当前节点:rss
时间节点
2020-09-27 16:56:39tyler_download的专栏
本节我们看看X86指令集以及X86的硬件体系架构。在汇编语言中最常见的指令就是mov,他将数据从一个地方转移到指定位置,该指令能将数据转移到特定位置的内存或是给定寄存器。mov指令的格式为(mov 目的,源头),源头指的是要被挪到的数据,目的是数据被挪动的目的地,  我们看几个具体例子:
mov eax, ebx (把寄存器ebx中的数据拷贝到eax寄存器)
mov eax, 0x42 (把数值0x42赋值给eax寄存器)
mov eax, [0x4037c4](把地址为0x4037c4的4字节数据拷贝到e                    
                        作者:tyler_download 发表于 2020/09/27 16:36:37 原文链接 https://blog.csdn.net/tyler_download/article/details/108831037                    
                    
                        阅读:6
2020-09-27 09:57:12一个安全研究员
嘿嘿嘿~                    
                        作者:he_and 发表于 2020/09/27 09:36:54 原文链接 https://blog.csdn.net/he_and/article/details/108821456                    
                    
                        阅读:86
2020-09-22 09:09:06一个安全研究员
补充一点                    
                        作者:he_and 发表于 2020/09/22 08:49:45 原文链接 https://blog.csdn.net/he_and/article/details/108723542                    
                    
                        阅读:67
2020-09-22 06:44:00MSRC Blog
We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment. We’ve listened to your feedback and incorporated many …  New and improved Security Update Guide! Read More »
2020-09-22 01:08:26MSRC Blog
At the Microsoft Security Response Center’s (MSRC), our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed. Many researchers report these …  What to Expect When Reporting Vulnerabilities to Microsoft Read More »
2020-09-21 10:03:35一个安全研究员
累                    
                        作者:he_and 发表于 2020/09/21 09:19:15 原文链接 https://blog.csdn.net/he_and/article/details/108684623                    
                    
                        阅读:75
2020-09-21 09:42:24一个安全研究员
非技术,只是聊聊体悟                    
                        作者:he_and 发表于 2020/09/21 09:25:31 原文链接 https://blog.csdn.net/he_and/article/details/108702758                    
                    
                        阅读:977 评论:3 查看评论
2020-09-20 02:10:39Swing'Blog
CodeQL 背景CodeQL 是一个白盒源代码审计工具。其开发公司 Semmle 也成功和 Github 联姻,成立了 Github Security Lab,负责 Github 上开源软件的代码安全审计。网上关于该工具的安装教程见官方文档,顺便一说网上的教程也不少,这里就不赘述了。CodeQL 使用官方提供了 QL 语法的文档: https://help.semmle.com/QL/ql-handbook/ 以及 CodeQL 的一些 api 接口 https://help.semmle.com/qldoc/cpp/关于CodeQL 使用,在这篇文章咱们以一个 Github Security Lab 公开的教程作为示例 CodeQL CTF 2: U-BootCTF 2: U-Boot Challenge - Follow in the footsteps of our security research team and discover 13 vulnerabilities un U-Boot. Language: C - Difficulty level: 0x01 查找特定函数的定义CodeQL 使用的时候需要通过 import  关键词导入特定语言的解析库,例如这里使用的是 import cpp ,如果我要查询 strlen 的函数定义,我只需要编写如下代码123456import cppfrom Function fwhere f.getName() = "strlen"select f, "a function named strlen"右键点击运行,效果如下其中第三个是关于 strlen 的定义,0x2 查找特定宏定义但是在 c 代码里, 有些情况我们需要查找宏的定义,这个时候就需要使用 Macro 这个 Predicates, 例如样例里提到的 ntohs 族,函数另外, QL 语言支持正则匹配,我们可以通过 regexpMatch 匹配一类函数例如如下代码123456import cppfrom Macro mwhere m.getName().regexpMatch("ntoh(s|l|ll)")select m0x3 函数的调用在代码审计的场景里,我们在查找函数定义的同时,也需要根据函数调用查找完整的数据流,在 CodeQL 里,函数的调用通过 FunctionCall 这个 Predicates 可以直接完成,例如如下代码123from FunctionCall cwhere c.getTarget().getName() = "memcpy"select c0x04 宏定义的调用查找宏定义的的调用,使用 MacroInvocation 完成,代码如下123from MacroInvocation miwhere mi.getMacro().getName().regexpMatch("ntoh(s|l|ll)")select mi0x05 获取 ntohs 族宏定义的表达式在 0x04 中,我们提到了宏定义的调用,另外我们知道, ntoh 族函数,通常用来进行网络字节序到主机字节序的转换,通常而言,如果是一个网络协议,我们可能会从某个字段中取出某个特定的值,并且赋值给某个变量,这个时候我们就需要获取他们的表达式。这里以表达式出现的话,我们可以使用 getExpr()函数完成,仅仅只需要将 select mi 修改为 select mi.getExpr() ,效果如下:123456import cppfrom MacroInvocation miwhere mi.getMacro().getName().regexpMatch("ntoh(s|l|ll)")select mi.getExpr()例如这里的赋值语句就是第 78 个表达式0x06 编写一个 QL 类QL 类包括三个部分关键字class。类的名称。这是一个 以大写字母开头的标识符。要扩展的类型。类的主体,用大括号括起来。更多关于类的编写可以参考 https://help.semmle.com/QL/ql-handbook/types.html#classes这里我们需要编写尝试编写一个 NetworkByteSwap 的类123456789101112131415161718import cpp/** * An expression involved when swapping the byte order of network data. * Its value is likely to have been read from the network. */class NetworkByteSwap extends Expr {  NetworkByteSwap() {    exists(MacroInvocation mi |      mi.getMacroName().regexpMatch("ntoh(s|l|ll)") and      this = mi.getExpr()    )  }}from NetworkByteSwap nselect n0x07 数据流分析现在我们来开始做数据流分析,通过定义源和接收器来创建配置类。 来源应该是调用ntohl,ntohll或ntohs。该接收器应为不安全调用memcpy的size参数。通过查找此类的数据流判断是否存在安全问题这里需要使用 12import semmle.code.cpp.dataflow.TaintTrackingimport DataFlow::PathGraph两个新库,然后我们要设置 来源和 Sink 的对象。首先设置来源:1override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof NetworkByteSwap }设置来源对象为 表达式,是 NetworkByteSwap 这个类的值,NetworkByteSwap 这个类在 0x06 定义然后设置接收器,接收器为 memcpy 的size 参数123override predicate isSink(DataFlow::Node sink) {  exists(FunctionCall c | c.getTarget().getName() = "memcpy" and sink.asExpr() = c.getArgument(2))}完整代码如下:12345678910111213141516171819202122232425262728293031import cppimport semmle.code.cpp.dataflow.TaintTrackingimport DataFlow::PathGraph/** * An expression involved when swapping the byte order of network data. * Its value is likely to have been read from the network. */class NetworkByteSwap extends Expr {  NetworkByteSwap() {    exists(MacroInvocation mi |      mi.getMacroName().regexpMatch("ntoh(s|l|ll)") and      this = mi.getExpr()    )  }}class Config extends TaintTracking::Configuration {  Config() { this = "Config: this name doesn't matter" }  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof NetworkByteSwap }  override predicate isSink(DataFlow::Node sink) {    exists(FunctionCall c | c.getTarget().getName() = "memcpy" and sink.asExpr() = c.getArgument(2))  }}from Config cfg, DataFlow::PathNode source, DataFlow::PathNode sinkwhere cfg.hasFlowPath(source, sink)select sink, source, sink, "Network byte swap flows to memcpy"效果如下其中有多个明显的缓冲区溢出漏洞使用CodeQL 进行 0day 挖掘我们通过  CodeQL 编写了一个 ntoh -> memcpy 的数据流追踪,当我们通过检查相应的代码我们即可分析是否有缓冲区溢出风险。我们学习了差不多了,我们可以通过这个成型的查询来查询一些类似这样的安全问题。例如我通过这个查询,挖掘了两个缓冲区溢出漏洞。大家也可以去尝试尝试。if (typeof lightGallery !== 'undefined') {        var options = {            selector: '.gallery-item'        };        lightGallery(document.getElementsByClassName('.article-gallery')[0], options);        }
2020-09-19 17:44:47面向信仰编程
2020-09-17 10:44:00面向信仰编程
2020-09-16 17:38:55小草窝博客
ShellCode在线免杀工具,只需要从cobaltstrike或msfvenom生成shellcode,填写到shellcode框内,根据需要选择一些参数,便可以在线生成免杀的可执行文件。 免杀编译生成使用的是go语言,所以文件可能比较大,使用upx压缩可以到500kb左右。 目前仅支持x64位的免杀。 使用教程以生成Windows可执行文件为例。 cobaltstrike 生成shellcode 生成后门 - Payload Generator ... 阅读全文>>
2020-09-15 10:17:30tyler_download的专栏
掌握黑客技术一大难点就在于你要非常深入计算机技术的底层。绝大多数程序员只愿意在上层应用上花点时间,毕竟他们只想”混饭吃“,任何有志于不断提升技术能力的工程师都必须跨过几个高门槛,一个是算法,一个是系统设计,还有就是掌握计算机体系结构,与底层,与硬件打交道,这些知识点难度大,有些甚至很枯燥,因此愿意专研的人不多,我们本节所要描述的汇编语言就属于计算机体系结构的一部分。
一名真正的黑客,不是那些只会使用工具搞些歪门邪道的门外汉,掌握汇编语言在关键时刻使用反汇编技术进行分析不可避免。在这里我们对汇编语言做初步掌握                    
                        作者:tyler_download 发表于 2020/09/15 10:06:05 原文链接 https://blog.csdn.net/tyler_download/article/details/108594045                    
                    
                        阅读:36
2020-09-11 09:34:16一个安全研究员
js中有很多东西呀                    
                        作者:he_and 发表于 2020/09/11 09:17:46 原文链接 https://blog.csdn.net/he_and/article/details/108527323                    
                    
                        阅读:295 评论:6 查看评论
2020-09-10 20:40:23一个安全研究员
????                    
                        作者:he_and 发表于 2020/09/10 20:19:40 原文链接 https://blog.csdn.net/he_and/article/details/108522102                    
                    
