You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Authors: Kirk Sayre (@bigmacjpg), Harold Ogden (@haroldogden) and Carrie Roberts (@OrOneEqualsOne) IntroductionThere are powerful malicious document (maldoc) generation techniques that are effective at bypassing anti-virus detection. A technique which we refer to as VBA stomping was originally brought to our attention by Dr. Vesselin Bontchev (see here). VBA stomping refers to destroying the VBA s
This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions (3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15). This vulnerability has been assigned the CVE identifier CVE-2018-15685. For more information see my full write up on the Contrast Security blog or t
è¦å¯åº @NPA_KOHO ãã¤ãã³ã°ãã¼ã«ã®è¨ç½®ãé²è¦§è ã«æ示ããã«è¨ç½®ããå ´åãç¯ç½ªã«ãªãå¯è½æ§ãããã¾ããã¾ãããã¤ãã³ã°ãã¼ã«ãè¨ç½®ãããã¦ã§ããµã¤ãã«ã¢ã¯ã»ã¹ããã¨ããã½ã³ã³ã®åä½ãé ããªããã¨ãããã¾ããã注æãã ãããnpa.go.jp/cyber/policy/1⦠è¦å¯åº @NPA_KOHO è¦å¯åºå ¬å¼ã¢ã«ã¦ã³ãã§ãã çºä¿¡ããæ å ±ã¯ãå ±éçºè¡¨è³æããæ°çæ å ±ããåºæ¬ã¨ãã¦ãã¾ããå½ã¢ã«ã¦ã³ãã¯çºä¿¡å°ç¨ã®ããè¦å¯åºããã®è¿ä¿¡çã¯è¡ã£ã¦ããã¾ããããå©ç¨ã«ããã£ã¦ã¯ãè¦å¯åºXï¼æ§ï¼Twitterï¼éç¨ããªã·ã¼ãnpa.go.jp/twitter/policyâ¦ãã覧ãã ããã npa.go.jp æ¢ é ã¿ãã@7a! @PokersonT ä»ã¾ã§ã®ç°¡åãªçµç·¯ ç¥å¥å·çè¦çãcoin hiveã«ããä»®æ³é貨ãã¤ãã³ã°ãã³ã³ãã¥ã¼ã¿ã¦ã¤ã«ã¹é å¸ç½ªã§ä¸æé®æã»éæ¤ âããå® ãä¸ä½ã©
ã¯ããã« ããã¯ãç§ã2018å¹´4æã«å¼ççè¦ã®ãµã¤ãã¼è¦å¯ã«èªå® ã®å®¶å® æç´¢ãåããæã®ä½é¨è«ã§ãã äºå®ãåºæ¥ãã ã詳細ã«è¨è¼è´ãã¾ããã¾ãã大å¤ç¨æã§æãå ¥ãã¾ããç§èªèº«ã®æ£ç´ãªæ°æã¡ãä¸ç·ã«æ¸ãçãã¦ãã¾ãã ã¾ããäºä»¶å 容ã®è©³ç´°ã«ã¤ãã¾ãã¦ã¯ãè¦å¯ã«å£æ¢ãããã¦ããä¸ãç§ãææ»ã妨害ããæå³ãªã©ã¯å ¨ããªãææ»ä¸ã®ç§å¯ãå®ããããã¨ã¯å人çã«ã大åã ã¨ç解ãåæããã¦ããã®ã§æ²è¼ããªããã¨ã¨ãã¾ãã ãã®è¨äºã®æ²è¼ç®çã¯ã主権è ï¼ç´ç¨è ï¼ã§ããç§ä»¥å¤ã®å½æ°ã®çæ§ã«ãè¡æ¿çµç¹ã®1ã¤ã§ããè¦å¯ããç§ã¨åããããªä½é¨ããã¦é ããããªãã¨ããç¹ã¨ããµã¤ãã¼è¦å¯çµç¹ã®ç¾ç¶ãå£éè¦ãä¸å¸æ°ãä¸ITã¨ã³ã¸ãã¢ã¨ãã¦ç§ãæãããã¨ãä½é¨è´ãã¾ãããã¨ãçæ§ã«å ±æããã¦é ããã°ã¨æãå·çããã¦é ãã¾ããã ç»å ´äººç©ã®ç´¹ä» ããã§ã¯ãå°ã話ãé·ããªãã¾ãã®ã§å ã«ç»å ´äººç©ãã¾ã¨ãããã¦é ãã¾ãã ç§ï¼èªå¶
