Safety technology

[meeting] this year's offensivecon conference is of good quality (download attached materials) https://mp.weixin.qq.com/s/8bpcnk06tpkbi7ghjedua

[meeting] bluehatil 2019 abstractshttps://www.bluehatil.com/abstracts

[O & M security] cve-2019-0626 | windows DHCP Server Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0626

[web security] Drupal core - highly critical - Remote Code Execution - sa-core-2019-003https://www.drupal.org/sa-core-2019-003

[operation and maintenance security] container escape flash hits AWS, Google cloud, Linux distrushttps://www.securityweek.com/container-escape-flash-hits-aws-google-cloud-linux-distros

[vulnerability analysis] Adobe ColdFusion deserialization rce vulnerability analysis (cve-2019-7091) https://mp.weixin.qq.com/s? \654; biz = mzawnti1ndi3mq = = & mid = 2649613813 & IDX = 1 & Sn = fc1c55360efd5a1ff2e7d8ff25825f8a & scene = 21 ʋ wechat ﹐ redirect

[vulnerability analysis] PowerShell empire is exempt from Windows Defender https://www.blackhillsinfosec.com/getting-powershell-empire-past-windows-defender/

[web security] micro8: PHP security news 8:00 am all documents https://github.com/micropoor/micro8

[web security] three layer network shooting range construction & MSF intranet penetration https://www.anquanke.com/post/id/170649

[forensics analysis] 7-hour emergency response to a unit's "driving life" event in a city https://mp.weixin.qq.com/s/c8x6fvm7qvwwcepzcbbrsg

[vulnerability analysis] network wide screening of WinRAR Code Execution Vulnerability (cve-2018-20250) https://xlab.tencent.com/cn/2019/02/22/investing-winrar-code-execution-vulnerability-cve-2018-20250-at-internet-scale/

[web security] WordPress image - Remote Code Execution Vulnerability Analysis https://kylingit.com/blog/wordpress-image-% E8% BF% 9C% E7% A8% 8b% E4% BB% A3% E7% A0% 81% E6% 89% A7% E8% A1% 8C% E6% BC% 8F% E6% B4% 9E% E5% 88% 86% E6% 9E% 90/

[vulnerability analysis] WinRAR vulnerability recurrence process https://fuping.site/2019/02/21/winrar-extracting-code-execution-validate/

[data mining] 5 top conference papers take you to know the latest research progress of knowledge map https://mp.weixin.qq.com/s/nomvwauvuxfjlwoxhoucqg

[wireless security] pwning WPA / WPA2 networks with bettercap and the pmkid client less attack https://www.evilsocket.net/2019/02/13/pwning-wifi-networks-with-bettercap-and-the-pmkid-client-less-attack/

[web security] discuz 3.4 unauthorized login vulnerability analysis https://nosec.org/home/detail/2256.html

[operation and maintenance security] osquery initial knowledge http://www.polaris-lab.com/index.php/archives/617/

[operation and maintenance security] use osqueried monitoring system http://www.polaris-lab.com/index.php/archives/618/

[mobile security] etc. 2.0 key points analysis and landing implementation technology strategy https://www.kiwisec.com/news/detail/5c6b6a94c649181e28b81dce.html

[tools] install openvashtps://www.cnblogs.com/zlslch/p/6872559.html in Kali Linux 2016.2 (rolling)

[other] Research on wechat PC technology (3) - how to find the message sending interface https://mp.weixin.qq.com/s/uuxb9ahtnhcsd7gaffyroa

[web security] typora XSS to rce (above) https://www.anquanke.com/post/id/170665

[web security] cve-2019-6453: rce on MIRC https://proofofcalc.com/cve-2019-6453-mirc/

[vulnerability analysis] extracting a 19 year old code execution from winrarhttps://research.checkpoint.com/extracting-code-execution-from-winrar/

[other] information security awareness: https://book.yunzhan365.com/tkgd/nrkm/mobile/index.html