                        阅读:219
2020-09-10 00:41:52回忆飘如雪
您好, 这里需要密码.        0f4b127c3d6eb09caae79b016d7f6d0315fc8eab19be9053dafe5f12da22e2a618fdc483e0c3b808921d4caf16b913fd936796f745cfce023e8b11c96a55e2d177e48ac6ad1c1910e7cf4882e3264e47ce61a7bea65f10f996b937cffc99dd84017c08691d6086e160530cc749c1819eaa2340bac2a2301b7e195052b3c32057ea5bde837b7c96f4b837979bea111ae1e7155e5839ed9db46088799a53504eb17009f3ff6eb018f00cabc792ecc91b33c3db80807652f501d7c05519078b09f4e3b8f03718a530b35913a99f5b777daa929ac6dedfb51cd32312c7ea01bff00f42c9452c060483d73ee47a77bfea00abae9b4ce87f31a77f63006b5b4baf0fc60dac381c41504557349bb6d493b85c3a4a1ba38f8d0716c8d67d23160d4f89ec878a04c21be3857b9c23366306627651ed4d81be5b02b1deb88c366a9019c12e75e3d477d246005e3795cbc1bbfd0f1c5828fc13092d55a052cd3c399f12af23f954c3843903b2b38f6e7e9aa0d9fa074ab61119edb6c543173395dde473ea647acd48082bf9d9f1199b2510935f3aa10c003a425e68bd3dc16420fefc9a1f90b9168bd288fa80810c2f94d4781941840c80e3bfe51102026736d5c78df8de24894ee7d8e003739655110eeccb9ebd18969c0ad2ce89d60dfcf51d0758cbed90d2a068f1d4e7620c8ed5d41bc1f58410f124e964aae06796607a2aa9530f9462d70651d7b5371764d67cd2beb70ef0eb50cf65c3c34b6f76aacd3938473611b40b4877934d43661ce55ca51648d67e8bf69fc17e2a7f3aef6c1538a96beaa6e9c9b557d97e5436179d20601f0fb7a07e6f6922a161b9da7dd97794c96ef448d37e8b4be364273ee0ff0aacb636bdffd6aec244d4f0953717c9ecc19334dd8cc00dd1e5201343cdccf419ef008244953d1d4f42bc6ee22e373b4921213bdaafe04a23b9cfae790e3d8372bfbec837d15a5f83fe7cc1ece79fd26988a7b57c2006780d8f9ab8851b7db4040d21668248b349bfcead6da703082ce4616e8674e9ce5079d8c551b9e4dc7c02729d6218c52dd106f8e71d2553cbd91e96beee00e9261f684e105f634371af1e011b67d455a00d8fd766719c9c029e3329a17d2b3c70e6612ec6401fb3b13e965a7b5890053b4b063918832e42b01f09f4d121742aeb3d59e2446a99bd1dc5ae358a7bcc8790f93db14c7aef1113f8109119f19aec82f7f1c5d9b07d1294650aee1d546c36038ff5a2d62fd574d1354016def8daad3eda430af94ad4cfc82f4e7ef5e706e709545d07a45ed1b75267789a31bda04cdeaf7659a2966abf78cf77a1333e46d63caf059e2973663aeb93d94c2e61bdef2a8e8eb066355e45d45dc6b02c980c7e8e715027bda392cbcd208a78ea7d73c0a8f05895c0d38dd4700b52783bfa9a30dab834680f7f7ffba03d2104da2b34302e35c02d1be2c738f33d299f4c588046ac3ecfe1cf869f61fd7328072f35fb237f2c59e96c52b84ec839e7d3d7e6fc6940a72db89f3ffac9ed64965250578b2f35706792162e711e0505ad1eef00431067e1980fdecfe5d81c6638e07343aa2e5c2cb62b91fbc6ac60362d5c22a265844b9c1bffb540726d0404e0cd1e904be90000bfbd01eeb617e266cbd19e1b61fe793eb40e96d8d1bb44ca1ed427824152d9c394889bbb3348f58c10d653a0d5f2c612e7272eec47a823ead17bed1888e0fe8d2d873396a57e808f1fb6aabc6a375fba13b6e21d17920ef190f356b55163a672225bdbd1a311f15ca4c43a06fd2347c78edb9942a63373abc66f6351c245b9dcd88894aeb69a307583a58d807de6edf54db437419d3ef6af153fe6e88172f79b85cc4d0a74ed4b2457f09c0b03eb910e318d7c297866e9d825e439eca9619a47835fa092d4b27e5707cd975ece63c6a78e08e32eb642a7e8da0662f8d9ffcb9f273f6545937b4710ee36993c181a3eb48ed7c20de0c9bab6b5fcc6d6e6f10f825ecbb2c65f53e84b083ccb78bb823abe6fb944aafb320705c61a71a67f7e3d126a9a59b37f30db9dea7db08aa27bfb2f9902c14e08bb95d7b8a2136d66ba5745fa4c64cdfb3febca02c8a20a077c496abce1f9bb8b7dcedb772dd73dbed01301b5a64ea80cebd0dc87c78f84bd7a135662164a24b48773cb66d88cca3e5efb8db127b5f57a68bcb54fbe987711371337a91b76b53a5f3109d2b40b92a498b27ff89650bb90661688006fe026b3fe15e6c9c153ffbba9ae1b9797bfef106288b731eca6dff4b7b1ec544c08261017752f64d6d3ed50328b49a5d6f06d341c19b06e47ec238a3a538d77b910c5f72f6428158156fabef586756bde8724dff7e5e4dce4d43e3c8776877a77b98290e39b28624bbc9ac5fbe67e005931066696f973d9bf7b5762bae0e106eef4ed21ae429825243bcc8e46a413e4876002819ffe5a830e7261e59f31f04e870a4355c029d2dbe7e13b4e76809ea0a4c2b8f134c2b856b862462ad4a43dc8a1cf6a46d83f822e6c708d2062552ceb35e3e31f79d12ff1affae86dbcd1574831342ff2830af226d1d9df864fe07f3f418cb17e5aba51435ed28d3eba8e6d4f52c3e014fd1a23df94f980e44938d3f62cbb15ef105c538c6b77e47ac877ab9775c8b69c7080ad7b997a85285e10a6484e27510933640b4100e8cfb6e453c52f89534e08ca8364ff1f4e74f6893d648eedaba3a4e42ab855b54a57b2bf9974888b3c57ad1f755911bc844fbf5eeb9813b790132f84b71fca3324db784d988496bc06e1e823c3a52270040a27f732d0fa5c17b6d16cf1dcde26028e42057323e05f015d71c5cb57cc21bc86f8b8020e40b912d5eb40f811ae311af422242fde5479621c0ff5c761ba69c41ce1156966305165521e623fd658f1f0767efe42f9cfd89cca71108e1630b59be00ae5f541856ad144e28fd5f8ce226e59388fab35281490952b0606bdfc82f05be68fb7bdc07e50a03a821f8de4e8a885e7de0e8f13ae5e8b7840bec028e6cf0736a4b06a0cb166521070fbe7968e2ecbfe71b9b97f61c2773ef6e49f93eb820181df4a15a8b0a057405c64ab6b82d5119a1d7395679e017abd60d32e1f6b59ce40823f47825ac65c87072868a8c92303b4d44d5f2c6c15b8ec2da99dd743a12e292b1e6e993e1adca3941c4af3fcc189ec4cb9640decbc10de44c8d0530a1c1387d02d1a3bde14cb99be3f2123bd630bd5d1863a25d306343f47ae1431882ec3377e17d98ab21b1e60c44b4698b59eb98e6a38c2bde16cd0b46a8b023807f55bc5128310e089d0dba9937fe6d3c68562dc143af756293a50919f96ea6c9b34c2925fc0067c2a72637f2844f077341a5581d4268d8250118f321f7dee3e4ab21dbbb0a5efc5cc6b79d0d11250c7ffe3abe4b99befbc777f0c55f0f5b16acea1db9c93f2fab56ff5aebc14934a25eb772fb5c6a3b5e577dcc88c43b0f28476eaa909decfefafbdef65329c99a6a99599eacc295bd74344f36ba2e5781c9928d5d50cb8269ed518b066622ecb64dc668a35455f1892662070bbb4d45c6767aa5fc3810cd49872cfe279840fecc8343314fc720c1267b446f1520e74f9a98dc861f0a67d10eff6246f650780732f60931efb8ffd96ff877ff8ae0425ca0121d2bdde88f4a07a976db6b9089ee34b8628de7bf444182763968751a4b2d98867061eb94fa4fbcb6a607aaec5be38fa517838f563225917a5618c18da634eba9f35c5764dd646ac58a2eda7e61e1d2c02e130e8ed4a86044b2c5e24fe66c2a298d9a98e7c477cee029cb187e3f845d71a67d404a0ece358fdbb2b9a2c221a20903096ed9f895b83197f9f18a4872454cf73f3bd16c867a8a9d3ec5f3a92652530df8d31e4b7c16c8007906ba973bb92c2700162fb2e4e05afdd6bb2ec4a26a5468a42840b2bcafe2f93225582f739c17aa11bc4bbeb0a3bf53cac87de3b8516f143e76a16a6c6f27461a6447d5ec9f688023209617d15fd17af55704a809d29019c957f068698f5a9127abae984f23455143438665b07ebd8808b634bc7c6eb1fa495e25f8a20218794712d19f4df557e1b4253f53869f9c4c6a75dc29c17935b4ba50c532704893088ac08f449fe3a562111bf90f8420cb0fd578ede3277d384fedfabe19da9e15442b9cb98341349f1b5fdde794833fe2040bd5fc2b754dd6b3d719e5ba3bb6c89ba00dca51aa62708e6dc98f7404662e5288648b1f3a4291a21b948dcefa55024c854dae7d54e0a41098411bb3cea8f37f4057da141a192fc0bc5ea734cbef88bab291b87d2eccf4b45be92f081915cd3c4ae1eba1d374c618aa4b840eafd6a043cb5185bd8a8a8ac5defd4b85b4ceb713c45e2936e9825b5ee2961f330fa49eb54ec4bc8d5bed31d9cf37606f247282bd6c57899595c7f3e87d5ae2a3aa5aaeb359d9727a34d8847937cb5a53b70f8d29b6105a53414960b5eae62d26a1c7f195516480187b21c855550b536c1b790201e645b4428873614b4614fe4b4d43fe23aff5121b314457e61fbe87c02a232d6ed8bfbe8955c4e287f2a2efc3c1c2cd6cafec056d245e3fae08f19b2d0e973c7cff45d8ec861981d46b4cee0d2cc064225eab0a47a0638deee7f4c22ecf963b1d064c8afee3e2d48b6e0f37f905a8f6e29cecd850202cb0c960c8fd2bc367d5ee0c5c2055ccf8282e563ad225c9fbb31e8dd1715fe286149cb7545726560fb8db0b65223f1476f3349406016b89236643077afb9076e5ed5ea3fd2eb312ae19d398ec9f0352ac4c092dad6528585fcc9c75de85bbacef35f52d602a1b88e991988aaf2e740fb81cfbfbe46a24d10f51f2723124524309d17484c46dac69a52f86cd6d1d9075250e3796eb59625c9d084d0725e3679eed5c32ed7aaa004b4857822f1009866770610f461e4652202d41c30638580b7c70cc21b688aedef84d9ee1c21f37c3cc8d2d66c5c4f648cf9b8a061f52c460a00ae2c47180cb772016d1be00614e8298760fdf31431cb80bc5058d257ac37787efdfb2fe2ef5f439d9d14aa664bd5a8b4fca466f9054bd230aa682fec8b8035fcd0ed6eb809e8fe75e5db2d2f1f4efcfc1c172ad4e5010fd9c608a2f63d7010568bbaf39982e90b38955fac3d2dac9f6cd179523ad838d66976bfee47e53120ca8bc5842068ad5344c69be6c6c19be6061b16048af807ba82c990382ac7e42c4781842020105b8cc3526d2d3bdc408f2de0a3c823a6ff614c4fe815e7aafee1ddaafc1f5da70c00d491a0640de639d07c7159baaffb25dd7837abe3eaed19557c8cfae7dc56f851044ecef1668ca15585805387871567c1b694eaf95197ee1cabd92f605bb765607b337674b3c289bb4d328cde77dc46699bf9499946bafb9bbb758f7a6255e77c858b2ac8d9cb7dc19d9f22aa3107601bca94762c3091d57d8e46f2ea49a1154f9513ed32a7eab2308e6de304b682fbe65a9eb8b6dd951b90df7111b6a7be0c022242783456d2591f6d1efe206921e013ebaeb4f3e35f327e5973ddac5e2604053e900962abc3cc400bffeb2545e91b3e12dd0797ac098a5ec01a1953d90a10d3b6cbedbfbc6aeb8c76626f1c3d37c3195627d0e842665b4b1a3a649b54e9ba8877b5cb222575193852e84974844ca9f43542038ef72fc50d6f1cbf3a56b2158a1176bfd86c71b297723184eeca0b8592245ef4f056821873c805bff2b288c4f1c3e5b09cbf1b8dfe960ad29a3cda91110dee2401921080c05fc9e5ea41cd6d87567593a187536a351caf14bd5905e52451719ddb26283ca6bd681a8e06f61cad2e46f47a4ae598be6186ca020e3db6768eba25d5f76f0bd3b77c3539dd0848d220d88c096565e854fb7964551be4dc53c88481a06bfd14117cebe96958ce0f9cdcf928886f8138622ac727d2333d6932b347e1a5bd90fa0ca08d5bb9c5713711128880279044c22e65745fb709d95d61d3d06538009392938cfe735c9dc9c009a5f784f904bdcce3ae76e04b385b79fed737dc4465658c25a222526e758efc3d358584f9c70636a95d85a4d6f5dea3aa86bde1d0785d182a51bac12495255955efd730c9d91cb3fcce068d12f2142471670ea54eab85bfecddf1e52fe12f44c40353bd9f1ed7536bab6c29c419d1191075db601e3a55b6c4a02e4d0c6cf51f93e224319487007e30e38d10c35dfaf7b70a5e6e9969d64fd1ba985374b731528f509d9322d2b9bc3b956530c5299a5d613fcd0c4e30dc733763e259b4b986b978f780ba025142164fd0f172190be7e768e766ab450f55481d04deebe8751a850a50974ae3f598959e3a92fc557f1682b78e6da37f5c7e7dd369b2eddb1741fe54a8cc130c04ac07416f45f0424d52f965e1810c4d1e6c74b0989eccf35b1731e782f22fa8439ac7864a9c24531b3192b46ec2c3cb7d3a5f59c13f3c69f11dc1e3e793d916ce33d2cd18f59d2fd5ec8d5d656cfc46ac0a57825660328a077004fa2ecd1606093da0a1d95a86a7eea419e0954b1d9fb4b7a54f6f5d731be76bc2460a0a30a42f8f20a4631c758a6e0ef4ede26bd7927fcb8fc2a4bb4d1878f492b18c868598efb1e6bbbfae904328c7e55e1c74b68ecad2d2dbaf1607b8aa9daa4633bdf4fda6fa431b570a754e77f82690082ab89a39fc1aa19cfab297a4091b8ae539891433d8eae0e459d9594bd71acc77c63bf41f3a2ad9cd664832d65a6fb614d6c7a25172f6e2152dcf0618c61f39949ebd96e3e5830e8793acc7ad61f29493f34de1a90317ef59635b706fdeeb0ae91aaa3181f91c672d1fb652a9a296a8cb981671f7a0f880bf79d229563c6e10be17331e84dd9124db799d5b13c05b2bdfccbb63b966d0e50905a3b12de0b507a1b4bdbe1a847e7a4f00afbe380e00ba6c6e95ce7a9182f1522a58aeb22a040c35e52f7014ee5a1e1078a74b97b8a938f74096470842b4518597c69832435cb2c2692308e0c9069264efdc8d3c31427d50009691032eb1a78b67ea9d6b0a02ed3d6edbed3618405c0265bab84ef28fd7ec986cfda625c6820c02b828cf41e8bf977dd5e993ef82d8895f644c9cffbdcc5dd0f5b64a8e0c0e3a7b095b5700119494730357b3fdcbc26c0addacd3f86488c77897cd05f3080c9f292e22a705245783502426ce6170ee550c1ac88d15cea7e4b383d195afffb653d7df8e9f6e48906ea686ad63a8b4c8538516cbfd6dab9da5312c64179ea311c8caeb1099637d847d54378adf92cb326ee5e3f0b6268e81d0ff1ca37dbd27998db66b1bf0670f4d919eee54f5c0eb5f01adc4b1fe01c79ec129d4a57c9dd8b76f1fec654f856bf284f0bf884bd1a983ac7ace9a1c0b1cbbedd34df6d0a3b62eaa031a7a2a8485a07afbe73d942a64ca4fc5a2d9dee89528319159804e6e5676dcb410a0df1b486025e20f59ac8e4d493d36db248f96b8fc83c0b89c3ffc9f45d6b79c7f649434e30ca865071dcc741be834ea2d3e014050b420c3d18cdb818f5b538aa7af42e0d555525389a279a22cf5505b3a72f999a1d001eb8fe843196fe89de2094f82f7a6400622c679a614fe609e551d7c85271d3d9469247b0e5203ee60de4906042d6c97da13e794b452fb399d28fcfd5c6e77bfa440da1b30f15c0c13b105f60d2f079aa437f4dc96834848845513671451bcb1e753997e3761f7ab958bd1dd2827e828d374939217110ba43f7f0f7fc35dc320f665220d07789931b9b3f4b86aa8014fa07e6f8a92ad1d4d0ce57e40a967d3a53b44d2d04d5ce5cf34ca6767468c8bcde1a4559fb88339863cc833f39051d43afa03fc77e016396bb88b943c31e9524424e8485b2719bd57c0858e5a5271212259e1cb2895d937c77ceb37d77534d67652faa88cf438eb284e0f044888728f7b0ec39bbc6fe936fae2884a5d469d5312694709c93e7dd8d0714ef69031753c0432c84d8961dc8a77e33a326a8289028fa53c44631fc6c8c22a3c17ce755293d4dc5e53bf1dd81b53130881352b8a99ec091b2052d5dd39c4d2b38170b99897214ee9172c819a502a06999856eb2a76a4342ee017fd75c80e17bc033abf1a15d195eca03f3b0a8f5c92c0e9342fbc5344f904096e4e016570d75804b2199cf536fcf60d9da6e86fa674ced365f293cffc23d6ba36c1a909c6245991c3896f78c035f1ec7dcd40d6f56f709e4526d4ff0fd452c90240d1c876eb25b06bbb0884f229da76a6c16947f0cddc8bc6cf48cc02047602577aa41a95906d57e026150f6613ac73bd7a594badba7fb1181138d24dbf6ba64a8ead1d7b749fe30b930b130dd6688b29b2dab1350756b7aee022d54ae60916e87d15037bb92c2bc8d160438b5655149916746d76d708a4d5ef07a13d267db023f8d35ef19f258660d11eed351f9f2cf10a422b9d15a7c1ae18dbb02416f30e9785d3ac4bb1a03fc045b563790b22865e354299363ce8dbd443d752bbae7df9c56070a120141a731ff12a684bc21e0aa88d855df4d405dad310002b562a7da4cbb679ccf5de09d66189e5cae304eec0d78b58f3a2e9c312b88687733424c5c27965440641dce0ee47a8c4a500a843b2fc523630dd9404bc105b094480009c8e914529ff63ddf9d00553203098fa8745fc643427687228c02d1e9a968e85cdac31d15743b389d4ceb27179891b76a0a71ad23867b3448a4782b8c4911d3d56c168f0de44ab8e4d6d45b2fb7d9f2200fbdafbb833312c7f5a6f3abd08378b94fbfc08058