β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Most active Types of malware :
There are many ways to classify malware; the first is to classify according to the way that malware spreads. You may have heard that the words virus, Trojan, and worm are used interchangeably, but as Symantec explained, they describe three subtle ways in which malware infects a target computer:
fb.com/UndercodeTesting
1) A worm is an independent piece of malware that can replicate itself and spread from computer to computer;
2) A virus is a piece of computer code that can insert itself into the code of another independent program, and then force the program to perform malicious behavior and spread itself;
3) The Trojan is a program that cannot replicate itself, but can pretend to be what the user wants and trick them into activating it so that it can achieve its own destruction and propagation activities.
4) The malware can also be installed on the computer "manually" by the attacker himself, provided that he wants to gain physical access to the target computer, or use privilege escalation to gain remote administrator access.
5) Another way to classify malicious software is mainly based on its intended purpose, that is, once the malicious software successfully infects the victim's computer, what potential malicious attempts will it use to perform various attack techniques:
6) Spyware : Webroot Cybersecurity defines it as "malware used to secretly collect unsuspecting user data." Essentially, it will steal the data you send or receive when you use your computer, and listen to your network behavior, and send the collected information to a third party. Among them, the keylogger is a special type of spyware that can record all keystrokes of the user-this method is very suitable for stealing user password information;
7) Rootkit : TechTarget defines it as "software whose main function is to hide the progress of other programs, which may be one or more than one software combination." Broadly speaking, rootkit can also be regarded as a technology. The rootkit was first used for good intentions, but later the rootkit was also used by hackers to invade and attack others' computer systems. Computer viruses, spyware, etc. also often use rootkits to hide traces, so rootkits have been classified by most antivirus software as Harmful malicious software;
8) Adware : It is also a type of malware, which forces your browser to redirect to online ads, and these ads usually seek to download further, or even load more malware. As the New York Times puts it, adware usually piggybacks on some attractive "free" items, such as games or browser extensions.
9) Ransomware : It is a very common form of malware in recent years. It mainly encrypts the files of the victim's hard drive and requires payment of a ransom (usually encrypted currency such as Bitcoin) to exchange decryption keys. In the past few years, there have been many high-profile ransomware incidents, such as WannaCry and Petya.
> Without the decryption key, the victim will not be able to gain access to their locked files. The so-called "scareware" is actually a shadow version of the ransomware; it will claim to have control of your computer and ask you to pay a ransom, but in fact it just uses the trick of browser redirection loop To make it appear as if it was hit by a ransomware attack.
10) Encryption hijacking (Cryptojacking?): This is in addition to extortion software, the attackers forced to provide you with another way of encryption, such as Bitcoin currency, it can run only in case you do not know. Crypto mining malware can infect your computer equipment and use your CPU cycles to mine cryptocurrencies such as bitcoin for profit. This type of malware can run in the background of the operating system or as JavaScript in a browser window.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Most active Types of malware :
There are many ways to classify malware; the first is to classify according to the way that malware spreads. You may have heard that the words virus, Trojan, and worm are used interchangeably, but as Symantec explained, they describe three subtle ways in which malware infects a target computer:
fb.com/UndercodeTesting
1) A worm is an independent piece of malware that can replicate itself and spread from computer to computer;
2) A virus is a piece of computer code that can insert itself into the code of another independent program, and then force the program to perform malicious behavior and spread itself;
3) The Trojan is a program that cannot replicate itself, but can pretend to be what the user wants and trick them into activating it so that it can achieve its own destruction and propagation activities.
4) The malware can also be installed on the computer "manually" by the attacker himself, provided that he wants to gain physical access to the target computer, or use privilege escalation to gain remote administrator access.
