记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

Dahua Cameras Unauthorized Access Vulnerability Technical Analysis and Solution

阅读: 0Recently, Dahua Technology, a well-known security camera and digital video recorder (DVR) vendor in China, released firmware updates to address a serious security issue in certain products. Before the vendor made an official statement on this issue, however, a security researcher named Bashis said that this vulnerability seemed to be a backdoor intentio
发布时间:2017-03-18 10:35 | 阅读:248196 | 评论:0 | 标签:威胁通报 About NSFOCUS Dahua Cameras Unauthorized EnglishVersion

Apache Struts2 Remote Code Execution Vulnerability (S2-045) Technical Analysis and Solution

阅读: 1Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution.For details, visit the following link:htt
发布时间:2017-03-10 05:50 | 阅读:199031 | 评论:0 | 标签:安全报告 About NSFOCUS Apache Struts2 EnglishVersion NSFOCUS Thr

Hadoop Hit by Ransom Attack

阅读: 16Recently, some hacker organizations have turned their eyes to ransom attacks targeting certain products. As of last week, hacker organizations had taken control of and wiped data from at least 34,000 MongoDB databases, asking for a ransom to return the stolen files. 文章目录OverviewWhat Is Hadoop?Ransom Attack PatternProtection MeasuresAbout NSFOCUSOvervie
发布时间:2017-02-24 18:05 | 阅读:113587 | 评论:0 | 标签:安全报告 About NSFOCUS EnglishVersion Hadoop Hit by Ransom Attac

2016 NSFOCUS Security Report Regarding Network Video Surveillance Systems

阅读: 20With the robust development of the Internet of Things (IoT), more and more security issues are found with IoT devices. These imminent threats, especially those from network video surveillance systems (NVSSs) that account for a large majority of IoT devices, have drawn attention from security professionals from home and abroad. (In this paper, network v
发布时间:2016-12-09 19:20 | 阅读:162152 | 评论:0 | 标签:安全报告 2016-nsfocus-security-report-regarding-network-video-su

NSFOCUS 2016 Q3 Report on DDoS Situation and Trends

阅读: 8In Q3, the global distributed denial-of-service (DDoS) attacks increased by 40%.In Q3, a total of 71,416 DDoS attacks were detected, up 40% from Q2 (50,988).The proportion of low-volume DDoS attacks increased by 10.8% and that of and high-volume DDoS attacks decreased by 6.7%.20–50 Gbps medium-volume DDoS attacks and 50–300 Gbps high-volume DDos attacks
发布时间:2016-12-09 19:20 | 阅读:254370 | 评论:0 | 标签:安全报告 About NSFOCUS Attack Duration Attack Type Distribution

Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution

阅读: 3On November 15, 2016 (local time), legalhackers.com released an advisory about a privilege escalation vulnerability, assigned CVE-2016-1247, found in the Nginx server. Nginx web server packaging on Debian-based distributions, such as Debian or Ubuntu, was found to allow creating log directories with insecure permissions. Attackers could exploit this sec
发布时间:2016-12-09 02:45 | 阅读:165278 | 评论:0 | 标签:漏洞分析 About NSFOCUS EnglishVersion INC Nginx NSFOCUS Vendor S

Firefox Remote Code Execution Vulnerability Technical Analysis and Solution

阅读: 6On November 30, 2016, Mozilla Firefox released an emergency update on its official website to fix a vulnerability assigned CVE-2016-9079. This vulnerability is a use-after-free vulnerability in the SVG animation module. When a user uses Firefox to browse a page that contains malicious JavaScript and SVG code, an attacker could exploit this vulnerability
发布时间:2016-12-09 02:45 | 阅读:157059 | 评论:0 | 标签:漏洞分析 About NSFOCUS EnglishVersion Firefox Remote Code Execut