dd33e02f9c37b908d7da4ca11a62a7df49542541633206a4a8a1a9cab12fd71336f480073be7d4a9aafdec201c5e99be9515ace9857b24d56cc24bacf9d617542f8a24f43501cc6374267f87c516bf2a59504a9eddef9d8ecf670a9bd3b32b9192cc0d6155b61df19e75c6d8a3edfc5b76f8a8876c8b4544f8938f09256964de311c8696e13719d9989d53803ee6a89bd5f7ec497dc124755cdfc87bd661c68e967b2db084a229e4f68737c3953bedec4142f39c23a9f7785428a0bc8d990fbd7c9b256b57c19e6c4825e20f28cbfa489466de1c755f2f86edd40ae5efffce1a05212baf4355312936383237f8379399b6cbea707d6e27adabc3f9e6878eec663526b8a933b30aae67978df42357e6691deed4ebecc31bbc0ef02428a52c1db79f91562871fc6665a6bac57c5dc42e92e50b81ec2d4d8340f08a2f3eb3aed41056422f263e01edf27898ee2231fdc63a6e4c7d071e579892e935fc9d08fc27b8bdfbc0a62488391ff5398afcf14c254d82832d35cb86107e6df650ecd2a325e59c3b5becacbf8ea304463c9a10d9834667a8f5e5d03ca9b974b13048cc85f320d455a2922e9051bd5a2baf206c7f4e1596ce7d1639f61898252bbde094e65c59bba9b8d29c8c5fe72e2d603a2ec6e0cf6703142cd1a0fef0e5f0310fd337c4deb1048bba387be4cd1afb64faf09ed4c1cd7823cd8ba296ce4412a0f5e52ce5aeb4f1a8578a0eb1ae1e85026901d7737c5e57b15caee35af0b99e263d27b8c2e586e56977f2bfc74d7b47362ef436a35e1dd20903af0f380b86124ce25ac267f2aa12423833ac0b4f3882b5d6a264f87954c2c4239661d39bfe7ffcb0b0ad5f92e0561b869a01074b88ea32fbd7f45ca40117085a9a8d6bdbf23c5d8dbad74dcb5c93897e02fe17842136dc32edc6d858ab8382f8f9178faa7132c84dc2d15ef2976db4a5730b7024c272253624ffaa3f42350c848700e004c270105017a88d11adcdcb2d1b7554427f8c9fefd1bec18e55b0f21c79e120e720554bd0236df76fe9d314b1f28dd9ae1949bf481d9d4c7b35ec4da089e1f8f8ce7b5dcc51762bd83444508abacd50522f40f3e7175fd8c9ab519be055f750afbd87fde622d86b0ec2f7eed7db4577785ec5d7bfd933b74f4b33ae9839e87d7ae82149a96c60bc03c6c240c84978f122c77685a84f278597f00bcc415ee452d6931b0b028369c78d17fe33b13c23cc4dd45e3e2007371b62e3f0f88d03acaf6095fa44c020c71dffcf127a1d0faea005268325dda9bcb51596b1d4e00be784965f556280047025c147357d13a2b9811c798a00669650f04ed8d403f1284c04d3f6abc73b3095625cbca6e78b54bbbf2f2a3fb436651a2b02d64c5caf66aece1b190b9254ceab612568b1cdbeb84feca7d2f8d6737eaaa6f2924f3b67790a093edd880f671189cee2fd251665c952afe8146f2650c98e6c40d6b79fc839b63a1a5b3a11f27a4ad3e60f68b78c137cb52ba3cf38336b6b5b2be49453a1a89f50b6fe7e636d112b4adf519f6c2b94fdcebd10c249e8cac74a595d65adb3bdfefed74ee47671e61ecbc061c484c1ac9a10dc0e74c5b199ddda010495e4d2e0bdaefac9c2e5316a4ee818144c57a67ed8467b59b1470ececf645646522b34018a29a49c0c4b64357db5bf41d8f08135b9a4b482e8d4886f4b6bf7d939382ea6107cb09b4a172ad4bb90b95b52e84560878d898d034fe9b82bd1582aeb0f43155ab3133817c60efe6bfaf5c00f3ab184f15b67adb645cab63b4411ecad00a4b64b540bbda86ae20579b1d87bae2b6e62a5fb893d9efa8eb78e4aa21aaa3e5fad83b30ebcf325291066138383057b6ef2f8d3fe26189e68012741b168825e266fc01b6811b6bb353b75d2afecc667118b8f8298389dbfcd084696d9351041f04889dedb0cb1198d17fb825c854f83f737fc1fc2ca116502de6ef892f20b7b4a705999c6fa6423b087fac27477b0b27d0225c288e8f3bd054ac7995bf713af111f453d9ce9ec3db8a042a50ba0eb59f798593de22e2ea49cfd4d89f536a6d137ce67528a1d691d86ebb6704bdaeec2245fc10646570734b7a9e24c563728414cc5816ce1b62eff14b3bc3a5ef78e9b034cab9dce8500a0b9953dda2193935bc1378df153e68d49817959612fc1520911a2ddd46aba81370e5c722b3ace8519622f6ac177a399f97a2740a03bcc7d131ec6c3d3148e166de4f874137aac24f4760a9a54b867c1d0bd4f8df0baf25dfbff600803eacc02d4d4bbcc422bb28f8b634b3c0e95b8dc51d88eb8b50dec6a324ccc74f79cffee8c6efa039d4714f3d3ed7ed3a2b074445a55222e1441e6d51fb8fa9fbca312fa2fa032c2e81976366048994a7f7030c37f0fc86bfbbd2a9e8eca4632a7651c5a7dc8d4b4d0294f8b6e01eca66759d31819af1a66fe5d17e4dbb8d1e6d5d201b61ecb57a357079229730f07a4fad9ab9798f0d124b30bda0df3502758f2f14f9876da910c718a4a11479fd9c1608c4b222e78eb8a16214dc924a3e1899d9b9ee504f9aff606b653be749e59c487ed032639e4901fc43891ad3e450d45ff0963c4d52c9b61aceaa42617b6a29374f10ef4554033f2fe3988175e3f5f439b0a6cdf02dd7dd2003e5f145d592fd8aa1bb7ccef7d092b342cb599f2d050b32d765deccd6d821b08e3171f7e1109d7505949108bc55cc52c509b18602f0e1e71862aa1ccc28b8725aeb31237ce1168da498dab80a6fa22d72adb09c785bc89c5db4bd6ed7a822023a18766e96fd8613ea8639b470faf640b04a5f6678147da4c5c28af643fd0de4e10f15705d8b2e75832e217c2c834feb43148295b281acd534b2e568396ee7aa48c54f65656e849b3ec46f3d2dbdd327ae0f704b0b9659497d7f77f67117a38ad09510cdec89bbea89ca30b73cb09d891c5cec83e41b639fc3cc91598be7f1dd0567b17eaaa2fe9ef25f18b897dbca0f1409bd18a3cf0d073d9139d5db6d52128e4e2ac8eaa12fccdb993b9ee4c0089dd82c1d322345b571c106d31e0cb992dc3e6d25289d10154e41f7e7bb934329a62075cfe4ccfe8e4e7cd9d2d7b3834afb0397a3a8f99a40ce434fc272f10dcc4b4248c364e663a4806302b75cf50a5baab557fa487afd0d36ec5f895915e1ea9ce4af8d4438cfded3f8d6bdc57eabbd45e055dd6243c4693bcd76058aa495964b5470acb64c265ecd2d7702e76acf9829f99e57f5f3c8699df9bfffc21173f809879538709fee3dca7f118e5850d3c6eff0d586731c369351d137a9055b8bfd549aea448c5969d9cb91216b7bfe4db109a0ab410d5de28ccbf234ba70f151e17631f80c6d380cfe5904b6e2e30cfb47798039ed156d6383ca069b834b1e15d73414bd56320121e80cf8f123201041bbcc251d78a86430c72393492a88e68cc680afcf745fa382369579a60166eadd3a4172caf4ef8f7248ef94053348a6f9267163336dd8bcf42f2b8d0a89beff0b9018c0b36b31248ad306e6ad73d4662c17b6de940d832d61e1207c1e15365540d7a1a70156abe30d55c8a3d6c32b071b3df7a61de1036f9a96265771fc4c13af475d44500ba152099d236d4a330893807f10db1bdf87bf20ba41a6a086140a3b81372b14b9ee00f2676c4190ae3b14f37ab18b791e380b8fbc493e2400e869e07588ab6d4104006040775c4731d4527b0550de04330b1ca0c4aee796d348ef5d14262918ceafa5d6348ca1fdb79c41084e295561b633535dc2c3cd936230263fafe0e89124c95148a6f4afd4b7a64fe787675e2a2efceb2c5ef9bca3f62f71edac0565857a322241a6b323e694470eb1e61434e7e2f4095379cdf0f468d4af7f7e87884c72c54652fbdf2079ef86fa713caac2933a47aa249043e3a60c1d484fe3d9d3179a459a1d18a8b1c3b3776d2e2a3de908c764693746bf5336b0f58e50d6f485966ffa8c2d70efe8f5b9dbcd4546cd0ef5d7b28141cb891832faa32bca7920c26fb6f6b14035cc5ccda0a4de211babb0db1daf17737ffeaf4dd0e3e8f9100c6b0f0551037d2b4e40bbed9bd993f00408870bc91a4389a1803e438d5a2b523ef4269bd1c112362ad8aa5a2cbae267ea27abb13b2d9a4d5722746597571fea508b2694423c30abc30663ac6ca15a2c374d952ed0822d871867218bd206d371b2ab3a3bfb2529a3e8ecf372f78c7725118d6ca2c10904c4d8433efd40d2f7d4e2062f429f87f819768b2e934ca02ff939af80e71c8ffd9191d113663abf28f27db3908733990558099ef8c3d3649fd12541ddca25e4c55e35c0317abc310b7c09f8b277eab40bde7a693915d119416d7465a73ccead3d01262f52539af3dda05c1d0071e34db69f16ac448462b43ac929cc3b3acaba2e0c69b2f83817f995ac32d82c86ab77de0b2470806e9e8b4ed4a9ef0c6e45e6e9e70ae05a2470d1d76d7311645514a458420365f7f050bc1fe77b0bb563b69340d98ee7a189726a8137c97f553043c11e789d72b1ff1413b198c23582527b17ac519387e0209d52ac511e4cc73fa5433ab9f389f356a1d70c9c5fc4c3ec86fc718d60ab938494f4558842bd7c63c5c99b70e1bb32a88a22b9087c7014e13e38dee58c494d94e9bbf35fc462a1c635a964bc46dedb9202a9006deda69fbb8a7fc030a22781d8dba46bbf5075fb4e4de8727e365fee0d259878925a902d6dde0b60f316f30efeb471207ce27f19e8d55da115d37d1d42e2f721445ad571b37a29ad5aed6dc54b033615f7263436acb40e66372787019f6d225595406242af4cd233fb07d594893ad7c73e8b366802f3576a37aee993fcf72fc384aee83778ea3a151b51e7517482ede05d494b7dd970f9de67df76dd07ba66f817690ccd0dc758236a4ecd0a436cfd11269aaaa6baa2f31de6657ccdd09ad7d918ae243d7ebf9b79e0e283d09ada88b0f20de88b0a3986663a2da0a32e40398864002daeeacbc4cddcab3eb5a5ff781a78a7730c5feaf1c5a7ce10d7ebb050d876b4407aa67307ede715734030bc79d6f5ce26e43dd969859f0c69e996f4165db4886646deefe8677c5bc106fa5ea2e735514ffa66553eee48f84c0098a2437be66a633af78d7be63b424b12b110e104e877be7cb91b9fd5899f2bc5df520e6b62f4d773f43098f4135aefd1a2d9a665c11c7e88a0d7d18544f2721571265341dbb972b20f3132e6f676d9e083cc872a22c2ed76bbbd4a6418168f868120d4423af41711d64c01826c2f43d1e602e3a7d0807411ab0e8beaff3350e57632e4bb79eff6ff77f687b2b996bd0c436f11579b8ad39f67f0c4ed4a202751b182cf023794d30cbd791ac81380723ea223fe74d694ad5119513bef849b39e4b805351650db212ffe925674541286b419b920da9e2232b90c086f35d4e1b1662adec9bb57efc9dc21c95b0d4132a3cb5a66610ca940cebc764e6d5c5a9bbedea8a8c36e421dd9118bf2557d9fffc864a7e29c928cf303e3ea18fec5d49d3b39b51b531ce88abc85ce602edb63b7e4c04667c31133897d726c1e16b38a98977ba8b6a81eff8946145602be86ad901b4d7fadb52e7f0252aeccb6def01f4a5b2855e72355fb64b99b3c362867c2b1a369d029da1fec2099b188a3ecdead4a5dd8aa31293f1e8379ad9d4fc12ef0bdca10e91913cd4a11493f0fd6e0de02a07643ada873fdc565cfe5de26bb093306fe06c3a5dc836136d0eef7946c5187860cba69fb9c6c7a49843b55704322bc60d0bf5e7e136bc0573a8bc4a5f26a2ec025869188bfe8c8c953769ebf0946038f19cf75fb4b5d2206f28e5373d7323656850ce6ea31f7d51bea83f7420cff414c9bb339b19b9ba0a5159da280a06efc84409268a0f99f263bba77b031bd5d53452eab474e5b6294e8158c584805abdbf96e8a708740159da9cf3a6c4db2934a37e1a4479112c6604a3c012a454020b326c12597f2c246c7ad44fe6a071f0ff79f35d52db346df748f50f976396f64fe2ca70bf589ed9a54abf5c3cd2e7d98ced6f04bf79055807d706bd87e6928554848ee98a7336ff966c83780c9105fc3922d843d8ce2ae6586050dc4f351cf0d0b18bf8588d0e8a6da08afc31d4a61c00eb230e8feb0df19b2b5d8e9b0502ac394c13d1718b697c1b71e08eaa8cdd5b540f0add67481c72b534bf081e71893e7d41a7c1cc1480f3efd2200bad25c284357412889d39d8c9e7bb2f20a727869736fedc3102645d9ab311eb4972567e156e3ee74285785d8145e38f3512b3307a6cc22b9960bc2bf78eeb0293eac7504b57345424f8354dad995660155fcb9262415ac9b52c5b927520089d2bf8963c860fe279104307a60f83486c94e232060a38ef329c893d56653ff29a8a31fd19f0c432875dd89e4e17015d5bab1aaf0f1f9870013587e017910ebb0f8ebd04c01596340e273a8bb23aabbe20201c66ca77c920bcf80b4f2e094f02cdd5110abb845da32cb17cb2c0b9cdae5473b0df7a42c97f6636c30744e408222f8c90184a7ebc4fdda631f23ca706ba719b99f2dca76e0b1fe1bf45f4c9f29a8b00bab13f1ec45522cc99977852485c640f3a68e839ba9f137e834a49fce7eb16c187e19dcf4f465c11f361bd4533318b811e53ff9df425b2ee2b828f610c7ada046937651811db36400dbc7486459674136f45a8d2366b56d66f0bac25095f9a808305798fb39670b2e38db01f75d1828bd2fb0e7ff14948541c3b951a17487afbfe702603f507e784a7c4e424fb437fbe7c791a217d127eaffacd7241dbd1a16a246c0bdaac0fef842780c3aa0ac3224599d6c3d42e0f9dbc2aab532df3e529a26b749990a0dff289cd911355bf47ece6477a5beac180bc76ba2c35719b1dd7437f0eefc54811041db7ac552c9da7eee6e6773e959c0b9e7c14574236129658b36c248210d1cd1f1d10467fe584523f7a5153a09767846ec75d9757994570ce556fdcd88b2ee70989af1596c08dbe1610ecfd3194070bd47f2185154bb93620efa6b3c09b507b39a2f65f1b5d6ad7973ae839cd7ad0a5e474a8329f83feaede625570393da8f6fecae4506733d78e0c9a6eca86b54075e6e3f3df827b52e13c77b84d3e0d17dae0f729739c0c31c5d2d5cb389cc652131147f2bb50b0c147433c2f3c219691be02b27345ac7ee03803151d1db5038713eea1608894c6d042e558330414cd78357f1e0f25116c4d1ca00331e51d3d1a4350020f96fa2cdd83e486b5c70c1b1ec3bb5c96961cd305e3ad60868a40a7ce793fc14a50a8a4bd0d195cfe0a38c749554676ec04b9ce25b0a0eeec4b4ce3303d9e74645eaabfad870885e93c547e8a16c15db30cd26858ffe33e09b6960e8552357851889cfdcfacacd0857d82325813551bb0810467abc26a0a476efbc06d8672b2e0e3a434be7c61fd0f091ee62fd2e44c5f0ef4fe79f5c88e906a68d26341b8b6b9d586074d9ae21d30e73e620ca6018d13eab01b5a11fbf0dcd69965aec4912fe4e8972bdf8eb69738d9696f7522c2b1a983de60fdf286be984f74ebc813632691e1c1526556f17659c96942e48fb9e3101124477cbe9e81bb512593c0ad2b7bac1e5a4ffc0711b99d014b9c4ae5622036dbdd0066d44312d628eb2fb6ea7bf2a99fdb2fc5d5701ffa798cbdd78a890aeedd01f2273b9017a602309492ebddfa9e1f1025faab630679dee3fab2f1ab30b8bdcf95c25dc6e364a5dddde0a08b013bd942d6a44fdf1738e5216293fbb90de07270e86932f4643ee677496c8d866d1217e976fb901952a41880fa8b0eb4f57be7541f060c23655ee49167e7155df3fb82c4a3d71b0b0dd48c5e60db0f8faeefe0e118c0beeee27c6d9f3277ff745820547dc6c081e85e19997ab0728cf78e940da9981179fb30590ff4275a1397b5fc753f01044b3ad26db594981f80183d1c1dd83a0944daeab1c3dd2f6c5abf010af63c0aa715d93e3725ba6128c7af93d8ea6fe670cac6d56dbc4de56108ec2c279dc22c1aeac9955e0dbd8df8b2d2373476b449b4f262da4c5bdd732f57da10c12a3dc4199f9d6014081d1acfcb6a9545ebfdf9551b4ff5b59969855d96beda31a3155d204c84ee4604ac3fd42bd718e7c3e8d428fdde5b804177e44e6c642c1b14a519d253534a5dd98e04ab35677e43b34890a5e0709b45361c1a69e3384e5487875e464a74c5bdbb31651d8feae5cbd5d13a8e3aceb654009e0b01c852f97df4b5ea3e938b2532c2ed5f2cf0c6682bd284e99fd6375aa1bea43ee9e612ed0c93826fabd6985d2f2e3712b1262605d3406a6981a32abbcc12fbaf47d5aec7502196d6abb2ab04b053c7e2947816932e769a175951498acd733df7db28c7a4e537c078a992387df8ed78e29f9d0949af8f41753623a89eadf508a7a15123c7c612c1d8d410eddc0486b18d6086579091eaaa52d292d03aa0c27357fb6126738705ef36e1d20fdb427fc61a436f657308b23629b699d4007849dfa99c7481d47752eebfc4f7d9cb35f164afd7e736d329ebdb46d87728d4ea739986666dd7226ba77e409a8fef197eb590c011f19629748198fee4dc372363d0f423e39e71d5bd1672eca8db75751967652b3416304ce4be2993c87cf72fac337cebb8935eb49d12e97df9f07d5df9ff199606a0d505277e08e13ea91aca34efb57f593b7974a187bc011ae696c6718ce00d73f0ce76f6c5767f048dc10b33c8448ed36f361bd74f7029b48d5ac8a50acb8a0db8e744e89af76a4fc9e96aec2531cce01a051b1b0b6d47d89c05cc3e432