IMCAFS

Home

secwiki weekly (issue 197)

Posted by punzalan at 2020-04-07
all

Safety technology

[document] ppttps://threatbook.cn/event/

[document] ppttps://www.blackhat.com/eu-17/briefs.html of black hat Europe 2017

[O & M security] safe O & M holes http://mp.weixin.qq.com/s/xdgriqg7bdbkrgnpbsxsiq

[web security] talk about the bottleneck of conventional penetration, and the divergent thinking of examples breaks through http://mp.weixin.qq.com/s/kioak2vfgks51a_wd23qw

[web security] collect "technical work" in SRC information http://mp.weixin.qq.com/s/jugol1qlirhxwjdzd3nfg

[mobile security] sensitive information of Android App security test is stored locally at http://mp.weixin.qq.com/s/vdigyilwnz5fjuwy9vs-lg

[operation and maintenance security] xsec proxy scanner: a super fast and small proxy scanner https://github.com/netxfly/xsec-proxy-scanner

[web security] use sqlmap to zigzag through a server https://bbs.ichunqiu.com/thread-29736-1-1.html? From = sec

[web security] ISCC 2017 GRD web writeuphttp://foreversong.cn/archives/847

[web security] s2-055 vulnerability environment construction and analysis | xxlegendhttp://xxlegendhttp.com/2017/12/06/s2-055% E6% BC% 8F% E6% B4% 9E% E7% 8e% AF% E5% A2% 83% E6% 90% ad% E5% BB% Ba% E4% B8% 8e% E5% 88% 86% E6% 9e% 90/

[data mining] joint learning of entity recognition and relationship extraction based on neural network https://mp.weixin.qq.com/s/ahoezujmvuu-p7j5z SVQ

[vulnerability analysis] PHP security advanced calendar 2017 PHP challenge https://www.ripstech.com/php-security-calendar-2017/

[programming technology] Weibo API: no need to log in to get the python Library of sina Weibo data https://github.com/yawuplus/weibo API

[web security] tensorflow automatic identification verification code (I) http://mp.weixin.qq.com/s/j9vjaoclzbr4oigusndpw

[web security] penetration skills - account hiding in Windows system https://3gstudent.github.io/3gstudent.github.io /% E6% B8% 97% E9% 80% 8F% E6% 8A% 80% E5% B7% a7-windows% E7% B3% BB% E7% BB% 9F% E7% 9A% 84% E5% B8% 90% E6% 88% B7% E9% 9A% 90% E8% 97% 8F/

[wireless security] securee: ZigBee security testing toolhttps://github.com/cognosec/securee

[malicious analysis] PHP webshell deformation technology summary http://www.freebuf.com/articles/web/155891.htmlා0-tsina-1-30825-397232819ff9a47a7b7e80a40613cfe1

[web security] s2-045, s2-055 analysis report https://github.com/secureskytechnology/study-struts 2-s2-054_-jackson-cve-2017-7525 cve-2017-15095

[web security] cmspoc-a CMS exploit framework https://github.com/chybeta/cmspoc/wiki/scripts

[data mining] xlearning: a scheduling system supporting multiple machine learning and deep learning framework https://github.com/qihoo360/xlearning/blob/master/readme_cn.md

[operation and maintenance security] nmap ﹣ vscan: nmap service and application detection (without nmap) https://github.com/nixawk/nmap ﹣ vscan

[web security] share a few funny sentences about passing dogs https://bbs.ichunqiu.com/thread-29896-1-1.html? From = sec

[programming technology] scratch + selenium crawls UC headline website http://kekefund.com/2017/12/06/scratch-and-selenium/

[operation and maintenance security] Application of non immediate feedback strategy and random noise in business security http://mp.weixin.qq.com/s/gfxbo4ckg4zwznp-xparq

[mobile security] Android development tool apktool vulnerability analysis https://security.tencent.com/index.php/blog/msg/122

[mobile security] in depth analysis: the Maginot defense line of mobile fingerprint https://paper.seebug.org/471/

Cactihttp://mp.weixin.qq.com/s/6g5kbnjwlkj3c-1cvympqg of [web security] [code audit]

[document] Xiaomi IOT safety road https://events.cloud.mi.com/iotsumit/paper/2.% 20% E5% B0% 8F% E7% B1% b3iot% E5% AE% 89% E5% 85% A8% E4% B9% 8b% E8% B7% AF% 20 -% 20% E9% 99% 88% E6% B4% 8b.pdf

