security

Machine identity

1.How aws EC2 generate instance identity documents? 2.How to leavage the instance identity for SSH? 3.How to limit ssh access via group policy? how ssh-agent works? 4.Except spire identity, what are the solutions for node attestation?

Spire on K8S

1. How spire do the node attestation for k8s node? 2.How could spire use slector for pod? mutating webhook or spire agent mount? 3.spire cert will be only used as mtls cert?

wifi_penetration with zANTI on samsung S5

做了一下午的WiFi penetration,使用了工具:zANTI,dsploit, lanmitm. 太好玩了,我的实践证明一旦进入内网,机器简直就是鱼肉。 真实机器: victim: nexus 6, with AVG security suit (free version) 攻击机:samsung S5 with busybox. zANTI,dsploit, lanmitm 都能够成功进行中间人攻击。 最爱的是zANTI,操作极为简单,有完整的nmap扫描(自己选择配置脚本) 而且,在抓包之后能够进行图片抓取,http head match lanmitm工具抓包之后,需要倒出分析。 一个教程链接 总之,用过之后非常震惊! 成功抓取微博访问数据,访问图片,cookie劫持登录.. 内网安全,简直,如若无物!

Software Solutions against page migration coherency problem on Embedded Heterogeneous System @2013

Author: chen xi,jianlong ye, cheng liang Date: 09/2013 (Abstract) Page migration is a valid strategy of operation system’s memory management for enhancing flexibility and performance. However, for Embedded Heterogeneous Systems, it will result in data inconsistency when sharing large data among Multi-OSes because of physical memory page migration.