c41a8bac63723b80dbafba6f22a3148b3c0dcf7330c4a4937f3d2fd4380f595e08caa67d714e67a9abee6ff65f12eee1e6138468f811ab5a33b5aee1dc8338981ed2c5d302d84ba9793fe71093cdedeb8c73084eee7b7eef5c06a887ad3611e975ba99050d152f4c82223dbd2c113d4c7860dce0e6d341e243c29e3673f64b9ebdd06458b137399815160f26e4072eb0a725f2d2619d0c7e0666f4166f677855f6015c8ecb38533aed43cc36683e90843246adde1b2b5e23152a6f88a74154dce289d98af8d21cc01beac163ad950c53d49459138ab8177b7ffc5c1f11823835f842915d72ed1e681e2e2eca8e7b17ed2e1c5ee8b6dec0ff507c994bd62458b5ef4725f7ff536ab50f37375bcf1ee6bd780333490663feb71129070e4dfd55d271f1df5c75fc9dc1bd08769878a32d8b8eb404ae3252adcd62a5bf38c9943fe43953f9d0a91ec4693937a57a4c56fc2cb60bbdbdd3946397f575a334228826fcb1c923474cfedac8d5da27de099fb7c3a75b51164fb3c9088f0729abc263f91f25793647c7f6baecd50f66ffdf82d64a1469f9e09273d217ff36108e5d3610d110951ffba2fd18da608e065ab5dee7ffce548de87923093701ce57295d8e14a09c2ce7bf333d21878679d17b573643d36985f18bc7b8f69e5e9b6316a6d52bff15f1db26ba85f24da1bd8ecdcde2a07cb5c15f2c7096b48ece308b1addcd806c8d53435bdb99ec8493d3773fc8ce532c896c7dae51013b2a280a5b5ef96f4434a55f2d6297b2b677cdca4dda77b2eb8149709d70d9bc4ce68d4c6f0d77d1ffa54a9134cc2774a154e7f55e03e92ef077c39783aea123cc4074d213d91f06e62e4c2fa596b4223d10082aad773db333182c6fa9c10b5820fe80cb6db7bf058b0972a0dc257fa5cd85f2fa5e9f89b775d3391998993de13357570058b4a0a8183c1c6fc1962b44636c627dba26468e3a34d44018e50874392d6da40dcfc177b2a9d0177a51ac7d4ed8d24e68ce70d3642b8fcdccda3dbb2407530939845eb7781fd06908077c4886eab1c2ae1db52a41267717b96f01dc1444509f3e32b55da2e0e47fd1183a8e140f145d90d17c55db268a18a48f69c72d3cbdbc6577428996997bf056d456987265086d430ac5a235bd422ea50cb8e7e2e7f66ec2437f886d0bf75eba54d958a0584d3c5afba30eecca3af954b948dbaed173427952610be1015f06c9ebaed07d584210430f36e351f59ec0cc85071bb35019ea1c9c12ba361c7594dc608ee0509b6384382c1e951a4fb3b26e0c226d8834bb53ee02e3b275fdb186403e57d1db4bfc16fdfc887d10b0f484a36fde7ca2651c11b5848d87f52d6cad194883c17bae83b5a3bc3e026c38b6420d16ddc04bdeb11f027145b2c8e478094dec1b8a0b5ce6de514f13c45aa167d6be4faec4f163075659a62278b68106812709e19d847dd0a2b0cbab55871deac406527583053375498204c68719a2e9b7640faaec151ef3655e58adca0870ec07fe46eb1cf51f39ecefb03a0c20ae0a5bd2e10a62f800cf0afe0e6e621e326065557a4e62bf4b2aed61ce7dd7a0cefd56ba545dbe1618c3daab92fb2fcc36274b79e4148f7c128872b4426c51362a0332e57df4e54a16912a5a0a02fc7e082151fa7e9f551feb7f55dd856101afa93a7e79d56bff60e5dbfab4d6ce07b70e12a072ee3171027867025653bbb8d6aeb2b8c1b42ecbd0879f15ddb14cebc60e726678acbaefdb4c3bfa43e6e5b2948d51ee7bd8f7cd11c12da7fe3a868b883558b15aed5307ae0af946a66ebd53e64634e5e36b8ac7c151fff0b899352c8d07e5183f03e5ebba80199298ef2df279b5c6845e5584de4cd256027168d6c684408ca549e3964e25b0b71f1a1c222308fad99ffae2399a4ffe2e18d2c2ce13db3b71a86f67d1619826ba6084a02a57b6606b8ec7a634a78a497c14d2a3a1b575d36c777ca2f4237c651ba9ee7c089e4372c60af1f5822096fe5986256f28e88b1e6479bd69847691c47851dde057839c2af17f38dedb90eac2d059d09235d95d0538eb0eb9a8a5eba3bb7e78cf521776886c3e8dcb3eb0279fd69d025348099dbd17679a777bb422a853ac9297f1bbf445a1e5c436fa6bf4b827a37a4739484336db195c982a3355b7db059e93e77dd2fc6c11bd815a93a64fd722fe859dc0b4cd4595816a1249cc4379be35950a84ce5a23f113a5472e524802a3e7bfba7dd7d15acc875ddcf54bb02371d7f0b944dd71c57b3c39cea0815b6ed0febf01112cd0f2380095fd1cc298e00280e3490c8bd7bda3ed511f7412feaf08621d8b53530e5356db71027f54e1ad955446a0828d57e8180160a39ed9daf0b319be22765d928675f40b451c2287b2e8e567586b78f11e04d5a3b28ce051904ef8aff2ba8f73723b3ce919969cefedddda0a9720fcd8a5c614ad239d7da6b76be065eb44287301d5ef739561f2517dbada1556e6944bb3bd61828a61404aeca4e8dcf764f531c14c27e735ed4366c3667abb9bd7969eabcd06f70a9488116c5ac9248c38362dc0fbbf7fb3cf77de4f019f405323af566af464c25df21776cdeeed83971e470291c55f4ed3c798935128174c32375f2e5a259e74e6853470975cfdd7447b36856a20a0d4568929a3740c408079b9353aa77e53c49e8a1344bb5c76b32cec91e1a86339f8c36c3531339639fec9e04558d92039684fd3a9eb08f9882441abdb2dc6a9606a2d5acd24d42b5c90b81b0e709efc28cfa1f57ece365f827196954e05af3f415af9ad5407ea9f238d1e4409d15ce5aa4d1fa384936b82017a56513c129a346e45b087837f9cb51720a64a76725b8f62c432380cb8d662e50fec0973902a34a3432aa5a427773bb4833d4938878317682d1f1706033ecb053343a795efa438e337294e6d101db5bad4f7ed2f94c79e958dedaa63cec24db3cf01ceb15bc8095906eea0a7e2e433d09718750ea43c24b51860906a65c1a32fe6b9d343db9f0e1fd10ba513a03379cce2ae83eba8f5487c57d7539cf964763e54f21f9ed763a272a93e45ea3824129a752dfdb86e13424fd82a0413419f5c272b4d5b04a6135d1fd62aae997fa0b117b3c679978ab3529a8e75e6e353043456cae3366cf57bce6bdf3b6aac8bf17ad0958167316a6c9700cfcfc075dca0305f8f3dda103712106a3653ed4ee4589ec78ee750a8f83b486466548cfbc315d8d8353078c52c12482a9f6bcd3b2a176718c4631c20a78445f99b52802d4fe0e7fd440b11ad42ef936d217a05612ac8e11de0fdf0576577eb0f9cec24fe9daaf43b3b255d6eb2ea8afaa97aa94c492d15ebfb12211a12231d128c28f1ceab6eeb61c8353b2f917cb5b94051ff8a062ebdd5e9b4b48179b374fba0cd95e39e3e9d017c5ffb3152cb9721f27fa6e863b1ceab0ed8e0dde905c24a2da4647b02b746b3e4816ebaa2f18ba6b7e8b5d12287d0ba21d2c353076ff154e3855c32bb69b492c74c77361361dbac11a6f1a54e01c9200f6d28bd091865b25eddac8009e3064ee3e97fceeaae33784337d0bb31f84b5702397a8d0d8e0e704b09b58cc75dd247e5b0d1b8c7506ccb80603a57fba44a1af621d4ee5c45c283b9db4cd3bd045b6a5198b8ee4000caaa65af149f1aa1a04de99c6f8901a2f60cefe36a2d4ef1c9a4507ce5bbe86d4346281b9b5787d1ca927ee0d55b62135f2be13fd7ecb51eeb4cc99bc37d79e5f85edbafb38384c64476174f95b442bbf6eddfbf0b3bfebe79300643883c1342396d269d265f05321bd968f43e3cda52f1c6074d75404589e19db086aa99223ce5eed47bacc765619e7a0b6308187eb07e7745ed6cb78fa7e978aadaba9128076a8efde84fc747b69f5555e2146315dbb13cbe61cf3d77536dea4c78c3240f95abd539b4607591c95ec16a44254de502d5c10be72119e50b1a02e1bcbb91d15e0eca434ce558d28d81f92f674c2dfb87b17162d4525f664f412d6815baf48b09f2717c5e550ca47d3e1cd8fcf2c39fef94911c887128995073c8539fba586707328d91f302b70079c93ed69b20bcba368c22e86516e98a079197c662703827e6dee7d621b2e55a58da9ccd986d7e454c83d4f078b3073fcbe64a844b255750cd6d11980956ec87543eab32de7005ea27ccc57756b74bdcc730925088c1c3574a9aba1780afd403d462e064fc2eee9fbfaed17507a2292285fcd3837025562dc6d1e29ac50dd5d3186d9062d7b3dc3da0ff58d7783a476cc22c08e68ca961883601f73672efc6e88d68f6e2c31b14a73fc176482d0fe61f11db72b524e2b8d5f9cc2830d9bd214a82146a4b1b06bd1a047bdb566baabaff91a97f021466e8751105f45f76a8796fe0425a5cec2d6be9500971ab6fc42fa911282c9bc446a260eec1aa737fd743b72672184b6199bd5c10f87ad838d92f2f773054de4e5aa33fe469d9ee71718815fe935dd1c46cd28329ba6a0dbd813330b7159b2abe71dfabd12611b6e086ad07427cd3348f83996f1a8f812d0d65db891061fedbc1f017859859c00c9bc497f44e8c013bc5719d8e077883e4b3103b7f4c9952643bbc0738163dce04adf1e961297aecaf574bf4cdf2e989efc93e25630136ab1d1ce5375d9c32d40f249e8b3ab2768de7f930594ca5ade68abde5e2e12ceabef40dc2a89bd8a7e981dc50651ba99998a8da108caa008d01da145aea093cd58b7cd1883c7af0b4c55c7b2de45eedcec1b7ba5ea6b972be60c09f647ee6d6acdead4750b4622124c912f923886b48474950faa2d7490ab0005d8adf02658d793138ac6520eac6682f9ce875120472f2c4252c327d44a3650c1413dcc8eed1bc864d61c57f4a58d1b2aa8dd14f87657fe4bdc11556b017ab90c0f619fede4a98e96607af808acf8c8d933e6790933aa01f74911c0595520ee00d88450f996f92809e18e1cd7e7d328347d7ded0d73a6a839672f2bfd2654345ea6b387dd72490a7259b29da36aa107b0dbe343e22b179081b072a2ecbb4ac65b1bc118849150992e9e590094c329c6332f7c1a918bb28edc8cfe148cc1125a071490081a38030598f33cdbd5693b7aff8ad7b1b56d336b08afdf430d6d656cfe81f6da4e59528f60f4dd2c422c852353092e8df6ade7e8c81c9453b0942c5600790c1a76b7c857c7a721702d9731632067a32e590796b932ddcefee9e4c374c84aabe6fa71c4ff2ff230505940ec91c3b0aa9cd29b859e1743619117a57f55aa401527bcc0e394a05f616abb516fc993a60633a69c935cf39b11cc902d6a6b0198b942154db04665c6e4bae430ba708368e9871106ab90142e9cdc11ab49bfffb2164627d572bfefa2bd289ed4e8b49649d344e4a13cae0dc66eb6ac26943e29bd2a269849654e29746661d4b61d989459068cb20a44e76fb16a88b4ec0d2d009fddc128cf64d80af0d065cce5d00d10cd89da735ff0b965bb6265332afb7263f866f16041e51a65e0fc0cad760e36dcc8970265890fa7980c547bbc7ac46637e1c72e801d5fbcd33a663a0bd1fd4e69fda2e98a92e343715ef541f98d623abbedb2ae85b2bbb982d9e4afee07ff37e81d98e23250a37d73ed150f7823476b123ea4494cdeca5fb9a8eaa62f7d535be18f6a85698bad4e8efda4e13c93fd19821204bc85d680df80c91bfb734bcf287fc79ad0720aee7f4defe1b4847efd26f6d4dfcecb9e3789080f84231eec2f04f155be8c024704a1c48e90cd1176f3077864d6218aa5f5a4607b94dadde8e58491c58a713d449a0fb795c7a2fc0095bb3c47690e38ddd24f72e1848286a96e431c04ce0abe647d98fbd0ebae3f72cb248f46ccb2c45ed7d00455b259aae8cac02c09287fa7abe4b487e0937a5db5578cc440b79e6b7ee173af67a9c699eb7ec36323fd5b009ea2e73f927ffb84101c1ec3adae5faf93d97a2751d585672602ba984904ffc702731811072e526735a6e2ffcb9b06d02d4cd8b329f596a050aef9c5a50998efada34038d36e7cbe40203d89cb9ad6fc64f5f286040bd99d86efd53b4ef7db8b53d78220d4964781bd67c1710a898a727ab71235a968a0316c3d6b8fa1d69c0c8cefe79cf3e5d702a0fcbcf85655f79885e3aa28867226955c8406c633523e1b393a25b70b5c7278c05b3c2152229e08d9ed3bc8fc908762d3e44483a3c0d162a01395036e5608198430e3da7f8fea3d4ece7a2026fc2eb31fe6b51ab48115a0063b71d71435f1ffb22c5efefbd247cda6eeb249eb61e3cd1552eb6d85544aedf3af491f621427aa67ea81e94b730f4287b8ae2af8aced8e4c30b8edfabac26791d9ea10b2282c3fa9aa5149add8e99e4d042810e8172b40ea68706094f3f3c68f878138488d87f0721565e9dc58af7cfe4261ee6f5041027299f2fb844f5ea7e40bf9a438ce962b961ef9c49ed18f1714d63e223ac2d286cfbb2a5d13c4c0190efc8cab9149d38801d297c9d7e04ee114be185b946713311188184191802c3b1b7fa0ff84305fafa1077ce0f70d2a3c093b9a7c174710637155cef2f81764450b79e7bfeacbea2450510dc7c832509318bd70153cdda091e7edcb6c3411c0f7f75b1b163b35a5f1f3de5774d9f9298e9d2e898b160772e2f930ccfecb0992cf52c3a6e13cf881f13a76b5f4e42389bbe260a0294cad9b393f9e16b3e5ef98d0e9c167d97602952512317e7819d5f9cc0fa5a599a8696e5b7aced1ade802b43fad4e7827ad3766bbe7b4a8bdca308c63dde3fe767ded1b0cff091fb66e95453118925a14a8d5832e53b3eac36c072de95b38f0da949fc724fe46fb72c67f2ae16790f85191e8bddc895fb8bced76df9080e90329abe1f67898acefb70df42f13b6730a74e256d1fd6c098ac1a240d9bd03d90a0762e902d97b4e30414d9b0312e68f82fa2d0d7a3f68ea299a2ddd6587f8344fc861cf9e12f56a97f1c652249f925e8a5d62c9b87907f26c5373cbd70799bff6bd95ec6300177b3faadadba2a45853521786da16d183e219ffd5ecd2fa57a6fe9bbeccb7466b063045d45ab78560975d2929c6abb550cb33f267e6761b500d51c93e8e333749b95dc1f93aebd7287d466a4343f215f62096fabb859dd5fb9a301cfdd8bfcc1f70cd42740e7d2d2bd343ee3a35ebdffec38dd63f936bceadc937b96e4aeb0e7ee2fa28c28ef0c90d8ddc25a7c05c7f46164c9a03ee24e06729cff5143f9cda763fb8f7a0085aa3fb18cc7920b2f7222acb1371c46699473866f556225cd9c7e3ec1308d34cd63179767256b0c121643bfda95c6c0606af1f9daef43ada4d299c4b5eab127e76af06825ae76a6d8bec01e61452cc0554face9895003e5d9e76b321234b6efa39433a2a54fca69323fd164d3b1b0d59f8d56458bdbd024a604c61727595b68a7aacd88cf4fd623862e3d9ee19171883c8181fb366f7d1973614c92c5e7dfa8cbcd6b604c15b4cabb5a92dde4102f9e9e03a9c674d240fc374f6b1878c412ea601f9f9a3992c17bf0a9e0f889ab1215408fd011ab51af3795a307a7094c30b918fa68e1f7b60866e81b25c3dd8724ffdec1ca70f5f8f1725f872dd837e4ab2beaf19a2b163c03e127044df733b267203f99114dece161a429feaa7ae73a37b5a70a9f47c7f34244385bb0ad42795369fafbe5b2b5c20263e9bf5f4fa81a8a8b5c14ae42754e7740512bf6faf3370d06c711a9082dd04e6e8c02aee464cfd520c8bd558df0d49feda810598a8cf08459219704bb267dbaf84b20c0e1170bc5ef05c24a870cb1d9e958d9250223ce1d189e277cc9b65215dfc068137460713c4b1748607897eedda1de5697850b9fb96d5ddd2126d60aa886a431467fb56bccd9a79be5f3491bb1edea29f506a5cf904a0d461d556a0ec8e238d7c385e3c0e6c326fb429b2dc42df76e53f57efe14a55535e2add3296b877e35ded5ea04ca8e253b53cdedb8f9300e595e6d156141a7d949ff8b8f568944c5442485f2c383f98a114af6eb970c85292eb650e96f0ce573352ae28a42be605e1e62d025ec1386741c2a70a7ab096489861a017f31b11ac3ae99de67754b9f700663475a46dfeb13a64c8618baa9a88cba62df8e2d9f761a1ebadae505189a88452131e5d1d28ab17822e30985f2ca66b620f1c0d2bfdaa8657f736a3030d9df916c5a9b13b8aff46996a21c924c2625fa5062079904f914ecb41a89f3ccbd1d54abb1afa701c7fb137bdaa30694b91ea9efc6855ff469952ee1055c090a79fa97502923312e9315ab8f8b90e88372cdc5ef1482dfc6873efba980c30b2d720791ae41f4610f35ca485debe3e04cd4ea969ab5ce90b672e02dea54a113dace3514a028bca351e6476f05a485340d3650d6364fcd874e0d57557320f9f23f4f9cd40dd2c29e6a0dbc5f54ace9764ecc9c7b288ee0c88fdb3354559159212bdbc8dc7c6ccf8b209b276cfb2cfcfce741679c516adf0e127ef9a8c0190fed9be4c8f0439535f3d594e2c41ef0a17dd258cbd54d655ebc26ff642956510758fad6245906245b2cae2ca86401a489774a78d73c6756bc45b46e19aa77e5251ab183fd2bb4915fa6ee5ac0797adb71ee5dece304979fef4f45ade9ed7c98cb1134dc8d0b0e
2020-09-08 01:04:14面向信仰编程
2020-09-07 13:50:34小草窝博客
[该文章已设置加密]
2020-09-05 11:04:55tyler_download的专栏
要想实现ELF文件的入口劫持,不深入掌握其运行原理与组成结构那是不可能的。ELF的内部结构复杂,加载逻辑难以理解,因此我们需要通过切香肠的方式,将这个困难的技术点一点一滴的去攻克。
这一节我们先掌握如何读取头部信息和程序表头,我们先看ELF文件的大致结构:

