Safety technology
[web security] new Web attack technology: an exploration of RPO attack http://mp.weixin.qq.com/s/p-ncfmnzfbtejbqr8inzsw
[other] art of killing free 1: the most comprehensive methods of killing free in history http://www.4hou.com/technology/3853.html
[web security] 1000php: 1000 PHP code audit cases (dark cloud open vulnerability before July 2016) https://github.com/xyntax/1000php
[document] cansecwest 2017 ppttps://www.slideshare.net/cansecwest
[web security] regorg + proxifier use https://xianzhi.aliyun.com/forum/read/843.html
[wireless security] getting started with hackrf -- GPS spoofing, GSM sniffing http://s1nh.org/post/hackrf-quick-start/
[web security] Weblogic SSRF + redis intranet intrusion http: / / ECMA. IO /? P = 607
[vulnerability analysis] angr doc zh CN: Chinese translation of angr doc (open source symbol execution framework) https://github.com/a7vinx/angr-doc-zh cn
[data mining] comprehensive evaluation of cyberspace search engine http://www.freebuf.com/sectool/129211.html
[document] ppt collection on the first issue of t00ls.net salon in 2017 https://github.com/t00lsnet/salon1
[competition] CTF resource base (including tools and related links) https://www.ctftools.com/down/
[web security] s2-045 real one click getshell hack horse - break through any restrictions http://pirogue.org/2017/03/09/s2-045% E7% 9C% 9F% E6% ad% A3% E4% B8% 80% E9% 94% aegetshell% E8% 8F% 9C% E5% 88% 80% E9% A9% AC -% E7% AA% 81% E7% A0% B4% E4% BB% E4% BD% 95% E9% 99% 90% E5% 88% B6/
A097bd6c46532cc6372668c916282b32c2d2b43c1a
[web security] MySQL manual injection http://www.jianshu.com/p/268ef198d191
[vulnerability analysis] yuange1975 DVE talks http://weibo.com/ttarticle/p/show? Id = 2309404085114761024814
[malicious analysis] information leakage, those "insiders" that CCTV didn't report, http://www.4hou.com/info/news/3808.html
[programming technology] hackmd: team multi person writing platform (markdown) https://github.com/hackmdio/hackmd
[web security] ms16-032: ms16-032 (cve-2016-0099) authorization tool https://github.com/zcgonvh/ms16-032
[vulnerability analysis] how to bypass the patch to keep spoofing the address bar with the malware warnin https://www.browenbrowser.com/bypass-the-patch-to-keep-spoofing-the-address-bar-with-the-malware-warning/
[web security] basic skills of penetration test from Isa game http://www.jianshu.com/p/a060ddcf798b
[tool] dvxte: docker container covering multiple vulnerability drills http://www.motif.com/98368.html
[other] technical dry goods green software tutorial http://weibo.com/ttarticle/p/show? Id = 2309404085979387458840
[web security] opensns latest version of foreground getshellhttps://xianzhi.aliyun.com/forum/read/814.html
[malicious analysis] powerfuzzer – automated customized web fuzzer http://www.darknet.org.uk/2017/03/powerfuzzer-automated-customized-web-fuzzer/
[other] security navigation http://thief.one/secweb/index.html
[malicious analysis] case analysis of exploiting server vulnerabilities to mine and produce illegal products http://www.freebuf.com/articles/system/129459.html
[web security] how I found a $5000 Google Maps XSS (by padding with protobuf) https://medium.com/ @ marin_m / how-i-found-a-5-000-google-maps-xss-by-padding-with-protobuf-963ee0d9caffා. Use7nnfwq
[tools] PowerShell obfuscatorhttps://github.com/danielbohannon/invoke-obfuscation
[web security] design and practice of a simple distributed web scanner http://avfisher.win/archives/676
[malicious analysis] petrwrap: the new Petya based ransomware used in targeted attacks http://securelist.com/blog/research/77762/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks/
Srcid = 0312vcvikaep5ngx3igsu1gb & key = 04b8921
[tools] windows x86 - Hide console window shellcodehttps://www.exploit-db.com/exploits/41581/
[programming technology] search engine search: http://thief.one/2017/03/17/% E7% 88% AC% E6% 90% 9C% E7% B4% A2% E5% BC% 95% E6% 93% 8e% E4% B9% 8b% E5% AF% BB% E4% BD% A0% E5% 8D% 83% E7% 99% be% E5% Ba% A6/
[web security] unauthorized access vulnerability of docker remote API https://lightless.me/archives/docker-remote-api-vulnerability.html
[forensics analysis] please check https://mp.weixin.qq.com/s? Biz = mzi4mja1mzkyna = = & mid = 2655295037 & IDX = 1 & Sn = a237e5d69d3d642c699f76ea5d31c3e7 & scene = 0? Wechat? Redirect
[web security] GitHub Enterprise Remote Code Execution Vulnerability details analysis http://execute.de/blog/2017-03-15-github-enterprise-remote-code-execution.html
[web security] an expand for Apache struts cve-2017-5638https://github.com/mazen160/struts-pwn
[operation and maintenance security] in my eyes, information security awareness education system https://www.sec-un.org/% E6% 88% 91% E7% 9C% BC% E4% B8% ad% E7% 9A% 84% E4% BF% A1% E6% 81% AF% E5% AE% 89% E5% 85% A8% E6% 84% 8F% E8% AF% 86% E6% 95% 99% E8% 82% B2% E4% BD% 93% E7% B3% BB/
[web security] struts 2 s2-045 vulnerability situation analysis report http://plcscan.org/blog/2017/03/struts 2-s2-045-risk-awareness-report-from-beaconlab/
