secwiki weekly (issue 197)

Posted by punzalan at 2020-04-07

Safety technology

[document] ppttps://

[document] ppttps:// of black hat Europe 2017

[O & M security] safe O & M holes

[web security] talk about the bottleneck of conventional penetration, and the divergent thinking of examples breaks through

[web security] collect "technical work" in SRC information

[mobile security] sensitive information of Android App security test is stored locally at

[operation and maintenance security] xsec proxy scanner: a super fast and small proxy scanner

[web security] use sqlmap to zigzag through a server From = sec

[web security] ISCC 2017 GRD web writeup

[web security] s2-055 vulnerability environment construction and analysis | xxlegend E6% BC% 8F% E6% B4% 9E% E7% 8e% AF% E5% A2% 83% E6% 90% ad% E5% BB% Ba% E4% B8% 8e% E5% 88% 86% E6% 9e% 90/

[data mining] joint learning of entity recognition and relationship extraction based on neural network SVQ

[vulnerability analysis] PHP security advanced calendar 2017 PHP challenge

[programming technology] Weibo API: no need to log in to get the python Library of sina Weibo data API

[web security] tensorflow automatic identification verification code (I)

[web security] penetration skills - account hiding in Windows system /% E6% B8% 97% E9% 80% 8F% E6% 8A% 80% E5% B7% a7-windows% E7% B3% BB% E7% BB% 9F% E7% 9A% 84% E5% B8% 90% E6% 88% B7% E9% 9A% 90% E8% 97% 8F/

[wireless security] securee: ZigBee security testing tool

[malicious analysis] PHP webshell deformation technology summaryා0-tsina-1-30825-397232819ff9a47a7b7e80a40613cfe1

[web security] s2-045, s2-055 analysis report 2-s2-054_-jackson-cve-2017-7525 cve-2017-15095

[web security] cmspoc-a CMS exploit framework

[data mining] xlearning: a scheduling system supporting multiple machine learning and deep learning framework

[operation and maintenance security] nmap ﹣ vscan: nmap service and application detection (without nmap) ﹣ vscan

[web security] share a few funny sentences about passing dogs From = sec

[programming technology] scratch + selenium crawls UC headline website

[operation and maintenance security] Application of non immediate feedback strategy and random noise in business security

[mobile security] Android development tool apktool vulnerability analysis

[mobile security] in depth analysis: the Maginot defense line of mobile fingerprint

Cacti of [web security] [code audit]

[document] Xiaomi IOT safety road 20% E5% B0% 8F% E7% B1% b3iot% E5% AE% 89% E5% 85% A8% E4% B9% 8b% E8% B7% AF% 20 -% 20% E9% 99% 88% E6% B4% 8b.pdf

[mobile security] analysis of several vulnerabilities in a series of optical cats

[web security] fancy way to steal netntlm hash

[web security] attack container cluster management platform

[malicious analysis] PowerShell code obfuscation technology based on ast abstract syntax tree

[vulnerability analysis] Linux kernel 4.14 slab ﹣ freelist ﹣ hardend simple analysis

[opinion] are you sorry about the safety of entering the pit o5h49ppbgyueha

[web security] windows backdoor utilization analysis in CIA vault7 RDB E4% B8% ad% E7% 9A% 84windows% E5% 90% 8e% E9% 97% A8% E5% 88% A9% E7% 94% A8% E6% 96% B9% E6% B3% 95% E5% 88% 86% E6% 9E% 90/

[web security] [PHP audit practice] xdcms v2.0.8 SQL error injection HTML? From = sec

[mobile security] internet terminal vulnerability Threat Intelligence Report

[web security] some conclusions and Reflections on "cookie dilemma"

[operation and maintenance security] enterprise security project architecture practice sharing

[web security] OWASP juice shop (II) From = sec

[mobile security] a new technical scheme for app registration and login verification?

[web security] MySQL practical skills of bypassing WAF

[operation and maintenance security] detecting regional movement through tracking event logs (version 2) 20regional% 20movement% 20through% 20tracking% 20event% 20logs \ version2.pdf

[web security] information mining for known data

[other] a preliminary study on the concept of decomposing back door

[web security] methods to bypass a web application firewall

[web security] reflections on pwnhub membership day du7aqthnhs4oarfvgqvw

[data mining] delivering security insights with data analytics and visualization

[malicious analysis] new targeted attack in the Middle East by apt34

[magazine] sec wiki weekly (issue 196)

[malicious analysis] WordPress Keylogger event analysis Id = 6c3e744f070dff4b88a5d15c5e4662e

[forensic analysis] thinking in graphs: exploring with timesketch

[malicious analysis] ICs attack detection: detection of cyber attacks with zone dividing and pca

[operation and maintenance security] designing effective cover red team attack infrastructure

[web security] implement data retrieve over dns with dnsmasq/

[web security] use Empire to bridge Metasploit and shadowbroker's fuzzbunch