Cloud Security

A good idea is to hide the backdoor, inject DLL to the system process using a thread, remove the DLL ing, delete its own DLL and EXE files, and delete its own services, which only exist in the memory. Therefore, the host machine cannot find any new

During routine analysis of software vulnerabilities, it often takes a long period of analysis time, namely, hours, days, or even longer. Therefore, it is necessary to summarize some analysis skills. Different analysis ideas and skills are adopted

Previously, the lamp website was evolving towards lnmp. I have been using lnmp in my work environment for many years. I would like to share with you the php security configuration of the lnmp website for many years. As for lamp security, I will

This article describes how to get started with the honeypot technology and how to use tools. All the materials involved are from the Internet. All the referenced materials will be marked in the article. Here, Xiao Han just makes a usage summary.   1.

Enterprises need dynamic intelligence-driven defense measures to effectively identify malicious behaviors they have never seen before. These abnormal behaviors may eventually cause dangerous zero-day attacks, which are rampant on the Internet every

I. How to add Trojans to RM and RMVB filesHelix Producer Plus is a graphical professional streaming media file production tool. This software converts files in other formats into RM or RMVB formats, you can also re-edit the existing RM file. During

Intranet security construction is a system project that requires careful design and deployment. At the same time, Intranet security is also a long-term task, which includes both network security system construction and personnel security awareness

If you input a query directly inserted into an SQL statement, the application will be vulnerable to SQL injection. For example: $unsafe_variable = $_POST['user_input'];mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable .

The top ten symptoms of computer poisoning nowadays, computer viruses have already been brought in by the original disk. Now, it is almost impossible to defend against attacks through multiple channels at the same time. Some viruses are mysterious

A few years ago, in a project, due to targeted malware attacks, I studied more than 10,000 computers involved in botnets. The main problems with these computers are the extremely weak security measures, such as the absence of vulnerability tests and

After cracking phpjm.net's encryption, today we have cracked the bird "PHP shield! This bird encryption is basically the same as phpjm.net's practice. It is nothing more than a little bit of skill. He also made a jump in the encryption code and

Improper IIS configuration leads to arbitrary code execution, and multiple sites under the company fall. A large amount of procurement and financial data can be queried by listed companies. In fact, the problem is very simple.1. Set WebDAV to allow

Let's see you! Code: // Php batch filter post, get sensitive data if (get_magic_quotes_gpc () {$ _ GET = stripslashes_array ($ _ GET); $ _ POST = stripslashes_array ($ _ POST );} function stripslashes_array (& $ array) {while (list ($ key, $ var) =

To enter the front-end store system has laid a solid foundation http://inner.7daysinn.cn/FindHotel/Default.aspx internal system some functions by the button disabled to restrict permissions this way is equivalent to the virtual, through the browser

The problem is here http://kuaidadi.com/phone/ filled in the number, click to get the verification code, then the phone will receive the text message Verification Code, at the same time, there will be a phone call over (there is a terrible wood) we

The commonly used server is lost, so today we have nothing to do to scan the section of the Henan one machine room scanned by FTP. Scan a weak password. When I flipped through the folder, I found that there was no conspicuous attempt to turn it off.

Unauthorized downloading of plug-ins with "read permission" and downloading of plug-ins without chargeReproduction steps: 1. Use the Administrator account to upload an attachment with a high read permission. 2. Use a low-Permission user account

The upload exists because it is a forum. You need to add Source image. http://bbs.dbfen.com/data/attachment/forum/201401/20/124804tkv7xu06npxs839v.gif/.php through phpinfo get the server's real IP address. Change the host to bypass the accelerated

Establish an overall threat model to test overflow vulnerabilities, information leakage, error handling, SQL injection, identity verification, and authorization errors. 1. input verification Client-side verification on the server (disable script

Qibo cms won qibo cms with the power of combining three 0day backend getshells with the front-end storage-type xss + background CSRF + with little threat and negligible impact, although it is not a serious vulnerability, the problems and