ELF文件格式最重要的就是所谓的段,特别是其中的代码段和数据段。对应上图就是.text,.data两个段。每个段都对应一个段表来描述,而若干隔断会组成一个整体,它对应一个program,而后者则由program header table来指向,讲解EL                    
                        作者:tyler_download 发表于 2020/09/05 10:51:04 原文链接 https://blog.csdn.net/tyler_download/article/details/108416709                    
                    
                        阅读:93
2020-09-02 22:32:46小草窝博客
在渗透测试信息中我们可能需要尽可能收集域名来确定资产边界。 在写自动化渗透工具的时候苦与没有好用的子域名爆破工具,于是自己就写了一个。 Ksubdomain是一个域名爆破/验证工具,它使用Go编写,支持在Windows/Linux/Mac上运行,在Mac和Windows上最大发包速度在30w/s,linux上为160w/s的速度。 总的来说,ksubdomain能爆破/验证域名,并且快和准确。 阅读全文>>
2020-09-02 09:11:34一个安全研究员
新姿势get~                    
                        作者:he_and 发表于 2020/09/02 09:00:31 原文链接 https://blog.csdn.net/he_and/article/details/108355229                    
                    
                        阅读:129
2020-09-01 09:06:14一个安全研究员
用了都说好                    
                        作者:he_and 发表于 2020/09/01 08:44:06 原文链接 https://blog.csdn.net/he_and/article/details/108333604                    
                    
