IMCAFS

Home

secwiki weekly (issue 143)

Posted by barello at 2020-03-05
all

Safety technology

[web security] kali-linux-2016.2 (rolling) update source https://www.ohlige.cn/kali/rolling.html

[data mining] kcws: deep learning of Chinese word segmentation (word embedding + bi LSTM + CRF) https://github.com/koth/kcws

[operation and maintenance security] openwaf: openwaf is a web application protection system (WAF) based on openresty https://github.com/titansec/openwaf

[programming technology] BlindWaterMark: blind watermark realized by Python programming https://github.com/chishaxie/BlindWaterMark

Re = 1 & scene = 1 & srcid = 1122kxr8gxnoyfner1vxj7kq × wechat × REDIR

[meeting] SIGKDD 2016 tutorial: Leveraging promotion for data mining: models, algorithms http://people.cs.vt.edu/ ~ badityap / talks / 16 KDD tutorial/

[document] wonderful sharing of SFDC Beijing security conference https://segmentfault.com/a/1190000000007553551

[tool] mimikatz 2.1 20161126 published http://www.motoin.com/92735.html

[web security] the latest direct webshell 0day vulnerability mining record of winmail http://www.91ri.org/16519.html

= 0 × Rd

Rd

[web security] my way of wafbypass (SQL injection) https://xianzhi.aliyun.com/forum/attachment/big'size/wafbypass'sql.pdf

[tool] Kaitai web ide: online analysis of multiple file formats https://kt.pe/kaitai_struct_webide/

[vulnerability analysis] nginx privilege escalation vulnerability (cve-2016-1247) analysis http://blog.knownsec.com/2016/11/nginx% E6% 9D% 83% E9% 99% 90% E6% 8F% 90% E5% 8D% 87% E6% BC% 8F% E6% B4% 9ecve-2016-1247 -% E5% 88% 86% E6% 9E% 90/

[operation and maintenance security] compare three scanning tools: nmap, zmap and masscan http://www.arkteam.net/? P = 1328

[web security] a $7500 chrome uxss (cve-2016-1631) analysis and utilization http://avfisher.win/archives/619

[operation and maintenance security] nginx configuration brief http://www.barretlee.com/blog/2016/11/19/nginx-configuration-start/

[other] technical teardown: apply & always in. HWP fileshttp://www.vxsecurity.sg/2016/11/22/technical-teardown-exploit-malware-in-hwp-files/

[web security] mining PHP disable function bypass utilization posture http://blog.th3s3v3n.xyz/2016/11/20/web/% E6% 8C% 96% E6% 8e% 98php% E7% A6% 81% E7% 94% A8% E5% 87% BD% E6% 95% B0% E7% BB% 95% E8% BF% 87% E5% 88% A9% E7% 94% A8% E5% A7% BF% E5% 8A% BF/

[tool] deep pwning: Metasploit for machine learning.https://github.com/cchio/deep-pwning

[malicious analysis] it's parental: keyboy and the targeting of the Tibetan community https://citizenlab.org/2016/11/parental-keyword/

[vulnerability analysis] ZigBee security and IOT device vulnerability utilization http://www.motoin.com/92660.html

[malicious analysis] four ways for hackers to invade ATM: http://www.button.com/92434.html

[malicious analysis] analyze and summarize the encryption algorithms of common ransomware http://www.freebuf.com/articles/database/120023.html

[malicious analysis] security evolution theory of security (two): to say situation awareness https://www.sec-un.org/%e5%ae%89%e5%85%a8%e7%9a%84%e8%bf%9b%e5%8c%96%e8%ae%ba%ef%bc%88%e4%ba%8c%ef%bc%89%ef%bc%9a%e6%9d%a5%e8%af%b4%e8%af%b4%e6%80%81%e5%8a%bf%e6%84%9f%e7%9f%a5.html (https://www.sec-un.org/%e5%ae%89%e5%85%a8%e7%9a%84%e8%bf%9b%e5%8c%96%e8%ae%ba%ef%bc%88%e4%ba%8c%ef%bc%89%ef%bc%9a%e6%9d%a5%e8%af%b4%e8%af%b4%e6%80%81%e5%8a%bf%e6%84%9f%e7%9f%a5.html) https://www.sec-un.org/%e5%ae%89%e5%85%a8%e7%9a%84%e8%bf%9b%e5%8c%96%e8%ae%ba%ef%bc%88%e4%ba%8c%ef%bc%89%ef%bc%9a%e6%9d%a5%e8%af%b4%e8%af%b4%e6%80%81%e5%8a%bf%e6%84%9f%e7%9f%a5.html

