Cloud Security

"Ransomware income" already occupies the main part of the hacker's economic source Blackmail has become a popular way for hackers to get rich. According to a survey, "ransomware income" already occupies the main part of the hacker's economic source.

Wireshark HiQnet parser Denial of Service Vulnerability (CVE-2016-2526)Wireshark HiQnet parser Denial of Service Vulnerability (CVE-2016-2526) Release date:Updated on:Affected Systems: Wireshark Wireshark 2.0.x Description: CVE (CAN) ID: CVE-2016-2

Apache Xerces-c xml Parser Buffer Overflow Vulnerability (CVE-2016-0729)Apache Xerces-c xml Parser Buffer Overflow Vulnerability (CVE-2016-0729) Release date:Updated on:Affected Systems: Apache Group Xerces C ++ Description: CVE (CAN) ID: CVE-

Be alert for attacks with CVE-2015-2545 VulnerabilitiesPreface Recently, APT Warning Platform captured an attack sample, after analysis, the sample seems to use CVE-2015-2545 for attacks, and has a high level of attacks.Analysis This sample is

Macro samples in malware cannot be detected by online sandboxes and common tools. A few days ago, someone gave me a strange malicious macro sample that could not be detected by online sandbox and common tools.0 × 01 macro extraction and

Principle of Trojan wall-mounting If the network is not too stable, people will set up firewall to defend against network attacks. Isn't this a huge challenge for the survival of our Trojans? Competing for things, survival of the fittest, well... to

Webshell's key_access to a locally encrypted webshell in a browser By chance, an encrypted webshell is found, which is encrypted by PHP shield Var 1.54. The notepad was opened with a bunch of garbled characters, and Baidu had a hero.The method is to

Introduction to forcible use of more complex passwords I recently read a blog post (bole online Note: Please refer to the end of this article) about forcible use of more complex passwords. The original author said this is for safety, but I don't

General-purpose command execution in the security management system of the central soft unified terminal (Java deserialization case) "United Endpoint Management (UEM)", with its brand new security concept, powerful function system, and sound

SQL Injection by China Guodian's two companies causes getshell to be updated with patches (involving Intranet Security) Intranet Security   http://60.13.13.239:8080/yyoa/ Http: // 60.13.13.239: 8080/yyoa/common/js/menu/test. jsp? DoType = 101 & S1 =

A motor vehicle system in a city in Shandong province has POST injection (involving million driver information/involving a large amount of data/involving a large number of personal information)   Http: // **. **/login.html POST injection exists at

D. Shield bypasses a wonderful line of dynamic code D shield blocked the execution of the input dynamic script, but we can bypass it in a strange way. One sentence address: http://sjxy.ycu.jx.cn/upfiles/Media/d2.asp password: z ordinary kitchen

Little Bai Yiduo -- Analysis of Several ssctf questions Brother Two said that he came from wooyun and returned to wooyun. Web400 comes from this and should be back to this. If you have any shortcomings, please note.0x00 Web200 Let's take a look at

Hero mutual Entertainment's general SQL Injection getshell (full name gun battle/dance every day/Beautiful diary in summer/kung fu all-star) management background fall I don't know how to getshell ~ Can I open/m/list.html on the official game

If the sandbox of a query service terminal in Tangshan North Railway Station is bypassed, the CMD command can be called up and executed. Rt... What can be bypassed is the "passengers self-service Inquiry System" service terminal of Tangshan North

We can't say that two pieces of chicken are useless. People often want it, but if you don't want it right, it's hard to steal rice. Let's talk about two things we have seen recently:Remote control does not kill 360-same as it is true My colleague

Attackers can bypass XIGNCODE3 anti-cheating program interference through DLL injection and code modification. Disclaimer: The Reverse game is completely for the purpose of learning. I am against the fact that the information provided below is used

Unauthorized access to a zookeeper in Baidu games Demonstrate how to use the tangscan plug-in to find unauthorized access to zookeeper. This plug-in has been added to the tangscan luxury package. welcome to use it! A zookeeper of Baidu game has

Financial security-copper treasurer SQL injection vulnerability can leak all information of the master database The data interface of the copper treasurer is not strictly verified, and the SQL injection vulnerability exists. This vulnerability can

Domain penetration-Skeleton Key Analysis 0x00 Preface The previous article introduced how to use SSP to maintain domain control permissions. The disadvantage is that it requires a domain control restart to take effect. In many domain penetration