阅读视图

[中文] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

2024年8月9日 11:00

Orange Tsai (@orange_8361)  |  繁體中文版本  |  English Version嗨，這是我今年發表在 Black Hat USA 2024 上針對 Apache HTTP Server 的研究。此外，這份研究也將在 HITCON 和 OrangeCon 上發表，有興趣搶先了解可點此取得投影片： Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! 另外也謝謝來自 Akamai 的友善聯繫！此份研究發表後第一時間他們也發佈了緩解措施 (詳情可參考 Akamai 的部落格)。TL;DR這篇文章探索了 Apache HTTP Server 中存在的架構問題，介紹了數個 Httpd 的架構債，包含 3 種不同的

A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

Orange

noreply@blogger.com (Orange Tsai)

2022年10月19日 15:58

This is a cross-post blog from DEVCORE. You can check the series on: A New Attack Surface on MS Exchange Part 1 - ProxyLogon! A New Attack Surface on MS Exchange Part 2 - ProxyOracle! A New Attack Surface on MS Exchange Part 3 - ProxyShell! A New Attack Surface on MS Exchange Part 4 - ProxyRelay! Hi, this is a long-time-pending article. We could

A New Attack Surface on MS Exchange Part 3 - ProxyShell!

Orange

noreply@blogger.com (Orange Tsai)

2021年8月18日 23:08

Author: Orange Tsai(@orange_8361) from DEVCORE P.S. This is a cross-post blog from Zero Day Initiative (ZDI) This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021!  Please visit the following link to read that :)FROM PWN2OWN 2021

A New Attack Surface on MS Exchange Part 2 - ProxyOracle!

Orange

noreply@blogger.com (Orange Tsai)

2021年8月6日 23:57

Author: Orange Tsai(@orange_8361) P.S. This is a cross-post blog from DEVCORE Hi, this is the part 2 of the New MS Exchange Attack Surface. Because this article refers to several architecture introductions and attack surface concepts in the previous article, you could find the first piece here: A New Attack Surface on MS Exchange Part 1