IMCAFS

 Home

secwiki weekly (193)

Posted by millikan at 2020-03-30
all

Safety technology

[tools] burpsuite Pro 1.7.27 Pro cracked version https://xianzhi.aliyun.com/forum/topic/1548/

[document] summary Manual of offline CTF thinking https://github.com/huseck/ctf/blob/master/ctf% E7% Ba% BF% E4% B8% 8b% E8% B5% 9b% E6% 80% 9D% E8% B7% AF% E6% 80% BB% E7% BB% 93% E6% 89% 8b% E5% 86% 8c.pdf

[data mining] featuretools: open source framework of Automatic Feature Engineering https://www.featuretools.com/

Http://bbs.ichunqiu.com/thread-28962-1-1.html? From = sec

[web security] XSS filtering bypass quick reference table http://www.freebuf.com/articles/web/153055.html

[operation and maintenance security] Apache server security configuration http://foreversong.cn/archives/789

[web security] blackmail software hacker https://bbs.ichunqiu.com/thread-28884-1-1.html? From = sec

[malicious analysis] t-pot 17.10 - Multi honeypot platform reevolutionhttp://dtag-dev-sec.github.io / / mediator / feature / 2017 / 11 / 07 / t-pot-17.10.html

[web security] auxblog CMS 1.0.6 audit record https://ch1st.github.io/2017/11/04/auxblog-cms-1-0-6 -% E5% AE% A1% E8% AE% A1% E8% AE% B0% E5% BD% 95/

[vulnerability analysis] arm assembly basics cheatsheet https://azaria-labs.com/downloads/cheatsheet v1-1920x1080.png

[vulnerability analysis] advanced methods and thinking for vulnerability mining (part. 1) http://www.4hou.com/vulnerable/8376.html

[competition] traffic analysis of the third Shanghai university student network security competition writeuphttps://imlonghao.com/51.html

[competition] EIS CTF 2017 web write-uphttp://momoxiaoxi.com/2017/11/05/eisctf/

[other] on CSV injection attack http://www.4hou.com/technology/8321.html

[Web security] essences webshell research in PHP direction https://bbs.ichunqiu.com/thread-28862-1-1.html? From=sec

[point of view] my infiltrative learning journey http://mp.weixin.qq.com/s? Ubiz = mzi5mdq2njexoq = = & mid = 2247485275 & IDX = 1 & Sn = 1f292e69938c5f6b037e06d8e5236764 & chksm = ec1e3773db69be65af3edf8132893053da612c997718c51e24509b4a13831653f9a3dff8aaca3 Rd

[web security] CMS vulnerability detection tool written by Python 3 (including 300poc) http://www.freebuf.com/sectool/149883.html

[operation and maintenance security] black mirror investigation: the truth behind the Abyss: report on "the wool industry" http://image.3001.net/uploads/pdf/4aa87c468888173995c295a873c2aa682.pdf

[vulnerability analysis] node.js + Postgres from injection to getshell https://www.leavesongs.com/peeneration/node-postgres-code-execution-vulnerability.html

[device security] arm Exhibition for IOT – episod 3https://quequero.org/2017/11/arm-exhibition-iot-epiride-3/

[web security] some nmap NSE scripts recommended http://www.polaris-lab.com/index.php/archives/390/

[web security] Xiaobai's process of thinking about a simple anti SQL question http://myndtt.com/2017/11/09 /% E4% BB% 8e% E4% B8% 80% E9% 81% 93anti SQL% E9% A2% 98% E8% AE% B2% E8% B5% B7/

[equipment safety] geekpwn industrial control CTF writeuphttp://bobao.360.cn/ctf/detail/213.html

[malicious analysis] NTT security 2017 Threat Intelligence Report interpretation https://zhanglan.zhihu.com/p/3088595? Group ﹐ id = 911984549982990336

[web security] fingerscan: website service identification tool https://github.com/jason/fingerscan

[operation and maintenance security] system security monitoring DIY: do it yourself osquery agent http://www.freebuf.com/sectool/152402.html

[malicious analysis] analysis of the exploitation details of eternalblue tool https://mp.weixin.qq.com/s/ - g2bjw05xacx16pigszaa