[programming technology] network card receiving process http://mp.weixin.qq.com/s/uhf2kcasoihtikxpfopiww
[web security] penetration ﹣ testing ﹣ guidance https://www.pcisecuritystandards.org/documents/penetration ﹣ testing ﹣ guidance ﹣ March ﹣ 2015.pdf
[operation and maintenance security] osquery for security - Part 2 [hang SS] https://medium.com/ @ cloud / osquery-for-security-part-2-2e03de4d3721ා. Ubq0ezhxe
[mobile security] fuzzy test of stagefright on linux using AFL http://ele7enxxh.com/use-afl-for-stagefright-fuzzy-on-linux.html
[web security] roundcube message body storage XSS (cve-2017-6820) http://paper.seebug.org/249/
[malicious analysis] ransomware overview the most comprehensive statistical analysis of ransomware http://www.nyxbone.com/malware/ransomwareoverview.html
[web security] exploit struts 02-045 vulnerability to quickly penetrate a server in South Korea http://simeon.blog.51cto.com/18680/1905542
[web security] crawler: https://sec.xiaomi.com/article/25
[operation and maintenance security] host level asset management and analysis of enterprise security construction http://www.freebuf.com/articles/security-management/127851.html
[web security] brutexss is a tool written in Python simply to find XSS vulnerabilities in Web ahttps://github.com/rajeshmajumdar/brutexss
[competition] njctf2017-writeup-nu1lhttps://www.xctf.org.cn/information/a8ba35ec960b26f17c467a28e89a4a3fae7e48ec/
[web security] blind xxE: a basis for a blind based xxE expansion frameworkhttps://github.com/ptonewreckin/blind-xxe
[tools] talking about the practice of pysipider web crawler https://www.figotan.org/2016/08/10/pyspider-as-a-web-crawler-system/
[web security] use PowerShell and ceye.io to return the Windows account password http://www.freebuf.com/articles/system/129068.html
[vulnerability analysis] research and example analysis of ROP technology in binary vulnerability exploitation https://xianzhi.aliyun.com/forum/read/840.html
[web security] automatic remote / Local File Inclusion Vulnerability Analysis and expand toolhttps://github.com/hack-hut/crabstick
[other] people counting and occupancy monitoring using WiFi probe requests and unmanaged http://digitalcommons.fiu.edu/cgi/viewcontent.cgi? Article = 3649 & context = ETD
[web security] the road to your codebase is paid with forged assertionshttp://www.economyofmechanism.com/github-saml
[web security] MySQL uses UDF to execute commands and encounters a pit http: / / ECMA. IO /? P = 615
[other] reverse engineering analysis of Samsung s6bootloader http://www.4hou.com/technology/3786.html
[web security] WAF bypasses for Apache struts exploithttp://garage4hackers.com/showthread.php? T = 7006 & P = 14924
[web security] Linux non interactive weight lifting http://ecma.io/? P = 611
[mobile security] on Android hook technology https://xianzhi.aliyun.com/forum/read/833.html
[magazine] sec wiki weekly (issue 158) https://www.sec-wiki.com/weekly/158
[operation and maintenance security] osquery for security - Part 1 [hang SS] https://medium.com / @ cloud / osquery-for-security-b66fffdf2dafා. P0dpz5zag
[tools] the best hacking toolshttps://n0where.net/best-hacking-tools/
[malicious analysis] taosecurity: the origin of thread hunting https://taosecurity.blogspot.com/2017/03/the-origin-of-thread-hunting.html
[mobile security] targeting Android for OTA exploitation https://www.contextis.com/resources/blog/targeting-android-ota-exploitation/
[vulnerability analysis] several vulnerable scenarios of Hadoop cluster http://www.4hou.com/technology/3787.html
[vulnerability analysis] remote code execution (RCE) attacks on Apache struts://www.imperva.com/blog/2017/01/remote-code-execution-rce-attacks-apache-struts/
[web security] 0-day or feature? Privilege escalation / session hijacking all windows versionshttp://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html
[web security] talks about how to bypass the WAF (Web Application Firewall) https://xianzhi.aliyun.com/forum/read/819.html
[device security] securing the Internet of things - Developer's guidance https://www.peerlyst.com/posts/securing-the-internet-of-things-developer-s-guidance-michael-ball
[other] recovering BitLocker keys on Windows 8.1 and 10https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/
[web security] using the elk stack and python in penetration testing workflowttps://qbox.io/blog/elk-penetration-testing-workflow-elasticsearch-python
[device security] the security impact of ICS / SCADA Virtualization: Survey and future trends https://mp.weixin.qq.com/s? 583; biz = mza5otmwmzy1nq = = & mid = 2647833924 & IDX = 1 & Sn = 87b320f25fc4473143805966588e0cee & scene = 0 ɇ wechat ɇ redirect
[vulnerability analysis] Research on the utilization of formatted strings in Linux system http://0x48.pw/2017/03/13/0x2c/
[web security] stored XSS in WordPress corehttp://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
[document] the Linux kernel module programming guide http://www.tldp.org/ldp/lkmpg/2.6/html/index.html
[web security] an introduction to penetration testing node.js applicationshttp://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/