Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Browsing all 12749 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Bypassing Kaspersky Endpoint Security 11

Introduction During a recent engagement, I was given a windows tablet with no (pentest) tools installed and was asked to test its security and test how far I could go by compromising it. I had my own...

View Article


Image may be NSFW.
Clik here to view.

第八篇翻译:绕过XSS防护

今天的主题是关于如何绕过XSS过滤。我已经观察目标网站很久了,并且一直在尝试利用谷歌语法试图发现网站的子域名,大家也可以尝试一下。好不容易找到几个子域,正当我尝试XSS注入的时候,却被防火墙各种蹂躏 site:*.*.namecheap.com & site:*.namecheap.com...

View Article

Image may be NSFW.
Clik here to view.

The Best Smart Home Devices for 2019

Who doesn’t like a cool home like Tony Stark (Ironman)? If the entire world is at your fingertips; why not your own home? Home automation has been a dream for each one of us at some point in time. But...

View Article

Improving security by drawing identicons for SSH keys

If you're ever had to generate an encryption key pair or log into a machine using an SSH client configured with visual host keys, you've probably stumbled upon some random ASCII art gobbledygook like...

View Article

SpaceX completes its first US national security mission

SpaceX managed to squeak in one moremilestone before the end of 2018. The private spaceflight company successfully launched its first-ever US national security mission, carrying the US Air Force's...

View Article


Image may be NSFW.
Clik here to view.

Hack the Box: Waldo Walkthrough

Today we are going to solve another CTF challenge “waldo”. It is a retired vulnerable lab presented by Hack the Box for helping pentester’s to perform online penetration testing according to your...

View Article

Image may be NSFW.
Clik here to view.

Automating GitHub tasks with Node-RED

Some background While majority of the Node-RED community seems to be interested in home automation (me too, but just a little bit and I honestly think it's light-years ahead of other home automation...

View Article

Image may be NSFW.
Clik here to view.

Certifiably Gone Phishing

Phishing is [still] the primary way attackers either commit a primary criminal act (i.e. phish a target to, say, install ransomware) or is the initial vehicle used to gain a foothold in an organization...

View Article


Image may be NSFW.
Clik here to view.

揭秘“驱魔”家族:全国最大的暗刷僵尸网络上线了

前言 近期,金山毒霸安全实验室通过“捕风”威胁感知系统监控,发现一个以“流量暗刷与劫持”为主要攻击目的的老牌僵尸家族,开始进入活跃期,根据其传播渠道和技术特征,我们将其命名为“驱魔”病毒家族。 一、概述...

View Article


Image may be NSFW.
Clik here to view.

我的信息搜集之道

前段时间,看了一本书名为《Kali linux 渗透测试的艺术》,我发现书中第四章信息搜集那部分有些内容不能适应有些内容不能适用国内,这勾起了我想总结一下国内信息搜集的欲望,于是就有了这篇文章。 什么是信息搜集...

View Article

Sharing data and risks helps combat fraud, says SAS VP

Having organisations break down historic barriers and more proactively share data and risks helps the industry as a whole do a better job collectively in identifying fraud, Stu Bradley says. Stewart...

View Article

Image may be NSFW.
Clik here to view.

CISSP 认证8个知识域的整体观

CISSP的CBK在14年的时候,进了一个比较大的一个变化,从以前的十个知识域变成了八个知识域,把原来的知识点重新进行了组合,比方说把BCP的需求的那一部分搬到安全与风险管理这一个章节。 CISSP...

View Article

Image may be NSFW.
Clik here to view.

万字深度剖析:互联网用户数据和隐私――中国的现状和下一步

数据在营销和推广的中的作用空前重要,与此同时,数据和隐私的被侵犯,也成为公众最关切的问题之一。当你每天都收到无数的骚扰电话垃圾短信的时候,你很难不愤怒,到底是谁窃走了我的隐私?! 这种愤怒的情绪可能会蔓延,并且扩展到对于所有营销行为的质疑上,尤其对于互联网上的精准营销,更难免成为众矢之的。 可是,群体的情绪和事实的真象往往有很大的差异,但当情绪积累,就会腐蚀真相,并用盲目取代真相。...

View Article


Ask HN: Carrer advice for the next years

First a little background: I`m in my mid 20s, worked my way up from a help-desk position. Done 4years of sysadmin work and i am currently employed in of the largest Scandinavian based firms. My day to...

View Article

Image may be NSFW.
Clik here to view.

BUF早餐铺 | 研究人员发现新的Windows零日漏洞;Facebook被曝从第三方App收集数据:涉 ...

各位Buffer早上好,今天是2018年12月24日星期一。今天的早餐铺内容有: 研究人员发现新的 windows 0-day 漏洞; 加密货币恶意软件数量过去1年增长4000%; Facebook被曝从第三方App收集数据:涉及位置信息; 法国数据保护监管机构CNI向 Uber 开出46万美元罚单; 外交部发言人就美在网络安全问题上的错误言行发表谈话。 以下请看详细内容: 研究人员发现新的...

View Article


Image may be NSFW.
Clik here to view.

SpaceX Completes First US National Security Space Mission

Photo Credit: SpaceX/Twitter Stay on target SpaceX's Military Satellite Launch Is Delayed Again SpaceX Delays First US National Security Space Mission Due to Storms After a week of delayed launch...

View Article

Image may be NSFW.
Clik here to view.

Facebook Clickjacking分析

研究人员首先发现一个Facebook中一个非常讨厌的垃圾邮件活动,许多好友都发布了位于AWS bucket上的链接。该链接是一个有许多笑话的法国网站,这样的网站谁不会点呢? 其中的一个垃圾邮件链接 如果有人点击了该链接,就会看到位于AWS...

View Article


Image may be NSFW.
Clik here to view.

使用HackCube-Special分析滚动码信号

前言 所谓 滚动码(Rolling code) 是我们嗅探汽车遥控发射出来的射频信号,发现每一次的射频信号都是不一样的,并且每个信号只能被使用一次,这就是被称为滚动码的原因,本文以 Keeloq 举例,从设备工作频点,遥控信号编码,信号传输协议格式,来介绍滚动码是如何工作的,在介绍一下产生滚动码中最重要的 Keeloq加解密算法 ,以及Keeloq算法中使用的 编码秘钥生产规则 ,加密中...

View Article

Image may be NSFW.
Clik here to view.

快速搭建本地HTTP/2服务

2015年5月HTTP/2 标准协议正式发布后,已得到绝大部分的浏览器的支持,但截止发文时使用的网站占比还不到1/3。 本文目的是为了快速搭建一个本地 HTTP/2 服务,以供研发小伙伴开发测试,从而加深对 HTTP/2 的理解。 环境 OpenSSL : 1.0.2q Nginx : 1.15.7 步骤 生成本地根证书: # 使用AES256-bit编码加密生成4096位的根秘钥 openssl...

View Article

Image may be NSFW.
Clik here to view.

BBC拿出50万英镑寻求顶级DDoS防护

全球知名新闻媒体BBC正寻求能助其抵御分布式拒绝服务(DDoS)攻击的软件,为此出价 50万英镑 。 该广播公司既想扛得住基于容量的大型持续性网络攻击,又不想观众的BBC在线服务体验受到哪怕一点点影响。 BBC这次想签的DDoS防护合约为期3年,可延长至5年。 本公司的互联网网络承载着BBC所有面向观众的流量和内容分发服务(CDN)源流量。此外,该网络还是BBC公司网络流量的中转站。...

View Article
Browsing all 12749 articles
Browse latest View live