[data mining] domain name association model: let malware self expose https://zhanglan.zhihu.com/p/30780842

[device security] build an industrial system virtualization test platform http://icsmaster.com/security/virtual_platform.html

[forensic analysis] kill the BillGates Trojan under Linux http://www.nuanyue.com/linux-xiabillgates-mu-ma-cha-sha-2-2-2/

[web security] multiple ways of using Metasploit to penetrate MySQL https://bbs.ichunqiu.com/thread-28745-1-1.html? From = sec

[competition] hitcon2017-writer: https://lorexxar.cn/2017/11/10/hitcon2017-writer/

[web security] a PHP rasp implementation https://paper.seebug.org/449/

[operation and maintenance security] principle and example of local DNS attack http://mp.weixin.qq.com/s? 6520; biz = mzi5mdq2njexoq = = & mid = 2247485308 & IDX = 1 & Sn = 35ef757470ec4057babfb898c5ec5c19 & chksm = ec1e3754db69be42b44976d6841842c7a42afc227d7dcd6c50bdbf4edcda028ae7cf90ada9a9 ʍ Rd

[web security] summary of PHP shell bypass ideas (for beginners still confused about bypass) https://bbs.ichunqiu.com/thread-28883-1-1.html? From = sec

[malicious analysis] fame: malware analysis platform famehttps://github.com/certsitegeneral/fame

[other] what is counter attack? http://www.4hou.com/vulnerable/8322.html

Chat_redirect

[device security] Research on TP-LINK wr941n router https://paper.seebug.org/448/

[malicious analysis] implanting backdoor https://3gstudent.github.io/3gstudent.github.io /% E5% 88% A9% E7% 94% a8bdf% E5% 90% 91exe% E6% 96% 87% E4% BB% B6% E6% A4% 8D% E5% 85% a5% E5% 90% 8e% E9% 97% A8/

[web security] php_bugs: PHP code audit section explanation https://github.com/bowu678/php_bugs

[mobile security] "blind" reverse: IOS application blind trace https://paper.seebug.org/440/

[malicious analysis] DNS persist: remote control communication using DNS protocol https://github.com/0x09al/dns-persist

[web security] windows server2012 hide user creation (PowerShell) https://evi1cg.me/archives/userclone.html

[tool] cert-bdf / cortex: powerful observable analysis enginehttps://github.com/cert-bdf/cortex

[mobile security] Android blackmail research - malware one click generator http://blogs.360.cn/blog/analysis ﹣ of ﹣ mobile ﹣ malware ﹣ factories/

[malicious analysis] scan_kill_php_shell: regular killing for PHP nethorse https://github.com/huseck/scan_kill_php_shell

[malicious analysis] a CTF question get s a new pose http://mp.weixin.qq.com/s? ᥤ biz = mzi5mdq2njexoq = = & mid = 2247485297 & IDX = 1 & Sn = b9d5f80bcd37d1ce0596e1a2c251d9fb & chksm = ec1e3759db69be4f84913826e4b4b4e5d79461061e0f61a4eb8889aa65909e2ab314391d94f87c C ᦇ Rd

[malicious analysis] creating a simple free malware analysis environment | malwaretechttps://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html

[malicious analysis] Introduction to hive of vault8 series of CIA cyber weapons http://www.freebuf.com/column/153784.html

[operation and maintenance security] using FreeRADIUS and Django two factor authentication, quickly build a unified authentication platform guide http://www.freebuf.com/articles/es/152236.html

[malicious analysis] use BDF to plant backdoor https://3gstudent.github.io/3gstudent.github.io /% E5% 88% A9% E7% 94% a8bdf% E5% 90% 91dll% E6% 96% 87% E4% BB% B6% E6% A4% 8D% E5% 85% a5% E5% 90% 8e% E9% 97% A8/

[malicious analysis] software gene extraction tool, principle, implementation and application https://mp.weixin.qq.com/s/mf_ktr7z30g3ewfddca6rw

[magazine] sec wiki weekly (issue 192) https://www.sec-wiki.com/weekly/192

© 2023