TGTGInsighttelegram intelligenceLIVE / telegram public index
← GZ学习频道

TGINSIGHT SIMILAR POSTS

Find similar content

Source channel @olddriverGDstudy · Post #102 · Oct 18

游龙历险记 孔子云:食色性也。本人自然逃不出圣人所料。于是踏上了这条不归路。能看到这篇文章的估计都已经在此道初窥门径,我便不再规劝各位,望各位好自为之。以下我分享一下个人探索世界的经历,希望各位能从其中吸取教训,少上当,多开好车。 探索篇 人生初体验: 资源途径是朋友分享的专业招嫖软件,名为51品茶。一日恰逢休假,兴致大发,遂行动。QQ约好800/pp(上门)。到了宾馆之后给她拍房卡,发送手机号,坐等上门。约半小时后,人到。人图不一,想退货,奈何是个新手在小姐的忽悠下同意了(这个小姐外形也还行)。付钱开搞。服务非常简单,口硬了开干。态度奇差,一直玩手机。一炮结束后,大为扫兴,要求退钱。小姐没同意,说给推荐其他资源。让人走了,发消息不回。两百块没了。 事后反省: 招嫖软件上的基本都是代聊,鸡头,层层转包,八百最后到小姐手机可能只有四百。尽量不要通过软件找。根据另一次经历,推测出一个人软件发布资源,然后转给鸡头,鸡头联系小姐。对小姐不要心软,人图不一的全是代聊,直接拒绝。路费都不要给。这种小姐能拿到手的都非常少,不可能有好的体验。不要对小姐的人品抱有期待,和小姐的交易必须当面完成,人走账清。 人生再探索: 去找同学玩,同学介绍了一家洗浴中心,398半套,技师年纪偏大,服务一流。不满意的可以换,多换几个总能找到个还行的。熟人带着才有全套。 事后反省: 熟人带着可以搞大活,要么就装老嫖客,技师可以私聊带出来。级别翻倍。随便搞。 斗智斗勇篇 洗浴中心第二天,同学给了一个QQ号,加上之后网上选人。888/p,本人选了两个1600。留下联系方式和房卡。约好时间,时间到了之后让转账后小姐上楼。觉得号是同学给的诚信有保障,遂给888。转账后暴露,各种借口让付另一半,小姐没上楼。期间双方斗智斗勇,互相忽悠。我想让对面给我把钱转回来,对面忽悠我转剩下的一半。最终恼羞成怒,报上我的姓名,扬言砍我一只手,(猜测酒店前台泄露了我的信息)同时发来一段视频,西瓜刀寒光四射。本人放话:有种上来。同时戴上口罩开门跑路,110已经拨好,随时可打。 反省:任何时候都不要放松警惕,哪怕同学给的资源,不见小姐不付钱。面对卖淫团伙仙人跳威胁不要怂,他刚你更刚。报警挂嘴上。(报警流程有不熟悉的建议有机会找个小事试一下,一般会问一些信息,提前准备好,比如出警地点) 安魂舒缓篇 找同学玩回来,欲找个熟女安慰一下受惊的心灵。人来略坦,无奈大莱莱迷惑了我的双眼,上门后推荐闺蜜双飞,怦然心动。共计2400。无奈服务相当机车,身材走样,下面松垮垮,除了奶子可以,其余都不行。没射出来就软了。实在下不去鸡儿。 