ï¼ï¼ã¯ããã« æè¿ãSNSã«ã¦ããCoinhiveã¯ã¦ã¤ã«ã¹ä½æ罪ãªã©ãæç«ããã®ãï¼ãã¨ãã話é¡ã«ã¤ãããçãä¸ãã£ã¦ãããããç§ãå°ã調ã¹ã¦ã¿ã¾ããã â é¢é£ããããã°è¨äº ã»ãµã¤ãçã«Coinhiveï¼ä»®æ³é貨ãã¤ãã³ã°ã®ããã°ã©ã ï¼ãè¨ç½®ãã被çè 16åãè¦å¯ãã¦ã¤ã«ã¹ä½æ罪ã§æçº ï¼ï¼Coinhiveã¨ã¯ Coinhiveï¼ã³ã¤ã³ãã¤ãï¼ã¨ã¯ããµã¤ãã®éå¶è ããµã¤ãã®é²è¦§è ã®PCçã«ä»®æ³é貨ãæ¡æ(ãã¤ãã³ã°)ãããã®åçãåãåããµã¼ãã¹ã§ã(ãã¤ãã³ã°ãã¼ã«ãä»®æ³é貨ãã¤ãã³ã°)ã ãµã¤ãéå¶è ãCoinhiveã®JavaScriptã³ã¼ãããµã¤ãã«åãè¾¼ãã¨ããã®ãµã¤ããé²è¦§ãã人ã®PCã®CPUãã¯ã¼ã使ããä»®æ³é貨ãMoneroããæ¡æããæ¡æçã®ï¼å²ããµã¤ãéå¶è ã«ãï¼å²ãCoinhiveã®éå¶è ã«åé ãããä»çµã¿ã§ããããã§ãã ãå¤ãã®ã¦ã§ããµã¤ãã«ã¯éªéãªåºåã表
Cookies specification compliance issues in modern browsers Star research by Ivan Nikulin (email: ifaaan@gmail.com, github: inikulin, twitter: _inikulin_) This table lists RFC 6265 compliance issues found in modern browsers. Data was obtained by running the IETF test suite across major browsers using a specially made test runner. Test fails are divided into categories for the working group to disti
tl;dr I reported a reCAPTCHA bypass to Google in late January. The bypass required the web application using reCAPTCHA to craft the request to /recaptcha/api/siteverify in an insecure way; but when this situation occurred the attacker was able to bypass the protection every time. The security issue was fixed âupstreamâ at Googleâs reCAPTCHA API and no modifications are required to your web applica
This version: https://www.w3.org/TR/2021/REC-webauthn-2-20210408/ Latest published version: https://www.w3.org/TR/webauthn-2/ Editor's Draft: https://w3c.github.io/webauthn/ Previous Versions: https://www.w3.org/TR/2021/PR-webauthn-2-20210225/ https://www.w3.org/TR/2020/CR-webauthn-2-20201222/ https://www.w3.org/TR/2020/WD-webauthn-2-20201216/ https://www.w3.org/TR/2020/WD-webauthn-2-20201116/ htt
