Social Engineeringとは ソーシャルエンジニアリングとは、不正な理由でターゲットに特定の情報を開示させたり、 特定の行動を取らせたりすることを目的としたすべてのテクニックのことを指す。 https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/what-is-social-engineering Quid pro quo　何かのための何か Quid pro quoはギリシャ語で、代わり・代替などの意味。 英語ではSomething for something. 攻撃者はターゲットに対して何か利益のあることを提案して、 その見返りとして攻撃をしかけること。 低レベルの攻撃者が行うソーシャル・エンジニアリング攻撃の１つ。 例：攻撃者はある企業のITサポートを騙り、従業員にたいして、 ソフトウェアのアップデートやセキュリティ製品の導入をサポートする。 その過程で、従業員の端末にマルウェアやRATをインストールすること。 Eliciation 誘導 Elicitationとは、論法や話法によって結論（例えば真理）を引き出す、引き出すという意味。 特定のクラスの行動を呼び起こす（引き出す）刺激と定義されることもある。 米国政府の国家安全保障局では、Elicitationを “一見普通の無邪気な会話の中で、微妙に情報を引き出すこと “と定義している。 この会話は、レストラン、ジム、保育園など、ターゲットがいる場所ならどこでも発生する可能性がある。 Elicitationが有効なのは、リスクが低く、発見が困難な場合が多いからだ。ほとんどの場合、 ターゲットはどこで情報が入手されたかを知りません。

Learn how to create your first simple Solidity smart contract using the popular Remix IDE. This tutorial covers the most basic contract that’s often introduced in Solidity learning resources. The contract functionality is straightforward: set a number and retrieve it. Even this simple operation consumes gas fees, which we’ll verify in a local EVM test environment. Creating Your First Smart Contract with Remix IDE 1. Access Remix IDE Visit https://remix.ethereum.org/ Ensure the Environment is set to [Remix VM (London)] for local testing. ...

Solidity SafeMath Library: Secure Arithmetic Operations 🔒 The SafeMath library provides secure arithmetic operations that prevent overflow and underflow vulnerabilities using assert statements. /** * @title SafeMath * @dev Math operations with safety checks that throw on error */ library SafeMath { /** * @dev Multiplies two numbers, throws on overflow. */ function mul(uint256 a, uint256 b) internal pure returns (uint256) { if (a == 0) { return 0; } uint256 c = a * b; assert(c / a == b); return c; } /** * @dev Integer division of two numbers, truncating the quotient. */ function div(uint256 a, uint256 b) internal pure returns (uint256) { // assert(b > 0); // Solidity automatically throws when dividing by 0 uint256 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold return c; } /** * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend). */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { assert(b <= a); return a - b; } /** * @dev Adds two numbers, throws on overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; assert(c >= a); return c; } } /** * @title SafeMath32 * @dev SafeMath library implemented for uint32 */ library SafeMath32 { function mul(uint32 a, uint32 b) internal pure returns (uint32) { if (a == 0) { return 0; } uint32 c = a * b; assert(c / a == b); return c; } function div(uint32 a, uint32 b) internal pure returns (uint32) { // assert(b > 0); // Solidity automatically throws when dividing by 0 uint32 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold return c; } function sub(uint32 a, uint32 b) internal pure returns (uint32) { assert(b <= a); return a - b; } function add(uint32 a, uint32 b) internal pure returns (uint32) { uint32 c = a + b; assert(c >= a); return c; } } /** * @title SafeMath16 * @dev SafeMath library implemented for uint16 */ library SafeMath16 { function mul(uint16 a, uint16 b) internal pure returns (uint16) { if (a == 0) { return 0; } uint16 c = a * b; assert(c / a == b); return c; } function div(uint16 a, uint16 b) internal pure returns (uint16) { // assert(b > 0); // Solidity automatically throws when dividing by 0 uint16 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold return c; } function sub(uint16 a, uint16 b) internal pure returns (uint16) { assert(b <= a); return a - b; } function add(uint16 a, uint16 b) internal pure returns (uint16) { uint16 c = a + b; assert(c >= a); return c; } } Usage Best Practices When using this library, it’s recommended to replace increment operators like ++ with SafeMath’s .add(1) method. ...

Understanding ERC20 Token Standard in Solidity The ERC20 standard is a specification for tokens that operate on the Ethereum blockchain. It defines a common set of rules that all Ethereum-based tokens must follow, ensuring compatibility across different platforms and applications. What is ERC20? 🤔 ERC20 is a technical standard used for smart contracts on the Ethereum blockchain that implements a common list of rules for Ethereum tokens. This standard allows developers to create tokens that are compatible with the broader Ethereum ecosystem. ...

Solidity Data Types: Complete Guide for Smart Contract Development Solidity is a statically-typed programming language designed for writing smart contracts on the Ethereum blockchain. This means you must specify the data type of every variable when declaring it, which helps the compiler catch errors and ensures your code is both safe and efficient. Understanding data types is fundamental to smart contract development. Let’s explore the most commonly used data types in Solidity: ...

Virus Types: Evolving Threats in the Digital Landscape Computer viruses have evolved significantly since their inception, becoming increasingly sophisticated in their methods of infection and evasion. Here’s a closer look at some prominent types: 1. Polymorphic Viruses: The Masters of Disguise Polymorphic viruses are designed to evade detection by constantly changing their code. Each time they infect a new system, they encrypt themselves with a different key, making it difficult for traditional antivirus software to recognize them using signature-based detection. This constant mutation makes them a challenging adversary in the cybersecurity realm. ...

Kali Linux and CHNTPW: Resetting Lost Windows Passwords Losing your Windows administrator password can be a major headache, locking you out of your own system. But don’t panic! There’s a powerful solution using Kali Linux and a tool called CHNTPW. This method allows you to reset the password without needing to know the original one. Here’s a detailed breakdown of the process: What you’ll need: A USB drive with at least 1GB of storage A computer with internet access to download Kali Linux The target Windows computer with the lost password Step-by-step guide: ...

Pharming: A Silent Threat to Online Security While many are aware of phishing attacks, a lesser-known but equally dangerous threat lurks online: pharming. This insidious tactic manipulates internet infrastructure to redirect users to fraudulent websites, even when they type the correct URL. How Pharming Works Pharming exploits vulnerabilities in the Domain Name System (DNS), which acts as the internet’s address book, translating human-readable website names (like [無効な URL を削除しました]) into machine-readable IP addresses. By corrupting this system, attackers can misdirect users to fake websites designed to steal sensitive information. ...

Nmap is like a superpower for exploring computer networks! It’s a tool that lets you see which “doors” (ports) are open on a computer, like checking if the front door, back door, or garage is open. This is called “port scanning,” and it’s super useful for security professionals to find weaknesses. Here’s a breakdown of some cool Nmap tricks: Speeding things up: -T5: Makes Nmap scan super fast, like a cheetah! But be careful, it can be noisy and get noticed. -T4: A bit slower, but still pretty quick. Like a racehorse! Stealth mode: ...

What is pandas Datareader It is a library to download data online. Official Documentation Here is a list of data sources. Some require an API key. fred and stooq can obtain data without an API key. Remote Data Access Fred Economic Data Data source provided by the St. Louis Fed. Federal Reserve Economic Data Time Series Graph of Fred NASDAQ Let’s create a time series graph of NASDAQ. Also, let’s display the 200-period moving average SMA200. This can be done in just about 10 lines. ...