IMCAFS

 Home

secwiki weekly (no. 135)

Posted by santillano at 2020-03-29
all

Safety technology

[vulnerability analysis] MSSQL implements command execution through agent jobs (Chinese) http://www.button.com/89870.html

[web security] binproxy introduction http://www.motoin.com/89877.html

[vulnerability analysis] vulnerability analysis and improvement of shadowsocks protocol https://github.com/breakwa11/shadowlocks-rss/issues/38

[web security] [preliminary code audit] beescms v4.0_rsql injection https://www.ohlige.cn/php/beescms_sqli.html

[forensic analysis] mailsniper: a tool for searching every user's email for sensitive data http://www.blackhillsinfosec.com/? P = 5296

[O & M security] wyproxy: http / HTTPS, Socks5 proxy server, saved to the background database https://github.com/ring04h/wyproxy

[vulnerability analysis] application and analysis of winafl: an intelligent fuzzy testing tool http://blog.jowto.com/? P = 150

[web security] several ways to attack SQL server without password http://www.button.com/89825.html

[web security] cobalt strike 3.5 release enhanced Linux post penetration (with cracked) http://www.motoin.com/89862.html

[data mining] tinyflow: build your own deep learning system in 2K lineshttps://github.com/tqchen/tinyflow

Chen Rd

[web security] CSRF protection bypass on any Django powered site via Google Analytics https://hackeron.com/reports/26647

[malicious analysis] use Netshell to execute malicious DLLs to realize host persistence control http://www.motoin.com/89905.html

[vulnerability analysis] Mozilla security / fuzzy data: fuzzy resources for feeding variable Fuzzers with inphttps://github.com/mozilla security/fuzzy data

0 × Rd

& srcid = 0928ai1xd4en5qtiworjgc1 & from = timelin

[web security] cloud knowledge base online search platform http://cb.drops.wiki/

[vulnerability analysis] practice: reverse engineering challengeshttps://challenges.re/

[malicious analysis] bypass techniques of virtual machine detection found in malicious documents http://www.button.com/89888.html

Chen Rd

[malicious analysis] project apt: how to build an ICS network and have fun at the same timehttp://blog.talosintel.com/2016/09/apt-kegerator.html × more

[forensic analysis] real time crime forecasting challenge http://www.nij.gov/funding/pages/fy16-crime-forecasting-challenge.aspx

[operation and maintenance security] DDoS attack status and defense mechanism analysis http://bobao.360.cn/news/detail/3592.html

[data mining] principle and implementation of simhash algorithm http://yanyiwu.com/work/2014/01/30/simhash-shi-xian-xiang-jie.html

[web security] dawnscanner: static analysis security scanner for ruby applicationshttps://github.com/thesp0ge/dawnscanner

[other] Research on security products and manufacturers http://www.youxia.org/china-security-vender-list.html

[web security] ponnhub storage Cross Station worth 1500 US dollars http://www.motoin.com/89795.html

[malicious analysis] Lucky Strike: an evil office document generator http://www.shellntel.com/blog/2016/9/13/lucky strike-a-database-backed-evil-macro-generator

[vulnerability analysis] book: reverse engineering for beginners https://beginners.re/re4b-en.pdf

© 2023