Safety technology

[web security] intranet port forwarding and penetration https://xianzhi.aliyun.com/forum/read/1715.html

[web security] use HTTP header to bypass wafhttp://www.sohu.com/a/110066439_

[book] anyone else remember this classic book? Proficient in script hacking technology discussion https://xianzhi.aliyun.com/forum/read/1710.html

[forensic analysis] security analysis of Web log discussion on technology https://xianzhi.aliyun.com/forum/read/1723.html

[web security] get the real intranet of the server through F5: iphttp://www.lewis.com/2017/06/13/get the real IP through F5/

[other] security skill tree short version V1 official version https://xuanlan.zhihu.com/p/27362112

[vulnerability analysis] Samba Remote Code Execution Vulnerability (cve-2017-7494) analysis | vulnerability research https://xianzhi.aliyun.com/forum/read/1728.html

[vulnerability analysis] Research on double fetch vulnerability in Linux kernel https://www.inforsec.org/wp/? P = 2049

[data mining] easyml: open source interactive graphical machine learning platform of Institute of computing, Chinese Academy of Sciences https://github.com/ict-bda/easyml

[web security] wretched ideas reproduce spring webflow remote code execution http://www.4hou.com/technology/5449.html

[tool] red Hou: information collection tool http://mp.weixin.qq.com/s/xgj6lq99pnl8mf39oo9dua

[web security] spring web flow Remote Code Execution Vulnerability Analysis (cve-2017-4971) http://paper.seebug.org/322/ ා0-tsina-1-60416-397232819ff9a47a7b7e80a40613cfe1

[data mining] Yellow River identification - Open of deep learning Caffe model [nsfwhttp://www.jianshu.com/p/e74645958a3]

[web security] the way of enterprise security construction: port scanning (below) http://www.freebuf.com/articles/system/137016.html

[web security] [yisrc] technology sharing - how much do you know about HTTPS communication? https://mp.weixin.qq.com/s/Ie1Oq0zRD6vM_70wpawpzg

[web security] Alibaba cloud free HTTPS certificate deployment notes http://www.evilclay.com/2017/06/12 /% E9% 83% A8% E7% BD% B2% E9% 98% BF% E9% 87% 8C% E4% Ba% 91% E5% 85% 8D% E8% B4% b9https% E8% AF% 81% E4% B9% A6% E7% AC% 94% E8% AE% B0/

[web security] sanic < = 0.5.0 static file read arbitrary file vulnerability research https://xianzhi.aliyun.com/forum/read/1712.html

[operation and maintenance security] Metasploit experiment: making the remote control of no killing payload + to any "external network" host http://www.freebuf.com/sectool/136736.html

[vulnerability analysis] butterfly effect and program error: utilization of a slag hole http://weibo.com/ttarticle/p/show? Id = 2309404118504042313519

[tools] blackhat 2017 security toolset http://sec-redclub.com/index.php/archives/541/

[point of view] overview of China's network information security industry https://mp.weixin.qq.com/s? ʍbiz = mzaxoti5otuwmw = = & mid = 2650744489 & IDX = 1 & Sn = 4b27b845c1d5ea4c005e4172ebc19c7

[vulnerability analysis] vulnerability analysis and utilization of ms16-098 rgnobj integer overflow under Windows 10 https://security.tencent.com/index.php/blog/msg/117

[vulnerability analysis] automatic mining of windows kernel information disclosure vulnerability http://www.iceswordlab.com/2017/06/14/automatically-discovering-windows-kernel-information-leak-vulnerabilities/

[operation and maintenance security] the operation and maintenance growth path of station B (monitoring part) http://www.sohu.com/a/148105540_

[meeting] yisrc report - review of the third Ivy cloud security construction salon https://mp.weixin.qq.com/s? [biz = mziynjzmjcynw = = & mid = 2247484676 & IDX = 1 & Sn = ec9bb9be4dacfbc1276109039d673146 & scene = 0 [wechat] redirect

[programming technology] neglected attack area: Python package phishing http://paper.seebug.org/326/

Ventuzelo_coudray.pdf

[programming technology] CTF encryption and decryption http://thief.one/2017/06/13/1/

[mobile security] attack scenario restoration: local root moto G4 & G5 device (with utilization code) http://www.4hou.com/reverse/5432.html

[device security] intelligent Internet vehicle information security white paper https://www.bangcle.com/upload/file/20170613/1497320348846.pdf

[web security] cross site attack defense - use the same site cookie to prevent cross site attacks http://www.junntech.com/detailinfo.php? Type = 1 & id = wevfjkzh3py8pbcekvn2alh4wh3vl5s1

[vulnerability analysis] automatically discovering windows kernel information leak vulnerabilities http://www.iceswordlab.com/2017/06/14/automatically-discovering-windows-kernel-information-leak-vulnerabilities/

[forensic analysis] 22 popular computer forensic tools http://www.freebuf.com/sectool/136921.html

[web security] XSS radar: XSS vulnerability mining tool https://github.com/bugbountyforum/xss-radar

[conference] 2017 apwg Symposium on electronic crime research (ecrime) paper list http://ieeexplore.ieee.org/search/searchresult.jsp? Newsearch = true & querytext = 2017% 20apwg% 20symposium% 20On% 20electronic% 20crime% 20re

[web security] from trigonometric function to discrete Fourier transform to speech recognition to image frequency domain robustness watermark https://bbs.ichunqiu.com/thread-23801-1-1.html? From = 51

