• Game anti plug-in scheme based on security APK reinforcement


    1、 Preface With the rise of mobile Internet, the mobile game market has burst out suddenly in recent years, and the scale of revenue has increased rapidly. According to the third-party data statistics, the domestic mobile game market scale has reached 51.46 billion in 2015. Due to the strong rise of mobile game market, and […]

  • Alibaba cloud gedaibin: let the world have no hard to do security operation and maintenance


    As a female editor who loves to make complaints about zombie films, I have been very fond of many tuckers. God Lulu, I just like to watch the wonderful and exciting plot of zombie siege. How can some colleagues queue up to grab the T-shirt of UNIQLO and kaws? Is this the real version of […]

  • K8s ecological weekly report | loopholes affecting almost all k8s clusters


    The k8s ecological weekly mainly contains some information that I have been exposed to and recommended on a weekly basis. Welcome to the k8s ecology column. Docker v19.03.11 release Only a week after the release of v19.03.10, docker released a new version of v19.03.11. This version is a security repair version, which prevents address spoofing […]

  • Tomcat AJP file contains vulnerability (cve-2020-1938) vulnerability recurrence


    Vulnerability profile The vulnerability is caused by the flaw of Tomcat AJP protocol. The attacker can read arbitrary files under webapp by constructing specific parameters. If the target server is the same asThe attacker can further implement remote code execution。 Scope of influence Apache Tomcat 6 Apache Tomcat 7  Apache Tomcat 8  Apache Tomcat 9  Vulnerability verification Port scan of target host You […]

  • Thinkphpp5-0-x Remote Code Execution Vulnerability Analysis (January 11, 2019)


    Can we have a good weekend by blasting holes on Friday afternoon! Analysis process Key location of this vulnerability:/thinkphp/library/think/Request.php, lines:501 It can be seen from the figure that controllable data sources are introduced into the method function isset($_POST[Config::get(‘var_method’) $this->methodCalled dynamically after getting the value of the data$this->{$this->method}($_POST)The key location of the vulnerability is in this […]

  • Research on the security of deep neural network model


    At the International Conference on dependent systems and networks (DSN 2020) held in Spain from June 29 to July 2, quantifying DNN model robustness to the real world threads was successfully selected. In this paper, baidu security researchers set up a set of standardized framework to measure the robustness of deep neural network in the […]

  • Steps for detecting Janus vulnerability in apk


    Description of Janus Android App only uses V1 signature, there may be Janus vulnerability (cve-2017-13156), Janus vulnerability (cve-2017-13156) allows attackers to arbitrarily modify the code logic in app without changing the original signature. Scope of influence: Android 5.1.1 – 8.0 Detection mode Mode 1 – use GetApkInfo.jar tool GetApkInfo.jar (https://github.com/bihe0832/Android-GetAPKInfo) Open CMD and enter the […]

  • Search for SSH violence attacks: use awk, grep and other commands to analyze the auth log of the server


    Brute force cracking of SSH password is a very common attack. Almost every login server with SSH password will be attacked. In this paper, the auth log is analyzed by Linux tools, and the attacker’s IP, IP geographical location, user name and the number of attacks are found in a very simple way. We have […]

  • Description and configuration of Python djanjo CSRF


     Django csrf  Cross Site Request Forgery of CSRF cross site request forgery. Also known as one click attack and session riding, it is often abbreviated as CSRF or xsrf. You can understand this: attackers (hackers, phishing websites) steal your identity and send malicious requests in your name. These requests include sending e-mail, sending information, stealing […]

  • Front end click hijack


    Click hijack User’s own operation – stealing user‘s funds (transfer, consumption) Users don’t know – get sensitive information of users ….if Using iframe to embed the page, and setting the transparency of the original page to zero, so as to achieve click hijacking Click hijack defense JavaScript disable embedding In an embedded pagetopandwindowUnequal if (top.loaction […]

  • Talk about big front-end network security


    Original link: https://juejin.im/post/5e84b14151882573be11b795 For front-end children’s shoes, network security is mostly heard, but not heard. After all, in today’s era of front-end in full swing, most things are increasingly mature, ready to use out of the box, cloud services, frameworks, etc. have helped us with security precautions, and we don’t need to pay too much […]

  • Solve these problems, and take care of the waiting insurance easily


    Brief introduction of equal protection What is waiting insurance Equal protection is the abbreviation of “network security level protection”, which is a kind of work to protect the network and information system according to the importance level. Issued on November 7, 2016, and implemented since June 1, 2017, the network security law stipulates that: hierarchical […]