Notes of Web security in-depth learning practice: Chapter 8 harassment message recognition
This chapter mainly takes SMS Spam Collection data set as an example to introduce the identification technology of harassing SMS. This section explains in detail the feature extraction method of harassing SMS with Word2Vec.
Word2Vec model
1, Principle
Word2Vec is an efficient tool that Google opened in 2013 to represent words as real value v ...
Added by Maracles on Thu, 10 Mar 2022 13:51:35 +0200
Mining Linux kernel vulnerabilities in web Security
1, Brief description
Syzkaller is a kernel fuzzy testing tool developed by Google. In short, it automatically inputs various effective, invalid and completely randomized parameter data to the kernel, and observes the operation status of the kernel, whether there are panic, memory leakage and other problems, so as to discover the vulnerabilitie ...
Added by majik_sheff on Sat, 05 Mar 2022 14:59:12 +0200
Analyze HTTP requests to reduce the risk of HTTP smuggling attacks and HTTP data receiving asynchronous attacks
The words written in the front
HTTP/1.1 has gone through a long development process from 1991 to 2014:
HTTP/0.9– 1991HTTP/1.0– 1996HTTP/1.1RFC 2068– 1997RFC 2616- 1999RFC 7230- 2014
This means that various servers and clients in the Internet may have many security problems, which will also create opportunities for HTTP smuggling attack (HTTP ...
Added by billmasters on Sat, 26 Feb 2022 08:36:22 +0200
Local shooting range 1 - file upload vulnerability - Network Security
1. Explanation of local file upload vulnerability examples
This part of the example explanation takes the upload labs shooting range as an example, and consult the relevant documents about the download and operation of the shooting range.
Upload labs version: Copyright @ 2018 ~ 2022 by c0ny1Unless otherwise specified, the BurpSuite tool i ...
Added by studot on Thu, 24 Feb 2022 17:00:06 +0200
7-PHP code audit -- vulnerability analysis of wordpress plug-in
1. wordpress plug-in vulnerability
The security of wordpress itself is relatively perfect. Usually, most of the vulnerabilities in security audit come from the third-party plug-ins installed by wordpress. wordpress does not guarantee the security of these plug-ins, because the third-party plug-ins are written by other developers, and the secur ...
Added by littlejones on Sat, 19 Feb 2022 05:13:09 +0200
Understand iptables in one article
preface
netfilter/iptables (iptables for short) constitute the packet filtering firewall under Linux platform
The iptables component is a tool, also known as user space, that makes it easy to insert, modify, and remove rules from the packet filter table
netfilter component, also known as kernel space, is a part of the kernel. It is composed ...
Added by Tensing on Thu, 17 Feb 2022 17:31:16 +0200
2. Basic usage of Kali Linux 2
1. Introduction and installation of Kali Linux 2
1. Introduction to Kali Linux 2
Kali Linux 2 is an operating system for professional penetration testing and security auditing, which was developed from the previously well-known Back Track system. Back Track was once the best penetration test operating system in the world and achieved great su ...
Added by kula on Sat, 12 Feb 2022 20:42:21 +0200
Understand ARP deception
preface
Learning ARP deception
ARP spoofing is also a very old penetration method, which mainly plays the role of information collection. For example, you can use spoofing to obtain each other's traffic, and analyze the information you think is important from the traffic, such as XX account password. Or use ARP attack to cut off the network a ...
Added by The Phoenix on Fri, 11 Feb 2022 18:35:59 +0200
H3C SSH Remote Management login configuration
1, Introduction to SSH
SSH is the abbreviation of Secure Shell. SSH is a security protocol based on the application layer. SSH is a reliable protocol designed to provide security for remote login sessions and other network services. Using SSH protocol can effectively prevent information disclosure in the process of remote management. SSH was o ...
Added by hanhao on Thu, 10 Feb 2022 05:00:55 +0200
iptables are shielded according to the specified country (installation and use of GEOIP module)
iptables are shielded according to the specified country (installation and use of GEOIP module)
This process is suitable for Centos7* system
1, Install iptables addons (geoip module)
1. Download lux source wget http://repo.iotti.biz/CentOS/7/noarch/lux-release-7-1.noarch.rpm
2. Install lux source rpm -ivh lux-release-7-1.noarch.rpm --f ...
Added by calavera on Thu, 10 Feb 2022 01:03:20 +0200