secwiki weekly (159)

Posted by deaguero at 2020-03-02

Safety technology

[web security] new Web attack technology: an exploration of RPO attack

[other] art of killing free 1: the most comprehensive methods of killing free in history

[web security] 1000php: 1000 PHP code audit cases (dark cloud open vulnerability before July 2016)

[document] cansecwest 2017 ppttps://

[web security] regorg + proxifier use

[wireless security] getting started with hackrf -- GPS spoofing, GSM sniffing

[web security] Weblogic SSRF + redis intranet intrusion http: / / ECMA. IO /? P = 607

[vulnerability analysis] angr doc zh CN: Chinese translation of angr doc (open source symbol execution framework) cn

[data mining] comprehensive evaluation of cyberspace search engine

[document] ppt collection on the first issue of salon in 2017

[competition] CTF resource base (including tools and related links)

[web security] s2-045 real one click getshell hack horse - break through any restrictions E7% 9C% 9F% E6% ad% A3% E4% B8% 80% E9% 94% aegetshell% E8% 8F% 9C% E5% 88% 80% E9% A9% AC -% E7% AA% 81% E7% A0% B4% E4% BB% E4% BD% 95% E9% 99% 90% E5% 88% B6/


[web security] MySQL manual injection

[vulnerability analysis] yuange1975 DVE talks Id = 2309404085114761024814

[malicious analysis] information leakage, those "insiders" that CCTV didn't report,

[programming technology] hackmd: team multi person writing platform (markdown)

[web security] ms16-032: ms16-032 (cve-2016-0099) authorization tool

[vulnerability analysis] how to bypass the patch to keep spoofing the address bar with the malware warnin

[web security] basic skills of penetration test from Isa game

[tool] dvxte: docker container covering multiple vulnerability drills

[other] technical dry goods green software tutorial Id = 2309404085979387458840

[web security] opensns latest version of foreground getshell

[malicious analysis] powerfuzzer – automated customized web fuzzer

[other] security navigation

[malicious analysis] case analysis of exploiting server vulnerabilities to mine and produce illegal products

[web security] how I found a $5000 Google Maps XSS (by padding with protobuf) @ marin_m / how-i-found-a-5-000-google-maps-xss-by-padding-with-protobuf-963ee0d9caffා. Use7nnfwq

[tools] PowerShell obfuscator

[web security] design and practice of a simple distributed web scanner

[malicious analysis] petrwrap: the new Petya based ransomware used in targeted attacks

Srcid = 0312vcvikaep5ngx3igsu1gb & key = 04b8921

[tools] windows x86 - Hide console window shellcode

[programming technology] search engine search: E7% 88% AC% E6% 90% 9C% E7% B4% A2% E5% BC% 95% E6% 93% 8e% E4% B9% 8b% E5% AF% BB% E4% BD% A0% E5% 8D% 83% E7% 99% be% E5% Ba% A6/

[web security] unauthorized access vulnerability of docker remote API

[forensics analysis] please check Biz = mzi4mja1mzkyna = = & mid = 2655295037 & IDX = 1 & Sn = a237e5d69d3d642c699f76ea5d31c3e7 & scene = 0? Wechat? Redirect

[web security] GitHub Enterprise Remote Code Execution Vulnerability details analysis

[web security] an expand for Apache struts cve-2017-5638

[operation and maintenance security] in my eyes, information security awareness education system E6% 88% 91% E7% 9C% BC% E4% B8% ad% E7% 9A% 84% E4% BF% A1% E6% 81% AF% E5% AE% 89% E5% 85% A8% E6% 84% 8F% E8% AF% 86% E6% 95% 99% E8% 82% B2% E4% BD% 93% E7% B3% BB/

[web security] struts 2 s2-045 vulnerability situation analysis report 2-s2-045-risk-awareness-report-from-beaconlab/

[programming technology] network card receiving process

[web security] penetration ﹣ testing ﹣ guidance ﹣ testing ﹣ guidance ﹣ March ﹣ 2015.pdf

[operation and maintenance security] osquery for security - Part 2 [hang SS] @ cloud / osquery-for-security-part-2-2e03de4d3721ා. Ubq0ezhxe

[mobile security] fuzzy test of stagefright on linux using AFL

[web security] roundcube message body storage XSS (cve-2017-6820)

[malicious analysis] ransomware overview the most comprehensive statistical analysis of ransomware

[web security] exploit struts 02-045 vulnerability to quickly penetrate a server in South Korea

[web security] crawler:

[operation and maintenance security] host level asset management and analysis of enterprise security construction

[web security] brutexss is a tool written in Python simply to find XSS vulnerabilities in Web a

[competition] njctf2017-writeup-nu1l

[web security] blind xxE: a basis for a blind based xxE expansion framework

[tools] talking about the practice of pysipider web crawler

[web security] use PowerShell and to return the Windows account password

[vulnerability analysis] research and example analysis of ROP technology in binary vulnerability exploitation

[web security] automatic remote / Local File Inclusion Vulnerability Analysis and expand tool

[other] people counting and occupancy monitoring using WiFi probe requests and unmanaged Article = 3649 & context = ETD

[web security] the road to your codebase is paid with forged assertions

[web security] MySQL uses UDF to execute commands and encounters a pit http: / / ECMA. IO /? P = 615

[other] reverse engineering analysis of Samsung s6bootloader

[web security] WAF bypasses for Apache struts exploit T = 7006 & P = 14924

[web security] Linux non interactive weight lifting P = 611

[mobile security] on Android hook technology

[magazine] sec wiki weekly (issue 158)

[operation and maintenance security] osquery for security -   Part 1 [hang SS] / @ cloud / osquery-for-security-b66fffdf2dafා. P0dpz5zag

[tools] the best hacking tools

[malicious analysis] taosecurity: the origin of thread hunting

[mobile security] targeting Android for OTA exploitation

[vulnerability analysis] several vulnerable scenarios of Hadoop cluster

[vulnerability analysis] remote code execution (RCE) attacks on Apache struts://

[web security] 0-day or feature? Privilege escalation / session hijacking all windows versions

[web security] talks about how to bypass the WAF (Web Application Firewall)

[device security] securing the Internet of things - Developer's guidance

[other] recovering BitLocker keys on Windows 8.1 and 10

[web security] using the elk stack and python in penetration testing workflowttps://

[device security] the security impact of ICS / SCADA Virtualization: Survey and future trends 583; biz = mza5otmwmzy1nq = = & mid = 2647833924 & IDX = 1 & Sn = 87b320f25fc4473143805966588e0cee & scene = 0 ɇ wechat ɇ redirect

[vulnerability analysis] Research on the utilization of formatted strings in Linux system

[web security] stored XSS in WordPress core

[document] the Linux kernel module programming guide

[web security] an introduction to penetration testing node.js applications