èªå¯ã¨èªè¨¼æè¡ OAuth 1.0ãOAuth 2.0 ããã³ OpenID Connect ã«é¢ããã¹ã©ã¤ããã¢ãããã¾ããã ã¢ããªéçºã§ç¥ã£ã¦ããããèªè¨¼æè¡ - OAuth 1.0 + OAuth 2.0 + OpenID Connect - from Naoki Nagazumi www.slideshare.net éçºãã¦ãã Web ã¢ããªã§ãOAuth 1.0 ã OAuth 2.0 ããã³ OpenID Connect ã®èªå¯ã¨èªè¨¼æè¡ãçµã¿è¾¼ãã æã«ããããã調æ»ãã¦ç¥ãå¾ãæè¡ãã¾ã¨ãããã®ã§ãã 130ãã¼ã¸ãããã®åä½ã§ãï¼ãã²ã覧ãã ããã ã㢠ããã®ãã¢ã¯ãã¡ãã«ããã¾ã AuthsDemo ãã¢ã®ã½ã¼ã¹ã³ã¼ãã¯ãã¡ãã§ãã GitHub - ngzm/auths-demo: This is a demo program with using OAuth
(Thanks to @mah3mm for sparking curiosity then schooling me on this) This post will outline a common flaw in implementations of Merkle Trees, with demonstrations of potential attacks against the most popular python libraries. But first, a brief overview of what both a Merkle Tree and a Second Preimage attack are. Merkle Trees A Merkle Tree is a fairly simple data structure that allows chunks of da
ããã«ã¡ã¯ãæ± ç°ã§ããæ¬å·ããã¯æ¢ ã®ä¾¿ããå±ãã¦ãã¾ãããæå¹ã¯ã¾ã ã¾ã éªæ¯è²ã§ãã æè¿ã«ãªãå¨å²ã§ãä»åº¦ã¯Echoã®æå¾ ãå±ããï¼ãã¨ãã2åç®ã®Echo Dotã®æå¾ ãå±ããï¼ãã¨ãã2å°ç®ã²ããï¼ãã¨ãèããã¦ãã¾ãããæã家ã«Echo Plusãè¿ãå ¥ããæ¥ã¯ãã¤ã«ãªãã®ã§ããããã æ©ãã¹ãã¼ã家é»ã声ã§å¶å¾¡ããçæ´»ãä½é¨ãããã¦ã¯ã¯ã¯ã¯ãã¦ãã¾ãã ã¯ããã« ä»å¹´ã«å ¥ã£ã¦ããAWSåå ¥éã·ãªã¼ãºã¨é¡ãã¦åå¼·ãé²ãã¦ããã®ã§ããããã¾ã«ã¯AWSãã¯ã¤ããã¼ãã¼ãèªãã§ã¿ãããã¨æãç«ã¡ããã¤ãèªãã§ããä¸ã§AWS_Security_Checklistã¨ããè³æãè¦ã¤ãã¾ããã å 容ã¯é常ã«ç°¡æ½ã§ãããåé ç®ã¯ããããé¢é£ããAWSããã¥ã¡ã³ãã¸ã®ãªã³ã¯ãè¨ãããã¦ãã¾ããã ããã§ä»åã¯è³æããã®åãªã³ã¯å ããã¥ã¡ã³ããåºã«çè ãæ´çãããã§ãã¯ãã¤ã³ããªã©ããAWSåå ¥é20
ä¹ ãã¶ãã® Webãå¨åé ãã«ãªã£ã¦ããã®ã§ãæ å ±åéã®ããã«åå ãããæã£ã¦ããã®ã¨ã¯ãã¡ãã£ã¨éã£ã*1ããåå ãã¦ããã£ããå å®ãã 1 æ¥ã«ãªã£ãã æ¡å https://www.owasp.org/index.php/2017_OWASP_World_Tour_Tokyo 詳細 Opening "OWASP Project Overview for Developers" Training 1 "OWASP TOP 10 ãç¨ããèå¼±æ§å¯¾å¿" Training 2 "æå°æ¨©éã®å ·ä½çãªå®ç¾æ¹æ³" Training 3 "éçºè ã»éç¨æ å½è ã«åãããOWASP ZAP ãç¨ããèå¼±æ§è¨ºæææ³" Training 4 "OWASP BWA ãç¨ããå¦çããã³è·å¡åããã¬ã¼ãã³ã°" Training 5 "éçºããã¸ã§ã¯ãã®ç¾ç¶ãææ¡ãã OWASP SAMM ã®æ´»ç¨" Closing
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}