Hacking Book | Free Online Hacking Learning


secwiki weekly (issue 141)

Posted by patinella at 2020-03-10

Safety technology

[paper] CCS 2016 security summit video https://www.youtube.com/channel/ucuuxpxe3s0uu14jiegn5va

[web security] common PHP trivial code audit of CTF https://github.com/louchaooo/louchaooo.github.io/issues/20

[operation and maintenance security] f-scratch: a lightweight weak password detection script written by Python https://github.com/ysrc/f-scratch

[malicious analysis] Internet of things zombie Mirai source code analysis and sandbox operation demonstration http://www.freebuf.com/articles/network/119403.html

Scene = 0 × Rd

[malicious analysis] using IMA to extend Linux executable logging http://www.button.com/91717.html

[wireless security] WiFi penetration process arrangement http://www.ohvirus.com/1.code/2016-10-19-wifi-safe-step.html

[programming technology] geoip attack map: Cyber Security geoip attack map visualizationhttps://github.com/matcmay/geoip-attack-map

[wireless security] WiFi Based IMSI catcherhttps://www.blackhat.com/docs/eu-16/materials/eu-16-ohanlon-wifi-imsi-catcher.pdf

[other] IOT goes nuclear: creating a ZigBee chain reaction [PDF] http://iotform.eyalro.net/iotform.pdf

[data mining] using sklearn to do single machine feature engineering http://www.cnblogs.com/jason free/p/5448385.html

[competition] experience and part of writeuphttp://www.button.com/91586.html

[other] collective intelligence framework http://csirtgadgets.org/

[mobile security] new posture of repackaging detection for Android App http://securitygossip.com/blog/2016/11/07/2016-11-07/

Definition and use of Threat Intelligence http://blog.nsfocus.net/thread-intelligence-definition/

[mobile security] Nathan: Android security test simulator http://www.button.com/91660.html

[malicious analysis] PhishFinder: Hook, Line and Sinker automated analysis phishing website https://blog.opendns.com/2016/11/11/phishfinder-hook-line-sinker/

Chen Rd

[other] blacknurse denial of service attack http://www.netresec.com/? Page = blog & month = 2016-11 & post = blacknurse denial of service attack

[mobile security] build your own pwnphone https://n0where.net/build-your-own-pwnphone/

[web security] Tumblr XSS expandhttp://blog.andrewlang.net/post/152805939304/tumblr-xss-expand

[web security] bypass implement by configuring HTTP pollution normalization enginehttp://seclists.org/fulldisclosure/2016/nov/22? Utm_source = FeedBurner & utm_medium = twitter & utm_campaign = feed% 3A + seclists% 2fulldisclosure +% 28full + disclosure% 29

[web security] cleaver Gmail hack let attackers take over accounts https://threatpost.com/cleaver-gmail-hack-let-attackers-take-over-accounts/121818/

[data mining] Spacy: industrial strength natural language processing (NLP) with Python https://github.com/expansion/spacy

[web security] use server request forgery (SSRF) attack to enter the intranet http://www.button.com/91641.html

[web security] pentest Wiki: penetration testing phased database https://github.com/nixawk/pentest-wiki

[web security] crawlec: Web Recon tool https://github.com/ganapati/crawlec

[programming technology] collection of open source projects of domestic Internet companies http://www.tuicool.com/wx/rimnara? From = timeline & isappinstalled = 0

[programming technology] cyber security geoip attack map that follows syslog and parks IPS / port numbers https://github.com/matcmay/geoip-attack-map/

[operation and maintenance security] Kids: Zhihu log system open source https://xuanlan.zhihu.com/p/19919584? Refer = hackers

[programming technology] cloud computing docker virtualization public welfare forum http://list.youku.com/albumlist/show? Id = 23813235 & ascending = 1 & page = 1

[vulnerability analysis] vulnerability warning: remote command execution of D-Link router http://www.button.com/91571.html

[operation and maintenance security] self made attack deception defense system https://www.xsec.io/2016/11/2/how-to-develop-a-unreal.html

[web security] empyrehttp://www.freebuf.com/sectool/118715.html

[malicious analysis] create jscripthttp://www.mottoin.com/91459.html

[mobile security] disassembling a mobile Trojan attack https://securelist.com/blog/research/76286/disassembling-a-mobile-trojan-attack/

[mobile security] mmetoken decrypt: decrypts and extracts icloud and Mme authorization tokenshtttps://github.com/manwhoami/mmetoken decrypt

[equipment security] new potential energy of Industrial Development: see http://plcscan.org/blog/2016/11/guide-for-information-security-protection-of-industrial-control-systems/? From = timeline & isappinstalled = 0

[vulnerability analysis] use the computing power of browser to resist password cracking https://www.cnblogs.com/index-html/p/frontend_kdf.html

[programming technology] headlessbrowsers: a collection of non interface browsers in Ajax crawler technology https://github.com/dhamaniasad/headlessbrowsers

[document] Python basic cheatsheethttps://www.pythonsheets.com/notes/python-basic.html

[web security] using Python code to implement web application injection http://www.button.com/91638.html

[tool] drakvuf: black box binary analysis platform http://www.button.com/91636.html

[web security] automated w3af scanning with slack alerting http://jerry gamblin.com/2016/11/09/automated-w3af-scanning-with-slack-alerting/

[vulnerability analysis] vulnerability warning: Sophos web appliance remote code execution vulnerability http://www.motoin.com/91413.html

[web security] Gmail account hijacking vulnerability http://www.button.com/91406.html

[operation and maintenance security] the hive: a scalable, open source and free incident response platformhttps://blog.the hive-project.org/2016/11/07/introducing-the hive/

[tool] azurite: a cloud service security audit tool http://www.mottoin.com/91483.html

[web security] novahot: a webshell framework for penetration testers.https://github.com/christallenlane/novahot

[other] powerduke: wideprepare post element speech physics campaigns targeting think tanhttps://www.volexity.com/blog/2016/11/09/powerduke-post-election-speech-phishing-campaigns-targeting-think-tanks-and-ngos/

[tool] radius Keylogger: Python based multi-function keyboard recording http://www.motoin.com/91644.html

[web security] tplmap: an automatic server-side template injection attack detection and vulnerability utilization tool http://www.button.com/91727.html

[magazine] sec wiki weekly (issue 140) https://www.sec-wiki.com/weekly/140

[malicious analysis] analysis and actual combat record of a xorddos variant sample (download with tools) http://www.freebuf.com/articles/system/119374.html

[vulnerability analysis] pointyfeather aka tar extract pathname bypass https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt

In this paper, the author analyzes the characteristics of

[programming technology] Wukong anti cheating system cache optimization https://zhanglan.zhihu.com/p/23509238

0 × Rd

[operation and maintenance security] urlwatch: a tool for monitoring webpages for updateshttps://github.com/thp/urlwatch

[web security] sqli, privilege escalation, and PowerShell inspirehttps://glanfield.co.uk/sqli-privilege-escalation-and-powershell-empire/

[device security] tracking the IOT botnet armyhttps://www.pwnieexpress.com/blog/tracking-the-iot-botnet-army? Utm_content = 41783430 & utm_medium = Social & utm_source = twitter