Safety technology

[web security] what I know about intranet penetration -- a summary of Intranet penetration knowledge https://www.anquanke.com/post/id/92646

[web security] code audit tool Cobra source code analysis (I) https://zhanglan.zhihu.com/p/32363880

[web security] redis is not authorized to access the remote implantable mining script (attack part) http://mp.weixin.qq.com/s/j-qhpuevpnsm2hvdnupsa

[web security] right of rotten potato https://decoder.cloud/2017/12/23/the-lonely-potato/

[data mining] pydata Notebook: using Python for data analysis Second Edition (2017) Chinese translation notes https://github.com/bramblexu/pydata-notebook

[vulnerability analysis] echo (foreground SQL injection) http://www.91ri.org/17384.html

[web security] intranet port forwarding for web dog https://xianzhi.aliyun.com/forum/topic/1862/

[malicious analysis] flashguard: use the hardware characteristics of solid-state storage to resist extortion software https://mp.weixin.qq.com/s/qt2d1wqptk2iym_d3ufbgg

[web security] common remote command execution methods: http://mp.weixin.qq.com/s/cj2vtncor94lhqjq72rfxg

[vulnerability analysis] a digital company's VMP shelling brief https://bbs.pediy.com/thread-223528.htm

[vulnerability analysis] Yahoo! Rce via spring engine sstihttps://hawkingsecurity.com/2017/12/13/rce-via-spring-engine-ssti/

[vulnerability analysis] 34c3 CTF part PWN writeuphttp://repwn.com/archives/32/

[data mining] how to get started with AI security (I) http://www.freebuf.com/column/158250.html

[web security] bypassav with reflectivepeinjection https://evi1cg.me/archives/bypassav with reflectivepeinjection.html

[document] Internet of things intelligent terminal information security white paper https://www.bangle.com/upload/file/20171226/15142853696882.pdf

[Others] summary of 2017's articles on Xin'an Road http://mp.weixin.qq.com/s/hrgpz5h2qaxbme6jamrtya

[wireless security] wireless route vulnerability: wireless route vulnerability and utilization code https://github.com/coincoin7/wireless-route-vulnerability

[web security] Luna: open source lightweight passive scanning framework https://github.com/toyakula/luna

[web security] cobalt strike practical skills persistent permission control posture http://www.freebuf.com/sectool/157952.html

[data mining] passgan: a deep learning approach for password guessinghttps://github.com/brannondorsey/passgan

[mobile security] Android reinforcement vendor features https://bbs.pediy.com/thread-223248.htm

[O & M security] x-crack: weak password scanner for common services https://github.com/netxfly/x-crack

[malicious analysis] black industry big data: current situation of traffic fraud grey industry https://zhanglan.zhihu.com/p/32328491

[data mining] folnltk: the most appropriate open source Chinese word segmentation https://github.com/rockyzhengwu/folnltk

[malicious analysis] alerting and detection strategy framework – Palantir https://medium.com/ @ Palantir / alerting and detection strategy framework-52dc33722df2

[mobile security] Apple platform vulnerability statistics report in 2017 https://www.anquanke.com/post/id/92781

[data mining] kaggle machine learning practice summary https://mp.weixin.qq.com/s/vfr rmhbfvtspk-7rizqw

[malicious analysis] fireeye's analysis of harmertoss, a Russian network threat organization https://www2.fireeye.com/rs/848-did-242/images/rpt-apt29-hammertoss.pdf

[data mining] another masterpiece of Stanford after open source dawn, spark and mesos https://mp.weixin.qq.com/s/r951iasr4dke6mphsuo0ta

[web security] urbanadventurer: the user name generation tool in penetration https://github.com/urbanadventurer/username-analysis

[vulnerability analysis] how to use web vulnerability to steal NTLM hash http://www.4hou.com/system/9383.html

[data mining] how to get started with AI security (middle) https://mp.weixin.qq.com/s/d2nv8d0mblhqqxcqrwu7zq

[vulnerability analysis] xxE vulnerability of. Net application in IIS exploits http://www.4hou.com/technology/9241.html

[wireless security] WiFi killer http://mp.weixin.qq.com/s/qlebzdffjqp_ywmpdrvlg

[vulnerability analysis] the 101 of ELF binaries on Linux: understanding and analysisttps://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/

[data mining] AI security exploration: using deep learning to detect DNS hidden channel http://www.freebuf.com/articles/network/158163.html

[web security] use domain delegation to obtain domain management authority https://www.anquanke.com/post/id/92484

