current location:Home > Technical Articles > Operation and Maintenance > Safety

  • How to implement APT32 sample analysis
    How to implement APT32 sample analysis
    1. Basic information sample MD5bb3306543ff********9372bb3c72712 Sample file size 3.29MB (3,449,856 bytes) Sample type Backdoor program Sample description Use of Office malicious macros to load Trojan module Analysis time December 2019 2. Analysis 2.1 Introduction A total of three pieces of malicious macro code were implanted in the malicious document. The main function of the macro is to load and execute the Shellcode code stored in the malicious document in the form of hexadecimal stream in the memory. The function of the ShellCode part is to extract a DLL Trojan program {A96B020F-0000-466F-A96D-A91BBF8EAC96} from itself
    Safety 1375 2023-06-02 11:34:21
  • How to implement the use of IPv6 and its comparison with ipv4
    How to implement the use of IPv6 and its comparison with ipv4
    With the shortage of IPv4, IPv6 is gradually being widely used. Comparison between IPv4 and IPv6: 1) Bit comparison IPv4: 4 segments, each segment is 8 binary bits, a total of 32 binary bits IPv6: 8 segments, each segment is 4 bits 16 Base system, a total of 32 hexadecimal numbers, 128 binary numbers 2) Address classification comparison: ipv4: Category 5, A, B, C, D, E, the first addresses of each are: A:0-126B: 128-191C:192-223D:224-239E:240-254
    Safety 857 2023-06-02 09:58:05
  • How to replace specific values ​​in an array in Javascript
    How to replace specific values ​​in an array in Javascript
    Replace a specific value in an array The splice() method adds/removes items to/from the array and returns the removed item. This method mutates the original array. Pay special attention to where you insert the value! //arrayObject.splice(index,howmany,item1,...,itemX)varplants=['Saturn','Uranus','Mercury','Venus','Earth&amp
    Safety 1499 2023-06-01 14:25:06
  • How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range
    How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range
    1. After opening the URL, it was found that it was an upload page. 2. Directly uploaded the file with the suffix php, but found that it could not be uploaded. 3. Use BurpSuite to capture the packet, and change the suffix of the uploaded file with the suffix php to php5 to bypass it. After 4. Use a kitchen knife to connect. In the directory of var/www/html, a file with KEY is found. Open it and you will see key5. Open another URL, which is also an upload page, but the upload list is set. Only Allow files with the suffix .gif.jpg.png to be uploaded through 6. We write a txt one-sentence Trojan and change its suffix to jpg7. When uploading, use BurpSiuit to capture the packet and modify the file suffix to display
    Safety 1070 2023-06-01 08:55:52
  • What is the method to dynamically export dex files in Android
    What is the method to dynamically export dex files in Android
    1. Start ida port monitoring 1.1 Start Android_server service 1.2 Port forwarding 1.3 Software enters debugging mode 2. Ida disconnects 2.1attach attached process 2.2 Disconnects three items 2.3 Selects process 2.4 Opens Modules and searches for artPS: Little knowledge System functions before Android 4.4 version After libdvm.soAndroid5.0, the system function opens the Openmemory() function in libart.so2.5, searches for the Openmemory function in libart.so and follows it. PS: Little knowledge. Generally speaking, the system dex will be loaded in this function, but there will be a problem.
    Safety 1818 2023-05-30 16:52:51
  • What issues need to be paid attention to when encrypting cloud databases?
    What issues need to be paid attention to when encrypting cloud databases?
    Cloud database encryption The first thing to consider is the necessity of encrypting data. All databases have restricted access capabilities. Some suitable implementations are sufficient to protect data confidentiality. Other factors that require encryption to protect data stored in a database are: hiding the data from privileged users of the database (such as database administrators); in order to comply with legal regulations, the data owner cannot control access to the data through accounts (such as using shared account). When using cloud databases, especially SaaS solutions that use databases, the normal functionality of the database will be reduced, forcing the database or cloud application to access the key unless it can operate on the ciphertext. Data encryption comes with complexity and performance costs. In addition to encryption, there are some other effective methods:
    Safety 1667 2023-05-30 14:59:19
  • Website vulnerability repair: Example analysis of uploading webshell vulnerability patching
    Website vulnerability repair: Example analysis of uploading webshell vulnerability patching
    SINE Security was conducting website vulnerability detection and repair on a customer's website and found that the website had serious SQL injection vulnerabilities and uploaded webshell website Trojan file vulnerabilities. The website used a CMS system, developed using PHP language, and the MySQL database architecture. The source code of this website is currently open source. A certain CMS is a social CMS system that focuses on providing paid knowledge. Payment for knowledge is in high demand on the current Internet. This system can share documents and download them for a fee. The knowledge content published by users can be hidden and provided to paying customers. read. The code is relatively streamlined and is well liked by the majority of webmasters. The vulnerability of this website mainly occurs when uploading the compressed package and constructing malicious decompression code to refer to the w in the zip package.
    Safety 2027 2023-05-30 13:49:12
  • Example analysis of Struts2 framework site risks
    Example analysis of Struts2 framework site risks
    1. Overview Struts is an open source project sponsored by the Apache Software Foundation (ASF). It started as a sub-project within the Jakarta project and later became a top-level project of ASF. By using JavaServlet/JSP technology, it implements the application framework [WebFramework] based on the Model-View-Controller [MVC] design pattern of JavaEE Web applications. It is a classic product in the MVC classic design pattern. In the early days of the development of JavaEE web applications, in addition to using Servlet technology, HTM was generally used in the source code of JavaServerPages (JSP).
    Safety 1027 2023-05-30 12:32:14
