SEARCH KEYWORD -- DOCUMENT.DOMAIN


  IoT System Cyber Attack Case Study 02: Python Deserialization Attack and Library Hijacking Attack

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop that demonstrates how a red team attacker can permanently compromise a people detection radar IoT device. The attack path is achieved through a series of attacks, including traffic eavesdropping, data deserialization attacks, web shell attacks, remote command/code execution, and Python library hijacking attacks. This case study is intended for IoT and data security professional training, aiming to ill...

       2024-07-14 01:40:09

  OT Railway System Development: How to Use PLC to Implement Land Based Railway Track Fixed Block Sign

Figure-00: Railway fixed block signaling system over view diagram, version v1.3 (2024) Project Design Purpose: This project aims to use Programmable Logic Controllers (PLC) with train detection sensors and train control signals to develop an automated OT system for railway track fixed block signaling control. The system will include a digital equivalent simulation to explain the logic of the track fixed block Automatic Train Control (ATC) mechanism for demonstration and training purposes. In th...

       2024-07-27 04:08:41

  One thought about JavaScript exception handle

Due to network, browser and cache issues, the JS executed in production may produce different results from the testing environments. Sometimes they may produce exceptions. Front-end developers may encounter this kind of exceptions frequently. But how to log and use them is seldomly considered by them. Actually, exception handling includes two steps : log and use. 1. Log Regarding to log error, this is relatively convenient, since in each browser, there is one interface called window.onerror. win...

   JaavScript,Log,Exception,Email     2013-03-18 12:50:21

  Power Grid Simulation System 02 : FDI Power Outage Attack Case Study

We are excited to share that the Power Grid Simulation System we developed was used as part of one red team's targeted critical infrastructure system the international cyber exercise Crossed Swords 2024 which conducted in December 2024. In this article, we will introduce one power outage attack case study which use the Power Grid Simulation System as the demo platform for OT cyber security workshop. Project Design Purpose: This case study demonstrates using the Power Grid Simulation System as a...

       2025-01-11 07:35:45

  Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb

This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work:   [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...

       2024-07-07 03:08:22

  How VR technologies take over the world

Virtual Reality (VR) literally may get it beneficial to experience anything, anywhere, anytime. It is normally the several immersive type of legitimate fact technology and can convince the real real human human brain that it is usually normally someplace it can get absolutely critically not really seriously. Brain installed displays happen to be used with earphones and hands controllers to offer a entirely immersive arrive across. With the major technology businesses on whole world community (Fa...

       2019-05-20 05:30:39

  2D Indoor CQB Robot Simulation

Program Design Purpose: The integration of robots in Close Quarters Battle (CQB) represents a significant advancement in modern military and law enforcement tactics. These robots, designed to navigate tight spaces, gather real-time intelligence, and engage threats, are invaluable assets in high-stakes scenarios. Our goal is to develop a 2D tactical board simulation system, similar to a computer game, that can load building floor blueprints, display CQB squad (robot) positions, enemy locations, ...

       2024-08-11 08:40:31

  Google transferred a domain name to a Chinese company for free

Google just completed a domain transfer to another company in China. The interesting part is that this domain transfer is for free. The story begins with a recent tweet from the CEO Dash Huang of a Chinese game company called X.D. Network Inc who claims that they obtained the domain name taptap.cn from Google for free. From the tweet, Mr. Huang expressed his appreciation to Google for freely transferring the domain name taptap.cn to their company. Their company launched some product ...

   GOOGLE,TAPTAP.CN,TAPTAP     2021-09-29 11:17:18

  The four key figures behind the success of JavaScript - Douglas Crockford

JavaScript's success can be attributed to at least four key figures: Brendan Eich, the creator of JavaScript Douglas Crockford, the creator of JSLint and JSON John Resig, the creator of jQuery Ryan Dahl, the creator of Node.js. We are already very familiar with Brendan Eich and the invention process of JavaScript, so let's start with Douglas Crockford, the second in command of JavaScript. Alliance In the 1990s, Microsoft's dominance overshadowed the whole world. At this time, two challengers e...

   JAVASCRIPT,DOUGLAS CROCKFORD,HISTORY     2023-05-07 06:42:30

  First impression of Github Copilot

It has been some time since I heard about the new generation of AI powered coding assistant -- Github Copilot. Don't get chance to experience it until obtained the tech preview access recently. So this post will document some first impression while using it. For now, this tool is only supported in VSCode and it can support various different programming languages. To enable it, just need to search and install the Github Copilot extension within VSCode. Once that is enabled, you will find that whe...

   GITHUB COPILOT,FIRST IMPRESSION     2021-08-13 22:45:31

RECENT