team refined it over 2 year period and allowed Facebook to handle 6X production load compared to native PHP. d. ENABLE EVERYONE TO TEACH AND LEARN i. Dedicate organizational time to let teaching and infrastructure, etc. 2. Security group changes 3. Changes to configurations 4. XSS, SQLi attempts 5. Server errorsii. Consider blocking and storing source of events when attacks are detected to facilitate

Product Management  Every technology under the sun  Solaris, Windows, Linux  Apache, IIS, TCServer, etc.  Oracle, DB2, SQL Server  How we got better  We read and we studied.  Created a self-improvement

2.0 ] Apache Zookeeper 未授权访问,敏感信息泄露 Apache Shiro 反序列化 fastjson <= 1.2.47 反序列化利⽤ 针对各类 Windows php 集成环境 [由于此类环境拿到的 Webshell 权限相对较⾼, 所以, 通常也是红队⼈员的⾸选突破⼝] AppServ Xampp 宝塔 PhpStudy ... 远程执⾏, 后⻔植⼊ ] WMI [ 默认⼯作在tcp 135端⼝, 弱⼝令, 远程执⾏, 后⻔植⼊ ] WinRM [ 默认⼯作在tcp 5985端⼝, 此项主要针对某些⾼版本Windows, 弱⼝令, 远程执⾏, 后⻔植⼊ ] RDP [ 默认⼯作在tcp 3389端⼝, 弱⼝令, 远程执⾏, 别⼈留的shift类后⻔ ] SSH [ 默认⼯作在tcp [提权利⽤，防御重点] 以下只单独挑了⼀些在 通⽤性, 稳定性, 易⽤性, 实际成功率 都相对较好的洞 和 ⽅式 其它的⼀些"边缘性"的 利⽤都暂未提及 Windows 系统漏洞 本地提权 [成功的前提是 保证事先已做好各种针对性免杀] Windows 系统漏洞 本地提权 [成功的前提是, 保证事先已做好各种针对性免杀] BypassUAC [ win7 / 8 / 8.1 / 10 ] MS14-058[KB3000061]

telling you what not to worry about  Perf events mixed mode can show stack traces of both Java and native system calls Continuous Delivery in Financial Training by David Genn (IG) @david_genn  Separate

”  “I have to manually type in hundreds of server names in one of the text boxes. Most of the time, there’s not enough room in the field! A hundred server names are supposed to fit in a sixty-four-character

ability to learn from mistakes and diminish integrating that learning into future work d. Google Web Server (GWS) team was struggling with changes – Hard line: no changes would be accepted into GWS without