unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Credential Dumping In Linux
文章介绍了凭证转储的概念及其在Linux环境中的威胁,详细讲解了Linux系统中凭证的管理机制、常见技术(如提取Shadow文件密码哈希、读取/proc敏感数据等)及防范措施(加密存储、权限控制等)。...
2025-9-19 11:27:20 | 阅读: 17 |
收藏
|
Payatu - payatu.com
security
encryption
pam
sssd
The Hidden Risks of AI in MedTech And How to Fix Them
AI在医疗健康领域的广泛应用带来了显著的创新和效率提升,但也引发了严重的安全挑战。大型语言模型(LLMs)在医疗工具中的集成虽然提供了便捷的患者服务,却也面临着被恶意攻击的风险。文章通过案例分析揭示了AI系统可能存在的漏洞,包括提示注入攻击、训练数据泄露以及有害输出等问题,并强调了构建主动安全措施的重要性,以确保AI技术在医疗领域的安全可靠应用。...
2025-8-25 09:2:40 | 阅读: 16 |
收藏
|
Payatu - payatu.com
security
patient
medtech
healthcare
jane
Decoded: Why WPA3 Still Isn’t the End of Wi-Fi Hacking
本文探讨了WPA3无线安全协议的优势与局限性。尽管WPA3通过增强加密和认证机制提升了安全性,但实际部署中仍面临实施漏洞、过渡模式风险、设备兼容性不足及配置错误等问题。文章还分析了Dragonblood等漏洞及流氓接入点攻击等威胁,并提出了加强网络分段、端点安全及监控等最佳实践建议。...
2025-8-11 10:56:50 | 阅读: 11 |
收藏
|
Payatu - payatu.com
wpa3
security
network
wpa2
handshake
Elementor #14048
本文探讨了Linux系统中凭证转储的安全威胁及其防范策略。文章分析了关键凭证存储位置(如`/etc/shadow`)、PAM模块缓存机制、NSS配置及加密存储(如LUKS)的重要性,并强调了环境变量和浏览器存储的安全风险。此外,还介绍了SSSD与Quest服务的缓存机制、LDAP与Kerberos协议的工作原理及安全建议。...
2025-7-30 13:10:8 | 阅读: 20 |
收藏
|
Payatu - payatu.com
security
pam
encryption
passwords
IT and OT: Understanding the Difference in Security Needs and Why it Matters
文章探讨了信息技术(IT)与运营技术(OT)的区别及其对工业安全的影响。IT侧重于信息管理和业务自动化,而OT专注于控制物理过程和管理工业资产。两者在架构、接口、安全性和支持技术的生命周期上存在显著差异。实际案例显示,在OT环境中错误应用IT方法可能导致生产中断或威胁人身安全。文章强调了理解这些差异的重要性,并建议在设计安全措施时需特别考虑OT系统的独特需求。...
2025-7-30 10:17:33 | 阅读: 16 |
收藏
|
Payatu - payatu.com
security
operational
network
lesson
hmis
Foundations of Industrial, ICS, and Cyber-Physical Security
文章介绍了运营技术(OT)网络安全的基础知识,包括OT系统的组成、与工业控制系统(ICS)和网络物理系统(CPS)的关系以及物联网(IoT)的部分归属。强调了OT安全的核心目标是保障物理过程的安全性和可用性,并通过实际案例展示了其重要性。...
2025-7-7 12:11:20 | 阅读: 24 |
收藏
|
Payatu - payatu.com
security
cps
sensors
operational
The Role of SOC 2 in Cloud Security and Data Protection
文章探讨了云数据泄露问题及解决方案——通过 SOC 2 合规确保数据安全。 SOC 2 标准由 AICPA 制定,涵盖安全性、可用性等五项信任服务标准,并通过加密、访问控制等措施保护数据。企业需遵循 SOC 2 要求以增强安全性、建立客户信任并符合法规要求。...
