最烂密码、神级密码和逆天改命密码,我已经跪下叫爸爸了!
马上就要年终了,在这辞旧迎新的时刻,让我们一起回望2018,展望2019,看看今年的“最烂密码榜单”,这次你上榜了吗? 最烂密码榜单 打开2018年最烂密码榜单,首先揭晓TOP1――“123456”,从2014年开始连续五年夺冠,成为当之无愧的最“烂”!...
View ArticleHack the Box (HTB) Machines Walkthrough Series ― Bank
Continuing with our series on the Hack the Box (HTB) machines, this article contains the walkthrough of another HTB machine. This one is named “Bank.” HTB is an excellent platform that hosts machines...
View ArticleRed Team Assessment Phases Everything You Need to Know!
The antagonistic approach of a Red Team makes things challenging to an organization’s system, policies, anticipations and adaptations. These days, organizations want the Red Teams to challenge the...
View ArticleChange one password
It is that time of year where security professionals the world over end up talking with friends and family about security. It will be inevitable, almost as inevitable as someone wearing a stupid...
View ArticleCrypto Hijackeing Shows No Signs of Slowing down Eset Report
The latest report from ESETThreat Radar Report indicates that the year 2019 will not stop showing the number of crypto jacking courses. Despite the downtrend in most altcoins, crypto jacking attacks...
View Article黑客们有多喜欢phpadmin?php代码有多恐怖。
我写了一个项目,项目的功能是抓取服务器上的http包,当有人通过http 访问我的服务器的时候,我的项目就把request请求显示出来。 此项目代码运行在我的服务器上。 运行一段时间后非常惊奇,发现我的一个小小网站会被黑客攻击。 黑客会扫描各种php程序。 下面是其中一张截图,就是扫描phpadmin的。非常恐怖。 屏幕快照 2018-12-25 下午5.09.59.png...
View ArticleDreaming of a white Christmas with ggmap in R
With the holidays approaching, one of the most discussed questions at STATWORX was whether we’ll have a white Christmas or not. And what better way to get our hopes up, than by taking a look at the...
View Article快报!欧盟的外交电报竟然被黑客窃听了?
近日,《纽约时报》刊登了一份据称是被黑客窃取来的欧盟外交电报摘录。很显然,这份数据报告是由某家网络安全公司专门“泄露”给记者同志们的。 《纽约时报》表示,这1100份外交电报是由一家名叫 Area1 的信息安全初创公司提供给他们的,而这家公司据说是由三名前美国国家安全局官员创立的。 NSA上一次被爆出与窃取国家机密相关的新闻是当时与NSA前系统管理承包商Edward...
View ArticleMD5 and SHA-1 Still Used in 2018
Last week, the Scientific Working Group on Digital Evidence published a draft document -- " SWGDE Position on the Use of MD5 and SHA1 Hash Algorithms in Digital and Multimedia Forensics " -- where it...
View ArticleManaging and Securing Containers Just Got Easier
When it comes to securing a public cloud infrastructure, many organizations are under the impression that the workloads they run are secured by their cloud services provider. This just isn’t so, and...
View ArticleSnap employees reportedly feel CEO Evan Spiegel is aloof thanks to private...
Snap employees perceive their chief executive Evan Spiegel as an aloof leader, thanks to the fact he takes private jets and wants full-time armed guard. That's according to a Wall Street Journal dive...
View Article供水行业工控系统信息安全现状
摘要 本文主要介绍了供水行业采用自动化和信息化的原因、自动化和信息化的目前发展状态、管理相关的各类要素、补丁管理的流程以及未来发展趋势。 1概述...
View ArticleNew Advanced Dynamic Scan Policy Template in Nessus 8
According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let’s say we found out that some Nessus...
View ArticleTop 30 A+ Interview Questions for 2019
The CompTIA A+ is an entry-level PC computer service technician certification. This is often the first certification one earns in their IT career and can help land you a job that will be a springboard...
View ArticleHappy Holidays! Here’s your Business Email Compromise (BEC) gift card scam
Deck the hall with sad employees, Fa, la, la, la, la, la, la, la, la! ‘Tis the season to be swindled, Fa, la, la, la, la, la, la, la, la! I am not too proud to admit that I was a victim of Business...
View ArticleGolang学习笔记之MD5
1.单向加密 什么是单向加密算法。简而言之就是不可解密的加密方法,也叫作非可逆加密, 用这种方法加密过的东西,地球上现有的人类在有限的时间内是无法解密的,包括加密者自己。 2.常用的单向加密算法有哪些呢?...
View ArticleWishing Our Readers a Merry Christmas and a Happy New Year
Add to favorites Looking forward to 2019 Computer Business Review wishes all of our loyal readers a wonderful Christmas. We will be back, bringing you the news, interviews and insight that count in...
View Article6 Easiest InfoSec Certifications
There are few areas in IT that receive more scrutiny than information security. Barely a week goes by without news of a major data breach. These incidents are often followed by reports of the...
View Article一次被防火墙拦截的挖矿病毒应急处置经历
*本文作者:littt0,本文属 CodeSec 原创奖励计划,未经许可禁止转载。 前言 在应急响应的过程中,客户反馈深信服防火墙AF 报告客户服务器僵尸网络警告,服务器试图解析恶意域名msupdate.info。于是客户使用360,火绒剑等杀毒软件均没有发现异常现象。于是求助我,遂有此文章。 病毒virustotal.com的报告,可以看到很多国内厂商依然无法检出: SHA256:...
View Article