Tag:Loophole
-
Time:2021-3-2
MS SQL Server / MySQL / Oracle log extraction and security analysis 1、 MS SQL Server Log Analysis: 1. Introduction to MS SQL Server database: Microsoft SQL server is a relational database management system (RDBMS) developed by Microsoft. It has the advantages of easy to use, good scalability and high degree of integration with related […]
-
Time:2021-2-2
“K8s ecological weekly” mainly contains some weekly information about k8s ecology that I have come into contact with. Welcome to the Zhihu column “k8s ecology”. Helm v3.2.0 officially released After more than two months, helm v3.2 was officially released this week! This version has brought a lot of noteworthy content, let’s take a look together. […]
-
Time:2021-1-3
In July this year, Apple announced the launch of a new Apple security research device project, which will provide researchers with specially configured iPhones with unique code execution and containment policies to support security research. Now, apple is informing the first researchers that they will receive these special iPhones today. Apple said the devices would […]
-
Time:2020-11-20
Empire (usestager usage, authorization, persistence backdoor) Premise of this chapter: the listener has been set up successfully (please refer to Article 14 of day for how to set up the listener) 1. Several usages of usestager windows/launcher_sct: Introduction: Regsvr32 command is used to register COM components. It is a command provided by Windows system to […]
-
Time:2020-11-12
Technical editor: mango fruit from the editorial departmentSegmentFault has he reported the official account number: SegmentFault How serious are the vulnerabilities that affect the secure boot function? Probably, it will affect almost all boot loaders used by Linux systems, and almost all windows devices that use secure boot The so-called “boothole” vulnerability is this kind […]
-
Time:2020-10-26
1. Preface Recently, I came across the article about PI hole < = 4.3.2 Remote Code Execution Vulnerability (cve-2020-8816). The cause of the vulnerability is not very difficult, but the exp constructed in it has aroused my interest. Since PI hole code converts the parameters of command injection into uppercase, shell parameter extension is used […]
-
Time:2020-10-22
Technical editor: Xu Jiufa stands on his ownSegmentFault has he reported the official account number: SegmentFault Recently, Google announced that it has found a security vulnerability in Apple‘s image I / O. Google’s Project Zero team outlined a number of details of the vulnerability after Apple said it was safe for users and that the […]
-
Time:2020-10-18
summary After sharing the evaluation of application hardening last time, many people want to see the comparative data related to vulnerability scanning. In fact, when choosing these mobile security products on the market, I often feel puzzled by all kinds of complicated data. I don’t know how to judge their performance and price, so as […]
-
Time:2020-10-15
1、 Preface With the rapid development of Android operating system, apps running on Android have sprung up. Because some app developers only pay attention to the implementation of APP business functions, they do not pay enough attention to the security problems of app, which makes app have more security risks. Some domestic security vendors provide […]
-
Time:2020-10-14
preface In the last article, after the comparison of charges, scanning time after sample testing and vulnerability items of aliju security [1], 360app vulnerability scanning [2], Tencent King Kong audit system [3], baidu mobile cloud test center [4] and apprisk scanner [5], this article will take the scanning ability of each manufacturer as the analysis […]
-
Time:2020-10-13
0X01 About WebView In Android development, WebView is often used to display web pages, start your own browser in activiry, or simply display some online content. WebView is powerful and widely used, but it is a combination of angels and demons. On the one hand, it enhances the online experience of app and makes app […]
-
Time:2020-10-11
The first part and the second part are reviewedThrough charging, scanning time after sample testing, comparison of vulnerability items and scanning ability, this paper makes a comparative analysis on aliju security [1], 360app vulnerability scanning [2], Tencent Vajra audit system [3], baidu mobile cloud test center [4] and apprisk scanner [5]. As the last article […]