Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Browsing all 12749 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

EU offers bounties to help find security flaws in open source tools

The European Union believes it has a simple way to bolster its digital security: offer lots of cold, hard cash. The European Commission is launching bug bounties in January that will offer prizes in...

View Article


Image may be NSFW.
Clik here to view.

HTTPS劫匪木马卷土重来,盯上新闻娱乐购物网站

近年来,国内各大网站逐渐升级为HTTPS加密连接、甚至是全站HTTPS,以防止网站被篡改、劫持或是用户数据被监听等事件的发生,在很大程度上提升了网站的安全性。但即便如此,一向被认为“安全可靠”的HTTPS安全传输协议也无法保证万无一失――如果是在存在有木马的计算机中,HTTPS也可能被轻易劫持!...

View Article

Image may be NSFW.
Clik here to view.

【安全帮】伪造网络报警平台,骗子专找诈骗受害者进行二次诈骗

摘要: 最新微软Edge浏览器远程命令执行PoC被公开近期,国外安全人员发布了一个微软Edge浏览器内存破坏漏洞的PoC。当这个PoC作用于未打补丁的机器时,可导致远程命令执行。这个漏洞主要影响基于ja vasc ript引擎Chakra的微软Edge浏览器,攻击者利... 最新微软 Edge 浏览器远程命令执行 PoC 被公开...

View Article

Looking Forward to 2019

Let’s Encrypt had a great year in 2018. We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 67%...

View Article

Image may be NSFW.
Clik here to view.

威胁情报在应急响应中的应用

威胁情报概念 对于威胁情报的定义,各个安全研究机构和厂商给出的定义莫衷一是,其中Gartner(全球权威咨询公司)给出的定义相对来说是一个偏狭义但相对组成要素包含比较完整,我们对其原文翻译如下: “威胁情报是某种基于证据的知识,包括上下文、机制、 标示 、含义和可行的建议,这些知识与资产所面临已有的或酝酿中的威胁或危害相关,可用于资产相关主体对威胁或危害的响应或处理决策提供信息支持。”...

View Article


人工智能时代信息安全监管面临的挑战及对策

■ 国家计算机网络与信息安全管理中心 邓文兵 当前,全球范围内新一轮科技革命正在萌发,传统互联网正在向万物互联和智能化方向发生深刻转变。大数据的聚合分析、理论算法的革新、计算能力的显著提升及网络设施的迭代演进驱动人工智能发展进入新阶段。作为一项引领未来的战略性技术,人工智能具有显著的溢出效应,它将深刻改变世界竞争格局、改变人类社会生活。 与此同时,人工智能并不是万能的,它是一柄“双刃剑”。...

View Article

Top 10 network stories of 2018

After a slow start, thanks, as always, to analyst and supplier hype, 2018 was the year when software-defined networking (SDN) or, more accurately, software-defined wide area networking (SD-WAN)...

View Article

Image may be NSFW.
Clik here to view.

Typhoon靶机渗透测试

前言 Typhoon这台靶机有比较多的漏洞,最多的就是由于配置不当导致漏洞。 靶机下载及配置 Typhoon靶机下载地址: https://pan.baidu.com/s/18U0xwa9ukhYD4XyXJ98SlQ 提取码: jbn9 Typhoon靶机ip: 192.168.56.150 kali攻击者ip: 192.168.56.1 知识点 nmap dirb hydra msfvenom...

View Article


EU to Launch Bug Bounty Program for Open Source Software

The European Union has announced a series of bug bounty programs for free and open source software, including popular applications like VLC Media Player, Filezilla, PuTTY, and 7-zip. The financial...

View Article


Can we live without passwords?

Passwords are one of the pillars of security and particularly of authentication. Used by the Roman guard at the time of the night shift , they are today one of the cornerstones ofdigital security....

View Article

Image may be NSFW.
Clik here to view.

