HITCON CTF 2016: ROP write-up
ROP (Reverse 250) Description Who doesn’t like ROP? Let’s try some new features introduced in 2.3. rop.iseq Hint None If the above link doesn’t work, please use thislink. New features? Well, see the...
View ArticleBeware of all-powerful DDoS malware infecting cell gateways, US gov’t warns
This week, the US government-backed ICS-CERT warned that the troubling new generation of computer attacks is powered by malware that can infect cellular modems used to connect automotive and...
View ArticleClik here to view.
微信小程序,黑客马拉松 Vol.2 即将开跑
这个十一假期,作为第一批国内获得微信小程序内测资格的先锋媒体,爱范儿(微信号:ifanr)本着共享资源的互联网精神,主办了第一届“微信未来小程序”黑客马拉松大赛。 作为第一场基于微信小程序的黑客马拉松,我们在短时间内收到了数百位开发人员/设计师/产品经理报名活动的申请信息,但由于场地、时间的限制,我们忍痛从中选取了其中的八个参赛队伍。现在,机会再一次到来,10 月 22 日-23...
View ArticleClik here to view.
一种DOM Based XSS自动检测雏形
0x00 DOM Based XSS由于其基于流量隐蔽的特点使很多人在制定检测策略的时候会把它单独提出来。 关于漏洞和自动化检测策略详见参考链接,直奔主题吧,在漏洞挖掘中关于DOM...
View ArticleDiego E. Pettenò: GnuPG Agent Forwarding with OpenGPG cards
Finally, after many months (a year?) absence, I’m officially back as a Gentoo linux developer with proper tree access. I have not used my powers much yet, but I wanted to at least point out why it took...
View ArticleClik here to view.
Android Security Bulletin October 2016: What you need to know
Image: Jack Wallen How did October fare for Android security issues? Let's pick through the latest Android Security Bulletin and find out. SEE: Securing Your Mobile Enterprise (ZDNet/TechRepublic...
View ArticleClik here to view.
【技术分享】从补丁对比到PoC复现之MS16-030
【技术分享】从补丁对比到PoC复现之MS16-030 2016-10-17 11:18:30 来源:安全客 作者:k0pwn_ko 阅读:660次 点赞(0) 收藏 MS16-030漏洞 MS16-030漏洞是windows OLE的远程代码执行漏洞,由于OLE没有正确的验证用户输入,导致通过构造特殊的文件或者程序可以触发此漏洞,导致用户点击后远程执行任意代码。 关于漏洞补丁信息:...
View ArticleClik here to view.
【木马分析】Cerber敲诈者家族再升级:Cerber4变身随机后缀
【木马分析】Cerber敲诈者家族再升级:Cerber4变身随机后缀 2016-10-17 10:49:53 来源:安全客 作者:360QVM 阅读:809次 点赞(0) 收藏 从今年3月开始,Cerber敲诈者病毒家族开始在世界各地肆虐。在中国,Cerber3则成为近期敲诈者大军中的“明星成员”,电脑中毒后文件后缀变为cerber3的受害者求助在各大论坛比比皆是。...
View ArticleClik here to view.
Security Threats All Airbnb Users Need to Know About
Airbnb seems like a great idea. Founded in 2008, it allows homeowners to rent out rooms or whole premises if they’re going on holiday themselves. With over 2 million listings across 191 countries,...
View Article沉迷网络赌球 19岁男子诈骗亲爹被判刑
沉迷网络赌球 19岁男子诈骗亲爹被判刑 5小时前来源:凤凰网 信息时报讯 (记者 何小敏 通讯员 罗文君) 19岁的唐某因沉迷网上赌球输了钱,竟伙同朋友刘某虚构绑架事实向其家人行骗,自导自演了一出“坑爹”苦情戏。尽管唐某的父母最后原谅了他,并希望法庭能够法外留情,但因唐某已触犯刑律,天河区法院近日以诈骗罪判处其拘役5个月。 为筹钱“绑架”自己勒索亲爹...
View ArticleClik here to view.
SameSite-Cookie――防御 CSRF & XSSI
XSSI 属于 XSS 攻击的一种攻击方式,一般来说,浏览器允许网页加载其他域的脚本或图片等,假设我们在安全的网站上 a.com 包含一个脚本文件 getData.js 用于读取用户的私人信息,第一次用户需要在 a.com 登录,然后就可以根据验证返回用户私人信息并设置 cookie 以便下次使用,此时我们只做一个恶意网站 c.com,并包含了 getData.js 这个脚本文件,当用户点击...
View Articlebaeldung - Coding and Testing Stuff: Spring Security: Authentication with a...
The Master Class of " Learn Spring Security " is out: >> CHECK OUT THE COURSE 1. Overview In this article, we will show how to create a custom database-backed UserDetailsService for...
View ArticleEncryption and Digital Signatures in R using GPG
(This article was first published on rOpenSci Blog - R , and kindly contributed toR-bloggers) A new package gpg has appeared on CRAN. From the package description: Bindings to GnuPG for working with...
View ArticleClik here to view.
Cybersecurity brain drain: the silent killer
Many organizations are facing a cyber-threat which is quietly and stealthily eroding their defenses. What’s worse, this threat cannot be detected by any enterprise security products, yet it presents a...
View ArticleClik here to view.
Mirai Bots More Than Double Since Source Code Release
The Mirai malware continues to recruit vulnerable IoT devices into botnets at a record pace, one that’s only gone up since the source code for Mirai was made public two weeks ago. Level 3...
View Article#ISC2CongressEMEA: 10 Cybersecurity Tips for Being Secure in an Insecure World
In his keynote presentation at (ISC) 2 Congress EMEA in Dublin, Ireland, Brian Honan, took the audience on a journey through security basics to ensure security in an insecure world With the total...
View ArticleClik here to view.
特殊质数“陷阱门”可破解加密通信
特殊质数“陷阱门”可破解加密通信 一点号中国电子银行网昨天 中国电子银行网讯 国家信息安全漏洞共享平台上周共收集、整理信息安全漏洞255个,互联网上出现“FreePBX远程命令执行漏洞(CNVD-2016-08542)、NetMan...
View ArticleClik here to view.
如何选择一家好的“安全即服务”提供商?先问他这20个问题
【51CTO.com快译】引言:下列清单可帮助您鉴别安全即服务类(security-as-a-service,即SECaaS)提供商的专业技术,并且评估出哪个提供商能够最好的满足您的需求。...
View ArticleClik here to view.
Ceph中PG和PGP的区别
一、前言 首先来一段英文关于PG和PGP区别的解释: PG = Placement Group PGP = Placement Group for Placement purpose pg_num = number of placement groups mapped to an OSD When pg_num is increased for any pool, every PG of this...
View ArticleClik here to view.
Ireland to follow UK in setting up national cyber security centre
Ireland plans to set up a national cyber security centre, according to Denis Naughten, the country’s communications minister. The news comes less than a month after the UK’s National Cyber Security...
View Article