅析
一、前言 操作系统内核是每个漏洞利用链的最终目标,大家可以查看Zero Day Initiative (ZDI) Pwn2Own历年比赛,了解这方面内容。windows内核一直以来都是攻击者热衷的目标,我最喜欢的就是滥用 DeviceIoControl 调用来与各种驱动打交道,这样就能访问许多厂商编写的各种驱动,其中许多驱动代码写得并不完善,也没有经过完备测试。 多年以来,许多攻击者都借助...
View Article浏览器开发者工具详解
这个除了查看错误信息、打印调试信息(console.log())、写一些测试脚本以外,还可以当作 javascript API 查看用。例如我想查看 console 都有哪些方法和属性,我可以直接在 console 中输入"console"并执行 [x] console.assert() 判断第一个参数是否为真,false 的话抛出异常并且在控制台输出相应信息。 [ ]...
View Article独角兽暑期训练营 | 嵌入式固件自动化漏洞扫描方法研究
该课题由独角兽安全夏令营第二届学员黄瑞同学完成 独角兽暑期训练营 360无线电安全研究院每年暑假都会面向在校学生举办一次暑期训练营,申请者投递简历并提交自己想做的课题介绍后,若入选,会在360技术专家的指导下完成课题。 本系列文章会发布今年5位学员在训练营中的成果。文章相关代码后续会在 训练营github代码仓库 发布 。 引言...
View ArticleRed Team 104: CrackMapExec
Welcome back to our series on red teams! Here, we’re explaining the tools and concepts behind the in-house organizations designed to test a company’s defenses. We started by introducing Kali linux , a...
View Article微信支付二维码勒索病毒破解,始作俑者疑为95后
驱动中国2018年12月6日消息 日前,超过两万用户的电脑感染“微信支付”勒索病毒引发多方媒体关注。目前,该勒索病毒已被破解,关于此事细节线索相继曝出。 据澎湃新闻从技嘉网络安全公司获悉,他们已经初步锁定病毒制造者,嫌疑人是一名95后罗姓男子,目前已将相关信息移交警方。 图片来源于网络...
View Article360全球首个发现国家级0day攻击 “毒针”行动瞄准俄总统事务管理局 俄总统事务管理局遭 ...
2018年11月25日,乌俄两国又突发了“刻赤海峡”事件,乌克兰的数艘海军军舰在向刻赤海峡航行期间,与俄罗斯海军发生了激烈冲突,引发了全世界的高度关注。四天后,360安全大脑在全球范围内第一时间发现了一起针对俄罗斯的APT攻击行动。值得注意的是此次攻击相关样本来源于乌克兰,攻击目标则指向俄罗斯联邦总统事务管理局所属的医疗机构。攻击者精心准备了一份俄文内容的员工问卷文档,该文档使用了最新的Flash...
View Article360揪出PPT木马 自动播放就中招
互联网无纸化办公时代,邮件是日常工作往来中不可或缺的一部分。近期却有不少外贸从业者因为点开邮件而遭遇木马。实际上,是有不法分子将木马病毒伪装成PPT文档作为邮件附件,针对外贸行业从业人员进行大范围群发,“精准”打击。而当这种木马病毒在电脑中开始运行,不仅会收集系统版本、内存状态、硬盘信息等电脑数据,还会远程控制电脑,威胁用户安全。 附件PPT竟藏木马病毒 自动播放防不胜防...
View Article关于首个 Kubernetes 重要安全漏洞的声明
近期,社区发现 Kubernetes 的首个重要安全漏洞 CVE-2018-1002105 ,此漏洞严重等级为 9.8(最高 10 分)被认为非常重要,主要原因是它允许未经授权的用户通过特制的网络请求,通过 Kubernetes API 服务器创建与后端服务器的访问连接。另一个影响涉及具有 pod exec / attach / portforward...
View Article