Cloud Security

The hacker organization Phantom Squad launched a DDoS attack on Christmas Day, and many well-known games were affected. Phantom Squad, a hacker group that promised to launch attacks to the Xbox Live and PlayStation networks during the Christmas

Honeywell 93gas Detector information leakage (CVE-2015-7908) Affected Systems: Honeywell Midas gas detectors Honeywell Midas Black gas detectors Description: CVE (CAN) ID: CVE-2015-7908 Midas and Midas Black gas detectors are detectors used to

Ao you browser design defects control user browsers A browser design defect caused the browser to be controlled. The latest version of Ao you Browser:  The main reason is that the cloud tag has a problem and the title is not filtered. Because the

Linux intrusion detection Basics In linux, there are five commands for auditing:Last: This command can be used to check the Successful Logon, shutdown, and restart of our system. This command is used to format the/var/log/wtmp file.Lastb: this

IOS jailbreak device Trojan TinyV appears Claud Xiao, a security researcher at Palo Alto Networks, recently published an article about the analysis of the new Trojan "TinyV. Security company Palo Alto Networks found the trojan in OctoberPalo Alto

OS X-how does malware start? 0x00 background A few days ago, I read a report published by US network security company bit9: 2015: The Most Prolific Year for OS X Malware. The main content of the report is about the malware on the OS X platform in 20

Automated Analysis Platform for Cuckoo malware Author: kernux Topsec α-lab0x00 cuckoo Overview Cuckoo is an open-source automated malware analysis system. It is mainly used to analyze malware on the windows platform, but its framework supports both

Webshell Security Detection (1)-traffic-based detectionI. Overview I have been paying attention to the security analysis of webshell, And I will share my experiences in this period of time. Webshell generally has three detection methods:The

Rips Scanners (0.5) exposed local File Inclusion Vulnerability RIPS is a source code analysis tool written in php. It uses static analysis technology to automatically discover potential security vulnerabilities in PHP source code. Penetration

CHANGBA website has SQL Injection CHANGBA website has SQL Injection  POST /admin/admin_login.php?ac=login HTTP/1.1Host: 211.151.86.221:8898Content-Length: 45Cache-Control: max-age=0Accept:

A place where SQL Injection Injection somewhere in the home Http://www.juran.com.cn/News/NewsList.aspx?Keyword = 1Keyword Parameters [13:59:35] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web

91 information leakage caused by weak passwords in the background of the agricultural personnel management system Target :**.**.**.** Password: Administrator/123456Employee information available Make a dictionary of the emails and crack the email

SQL injection vulnerability in Xiamen small and micro enterprises loan repayment Emergency Fund Management System Vulnerability address: POST /ashx/SendMsg.ashx HTTP/1.1Host: **.**.**.**Proxy-Connection: keep-aliveContent-Length: 21Accept:

The collection of Real Estate helps a login with a database hit attack (wonderful process) Thank you! Code Region https://passport.ganji.com/login.php?next=http%3A%2F%2Fwww.ganji.com%2Fsite%2Fu%2F This is a collection of real estate to help a

Improper configuration of a substation in Baidu (the whole site source code can be downloaded to leak some sensitive information) Baidu, you will know Because the website is almost static and has no interaction, so... Code Region http://efe.baidu.

Part of the current target OA file can be traversed and downloaded Entry level ~ Address: http://web.jingoal.com/#worklog (login required), may be shared with the microblogging attachment interface, part of the log attachments can be modified

From weak passwords to Getshell Http://extplat.minanins.com/console/login/LoginForm.jsp Weblogic is used for one of the sites of the Civil Security Department, and the console is exposed Weak Password: webloigc weblogic123 The port jumps to 9

Penetration skills-Some Opinions on safe dogs Security Attacks and defense are never outdated. Just like a website you infiltrate, you may not be able to penetrate it well at some point due to various technical conditions, but as you grow and study.

Use Shodan and Censys for Information Investigation     In the initial stage of penetration testing, online resources such as Shodan and Censys can be used as a starting point to identify technical traces of the target organization. This article

Japanese researchers use mobile phones to launch DDoS attacks on connected cars Hiroyuki Inoue, an associate professor at the Graduate School of Information Science at the City University of Hiroshima, Japan, shows how to use an APP and a custom