5) Another way to classify malicious software is mainly based on its intended purpose, that is, once the malicious software successfully infects the victim's computer, what potential malicious attempts will it use to perform various attack techniques:
6) Spyware : Webroot Cybersecurity defines it as "malware used to secretly collect unsuspecting user data." Essentially, it will steal the data you send or receive when you use your computer, and listen to your network behavior, and send the collected information to a third party. Among them, the keylogger is a special type of spyware that can record all keystrokes of the user-this method is very suitable for stealing user password information;
7) Rootkit : TechTarget defines it as "software whose main function is to hide the progress of other programs, which may be one or more than one software combination." Broadly speaking, rootkit can also be regarded as a technology. The rootkit was first used for good intentions, but later the rootkit was also used by hackers to invade and attack others' computer systems. Computer viruses, spyware, etc. also often use rootkits to hide traces, so rootkits have been classified by most antivirus software as Harmful malicious software;
8) Adware : It is also a type of malware, which forces your browser to redirect to online ads, and these ads usually seek to download further, or even load more malware. As the New York Times puts it, adware usually piggybacks on some attractive "free" items, such as games or browser extensions.
9) Ransomware : It is a very common form of malware in recent years. It mainly encrypts the files of the victim's hard drive and requires payment of a ransom (usually encrypted currency such as Bitcoin) to exchange decryption keys. In the past few years, there have been many high-profile ransomware incidents, such as WannaCry and Petya.
> Without the decryption key, the victim will not be able to gain access to their locked files. The so-called "scareware" is actually a shadow version of the ransomware; it will claim to have control of your computer and ask you to pay a ransom, but in fact it just uses the trick of browser redirection loop To make it appear as if it was hit by a ransomware attack.
10) Encryption hijacking (Cryptojacking?): This is in addition to extortion software, the attackers forced to provide you with another way of encryption, such as Bitcoin currency, it can run only in case you do not know. Crypto mining malware can infect your computer equipment and use your CPU cycles to mine cryptocurrencies such as bitcoin for profit. This type of malware can run in the background of the operating system or as JavaScript in a browser window.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Programming Technology-Process and Thread Programming by undercode :
t.me/UndercodeTesting
look at the relationship between processes and Mach tasks and threads in UNIX systems. In a UNIX system, a process includes an executable program and a series of resources, such as a file descriptor table and address space. In Mach, a task includes only a series of resources; threads process all executable code. A Mach task can have any number of threads associated with it, and each thread must be associated with a task. All threads related to a given task share the task's resources. In this way, a thread is a program counter, a stack and a series of registers. All data structures that need to be used are tasks. A process in a UNIX system corresponds to a task and a separate thread in Mach.
[Directory]
----------------------------------------------- ---------------------------------
Original pipeline It is
more complicated to use C language to create pipeline than to use pipeline under shell. If you want to use C language to create a simple pipeline, you can use the system call pipe (). It accepts a parameter, which is an array of two integers. If the system call is successful, this array will include the two file descriptors used by the pipeline. After creating a pipeline, the process will generally generate a new process.
You can create a bidirectional pipe by opening two pipes. But the file description needs to be set correctly in the child process. Pipe () must be called in the fork () system call, otherwise the child process will not inherit the file descriptor. When using a half-duplex pipeline, any associated process must share an associated ancestor process. Because the pipeline exists in the system kernel, any process that is not among the ancestors of the process that created the pipeline will not be able to address it. This is not the case in named pipes.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Programming Technology-Process and Thread Programming by undercode :
t.me/UndercodeTesting
look at the relationship between processes and Mach tasks and threads in UNIX systems. In a UNIX system, a process includes an executable program and a series of resources, such as a file descriptor table and address space. In Mach, a task includes only a series of resources; threads process all executable code. A Mach task can have any number of threads associated with it, and each thread must be associated with a task. All threads related to a given task share the task's resources. In this way, a thread is a program counter, a stack and a series of registers. All data structures that need to be used are tasks. A process in a UNIX system corresponds to a task and a separate thread in Mach.
[Directory]
----------------------------------------------- ---------------------------------
Original pipeline It is
more complicated to use C language to create pipeline than to use pipeline under shell. If you want to use C language to create a simple pipeline, you can use the system call pipe (). It accepts a parameter, which is an array of two integers. If the system call is successful, this array will include the two file descriptors used by the pipeline. After creating a pipeline, the process will generally generate a new process.