  • Analysis of how to use WinRAR vulnerability to target targeted attack activities in the Middle East
    Analysis of how to use WinRAR vulnerability to target targeted attack activities in the Middle East
    Background On March 17, 2019, the 360 ​​Threat Intelligence Center intercepted a sample of a targeted attack targeted at the Middle East by the suspected "Golden Rat" APT organization (APT-C-27) using the WinRAR vulnerability (CVE-2018-20250[6]). The malicious ACE compressed package contains an Office Word document that uses a terrorist attack as a bait to induce the victim to decompress the file. When the victim decompresses the file through WinRAR on the local computer, the vulnerability will be triggered. After the vulnerability is successfully exploited, the built-in The backdoor program (TelegramDesktop.exe) is released into the user's computer startup directory. When the user restarts or logs in to the system, the remote control Trojan will be executed to control the victim.
    Safety 1118 2023-05-30 08:55:46
  • How to create a new project in Android
    How to create a new project in Android
    Content 1. What can you learn from a simple tutorial (Insight) on a useful tool? A super powerful analysis assistant software. 2.What can you learn from analyzing the Android optimization process? 1. In-depth understanding of the Android optimization process 2. Close observation of the Android source code 2. You can see the functions in the lower part of the big boss's shell 3. What can you learn from Android DEX file analysis and analysis? 1. Other functions that can be downloaded 2. The process of parsing dex files 3. Little knowledge about shelling and disconnecting 4. What can you learn from the analysis of the AndroidDEX class loading process? 1. The complete process of class loading 2. Selection of shelling and reinforcement classes 0x01 A useful tool and a simple tutorial (Insight) This software
    Safety 1524 2023-05-29 23:37:24
  • What are the differences between ap networking and mesh networking?
    What are the differences between ap networking and mesh networking?
    Differences: 1. Mesh deployment and installation are relatively simple. After purchase, you can take it out of the box and plug in the power supply, which is plug and play. AP deployment and installation are relatively complex, requiring not only early wiring and installation of panels, but also network professionals. configuration. 2. Mesh networking is more robust and stable than AP networking. 3. Compared with AP networking, mesh networking can choose to transmit data through multiple short hops to obtain higher network bandwidth. 4. Different advantages. What is ap networking? The full name of wireless AP is WirelessAccessPoint (node ​​that provides wireless WiFi access), also called wireless access point. Its function is to transmit wireless signals and provide Wi-Fi for our mobile phones, computers and smart homes. so
    Safety 8233 2023-05-29 21:14:21
  • How to deploy Web Application Firewall JXWAF
    How to deploy Web Application Firewall JXWAF
    JXWAF Overview JXWAF is an open source web application firewall that can be used to protect against SQL injection vulnerabilities, XSS vulnerabilities, command execution breaches and other common OWASP attacks, CC attacks, etc., to avoid website data leakage and ensure website availability and security. Features 1. Web application attack protection is based on semantic recognition protection engine to defend against SQL injection, XSS attack, Webshell addition, directory traversal extension, command injection, scanning protection, etc. 2. CC attack intelligent protection controls the access frequency of a single source IP and combines the number of accesses per unit time for comprehensive protection. The human-machine recognition algorithm specially developed for CC attack protection can intelligently switch protection modes according to business load, especially suitable for massive IP slow speeds.
    Safety 1393 2023-05-29 16:47:16
  • How to implement APT34 leaked weapon report analysis
    How to implement APT34 leaked weapon report analysis
    APT34 is an APT organization from Iran. Since 2014, it has continued to launch APT attacks in the Middle East and Asia. The industries involved mainly include government, finance, energy, telecommunications, etc. Over the years, the attack arsenal has been continuously upgraded and new attack methods have been introduced, and attacks will not end just because they are exposed. APT34 Organization Background On April 17, foreign media reported that a user named "LabDookhtegan" exposed an attack toolkit from the APT34 organization on Telegram, and some APT34 victim data was also exposed at the same time. This incident, like previous source code leaks, was extremely explosive. The APT34 organization has been operating since at least 2014.
    Safety 1581 2023-05-29 12:42:34
  • What does buffer underflow in C/C++ programs mean?
    What does buffer underflow in C/C++ programs mean?
    1. Buffer underflow Buffer overflow was analyzed in the previous topic (see Issue 7). This article describes another situation of buffer overflow - buffer underflow. The causes of buffer overflow introduced in the buffer overflow topic also apply to buffer underflow, so we will not go into details in this article. Simply put, buffer underflow means that when the filling data overflows, the overflow part covers the lower-level buffer. This article mainly describes the problem from the hazards of buffer underflow, its performance in source code, and how to fix it. 2. The harm of buffer underflow Buffer underflow is a very serious type of vulnerability in C/C++ programs, which may cause program crashes, execution of malicious code and other consequences. From January to October 2018, there were 49 CVEs
    Safety 1757 2023-05-29 12:22:56
  • How to understand ip port protocol
    How to understand ip port protocol
    Computers on the Internet will have a unique 32-bit address. When we access the server through the IP address, the local area network also has a reserved IP address starting with 192/10/172. The IP address of the LAN is also the only NAT mode. The IP of the computer host is unique in the LAN. The selected NAT mode creates a virtual machine, and the virtual machine is a new LAN (private network). The teacher's machine IP is a simple concept of port 192.168.33.128. 192.168.33.128 represents a host, but there may be many services on the host. Different service functions on a host are distinguished by ports, and then let external personnel access. SSH remote connection service 22
    Safety 1714 2023-05-29 11:22:12

