Hacking Book | Free Online Hacking Learning


secwiki weekly (166)

Posted by harmelink at 2020-03-22

Safety technology

[web security] ms17-010 vulnerability (SMB) scanning tool - single file https://github.com/risksense-ops/ms17-010/blob/master/scanners/smb_ms17_010.py

[vulnerability analysis] open list of unrepaired vulnerabilities https://github.com/ludios/unfixed-security-bugs

[meeting] obfuscating the Empire https://www.slideshare.net/ryan cobb16/obfuscating-the-empire

[web security] hands on how to use docker for web penetration testing http://www.freebuf.com/articles/web/133318.html

[mobile security] attack and defense summary for WiFi PPT (including principle) https://bbs.ichunqiu.com/forum.php? Mod = viewthread & TID = 1785 & highlight =% E6% 94% BB% E9% 98% B2? From = 51

[operation and maintenance security] docker basic summary http://thief.one/2017/05/04/1/

[web security] [technology sharing] websocket vulnerability and protection details http://bobao.360.cn/learning/detail/3795.html

[vulnerability analysis] automatic exploit generation: vulnerability utilization automation https://xuanlan.zhihu.com/p/26690230

[tools] modify hosts and visit Google, Facebook, twitter, youtube, torprojecthttps://hack80.wordpress.com/2017/05/05/hosts-5-5/

[web security] WordPress core 4.6 - unauthenticated remote code execution (RCE) POC exploithttps://exploitbox.io/vuln/wordpress-exploit-4-6-rce-code-exec-cve-2016-10033.html

[programming technology] retrieve the LinkedIn data of relevant employees according to the company name http://blog.csdn.net/bone'ace/article/details/71055153

[tools] cryptography some online decryption websites http://wiki.bodkin.ren/ctf/crypto/decryptweblist.md

[operation and maintenance security] configure yubikey to log in to linuxhttp://www.cnblogs.com/xiaoxiaoleo/p/6806525.html through challenge response mode

[web security] vulnerability alert - WordPress 4.6 remote code execution (with POC and demo video) http://blog.shellpub.com/2017/05/03/wordpress_core_remote_code_extract.html

[web security] sensitive filescan: directory traversal and sensitive file scanning tool https://github.com/aipengjie/sensitive filescan

[web security] WordPress core < = 4.7.4 potential unauthorized password reset (0day) https://exploitbox.io/vuln/wordpress-exploit-4-7-unauthorized-password-reset-0day-cve-2017-8295.html

[other] pwn2own 2017 Linux kernel privilege vulnerability analysis https://zhanglan.zhihu.com/p/26674557

[web security] WordPress 4.6 Remote Code Execution Vulnerability (cve-2016-10033) replication environment building guide http://www.freebuf.com/vuls/133860.html

[wireless security] how to use fluxion to lure target users to obtain WPA password http://www.freebuf.com/articles/wireless/133315.html

[web security] summary analysis of agent forwarding tool https://www.t00ls.net/articles-35614.html

[wireless security] cve-2017-0601https://xianzhi.aliyun.com/forum/read/1570.html

[web security] fastjson remote deserialization POC construction and analysis http://xxlegend.com/2017/04/29/title -% 20fastjson% 20% E8% BF% 9C% E7% A8% 8b% E5% 8F% 8D% E5% Ba% 8F% E5% 88% 97% E5% 8C% 96poc% E7% 9A% 84% E6% 9E% 84% E9% 80% A0% E5% 92% 8C% E5% 88% 86% E6% 9E% 90/

[vulnerability analysis] fastjson unserialize vulnerability write uphttps://ricterz.me/posts/fastjson% 20unserialize% 20vulnerability% 20write% 20up

[data mining] wooyun all bugs: wooyun all bugs historical archive data and pictures https://github.com/m0l1ce/wooyunallbugs

[malicious analysis] NSA danderspiritz test guide - Trojan generation and testing https://3gstudent.github.io/3gstudent.github.io/nsa-danderspiritz% E6% B5% 8b% E8% AF% 95% E6% 8C% 87% E5% 8D% 97 -% E6% 9C% A8% A9% AC% E7% 94% 9F% E6% 88% 90% E4% B8% 8e% E6% B5% 8b% E8% AF% 95/

