Here

Author: Heige(a.k.a Superhei) of KnownSec 404 Team Date: May 25,2020 Chinese version: https://paper.seebug.org/1219/ We had released ZoomEye’s historical data API query interface in ZoomEye 2020 that had launched in January this year: https://medium.com/@80vul/zoomeye-2020-has-started-8414d6aaf38 . Next, I will introduce some examples of using ZoomEye History API to capture the traces of APT team attacks. Instructions for using the historical query API interface: https://www.zoomeye.org/doc#history-ip-search ,Of course we have also updated our ZoomEye SDK support history api: https://github

问题： This question already has an answer here: 这个问题已经在这里有了答案： What does ** (double star/asterisk) and * (star/asterisk) do for parameters? **（双星号/星号）和*（星号/星号）对参数有什么作用？ 19 answers 19个答案 asterisk in function call 3 answers 函数调用中的星号 3个答案 What does the * operator mean in Python, such as in code like zip(*x) or f(**k) ? * 运算符在Python中的含义是什么，例如 zip(*x) 或 f(**k) ？ How is it handled internally in the interpreter? 在解释器内部如何处理？ Does it affect performance at all? 它会影响性能吗？ Is it fast or slow? 是快还是慢？ When is it useful and when is it not? 什么时候有用，什么时候没有？ Should it be used in a function declaration or in a call?

问题： I know how I use these terms, but I'm wondering if there are accepted definitions for faking , mocking , and stubbing for unit tests? 我知道我如何使用这些术语，但是我想知道是否存在接受 伪造 ， 模拟 和 存根 的单元测试定义？ How do you define these for your tests? 您如何为测试定义这些？ Describe situations where you might use each. 描述您可能会使用每种情况的情况。 Here is how I use them: 这是我的用法： Fake : a class that implements an interface but contains fixed data and no logic. Fake ：实现接口但包含固定数据且没有逻辑的类。 Simply returns "good" or "bad" data depending on the implementation. 只需根据实现返回“好”或“坏”数据。 Mock : a class that implements an interface and allows the ability to

Author：LoRexxar@Knownsec 404 Team Time: May 11, 2020 Chinese version: https://paper.seebug.org/1197/ I took a look at the third Web Open of the null pointer this weekend, and after a little research, I found that this is the latest version of the DZ3.4 environment with almost default configuration. We need to pwn it in such a DZ under almost real environment. This moment raised my interest, and then we will sort out the penetration process together. The difference from the default environment is that we have two additional conditions. 1. The backend of the web environment is Windows; 2. We get

问题： If I'm using terminal and typing in a line of text for a command, is there a hotkey or any way to clear/delete that line? 如果我正在使用终端并为命令输入一行文本，是否有热键或任何方式来清除/删除该行？ For example, if my current line/command is something really long like: 例如，如果我当前的行/命令非常像： > git log --graph --all --blah..uh oh i want to cancel and clear this line <cursor is here now> Is there a hotkey or command to go from the above to: 是否有热键或命令从上面到： > ? ？ Usually I will press the ↓ key, and if my current line is a brand new one on the history, that will clear it. 通常我会按↓键，如果我的当前行是历史上的全新行，那将清除它。 But if I'm going through my

文章目录 监听多端口 自定义的struct绑定form-data 监听多端口 如何利用gin实现监听多端口 package main import ( "log" "net/http" "time" "github.com/gin-gonic/gin" "golang.org/x/sync/errgroup" ) var ( g errgroup.Group ) func router01() http.Handler { e := gin.New() e.Use(gin.Recovery()) e.GET("/", func(c *gin.Context) { c.JSON( http.StatusOK, gin.H{ "code": http.StatusOK, "error": "Welcome server 01", }, ) }) return e } func router02() http.Handler { e := gin.New() e.Use(gin.Recovery()) e.GET("/", func(c *gin.Context) { c.JSON( http.StatusOK, gin.H{ "code": http.StatusOK, "error": "Welcome server 02", }, ) }) return e } func main

问题： Google's "Report a Bug" or "Feedback Tool" lets you select an area of your browser window to create a screenshot that is submitted with your feedback about a bug. 利用Google的“报告错误”或“反馈工具”，您可以选择浏览器窗口的区域来创建屏幕截图，并在屏幕上提交有关错误的反馈。 Screenshot by Jason Small, posted in a duplicate question . Jason Small的屏幕截图，张贴在一个 重复的问题中 。 How are they doing this? 他们是如何做到的？ Google's JavaScript feedback API is loaded from here and their overview of the feedback module will demonstrate the screenshot capability. Google的JavaScript反馈API从 此处 加载， 它们对反馈模块的概述 将演示屏幕截图功能。 解决方案： 参考一： https://stackoom.com/question/KbrI/使用HTML

二叉树 前序查询 思路（中序和后续思路类似）： 首先，定义一个返回Node的方法，传送一个要查询的参数public Node preOrderSearch(int value){......} 1、判断根节点的value是否是与要查询的value相等，如果是则返回——if(this.value == value){return this;} 2、若根节点判断不等，定义一个 类变量 用于判断左右子树是否查询到要查找的值，同时为了定义的方法返回一个值.Node resNode = null; 3、判断左子数是否为空，不为空则递归调用左子树查找 如果左子树递归找到就将查找的结果 赋值 给 resNode 4、判断类变量resNode是否为空，不为空则表示左子树找到了，返回即可 5、若左子树没找到并且resNode没有返回，说明 根节点和左子树都没有查询到要查询的值value。 判断右子树若不为空则递归查找，查找到就将结果 赋值 给resNode 6、若右子树找到要查找的值，则resNode会接受到返回即可；若根节点、左子树、右子树都没有找到要查询的值则直接返回定义的类变量即可（因为为类变量赋值为 null） 二叉树 删除节点 思路： 首先，先判断根节点是否为空，为空则直接返回“二叉树为空，不能删除”；若不为空则判断根节点是否是要删除的节点，是则将根节点置空 root = null

Author：Longofo@Knownsec 404 Team Time: April 27, 2020 Chinese version: https://paper.seebug.org/1192/ Fastjson doesn't have a cve number, so it's difficult to find the timeline. At first,I wrote something slowly. Fortunately, fastjson is open source and there are hard work records of other security researchers. This article will give the key updates and vulnerability timelines related to Fastjson and the vulnerabilities,I will test and explain some of the more classic vulnerabilities, and give some check payloads and rce payloads. Fastjson Parsing Process You can refer to fastjson process

论文代码： https://github.com/NYUMedML/DARTS 1、摘要 Quantitative, volumetric analysis of Magnetic Resonance Imaging (MRI) is a fundamental way researchers study the brain in a host of neurological conditions including normal maturation and aging. Despite the availability of open-source brain segmentation software, widespread clinical adoption of volumetric analysis has been hindered due to processing times and reliance on manual corrections. Here, we extend the use of deep learning models from proof-of-concept, as previously reported, to present a comprehensive segmentation of cortical and deep gray