SEARCH KEYWORD -- socket
IoT System Cyber Attack Case Study 02: Python Deserialization Attack and Library Hijacking Attack
Project Design Purpose: The objective of this cyber attack case study is to develop a workshop that demonstrates how a red team attacker can permanently compromise a people detection radar IoT device. The attack path is achieved through a series of attacks, including traffic eavesdropping, data deserialization attacks, web shell attacks, remote command/code execution, and Python library hijacking attacks. This case study is intended for IoT and data security professional training, aiming to ill...
Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb
This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work: [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...
Python and PLC Communication
This article provides detailed steps on how to use Python to communicate with Schneider M221 and Siemens S7-1200 PLCs via Ethernet. Additionally, we offer a packaged Python PLC client library, enabling you to easily build your own SCADA control programs, such as Human-Machine Interfaces (HMI). The system overview is shown below: To check the project detail please refer to Python Physical PLC Communication Clients # Created: 2024/06/29 # Version: v0.1.3 # Copyright: Copyright (c) 2024 ...
PYTHON,PLC,COMMUNICATION 2024-06-30 02:21:17
Time-saving tips Linux users should know
As a programmer or system administrator, we have more chances of working on *nix platforms. It's tough experience when first start use *nix as we need to face a black screen without knowing what's behind it. Now, if we can have some resources to rely on, then we will find the beautify of *nix. They are fast, efficient and most importantly sexy. Below are some great tips for helping Linux users get used to Linux. This list is a bit long. So be patient. To get more information on a command mention...
A journey to investigate a goroutine leakage case
In Go, creating goroutines is straightforward, but improper usage may result in a large number of goroutines unable to terminate, leading to resource leakage and memory leaks over time. The key to avoiding goroutine leaks is to manage the lifecycle of goroutines properly. By exporting runtime metrics and utilizing pprof, one can detect and resolve goroutine leakage issues. This post will go through one real case encountered by the author. The author maintains a service that connects to a targe...
TIMEOUT,SSH,GUIDE,DEBUG,LEAK,GOROUTINE,PPROF,GOLANG 2024-03-16 11:00:23
Introduction to the Application of eBPF in Golang
Most of the time, when we develop software or even use software, we play within the safe boundaries of the operating system. We might not know how the network interface welcomes that IP packet, nor how the filesystem handles the inodes when we save a file. This boundary is called user space, which is where we write applications, libraries, and tools. But there's another world, kernel space, where the operating system's kernel resides and is responsible for managing system resources such as memor...
EBPF,GOLANG,GUIDE,APPLICATION 2024-10-02 08:46:37
How to check a port is taken by which program on Linux
Lots of you may have encountered some error message stating that the port has been taken by another program while trying to start a program on Linux. And you would want to know which program takes the port you want to use. This post will provide some feasible ways to check out which program is taking a specific port. lsof -i:[port] lsof is the command to list open files on Linux. And if you know more about Linux you should get to know everything on Linux is a file even including networ...
RECENT
- How Artificial Intelligence Is Helping Fight Environmental Challenges
- How to Deal with Accusations of Negligence as a Business
- Google's Business Operations in China Amid Antitrust Scrutiny
- Deploying DeepSeek-R1 Locally with a Custom RAG Knowledge Data Base
- Balancing Convenience and Security in the Digital World
- My AI Learning Journey: Exploring the Future of Technology
- Power Grid Simulation System 02 : FDI Power Outage Attack Case Study
- Be Careful When Using Cursor to Help Build Application
- Calculating Token Count for Claude API Using Go: A Step-by-Step Guide
- Understanding Cursor and WindSurf's Code Indexing Logic
- more>>
