It is said that HashMap is thread unsafe. Where is it reflected?
Foreword: we all know that HashMap is thread unsafe and is not recommended to be used in multi-threaded environment, but where is its thread unsafe? This paper will decrypt this problem.
1.jdk1. HashMap in 7
In jdk1 Many optimizations have been made to HashMap in 8. Here, we first analyze it in jdk1 7, I believe you all know in jdk1 7. ...
Added by kovudalion on Mon, 28 Feb 2022 02:41:31 +0200
Original title of CTFSHOW competition (web711-web725)
Because there are many topics, many places are relatively simple. I hope the masters will understand..
web711
Scanning the directory found robots Txt, prompt static / secret key txt Access to get a string ctfshow_love_you Then enter the normal page, there is a login and registration, randomly register a user, and after logging in, it is fo ...
Added by slyte33 on Sun, 27 Feb 2022 13:22:34 +0200
DVWA-CSRF Cross Station Request Forgery - High level
Basic knowledge introduction to csrf attack process
Experimental environment:
CSRF simulated attack environment (this is the Intranet environment. The public network only needs to map the port, and other operations are the same)
CentOS7 DVWA server (analog transfer system) 192.168.0.9
kali hacker (attacker) 192.168.0.2
Win10 user (vict ...
Added by lupld on Sun, 27 Feb 2022 08:20:21 +0200
[OS command injection 01] common functions that may cause OS command injection (system, exec, passthru, popen and backquote structure)
1. Overview of OS command injection
Background: when programmers use script language (such as PHP) to develop applications, script language development is very fast, concise and convenient, but it is also accompanied by some problems, such as slow speed, unable to touch the bottom of the system, etc. When developing applications, especiall ...
Added by jonnym00 on Sun, 27 Feb 2022 06:35:42 +0200
Zero time technology | solid smart contract basic vulnerability - Integer Overflow Vulnerability
0x01 overflow attack event
On April 22, 2018, hackers launched an attack on BEC smart contract and took out:
5789604461865810000000000000000000000000000000000000000000000000000000000000000000000000000.792003956564819968 BEC tokens were sold in the market. BEC depreciated sharply and its value was almost zero. The market collapsed insta ...
Added by php3ch0 on Thu, 24 Feb 2022 10:11:04 +0200
Penetration test of CFS three-layer target Intranet
1, Environment construction:
Target topology:
1. Add virtual network card:
Add network cards for network segments 22 (VMnet2) and 33(VMnet3)
VMnet8 communicates with the outside in NAT mode
2. Configure network card:
target1 network configuration:
target2 network configuration:
target3 network configuration:
3.web ...
Added by Syto on Wed, 23 Feb 2022 17:01:34 +0200
Apache APIs IX integrates with HashiCorp Vault, adding another member to the ecosystem
With the rise of micro service architecture, maintaining service security has become more challenging than before. Multiple back-end server instances using a single static key to access the database server will bring huge risks. If the key certificate is leaked, the whole system will be affected. In order to solve the impact of key certificate ...
Added by Ron Woolley on Wed, 23 Feb 2022 12:29:30 +0200
How to use Apache APIs IX CSRF security plug-in to intercept cross site forgery attacks
CSRF (Cross Site Request Forgery), that is, cross site request forgery. The key point of launching cross site request forgery attack is to make the target server unable to distinguish whether the source of many requests is a real user or an attacker. The general process of attack is as follows: first, the attacker will induce the user to naviga ...
Added by coollog on Wed, 23 Feb 2022 12:02:46 +0200
Analysis of Huawei network security discussion
Topic expression
As shown in the figure, FW1 and FW2 are active and standby HA, FW1 is active access, FW2 is standby access, FW3 and FW4 establish IPSec VPN tunnel with FW1 and FW2 through isp1 line. When isp1 line fails, use standby ISP2 line, FW1 and FW2 establish VPN tunnel, in which FW3 is located behind NAT equipment, and the external ...
Added by mega77 on Tue, 22 Feb 2022 08:22:15 +0200
ORACLE password complexity verification script utlpwdmg SQL parsing
I believe that ORACLE.mg is the most common database in the market As the password complexity verification script of ORACLE, SQL also plays an important role in the security of ORACLE. Probably because of my wrong search posture, I rarely find about utlpwdmg on the Internet SQL file (maybe because it's too simple???), I will analyze the file in ...
Added by frist44 on Mon, 21 Feb 2022 05:16:19 +0200