Clik here to view.
Clik here to view.
The favourite in the French presidential election promises to crack down on...
French independent presidential candidate Emmanuel Macron. Sean Gallup/Getty Images Politicians in Europe are gunning for encryption once again. This time it's Emmanuel Macron, the favourite to win...
View ArticleClik here to view.
Executing Shellcode Directly
I found this post by Alex Ionescu pretty interesting. I recreated the poc and wrote position independent shellcode. It’s more like executing shellcode directly by the windows loader. One could develop...
View ArticleOn password security.
From an AT&T Developer Program e-mail: How secure is your e-mail password? If you want to be more careful with your e-mail on your mobile device, make sure you have turned on SSL. And you should...
View ArticleClik here to view.
堪忧!物联网系统安全漏洞百出
近日,匡恩网络物联网安全院士工作站成立,为物联网安全防护再添一力。多年来,网络安全防护和网络攻击一直处于“道”与“魔”博弈中,物联网安全亦是如此。 随着智能处理技术的发展,物联网设备已逐步应用到许多行业领域。多采用嵌入式操作系统的物联网设备存在众多漏洞,很容易沦为黑客的傀儡攻击工具。2016年美国发生的大规模网络拒绝服务攻击事件,给物联网行业敲响了警钟。 一、物联网系统漏洞百出...
View ArticleClik here to view.
I propose Julian Assange as the president of the Earth
“Him who votes have no power, him who counts the votes have all the power” JosephStalin Few would agree more to the above quote than Al Gore and Hilary Clinton. The quote was first utteredby Joseph...
View ArticleClik here to view.
Hot on the Credential Theft Trail: Tracking a Hacker from a Dropbox Phishing...
We (the Imperva Defense Center research team) frequently investigate cases of credential theft to gain a deeper understanding of methods and tools used by cyber criminals―in particular, to learn how...
View ArticleClik here to view.
加密算法系列――对称加密算法
前言 在平时工作的时候,经常用到一些加解密算法,刚好近来比较有时间,就简单小结了下。 注:转载请附上本文链接: http://linianjian.cn/2016/03/07/symmetric-cryptography/ . 本文将对常用的对称加密算法进行一些简单的整理,也算是知识的简单积累, 对称加密算法简介 对称加密算法,属于加解密算法中的一种,它使用同一组密钥进行加密和解密,如下图所示:...
View ArticleClik here to view.
Open hacker board takes aim at RPi 3
The $30 Orange Pi Prime combines a quad -A53 Allwinner H5 SoC with 2GB RAM, wireless, MIPI-CSI, GbE, and a 40-pin expansion header. Another Orange Pi has shaken loose from Shenzhen Xunlong’s highly...
View ArticleClik here to view.
CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler
FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability allows a malicious actor to download and...
View ArticlePlot inspiration via FiveThirtyEight
Graph!? more like art Every once in a while, I run into an article with some data that really intrigues me, and sometimes I run into a data visualization that makes me think, “How can I do something...
View ArticleNode v7.9.0 (Current)
[ 9f73df5910 ] - deps : cherry-pick 22858cb from V8 upstream (Ali Ijaz Sheikh) #11998 [ b997e62692 ] - test : add internal/socket_list tests (DavidCai) #12109 [ c11c23b22b ] - doc : make the heading...
View ArticleTrusted SSL certificates with Let’s Encrypt and NGINX
letsencrypt.org is the new awesomeness that happened to SSL on the web. Forget over-priced trusted certificates or self-signed certs for your side & pro bono projects. Try trusted SSL in seconds...
View ArticleDisabling SSL validation in binary apps
Reverse engineering protocols is a great deal easier when they're not encrypted. Thankfully most apps I've dealt with have been doing something convenient like using AES with a key embedded in the...
View ArticleClik here to view.
Worst IPs: 2016 Edition
A little late this year, butfollowing tradition here is my list of the absolute worst IP addresses from 2016. All in nice numerical order for easy crunching. These IPs are associated with all sorts of...
View ArticleClik here to view.
机器学习(二) 如何做到Kaggle排名前2%
本文详述了如何通过数据预览,探索式数据分析,缺失数据填补,删除关联特征以及派生新特征等方法,在 Kaggle的Titanic幸存预测 这一分类问题竞赛中获得前2%排名的具体方法。 竞赛内容介绍 Titanic幸存预测 是Kaggle上参赛人数最多的竞赛之一。它要求参赛选手通过训练数据集分析出什么类型的人更可能幸存,并预测出测试数据集中的所有乘客是否生还。 该项目是一个二元分类问题...
View ArticleClik here to view.
ssl 证书文件获取与 node 环境下的配置
前两天个人小站域名到期(其实也是忘续了),有点空就收拾了一下,申请了新的域名上线。 带来的问题是,站点一直用 https,换域名后原 ssl 签名证书也就无效了,这又得再申请一个。 以这个契机,就来完整的说一下 https 站点 ssl 证书的 生成/获取、服务器配置(以 nodejs 为例) 方法。 ssl 证书生成 生成和 获取 是两种得到签名文件方法。...
View ArticleClik here to view.
【技术分享】NSA泄露工具中的Dander Spiritz工具使用简易教程
【技术分享】NSA泄露工具中的Dander Spiritz工具使用简易教程 2017-04-18 10:14:02 来源:MisterCh0c 作者:安全客 阅读:529次 点赞(0) 收藏 预估稿费:50RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 环境 攻击机:192.168.174.128 win7 目标机:192.168.174.130 win7 x64...
View ArticleClik here to view.
【技术分享】iOS 安全之针对 mach_portal 的分析
【技术分享】iOS 安全之针对 mach_portal 的分析 2017-04-18 11:25:56 来源:安全客 作者:shrek_wzw 阅读:870次 点赞(0) 收藏 作者:shrek_wzw@360涅槃团队 预估稿费:800RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 一. 背景 Google Project Zero的Ian...
View Article