[web security] chashell: go reverse shell that communications over dnshttps://github.com/sysdream/chashell

[data mining] CNN + blstm + CTC's verification code identification from training to deployment https://www.freebuf.com/articles/web/195469.html

Analysis and utilization of the prototype pollution attack of [web security] node.js https://blog.0daylabs.com/2019/02/15/prototype-pollution-javascript/

[O & M security] port security (continuous update) https://bloodzer0.github.io/ossa/infrastructure-security/host-security/host-security-scan/port/

[web security] WordPress 5.0.0 exposes remote code execution https://nosec.org/home/detail/2261.html

[data mining] detecting web attacks with a seq2seq autoencoderhttp://blog.ptsecurity.com/2019/02/detecting-web-attacks-with-seq2seq.html

[device security] Sanctuary - a security framework to provide a trusted environment in the TrustZone ecosystem https://www.ndss-symphony.org/wp-content/uploads/2019/02/ndss2019 a-1_brass_paper.pdf

[forensic analysis] TTPS & IOCS & pain pyramid https://mp.weixin.qq.com/s/rz xorswafvl8xe2pfuzeg

[vulnerability analysis] viewing Python format string vulnerability from two CTF instances https://www.anquanke.com/post/id/170620

[web security] WordPress 5.0.0 remote code execution https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

[malicious analysis] tikitarch - a tool that allows arbitrary shellcode execution in any process https://github.com/rasta-mouse/tikitarch

[web security] hacking Jenkins Part 2 - abusing meta programming for unauthenticated rce! Https://devco.re/blog/2019/02/19/hacking-jenkins-part2-abusing-meta-programming-for-unauthenticated-rce/

[vulnerability analysis] make it rain with Mikrotik – tenable techblog – mediumhttps://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6

[forensic analysis] Linux common backdoor and troubleshooting technology https://xz.aliyun.com/t/4090

[vulnerability analysis] Kerberos unconstrained delegation abuse toolkit https://github.com/dirkjanm/krbrelayx

[web security] API Security Design Guide (continuous collection, non original) https://bloodzer0.github.io/ossa/application-security/sdl/api-security-design/

[other] miscellaneous of Party A in white hat transformation https://bloodzer0.github.io/ossa/miscellaneous/jsrc-1/

[forensic analysis] eyes of onion: privacy and tracking of the dark net https://mp.weixin.qq.com/s/jygaov-wbvycf6gkhysww

[vulnerability analysis] analyzing the windows LNK file attack method https://dexters-lab.net/2019/02/16/analyzing-the-windows-lnk-file-attack-method/

[data mining] AI Security Learning: learning materials of security detection and data mining https://github.com/0xmj/ai-security-learning

[tools] an open source tool for anonymous file sharing using tor - onionshare 2http://miahfree.com/2019/02/onionshare-2/

[other] a go language crackme analysis https://mp.weixin.qq.com/s/tgd2u2fpfdc3dylufsbhvg

[mobile security] LG device manager LHA kernel driver local privilege escalation vulnerability (cve-2019-8372) http://www.jackson-t.ca/lg-driver-lpe.html

[malicious analysis] 2018 blackmail white paper (government and enterprise chapter) http://zt.360.cn/1101061855.php? DTID = 1101062514 & did = 210845178

[malicious analysis] Introduction to EDR detection persistence https://mp.weixin.qq.com/s/akdnfkn8oxocz5eyfb2d9g

[web security] HTTP security header and its working principle (I) http://www.4hou.com/web/16145.html

[web security] ypora XSS to rce (below) https://www.anquanke.com/post/id/170756

[viewpoint] from the perspective of content output, we can see the change of security field https://mp.weixin.qq.com/s/mzp_bopprx4htgp5s5hupw

[operation and maintenance security] enterprise application fingerprint platform framework practice https://mp.weixin.qq.com/s/dehbvnide5oh4wuyxygx6g

