Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Browsing all 12749 articles
Browse latest View live

Top 30 Chief Information Security Officer (CISO) Interview Questions and...

Introduction So you made it to what some may call the pinnacle of your Information Security career Chief Information Security Officer (CISO)…or at least the job interview! Any job interview can be...

View Article



MiiX 全球区块链黑客马拉松超级大赛开启

本次技术大赛,由中国通信工业协会区块链专委会指导,开源中国、火星财经、TokenSky、python中文社区、TRON、旗点咨询、GoCN、Golang、fintech4good、北大区块链俱乐部、火聘online、MPT Capital、bCamp、BCspark、陀螺财经、北京EOS、EosLists、区块链研习社、Elements...

View Article

Image may be NSFW.
Clik here to view.

关键信息基础设施安全态势感知技术发展研究报告

关键信息基础设施安全态势感知技术发展研究报告 前言: “态势感知(Situation Awareness,SA)”是一种基于环境的、动态、整体地洞悉安全风险的能力,是以安全大数据为基础,从全局视角提升对安全威胁的发现识别、理解分析、相应处置能力的一种方式,最终是为了决策与行动,是安全能力的落地应用。...

View Article

Image may be NSFW.
Clik here to view.

重出水面:伊朗背景恶意组织新型网络钓鱼攻击分析

一、概述 网络钓鱼攻击,向来是具有伊朗背景的恶意组织用于获取账户的最常见渗透形式。CERTFA分析了该恶意组织最新的网络钓鱼攻击活动,该攻击被称为“迷人小猫的归来”(The Return of The Charming Kitten)。 在此次恶意活动中,恶意组织主要针对参与对伊朗经济和军事制裁的组织,以及世界范围内的特定政治家、公民、人权活动家和记者。...

View Article

Image may be NSFW.
Clik here to view.

做OT的事件响应是不可能的任务?

当今时代,网络攻击不是会不会发生而是什么时候发生的问题。这意味着全世界的工业设施都需重新审视和安排自身在数字工业网络安全上的投资。随着优先级的迁移,相对于传统防护战术,提升在事件检测与响应策略及工具方面的投资力度就成了当务之急。 换句话说,打造典型网络安全边界期望能拦住攻击者的做法已经不再适用,必须设计处理攻击的规程,准备好一旦有人侵入便能立即缓解并修复任意损害。...

View Article


Image may be NSFW.
Clik here to view.

Identity as a Service (IDaaS) Working & Benefits of Single Sign-On (SSO ...

The last tutorial was all about Infrastructure as a Service (IaaS) . Today, we will learn Id entity a s a S ervice (IDaaS). An Identity as a service will build, manage, and host, by the third-party...

View Article

Security Think Tank: Focus on malicious use of AI in 2019

One thing predicted for 2018 that did not happen Many security experts, including me, predicted that in 2018 we would see a continued explosion in ransomware , as we saw in 2017. And while ransomware...

View Article

习近平:没有网络安全就没有国家安全

坚持总体国家安全观,是习近平新时代中国特色社会主义思想的重要内容。党的十九大报告强调,统筹发展和安全,增强忧患意识,做到居安思危,是我们党治国理政的一个重大原则。习近平同志围绕总体国家安全观发表的一系列重要论述,立意高远,内涵丰富,思想深邃,把我们党对国家安全的认识提升到了新的高度和境界,是指导新时代国家安全工作的强大思想武器,对于新时代坚持总体国家安全观,坚定不移走中国特色国家安全道路,完善国家安...

View Article


Image may be NSFW.
Clik here to view.

WannaCry is Still Active in Hundreds of Thousands of Computers

Citing posts by security researcher Jamie Hankins on Twitter , Bleepingcomputer reports thatWannacry ransomware is still active, but dormant, on thousands of computers across the world. Jamie Hankins...

View Article


Starting April, All vehicles in India will come fitted with high security...

All motor vehicles will come fitted with tamper-proof high security registration plates (HSRPs) from April 1 to protect against counterfeiting. The transport ministry has notified mandating that HSRP...

View Article

Image may be NSFW.
Clik here to view.

默默守护安全12载,360首获“人民匠心”

12月25日,中国最大的网络安全公司360获人民网颁发的2018“人民匠心企业奖”,作为唯一入选的网络安全公司,360集团12年来专注网络安全核心技术研发和产品创新,得到了“人民之选”专业评审委员会的认可。...

View Article

Best of 2018: 6 Tricky Obstacles Security Teams Face in GDPR Compliance

As we close out 2018, we at Security Boulevard wanted to highlight the five most popular articles of the year. Following is the fourth in our weeklong series of the Best of 2018. The European Union’s...

View Article

Best of 2018: Top 9 Kubernetes Settings You Should Check to Optimize Security

As we close out 2018, we at Container Journal wanted to highlight the five most popular articles of the year. Following is the fourth in our weeklong series of the Best of 2018. If you use Kubernetes,...

View Article


Image may be NSFW.
Clik here to view.

LCG Kit:恶意office文档构建器分析

概览 Proofpoint研究人员于2018年3月发现一个武器化的文档构建服务LCG Kit。研究人员通过追踪LCG Kit发现,它以不同的形式利用了微软office公式编辑器的CVE-2017-11882漏洞[1]。最近,恶意软件作者又将VB脚本漏洞CVE-2018-8174 [2]利用融入,该漏洞在许多邮件攻击活动中被广泛使用。11月底,LCG kit加入了使用微软office...

View Article

Image may be NSFW.
Clik here to view.

渗透测试实战-ROP靶机PWN+SolidState靶机入侵

前言 大家好,爱写靶机入侵文章的我又来了!本次靶机分2种第一种为CTF中的PWN,该靶机设计在linux 32位系统中,一共分为3个等级,本次先实战使用 level-0 ,第二个靶机为SolidState,还是跟原来一样我们入侵进去拿到root权限。 靶机安装/下载 靶机ROP下载地址: https://pan.baidu.com/s/1rYDOK-EDZDEfEYk2_IfRMg...

View Article


Useful article for generating SSL certs on Windows

This is just an article I wanted to share that I found useful. I figured it would also be useful to others that are looking at local dev on windows using HTTPS. The only difference I want to mention,...

View Article

Image may be NSFW.
Clik here to view.

RDP蜜罐:中间人技术的实践

作为在GoSecure为期四个月的实习的一部分工作,我们创建一个远程桌面协议(RDP)的蜜罐。为了实现这一点,我们使用了一个linux服务器,上面带有一个RDP中间人(MITM)程序,它可将流量重定向到真正的windows Server上。 在搜索利用工具时,我们发现了RDPY,一个自带MITM的python...

View Article


Image may be NSFW.
Clik here to view.

Wordpress contact_form_7_v5.0.3 插件 权限提升、任意文件读取漏洞分析

作者: i9n0re 简介 看到了国外有大佬发了关于WordPress的一个非常有名的插件,contact form 7的漏洞,之前见到过很多WordPress站点使用这个插件,大佬写的比较笼统,一些详细的利用方式没有说的太明白. 漏洞成因...

View Article

Image may be NSFW.
Clik here to view.

What is BigchainDB?

Sophia Armstrong , a computer science major at East Carolina University, provided an overview of BigchainDB in her Lightning Talk, "Blockchain database for a cybersecurity learning environment," at...

View Article

Image may be NSFW.
Clik here to view.

Retail in 2019 needs security precautions

As the retail industry follows suit with today’s digital transformation, customer expectations are at an all-time high. Retailers are looking to address these demands with interconnected experiences to...

View Article
Browsing all 12749 articles
Browse latest View live




Latest Images