反省:不要相信鸡头嘴里熟女这种东西,玛德二十多的他说是学生,30多的他说是二十的,四五十的才是他们嘴里的熟女。再次强调不要在床上相信小姐任何话,这时候男人每个清醒的,要谈也是提上裤子以后。 同一个地方跌倒四次: 一日兴起,招嫖,谈好价格1000pp,人来看中,付钱后准备洗漱。小姐借口自己来之前已经洗漱过了,让我自行洗漱,于是洗漱,途中和小姐聊天,指挥我洗一下鸡儿,不然口的时候不卫生。遂用肥皂擦洗,泡沫正浓时,小姐夺路而逃。跑了。又一日兴起,约好后酒店等人敲门后端详良久,这特么不是上次跑路的那个小姐,遂激动指控,逼其退钱,无奈忘记堵门,又跑了。再一日兴起,来一未成年,吓我一哆嗦,赶紧换了一个,由于兴致大起,已经洗好澡等待,准备人来直接开干。来后小姐说已经洗过澡了,没多久,提枪上马,干到一半,小姐私处异味严重,大为影响兴致。某一日,兴致再起,欲探索酒店小卡片。打电话后,人来。500一次,没啥服务,催人,质量不行,隆胸,关键隆过以后也只有B-,还特么硬,我都不敢捏,害怕摸坏了。 反省:之所以是一个地方跌倒四次,是因为开房地点都在万达中心。怀疑此地有诈。各位谨慎。小姐来了以后一定要洗澡,不论她什么借口。一定要注意卫生。不健康不说,还特么影响兴致。如果洗澡前付了钱,就同时洗澡,要么洗澡之后付钱。针对上门小姐服务机车,不认真的情况,各位可以尝试事后付款。(这点要约之前就谈好,省的浪费时间),另外远离未成年,绝对不能精虫上脑。万一被抓就不是换个星球生活的事了 云南之行: 微信约好1600包夜,小姐来到后,外形颜值良好。遂付款开整态度良好。体验良好。两炮结束后,小姐借口上厕所,卫生间内偷偷穿戴整齐,趁机夺路而逃。一日游玩结束后,浑身酸痛,想洗个澡。打车告诉司机说去洗澡。无奈司机会错意,直接拉到一家养生馆,说有当地特色。于是体验一把。没有大活298,洗澡加按摩加轻色情服务,最后大飞机。技师相当漂亮。听话。云南少数民族农村的,后悔没加微信。 反省:包夜一定要谨慎小姐偷偷溜走,思来想去只有钱给一半这个办法,这种方法也得提前说好。省的浪费时间。养生馆的小姐姐,我怎么就没要微信呢。真特么后悔。 青岛之行: 是一家spa馆,只做特殊服务的那种,小姐质量超高,服务非常机车。1399打了个飞机摸了一下奶。 反省:不要让妹妹迷失了双眼啊,看到漂亮姐姐就付钱是可耻的。 门店会员: 一家我工作城市的足浴店,挺大的,技师日常上班三四十个。质量有好有差,不满意就换,服务分档次,1000的会员,3000的会员,10000的会员。我是3000的,3000的不给口,可以打奶炮。服务挺好,单次消费666,按摩,加胸推,调情之类的,不给口,不给日。 反省:足浴店的技师因为按摩脚丫子,稍有不慎就会沾染脚气,再摸你的蛋蛋,容易引起蛋蛋瘙痒,或者各种皮肤病。要谨慎啊,事后一定要用肥皂清洗自己的二弟,别图省事用纸擦擦了事。别问我怎么知道的。 大本营: 一个外围2000两小时,相当漂亮,服务温柔,身材也好。 反省:我怎么这么穷? 作者:王一 标签:#原创,#知识,#经验反省

