focus on web and mobile security [red sun security phase 16]

Posted by punzalan at 2020-02-27

Penetration test, web security dynamic 2017 / 7 / 9-2017 / 7 / 16

-Security article - Security Vulnerability - Mobile Security - code audit

Security dynamic security skill resource and tool sharing

Weekly trends

[security UK] the cybersecurity eco summit has begun to sign up!

[security] wechat Office released the full text of regulations on security protection of key information infrastructure (Draft for comments)

[security_week] mobile app should pay more attention to network security, and also timely carry out the work of equal protection

[security] it is necessary to introduce the rules of cyber war if the big country has already launched cyber war secretly!

[security UK] MSRC Security Research - Summary of speech materials of Microsoft MSRC team in recent years

On the defense of blackmail software

[security] R basic language introduction

[security] Python web framework introduction

[security_week] information security vulnerability weekly (issue 27, 2017)

[security UK week] second issue of 2017 Quarterly

[security_week] security alert: VMware virtual machine escape tools have been widely used on the Internet. Users please update as soon as possible

The path of an architect: the knowledge and skills an architect needs to master

[security UK] checklist for developing secure APIs

Skill display

[security technology] windows platform runs masscan and nmap

[security technology] splash SSRF to get root permission of intranet server

[security technology] Splunk learning and Practice (audit tool)

[security technology] memcached - a story of failed patching and fragile servers

[security technology] vulnerability analysis of web application using burp scanner

[Security_technology]  Inject All the Things

[security technology] Apache structs2 s2-048 vulnerability dynamic analysis

[security technology] some fatal knowledge about PHP code security

[security technology] more than 10 power enterprises in the US have been attacked by template injection

[security technology] [translation] JSON hijacking in modern web

[security technology] [translation] new SQL injection tutorial (Part 2)

[security technology] can be used in practice: Jenkins (cve-2017-1000353) deserialization Command Execution Vulnerability verification

[security technology] dry goods from shallow model to deep model: overview of machine learning optimization algorithm

[security technology] using createrestrictedtoken API bypass AppLocker

[security technology] Cisco Talos team's analysis of using word template injection to attack infrastructure

There are many RCE vulnerabilities in [Security technology] Poppler PDF, which can fully control the user 's computer

[security technology] attack method of getting domain administrator's permission in Active Directory

[security technology] how to use common port forwarding tools (2)

[security technology] about IP, here is everything you want to know! (middle length)

[security technology] share penetration tools used under Android (Introduction)

[security technology] Linux Security - iptables (7)

[security technology] Struts2 s2-048 high risk vulnerability recurrence! A comparative analysis on the utilization of attack load of several vulnerabilities

[security technology] password cracking

Industry tools

[security] tools] reverseapk - quick reverse analysis of bash scripts for Android Applications

[security? Tools] xsstrike - a tool for fuzz XSS vulnerabilities that can automatically discover and bypass common WAFS

[Security_tools] Android_Kernel_CVE_POCs CVE-2017-8260 CVE-2017-0705 CVE-2017-8259

[security] tools] canape.core - cross platform network protocol test library

[security] tools] salt Scanner - Linux vulnerability scanner based on salt open and vulners audit API

Deep understanding of Android hotfix Technology

[security] tools] w8scan: a scanner imitating bugscan

[security] tools] slackshell - Implementation of C & C command control of PowerShell version based on slack API

[security? Tools] winpayloads - a killing free windows payloads generator based on Python 2.7

[security_tools] object - a Frida based IOS app runtime detection tool exposed by SensePost, which can inject object execution code into app

Directory scanning tool

[security? Tools] T50 - fastest hybrid package injector tool

[security? Tools] burp vulners Scanner - vulnerability scanner

Forum security articles

Penetration test

Security video