SEARCH KEYWORD -- USER GUIDE


  Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb

This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work:   [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...

       2024-07-07 03:08:22

  Go Error Best Practice

Being indulged in Go for quite a while and having implemented web-related programs, grpc interfaces and Operators, I seem to be an advanced beginner now. However, I am still a raw hand in production-environmental debugging, which is cumbersome if done by querying logs or error messages. Imagine the scenario that a full-text search is called when the specific location of the error log is missing. Then what happens when those error logs are not only in one place? Yes, my error logs can no longer h...

   GO ERROR,ERROR HANDLING     2021-10-07 07:38:28

  IoT System Cyber Attack Case Study 02: Python Deserialization Attack and Library Hijacking Attack

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop that demonstrates how a red team attacker can permanently compromise a people detection radar IoT device. The attack path is achieved through a series of attacks, including traffic eavesdropping, data deserialization attacks, web shell attacks, remote command/code execution, and Python library hijacking attacks. This case study is intended for IoT and data security professional training, aiming to ill...

       2024-07-14 01:40:09

  MySQL Index Merge Optimization Practices

In production environment databases, it is often seen that some SQL where conditions include: equal condition on a normal index + primary key range query + order by limit Although using a normal index would be more efficient, the system chooses to use index merge instead in some cases. This article explores such index merge situations. Index Merge Official Introduction   The Index Merge access method retrieves rows with multiple range scans and merges their results into one. Generall...

   INDEX MERGE,MYSQL,PRIMARY INDEX,SECONDARY INDEX     2024-09-10 04:52:26

  File upload once again

File upload is one of the oldest operation of web design. After 20 years, it's still has no big change, difficult to handle, lack of interaction and poor user experience. Web developers have thought many methods to improve the experience of uploading file in web apps, they developed various plugins based on different JavaScript libraries. However, because of the difference among different web browsers, there is no common interface which makes these plugins work properly or easily on all web brow...

   Web design, File upload, Asynchronous,HTML5     2012-09-02 11:52:21

  How to play with cross domain request

What is cross domain request In simple, cross domain request is to request resource from other domain in one domain. Note, the "other domain" doesn't just mean domain name only, it includes much more. If the protocol, domain name, port is not the same, two domains will be considered different.  Below example describes what is considered as different domain. http://www.a.com/a.jshttp://www.a.com/b.js               # Same domainhttp://www.a.com/lab/a.js &nb...

   FRONT END,JSONP,CROSS DOMAIN,CROSS ORIGIN,CORS,DOCUMENT.DOMAIN,WINDOW.NAME     2016-11-06 00:48:54

  Breakdown Kubernetes Container Runtime

Keeping on learning Kubernetes piece by piece and having a deeper understanding of its advantages, I am no longer shocked at its rapid development and popularity. Though backed by big companies like Google is undoubtedly the push, its design, features, and convenience are the biggest attraction. Most of all, it disintegrates the monolithic Internet system governance and lifecycle and offers a new management method. Kubernetes is a set of concepts, including various resource types like Pod, Deplo...

   KUBERNETES,CONTAINER     2021-05-15 04:06:48

  Google’s BERT - What changed and what didn’t

Most of us should already be aware that Google has updated their algorithm. The new algorithm is called BERT (Bidirectional Encoder Representations from Transformers) and has made at least a couple of modern-day SEO experts scratching their heads trying to figure out what it means.   The good news is that there have been no major changes enough to make SEO experts change their strategies drastically. This means that all of the linking and keyword researching techniques remain the same and w...

   GOOGLE UPDATE,BERT,GOOGLE ALGORITHM,GOOGLE SEARCH     2019-10-30 05:35:05

  SIEM Big Data Visualization [04] : Data Transmission Latency SIEM Log Analysis Dashboard

This article will introduce the Data Transmission Latency Log Analysis Dashboard developed for SIEM big data analytics. This is part of the SIEM big data visualization project, if you are interested about other dashboard plug in, you can check below links: SIEM Big Data Visualization [01] : Dashboard for Monitoring Scam Events in Critical Infrastructure SIEM Big Data Visualization [02] : Dashboard for Summarizing SG National Cyber Threats in Critical Infrastructure SIEM Big Data Visualization [...

       2024-11-03 20:49:18

  php://input in PHP

When using xml-rpc, server side will get the data from client with php://input method instead of $_POST. Hence today we will discuss php://input. PHP official manual has below explanation to php://input: “php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives. php://input is not available with enctype=”multipart/form-data”. Here we und...

   php://input, IO, input     2013-02-25 20:43:00

RECENT