                        阅读:273
2020-08-27 22:01:44PHITHON BLOG
本文2020年8月24日发表于代码审计公众号

周日晚,某群里突然发布了一则消息,宝塔面板的phpmyadmin存在未授权访问漏洞的紧急漏洞预警,并给出了一大批存在漏洞的URL:

随便点开其中一个,赫然就是一个大大的phpmyadmin后台管理页面,无需任何认证与登录。当然,随后各种神图神事也都刷爆了社交网络,作为一个冷静安全研究者,我对此当然是一笑置之,但是这个漏洞的原因我还是颇感兴趣的,所
2020-08-25 19:12:31tyler_download的专栏
重定向是计算机技术中非常底层的概念和操作。它指的是将程序中涉及到的变量名与变量在计算机内存中的位置关联起来。当在代码中执行类似x=1;的语句时,编译器需要通过重定向信息找到变量x对应的内存位置,然后将数值1写入该内存,因此重定向既跟程序的加载链接有关,又于编译原理有关,因此对计算机体系结构不了解,或只关注上层应用开发,对底层技术理解不多的同学对它进行掌握就会有些困难。
为了准确将变量对应到具体的内存位置,就必须要有相关信息来描述变量名与内存之间的关系,这些信息就叫重定向记录(relocation recor                    
                        作者:tyler_download 发表于 2020/08/25 18:52:21 原文链接 https://blog.csdn.net/tyler_download/article/details/108227133                    
                    
                        阅读:101
2020-08-24 09:14:47一个安全研究员
最近一直在挖CORS配置错误这个问题,但是还没找到像样的案例,就先归纳一下这个漏洞,顺便记录一下学到的新姿势,希望对大家有所帮助
在阅读本文之前,你应该已经知道什么是CORS了,以及CORS配置错误会带来的安全问题,当然不懂也没关系,我用几句话简单给大家描述下这个问题。
CORS基础
CORS的全称是跨域资源访问,我们都知道同源策略(SOP)限制了我们的浏览器跨域读取资源,但是我们在设计开发一些网站的时候,本来就需要跨域读取数据,但是因为有同源策略的存在,我们要跨域就太麻烦了,所以cors应运而生,这个策.                    
                        作者:he_and 发表于 2020/08/24 08:58:04 原文链接 https://blog.csdn.net/he_and/article/details/108192621                    
                    
                        阅读:131
2020-08-19 00:03:02王登科-DK博客
当我在自贡市五星街尽头的菜市场花 80 元给王茶水赎身的时候,它还是一只卷缩在这座四川四线小城的菜市场的锈铁笼子里的一只小奶猫,而我则是一名踌躇满志的大三学生。



我又花了 5 元,买了一个粉红色的小笼子,这个笼子小到不像是关猫的,更像是关老鼠的,但对那个时候的王茶水来说,已经非常宽敞了,我提着这个小笼子,离开了那个污水横流,气味难闻的市场,再也没有回去过。

然后四年半过去了。

和大三时候相比,现在的我大概胖了15斤,很巧的是,王茶水也差不多重了15斤,对于一只猫来说,在体重增长上能够和我相比,这很不容易。



根据最广为流传的,关于猫的年龄的说法,猫的一岁相当于人的 7 岁,那么王茶水现在已经到了相当于人的而立之年,是一只不折不扣的中年猫了。

中年茶水猫,和小时候相比,安静了很多,虽然在某些时候会突然抽风像一匹野马一样哒哒哒的狂奔绕两圈,但大多数时候,它只是找个柔软舒适的地方,静静的卧着,时不时伸个懒腰,偷瞄人类,思考猫生。



实话实说,我其实也经常看着王茶水思考,它到底在想什么呢?它快乐吗?它无聊吗?它怎么看待我,又怎么看待自己?