You can create a bidirectional pipe by opening two pipes. But the file description needs to be set correctly in the child process. Pipe () must be called in the fork () system call, otherwise the child process will not inherit the file descriptor. When using a half-duplex pipeline, any associated process must share an associated ancestor process. Because the pipeline exists in the system kernel, any process that is not among the ancestors of the process that created the pipeline will not be able to address it. This is not the case in named pipes.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ MORE PROGRAMMING :
Directory]
----------------------------------------------- ---------------------------------
pipe ()
system call: pipe ();
prototype: intpipe (intfd [2 ]);
Return value: If the system call is successful, return 0
If the system call fails, return -1: errno = EMFILE (no free file descriptor)
EMFILE (system file table is full)
EFAULT (fd array is invalid)
Note fd [0 ] Is used to read the pipeline, and fd [1] is used to write the pipeline.
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
main ()
{
intfd [2];
pipe (fd);
..
}
Once the pipeline is created, we can create one New child process:
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
main ()
{
intfd [2];
pid_t childpid;
pipe (fd);
if ((childpid = fork ()) ==-1)
{
perror ("fork");
exit (1);
} ..
}
If the parent process wants to read data from the child process, then it should close fd1, and at the same time The child process closes fd0. Conversely, if the parent process wishes to send data to the child process, then it should close fd0 and the child process closes fd1. Because the file descriptor is shared between the parent process and the child process, we must promptly close the end of the unnecessary pipeline. From a technical point of view, if one end of the pipe is not closed properly, you will not get an EOF.
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
main ()
{
intfd [2];
pid_t childpid;
pipe (fd);
if ((childpid = fork ()) = = -1)
{
perror ("fork");
exit (1);
}
if (childpid == 0)
{
/ * Child process closes up in put side of pipe * /
close (fd [0]);
}
else
{
/ * Parent process closes up out put put of side of pipe * /
close (fd [1]);
} ..
}
As mentioned before, once the pipeline is created, the file descriptor used by the pipeline is the same as the normal file The file descriptor is the same.
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
intmain (void)
{
intfd [2], nbytes;
pid_tchildpid;
charstring [] = "Hello, world!";
charreadbuffer [ 80];
pipe (fd);
if ((childpid = fork ()) ==-1)
{
perror ("fork");
exit (1);
}
if (childpid == 0)
{
/ * Child process closes up in put side of pipe * /
close (fd [0]);
/ * Send "string" through the out put side of pipe * /
write (fd [1], string, strlen (string));
exit (0);
}
else
{
/ * Parent process closes up out put side of pipe * /
close (fd [1]);
/ * Readinastringfromthepipe * /
nbytes = read (fd [0], readbuffer, sizeof (readbuffer)) ;
printf ("Receivedstring:% s", readbuffer);
}
return (0);
} In
general, the file descriptor in the child process will be copied to the standard input and output. This way the child process can use exec () to execute another program, which inherits the standard data flow.
[Directory]
----------------------------------------------- ---------------------------------
dup ()
system call: dup ();
prototype: inddup (intoldfd);
Return: If the system call succeeds, a new file descriptor
is returned. If the system call fails, -1 is returned: errno = EBADF (oldfd is not a valid file descriptor)
EBADF (newfd is out of range)
EMFILE (process file descriptors too many)
Note that the old file descriptor oldfd is not closed. Although the old file descriptor and the newly created file descriptor can be used interchangeably, in general, you need to close one first. The system call dup () uses the free file descriptor with the smallest number.
π¦ MORE PROGRAMMING :
Directory]
----------------------------------------------- ---------------------------------
pipe ()
system call: pipe ();
prototype: intpipe (intfd [2 ]);
Return value: If the system call is successful, return 0
If the system call fails, return -1: errno = EMFILE (no free file descriptor)
EMFILE (system file table is full)
EFAULT (fd array is invalid)
Note fd [0 ] Is used to read the pipeline, and fd [1] is used to write the pipeline.
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
main ()
{
intfd [2];
pipe (fd);
..
}
Once the pipeline is created, we can create one New child process:
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
main ()
{
intfd [2];
pid_t childpid;
pipe (fd);
if ((childpid = fork ()) ==-1)
{
perror ("fork");
exit (1);
} ..
}
If the parent process wants to read data from the child process, then it should close fd1, and at the same time The child process closes fd0. Conversely, if the parent process wishes to send data to the child process, then it should close fd0 and the child process closes fd1. Because the file descriptor is shared between the parent process and the child process, we must promptly close the end of the unnecessary pipeline. From a technical point of view, if one end of the pipe is not closed properly, you will not get an EOF.
