How to analyze the interpretation and countermeasures of Win7 blue screen

Recently, Sangfor has received many inquiries from customers about the outbreak of blue screens in Win7. The content roughly refers to "Win7 has ended its service, Microsoft will no longer update patches, computers collectively have blue screens, the error code is F4, blue screens are related to vulnerability patches, etc., and Users are urged not to patch the vulnerability." However, judging from the problems collected by Sangfor, there is no large-scale Win7 blue screen phenomenon in enterprises. Through tracing, we found that this problem occurred relatively early in individuals and Internet cafe environments. Some individual users and network administrators did seek help from security vendors. Regarding the issue of whether vulnerability repair (patching) will cause a blue screen in Win7, we have repeatedly verified that there is no inevitable correlation between patching and blue screen in Win7 (that is to say, patching

How to make the website automatically update every day

I believe that many webmaster friends who have just started a website have this feeling. It is really tiring to update the website every day. If you want to increase the weight of your website, you must make sure that the website is updated every day, and you cannot update several days of articles at once, because in the eyes of search engines, these are still published on the same day and have no impact on the weight of the website. Is there any way to make the website update automatically? Everyone knows the importance of frequent updates to a website. Search engines like fresh content. If your website is not updated for a long time, your ranking will drop, or it will be deleted. Okay, without further ado, let’s introduce the idea of ​​automatic website update. 1. The old website mentioned here not only refers to the website that has been established for a long time. Such a website not only has a certain weight, but also has a certain amount of traffic.

How to use calc() in CSS3

The usage of CSS3calc() calc() is similar to a function and can set dynamic values ​​​​for elements: /*basiccalc*/.simpleBlock{width:calc(100%-100px);}/*calcincalc*/.complexBlock{width: calc(100%-50%/3);padding:5pxcalc(3%-2px);margin-left:calc(10%+10px);}

How to do SOAP interface performance testing

The main reasons why I chose the Locust tool are: 1) It is an open source tool that everyone can apply at any time without spending a lot of money; 2) It supports the Python language and is efficient and fast to use; 3) It can construct any number of concurrent users without licenses Limit, large-scale concurrent stress testing can be carried out. So how to complete the actual SOAP interface performance test? Broken down, the tasks to be completed are as follows: 1. SOAP interface test script (implementation method two) (1) Analysis of test ideas for the Soap interface using the Request object (2) Testing the Soap interface using the Request object to send requests Script development 2, Locust performance testing framework principle analysis and soa

How to choose between mesh networking and apac networking

Which one is better, mesh networking or apac networking? Answer: Mesh is recommended for small places. Apac networking is recommended for large venues. In terms of stability, maybe apac will be better. However, the mesh networking method is simpler and more convenient to operate. The advantage of wireless mesh is that it does not require wiring and the networking is also very flexible. AC+AP was used in large-scale networking in the early days. To put it simply, it allows users to keep their services uninterrupted while moving. For example, if a user plays video while walking, the video will not be interrupted when switching from hotspot A to hotspot B. There will be lags and interruptions. It can be seen that this is specially designed for enterprise networking, but the early cost is also very high. Some of the design and layout of AP require specialized engineering and technical personnel to operate. And me

What is the performance analysis of WAF on WebShell traffic detection?

Local environment setup Judging from the retained screenshots, the other party's PHP version is 5.6.40, so I want to set up a test environment of apache+php5.6.40. Open virtualbox, copy the link to the centos image system, and configure it according to the following process. 1.Install apacheyuminstall-yhttpdhttpd-vServerversion:Apache/2.4.6(CentOS)Serverbuilt:Aug8201911:41:182.Install php5.6yum-yinstallepel-releaserpm-Uvhhttps://mi

Apache Shiro 1.2.4 Deserialization Vulnerability Example Analysis

The vulnerability of the 0x00ApacheShiro component was exposed a long time ago, but it was encountered again at work recently. I happened to be looking at Java deserialization stuff recently, so I decided to take it out and analyze it again, and I also encountered some strange problems during the process. Most of the analysis articles on the Internet manually add the dependency of commons-collections4-4.0 in order to use the CommonsCollections2 payload generated by ysoserial. However, the situation I encountered is that I can directly use CommonsBeanutils1, so here we No more duplication online on CommonsCollecti

How to grab apk network package in frida

1. Analyze the pitfalls and find hook points from a system perspective instead of capturing packets just for the sake of capturing them. 1.okhttp calling process publicstaticfinalMediaTypeJSON=MediaType.get("application/json;charset=utf-8");OkHttpClientclient=newOkHttpClient();Stringpost(Stringurl,Stringjson)throwsIOException{RequestBodybody=RequestBody

How to decrypt app resources in cocos2d-LUA reverse engineering

Let's take the Dashen apk as an example. Through the previous analysis of the app decryption Lua script, we can decrypt the Lua script of the Dashen apk. Now let's decrypt its resources (configuration files and pictures, etc.). Let’s take a more important configuration file as an example. Before decryption: the file header also has a signature value: fuckyou!. Seeing this, we first thought about whether it was also encrypted with xxtea. We used the above method to decrypt it with xxtea first, and then decompressed it. We found that it was still garbled, and an error occurred during the operation. Obviously, we have to deny what we just said. conjecture. We continue to decrypt the configuration file step by step. Think about it for a moment, the file header is: fuckyou! If you want to decrypt files, you will inevitably need to process

What is the security sandbox mechanism for Java applications?

If you often read the source code, you will find that there is code similar to the following in the Java source code classFile{//Determine whether a disk file exists publicbooleanexists(){SecurityManagersecurity=System.getSecurityManager();if(security!=null ){security.checkRead(path);}...}} This is obviously a security check code. It checks whether you have permission to access the disk path. Why does the Java language need such a security check code? Let’s look at c for client sockets again

RIP routing configuration V2 instance analysis

How to answer HCE security questions

In recent projects, we are often asked: Is HCE safe? My answer is: relatively safe. After hearing my answer, many people may start to say, so-and-so bank has launched HCE application, why is it unsafe? In fact, there are two HCE application scenarios: online mode and offline mode. Online mode: Related keys and calculations are completed in the background. Even if security problems occur, they fall within the scope of network security. However, large-scale key leakage will not occur. Currently, all HCE applications launched by banks are in online mode. Offline mode: Related keys, sensitive data, amounts and other information will be stored inside the phone. This is troublesome because Android phones are easily rooted and all data will be read and copied. Safety of pure HCE

What are the background administrator rights of Getshell in ZenTao 12.4.2?

0x00 Introduction ZenTao is a professional domestic open source R&D project management software that integrates product management, project management, quality management, document management, organizational management and transaction management, completely covering the core processes of R&D project management. The management idea is based on the internationally popular agile project management method - Scrum. On the basis of following its values, combined with the current status of domestic project research and development, it integrates multiple functions such as task management, demand management, bug management, use case management, etc., covering software from planning to to the entire life cycle of a release. 0x01 Vulnerability Overview ZenTao version 12.4.2 has an arbitrary file download vulnerability. This vulnerability is because the filtering in the download method in the client class is not strict and ftp can be used to download files.

How to solve Ulimit faults

I encountered a very interesting problem recently. There is a group of HAProxy that has frequent problems. Log in to the server and check the CPU, memory, network, and IO. It was eventually discovered that there were more than 60,000 connections in the TIME_WAIT state on the machine. The TIME_WAIT state generally appears on proxy machines such as HAProxy and Nginx, mainly due to frequent active shutdowns. By modifying the reuse and recycling parameters, the problem can be solved relatively quickly. The statistics of network status can be calculated using the following command. netstat-ant|awk'/^tcp/{++S[$NF]}END{for(ainS