I.Principle Cross-site scripting (XSS) is a website attack approach in which a hacker or tester tampers with web pages by inserting malicious scripts via HTML injection, in a bid to direct the user's browser to carry out malicious operations when the user browses web pages. (more…)
Year: 2019
Microsoft’s December 2019 Security Update Fixes 38 Security Vulnerabilities
Overview Microsoft released 2019 December security update on Tuesday that fixes 38 security issues ranging from simple spoofing attacks to remote code execution in various products, including End of Life Software, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, None, Open Source Software, Servicing Stack Updates, Skype for...
Adobe Security Advisory for December Security Updates
Overview On December 11, local time, Adobe officially released a December security update that fixes multiple vulnerabilities in Adobe's many products, including Adobe Photoshop CC, Adobe Acrobat and Reader, Brackets, and Adobe ColdFusion. For details, visit the following link: https://helpx.adobe.com/security.html (more…)
Communication Data Decryption Based on Frida
After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has no lack of data encryption. Initially, I handle it in the usual way: figure out the entire encryption process and write a Burp plug-in or mitm proxy script for data...
IP Reputation Report-12232019
 Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at December 23, 2019. (more…)
Cybersecurity Insights-10
5.3.2 Attack Type Distribution In 2018, the most frequent attacks seen814 were SYN flood, UDP flood, ACK flood, HTTP flood and HTTPS flood attacks, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attackers contributed to no more than 3% of attacks. Compared with 2017, the year...