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
main ()
{
intfd [2];
pid_t childpid;
pipe (fd);
if ((childpid = fork ()) = = -1)
{
perror ("fork");
exit (1);
}
if (childpid == 0)
{
/ * Child process closes up in put side of pipe * /
close (fd [0]);
}
else
{
/ * Parent process closes up out put put of side of pipe * /
close (fd [1]);
} ..
}
As mentioned before, once the pipeline is created, the file descriptor used by the pipeline is the same as the normal file The file descriptor is the same.
#include <stdio.h>
#include <unistd.h>
#include <sys / types.h>
intmain (void)
{
intfd [2], nbytes;
pid_tchildpid;
charstring [] = "Hello, world!";
charreadbuffer [ 80];
pipe (fd);
if ((childpid = fork ()) ==-1)
{
perror ("fork");
exit (1);
}
if (childpid == 0)
{
/ * Child process closes up in put side of pipe * /
close (fd [0]);
/ * Send "string" through the out put side of pipe * /
write (fd [1], string, strlen (string));
exit (0);
}
else
{
/ * Parent process closes up out put side of pipe * /
close (fd [1]);
/ * Readinastringfromthepipe * /
nbytes = read (fd [0], readbuffer, sizeof (readbuffer)) ;
printf ("Receivedstring:% s", readbuffer);
}
return (0);
} In
general, the file descriptor in the child process will be copied to the standard input and output. This way the child process can use exec () to execute another program, which inherits the standard data flow.
[Directory]
----------------------------------------------- ---------------------------------
dup ()
system call: dup ();
prototype: inddup (intoldfd);
Return: If the system call succeeds, a new file descriptor
is returned. If the system call fails, -1 is returned: errno = EBADF (oldfd is not a valid file descriptor)
EBADF (newfd is out of range)
EMFILE (process file descriptors too many)
Note that the old file descriptor oldfd is not closed. Although the old file descriptor and the newly created file descriptor can be used interchangeably, in general, you need to close one first. The system call dup () uses the free file descriptor with the smallest number.
Look at the following program again:
..
childpid = fork ();
if (childpid == 0)
{
/ * Close up standard input of the child * /
close (0);
/ * Dup licate the input side of pipe to stdin * /
DUP (FD [0]);
execlp ( "Sort", "Sort", NULL);
.
}
as the file descriptor 0 (stdin) is closed, the DUP () of the feed line descriptor copied to its standard Entering. This way we can call execlp () and use the sort program to overwrite the text segment of the child process. Because the newly created program inherits the standard input / output stream from its parent process, it actually inherits the input end of the pipe as its standard input end. Now, any data sent by the original parent process to the pipeline will be sent directly to the sort function.
[Directory]
----------------------------------------------- ---------------------------------
dup2 ()
system call: dup2 ();
prototype: inddup2 (intoldfd, intnewfd );
Return value: If the call is successful, return a new file descriptor
If the call fails, return -1: errno = EBADF (oldfd is not a valid file descriptor)
EBADF (newfd out of range)
EMFILE (process file descriptors too many)
Note that dup2 () will close the old file descriptor.
Using this system call, the close operation and file descriptor copy operation can be integrated into one system call. In addition, this system call ensures the automatic operation of the operation, which means that the operation cannot be interrupted by other signals. This operation will be completed before returning to the system kernel. If the previous system call dup () is used, the programmer has to perform a close () operation before that. Please see the following program:
..
childpid = fork ();
if (childpid == 0)
{
/ * Close stdin, dup licate the input side of pipe to stdin * /
dup2 (0, fd [0]);
execlp ( "sort", "sort", NULL);
..
}
[Directory]
--------------------------------- -----------------------------------------------
popen () And pclose ()
If you think the above method of creating and using pipes is too cumbersome, you can also use the following simple method:
library functions: popen () and pclose ();
prototype: FILE * popen (char * command, char * type);
Return value: If successful, return a new file stream.
If the process or pipeline cannot be created, NULL is returned.
