Thursday, December 5, 2019

Building a Malware Analysis Lab: Become a Malware Analysis Hunter in 2019

As time goes by, criminals are developing more and more complex methods of obscuring how their malware operates, making it increasingly difficult to detect and analyze. The list of tactics used is seemingly endless and can include obfuscation, packers, executing from memory with no file drop, and P2P botnet architecture with frontline command and control servers (C2s) and gateways being compromised websites. Add to these tactics the concerns about Domain Generations Algorithms (DGA), Fast Flux and Dynamic DNS, and you complicate the mix even further.
Tracking all of these elements might be difficult, but in all honesty, you don't need 10 years of experience in malware analysis and a bunch of certificates to help you win this battle. You just need to experiment. One great way to learn about malware is to build your own home lab and play with actual malware samples within this environment. This can be a fun and educational project even if you are not an InfoSec pro. If you do happen to be an InfoSec pro, the things you learn in your home lab just might help you do your job more effectively. So how do you set one up? A few simple guidelines will get you started.

What Should Be In Your Malware Analysis Lab?

Tuesday, November 26, 2019

2步永久提升Chrome浏览器下载速度

2步永久提升Chrome浏览器下载速度-黑锐网

2步永久提升Chrome浏览器下载速度-黑锐网
上图分别是使用Chrome和IDM下载同一个文件的截图,可以看出Chrome下载速度和IDM根本不在一个档次,IDM将Chrome远远甩在了身后。既然是同一条下载链接,按理说速度应该相同才对,为什么会有如此大的反差?原理是什么呢?秘密就在于IDM采用的是多线程下载,也就是相当于同时有几个IDM一起下载同一个文件的不同部分,而在下载完成后IDM会将这个文件进行合并,这样速度不快都难了!

Saturday, November 16, 2019

全网VIP视频在线看

1.全网VIP视频在线看
只需要把腾讯、爱奇艺、优酷、芒果tv等视频播放链接输入就可以看了,不管是VIP的、付费的,关键还无广告,真TM爽,如果配合油猴插件一起使用,味道更好
链接地址:http://vip.coolhii.com/video/s



2、大数据时代
现在很多数据,什么公开的、私密的、漏点的、正规的等很多都在百度网盘中,现在市面上的网盘搜索引擎都是在完犊子,没几个好用不是他们没数据,主要是一些总所周知的原因你懂的。网站是不行了,调用接口还可以。
如下我发现的:https://www.xiaocongjisuan.com/show/api/2 ,数据啊,只有你想不到的,没有它搜索不到的

Friday, November 15, 2019

Syslog Analysis Website or Tools

1. Retrace–one of Stackify’s developer tools, and the only developer tool that combines APM, errors, metrics, and monitoring with logging to provide a fully-integrated, multi-environment tool that gives you app performance superpowers.
2. Loggly–this is a cloud-based management and analytics service provider that has a free and paid plan starting at $49 per month. With their dynamic field explorer, you get a bird’s eye view of your logs. It also comes with power full-text searches.
3. GoAccess–this is a terminal-based log analyzer that lets you view web server statistics in real time. It is also open source and free to use. Plus, it is available on Github.
4. logz.io–this tool has free and paid plans starting at $89 per month. It has an interface powered by Kibana that lets you search through millions of records easily. You can also filter your results with custom parameters.
5. Splunk–this is a popular tool that has been around since 2003. It also comes in free and paid plans. The paid plan pricing depends on the amount of volume your process. In addition, it comes with powerful drill-downs that let you go back in time with ad-hoc queries.

Tuesday, November 12, 2019

一个分析被黑网站的安全工作日志记录

分享信息安全工作小记
1、    某厅级部门政府站点被篡改
2、    上级主管部门安全通告
3、    配合该部门查明原因限期整改

1、     信息收集

A、首先到机房了解了一下拓扑图,大概就是:互联网-防火墙-web应用防火墙-防篡改-DMZ服务器区;
B、然后了解了一下web应用程序架构,大概就是:3台服务器里面1台跑iis中间件1台跑sqlserver2008数据库,站库分离,服务器性能比较好,1syslog服务器接收日志;
C、网站属于.net开发,之前加固过:A、后台限制IP访问,BFCKEDITOR上传目录禁止执行,Csqlserver数据库降低权限使用network service并且关闭cmdshell等高危组件。

Friday, November 1, 2019

F5 BIG-IP负载均衡器配置实例与Web管理界面体验


  前言:最近一直在对比测试F5 BIG-IP和Citrix NetScaler负载均衡器的各项性能,于是写下此篇文章,记录F5 BIG-IP的常见应用配置方法。

  目前,许多厂商推出了专用于平衡服务器负载的负载均衡器,如F5 Network公司的BIG-IP,Citrix公司的NetScaler。F5 BIG-IP LTM 的官方名称叫做本地流量管理器,可以做4-7层负载均衡,具有负载均衡、应用交换、会话交换、状态监控、智能网络地址转换、通用持续性、响应错误处理、IPv6网关、高级路由、智能端口镜像、SSL加速、智能HTTP压缩、TCP优化、第7层速率整形、内容缓冲、内容转换、连接加速、高速缓存、Cookie加密、选择性内容加密、应用攻击过滤、拒绝服务(DoS)攻击和SYN Flood保护、防火墙—包过滤、包消毒等功能。

  以下是F5 BIG-IP用作HTTP负载均衡器的主要功能:
  ①、F5 BIG-IP提供12种灵活的算法将所有流量均衡的分配到各个服务器,而面对用户,只是一台虚拟服务器。
  ②、F5 BIG-IP可以确认应用程序能否对请求返回对应的数据。假如F5 BIG-IP后面的某一台服务器发生服务停止、死机等故障,F5会检查出来并将该服务器标识为宕机,从而不将用户的访问请求传送到该台发生故障的服务器上。这样,只要其它的服务器正常,用户的访问就不会受到影响。宕机一旦修复,F5 BIG-IP就会自动查证应用已能对客户请求作出正确响应并恢复向该服务器传送。
  ③、F5 BIG-IP具有动态Session的会话保持功能。
  ④、F5 BIG-IP的iRules功能可以做HTTP内容过滤,根据不同的域名、URL,将访问请求传送到不同的服务器。

Nginx 0.7.x + PHP 5.2.6(FastCGI)+ MySQL 5.1 在128M小内存VPS服务器上的配置优化

VPS(全称Virtual Private Server)是利用最新虚拟化技术在一台物理服务器上创建多个相互隔离的虚拟私有主机。它们以最大化的效率共享硬件、软件许可证以及管理资源。对其用户和应用程序来讲,每一个VPS平台的运行和管理都与一台独立主机完全相同,因为每一个VPS均可独立进行重启并拥有自己的root访问权限、用户、IP地址、内存、过程、文件、应用程序、系统函数库以及配置文件。

  VPS服务器最重要的指标就是内存大小,多个VPS服务器可以共享一颗CPU,但不能共享同一块内存。内存越大,价格越贵。

  下面,以我的博客所在的VPS为例,介绍在128M内存下对 Nginx 0.7.x + PHP 5.2.6(FastCGI)+ MySQL 5.1 的优化。

  至于 Nginx + PHP + MySQL 的安装配置,可参见:《Nginx 0.7.x + PHP 5.2.6(FastCGI)搭建胜过Apache十倍的Web服务器(第4版) 》

http://zyan.cc/post/375/

Entertainment