secwiki weekly (no. 172)

Posted by tzul at 2020-04-01

Safety technology

[web security] intranet port forwarding and penetration

[web security] use HTTP header to bypass waf

[book] anyone else remember this classic book? Proficient in script hacking technology discussion

[forensic analysis] security analysis of Web log discussion on technology

[web security] get the real intranet of the server through F5: ip the real IP through F5/

[other] security skill tree short version V1 official version

[vulnerability analysis] Samba Remote Code Execution Vulnerability (cve-2017-7494) analysis | vulnerability research

[vulnerability analysis] Research on double fetch vulnerability in Linux kernel P = 2049

[data mining] easyml: open source interactive graphical machine learning platform of Institute of computing, Chinese Academy of Sciences

[web security] wretched ideas reproduce spring webflow remote code execution

[tool] red Hou: information collection tool

[web security] spring web flow Remote Code Execution Vulnerability Analysis (cve-2017-4971) ා0-tsina-1-60416-397232819ff9a47a7b7e80a40613cfe1

[data mining] Yellow River identification - Open of deep learning Caffe model [nsfw]

[web security] the way of enterprise security construction: port scanning (below)

[web security] [yisrc] technology sharing - how much do you know about HTTPS communication?

[web security] Alibaba cloud free HTTPS certificate deployment notes /% E9% 83% A8% E7% BD% B2% E9% 98% BF% E9% 87% 8C% E4% Ba% 91% E5% 85% 8D% E8% B4% b9https% E8% AF% 81% E4% B9% A6% E7% AC% 94% E8% AE% B0/

[web security] sanic < = 0.5.0 static file read arbitrary file vulnerability research

[operation and maintenance security] Metasploit experiment: making the remote control of no killing payload + to any "external network" host

[vulnerability analysis] butterfly effect and program error: utilization of a slag hole Id = 2309404118504042313519

[tools] blackhat 2017 security toolset

[point of view] overview of China's network information security industry ʍbiz = mzaxoti5otuwmw = = & mid = 2650744489 & IDX = 1 & Sn = 4b27b845c1d5ea4c005e4172ebc19c7

[vulnerability analysis] vulnerability analysis and utilization of ms16-098 rgnobj integer overflow under Windows 10

[vulnerability analysis] automatic mining of windows kernel information disclosure vulnerability

[operation and maintenance security] the operation and maintenance growth path of station B (monitoring part)

[meeting] yisrc report - review of the third Ivy cloud security construction salon [biz = mziynjzmjcynw = = & mid = 2247484676 & IDX = 1 & Sn = ec9bb9be4dacfbc1276109039d673146 & scene = 0 [wechat] redirect

[programming technology] neglected attack area: Python package phishing


[programming technology] CTF encryption and decryption

[mobile security] attack scenario restoration: local root moto G4 & G5 device (with utilization code)

[device security] intelligent Internet vehicle information security white paper

[web security] cross site attack defense - use the same site cookie to prevent cross site attacks Type = 1 & id = wevfjkzh3py8pbcekvn2alh4wh3vl5s1

[vulnerability analysis] automatically discovering windows kernel information leak vulnerabilities

[forensic analysis] 22 popular computer forensic tools

[web security] XSS radar: XSS vulnerability mining tool

[meeting] 2017 apwg Symposium on electronic crime research (ecrime) paper list Newsearch = true & querytext = 2017% 20apwg% 20symposium% 20On% 20electronic% 20crime% 20re

[web security] from trigonometric function to discrete Fourier transform to speech recognition to image frequency domain robustness watermark From = 51

[operation and maintenance security] discussion on DDoS test mode rhvp2-m-5yhtegvncw

[web security] ppt / keynote (PHP security development)

[tools] how to play intranet middleman

[web security] morphhta - morphing cobalt strike's evil.hta

[web security] business security segment

[vulnerability analysis] industrier global threat report (IEC 60870-5-104) 6516; biz = mzixmj5mzq3oa = = & mid = 2247483723 & IDX = 1 & Sn = 2ca8d5359adde75994f52a0475fbe5a1 & scene = 0 ﹐ wechat ﹐ redirect

[malicious analysis] latest leaked document of CIA vault7: cherry blossom in full bloom

[vulnerability analysis] get to know the fuzzy tool winafl

[programming technology] principle and application of MD5 extended attack

[O & M security] firmware security compliance of cloud infrastructure "compliance. HTML? From = timeline

[tools] add to nmap

[operation and maintenance security] how to use IBD file to recover data for MySQL ﹣ vg9b3vbhvq2p ﹣ 2G

[tools] sheller + Metasploit + netripper: bypass antivirus and sniff HTTPS password

[tools] wordlists sorted by probability originally created for password generation and t

[malicious analysis] exclusive reverse report: why does apt28 make Sai mentik lie down gun ʍbiz = mzi4oda4mtcxma = = & mid = 2649550629 & IDX = 1 & Sn = 38adafad60a1e157d018f8064f92 & scene = 0 ʍ wechat ʍ redirect

[web security] connection condition test of netuse command in penetration test

[tools] totally automatic LFI Explorer (+ reverse shell) and scanner

[web security] sharing your webpages thread big data P = 161

[vulnerability analysis] field utilization analysis of sambacry E9% 87% 8e% E5% A4% 96% E5% 88% A9% E7% 94% A8% E5% 88% 86% E6% 9E% 90/

[web security] cross site scripting payload for fuzzy| technical discussion

[malicious analysis] advanced incident detection and thread identifying using Sysmon (and Splunk)'tom-ueltschi'sysmon'final.pdf

[other] platform continues to evolve, find ways to maintain invisibility

[tools] DNS tunnel technology analysis

[vulnerability analysis] using waitfor.exe to implement a backdoor mechanism

[web security] Research on server injection problems encountered in the development of flaskjinja2 ii

[malicious analysis] the homology analysis of Ukraine's power grid events and the US election malware ʎbiz = mzi4oda4mtcxma = = & mid = 2649550639 & IDX = 1 & Sn = 4ab262f55134a32dfa0789b24210d251 & scene = 0 ʋ wechat ʍ redirect

[forensic analysis] belati: the traditional Swiss Army knife for osint

[operation and maintenance security] architecture implementation of intelligent countermeasure system of security AI

[programming technology] pwdmanage password management tool

[mobile security] sixth question of ctf2017: ericky APK writeup

[document] sec wiki weekly (issue 171)

[opinion] the self-report and summary of the 20-year-old director of the central enterprise is sent to the graduates at From = timeline

[wireless security] security analysis report of modern wireless mouse and keyboard

[web security] struts 2 command execution series review 2-command-execution-series-review.html

[competition] a database of collected ctfs and their solutions.

[mobile security] [exclusive] analysis of Bluetooth app vulnerability Series II cve-2017-0639 | vulnerability research

[mobile security] OSX / macransom: analyzing the latest ransomware to target macs