Results

26 similar posts found

Search: #devsecops

当前筛选 #devsecops清除筛选
infosecurity

@tg_infosec · Post #3377 · 07/10/2025, 04:29 PM

👨‍💻 HTTP Security Headers. • X-Content-Type-Options Header; • Reflected File Download (RFD); • CORS Deception; • Clickjacking; • XSS (Cross-Site Scripting); • SSL/TLS Stripping (MITM); • Cookie Hijacking; • CSRF (Cross-Site Request Forgery); • Information Disclosure Attacks; • Cache-Control Header; • Content-Disposition Header; • Cross-Origin Resource Policy (CORP); • Extra HTTP Header Injection; • Content-Encoding Header; • Access-Control-Allow-Origin Header; • X-Rate-Limit and X-Forwarded Headers; • X-Content-Type-Options Header; • XSS and CSRF Protection; • Content-Security-Policy (CSP). #devsecops

Hashtags

infosecurity

@tg_infosec · Post #3323 · 06/25/2025, 12:30 PM

👨‍💻 File Upload Vulnerabilities. • Attack Scenario: Insecure File Content: - 2. Non-Compliant Code: Insecure File Upload Example; - Issues with Non-Compliant Code; - 3. Compliant Code: Secure File Upload Example; - Security Enhancements in Compliant Code; - 4. Reverse Access Control; • Magic Byte Exploits and Securing File Uploads: - Magic Bytes Overview; - Attack Scenario: Magic Byte Exploit; - Non-Compliant Code: Insecure File Upload Example; - Issues with Non-Compliant Code; - Compliant Code: Secure File Upload Example; - Security Enhancements in Compliant Code; - Reverse Access Control; - Process of Securing File Uploads; • Config Overwrite: - Attack Scenario: Configuration Overwrite and Null Byte Injection; - Non-Compliant Code: Insecure File Upload Example; - Issues with Non-Compliant Code; - Compliant Code: Secure File Upload Example; - Security Enhancements in Compliant Code; - Reverse Access and Configuration Overwrite; - Process of Securing File Uploads; • Insecure Handler: - Attack Scenario: Insecure Handler Exploit; - Non-Compliant Code: Insecure File Upload Example; - Issues with Non-Compliant Code; - Compliant Code: Secure File Upload Example; - Security Enhancements in Compliant Code; - Insecure Handler and Web Shell Exploit; - Process of Securing File Uploads. #devsecops

Hashtags

infosecurity

@tg_infosec · Post #3269 · 06/05/2025, 04:31 PM

👨‍💻Attacking OpenStack. • Apply Restrictive File Permissions: - Incorrect Example; - Writing Files with Python; - Correct Example; - Secure File Creation in Python; - Verify Ownership and Group; • Avoid Dangerous File Parsing and Object Serialization Libraries; • Python Pipes to Avoid Shells; • Unvalidated URL redirect; • Validate Certificates on HTTPS Connections to Avoid Man-in-the-Middle Attacks; • Create, Use, and Remove Temporary Files Securely: - Python Temporary File Handling; • Restrict Path Access to Prevent Path Traversal; • Use Subprocess Securely; • Parameterize Database Queries: - SQLAlchemy; - MySQL; - PostgreSQL (Psycopg2); • Protect Sensitive Data in Config Files from Disclosure: - Consequences; - Example Log Entries; • Use Secure Channels for Transmitting Data: - Clear Example; - Less Obvious Example; • Escape User Input to Prevent XSS Attacks; • Resources. #devsecops

Hashtags

infosecurity

@tg_infosec · Post #3261 · 06/03/2025, 08:31 AM

👨‍💻 Attacking CI/CD. • CI Debug Enabled; • Default permissions used on risky events; • Github Action from Unverified Creator used; • If condition always evaluates to true; • Injection with Arbitrary External Contributor Input; • Job uses all secrets; • Unverified Script Execution; • Arbitrary Code Execution from Untrusted Code Changes; • Unpinnable CI component used; • Pull Request Runs on Self-Hosted GitHub Actions Runner; • Mitigation Strategies; • Example GitHub Actions Workflow; • RCE via Git Clone; • Resources. #devsecops

Hashtags

infosecurity

@tg_infosec · Post #3209 · 05/16/2025, 12:32 PM

👨‍💻 Attacking Policy. • Open Policy Agent — это open-source-инструмент контроля доступа, основанный на политиках, который создан в 2016 году и с тех пор стабильно развивается. Сейчас он входит в каталог дипломированных проектов Cloud Native Computing Foundation (CNCF). Его используют Netflix, Pinterest, TripAdvisor и другие компании. • В этой статье перечислены определенные векторы атак, которые могут быть вызваны неправильной конфигурацией Open Policy Agent: • Allowed Repositories; • Automount Service Account Token for Pod; • Block Endpoint Edit Default Role; • Block Services with type LoadBalancer; • Block NodePort; • Block Wildcard Ingress; • Disallow Interactive TTY Containers; • Step-by-Step Instructions; • Allow Privilege Escalation in Container; • Step-by-Step Instructions; • Privileged Container; • Read Only Root Filesystem; • Host Networking Ports; • App Armor; • SELinux V2; • Resources. #devsecops

Hashtags

infosecurity

@tg_infosec · Post #3200 · 05/13/2025, 08:30 AM

👨‍💻 Attacking Secrets. • Secrets in private repositories; - Scenario: An Attacker Scanning a Private Repository for Secrets; - Example Commands and Codes; • User Credentials in CI Pipelines; - Scenario: An Adversary Exploiting CI Pipeline Credentials; - Example Commands and Codes; • Azure Key-Vault Authentication Abuse; - Azure’s Documentation Overview; • Practical Implementation: Azure’s Authentication Solution; - Steps for Compromising Azure Key Vault; • Azure Key Vault RBAC; • Ansible Vault Secret; - Generating a Hash for Cracking; - Cracking the Hash; - Decrypting the File; • Vault-Backend-Migrator; - Threats; • Kubernetes Sealed Secrets; • chamber; • Vault Secrets Operator; • Buttercup Weak Password; • teller manipulate files; • BlackBox; • Conclusion; - Attacker's Next Steps. #devsecops

