IMCAFS

Home

wilson in middle two

Posted by lipsius at 2020-02-27
all

ossec log-analysis

Recently, Kafka was used in the malicious command of host security monitoring. It was found that this is a magic weapon for distributed processing of big data logs.

-Read the rest-

SQL map time-based injection analysis

1. Preface

The previous meeting shared SQL injection detection methods, so @ chengable asked me how to detect SQL injection? I said that it is better to do security and SQL injection detection in Party A. 1) Error injection detection. 2) Don't inject bool, it has a high false alarm. 3) Do time-based time injection, contact operation and maintenance to do slow log DB record, monitor sleep, benchmark keyword monitoring, you can add the scanning task ID number to the time decimal point of sleep to facilitate location (PS, this method can find 99% SQL injection).

-Read the rest-

CentOS compiles chrome on a journey

1. Preface

After reading the article of http://blog.fatezero.org/2018/03/05/web-scanner-crawler-01/this bull, we found that there are still gods and men modifying chrome code to solve the pop-up problem of chrome headless.. I have to admire more than 8g code that people can find the code location, modify and optimize.

The forefathers planted trees, and the posterity decided to change the code and compile by themselves. They didn't want to compile chrome so badly. MMP, it seems that I stepped on the pit, and I stepped on the one that can't..

-Read the rest-

Static XSS detection

(1) foreword

What is static XSS detection? Static XSS detection is different from WebKit based XSS detection. The detection of output point is used to determine whether XSS vulnerability exists. So it's better to use WebKit (http://blog.wilson.cn/archives/18/) to check XSS vulnerability. Why do we add static XSS detection?? I think it's because sometimes XSS detection based on WebKit may not be able to check:

-Read the rest-

A simple analysis of awvs

(1) foreword

Recently, some simple researches on awvs have been carried out, and it is well known that awvs is a very easy-to-use scanner. The powerful climbing and scanning ability makes many people like him very much, but if it is powerful, it also has its disadvantages. First, it is huge in size and takes too long to scan; second, it can't cross platform and can only be used by windows. However, these shortcomings don't seem to have any effect on the Niubi scanner, which is still popular among many people. However, the core of the scanner is still rules. We can focus on the analysis of awvs scanning rules.

-Read the rest-