secwiki weekly (184)

Posted by fierce at 2020-04-14

Safety technology

[web security] s2-052 replication process (with POC utilization) heatlevel

[web security] s2-053 vulnerability recurrence (with exp)

[document] kcon 2017 PPT download

[O & M security] s2-052 Python detection script From = timeline & isappinstalled = 0

[tools] nmap use guide (final version)

[web security] Remote Code Execution Vulnerability Analysis of struts 2 s2-052'lab/struts 2-s2-052% E8% BF% 9C% E7% A8% 8b% E4% BB% A3% E7% A0% 81% E6% 89% A7% E8% A1% 8C% E6% BC% 8F% E6% B4% 9E% E5% 88% 86% E6% 9E% 90/


[web security] coballtstrike 3.8 cracked ﹣ 3 ﹣ 8 ﹣ cracked-html.html

[web security] penetration test learning notes case IV

[mobile security] Android shelling Jihad -- Analysis of 360 reinforcement analysis and shelling tutorial

[web security] MySQL injection map - learning chapter ʎ biz = mzi5mdq2njexoq = = & mid = 2247484937 & IDX = 1 & Sn = 2a0eed8c5855302951ee07a4e3ee2cae1 & chksm = ec1e3621db69bf37f538b683a7f382f386a12751ae681d5262bad66ec3f49dec0263dc9ca38 Rd

[web security] shadow broker September tools ාf! Mzwyjslq! Rnkf1ndr1lrqkztvqb5qa! 8jgbnc7s

[web security] windowless penetration test experiment

[malicious analysis] analyze a case of Telecom hijacking and downloading erotic app Action = show & id = 23453

[web security] build Android mobile penetration artifact based on termux (updated on July 22, 2017)

[operation and maintenance security] hunting Pastebin with pastehunter

[malicious analysis] using Python to detect DGA domain name

[malicious analysis] use sklearn to detect webshell

[web security] cmspoc: CMS penetration test framework

[web security] thinkerphp background remote arbitrary code execution vulnerability

[web security] Web Test Method tools ﹣ mon6ru2o1yg


[programming technology] Slate: beautiful static documentation for your API project documentation assistant

[other] how to trace attack tactics from log files?

[operation and maintenance security] talk about the experience and principle of port detection

[tool] malwareinfosec / ekfiddle: a framework to study exploit kits

[mobile security] record APK detection once /% E8% AE% B0% E4% B8% 80% E6% AC% a1apk% E6% A3% 80% E6% B5% 8B/

[mobile security] see how I build Android penetration test environment

[tool] jgamblin / nmaptable: Transform nmap scans to an d3.js HTML table

[vulnerability analysis] Remote Code Execution Vulnerability cve-2017-9805 struts 2.5 to 2.5.12 affected From = sec

[operation and maintenance security] overview of honeynet technology based on Sdn

[web security] XSS without dots

[device security] D-Link router information disclosure and remote command execution vulnerability analysis and global data analysis report

[web security] using alternate data streams to bypass user account controls

[programming technology] tspider: yet another web spider dynamic web crawler

[O & M security] passmaker: a password dictionary generator that can customize rules

[mobile security] analysis of Android startup process

[web security] using JavaScript frameworks to bypass XSS mitigations

[web security] race request validation bypass using request encoding

[web security] digital signature attack report: security crisis destroying the "credit system" of software identity

[vulnerability analysis] Pwned in translation from subtitles to rce s20; r1.pdf

[book] [book] deep learning with Python

[web security] Uber bug Bounty: Gaming access to an internal chat system

[web security] modern web application penetration testing, hash length extension attacks + web + application + penetration + testing + hash + length + extension + attacks / 22792/

[web security] detecting chrome headless 20detection/2017/08/05/detect-chrome-headless.html

[magazine] sec wiki weekly (183)

[web security] practice: see how I changed LFI into RFI

[malicious analysis] the past and present life of Kronos bank Trojan

[device security] firmware exploitation with Jeb Part 3: reversing the smartrg's sr505n

[device security] firmware deployment with Jeb part 2

[web security] expanding Python deserialization vulnerabilities Name = expanding Python deserialization vulnerabilities

[wireless security] can disabling Wi Fi prevent Android phones from sending wireless frames?

[web security] proof of concept JavaScript malware implemented as a proxy auto configuration

[Others] Windows10 subsystem Bash environment installation From=sec

[programming technology] a Yara rule generator for finding related samples and hunting

[web security] honeypot and intranet security from 0 to 1 (2)

[other] cloud security planning policy

[web security] URL spoofing with modern browser

[vulnerability analysis] shellcode execution code iptables - P input accept

[web security] ASP code audit From = sec

[web security] on PHP format string from WordPress sqli

[tool] Frida scripts: a collection of scripts reverse apps scripts/

[web security] fastjson debugging utilization record E8% B0% 83% E8% AF% 95% E5% 88% A9% E7% 94% A8% E8% AE% B0% E5% BD% 95/

[equipment safety] safety inspection report of networked production system (power industry)

[other] researchers find a way to disable Intel me components (country story version)

[other] beyond Domain Admins – domain controller & ad administration ා P = 3700

[malicious analysis] hunting adwindrat with SSL heuristics Page = blog & month = 2017-09 & post = hunting adwindrat with SSL heuristics

[other] who is Marcus Hutchins? Https://

[other] broadpwn: remote control of Android and IOS via bug in Broadcom's wi-fi

[O & M security] domainfrontinglists: examples of websites using different CDN services

[malicious analysis] malware source code database

[other] automated red team infrastructure deployment with terrain - Part 1 --- Part-1/

[device security] firmware deployment with Jeb part 2