Clik here to view.
Microsoft Exchange Server SSRF权限提升漏洞 (CVE-2018-8581) 通告
文档信息 编号 360TI-SV-2018-031 关键字 CVE-2018-8581 Microsoft Exchange Server SSRF 发布日期 2018年12月31日 更新日期 2018年12月31日 TLP WHITE 分析团队 360威胁情报中心 通告背景 2018年11月13日,Microsoft MSRC发布了一个Microsoft Exchange...
View Article以0kill的35C3 0day CTF纪念2018
突然发现去年的今天写的也是C3CTF的writeup,同样最后都卡在了ruby的题上,只是不同的是去年搞定了4个题,今年不仅只看了一个题,而且到比赛结束都没有搞定,非常不开心。。。 今年最后一场比赛就看了ruby的sequence这一题,题目逻辑很简单,主要功能就是加载用户提供的ruby字节码然后disasm,并disable了glibc中 tcache strs = {} loop do...
View ArticleCode Review for the Solo Dev
I will start this article, as I did with theprevious one in the series. Nothing can substitute a great team. But a real warrior has to be able to rely on thyself if needed. A few people nowadays, work...
View ArticleClik here to view.
Become a certified cybersecurity specialist for as little as $1
Didn’t get your newspaper on Saturday? Blame the hackers. The attack, which disrupted the production of several major publications, was just the latest in a long cybercriminal hitlist this year. From...
View ArticleClik here to view.
What Are Cipher Suites?
What Are Cipher Suites? kdobieski Mon, 12/31/2018 10:11 Cipher suites come into play before a client application and server exchange information over an SSL/TLS connection. As noted by JSCAPE , the...
View ArticleExpression-Based Access Control
1. Overview Today, we’ll be reviewing the differences between Expression-Based Access Control (EBAC), Role Based Access Control (RBAC), and Attribute Based Access Control (ABAC), with a deeper focus on...
View ArticleClik here to view.
Introducing RcppDynProg
RcppDynProg is a new Rcpp based R package that implements simple, but powerful, table-based dynamic programming . This package can be used to optimally solve the minimum cost partition into intervals...
View Article洗澡时,我终于跑出来喊出了我的Eureka
洗澡时,我终于跑出来喊出了我的Eureka 今天与一位帅气的同事一起解决了一下 ssh 的相关问题,在我装逼的提及不需要显式指定 identity key 的时候,顺道提及 known_hosts 也是一样的时候,说到了 known_hosts 的现象: 第一次 ssh 到一台服务器,需要用输入 yes 来确认此服务器; 当一个已经连接过的域名换服务器时,会禁止连接,警告有可能有中间人,需要手动删除...
View ArticleClik here to view.
Iran Labels Telegram’s Coin a Threat to National Security
Regulation 1 min ago| By Lubomir Tassev - | Iran Labels Telegram’s Coin a Threat to National Security Tehran has once again targeted the users of the popular messaging application Telegram. A law...
View ArticleClik here to view.
Security researchers hijack celebrity Twitter accounts, and prove claimed fix...
Security researchers have hijacked a number of celebrityTwitter accounts including that ofLouis Theroux to post unauthorized tweets. They have also demonstrated that Twitter’s claimed fix for the...
View ArticleSecurity Researchers Reveal Wallet Vulnerabilities On Stage at 35C3
In a demonstration titled “Wallet.fail,” a team of security researchers hacked into the Trezor One, Ledger Blue and Ledger Nano S. Unfortunately, it appears as if their findings were first put on...
View ArticleClik here to view.
Introduction to SQL Server Security ― Part 1
Security can be one of the most complex issues to contend with when managing a SQL Server instance, yet it’s also one of the most important, especially when sensitive and personal data are on the line....
View ArticleClik here to view.
PureSec: 2018 Recap
As we’re nearing the end of the year, it’s time to look back and reflect on all the great things achieved during 2018. This year was remarkable for the Serverless security space, for our customers, and...
View ArticleBillu: B0X 2 CTF Walkthrough
In this article, we will solve a Capture the Flag (CTF) challenge that was posted on VulnHub website by Manish Kishan Tanwar. As you may be aware from my previous articles, Vulnhub.com is a platform...
View ArticleHack技术学的再好,却无法侵入你的心!
原文链接: http://www.jianshu.com/p/ce5fdc833ae3 Hacker 技术学的再好,却无法侵入你的心, 服务器入侵的再多,对你只有 Guest , 是我的 DDOS 造成了你的拒绝服务? 还是我的 Byshell 再次被你查杀? 你总有防火墙, 我始终停不掉, 想提权, 无奈 JSP+mysql 成为我们的障碍, 找不到你的注入点, 扫不出你的空口令!...
View ArticleHere’s what to expect in cybersecurity in 2019
Around this time every year, my inbox fills with the same repetitive junk. “Would you consider putting [any random company] in your gift guide?”, “are you going to CES and if so can I pitch you [a...
View ArticleClik here to view.
New Year Tips from Security Professionals
Have you included website security as a part of your new year’s resolutions for 2019? Here is a quick retrospective on tips some of our team members shared with us throughout the year. The cost for...
View ArticleClik here to view.
Taliban kill 21 Afghan security forces, threaten city: official
Afghanistan's largest militant group made significant territorial gains in 2018, including overrunning Ghazni city (AFP Photo/Mohammad Anwar Danishyar) Taliban fighters killed more than 20 Afghan...
View ArticleClik here to view.
$41 gets you a home security camera with cool features you won’t even find on...
The $200 Nest Cam Indoor home security camera is nice and all, but most of the draw is the simple fact that it plays nice with other Nest devices. If you don’t already have a bunch of Nest gadgets...
View ArticleClik here to view.
深入探讨防伪之关键――网络安全认证芯片
鉴于不断出现的系统伪造攻击事件,来自工业、军事/航空航天、商业和技术等各个领域的设计工程师正在寻找最佳的加密认证IC,以保护其先进的系统设计免受伪造之害。 遗憾的是,虽然有很多加密芯片可供选择,但大多数只能提供很小范围的安全保障。在某些情况下,设计工程师有意/无意中选择的芯片,可能与他们所期望的防伪(ACF)保护功能相差甚远。...
View Article