This standard library function creates a half-duplex pipe by calling pipe () inside the system, then it creates a child process, starts a shell, and finally executes the command in the command parameter on the shell. The direction of the data flow in the pipeline is controlled by the second parameter type. This parameter can be r or w, representing read or write, respectively. It cannot be read and written at the same time. Under the linux system, the pipeline will be opened in the way represented by the first character in the parameter type. So, if you write rw in the parameter type, the pipe will be opened for reading.
Although the usage of this library function is simple, there are some disadvantages. For example, it loses some control over the system when using the system call pipe (). Despite this, because shell commands can be used directly, some wildcards and other extended symbols in the shell can be used in the command parameter.
Pipelines created using popen () must be closed using pclose (). In fact, popen / pclose is very similar to fopen () / fclose () in the standard file input / output stream.
Library function: pclose ();
Prototype: intpclose (FILE * stream);
Return value: Returns the state of the system call wait4 ().
If the stream is invalid, or the system call wait4 () fails, it returns -1.
Note that this library function waits for the pipeline process to finish, and then closes the file stream. The library function pclose () executes the wait4 () function on the process created with popen (). When it returns, it will destroy the pipeline and file system.
In the following example, a pipeline is opened with the sort command, and then a character array is sorted:
..
childpid = fork ();
if (childpid == 0)
{
/ * Close up standard input of the child * /
close (0);
/ * Dup licate the input side of pipe to stdin * /
DUP (FD [0]);
execlp ( "Sort", "Sort", NULL);
.
}
as the file descriptor 0 (stdin) is closed, the DUP () of the feed line descriptor copied to its standard Entering. This way we can call execlp () and use the sort program to overwrite the text segment of the child process. Because the newly created program inherits the standard input / output stream from its parent process, it actually inherits the input end of the pipe as its standard input end. Now, any data sent by the original parent process to the pipeline will be sent directly to the sort function.
[Directory]
----------------------------------------------- ---------------------------------
dup2 ()
system call: dup2 ();
prototype: inddup2 (intoldfd, intnewfd );
Return value: If the call is successful, return a new file descriptor
If the call fails, return -1: errno = EBADF (oldfd is not a valid file descriptor)
EBADF (newfd out of range)
EMFILE (process file descriptors too many)
Note that dup2 () will close the old file descriptor.
Using this system call, the close operation and file descriptor copy operation can be integrated into one system call. In addition, this system call ensures the automatic operation of the operation, which means that the operation cannot be interrupted by other signals. This operation will be completed before returning to the system kernel. If the previous system call dup () is used, the programmer has to perform a close () operation before that. Please see the following program:
..
childpid = fork ();
if (childpid == 0)
{
/ * Close stdin, dup licate the input side of pipe to stdin * /
dup2 (0, fd [0]);
execlp ( "sort", "sort", NULL);
..
}
[Directory]
--------------------------------- -----------------------------------------------
popen () And pclose ()
If you think the above method of creating and using pipes is too cumbersome, you can also use the following simple method:
library functions: popen () and pclose ();
prototype: FILE * popen (char * command, char * type);
Return value: If successful, return a new file stream.
If the process or pipeline cannot be created, NULL is returned.
This standard library function creates a half-duplex pipe by calling pipe () inside the system, then it creates a child process, starts a shell, and finally executes the command in the command parameter on the shell. The direction of the data flow in the pipeline is controlled by the second parameter type. This parameter can be r or w, representing read or write, respectively. It cannot be read and written at the same time. Under the linux system, the pipeline will be opened in the way represented by the first character in the parameter type. So, if you write rw in the parameter type, the pipe will be opened for reading.
Although the usage of this library function is simple, there are some disadvantages. For example, it loses some control over the system when using the system call pipe (). Despite this, because shell commands can be used directly, some wildcards and other extended symbols in the shell can be used in the command parameter.
Pipelines created using popen () must be closed using pclose (). In fact, popen / pclose is very similar to fopen () / fclose () in the standard file input / output stream.
Library function: pclose ();
Prototype: intpclose (FILE * stream);
Return value: Returns the state of the system call wait4 ().
If the stream is invalid, or the system call wait4 () fails, it returns -1.
Note that this library function waits for the pipeline process to finish, and then closes the file stream. The library function pclose () executes the wait4 () function on the process created with popen (). When it returns, it will destroy the pipeline and file system.
In the following example, a pipeline is opened with the sort command, and then a character array is sorted: