Cloud Security

LPC see http://bbs.2cto.com/read.php? Tid = 306764 Since it is a buffer overflow, search for the buffer-related code, and the buffer generation is sub esp, xx form. Generally, they are in the [ebp-xx] format. The search result is as follows:77c4d4f8

1. Linux SSH Security Policy 1: Shut down the majority of hosts attacked on the unrelated port network, which are targeted by hackers who use scanning tools for a wide range of scanning. Therefore, in order to avoid being scanned, all ports, such as

Linux PREF_EVENTS Local Root 2.6.37-3.8.10 x86_64, Local privilege escalation, [CVE-2013-2094] Linux PREF_EVENTS Local Root 2.6.37-3.8.10 x86_64. http://sd.fucksheep.org/warez/semtex.c Another linux-safe idol, sd, has just been released .. It seems

I will not talk much about Nginx. Below I will mainly record some useful configurations I have collected, most of which are related to server security. The following sections refer to "Top 20 Nginx WebServer Best Security Practices" on nixCraft.

We are no longer familiar with Swiss Army Knife nc, which is often used for packet sending, file transfer, and reverse shell. In the penetration test process, if we want to rebound shell, we usually do the following: Nc-l-vv-p 2222-e/bin/bashIn

For telecom enterprises, database security is crucial. Imagine what will happen to the Recharge System? What will happen to system problems when mobile phone users query bills at the end of the month? The following are some experiences of database O

There are many tools to add system services. The most typical tool is netservice. However, we are talking about manually adding system services, so the use of tools is not covered in this article.Nowadays, many Trojans, backdoors, and worms are

Small problems caused by mobile browser Full Screen ProcessingUC browser WP in extreme mode using http: // xxx: xxx@xxx.com/when accessing a page, "You are about to log in to the site" xxx.com "with the username ......" Too long = see the figure,

When the USB device stores important data, we need to strictly manage and control the device to avoid important data loss or leaks due to improper use or management of the USB device.Registry Control MethodWrite Permission ControlTo prevent others

Analysis on the principle of Buffer Overflow1.1 process memory DivisionDepending on the operating system, a process may be allocated to different memory areas for execution, but no matter what operating system or computer architecture, the memory

MySQL is one of the most popular databases by DBAs. ease of use and high performance are the marks of MySQL databases. However, the high popularity of MySQL makes MySQL the target of many malicious personal and organizational attacks. By default,

Tomcat is a classic open-source middleware. It is widely used in production and has multiple instances and multiple ports for tomcat clusters. However, we need to pay attention to the security issues. Today we will give a simple demonstration of a

H3C iNode is a management software designed and developed by Hangzhou H3C Communication Technology Co., Ltd. for user authentication and internet access. The software has a buffer overflow vulnerability. Attackers can remotely send attack packets

It is difficult to complete the SSL data interaction process. When inode is installed, the client has all the certificates and keys required for the authentication process, so they must be constructed. The version of the program to be analyzed is

Preface:To figure out the entire process, we will analyze a simple DEMO we have written to illustrate the environment: OS: BT5 R3 64 bittools: gcc, gdbsource: cProcess:Let's take a look at this simple program. It's a login verification program. root@

Some time ago, mimikatz Hot transfer was mainly due to the ability to directly extract the plaintext password of the current login user. In fact, there is a more powerful artifact that does not require so many command operations. One command can be

I. Enhanced security protection tool SSH is short for the Secure Sockets Layer. It is a set of program groups that can be safely used to replace public programs such as rlogin, rsh, and rcp. SSH uses public key technology to encrypt the

In the previous article, we mainly talked about physical access and how to export HASH to local computers. With the development of enterprise and cloud management, most small and medium-sized enterprises have begun to push wide areas, it should be

When I visited Weibo two days ago, I saw someone putting pressure on the vendor to talk about the vulnerabilities that were unknown or "only known to him. I personally think this is beyond the essence of white hats. There may also be personal ethics

It is rare that someone will immediately take security measures for a newly installed server, but the society in which we live makes it necessary. But why are so many people dragging it to the end? I have done the same thing, and it usually comes