香港黑白衣人事件

總編輯時間–香港黑白衣人事件





07242019時事觀察 第1節：霍詠強 -- 還原全景、真相自明

Longjing

Longjing is deep learning driven web application firewall based on Scikit-Learn library. The following is the slide in PDF format.

sha256sum 116c66c8cb18b0cb280df0fc52425b250b17e231975f6dce50cc04fbcbbb5612 presentation-longjing.pdf

Download : presentation-longjing.pdf

That's all! See you.

Croissants

Croissants is one of my open source projects since 2012. The following is the slide in PDF format.


sha256sum 814e353abfa899aede7c6173a3dfd78b9aab0242258748f1e35073a87ff13f47 presentation-croissants.pdf

Download : presentation-croissants.pdf


That's all! See you.

Mission Impossible?

This site is scaled down Damn Vulnerable Web Application (DVWA) which is designed for Penetration Testing purpose. It is full of vulnerabilities, such as SQL Injection (SQLi) and Cross Site Scripting (XSS). However, it is under my protection scheme and it is considered secured. You are allowed to attack it in any form except DDoS and/or Dos. Any one can hack or bypass it, please let me know and contact Samiux at freenode #infosec-ninjas.

Target : Infosec Projects.
Rule : You are allowed to attack it in any form except DDoS/DoS.
Remarks : Online time is limited.
Contact : Samiux at freenode #infosec-ninjas

That's all! See you.

Miley Cyrus - The Backyard Sessions - "Jolene"

"Jolene"
(originally by Dolly Parton)

Jolene, Jolene, Jolene, Jolene
Oh, I'm begging of you please don't take my man
Jolene, Jolene, Jolene, Jolene
Please don't take him even though you can

Your beauty is beyond compare
With flaming locks of auburn hair
With ivory skin and eyes of emerald green

Your smile is like a breath of spring
Your skin is soft like summer rain
And I can not compete with you, Jolene

And I could easily understand
How you could easily take my man
But you don't know what he means to me, Jolene

He talks about you in his sleep
There's nothing I can do to keep
From crying, when he calls your name, Jolene, Jolene

Jolene, Jolene, Jolene, Jolene
Please don't take him even though you can
Jolene, Jolene, Jolene, Jolene
Please don't take him even though you can

I had to have this talk with you
My happiness depends on you
And whatever you decide to do, Jolene

And you could have your choice of men
But I could never love again
Cause he's the only one for me, Jolene, Jolene

Jolene, Jolene, Jolene, Jolene
Oh, I'm begging of you please don't take my man
Jolene, Jolene, Jolene, Jolene
Please don't take him even though you can
Jolene, Jolene...

中国天网系统有多强？

烏合之眾

挑战不可能

18 年带出 2000 余名狙击手 高级狙击技师百步穿杨



天眼狙击手还原高难度场景 神枪手在线演绎军事大片



“猎鹰突击队” 女特警展神技



95 后 “女枪神” 郭子睿和教官李知雨合作击落动态目标 刷新个人纪录



两位女狙击手巅峰对决 现场气氛剑拔弩张



十年坦克兵挑战 270 度坦克漂移 燃爆全场



特战队员 1.70 秒 5 发子弹全部命中目标 终极挑战中角逐“极速枪王”

白帽子乎？!

二零一八年十月廿九日，廿七歲的陳子恩發現香港航空公司 (Hong Kong Airlines) 登機證的網址有敏感資料外洩 (學名為 Insecure Direct Object Reference，IDOR) 漏洞，可以任意讀取其他客戶的資料。他辯稱曾聯絡香港航空公司報告有關其漏洞，但未獲正視，所以向傳媒披露。

同日，傳媒隨即向該公司查詢，該公司職員發現陳某曾經在未獲授權的情況下讀取其中一個客戶的資料。 該公司立即報案。經調查後，陳某被控以「電訊條例」的有關罪行。

他在庭上辯護說他發現漏洞，但未被正視，如果這情況在外國，或者是白帽子的話，他就會得到獎賞，但是他卻被檢控有關罪行，覺得不公平和「司法滋擾」。 最後，陳某在二零一九年七月三日被判有罪，准以自簽一千五百港元，守行為一年了事。

現在分析和研究一下陳某是否犯法和其辯護的理由是否合理。

首先白帽子是指「道德黑客」其在書面授權的情況下進行滲透測試 (Penetrating Testing)。若果所謂的白帽子，並不在書面授權之下進行滲透測試，他就是犯法，顧名思義就是黑帽子。 至於獎賞，如果目標的公司或機構是舉行或參與獎賞計劃 (Bug Bounty) 的話，所有參與滲透測試的人員都是在書面授權的情況下操作，如果白帽子有所發現，他們就得到其應有的獎賞。

所以重點就是否在書面授權的情況下進行滲透測試。以這個案例來說，陳某並非在書面授權的情況下進行滲透測試，所以他是觸犯法例的，這情況亦包括外國的其他國家。

最後，我個人認為，陳某是輕判了！請各位不要以身試法。 所謂獎賞是非必然的。

Samiux
OSCE OSCP OSWP
二零一九年七月四日，中國香港

參考資料

東網新聞

頭條新聞

維基百科