[malicious analysis] spy vs. Spy: a modern study of microphone bugs operation and detectionhttps://media.ccc.de/v/34c3-8735-spy ﹣ vs ﹣ spy ﹣ a ﹣ modern study ﹣ of ﹣ microphone ﹣ bugs ﹣ operation ﹣ and ﹣ detection

[malicious analysis] 2017 exploitkit landscape maphttp://executemalware.com/? Page? Id = 320

[web security] tips for breaking through the closed web system: http://mp.weixin.qq.com/s/m7zviuizj21m9n2i8hs5bw

[other] fancy play with ssrfhttp://www.4hou.com/vulnerable/9496.html of hackertarget

[web security] [translation] 2018 north of PHP application security design https://laravel-china.org/articles/7235/2018-php-application-security-design

[vulnerability analysis] Huawei hg532 Series Router remote command execution vulnerability analysis https://paper.seebug.org/490/

[operation and maintenance security] 2017 enterprise security threat unified response guide http://image.3001.net/uploads/pdf/a82b830fbd140ac7a2348e1a8c595113.pdf

[device security] industrial control patch management http://plcscan.org/blog/2017/12/patch-management-of-industrial-control-system/

[operation and maintenance security] web security protection system architecture based on openresty +: http://www.freebuf.com/column/158707.html

[magazine] sec wiki weekly (issue 199) https://www.sec-wiki.com/weekly/199

[malicious analysis] hex men in-depth analysis, "made in China" database attack activity http://www.4hou.com/technology/9441.html

[O & M security] attacker's intelligence: what we have to say https://mp.weixin.qq.com/s/sjvi6vud-b7tnc6ef7kgdw

[competition] UAF example - a question of rhme3 CTF http://mp.weixin.qq.com/s/lck6na2cg ﹣ iweusrmpdkqg

[malicious analysis] browser based cryptocurrency mining makes unexpected return from the dead https://www.symantec.com/blogs/thread-intelligence/browser-mining-cryptocurrency

[web security] whitewide: SQL vulnerability scannerhttps://github.com/whitewidescanner/whitewide

[programming technology] webglobe: lightweight Google Earth 3D map engine based on HTML5 native webgl https://github.com/ispring/webglobe

[web security] hacking wildfly http://www.polaris-lab.com/index.php/archives/407/

[document] botconf 2017 talks pdfhttps://www.botconf.eu/botconf-2017/program/botconf-2017-talks/

[operation and maintenance security] introduction and use guide of Detection Lab (terminal security and logging tool): http://www.freebuf.com/sectool/157288.html

[web security] converting Metasploit module to stand alone HTTPS: / / netsec. WS /? P = 262 & from = timeline

[malicious analysis] CVE 2017-0199 new posture for vulnerability exploitation http://www.freebuf.com/vuls/158142.html? From = timeline ා 10006-weixin-1-52626-6b3bffd01fdde4900130bc5a2751b6d1

[operation and maintenance security] Trend Micro: review of 2017 data leakage event https://www.trendmicro.com/vinfo/us/security/news/cyberscrime-and-digital-threads/year-in-review-unable-data-breaches-for-2017

[vulnerability analysis] reverse engineering using radare2 - Part 1https://medium.com/ @ jacob16682 / reverse engineering using radare2-588775ea38d5

[vulnerability analysis] reverse engineering with radare2 - Part 2http://medium.com/ @ jacob16682 / reverse engineering with radare2-part-2-83b71df7ffe4

[tool] cobalt strike experience http://mp.weixin.qq.com/s/8rz_08vwxjd7jwdxycfa

[malicious analysis] 2017 annual security report – – officehttps://cert.360.cn/static/files/2017% E5% B9% B4% E5% Ba% A6% E5% AE% 89% E5% 85% A8% E6% 8A% a5% E5% 91% 8A -- office.pdf

[malicious analysis] another normal day in Cybercrime: from a random Loki sample to 550 C & chtps://benkowlab.blogspot.jp/2017/12/other-normal-day-in-cybercrime-from.html

[malicious analysis] academic research: a survey of email attacks https://f5.com/labs/articles/thread-intelligence/cell-security/academic-research-a-survey-of-email-attacks

[operation and maintenance security] code signing certificate closing attacks and defenses https://posts.specifications.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

[malicious analysis] DFIR and thread Hunting: hunting with elkhttp://findingbad.blogspot.jp/2017/12/hunting-with-elk.html