[mobile security] analysis of several vulnerabilities in a series of optical cats http://mp.weixin.qq.com/s/bq3yusa3dlllmbweyewjcmw

[web security] fancy way to steal netntlm hash https://paper.seebug.org/474/

[web security] attack container cluster management platform https://0x0d.im/archives/attack-container-management-platform.html

[malicious analysis] PowerShell code obfuscation technology based on ast abstract syntax tree http://www.4hou.com/tolerance/9002.html

[vulnerability analysis] Linux kernel 4.14 slab ﹣ freelist ﹣ hardend simple analysis https://paper.seebug.org/470/

[opinion] are you sorry about the safety of entering the pit http://mp.weixin.qq.com/s/spy0ns o5h49ppbgyueha

[web security] windows backdoor utilization analysis in CIA vault7 RDB https://3gstudent.github.io/3gstudent.github.io/cia-vault7-rdb% E4% B8% ad% E7% 9A% 84windows% E5% 90% 8e% E9% 97% A8% E5% 88% A9% E7% 94% A8% E6% 96% B9% E6% B3% 95% E5% 88% 86% E6% 9E% 90/

[web security] [PHP audit practice] xdcms v2.0.8 SQL error injection https://bbs.ichunqiu.com/thread-30059-1-1. HTML? From = sec

[mobile security] internet terminal vulnerability Threat Intelligence Report http://mp.weixin.qq.com/s/ihh0br7uqh0ycbjonbgabw

[web security] some conclusions and Reflections on "cookie dilemma" http://www.cnblogs.com/r00tuser/p/7993509.html

[operation and maintenance security] enterprise security project architecture practice sharing https://mp.weixin.qq.com/s/rlbth9-xry7nd1zjk3kjdq

[web security] OWASP juice shop (II) https://bbs.ichunqiu.com/thread-29958-1-1.html? From = sec

[mobile security] a new technical scheme for app registration and login verification? http://mp.weixin.qq.com/s/KALAL31QoC8s8bANKRgKcQ

[web security] MySQL practical skills of bypassing WAF http://www.freebuf.com/articles/web/155570.html

[operation and maintenance security] detecting regional movement through tracking event logs (version 2) https://www.jpcert.or.jp/english/pub/sr/detecting% 20regional% 20movement% 20through% 20tracking% 20event% 20logs \ version2.pdf

[web security] information mining for known data http://blog.nsfocus.net/web-mining/

[other] a preliminary study on the concept of decomposing back door http://mp.weixin.qq.com/s/klr2s9pkhqy97ezjytem2w

[web security] methods to bypass a web application firewall https://www.ptsecurity.com/upload/corporate/ww-en/download/pt-devteev-cc-waf-eng.pdf

[web security] reflections on pwnhub membership day http://mp.weixin.qq.com/s/ du7aqthnhs4oarfvgqvw

[data mining] delivering security insights with data analytics and visualization https://www.slideshare.net/zrlram/delivering-security-insights-with-data-analytics-and-visualization-83499852

[malicious analysis] new targeted attack in the Middle East by apt34 https://www.fireeye.com/blog/thread-research/2017/12/targeted-attack-in-middle-east-by-apt34.html

[magazine] sec wiki weekly (issue 196) https://www.sec-wiki.com/weekly/196

[malicious analysis] WordPress Keylogger event analysis https://cert.360.cn/warning/detail? Id = 6c3e744f070dff4b88a5d15c5e4662e

[forensic analysis] thinking in graphs: exploring with timesketchhttps://medium.com/timesketch/thinking-in-graphs-exploring-with-timesketch-84b79aecd8a6

[malicious analysis] ICs attack detection: detection of cyber attacks with zone dividing and pcahttps://github.com/manikantareddyd/ics-attack-detection

[operation and maintenance security] designing effective cover red team attack infrastructure https://posts.specifications.io/designing-effective-cover-red-team-attack-infrastructure-767d4289af43

[web security] implement data retrieve over dnshttps://story.tone.name/2016/06/21/yong-dnsmasqshi-xian-data-retrieve-over-dns with dnsmasq/

[web security] use Empire to bridge Metasploit and shadowbroker's fuzzbunch https://story.tone.name/2017/05/05/li-yong-empireqiao-jie-metasploit-shadowbrokerfa-bu-de-fuzzbunch/