Hacking Book | Free Online Hacking Learning


secwiki weekly (191)

Posted by truschel at 2020-03-09

Safety technology

[tool] burp Suite Pro 1.7.26 cracked 2017 / 12 / 3http://www.secer.com.cn/article/183

[document] the third vfsec Technology Salon ppthttps://mp.weixin.qq.com/s/m4kmzjhzum6axp1vk2txw

[book] advanced penetration test: crack the safest network in the world ා password: n2sdhttps://pan.baidu.com/s/1esvselg

[web security] cobra-w: white box source code audit tool - white hat version https://github.com/lorexxar/cobra-w

[competition] hackergame2017 writeup (the fourth information security competition of China University of science and Technology) https://volltin.gitbooks.io/hackergame2017-writeup/content/

[meeting] review of Lighthouse laboratory and Technology Salon (issue 5): http://plcscan.org/blog/2017/10/ics-security-salon-5/

[web security] DOM XSS – auth.uber.com http://stamone-bug-bounty.blogspot.com.es/2017/10/dom-xss-auth_.html

[news] Q3 2017 Internet Security Report https://guanjia.qq.com/news/n1/2168.html

[mobile security] virtualapplication: Android double sandbox https://github.com/aslody/virtualapplication/blob/master/chinese.md

Semcms v2.3http://foreversong.cn/archives/755 of [web security] code audit

[malicious analysis] webshell detect by machine learning: use machine learning to identify webshell https://github.com/lcatro/webshell-detect-by-machine-learning

[tools] Microsoft open source scanning tool sonarhttps://github.com/sonarwhal/sonar

[tools] ctfdefense: some offline tools of CTF https://github.com/ssooking/ctfdefense

[malicious analysis] time axis of 152 remote control names of a study of rats in 29 years https://pbs.twimg.com/media/dkfvvtbw0aaegnf.jpg: Large

[web security] how to use bounce shell to build your botnet http://www.jianshu.com/p/8dc5a4abcc09

[operation and maintenance security] gitleak: a little tool for finding password information on GitHub https://github.com/5alt/gitleak

[device security] Introduction to D-Link Series Router vulnerability mining https://paper.seebug.org/429/

[tool] semfuzz: pochtttps://drive.google.com/file/d/0b8y63-uonpjsnhb6uuxtsunbdlu/view

[mobile security] blueborn_cve-2017-0785 in depth analysis and debugging http://ne2der.com/2017/blueborn-cve-2017-0785/

[web security] the beginning and end of Typecho backdoor event https://xianzhi.aliyun.com/forum/read/2266.html

[vulnerability analysis] [cve-2017-15688] gitbook arbitrary file read vulnerability https://xianzhi.aliyun.com/forum/read/2258.html

[data mining] deep learning open data set https://deep learning 4j.org/cn/opendata

[web security] wappalyzer ssrfhttps://medium.com/ @ Alyssa. O.herrera/wappalyzer-ssrf-write-up-2dab4df064ae

[O & M security] bypass WAF: use burp plug-in to bypass some WAF devices http://www.4hou.com/tools/8065.html

[web security] vulhint: vulhint is the sublime text 3 plug-in of auxiliary code audit https://github.com/5alt/vulhint

[web security] build a 1KB Damascus and deal with D shield and security dog interception and killing https://bbs.ichunqiu.com/thread-28476-1-1. HTML? From = sec

[forensic analysis] Moloch network traffic backtracking analysis system https://mp.weixin.qq.com/s/irobuhttiasau-i2tvljtq

[mobile security] X-ray: online mobile application security test (IOS / Android) https://www.htbridge.com/mobile/

[web security] novice understanding SQL injection = "invade Wumao building" https://bbs.ichunqiu.com/thread-28460-1-1.html? From = sec

[operation and maintenance security] how many commands do you know about Linux power lifting? http://mp.weixin.qq.com/s/OLuOTfVpeu-xlAqnf8SjJg

[web security] Typecho install.php backdoor code analysis https://xianzhi.aliyun.com/forum/read/2257.html

