SEARCH KEYWORD -- Program


  IoT System Cyber Attack Case Study 02: Python Deserialization Attack and Library Hijacking Attack

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop that demonstrates how a red team attacker can permanently compromise a people detection radar IoT device. The attack path is achieved through a series of attacks, including traffic eavesdropping, data deserialization attacks, web shell attacks, remote command/code execution, and Python library hijacking attacks. This case study is intended for IoT and data security professional training, aiming to ill...

       2024-07-14 01:40:09

  IT System Cyber Attack Case Study 01: Malicious Macro and Backdoor Trojan Attack on IT-Network

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop showcasing a practical demonstration of a red team attacker implementing an IT system/network attack via a Malicious Macro MS-Office-Word file (CVE-2015-1641) and phishing email generation program to penetrate multiple layers of firewall defenses and implant a backdoor trojan into the railway system's OT network. Related Links: GitHub Project Link , LinkedIn Post Link Attacker Vector: Malicious Macro ...

       2024-08-03 08:21:49

  Python and PLC Communication

This article provides detailed steps on how to use Python to communicate with Schneider M221 and Siemens S7-1200 PLCs via Ethernet. Additionally, we offer a packaged Python PLC client library, enabling you to easily build your own SCADA control programs, such as Human-Machine Interfaces (HMI). The system overview is shown below: To check the project detail please refer to Python Physical PLC Communication Clients # Created: 2024/06/29 # Version: v0.1.3 # Copyright: Copyright (c) 2024 ...

   PYTHON,PLC,COMMUNICATION     2024-06-30 02:21:17

  Identify & Address 3 Common BYOD Adoption Problems

With an abundance of mobile phones, tablets, and other personal devices; delivering Enterprise Mobility Solutions has become much more easier as compared to early years, however; the new avenues that have opened up for Enterprise Mobility Consulting in India brings in new, interesting and unforeseen challenges as well. Alongside the growing presence of SaaS applications and BYOD; data protection and integrity has become very critical and a concern that demands immediate attention. Here are some ...

   enterprise mobility solutions, enterprise mobility consulting, enterprise mobility management servic     2015-03-16 06:05:21

  Use Java ThreadLocal with caution

According to Oracle documentation, ThreadLocal is a class provides thread-local variables. These variables differ from their normal counterparts in that each thread that accesses one (via its get or set method) has its own, independently initialized copy of the variable. ThreadLocal instances are typically private static fields in classes that wish to associate state with a thread. In short, ThreadLocal variables are variables belong to a thread, not a class or an instance of a class. One common...

   JAVA,MEMORY LEAK, THREADLOCAL     2015-11-03 07:31:57

  Python PLC Honeypot Project

Program Design Propose : This project aims to develop a sophisticated honeypot system that emulates an OT (Operational Technology) SCADA network environment, bridging Level 1 OT field controller devices (PLCs) with Level 2 control programs, including Human-Machine Interfaces (HMIs). This honeypot will simulate various PLC models from major vendors, such as Schneider and Siemens, while supporting the primary communication protocols Modbus-TCP and Siemens-S7Comm. The system will integrate essenti...

       2024-11-25 03:56:49

  13 Hours of Crisis: Tracking a GitHub Poisoning Incident

Incident Overview Since 6 PM Beijing Time on December 4, 2024, “ghost repositories” have been appearing on GitHub. These repositories contain no code but include deceptive virus files. That same day, they became the fastest-growing repositories on GitHub in terms of stars. Over 180 fake zombie accounts were spreading the virus, waiting for victims to fall into their trap. A Chinese developer—myself—took notice of all this. After days of probing and searching, I identified...

   GITHUB,POISON,SIMPLEBOT,CHINA     2024-12-06 22:14:25

  10 design flaws of JavaScript

JavaScript's design took only ten days. Moreover, the designer didn't want to design it initially, he just wanted to complete the task assigned by company. It is now a very powerful client side programming language used in almost all the websites. It's an excellent language, but it also has some flaws. 1. Not suitable for large projects JavaScript doesn't have namespace, it's hard to be modular, there is no standard for putting codes in multiple source files. It allows defining functions with th...

   JavaScript, Design flaw, Object     2012-11-29 11:39:35

  Power Grid Simulation System 02 : FDI Power Outage Attack Case Study

We are excited to share that the Power Grid Simulation System we developed was used as part of one red team's targeted critical infrastructure system the international cyber exercise Crossed Swords 2024 which conducted in December 2024. In this article, we will introduce one power outage attack case study which use the Power Grid Simulation System as the demo platform for OT cyber security workshop. Project Design Purpose: This case study demonstrates using the Power Grid Simulation System as a...

       2025-01-11 07:35:45

  When a CA becomes untrustable

Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet. The core of these security protocols is the certifi...

   APPLE,SECURITY,GOOGLE,MOZILLA,NEWS,WOSIGN     2016-10-01 23:03:44

RECENT