current location:Home > Technical Articles > Operation and Maintenance > Safety
- Direction:
- All web3.0 Backend Development Web Front-end Database Operation and Maintenance Development Tools PHP Framework Daily Programming WeChat Applet Common Problem Other Tech CMS Tutorial Java System Tutorial Computer Tutorials Hardware Tutorial Mobile Tutorial Software Tutorial Mobile Game Tutorial
- Classify:
-
- How to implement APT32 sample analysis
- 1. Basic information sample MD5bb3306543ff********9372bb3c72712 Sample file size 3.29MB (3,449,856 bytes) Sample type Backdoor program Sample description Use of Office malicious macros to load Trojan module Analysis time December 2019 2. Analysis 2.1 Introduction A total of three pieces of malicious macro code were implanted in the malicious document. The main function of the macro is to load and execute the Shellcode code stored in the malicious document in the form of hexadecimal stream in the memory. The function of the ShellCode part is to extract a DLL Trojan program {A96B020F-0000-466F-A96D-A91BBF8EAC96} from itself
- Safety 1375 2023-06-02 11:34:21
-
- How to implement the use of IPv6 and its comparison with ipv4
- With the shortage of IPv4, IPv6 is gradually being widely used. Comparison between IPv4 and IPv6: 1) Bit comparison IPv4: 4 segments, each segment is 8 binary bits, a total of 32 binary bits IPv6: 8 segments, each segment is 4 bits 16 Base system, a total of 32 hexadecimal numbers, 128 binary numbers 2) Address classification comparison: ipv4: Category 5, A, B, C, D, E, the first addresses of each are: A:0-126B: 128-191C:192-223D:224-239E:240-254
- Safety 857 2023-06-02 09:58:05
-
- How to replace specific values in an array in Javascript
- Replace a specific value in an array The splice() method adds/removes items to/from the array and returns the removed item. This method mutates the original array. Pay special attention to where you insert the value! //arrayObject.splice(index,howmany,item1,...,itemX)varplants=['Saturn','Uranus','Mercury','Venus','Earth&
- Safety 1499 2023-06-01 14:25:06
-
- How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range
- 1. After opening the URL, it was found that it was an upload page. 2. Directly uploaded the file with the suffix php, but found that it could not be uploaded. 3. Use BurpSuite to capture the packet, and change the suffix of the uploaded file with the suffix php to php5 to bypass it. After 4. Use a kitchen knife to connect. In the directory of var/www/html, a file with KEY is found. Open it and you will see key5. Open another URL, which is also an upload page, but the upload list is set. Only Allow files with the suffix .gif.jpg.png to be uploaded through 6. We write a txt one-sentence Trojan and change its suffix to jpg7. When uploading, use BurpSiuit to capture the packet and modify the file suffix to display
- Safety 1070 2023-06-01 08:55:52
-
- What is the method to dynamically export dex files in Android
- 1. Start ida port monitoring 1.1 Start Android_server service 1.2 Port forwarding 1.3 Software enters debugging mode 2. Ida disconnects 2.1attach attached process 2.2 Disconnects three items 2.3 Selects process 2.4 Opens Modules and searches for artPS: Little knowledge System functions before Android 4.4 version After libdvm.soAndroid5.0, the system function opens the Openmemory() function in libart.so2.5, searches for the Openmemory function in libart.so and follows it. PS: Little knowledge. Generally speaking, the system dex will be loaded in this function, but there will be a problem.
- Safety 1818 2023-05-30 16:52:51
-
- What issues need to be paid attention to when encrypting cloud databases?
- Cloud database encryption The first thing to consider is the necessity of encrypting data. All databases have restricted access capabilities. Some suitable implementations are sufficient to protect data confidentiality. Other factors that require encryption to protect data stored in a database are: hiding the data from privileged users of the database (such as database administrators); in order to comply with legal regulations, the data owner cannot control access to the data through accounts (such as using shared account). When using cloud databases, especially SaaS solutions that use databases, the normal functionality of the database will be reduced, forcing the database or cloud application to access the key unless it can operate on the ciphertext. Data encryption comes with complexity and performance costs. In addition to encryption, there are some other effective methods:
- Safety 1667 2023-05-30 14:59:19
-
- Website vulnerability repair: Example analysis of uploading webshell vulnerability patching
- SINE Security was conducting website vulnerability detection and repair on a customer's website and found that the website had serious SQL injection vulnerabilities and uploaded webshell website Trojan file vulnerabilities. The website used a CMS system, developed using PHP language, and the MySQL database architecture. The source code of this website is currently open source. A certain CMS is a social CMS system that focuses on providing paid knowledge. Payment for knowledge is in high demand on the current Internet. This system can share documents and download them for a fee. The knowledge content published by users can be hidden and provided to paying customers. read. The code is relatively streamlined and is well liked by the majority of webmasters. The vulnerability of this website mainly occurs when uploading the compressed package and constructing malicious decompression code to refer to the w in the zip package.
- Safety 2027 2023-05-30 13:49:12
-
- Example analysis of Struts2 framework site risks
- 1. Overview Struts is an open source project sponsored by the Apache Software Foundation (ASF). It started as a sub-project within the Jakarta project and later became a top-level project of ASF. By using JavaServlet/JSP technology, it implements the application framework [WebFramework] based on the Model-View-Controller [MVC] design pattern of JavaEE Web applications. It is a classic product in the MVC classic design pattern. In the early days of the development of JavaEE web applications, in addition to using Servlet technology, HTM was generally used in the source code of JavaServerPages (JSP).