Hashtags

infosecurity

@tg_infosec · Post #3108 · 04/10/2025, 08:00 AM

🏰 DevSecOps Security Architecture. • Honeypot Network and Services in DevSecOps Security Architecture; • Flume log collection; • Kafka Knowledge System; • Zookeeper Knowledge System; • ElastAlert ES Alarm Tool; • Elastic Knowledge System; • Real IP address Detection; • Nginx configuration log format; • Container security tools; • osquery operating system detection and analysis; • jumpserver open source bastion server; • wazuh Host Intrusion Detection System; • Bro Network Security Monitoring; • GitHub Information Leak Monitoring; • Application layer denial of service attacks; • Slowloris; • Resources. #DevSecOps

Hashtags

infosecurity

@tg_infosec · Post #3065 · 03/26/2025, 04:34 PM

👨‍💻 Attacking .NET • Code Access Security (CAS); • AllowPartiallyTrustedCaller attribute (APTCA); • Distributed Component Object Model (DCOM); • Timing vulnerabilities with CBC-mode symmetric; • Race Conditions; • App Secrets; • XML Processing; • Timing attacks; • ViewState is love; • Formatter Attacks; • TemplateParser; • ObjRefs. ➡️https://blog.devsecopsguides.com/p/attacking-net #DevSecOps

Hashtags

infosecurity

@tg_infosec · Post #3047 · 03/21/2025, 12:35 PM

👩‍💻 Attacking Rust. - Cargo Dependency Confusing; - Unsafe Code Usage; - Integer Overflow; - Panics in Rust Code; - memory leaks; - Uninitialized memory; - Foreign Function Interface; - OOB Read plus; - race condition to escalate privileges; - TOCTAU race condition; - out-of-bounds array access; - References. #devsecops

Hashtags

infosecurity

@tg_infosec · Post #2995 · 03/04/2025, 12:33 PM

👩‍💻 Attacking NodeJS Application. - Use flat Promise chains; - Set request size limits; - Do not block the event loop; - Perform input validation; - Perform output escaping; - Perform application activity logging; - Monitor the event loop; - Take precautions against brute-forcing; - Use Anti-CSRF tokens; - Prevent HTTP Parameter Pollution; - Do not use dangerous functions; - Use appropriate security headers; - Listen to errors when using EventEmitter; - Set cookie flags appropriately; - Avoid eval(), setTimeout(), and setInterval(); - Avoid new Function(); - Avoid code serialization in JavaScript; - Use a Node.js security linter; - References. #devsecops

Hashtags

infosecurity

@tg_infosec · Post #2847 · 01/14/2025, 08:30 AM

👨‍💻 Attacking APIs \ Атаки на API. • Программный интерфейс приложений (API) - фундаментальный элемент инноваций в современном, движимом приложениями мире. API - важная составляющая современных мобильных, SaaS и веб приложений, используемая в клиентских, партнерских и внутренних приложениях от банковской сферы, сфер розничных продаж и логистики до интернета вещей, автономных автомобилей и умных городов. • По своей природе API раскрывают логику приложения и критичные данные, например, персональные данные, именно поэтому API все чаще становятся целью злоумышленников. Стремительные инновации невозможны без безопасных API. В этой статье рассматриваются общие векторы атак на API и приводятся примеры безопасной разработки. ➡️https://blog.devsecopsguides.com/attacking-apis #devsecops

Hashtags

infosecurity

@tg_infosec · Post #3252 · 05/30/2025, 12:30 PM

👨‍💻 Attacking Pipeline. • DevOps resources compromise; • Control of common registry; • Direct PPE (d-PPE); • Indirect PPE (i-PPE); • Public PPE; • Changes in repository; • Inject in Artifacts; • User/Services credentials; • Typosquatting docker registry image; • Resources. #DevOps#DevSecOps

PreviousPage 1 of 3Next