[web security] WAF and static statistical analysis http://blog.ptsecurity.com/2017/10/do-wafs-dream-of-static-analysts.html

[web security] osintforpentests: open source intelligence information collection in penetration testing https://github.com/g-solaria/osintforpentests

[web security] Java security deserialization vulnerability analysis https://mp.weixin.qq.com/s? \\u biz = mzizmgxotq5na = = & mid = 2247484200 & IDX = 1 & Sn = 8f3201f44e6374d65589d00d91f7148e & chksm = e8fe9f21df8916371a34dd7259a4e5315e4a09ef86c4c4c778ab11d9ca56b4d5d040cb0803\35;rd

[operation and maintenance security] port monitoring of Internet enterprise security https://mp.weixin.qq.com/s/sjkexegw3oqo4r0nbs7xq

[forensic analysis] Cisco traffic analysis & encrypted thread analyticshttps://blogs.cisco.com/enterprise/cisco-traffic-analysis-encrypted-thread-analyses

[mobile security] passionfruit: IOS app analysis and forensics system https://github.com/chaitin/passionfruit

% E5% 90% 8D% E9% AA% 8C% E8% AF% 81% E5% 8A% AB% E6% 8C% 81/

[magazine] sec wiki weekly (issue 190) https://www.sec-wiki.com/weekly/190

[operation and maintenance security] BIU framework security scanning framework for enterprise intranet basic services https://github.com/0xbug/biu-framework/blob/master/readme

[web security] WordPress security architecture analysis https://paper.seebug.org/422/

[tools] how much do you know about tamper that comes with sqlmap? http://mp.weixin.qq.com/s/vEEoMacmETUA4yZODY8xMQ

[wireless security] wireless network (Wi-Fi) protection protocol standard WPA2 vulnerability comprehensive analysis report https://paper.seebug.org/420/

[malicious analysis] basic analysis report of bad rabbit blackmail virus event https://cert.360.cn/static/files/% E5% 9D% 8F% E5% 85% 94% E5% ad% 90% E5% 8b% 92% E7% B4% A2% E7% 97% 85% E6% AF% 92% E4% Ba% 8b% E4% BB% B6% E5% 9F% Ba% E6% 9C% AC% E5% 88% 86% E6% 9E% 90% E6% 8A% a5% E5% 91% 8a.pdf

[forensic analysis] usbkeyboarddatahacker: USB keyboard traffic package forensic tool https://github.com/wangyihang/usbkeyboarddatahacker

[competition] balance information Cup - write up http://rcoil.me/2017/10/% E5% B9% B3% E8% A1% A1% E4% BF% A1% E6% 81% AF% E6% 9D% AF write up/

[operation and maintenance security] port monitoring of Internet enterprise security https://tech.meituan.com/security_port_monitor.html

[mobile security] paranoid IOS reverse researcher: collect full version of Mac OS IOS + jailbreak + kernel debugging http://www.freebuf.com/articles/rookie/151326.html

[tool] perception as detection: fraud based detection technology https://github.com/0x4d31/perception-as-detection

[vulnerability analysis] about the latest Typecho security vulnerability https://joyqi.com/typecho/about-typecho-20171027.html

[web security] natbypass: an implementation of LCX in golang https://github.com/cw1997/natbypass

[malicious requests using keras & tensorflowttps://github.com/adamkusey/securitai-lstm-model

[web security] share a recent case of logic vulnerability http://www.freebuf.com/vuls/151196.html

[operation and maintenance security] HTTP s attack principle and defense http://mp.weixin.qq.com/s/ - o3rewekxii6pkoyqif5rw

[vulnerability analysis] vulnerable scene: Based on the exploit DB vulnerability environment https://github.com/havysec/vulnerable-scene

[programming technology] on the optimization of reptile collection and de duplication http://www.freebuf.com/articles/others-articles/151173.html

[web security] intranet penetration caused by JBoss http://rcoil.me/2017/10/jboss% E5% BC% 95% E8% B5% B7% E7% 9A% 84% E5% 86% 85% E7% BD% 91% E6% B8% 97% E9% 80% 8F/

