secwiki weekly (no. 135)

Posted by santillano at 2020-03-29

Safety technology

[vulnerability analysis] MSSQL implements command execution through agent jobs (Chinese)

[web security] binproxy introduction

[vulnerability analysis] vulnerability analysis and improvement of shadowsocks protocol

[web security] [preliminary code audit] beescms v4.0_rsql injection

[forensic analysis] mailsniper: a tool for searching every user's email for sensitive data P = 5296

[O & M security] wyproxy: http / HTTPS, Socks5 proxy server, saved to the background database

[vulnerability analysis] application and analysis of winafl: an intelligent fuzzy testing tool P = 150

[web security] several ways to attack SQL server without password

[web security] cobalt strike 3.5 release enhanced Linux post penetration (with cracked)

[data mining] tinyflow: build your own deep learning system in 2K lines

Chen Rd

[web security] CSRF protection bypass on any Django powered site via Google Analytics

[malicious analysis] use Netshell to execute malicious DLLs to realize host persistence control

[vulnerability analysis] Mozilla security / fuzzy data: fuzzy resources for feeding variable Fuzzers with inp security/fuzzy data

0 × Rd

& srcid = 0928ai1xd4en5qtiworjgc1 & from = timelin

[web security] cloud knowledge base online search platform

[vulnerability analysis] practice: reverse engineering challenges

[malicious analysis] bypass techniques of virtual machine detection found in malicious documents

Chen Rd

[malicious analysis] project apt: how to build an ICS network and have fun at the same time × more

[forensic analysis] real time crime forecasting challenge

[operation and maintenance security] DDoS attack status and defense mechanism analysis

[data mining] principle and implementation of simhash algorithm

[web security] dawnscanner: static analysis security scanner for ruby applications

[other] Research on security products and manufacturers

[web security] ponnhub storage Cross Station worth 1500 US dollars

[malicious analysis] Lucky Strike: an evil office document generator strike-a-database-backed-evil-macro-generator

[vulnerability analysis] book: reverse engineering for beginners