Safety technology

[web security] summary of one attack and defense practice: https://mp.weixin.qq.com/s/sfuqnfblkrkf4urdivkg5q

[vulnerability analysis] Apache tomca remote execution code (cve-2019-0232) vulnerability analysis and replication https://mp.weixin.qq.com/s/dhry2nxtyn4c0buebvodzq

[data mining] DATACON game direction three - attack source and attacker analysis writeuphttps://github.com/rebaout/datacon

[vulnerability analysis] analysis of cve-2019-0708 (bluekeep) https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html

[competition] top 2019 online web writeuphttps://tttang.com/archive/1301/

[competition] ctftraining: CTF training classic competition question recurrence environment https://github.com/ctftraining/ctftraining

[data mining] when security meets nlphttp://4o4notfound.org/index.php/archives/190/

[vulnerability analysis] a debugging primer with cve-2019 – 0708https://medium.com/ @ stratightblast426 / a-debugging-primer-with-cve-2019-0708-ccfa266682f6

8b% E6% 9C% Ba% E9% 87% 8D% E5% 90% af -% E7% 9A% 84% E7% AE% 80% E5% 8D% 95% E5% 88% 86% E6% 9E% 90/

[vulnerability analysis] influxdb authentication bypass 0dayhttps://www.komodosec.com/post/when-all-else-failures-find-a-0-day

[web security] rebound using java debugging protocol jdwp shellhttps://paper.seebug.org/933/

[malicious analysis] decision tools: summary of blackmail virus decryption tools https://github.com/financing/decision-tools

[web security] permanent wmic event subscription - permission maintenance (III) https://rcoil.me/2019/05 /% E6% B0% B8% E4% B9% 85% E6% 80% A7% 20wmic% 20% E4% Ba% 8b% E4% BB% B6% E8% AE% A2% E9% 98% 85% 20 -% 20% E6% 9D% 83% E9% 99% 90% E7% BB% B4% E6% 8C% 81% EF% BC% 88% E4% B8% 89% EF% BC% 89/

[web security] a CMS combination vulnerability to getshellhttps://xz.aliyun.com/t/5277

[other] account security https://bloodzer0.github.io/ossa/business/account/

[competition] mimic defense CTF 2019 final writeuphttps://paper.seebug.org/932/

[mobile security] IOS shell smashing from getting started to giving up https://mp.weixin.qq.com/s/bnyglycsc-x43pghfpdxgg

[other] netstat source code debugging & principle analysis https://blog.snoock.com/2019/05/26/netstat-learn/

[operation and maintenance security] container security construction https://bloodzer0.github.io/ossa/infrastructure-security/container/

[operation and maintenance security] container security tool https://bloodzer0.github.io/ossa/infrastructure-security/container/tools/

[vulnerability analysis] cve-2018-12067 and similar vulnerability analysis and related thinking https://xz.aliyun.com/t/5248

[web security] product security design checklisthttp://bloodzer0.github.io/ossa/other-security-branch/security-operation/pst/

[forensics analysis] emergency response and disposal process for windows https://www.freebuf.com/articles/network/203494.html

[competition] iscc2019 part writeuphttps://www.anquanke.com/post/id/179216

[malicious analysis] nansh0u campaign hackers Arsenal groups strongerhttps://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-groups-stronger/

[forensic analysis] dividing into the security analyst's mindhttps://posts.prospects.io/dividing-into-the-security-analysts-mind-b1708668e8d4

[other] summary of steganography in CTF https://mp.weixin.qq.com/s/tamqc8npgkxdgagzhtld7a

[vulnerability analysis] netstat source code debugging & principle analysis https://paper.seebug.org/934/

[web security] Microsoft Office - permission maintenance (I) https://rcoil.me/2019/05/microsoft% 20office% 20 -% 20% E6% 9D% 83% E9% 99% 90% E7% BB% B4% E6% 8C% 81% EF% BC% 88% E4% B8% 80% EF% BC% 89/

[other] use gpg4win + Outlook Express to send and receive encrypted email https://www.cnblogs.com/lyckerr/p/8624076.html

[forensics analysis] thoughts on industrial control and safety protection in military industry https://mp.weixin.qq.com/s/avryyob-bqdrrq8i15sk3w

[malicious analysis] thread hunting with Jupiter notebooks - Part 1: your first notebook https://posts.prospects.io/thread-hunting-with-jupiter-notebooks-part-1-your-first-notebook-9a99a781fde7? GI = 6e2ca22b44b7

[forensic analysis] learn and play QR code with me https://www.freebuf.com/geek/204516.html

[web security] expanding file uploads Pt. 1 – mime sniffing to stored xsshttps://otherhackerblog.com/expanding-file-uploads-pt1/

[malicious analysis] hiddenwasp malware settings targeted Linux systemshttps://www.intel.com/blog-hiddenwasp-malware-targeting-linux-systems/

[vulnerability analysis] breaking out of RKT – 3 new unpatched cveshttps://www.twistlock.com/labs-blog/breaking-out-of-core os-rkt-3-new-cves/

[vulnerability analysis] attribute is hard - at least for dock: a safari sandbox Escape & lpehttps://phoenhex.re/2019-05-26/attribute-is-hard-at-least-for-dock