secwiki weekly (issue 143)

Posted by barello at 2020-03-05

Safety technology

[web security] kali-linux-2016.2 (rolling) update source

[data mining] kcws: deep learning of Chinese word segmentation (word embedding + bi LSTM + CRF)

[operation and maintenance security] openwaf: openwaf is a web application protection system (WAF) based on openresty

[programming technology] BlindWaterMark: blind watermark realized by Python programming

Re = 1 & scene = 1 & srcid = 1122kxr8gxnoyfner1vxj7kq × wechat × REDIR

[meeting] SIGKDD 2016 tutorial: Leveraging promotion for data mining: models, algorithms ~ badityap / talks / 16 KDD tutorial/

[document] wonderful sharing of SFDC Beijing security conference

[tool] mimikatz 2.1 20161126 published

[web security] the latest direct webshell 0day vulnerability mining record of winmail

= 0 × Rd


[web security] my way of wafbypass (SQL injection)'size/wafbypass'sql.pdf

[tool] Kaitai web ide: online analysis of multiple file formats

[vulnerability analysis] nginx privilege escalation vulnerability (cve-2016-1247) analysis E6% 9D% 83% E9% 99% 90% E6% 8F% 90% E5% 8D% 87% E6% BC% 8F% E6% B4% 9ecve-2016-1247 -% E5% 88% 86% E6% 9E% 90/

[operation and maintenance security] compare three scanning tools: nmap, zmap and masscan P = 1328

[web security] a $7500 chrome uxss (cve-2016-1631) analysis and utilization

[operation and maintenance security] nginx configuration brief

[other] technical teardown: apply & always in. HWP files

[web security] mining PHP disable function bypass utilization posture E6% 8C% 96% E6% 8e% 98php% E7% A6% 81% E7% 94% A8% E5% 87% BD% E6% 95% B0% E7% BB% 95% E8% BF% 87% E5% 88% A9% E7% 94% A8% E5% A7% BF% E5% 8A% BF/

[tool] deep pwning: Metasploit for machine learning.

[malicious analysis] it's parental: keyboy and the targeting of the Tibetan community

[vulnerability analysis] ZigBee security and IOT device vulnerability utilization

[malicious analysis] four ways for hackers to invade ATM:

[malicious analysis] analyze and summarize the encryption algorithms of common ransomware

[malicious analysis] security evolution theory of security (two): to say situation awareness (

[web security] brut3k1t - server side brute force module (SSH, FTP, SMTP, Facebook)

[other] transmit IP data via QR code

[web security] bscanner: another Lightweight Directory scanner

Scene = 0 × Rd

[web security] httpscan: a crawler web host discovery tool

[vulnerability analysis] use docker image / container to analyze known vulnerabilities

Vzbsdpkdhymqz4tz × Rd

[mobile security] mobsf: automated mobile security testing framework

[malicious analysis] awesome IOCS: a good IOC tool and data publishing site

[wireless security] Zuckerberg is right. It's easier to turn off the headphones. Https://

[web security] Java deserialization cheat sheet

[web security] feigon: MySQL injection script for various situations:

[web security] using of protocols to load local files, bypass the HTML5 sandbox

[device security] crack a wireless intelligent socket

[web security] hacking aria2 RPC daemon 20aria2% 20rpc% 20daemon? = 1479792710287

[web security] novice guide: SQL injection of dvwa-1.9 full level tutorial

[device security] raspberry app: wireless scanner

[web security] Eagle: eagle is a web application attack and audit framework

[other] inpage Zero Day expand used to attack financial institutions in Asia

[web security] comparison of prices and scanning functions of major web scanners

[tool] AWS \ PWN: a collection of AWS penetration testing junk \ PWN

[tool] the damn vulnerable router firmware project

[web security] on Web front-end botnet P = 1364

[web security] [zero knowledge proof] using database table lookup bottleneck to resist password cracking

[programming technology] Python multiprocessing

[web security] the genesis of an XSS worm – part iii

[web security] a target specific wordlist generating tool for social engineers and security res

[malicious analysis] webmalwarescanner - a simple malware scanner

[device security] construct a multi port man in the middle network tap

[magazine] sec wiki weekly (issue 142)

[device security] brutal -- a tool for quickly generating multiple attack codes of HID devices

[web security] neet - Network enumeration and utilization tool

[operation and maintenance security] building a whitelist of network domains

[operation and maintenance security] monitoring 'DNS' inside the tor network