[operation and maintenance security] discussion on DDoS test mode https://mp.weixin.qq.com/s/zh rhvp2-m-5yhtegvncw

[web security] ppt / keynote (PHP security development) https://github.com/devlinkcn/ppts_for_php2017

[tools] how to play intranet middleman http://mp.weixin.qq.com/s/ij4ols8gryr7l-4lfgpqxg

[web security] morphhta - morphing cobalt strike's evil.htahttps://github.com/vysec/morphhta

[web security] business security segment http://www.polaris-lab.com/risk.jpg

[vulnerability analysis] industrier global threat report (IEC 60870-5-104) https://mp.weixin.qq.com/s? 6516; biz = mzixmj5mzq3oa = = & mid = 2247483723 & IDX = 1 & Sn = 2ca8d5359adde75994f52a0475fbe5a1 & scene = 0 ﹐ wechat ﹐ redirect

[malicious analysis] latest leaked document of CIA vault7: cherry blossom in full bloom http://www.freebuf.com/news/137498.html

[vulnerability analysis] get to know the fuzzy tool winaflhttp://paper.seebug.org/323/

[programming technology] principle and application of MD5 extended attack http://www.freebuf.com/articles/database/137129.html

[O & M security] firmware security compliance of cloud infrastructure https://hardenedlinux.github.io/system-security/2017/06/15/firmware "compliance. HTML? From = timeline

[tools] add to nmap https://mp.weixin.qq.com/s/jhfi4qjt2rhfsgbszq7saq

[operation and maintenance security] how to use IBD file to recover data for MySQL http://mp.weixin.qq.com/s/iad4qt ﹣ vg9b3vbhvq2p ﹣ 2G

[tools] sheller + Metasploit + netripper: bypass antivirus and sniff HTTPS passwordhttp://securityonline.info/sheller-metasploit-netripper-bypass-antivirus-sniff-https-password/

[tools] wordlists sorted by probability originally created for password generation and thttps://github.com/berzerk0/possible-wordlists

[malicious analysis] exclusive reverse report: why does apt28 make Sai mendeke lie down gun https://mp.weixin.qq.com/s? ʍbiz = mzi4oda4mtcxma = = & mid = 2649550629 & IDX = 1 & Sn = 38adafad60a1e157d018f8064f92 & scene = 0 ʍ wechat ʍ redirect

[web security] connection condition test of netuse command in penetration test http://www.freebuf.com/sectool/136655.html

[tools] totally automatic LFI Explorer (+ reverse shell) and scannerhttps://github.com/d35m0nd142/lfisuite

[web security] sharing your webpages thread big datahttps://l.avala.mp/? P = 161

[vulnerability analysis] field utilization analysis of sambacry http://blogs.360.cn/blog/sambacry-% E9% 87% 8e% E5% A4% 96% E5% 88% A9% E7% 94% A8% E5% 88% 86% E6% 9E% 90/

[web security] cross site scripting payload for fuzzy| technical discussion https://xianzhi.aliyun.com/forum/read/1704.html

[malicious analysis] advanced incident detection and thread identifying using Sysmon (and Splunk) http://security-research.dyndns.org/pub/slides/first2017/first-2017'tom-ueltschi'sysmon'final.pdf

[other] platform continues to evolve, find ways to maintain invisibility https://blogs.technet.microsoft.com/mmpc/2017/06/07/platform-continues-to-evolve-find-ways-to-maintain-visibility/

[tools] DNS tunnel technology analysis http://mp.weixin.qq.com/s/jwqwnp0fhmor5b6ics6nq

[vulnerability analysis] using waitfor.exe to implement a backdoor mechanism https://3gstudent.github.io/3gstudent.github.io/use-waitfor.exe-to-maintain-persistence/

[web security] Research on server injection problems encountered in the development of flaskjinja2 iihttp://www.freebuf.com/articles/web/136180.html

[malicious analysis] the homology analysis of Ukraine's power grid events and the US election malware https://mp.weixin.qq.com/s? ʎbiz = mzi4oda4mtcxma = = & mid = 2649550639 & IDX = 1 & Sn = 4ab262f55134a32dfa0789b24210d251 & scene = 0 ʋ wechat ʍ redirect

[forensic analysis] belati: the traditional Swiss Army knife for osinthttps://github.com/aancw/belati

[operation and maintenance security] architecture implementation of intelligent countermeasure system of security AI https://www.qcloud.com/community/article/317490

[programming technology] pwdmanage password management tool http://thief.one/2017/04/24/1

[mobile security] sixth question of ctf2017: ericky APK writeup http://anhkgg.github.io/kxctf2017-writeup6/

[document] sec wiki weekly (issue 171) https://www.sec-wiki.com/weekly/171

[opinion] the self-report and summary of the 20-year-old director of the central enterprise is sent to the graduates at http://www.cnblogs.com/im404/p/aboutme.html? From = timeline

[wireless security] security analysis report of modern wireless mouse and keyboard http://bobao.360.cn/learning/detail/3986.html

[web security] struts 2 command execution series review http://www.zerokeeper.com/vul-analysis/struts 2-command-execution-series-review.html

[competition] ctf.tf: a database of collected ctfs and their solutions.https://github.com/eun/ctf.tf

[mobile security] [exclusive] analysis of Bluetooth app vulnerability Series II cve-2017-0639 | vulnerability research https://xianzhi.aliyun.com/forum/read/1713.html

[mobile security] OSX / macransom: analyzing the latest ransomware to target macshttps://objective-see.com/blog/blog_0x1e.html