记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

Analysis Report on the WannaCry Sample

阅读: 49The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, to test network connectivity. If the network is reachable, the sample exits; otherwise, the sample carries out subsequent b
发布时间:2017-05-18 05:45 | 阅读:308196 | 评论:0 | 标签:安全报告 Attack Location Detection Method EnglishVersion Main Fu

Traceback Analysis of WannaCry Ransomware

阅读: 43Since May 12, 2017, WannaCry has spread on a massive scale around the world, causing significant impacts. Therefore, security firms start to analyze and prevent the spread of this ransomware. Technical personnel of NSFOCUS also analyzed the sample immediately and released a detailed analysis report.However, we cannot help wondering who created WannaCry
发布时间:2017-05-18 05:45 | 阅读:171118 | 评论:0 | 标签:安全报告 Comparative Analysis NSFOCUS Sample Information Traceba


阅读: 598拿到wannaCry蠕虫病毒,其原理的分析,这里再不重复,可以参考freebuf发的逆向分析报告http://www.freebuf.com/articles/system/134578.html这里就不再重复测试。运行平台:PE32 executable (GUI) Intel 80386, for MS Windowsmd5值:84c82835a5d21bbcf75a61706d8ab549sha1值:5ff465afaabcbf0150d1a3ab2c2e74f3a4426467strings:信息:上面应该为加密的函数,可以看到采用了RSA和AES加密,所以解密就不可能了。其中硬编码3个比特币的地址:115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn12t9YDPgwue

2016 DDoS Threat Trend

阅读: 54In this report, we present a multi-dimensional analysis of DDoS attack data and botnet data and summarize and analyze typical attack events in 2016, revealing threats of DDoS attacks and the overall threat trend in 2016.文章目录1 Overview of DDoS Trend in 2016DDoS Attack Trend in 2016Attack Count and Peak TrafficAttack Count and TrafficDistribution of Peak
发布时间:2017-04-21 22:00 | 阅读:108510 | 评论:0 | 标签:安全报告 Attack Count and Peak Traffic Attack Type Analysis DDoS

Power Outage Caused by the Cyber Attack on Ukrenergo Technical Analysis and Solution

阅读: 27Ukrenergo, a major energy provider in Ukraine, experienced a power failure on the night of December 17, 2016, which involved the automatic control system of the “North” substation in New Petrivtsi close to Kiev. The blackout affected the northern part of Kiev, the country’s capital, and surrounding areas.文章目录OverviewHistorical Attacks
发布时间:2017-02-24 18:05 | 阅读:195923 | 评论:0 | 标签:漏洞分析 Attack Location EnglishVersion Historical Attacks on Uk


阅读: 108随着互联网企业的迅猛发展,其自身核心业务安全性的不断提升和行业监管力度的不断加强,如何应对与日俱增的内部需求和外部驱动,本文分析了互联网企业面临的安全威胁及合规监管,以及业内现有的针对该行业的安全建设内容,然后提出了我们基于三级等保的互联网企业信息安全建设思路,从整体上发现并解决互联网行业的安全问题。文章目录序-互联网企业的兴盛与隐患起-黑客重点攻击的行业目标转-国家信息安全的基本保障制度赋-等级保护之于互联网企业的意义比-互联网企业的等级保护解决方案兴-巨人背后的安全专家终-NSFOCUS 伴您扬帆远航序-互联网企业的兴盛与隐患1994年,中国通过一条64K的国际专线接入互联网。20年后,互联网带给整个中国经济模式的改变已经影响到了社会的方方面面。可以说,互联网极大地改变了中国,而这种改变仍在继

Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution

阅读: 3On November 15, 2016 (local time), legalhackers.com released an advisory about a privilege escalation vulnerability, assigned CVE-2016-1247, found in the Nginx server. Nginx web server packaging on Debian-based distributions, such as Debian or Ubuntu, was found to allow creating log directories with insecure permissions. Attackers could exploit this sec
发布时间:2016-12-09 02:45 | 阅读:161915 | 评论:0 | 标签:漏洞分析 About NSFOCUS EnglishVersion INC Nginx NSFOCUS Vendor S

OpenSSH Remote Denial-of-Service Vulnerability Technical Analysis and Solution

阅读: 3OpenSSH contains a memory exhaustion issue during key exchange. An unauthenticated client can increase the memory allocated to each connection on the server to 384 MB, by repeating the KEXINIT process. An attacker can exploit this vulnerability by initiating multiple connections, to exhaust memory resources of the server and therefore lead to a denial o
发布时间:2016-10-28 01:20 | 阅读:159152 | 评论:0 | 标签:漏洞分析 About NSFOCUS Affected Versions Denial-of-Service Vulne

Linux Kernel Local Privilege Escalation Vulnerability Technical Analysis and Solution

阅读: 3The memory subsystem of the Linux kernel contains a race condition in the way of handling the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could exploit this vulnerability to gain write access to otherwise read-only memory mappings, thus escalating his or her privileges on the system.Vulnerability details
发布时间:2016-10-28 01:20 | 阅读:120572 | 评论:0 | 标签:技术分享 EnglishVersion Linux Kernel Local Privilege Escalation