- Safety 1027 2023-05-30 12:32:14
-
- Analysis of how to use WinRAR vulnerability to target targeted attack activities in the Middle East
- Background On March 17, 2019, the 360 Threat Intelligence Center intercepted a sample of a targeted attack targeted at the Middle East by the suspected "Golden Rat" APT organization (APT-C-27) using the WinRAR vulnerability (CVE-2018-20250[6]). The malicious ACE compressed package contains an Office Word document that uses a terrorist attack as a bait to induce the victim to decompress the file. When the victim decompresses the file through WinRAR on the local computer, the vulnerability will be triggered. After the vulnerability is successfully exploited, the built-in The backdoor program (TelegramDesktop.exe) is released into the user's computer startup directory. When the user restarts or logs in to the system, the remote control Trojan will be executed to control the victim.
- Safety 1118 2023-05-30 08:55:46
-
- How to create a new project in Android
- Content 1. What can you learn from a simple tutorial (Insight) on a useful tool? A super powerful analysis assistant software. 2.What can you learn from analyzing the Android optimization process? 1. In-depth understanding of the Android optimization process 2. Close observation of the Android source code 2. You can see the functions in the lower part of the big boss's shell 3. What can you learn from Android DEX file analysis and analysis? 1. Other functions that can be downloaded 2. The process of parsing dex files 3. Little knowledge about shelling and disconnecting 4. What can you learn from the analysis of the AndroidDEX class loading process? 1. The complete process of class loading 2. Selection of shelling and reinforcement classes 0x01 A useful tool and a simple tutorial (Insight) This software
- Safety 1524 2023-05-29 23:37:24
-
- What are the differences between ap networking and mesh networking?
- Differences: 1. Mesh deployment and installation are relatively simple. After purchase, you can take it out of the box and plug in the power supply, which is plug and play. AP deployment and installation are relatively complex, requiring not only early wiring and installation of panels, but also network professionals. configuration. 2. Mesh networking is more robust and stable than AP networking. 3. Compared with AP networking, mesh networking can choose to transmit data through multiple short hops to obtain higher network bandwidth. 4. Different advantages. What is ap networking? The full name of wireless AP is WirelessAccessPoint (node that provides wireless WiFi access), also called wireless access point. Its function is to transmit wireless signals and provide Wi-Fi for our mobile phones, computers and smart homes. so
- Safety 8233 2023-05-29 21:14:21
-
- How to deploy Web Application Firewall JXWAF
- JXWAF Overview JXWAF is an open source web application firewall that can be used to protect against SQL injection vulnerabilities, XSS vulnerabilities, command execution breaches and other common OWASP attacks, CC attacks, etc., to avoid website data leakage and ensure website availability and security. Features 1. Web application attack protection is based on semantic recognition protection engine to defend against SQL injection, XSS attack, Webshell addition, directory traversal extension, command injection, scanning protection, etc. 2. CC attack intelligent protection controls the access frequency of a single source IP and combines the number of accesses per unit time for comprehensive protection. The human-machine recognition algorithm specially developed for CC attack protection can intelligently switch protection modes according to business load, especially suitable for massive IP slow speeds.
- Safety 1393 2023-05-29 16:47:16
-
- How to implement APT34 leaked weapon report analysis
- APT34 is an APT organization from Iran. Since 2014, it has continued to launch APT attacks in the Middle East and Asia. The industries involved mainly include government, finance, energy, telecommunications, etc. Over the years, the attack arsenal has been continuously upgraded and new attack methods have been introduced, and attacks will not end just because they are exposed. APT34 Organization Background On April 17, foreign media reported that a user named "LabDookhtegan" exposed an attack toolkit from the APT34 organization on Telegram, and some APT34 victim data was also exposed at the same time. This incident, like previous source code leaks, was extremely explosive. The APT34 organization has been operating since at least 2014.
- Safety 1581 2023-05-29 12:42:34
-
- What does buffer underflow in C/C++ programs mean?
- 1. Buffer underflow Buffer overflow was analyzed in the previous topic (see Issue 7). This article describes another situation of buffer overflow - buffer underflow. The causes of buffer overflow introduced in the buffer overflow topic also apply to buffer underflow, so we will not go into details in this article. Simply put, buffer underflow means that when the filling data overflows, the overflow part covers the lower-level buffer. This article mainly describes the problem from the hazards of buffer underflow, its performance in source code, and how to fix it. 2. The harm of buffer underflow Buffer underflow is a very serious type of vulnerability in C/C++ programs, which may cause program crashes, execution of malicious code and other consequences. From January to October 2018, there were 49 CVEs
- Safety 1757 2023-05-29 12:22:56
-
- How to understand ip port protocol
- Computers on the Internet will have a unique 32-bit address. When we access the server through the IP address, the local area network also has a reserved IP address starting with 192/10/172. The IP address of the LAN is also the only NAT mode. The IP of the computer host is unique in the LAN. The selected NAT mode creates a virtual machine, and the virtual machine is a new LAN (private network). The teacher's machine IP is a simple concept of port 192.168.33.128. 192.168.33.128 represents a host, but there may be many services on the host. Different service functions on a host are distinguished by ports, and then let external personnel access. SSH remote connection service 22
- Safety 1714 2023-05-29 11:22:12