SEARCH KEYWORD -- Click and Drag


  Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb

This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work:   [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...

       2024-07-07 03:08:22

  How Chinese tech websites survive

As a tech site which aims to share knowledge and experience, content is its core value. To attract readers, it needs to produce valuable content and keep the originality of the content. When an article is published on a site, it should be a copyrighted property of that site or the original author while others should be very careful when considering to copy that article to their own site. They should generally avoid to copying the whole content of the article. However, in reality, this is no...

   WEBSITE,COPYRIGHT,CHINESE     2017-08-08 21:54:32

  IT System Cyber Attack Case Study 01: Malicious Macro and Backdoor Trojan Attack on IT-Network

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop showcasing a practical demonstration of a red team attacker implementing an IT system/network attack via a Malicious Macro MS-Office-Word file (CVE-2015-1641) and phishing email generation program to penetrate multiple layers of firewall defenses and implant a backdoor trojan into the railway system's OT network. Related Links: GitHub Project Link , LinkedIn Post Link Attacker Vector: Malicious Macro ...

       2024-08-03 08:21:49

  Python SSH Connection Tools

Program Design Purpose: We aim to create a simple Python SSH tool library that facilitates SSH communication, SCP file transfer, and SSH port forwarding through multiple jump hosts in an SSH tunnel chain. The library is designed to provide a simple API for establishing nested SSH tunnel connections through multiple jump hosts with customizable TCP ports. This allows users or their programs to automate SSH tasks such as: Batch processing SSH connection tasks, such as connecting to multiple ser...

       2024-08-30 04:46:05

  12 useful Chrome commands

Many useful features of Chrome don't show up on its menus. You can access them through the chrome:// command. In this article we will introduce 12 useful chrome:// commands. 1. chrome://flags It can be used to turn on or turn off some chrome features. 2. chrome://dns This command will show the domain name list caught by the browser. 3. chrome://downloads You can access this through chrome menu as well. The shortcut is Ctrl+J 4. chrome://extensions This command equals to Menu->Tools->Ext...

   Chrome,chrome://     2013-01-25 04:38:03

  About browser event

First look at following codes: var $ = KISSY.all; $(‘a’).on(‘click’,function(e){ doSomeThing();//This function seems very famous e.halt(); }); The above codes seem complete the work we want them. The browser will not redirect us to the link in href, but is there some issue with the codes above? Before explaining what's wrong with the above codes, we first need to understand some concepts. Browser default behavior When we click a link, the browser will redirect us to anoth...

   JavaScript event,Event bubbling,event capturing     2012-11-15 11:15:41

  Which Type of IT Career is Best For You?

Considering the growth of the information technology job market, a career in IT is an incredibly smart career move.  A career in IT can mean many things – you can become a network administration, website developer, database specialist, programmer or engineer. The job range is vast and can suit various personalities and levels of technical skill. Having a good insight into those job profiles is key to make the right decision about your career path. Here's a selection of some of the mos...

   career,IT,tips     2014-07-30 09:21:40

  Applying Large Language Models (LLMs) to Solve Cybersecurity Questions

In this document, we will introduce some test, experiment and analysis conclusion about applying Large Language Models (LLMs) to solve cybersecurity questions. Introduction Large Language Models (LLMs) are increasingly used in education and research for tasks such as analyzing program code error logs, help summarize papers and improving reports. In this project, we aim to evaluate the effectiveness of LLMs in solving cybersecurity-related questions, such as Capture The Flag (CTF) challenges, ...

       2024-09-08 04:05:07

  Remove browse button from input type=file

In Web 2.0 era, many websites will ask the user to upload their avatar when creating their profile. In HTML, the input control we should use is input="file". This is a file control provided by the browser vendor and it should be ran in a sandbox for security consideration. Browsers don't provide ways to choose file from local and upload to the remote server without the input="file" control.  There is one annoying part about the input="file", which is a default button named "Choose File" or...

   file,html,browse,remove browse button     2015-07-12 05:17:51

  What is your opinion on WordPress hosting providers?

WordPress is a popular content management system (CMS) used by millions of websites around the world. According to data from W3Techs.com, at least 64.2% of websites that have CMS use WordPress’s system. However, to run a WordPress website, you need a hosting provider that can support it. There are many hosting providers that offer specialized WordPress hosting. For example, they would provide seamless, one-click WordPress migrations, or dedicate a team of experts to address any WordPress-r...

   WORDPRESS,HOSTING PROVIDER     2023-02-27 06:45:29

RECENT