OpenSSL Patches Introducing New Vulnerabilities Technical Analysis and Solution

阅读: 9On September 22, 2016, OpenSSL released an update advisory for three branch products to fix multiple vulnerabilities. The versions after update are 1.1.0a, 1.0.2i, and 1.0.1u. However, the security update introduced new vulnerabilities: 1.1.0a introduced CVE-2016-6309, and 1.0.2i introduced CVE-2016-7052.CVE-2016-6309Submitted on: Sept 23, 2016Descripti
发布时间:2016-10-02 22:30 | 阅读:122703 | 评论:0 | 标签:安全报告 1.CVE-2016-6309 1.CVE-2016-7052 About NSFOCUS Affected

PHP Local Heap Overflow Vulnerability Technical Analysis and Protection Solution

阅读: 6On April 24, 2016, Fernando from the NULL-LIFE team submits the local heap overflow vulnerability in bcmath.c to the PHP website. For details, visit the following link.https://bugs.php.net/bug.php?id=72093On April 25, 2016, the PHP website fixed the code. For details, visit the following link.https://github.com/php/php-src/commit/d650063a0457aec56364e40
发布时间:2016-09-25 14:25 | 阅读:131224 | 评论:0 | 标签:安全报告 About NSFOCUS EnglishVersion NSFOCUS PHP Local Heap Ove

Zabbix SQL Injection Vulnerability Technical Analysis and Solution

阅读: 17On August 12, 2016, 1n3 disclosed by email an SQL injection vulnerability in jsrpc.php in Zabbix, which can be exploited via the “insert” statement while jsrpc.php is processing the profileIdx2 parameter. This vulnerability is of the same type as the officially announced vulnerability, which is caused by latest.php processing the toggle_ids
发布时间:2016-09-01 04:00 | 阅读:214239 | 评论:0 | 标签:安全报告 EnglishVersion NSFOCUS Zabbix Zabbix SQL Zabbix SQL Inj


阅读: 32016年4月28日(Thu Apr 28 13:20:13 UTC 2016),OpenSSL官方公告,将会在2016年5月4日(Thu May 3 12:00-15:00 UTC 2016)发布新版本,修复多个关于OpenSSL高级别威胁漏洞。 OpenSSL公告地址如下:https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.htmlOpenSSL官方定级标准:]1 OpenSSL官方定级标准2016年5月4日(Thu May 3 13:57:13 UTC 2016),OpenSSL发布新版本代码,其中修复了2个高级别威胁漏洞和4个低级别威胁漏洞。]2 CVE_ID详情见如下地址:https://www.open
发布时间:2016-05-07 03:15 | 阅读:90082 | 评论:0 | 标签:安全报告 NSFOCUS openssl 修复方法 威胁漏洞 技术分析 处理建议 漏洞技术分析 绿盟科技


阅读: 38绿盟科技持续关注国内安全走势,早在3月份的时候第一时间发布了BadLock威胁预警通告。4月12日,微软补丁日如期而至。在这次微软发布的补丁中,包含了BadLock漏洞,该漏洞可对windows系统和Samba服务一律全版本通杀,危害程度不可小觑。对此,绿盟科技针对BadLock漏洞进行了技术跟踪分析并提供相应的防护建议。 BadLock漏洞时间线跟踪BadLock时间线跟踪BadLock漏洞基本概念什么是BadLock?International Samba Core Team成员Stefan Metzmacher发现Microsoft Windows平台和Samba服务软件中存在的一个严重等级的安全漏洞,将其命名为BadLock。什么是Samba?Samba是一个实现SMB(Server Me
发布时间:2016-04-16 16:30 | 阅读:146739 | 评论:0 | 标签:安全报告 BadLock漏洞 BadLock漏洞技术跟踪 BadLock漏洞风险防护 NSFOCUS Samba 绿盟科


阅读: 101发布时间:2016年3月28日2016年4月12日,关于 Microsoft Windows平台和Samba服务软件中存在的一个严重等级的安全漏洞将会被披露,定名为BadLock。 此漏洞由International Samba Core Team成员Stefan Metzmacher发现,并提交给Microsoft和Samba相关的部门。目前,Microsoft和Samba的工程师们正在合作修复问题,补丁将会于2016年4月12日发布。什么是Samba?Samba是一个实现SMB(Server Message Block,服务信息块)/CIFS(Common Internet File System,通用网络文件系统)网络文件共享协议的免费开源软件,可以运行在大多数的操作系统上,包括Windo
发布时间:2016-03-29 06:10 | 阅读:110025 | 评论:0 | 标签:安全报告 BadLock Microsoft Samba NSFOCUS Samba服务软件 威胁预警 绿盟科技 预警通


阅读: 96发布日期:2016年3月24日绿盟科技安全团队捕获勒索病毒样本(Locky),经过分析,此勒索病毒会以邮件的形式进行传播。用户一旦感染该病毒,会自动加密电脑文件。除支付赎金外,目前尚无解密办法。鉴于勒索病毒造成的严重后果,绿盟科技发出此紧急公告,提醒用户注意防范,避免感染。防范方法1.对于个人客户:1)升级防病毒软件到最新病毒库。2)定期异地备份重要文件。3)针对不明邮件中的附件,切勿随意打开。4)在windows中开启显示扩展名设置,针对可执行(.EXE、.COM、.SCR、.PIF)、脚本(.BAT、.CMD、.JS、.JSE、.VBS、.VBE、.WSF、.WSH、.PS1、.PSC1)等扩展名的文件,切勿双击打开,针对office中的宏提示,不要进行点击运行。5)在高权限的cmd里