总结回望 | MS08-067漏洞的十年回顾

时光荏苒,距离MS08-067漏洞的出现已经过去十年了,与其它安全事件不同,MS08-067漏洞经历了辉煌的一页,具有里程碑意义,就连当时负责处理该漏洞的人都印象深刻记忆犹新。基于微软威胁情报总经理 John Lambert的回忆 ,我们采访了当时处理该漏洞响应事件的一线工程师,力求从他们那里得到关于MS08-067漏洞的最真实感受,全面回顾这个引发Conficke蠕虫的严重安全事件。( 点此参考...

View Article

Image may be NSFW.
Clik here to view.

从35c3CTF的filemanager题目中学到的一个小tips

再一次被国际赛血虐…. 真是太菜了。回到正题上来,看一次35c3的filemanger题目。 题目应该还没有关: Solves: 5 Check out my web-based filemanager running at https://filemanager.appspot.com. The admin is using it to store a flag, can you get it?...

View Article

Image may be NSFW.
Clik here to view.

黄金鼠APT-C-27移动攻击活动披露

报告编号:B6-2018-122901 报告来源:360-CERT 报告作者:360-CERT 更新日期:2018-12-29 0x00 背景介绍 黄金鼠组织(APT-C-27)对叙利亚地区展开了有组织、有计划、有针对性的长时间不间断攻击。其团伙主要以APK、PE、VBS、JS文件作为攻击载体,涉及Android和windows两大平台,利用社交网络和鱼叉邮件等方式散布和传播恶意载荷。...

View Article


项目中必须对应的隐性需求:安全漏洞修复

WHAT 项目中必须对应的隐性需求-安全漏洞修复 WHY 小时候下围棋,总乐于持白子。因为我的打法是“从那里来我哪里堵”,在防守中寻找对方的漏洞。这种作战方法是有底层的思想根因的:就是懒惰。不愿意去主动思考布局。...

View Article

Vein Authentication Already Hacked with a Fake Hand

While facial recognition is slowly but surely replacing fingerprint recognition on our devices, it’s believed that the next step in terms of biometric security is none other than vein authentication....

View Article


Image may be NSFW.
Clik here to view.

Poor security, privacy regulations may lead to new vulnerabilities: Report

Growing concerns around security and privacy of information in the digital world will drive legislative and regulatory actions globally, but poorly conceived regulations could also lead to the...

View Article

Best of 2018: The Dark Side of Quantum Computing

As we close out 2018, we at Security Boulevard wanted to highlight the five most popular articles of the year. Following is the fifth in our weeklong series of the Best of 2018. Quantum computing has...

View Article


Image may be NSFW.
Clik here to view.

A look at AdGuard DNS

AdGuard unveiled the final version of the company's DNS provider service in December 2018 promising privacy, security, and high performance. DNS is one of the cornerstones of the Internet. DNS, broken...

View Article

Image may be NSFW.
Clik here to view.

黑客公开谷歌 Edge 浏览器的远程执行 POC

雷锋网 (公众号:雷锋网) 消息,12月30日,据外媒报道,黑客发布了一个针对微软 Edge 浏览器的远程执行漏洞的利用代码(PoC)。此前,微软的 Edge 浏览器被曝光存在一个严重漏洞,可使攻击者通过该漏洞获取用户的电脑权限,漏洞编号为 CVE-2018-8629。 当 Edge 浏览器所使用的 javascript 引擎 Chakra...

View Article

Image may be NSFW.
Clik here to view.

使用Charles 抓包

在日常的工作中,我经常使用charles 来分析http请求,它非常的强大,可以去官网下载 https://www.charlesproxy.com/ 需要注意charles是一款收费软件,但是你可以免费使用,只不过需要忍受启动加载慢的过程。 设置为系统代理 1.安装完毕后启动,然后选择Proxy-macOS Proxy PC抓包...

View Article
Browsing all 12749 articles
Browse latest View live