secwiki weekly (issue 200)

Posted by millikan at 2020-02-27

Safety technology

[web security] what I know about intranet penetration -- a summary of Intranet penetration knowledge

[web security] code audit tool Cobra source code analysis (I)

[web security] redis is not authorized to access the remote implantable mining script (attack part)

[web security] right of rotten potato

[data mining] pydata Notebook: using Python for data analysis Second Edition (2017) Chinese translation notes

[vulnerability analysis] echo (foreground SQL injection)

[web security] intranet port forwarding for web dog

[malicious analysis] flashguard: use the hardware characteristics of solid-state storage to resist extortion software

[web security] common remote command execution methods:

[vulnerability analysis] a digital company's VMP shelling brief

[vulnerability analysis] Yahoo! Rce via spring engine ssti

[vulnerability analysis] 34c3 CTF part PWN writeup

[data mining] how to get started with AI security (I)

[web security] bypassav with reflectivepeinjection with reflectivepeinjection.html

[document] Internet of things intelligent terminal information security white paper

[Others] summary of 2017's articles on Xin'an Road

[wireless security] wireless route vulnerability: wireless route vulnerability and utilization code

[web security] Luna: open source lightweight passive scanning framework

[web security] cobalt strike practical skills persistent permission control posture

[data mining] passgan: a deep learning approach for password guessing

[mobile security] Android reinforcement vendor features

[O & M security] x-crack: weak password scanner for common services

[malicious analysis] black industry big data: current situation of traffic fraud grey industry

[data mining] folnltk: the most appropriate open source Chinese word segmentation

[malicious analysis] alerting and detection strategy framework – Palantir @ Palantir / alerting and detection strategy framework-52dc33722df2

[mobile security] Apple platform vulnerability statistics report in 2017

[data mining] kaggle machine learning practice summary rmhbfvtspk-7rizqw

[malicious analysis] fireeye's analysis of harmertoss, a Russian network threat organization

[data mining] another masterpiece of Stanford after open source dawn, spark and mesos

[web security] urbanadventurer: the user name generation tool in penetration

[vulnerability analysis] how to use web vulnerability to steal NTLM hash

[data mining] how to get started with AI security (middle)

[vulnerability analysis] xxE vulnerability of. Net application in IIS exploits

[wireless security] WiFi killer

[vulnerability analysis] the 101 of ELF binaries on Linux: understanding and analysisttps://

[data mining] AI security exploration: using deep learning to detect DNS hidden channel

[web security] use domain delegation to obtain domain management authority

[malicious analysis] spy vs. Spy: a modern study of microphone bugs operation and detection ﹣ vs ﹣ spy ﹣ a ﹣ modern study ﹣ of ﹣ microphone ﹣ bugs ﹣ operation ﹣ and ﹣ detection

[malicious analysis] 2017 exploitkit landscape map Page? Id = 320

[web security] tips for breaking through the closed web system:

[other] fancy play with ssrf of hackertarget

[web security] [translation] 2018 north of PHP application security design

[vulnerability analysis] Huawei hg532 Series Router remote command execution vulnerability analysis

[operation and maintenance security] 2017 enterprise security threat unified response guide

[device security] industrial control patch management

[operation and maintenance security] web security protection system architecture based on openresty +:

[magazine] sec wiki weekly (issue 199)

[malicious analysis] hex men in-depth analysis, "made in China" database attack activity

[O & M security] attacker's intelligence: what we have to say

[competition] UAF example - a question of rhme3 CTF ﹣ iweusrmpdkqg

[malicious analysis] browser based cryptocurrency mining makes unexpected return from the dead

[web security] whitewide: SQL vulnerability scanner

[programming technology] webglobe: lightweight Google Earth 3D map engine based on HTML5 native webgl

[web security] hacking wildfly

[document] botconf 2017 talks pdf

[operation and maintenance security] introduction and use guide of Detection Lab (terminal security and logging tool):

[web security] converting Metasploit module to stand alone HTTPS: / / netsec. WS /? P = 262 & from = timeline

[malicious analysis] CVE 2017-0199 new posture for vulnerability exploitation From = timeline ා 10006-weixin-1-52626-6b3bffd01fdde4900130bc5a2751b6d1

[operation and maintenance security] Trend Micro: review of 2017 data leakage event

[vulnerability analysis] reverse engineering using radare2 - Part 1 @ jacob16682 / reverse engineering using radare2-588775ea38d5

[vulnerability analysis] reverse engineering with radare2 - Part 2 @ jacob16682 / reverse engineering with radare2-part-2-83b71df7ffe4

[tool] cobalt strike experience

[malicious analysis] 2017 annual security report – – office E5% B9% B4% E5% Ba% A6% E5% AE% 89% E5% 85% A8% E6% 8A% a5% E5% 91% 8A -- office.pdf

[malicious analysis] another normal day in Cybercrime: from a random Loki sample to 550 C & chtps://

[malicious analysis] academic research: a survey of email attacks

[operation and maintenance security] code signing certificate closing attacks and defenses

[malicious analysis] DFIR and thread Hunting: hunting with elk