secwiki weekly (issue 201)

Posted by deaguero at 2020-04-04

Safety technology

[web security] look at the security of front-end code from wechat applet

[vulnerability analysis] Weblogic xmldecoder deserialization vulnerability - cve-2017-10271

[vulnerability analysis] performance vs security? CPU chip vulnerability attack practice (1) - cracking Mac OS kaslr Id = 2309404192549521743410

[vulnerability analysis] processor a vulnerability meltdown and spectre analysis report Id = 2309404192764286877696

[vulnerability analysis] AFL (American Fuzzy LOP) implementation details and file variation

[tool] scanner using bugscan plug-in

[vulnerability analysis] security problems caused by CPU disordered execution and predicted execution

[web security] one of the ways to open SRC vulnerability in batch - Design and implementation of vulnerability scanning based on CMS

[data mining] reading network packets as a natural language for introduction detection

[malicious analysis] malicious sample analysis manual - traceability chapter

[forensic analysis] design sensitive honeypot sensor ﹣ more ﹣ sensitive ﹣ honeypot ﹣ sensors.html

[competition] inndy's hack game strategy (web part)

[web security] tips for social workers to find out the behind the scenes fraud (2) From = sec

[operation and maintenance security] use docker to deploy web application

[other] bitcoin tutorial

[vulnerability analysis] adapting the POC for cve-2017-1000112 to other kernels

[programming technology] hand in hand to teach you how to create a vulnerability replication environment

[web security] post penetration: esxi rebound shell

[vulnerability analysis] Intel CPU vulnerability description Id = 2309404192902644407039

[web security] beautiful list of deep learning tutorial case

[wireless security] fishing with 360 WiFi s67a6znxlu8a

[forensic analysis] honeypot system construction for traceability

[operation and maintenance security] openrasp technical analysis

[web security] redis is not authorized to access the remote implanting mining script (end)

[web security] PowerShell Empire introduction

[tools] intranet automation penetration

[device security] new exploration of Huawei hg532 remote command execution vulnerability

[mobile security] Android penetration tool androtickler demining direction north IQ

[forensic analysis] enterprise security construction - design ideas and ideas of modular honeypot platform From = timeline

[mobile security] hole digging skills: summary of APP gesture password bypass ideas

[web security] Web scraping with selenium E5% 9F% Ba% E4% Ba% 8eseleium% E7% 9A% 84% E5% 8F% A3% E4% BB% A4% E7% 88% 86% E7% A0% B4% E5% Ba% 94% E7% 94% A8/

[data mining] tensorflow practical learning notes

[device security] 2017 Internet of things Security Research Report

[data mining] data mining for typical comments of users in Python

[malicious analysis] use snort to detect enterprise traffic

[web security] CSRF of "killing with a knife" takes down the stolen picture dog backstage From = sec

[web security] [Social Engineering] tips to find out the scam behind the scenes (I) HTML? From = sec

[wireless security] how to create a malicious access point using mitmap

[device security] penetrate the defense line of the intranet, and summarize the USB automatic penetration techniques

[vulnerability analysis] office 365 safe links bypass

[mobile security] Android malware detection: system call log + machine learning algorithm

[malicious analysis] removing backdoors – PowerShell image edition – n00py blogs://

[operation and maintenance security] terminal Antivirus of enterprise security construction

[malicious analysis] normalized data logs from 250K sandboxed samples malicious sample function call dataset

[tools] fsociety hacking tools pack – a penetration testing framework

[web security] a CMS injection analysis and injection point summary

[malicious analysis] Trojan horse analysis report of potplayer player optimized version

[vulnerability analysis] on wechat hop plug-in /% E4% B9% 9F% E8% B0% 88% E5% be% AE% E4% BF% A1 -% E8% B7% B3% E4% B8% 80% E8% B7% B3 -% E5% A4% 96% E6% 8C% 82/

[web security] RSAP technology analysis

[operation and maintenance security] "one person" mutual fund enterprise security construction summary

[vulnerability analysis] Introduction to process doppelganging E5% 88% A9% E7% 94% A8% E4% BB% 8b% E7% BB% 8D/

[tool] fail2ban: a small application that can monitor system logs

[other] security analysis of blockchain

[malicious analysis] see how I can reverse Kaspersky engine to detect confidential files

[operation and maintenance security] take you step by step to experience openvas ﹣ tnfhkqofr1q3wgjhg

[vulnerability analysis] Huawei home routes in botnet reclamation

[tools] phishing methods other than web form phishing

[web security] open redirect payloads: open redirect payloads redirect payloads

[data mining] review 2017 | Threat Intelligence Review threat

[data mining] machine learning security data set

[device security] router worm triggered network security AI practice

[tool] graxcode / reversecrypt: extract crypted jar archives

[web security] get Python code from pyinstaller

[forensic analysis] cyber intelligence 2017 summary report

[magazine] sec wiki weekly (issue 200)

[malicious analysis] 2017 China mobile terminal MLM fraud threat situation analysis report

[malicious analysis] 2017 blackmail threat situation analysis report

[web security] some interesting ideas under strict CSP (34c3 CTF) P = 935