[web security] brut3k1t - server side brute force module (SSH, FTP, SMTP, Facebook) http://www.kitploit.com/2016/11/brut3k1t-server-side-brute-force-module.html

[other] transmit IP data via QR code http://www.mottoin.com/92345.html

[web security] bscanner: another Lightweight Directory scanner https://github.com/lorexxar/bscanner

Scene = 0 × Rd

[web security] httpscan: a crawler web host discovery tool https://github.com/zer0h/httpscan

[vulnerability analysis] use docker image / container to analyze known vulnerabilities http://www.button.com/92339.html

Vzbsdpkdhymqz4tz × Rd

[mobile security] mobsf: automated mobile security testing framework http://www.motoin.com/92477.html

[malicious analysis] awesome IOCS: a good IOC tool and data publishing site https://github.com/sroberts/awesome-iocs

[wireless security] Zuckerberg is right. It's easier to turn off the headphones. Https://www.siliconreplic.com/enterprise/hacking-earphones

[web security] Java deserialization cheat sheet https://github.com/grrdog/java-deserialization-cheat-sheet/

[web security] feigon: MySQL injection script for various situations: https://github.com/lorexxar/feigon

[web security] using of protocols to load local files, bypass the HTML5 sandbox http://www.brokenbrowser.com/using-of-protocols/

[device security] crack a wireless intelligent socket http://www.button.com/92421.html

[web security] hacking aria2 RPC daemon https://ricterz.me/posts/hacking% 20aria2% 20rpc% 20daemon? = 1479792710287

[web security] novice guide: SQL injection of dvwa-1.9 full level tutorial http://www.freebuf.com/articles/web/120747.html

[device security] raspberry app: wireless scanner http://www.button.com/92504.html

[web security] Eagle: eagle is a web application attack and audit framework https://github.com/magerx/eagle

[other] inpage Zero Day expand used to attack financial institutions in Asia https://securelist.com/blog/research/76717/inpage-zero-day-expand-used-to-attack-financial-institutions-in-asia/

[web security] comparison of prices and scanning functions of major web scanners http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-opensource-list.html

[tool] AWS \ PWN: a collection of AWS penetration testing junkhttps://github.com/dagrz/aws \ PWN

[tool] the damn vulnerable router firmware projecthttps://github.com/praetorian-inc/dvrf

[web security] on Web front-end botnet http://www.arkteam.net/? P = 1364

[web security] [zero knowledge proof] using database table lookup bottleneck to resist password cracking https://www.cnblogs.com/index-html/p/database-lookup-against-password-cracking.html

[programming technology] Python multiprocessing http://thief.one/2016/11/23/python-multiprocessing/

[web security] the genesis of an XSS worm – part iiihttp://brutelogic.com.br/blog/genesis-xss-worm-part-iii/

[web security] a target specific wordlist generating tool for social engineers and security res https://github.com/tch1001/pwdlogy

[malicious analysis] webmalwarescanner - a simple malware scannerhttps://github.com/maxlabelle/webmalwarescanner

[device security] construct a multi port man in the middle network taphttp://www.button.com/92353.html

[magazine] sec wiki weekly (issue 142) https://www.sec-wiki.com/weekly/142

[device security] brutal -- a tool for quickly generating multiple attack codes of HID devices http://www.kitploit.com/2016/11/brutal-toolkit-to-quickly-create.html

[web security] neet - Network enumeration and utilization tool https://github.com/jonnyhightower/neet

[operation and maintenance security] building a whitelist of network domainshttp://threatrolled.blogspot.co.uk/2016/11/building-whitelist-of-network-domains.html

[operation and maintenance security] monitoring 'DNS' inside the tor network http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network