人在衣食无忧后拼命追寻的东西,虚荣,财富,活着的意义,生命的价值,这些在猫身上似乎都失灵了,一旦一只猫开始衣食无忧的生活,那它就再也不会努力了。



许多人表示,如果自己衣食无忧,那么自己也不会再努力,一天到晚躺着就行了,即便确实如他们所说,但大部分时候人类所指的衣食无忧其实是指一二线城市的全款购入的大房子以及至少小一千万的存款,我认为这不能和猫的衣食无忧相比,因为猫不仅不需要大房子,存款,它甚至还不需要衣服。



论不努力,还没有人能比得过猫,我多少有一点认为,这是许多人喜欢猫的原因,因为猫做到了人们做不到的事情:只要有一口饭吃,就绝不再努力,这一点不仅人输了,狗也输了。

我不能苦口婆心的劝说王茶水活得更有意义一些,多做一些对社会有益的事情,去实现自己的价值,我这么做的话会显得很滑稽,猫和人都无法理解,所以从某种角度来说人对生命赋予的意义仿佛只是局限于人类自己而已,从更广阔的生命上看,赋予意义这件事好像是最没意义的。



王茶水和我相处了 4 年了,它从来不让我失望,从来不会给我带来超过15斤的压力(它完全卧在我肚皮上的话就会给我带来15斤的压力),也从来不欺骗我,更不会害我(这个词用在猫上甚至有一种别样的趣味感),我们始终保持良好的友谊,几乎比任何人类和我的感情都更稳定(如果考虑到朝夕相处这一因素的话)。

基于这一点,我认为猫和人的友谊堪称友谊的典范:作为被给予的一方,猫对你提供的食物,铲屎服务,按摩服务,不带一点负担的全盘接受,作为给予的一方,你也完全不求回报:你不会期待猫给你赚钱,给你养老,猫如果喜欢上其它猫,你也一点不会吃醋(可能还会有点开心),正常情况下,猫不会离家出走,你也不会想赶它出门,人和猫共处一室,在阴暗的天气里相依为命。



王茶水作为一只中年猫,和它小时候相比,最大的不同,我认为不是体型的变化,而是不再对世界充满好奇了。如果我拿回一个新玩意儿,它可能还是会略微研究一下,蹭一蹭闻一闻,但它的好奇心仅限于此,生活中已经充满了它熟悉的东西,因此它更多的时候是睡觉而不是跑来跑去的探索。

如果我们说一个人丧失了好奇心,那么这个人就会显得很可怜,但如果说一只猫丧失了好奇心,听上去居然还有一点萌。

人们喜欢用「少年」来夸赞一个非少年的人,给一个人的几乎是最大赞美,就是说他有「少年感」,我认为这虽然很好,但我并不羡慕。

我羡慕的是猫到中年的王茶水,它是一只明确的中年猫,人们不会觉得它像小猫,它也丝毫没有「小猫感」,但那又怎么样呢?它活的很自在,它睡的很香,它不在意人类怎么看它,而见了鬼,人类居然也已最大的包容和理解来对待它。

这真好啊。



 
2020-08-18 00:56:23MSRC Blog
As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? CFG is a platform security technology designed to enforce control flow integrity. It has been available since Windows 8.1 …  Control Flow Guard for Clang/LLVM and Rust Read More »
2020-08-17 00:24:57tyler_download的专栏
一句话总结人工智能技术那就是:道可道,非常道。第一个“道”指的是世界存在客观规律;第二个“道”指的是这些规律可以被人类识别,掌握;第三个“道”指的是认知方法,而“非常道”指的是特殊的不同...                    
                        作者:tyler_download 发表于 2020/08/16 11:49:59 原文链接 https://blog.csdn.net/tyler_download/article/details/108047246                    
                    
                        阅读:49
2020-08-16 03:02:08回忆飘如雪
想法早在几个月之前就有了,月初收好友之邀请,夜游鼓浪屿,彼时夜朗星稀,山海一色,偶有微波抚足,不觉间有了点写东西的感觉,晚上回到旅社简单写了下。等回到北京后,不料润色之意全无,就凑合看吧。0x01 内存马简历史其实内存马由来已久,早在17年n1nty师傅的《Tomcat源码调试笔记-看不见的shell》中已初见端倪,但一直不温不火。后经过rebeyong师傅使用agent技术加持后,拓展了内存马的使用场景,然终停留在奇技淫巧上。在各类hw洗礼之后,文件shell明显气数已尽。内存马以救命稻草的身份重回大众视野。特别是今年在shiro的回显研究之后,引发了无数安全研究员对内存webshell的研究,其中涌现出了LandGrey师傅构造的Spring controller内存马。至此内存马开枝散叶发展出了三大类型:servlet-api类filter型servlet型spring类拦截器controller型Java Instrumentation类agent型内存马这坛深巷佳酒,一时间流行于市井与弄堂之间。上至安全研究员下至普通客户,人尽皆知。正值hw来临之际,不难推测届时必将是内存马横行天下之日。而各大安全厂商却迟迟未见动静。所谓表面风平浪静,实则暗流涌动。或许一场内存马的围剿计划正慢慢展开。作为攻击方向的研究人员,没有对手就制造对手,攻防互换才能提升内存马技术的发展。0x02 查杀思路我们判断逻辑很朴实,利用Java Agent技术遍历所有已经加载到内存中的class。先判断是否是内存马,是则进入内存查杀。123456789101112public class Transformer implements ClassFileTransformer {public byte[] transform(ClassLoader classLoader, String s, Class<?> aClass, ProtectionDomain protectionDomain, byte[] bytes) throws IllegalClassFormatException {    // 识别内存马    if(isMemshell(aClass,bytes)){        // 查杀内存马        byte[] newClassByte = killMemshell(aClass,bytes);        return newClassByte;    }else{        return bytes;    }    }}0x03 内存马的识别要识别,我们就需要细思内存马有什么特征。下面列下我思考过的检查点。filter名字很特别内存马的Filter名一般比较特别,有shell或者随机数等关键字。这个特征稍弱,因为这取决于内存马的构造者的习惯,构造完全可以设置一个看起来很正常的名字。filter优先级是第一位为了确保内存马在各种环境下都可以访问,往往需要把filter匹配优先级调至最高,这在shiro反序列化中是刚需。但其他场景下就非必须,只能做一个可疑点。对比web.xml中没有filter配置内存马的Filter是动态注册的,所以在web.xml中肯定没有配置,这也是个可以的特征。但servlet 3.0引入了@WebFilter标签方便开发这动态注册Filter。这种情况也存在没有在web.xml中显式声明,这个特征可以作为较强的特征。特殊classloader加载我们都知道Filter也是class,也是必定有特定的classloader加载。一般来说,正常的Filter都是由中间件的WebappClassLoader加载的。反序列化漏洞喜欢利用TemplatesImpl和bcel执行任意代码。所以这些class往往就是以下这两个:com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl$TransletClassLoadercom.sun.org.apache.bcel.internal.util.ClassLoader这个特征是一个特别可疑的点了。当然了,有的内存马还是比较狡猾的,它会注入class到当前线程中,然后实例化注入内存马。这个时候内存马就有可能不是上面两个classloader。对应的classloader路径下没有class文件所谓内存马就是代码驻留内存中,本地无对应的class文件。所以我们只要检测Filter对应的ClassLoader目录下是否存在class文件。1234567891011121314private static boolean classFileIsExists(Class clazz){    if(clazz == null){        return false;    }    String className = clazz.getName();    String classNamePath = className.replace(".", "/") + ".class";    URL is = clazz.getClassLoader().getResource(classNamePath);    if(is == null){        return false;    }else{        return true;    }}Filter的doFilter方法中有恶意代码我们可以把内存中所有的Filter的class dump出来,使用fernflower等反编译工具分析看看,是否存在恶意代码,比如调用了如下可疑的方法:java.lang.Runtime.getRuntimedefineClassinvoke…不难分析,内存马的命门在于5和6。简单说就是Filter型内存马首先是一个Filter类,同时它在硬盘上没有对应的class文件。若dump出的class还有恶意代码,那是内存马无疑啦。大致检查的代码如下:12345678910111213141516171819202122232425262728293031323334353637383940 private static boolean isMemshell(Class targetClass,byte[] targetClassByte){    ClassLoader classLoader = null;    if(targetClass.getClassLoader() != null) {        classLoader = targetClass.getClassLoader();    }else{        classLoader = Thread.currentThread().getContextClassLoader();    }    Class clsFilter =  null;    try {        clsFilter = classLoader.loadClass("javax.servlet.Filter");    }catch (Exception e){    }    // 是否是filter    if(clsFilter != null && clsFilter.isAssignableFrom(targetClass)){        // class loader 是不是Templates或bcel        if(classLoader.getClass().getName().contains("com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl$TransletClassLoader")                || classLoader.getClass().getName().contains("com.sun.org.apache.bcel.internal.util.ClassLoader")){            return true;        }        // 是否存在ClassLoader的文件目录下存在对应的class文件        if(classFileIsExists(targetClass)){            return true;        }                // filter是否包含恶意代码。        String[] blacklist = new String[]{"getRuntime","defineClass","invoke"};        String clsJavaCode = FernflowerUtils.decomper(targetClass,targetClassByte);        for(String b:blacklist){            if(clsJavaCode.contains(b)){                return true;            }        }    }else{        return false;    }    return false;}PS: 本文讨论查杀的思路,给出的代码只是概念正面的伪装代码。完美的方案是将以上6点作为判断指标,并根据指标的重要性赋予不同权重。满足的条件越多越可能是内存马。0x04 内存马的查杀内存马识别完成,接下来就是如何查杀了。方法一: 清除内存马中的Filter的恶意代码12345678910111213141516171819202122public static byte[] killMemshell(Class clsMemshell,byte[] byteMemshell) throws Exception{    File file = new File(String.format("/tmp/%s.class",clsMemshell.getName()));    if(file.exists()){        file.delete();    }    FileOutputStream fos  = new FileOutputStream(file.getAbsoluteFile());    fos.write(byteMemshell);    fos.flush();    fos.close();    ClassPool cp = ClassPool.getDefault();    cp.insertClassPath("/tmp/");    CtClass cc = cp.getCtClass(clsMemshell.getName());    CtMethod m = cc.getDeclaredMethod("doFilter");    m.addLocalVariable("elapsedTime", CtClass.longType);    // 正确覆盖代码:    // m.setBody("{$3.doFilter($1,$2);}");    // 方便演示代码:    m.setBody("{$2.getWriter().write(\"Your memory horse has been killed by c0ny1\");}");    byte[] byteCode = cc.toBytecode();    cc.detach();    return byteCode;}方法二: 模拟中间件注销Filter12345678910111213141516//反序列化执行代码反射获取到StandardContextObject standardContext = ...;Field _filterConfigs = standardContext.getClass().getDeclaredField("filterConfigs");_filterConfigs.setAccessible(true);Object filterConfigs = _filterConfigs.get(standardContext);Map<String, ApplicationFilterConfig> filterConfigMap = (Map<String, ApplicationFilterConfig>)filterConfigs;for(Map.Entry<String, ApplicationFilterConfig> map : filterConfigMap.entrySet()){    String filterName = map.getKey();    ApplicationFilterConfig filterConfig = map.getValue();    Filter filterObject = filterConfig.getFilter();    // 如果是内存马的filter名    if(filterName.startsWith("memshell")){        SecurityUtil.remove(filterObject);        filterConfigMap.remove(filterName);    }}两种方法各有优劣,第一种方法比较通用,直接适配所有中间件。但恶意Filter依然在,只是恶意代码被清除了。第二种方法比较优雅,恶意Filter会被清除掉。但每种中间件注销Filter的逻辑不尽相同,需要一一适配。为了方便演示我们选第一种。0x05 demo展示最后给大家展示下,我查杀demo的效果。0x06 总结本文我们对Filter型内存马的识别与查杀做了细致的分析,其实Servlet型,拦截器型和Controller型的查杀方法也是万变不离其中,可如法炮制。但这样的思路无法查杀Agent型内存马,Agent型内存马查杀难点在“查”不在“杀”,具体的难点在那,又是如何解决呢?我会在后续的《查杀Java web Agent型内存马》中继续分享我的思考。0x07 参考文章Tomcat源码调试笔记-看不见的shell【原创】利用“进程注入”实现无文件不死webshell基于内存 Webshell 的无文件攻击技术研究基于tomcat的内存 Webshell 无文件攻击技术
2020-08-16 00:37:19tyler_download的专栏
我时常会浏览大厂的招聘信息,其中会反应出当前技术的发展趋势以及市场对相应人才的需求量。通过了解大厂想要什么人,这类人待遇怎样,我们能推断出未来技术的发展方向,特别是市场需求,于是我们能快...                    
                        作者:tyler_download 发表于 2020/08/15 12:50:39 原文链接 https://blog.csdn.net/tyler_download/article/details/108030897                    
                    
