安全工具 Security Tools
LDAPFragger:用于在内部网络渗透测试中的AD域控制LDAP协议执行脚本
https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/
安全研究 Security Research
基于JMX协议攻击方式总结
https://www.anquanke.com/post/id/200682
JNDI with LDAP
https://www.anquanke.com/post/id/201181
浅谈DDoS攻防对抗中的AI实践
https://security.tencent.com/index.php/blog/msg/144
CVE-2019-1169:win32k 空指针解引用漏洞的分析
https://versprite.com/blog/security-research/cve-2019-1169-vulnerability-windows/
使用postMessage和WebSocket-reconnect入侵Slack窃取用户令牌
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
macOS中的audit_token_t实现及使用分析
https://knight.sc/reverse%20engineering/2020/03/20/audit-tokens-explained.html
绕过导致SQL注入的电子邮件过滤器
https://medium.com/@dimazarno/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17
利用不安全的Host Path Volume突破Kubernetes的命名空间限制-Part1
https://blog.appsecco.com/kubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216
利用不安全的Host Path Volume突破Kubernetes的命名空间限制-Part2
https://blog.appsecco.com/prevent-hostpath-based-kubernetes-attacks-with-pod-security-policies-2f8646df6761
安全事件 Security Incident
Mukashi:针对Zyxel NAS设备的新型Mirai IoT僵尸网络变体
https://thehackernews.com/2020/03/zyxel-mukashi-mirai-iot-botnet.html
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论