[other] wdigest: clear the password in the memory, so that mimikatz and other tools cannot get the plaintext http://www.4hou.com/info/news/8126.html

[wireless security] Ubuntu compiles osmombb environment [update 2017-10-24] https://www.92ez.com/? Action = show & id = 23458

[Web security] social app Sarahah security test https://scotthelme.co.uk/sarahah/

[operation and maintenance security] optimized version of malicious code monitoring (online horse monitoring) tool for domestic website http://www.freebuf.com/sectool/150647.html

[web security] four levels of WAF attack and defense research bypass wafhttps://xianzhi.aliyun.com/forum/read/2251.html

[forensic analysis] scan. Onion hidden services with nmap using tor, docker https://github.com/millesrichardson/docker-onion-nmap

[web security] front end defense from entry to abandonment -- CSP changes https://paper.seebug.org/423/

[web security] CSRF fancy bypass referer tips http://0x007.blog.51cto.com/6330498/1610946

[mobile security] mobile application security development best practices https://info.nowsecure.com/rs/201-xew-873/images/secure-mobile-development.pdf

[web security] exploitpack: exploitpack - penetration testing framework https://github.com/junsacco/exploitpack

[programming technology] restful API backend notes based on flash https://jiayi.space/post/ji-yu-flashde-restful-apihou-duan-bi-ji

[vulnerability analysis] basic investigation report on the vulnerability status of known version of Apache Solr https://cert.360.cn/report/detail? Id = 5d8fcd3c20ccac9f8b62b4e9214c5127

[malicious analysis] a new code injection technique http://www.hexacorn.com/blog/2017/10/26/project-a-new-code-injection-trick/

[device security] IOT [reactor status update http://blog.netlab.360.com/iot [reactor-a-few-updates/

[paper] unsupervised machine learning in cyber security http://raffy.ch/blog/2017/10/22/unsupervised-machine-learning-in-cell-security/

[mobile security] osxfuzz: Mac OS kernel fuzzier https://github.com/mwlabs/osxfuzz

[tools] stage remotedll.ps1: various DLL injection technologies on 32-bit and 64 bit architectures https://github.com/fuzzysecurity/powershell-suite/blob/master/stage-remotedll.ps1

[data mining] integrated learning (with learning resources) https://mp.weixin.qq.com/s/zegan2w9qjatt0ylzzwhpw

[vulnerability analysis] Linux TBB SFTP URI allows local IP disclosure https://hacker.com/reports/253429

[vulnerability analysis] onehttpd 0.7 Remote Denial of Service Vulnerability Analysis http://whereisk0shl.top/post/2017-10-25

[forensic analysis] yeahpot: yet another honey potts://github.com/juansaco/yetanotherhoneypot

[forensic analysis] one of the Internet resources of US intelligence analysis https://mp.weixin.qq.com/s/hxg2nhaiunt 5vewml4v6a

[tool] securityftw / CS Suite: AWS cloud infrastructure security audit tool https://github.com/securityftw/cs-suite

[web security] steading Amazon EC2 keys via an XSS vulnerability https://ionize.com.au/steading-amazon-ec2-keys-via-xss-vulnerability/

[web security] Google reCAPTCHA verification code identification - 85% success rate https://github.com/ectros/uncatcha

[magazine] security guest 2017 Quarterly - Issue 3 https://mp.weixin.qq.com/s/din1yezwlrmchwobxlp38a

[malicious analysis] how to post process Yara rules generated by yargenhttps://medium.com/ @ cyb3rops / how-to-post-process-yara-rules-generated-by-yahoo-121d2932282

[malware analysis] recodeking / malwareanalysis: list of malware analysis tools and resources https://github.com/recodeking/malwareanalysis

[document] DNS error response cases https://ripe75.rip.net/presentations/20-a-current-case-of-broken-dns-responses-rip-75.pdf

[web security] slack SAML authentication bypass http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html

[web security] keystone JS pentest reporthttps://securelayer7.net/download/pdf/keystone js-pentest-report-securelayer7.pdf