SEARCH KEYWORD -- EXECUTABLE
Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb
This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work: [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...
Mock Solutions for GoLang Unit Test
In Go development, Unit Test is inevitable. And it is essential to use Mock when writing Unit Tests. Mock can help test isolate the business logic it depends on, enabling it to compile, link, and run independently. Mock needs Stub. Stub function replaces the real business logic function, returns the required result, and assists the test. I involved the related test code for Controllers while writing Kubernetes Operator recently, and there would be mocks for GRPC and HT...
IT System Cyber Attack Case Study 01: Malicious Macro and Backdoor Trojan Attack on IT-Network
Project Design Purpose: The objective of this cyber attack case study is to develop a workshop showcasing a practical demonstration of a red team attacker implementing an IT system/network attack via a Malicious Macro MS-Office-Word file (CVE-2015-1641) and phishing email generation program to penetrate multiple layers of firewall defenses and implant a backdoor trojan into the railway system's OT network. Related Links: GitHub Project Link , LinkedIn Post Link Attacker Vector: Malicious Macro ...
IoT System Cyber Attack Case Study 02: Python Deserialization Attack and Library Hijacking Attack
Project Design Purpose: The objective of this cyber attack case study is to develop a workshop that demonstrates how a red team attacker can permanently compromise a people detection radar IoT device. The attack path is achieved through a series of attacks, including traffic eavesdropping, data deserialization attacks, web shell attacks, remote command/code execution, and Python library hijacking attacks. This case study is intended for IoT and data security professional training, aiming to ill...
RECENT
- How Artificial Intelligence Is Helping Fight Environmental Challenges
- How to Deal with Accusations of Negligence as a Business
- Google's Business Operations in China Amid Antitrust Scrutiny
- Deploying DeepSeek-R1 Locally with a Custom RAG Knowledge Data Base
- Balancing Convenience and Security in the Digital World
- My AI Learning Journey: Exploring the Future of Technology
- Power Grid Simulation System 02 : FDI Power Outage Attack Case Study
- Be Careful When Using Cursor to Help Build Application
- Calculating Token Count for Claude API Using Go: A Step-by-Step Guide
- Understanding Cursor and WindSurf's Code Indexing Logic
- more>>