                        阅读:71
2020-08-12 16:48:18小草窝博客
开源的域名收集工具有很多,本文会从代码的角度去看各类开源的域名收集工具的技术特点,以及各有哪些优缺点,来帮助大家,在合适的时候选择合适的利用工具。 这里选取了常用和知名的工具,包括subDomainBrute,Sublist3r,ESD,OneForAll,dnsprobe,subfinder,shuffledns,massdns subDomainBrute Github:... 阅读全文>>
2020-08-11 23:41:32面向信仰编程
2020-08-10 20:21:24一个安全研究员
也就码了一天                    
                        作者:he_and 发表于 2020/08/10 20:18:47 原文链接 https://blog.csdn.net/he_and/article/details/107921141                    
                    
                        阅读:220
2020-08-10 15:47:03小草窝博客
深刻认识到不会java搞这类poc的困难,只能做一个无情的搬砖机器。 目标是编写Pocsuite3 python版本的Shiro-550 PoC,最好不要依赖其他东西。 本文没有新奇的观点,只是记录日常 =_= Shiro识别 看到@pmiaowu开源的burp shiro检测插件 https://github.com/pmiaowu/BurpShiroPassiveScan 阅读全文>>
2020-08-09 08:58:53一个安全研究员
就是有点费劲~                    
                        作者:he_and 发表于 2020/08/08 23:22:58 原文链接 https://blog.csdn.net/he_and/article/details/107886361                    
                    
                        阅读:156
2020-08-08 13:20:25一个安全研究员
现在就是非常后悔                    
                        作者:he_and 发表于 2020/08/08 13:09:00 原文链接 https://blog.csdn.net/he_and/article/details/107806164                    
                    
                        阅读:191
2020-08-08 00:23:13tyler_download的专栏
作者:tyler_download 发表于 2020/08/07 09:48:21 原文链接 https://blog.csdn.net/tyler_download/article/details/107873306                    
                    
                        阅读:5
2020-08-07 18:26:16面向信仰编程
2020-08-06 11:57:57tyler_download的专栏
本节看看如何将前面讲述的各种工具和理论应用到实践中来。我们将拿几个专门针对windows系统开发的恶意程序作为实例,用前面讲到的工具和理论具体分析其设计原理并了解它所要实现的目的。
所要分析的二进制可执行文件以及所有用到的工具可从如下链接下载链接: https://pan.baidu.com/s/1QBwGxCGjA7kYd4HchSTlWg  密码: 09g7
首先我们分析第一个恶意程序,也就是malicious-01.exe。面对exe程序时,首先要做的就是将它丢到PEView里先看看它的大概信息,打开                    
                        作者:tyler_download 发表于 2020/08/06 11:49:49 原文链接 https://blog.csdn.net/tyler_download/article/details/107836166                    
                    
                        阅读:109
2020-08-06 10:55:20MSRC Blog
Today we announce our Most Valuable Security Researchers for 2020! The MSRC Researcher Recognition program is an integral aspect of recognizing the ongoing partnerships with our community of talented security researchers who report through Coordinated Vulnerability Disclosure (CVD). These recognitions run throughout specific periods of the year and provide regular opportunities to recognize those who …  Congratulations to the MSRC’s 2020 Most Valuable Security Researchers Read More »
2020-08-06 10:55:20MSRC Blog
Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The security landscape is constantly changing with emerging technology and new threats. By …  Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Read More »
2020-08-06 10:55:19MSRC Blog
Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), …  Microsoft Joins Open Source Security Foundation Read More »
2020-08-06 10:55:19MSRC Blog
It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll still be there though, and …  Black Hat 2020: See you in the Cloud! Read More »
2020-08-06 10:55:19MSRC Blog
Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The Windows Insider Preview (WIP) Bounty Program is a key program for Microsoft and …  Updates to the Windows Insider Preview Bounty Program Read More »
2020-08-06 10:55:19MSRC Blog
We are excited to announce the top contributing researchers for the 2020 Second Quarter (Q2)! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of the 2020 Second Quarter (Q2) Security Researcher …  Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! Read More »
2020-08-06 10:55:18MSRC Blog
Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this …  July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server Read More »
2020-08-06 10:55:18MSRC Blog
This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in the past to tackle this issue, please see our previous blog post. The brief recap …  Solving Uninitialized Kernel Pool Memory on Windows Read More »
2020-08-06 10:55:18MSRC Blog
Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud, adversaries have been busy developing malware designed to evade ML models. To proactively …  Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Read More »
2020-08-06 10:55:18MSRC Blog
This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialized Memory Vulnerabilities InitAll – Automatic Initialization Interesting Findings …
  Solving Uninitialized Stack Memory on Windows Read More »
The post Solving Uninitialized Stack Memory on Windows appeared first on Microsoft Security Response Center.
2020-08-04 08:51:04一个安全研究员
多次跳转导致的ssrf                    
                        作者:he_and 发表于 2020/08/04 07:57:57 原文链接 https://blog.csdn.net/he_and/article/details/107778105                    
                    
                        阅读:1801
2020-08-02 16:14:44一个安全研究员
来挖洞                    
                        作者:he_and 发表于 2020/08/02 15:58:25 原文链接 https://blog.csdn.net/he_and/article/details/107746034                    
                    
                        阅读:160
2020-07-31 00:33:17tyler_download的专栏
作者:tyler_download 发表于 2020/07/30 12:14:43 原文链接 https://blog.csdn.net/tyler_download/article/details/107704282                    
                    
                        阅读:83 评论:3 查看评论
2020-07-28 18:36:38小草窝博客
这是将pocsuite3发布到debian源中的记录文档。官方的参考文档在 https://mentors.debian.net/intro-maintainers/ 官方文档部分过程比较简略,这里记录详细过程。 1. 新建ITP请求 想将自己的工具打包上传到debian的第一步,是通过reportbug来报告自己的工具。 参考文档:https://www.debian.org/devel/wnpp/ apt-get install reportbug reportbug --email ... 阅读全文>>
2020-07-28 10:58:38tyler_download的专栏
熟悉编译原理的同学一定了解何为符号,所谓符号其实是一种数据结构,用来描述编程语言中定义的特定对象。例如编程语言中定义的变量,函数都有特定的符号用于描述他们的性质。例如变量对应的符号中包含了变量对应的字符串名称,变量的类型,以及变量对应的内存。函数对应的符号包含了函数名称字符串,函数的返回值类型,函数入口内存地址等,在代码调试时,你把鼠标挪动到变量所在位置,IDE就给你显示出变量当前的取值等信息,这些信息就来自变量对应的符号,我在有关编译原理的两门课程里对符号有非常深入的讲解。
在elf文件中存在两种符号表,                    
                        作者:tyler_download 发表于 2020/07/28 10:51:38 原文链接 https://blog.csdn.net/tyler_download/article/details/107631143                    
                    
                        阅读:91
2020-07-27 11:35:12tyler_download的专栏
大多数人使用windows系统,相必对其.exe结尾的文件印象深刻,执行任何程序时,你双击该文件即可,这个文件就是系统的可执行文件,我们需要了解其组成结构才能对其进行侵入,劫持或注入恶意代码。
.exe文件也叫PE文件,它由一系列段头和段来组成。它一开始是一系列段头数据结构,用于描述各个段的相关性质,接下来就是包含代码和数据的各种段。有几个段特别值得注意,.text段包含CPU可以执行的指令,其他所有段包含数据或者是辅助CPU执行该段里面指令的相关信息,这个段是唯一包含可执行代码的段。.rdata包含引入和                    
                        作者:tyler_download 发表于 2020/07/27 11:17:40 原文链接 https://blog.csdn.net/tyler_download/article/details/107607622                    
                    
                        阅读:292
2020-07-27 00:02:26零の杂货铺
每个Web安全学习者都有一个自己的扫描器梦。

0x00  前言当自己刚入门安全的时候,也是经历了从使用扫描器,到自己写自己的想要的功能的扫描器这个历程。但是从个人白帽视角、甲方视角和乙方视角所设计出来的扫描器都不尽相同,个人白帽扫描器和乙方扫描器相通的地方还多一点,都是预先对扫描目标未知,往往通过黑盒方式感知目标,希望尽可能的对漏洞规则进行覆盖,漏洞扫描思路也以通用性的漏洞发现思路为主,同时还会对扫描报告的呈现进行设计。
但是在甲方实践过程中,尤其是大一点的有一定SDL流程的互联网公司实践过程中,通用的乙方扫描器通常都是很难直接发现公司真正关注的一些高危漏洞的,SDL的流程使得低级的通用的大量漏洞往往在设计之初就被杜绝掉了,公司里复杂的网络环境,魔改的各种组件,其他的安全能力也都需要扫描器来单独适配
因此这里主要从甲方视角下的黑盒扫描器出发,对通用性的问题进行想到哪儿说到哪儿的讨论,不会聊到自己在实际设计中使用的黑科技。
0x01 基础构架扫描器建设和企业自身基础设施属性是密切相关的,企业的内部网络环境是如何设计的?扫描器的输入源需要覆盖哪些点?如何覆盖?根据输入源的体量要求的扫描周期是多久?根据扫描周期要求能够拿到多少预算?根据扫描周期要求如何设计分布式扫描的发包能力?
作为设计者,是否能够回答上述的问题。一个大型企业往往是由正式线上环境和开发环境的,有自己云能力的企业可能同时还会有自己的云上环境。那么扫描器的基础构架设计就需要有能力覆盖相互隔离的不同的网络环境。那么做分布式设计时,就需要合理分配扫描节点预算,同时配置对扫描节点的统一调度能力和节点动态扩展能力。
在设计基础构架时,也需要考虑扫描器需要满足内部哪些输入源,常见的输入源有IP、域名、交互流量,那么这些输入源是可以和其他研发设施对接,还是需要自己解决,如果是和研发设施对接,对方的数据周期是否满足扫描周期要求,如果是自己解决,就需要投入相应的研发能力中。
节点数量与扫描周期的平衡,这里需要预先设计扫描周期与节点之间的换算关系,按照传统的发包量来计算,在预期周期内扫描需要发送多少请求包,单台机器能够提供多大的并发能力,最终决定节点的部署数量。由于扫描节点往往都是占据大量的预算,最好是能够说清扫描节点预算投入必要性和价值。
分布式的设计构架,大多数都会采取一对多,一对多对一的设计模式,前者解决的是统一任务下发和结果呈现的问题,后者解决的是统一扫描能力管控的问题。
0x02 扫描能力扫描能力是一个很宽泛的话题,首先应该想到的是在具备扫描基础构架之后,在这份构架之上应该承载哪些需求。常见的需求有企业内部网络资产测绘、安全漏洞扫描两大类,前者是动态反馈企业资产,包括主机、网络、应用等多个层次的指纹信息;后者是对安全风险进行扫描识别。
企业内部一般都会有自己独特的协议、独特的基础组件应用,网络资产测绘是否能够识别这些协议、应用,并且能够自动化的新增对企业内部未知协议和基础组件的识别就尤为重要。这也是乙方通用扫描器难以解决的问题之一。
安全漏洞扫描这一part的问题将会整体放到下一次的扫描规则这一节来重点说明。
同时,这里还要注意,像华为、小米等涉足IOT、移动等领域的企业还会有许多的非传统资产,这类智能设备也会在企业的网络中,扫描器是否有能力针对这一类应用进行扫描。
这里的扫描器能力还想提到的是对扫描能力本身的持续可视化监测以及和其他企业内部安全能力的联动。
在分布式的构架下,从输入源进入,到任务分发到节点,再到节点执行扫描,获取响应进行业务逻辑判断,再将判断结果反馈给调度中心,直到风险的发现。这一整条链路不仅涉及到扫描规则本身的有效性,还有整条链路里的任务反馈是否正常。因此需要设计考虑有效的监控以及排查、告警机制,来保证日复一日的扫描都是真实有效的。这部分一方面可以和企业内部自身的业务链路监控机制相结合,学习业务方的复杂链路监控体制,设计有效的正向监控体制。另一方面还可以结合靶场等验证设施,完成反向的监控机制。
扫描能力最后想到的一点就是多和其他安全能力沟通,一方面要保证扫描能力不会被其他安全能力所干扰,另一方面可以考虑参考其他安全能力的输出信息来辅助扫描器的漏洞风险决策。
0x03 小节企业的扫描器设计之初,往往是强需求驱动的,这就使得大多数在设计时无法做到充分的体系化评估。同时,决策层往往能够直接感受到的是发现的漏洞和未发现的漏洞数量,对于这种数量的感知也会使得执行者无法专注于底层架构的设计。扫描器尤其是业界一致认为都比较成熟的黑盒扫描器(IAST先不算进来)需要能够体现给决策层更多的能力价值,不局限于风险发现,才能获取到足够的资源来完善扫描器不被外人看到的内核能力。
下一章将会重点再谈谈扫描规则建设、漏洞生命周期管理、漏洞修复几个方面。
2020-07-24 22:42:02PHITHON BLOG