2025-6-30 12:23:56 | 阅读: 16 |
收藏
|
Payatu - payatu.com
cloud
security
encryption
audits
criteria
Beyond SQL: Exploring Injection Attacks in the NoSQL World
NoSQL注入是一种针对非关系型数据库的攻击方式,可能导致数据泄露、权限提升甚至系统被控制。通过注入恶意代码或操作符,攻击者可绕过安全逻辑或窃取敏感信息。Rocket.Chat等案例展示了其严重性。输入验证、参数化查询等方法可有效预防此类攻击。...
2025-6-30 07:51:26 | 阅读: 16 |
收藏
|
Payatu - payatu.com
nosql
injection
attackers
attacker
database
Understanding NCIIPC’s Conformity Assessment Framework (CAF)
印度推出关键信息基础设施保护框架(CAF),整合国际标准与国内法规,通过CSMS认证、IT/ICS检查、人员认证等五项方案提升关键行业网络安全能力。...
2025-6-9 04:32:36 | 阅读: 25 |
收藏
|
Payatu - payatu.com
caf
security
cses
inspection
Cloud Security Posture Management – A Walkthrough
文章介绍了云安全态势管理(CSPM)的概念及其重要性。CSPM通过自动化监控、威胁检测和修复工作流程,在多云环境中识别和修复配置错误,提升安全性。其功能包括合规监控、风险评估、数据保护和身份管理等。选择合适的CSPM工具需考虑覆盖范围、集成能力及成本等因素。...
2025-4-9 09:59:6 | 阅读: 10 |
收藏
|
Payatu - payatu.com
security
cloud
cspm
monitoring
threats
Draft CEA Cybersecurity Regulation 2024: A Step to Secure India’s Power Sector
IntroductionAs India’s power sector becomes increasingly dependent on digital technologie...
2024-12-20 13:44:51 | 阅读: 22 |
收藏
|
Payatu - payatu.com
chapter
security
regulations
draft
Writing a Burp Extension to Bypass Checksum
IntroductionAutomation significantly enhances the efficiency and productivity of our work...
2024-12-20 09:40:3 | 阅读: 4 |
收藏
|
Payatu - payatu.com
burp
encryption
bypass
repeater
yourname
Red Team vs Blue Team – How Are They Different?
Defence is important for staying safe from cyber-attacks, but how do you make sure the defence...
2024-12-4 15:15:34 | 阅读: 8 |
收藏
|
Payatu - payatu.com
network
security
defence
malicious
A Walkthrough of React Native npm Packages CVEs
After understanding the Hermes bytecode and bypassing SSL certificate pinning, it’s now time fo...
2024-11-11 18:41:1 | 阅读: 6 |
收藏
|
Payatu - payatu.com
pinning
identify
exposure
6506
Bypassing SSL Certificate Pinning
In the last blog of the React Native Pentesting for Android Masterclass, we covered understandi...
2024-11-11 18:16:21 | 阅读: 9 |
收藏
|
Payatu - payatu.com
pinning
bypass
cer
bypassing
universal
Understanding and Modifying the Hermes Bytecode
The React Native Pentesting for Android Masterclass has taught us how to edit and patch React N...
2024-11-11 17:34:54 | 阅读: 1 |
收藏
|
Payatu - payatu.com
bytecode
hermes
apk
keystore
relational
Editing and Patching React Native Applications
In the previous blog of the React Native Pentesting for Android Security Masterclass, we covere...
2024-11-7 16:6:57 | 阅读: 6 |
收藏
|
Payatu - payatu.com
apk
apktool
keystore
Attack Surfaces Static Analysis in React Native Applications
The React Native Pentesting for Android Security Masterclass has taught us how to reverse engin...
2024-11-5 18:26:49 | 阅读: 5 |
收藏
|
Payatu - payatu.com
hermes
bytecode
hardcoded
unencrypted
How to Reverse Engineer React Native Android Apps
Admin-...
2024-10-22 16:56:4 | 阅读: 1 |
收藏
|
Payatu - payatu.com
apk
kotlin
apktool
decompile
How To Pentest React Native Applications – An Introduction
IntroductionNowadays, there is an emergence of cross-platform hybrid applications on a larg...
2024-9-30 18:40:43 | 阅读: 1 |
收藏
|
Payatu - payatu.com
development
jsx
translated
realms
buzz
Previous
-1
0
1
2
3
4
5
6
Next