[malicious analysis] malware PowerShell shellcode analysisttps://github.com/johnlatwc/shared/blob/master/notebooks/malware% 20powershell% 20shellcode% 20analysis.ipynb

[vulnerability analysis] memory corruption vulnerability in FaceTime texture processing (cve-2019-6224) https://bugs.chromium.org/p/project-zero/issues/detail? Id = 1732

[view] the future of C-end security products https://mp.weixin.qq.com/s/sp15ekynkbzzvozhrj7zj2w

[magazine] sec wiki weekly (issue 259) https://www.sec-wiki.com/weekly/259

[viewpoint] Introduction to DARPA haccs program http://www.arkteam.net/? P = 4243

[data mining] Based on the distributed deception technology, the automatic discovery technology of industrial network abnormal behavior https://mp.weixin.qq.com/s/ilegemdzt7yqvxpahtmijg

[web security] how to fuzz the JavaScript engine https://saelo.github.io/presentations/offensivecon_19_fuzzilli.pdf

[web security] windows firewall post exploitation with netshhttps://www.hackingarticles.in/windows-firewall-post-exploitation-with-netsh/

[device security] expand for cve-2018-4193https://github.com/synapctiv/cve-2018-4193

[web security] WebKit exploitation tutorial https://www.proxy.xyz/tutorial/webkit-exp-tutorial/ ා virtual machine

[data mining] sec "profile: analyze security information site, security trend, security worker account https://github.com/tanjiti/sec" profile

[vulnerability analysis] TTF font out of bounds reading vulnerability https://bugs.chromium.org/p/project-zero/issues/detail? Id = 1779

[malicious analysis] proofpoint releases Q4 2018 thread report and year in reviewttps://www.proofpoint.com/us/thread-insight/post/proofpoint-releases-q4-2018-thread-report-and-year-review

[web security] HTTP security header and how it works (below) http://www.4hou.com/web/16146.html

[O & M security] "relaying" Kerberos - having fun with unconstrained delegation https://dirkjanm.io/krbrealax-unconstrained-delegation-abuse-toolkit/

[vulnerability analysis] Explore deserialization in Ruby project https://xz.aliyun.com/t/4111

[vulnerability analysis] $1.000 SSRF in slack https://medium.com/ @ elberandre / 1-000-ssrf-in-slack-7737935d3884

[operation and maintenance security] how-to-secure-a-linux-serverhttps://github.com/imthenachoman/how-to-secure-a-linux-server

[device security] smart device security analysis manual http://blog.nsfocus.net/handbook-security-analysis-intelligent-equipment/

[device security] how to bypass memory protection of EDR's https://movaxbx.ru/2019/02/19/bypass-edrs-memory-protection-introduction-to-hooking/

[web security] azure ad connect for red teamershttps://blog.xpnsec.com/azure-connect-for-redteam/

[device security] Research on security and privacy of intelligent GPS Tracker https://arxiv.org/ftp/arxiv/papers/1902/1902.05318.pdf

[vulnerability analysis] NTFS case sensitivity on windowshttps://tyranidslair.blogspot.com/2019/02/ntfs-case-sensitivity-on-windows.html

[O & M security] voice workflow in basic event response https://laskowski-tech.com/2019/02/18/volatile-workflow-for-basic-incident-response/

[tool] erbbysam / dnsgrep: quickly search large DNS datasetshttps://github.com/erbbysam/dnsgrep/

[web security] circumvent Facebook's CSRF defense - $25000 https://nosec.org/home/detail/2258.html

[web security] mining and protection of SSRF vulnerability on slack website bypass https://nosec.org/home/detail/2259.html

[web security] attack edgehttps://github.com/bkth/attacking-edge-through-the-javascript-compiler through JavaScript compiler

[device security] OSX privileged helper tool: https://github.com/blankwall/affordable-con/blob/master/offcon.pdf

[mobile security] physical extraction and file system imaging of IOS 12 devices https://blog.elcomsoft.com/2019/02/physical-extraction-and-file-system-imaging-of-ios-12-devices/