Tool Recommendations

jQuery enterprise message form contact code

jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.
form button
2024-02-29

HTML5 MP3 music box playback effects

HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.

HTML5 cool particle animation navigation menu special effects

HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.
Menu navigation
2024-02-29

jQuery visual form drag and drop editing code

jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.
form button
2024-02-29

Organic fruit and vegetable supplier web template Bootstrap5

An organic fruit and vegetable supplier web template-Bootstrap5
Bootstrap template
2023-02-03

Bootstrap3 multifunctional data information background management responsive web page template-Novus

Bootstrap3 multifunctional data information background management responsive web page template-Novus
backend template
2023-02-02

Real estate resource service platform web page template Bootstrap5

Real estate resource service platform web page template Bootstrap5
Bootstrap template
2023-02-02

Simple resume information web template Bootstrap4

Simple resume information web template Bootstrap4
Bootstrap template
2023-02-02

Cute summer elements vector material (EPS PNG)

This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.
PNG material
2024-05-09

Four red 2023 graduation badges vector material (AI EPS PNG)

This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.
PNG material
2024-02-29

Singing bird and cart filled with flowers design spring banner vector material (AI EPS)

This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.
banner picture
2024-02-29

Golden graduation cap vector material (EPS PNG)

This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.
PNG material
2024-02-27

Home Decor Cleaning and Repair Service Company Website Template

Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-05-09

Fresh color personal resume guide page template

Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-29

Designer Creative Job Resume Web Template

Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28

Modern engineering construction company website template

The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28