NSFOCUS Security Advisory Memcached Multiple Integer Overflow Vulnerabilities

阅读: 5On October 31, 2016 (local time), Cisco Talos published three integer overflow vulnerabilities with the Memcached server on its official website http://www.talosintelligence.com. The vulnerability assigned CVE-2016-8704 was found in the process_bin_append_prepend function. CVE-2016-8705 is about an integer overflow in the process_bin_update function. Th
发布时间:2016-11-09 20:35 | 阅读:121255 | 评论:0 | 标签:威胁通报 About NSFOCUS CVE-2016-8704 CVE-2016-8705 CVE-2016-8706

Memcached Multiple Integer Overflow Vulnerabilities Technical Analysis and Solution

阅读: 4On October 31, 2016 (local time), Cisco Talos published three integer overflow vulnerabilities with the Memcached server on its official website http://www.talosintelligence.com.The vulnerability assigned CVE-2016-8704 was found in the process_bin_append_prepend function. CVE-2016-8705 is about an integer overflow in the process_bin_update function. The
发布时间:2016-11-09 20:35 | 阅读:174793 | 评论:0 | 标签:安全报告 About NSFOCUS CVE-2016-8704 CVE-2016-8705 CVE-2016-8706

OpenSSH Remote Denial-of-Service Vulnerability Technical Analysis and Solution

阅读: 3OpenSSH contains a memory exhaustion issue during key exchange. An unauthenticated client can increase the memory allocated to each connection on the server to 384 MB, by repeating the KEXINIT process. An attacker can exploit this vulnerability by initiating multiple connections, to exhaust memory resources of the server and therefore lead to a denial o
发布时间:2016-10-28 01:20 | 阅读:161648 | 评论:0 | 标签:漏洞分析 About NSFOCUS Affected Versions Denial-of-Service Vulne

Mirai Source Code Analysis Report

阅读: 6As shown in Figure 1, there are two folders. The loader folder, as its name implies, is a loader that creates servers and monitors the status of connections.文章目录Code StructureInfection PathFunction Implementationbot FolderConnected Domain Names and Port NumbersDDoS Attack MethodsUser Name and Password Configurationcnc Foldertools FolderSingle_Load.c Tha
发布时间:2016-10-20 08:45 | 阅读:222684 | 评论:0 | 标签:安全报告 About NSFOCUS EnglishVersion Mirai mirai folder Mirai S

ISC BIND 9 Denial-of-Service Technical Analysis and Solution

阅读: 1Internet Systems Consortium (ISC) officially released a security advisory to announce a vulnerability (CVE-2016-2776) and its fixing. The vulnerability exists in buffer.c. When constructing a response packet for a specially crafted query request, BIND will encounter an assertion failure, causing the program to crash and therefore a denial of service.Mor
发布时间:2016-10-19 16:40 | 阅读:139854 | 评论:0 | 标签:安全报告 About NSFOCUS CVE-2016-2776 EnglishVersion ISC BIND 9 D

OpenSSL Patches Introducing New Vulnerabilities Technical Analysis and Solution

阅读: 9On September 22, 2016, OpenSSL released an update advisory for three branch products to fix multiple vulnerabilities. The versions after update are 1.1.0a, 1.0.2i, and 1.0.1u. However, the security update introduced new vulnerabilities: 1.1.0a introduced CVE-2016-6309, and 1.0.2i introduced CVE-2016-7052.CVE-2016-6309Submitted on: Sept 23, 2016Descripti
发布时间:2016-10-02 22:30 | 阅读:124819 | 评论:0 | 标签:安全报告 1.CVE-2016-6309 1.CVE-2016-7052 About NSFOCUS Affected

PHP Local Heap Overflow Vulnerability Technical Analysis and Protection Solution

阅读: 6On April 24, 2016, Fernando from the NULL-LIFE team submits the local heap overflow vulnerability in bcmath.c to the PHP website. For details, visit the following link.https://bugs.php.net/bug.php?id=72093On April 25, 2016, the PHP website fixed the code. For details, visit the following link.https://github.com/php/php-src/commit/d650063a0457aec56364e40
发布时间:2016-09-25 14:25 | 阅读:133261 | 评论:0 | 标签:安全报告 About NSFOCUS EnglishVersion NSFOCUS PHP Local Heap Ove

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云