[mobile security] Research on TrustZone security technology http://paper.seebug.org/296/

[web security] SSF: Secure Socket funneling (SSF) is a network tool and toolkit https://securesecketfunneling.github.io/ssf/ ාhome

[tools] follow up the event of the NSA backdoor program doublepulsar, clean up the tool download point here http://www.freebuf.com/articles/system/133302.html

[competition] liberty writing Defcon 2017https://github.com/deroko/liberty

[magazine] the first issue of white hat Journal - Password: mfpthttps://pan.baidu.com/s/1kvi93bt

[programming technology] Figure unlocking verification code cracking (with Python code) http://blog.csdn.net/bone_ace / article / details / 71056741

[web security] smart7ec: plug in scanner (Python / Lua) based on Linux C https://github.com/hxp2k6/smart7ec-scan-console

[paper] analysis of the academic circle of computer system security - the data is the top paper of the past decade http://www.csyssec.org/20161230/csyssecurity/

[document] threat tracking meeting ppttps://digital-forensics.sans.org/community/summits

[document] the slides of bfh2017 vulnerability analysis and utilization training course ppthttps://exploit.courses/files/bfh2017/content.html

[web security] pwning PHP mail() function for function and rcehttps://exploitbox.io/paper/pwning-php-mail-function-for-function-and-rce.html

[web security] XSS bypass cookbook ver 3.0 with pdf download http://www.math1as.com/index.php/archives/426/

[vulnerability analysis] [vulnerability analysis] phpcms v9.6.1 vulnerability analysis of arbitrary file reading (including POC, with patches) http://bobao.360.cn/learning/detail/3805.html

[competition] uiuctf 2017 - zippy picshttps://jbzteam.github.io/web/uiuc2017-zippy pics

[data mining] data driven security architecture Upgrade -- "vase" model ushers in V5.0 (2) http://zhisj.blog.51cto.com/219066/1921936

[device security] architecting a modern defense using device guardhttps://drive.google.com/file/d/0b-k55rloulafogvtelrl0xnrnc/view

[device security] discuss the relevant windows security mechanism from hash delivery attack http://bobao.360.cn/learning/detail/3793.html

[tool] [penetration artifact series] nmaphttp://thief.one/2017/05/02/1/

[tool] Shodan new tool release: Trojan malware C & C server search engine http://www.freebuf.com/sectool/133663.html

[magazine] [first issue of white hat journal] online reading and PDF download - instant security http://www.security.com/archives/3293.html

[operation and maintenance security] Active Directory attack and defense laboratory environment building tutorial (1) http://www.4hou.com/technology/4451.html

[tools] vulners.com [vulnerability, exploit, etc.] https://vulners.com

[malicious analysis] stealth rat targeting North Korea since 2014https://threatpost.com/steve-rat-targeting-north-korea-since-2014/125450/

[data mining] data driven security architecture Upgrade -- "vase" model ushers in V5.0 (1) http://zhisj.blog.51cto.com/219066/1921892

[operation and maintenance security] set up your own docker mirrorhttp://blog.evalbug.com/2016/08/28/docker'u mirror/

[device security] Intel's remote AMT vulnerablityhttp://mjg59.dreamwidth.org/48429.html

[malicious analysis] flare floss: fireeye labs obfuscated string solver obfuscated string extraction tool https://github.com/fireeye/flare-floss

[O & M security] threat tracking (hunting) II: generate assumption https://www.sec-un.org/% E5% A8% 81% E8% 83% 81% E8% BF% BD% E8% B8% AA% EF% BC% 88hunting% EF% BC% 89% E4% B9% 8b% E4% Ba% 8C% EF% BC% 9A% E7% 94% 9F% E6% 88% 90% E5% 81% 87% E8% AE% be/

AE% E7% 9C% 8bhuntingmicrosoft Google% E5% 8e% 82% E5% 95% 86/

[O & M security] one of the effective thread hunting - who, what, where, when, what and how https://www.sec-un.org /% E6% 9C% 89% E6% 95% 88% E7% 9A% 84thread hunting% E4% B9% 8b% E4% B8% 80 who what where when and how/

[web security] bug bounty - bypass restrictions to hijack the skip account http://blog.csdn.net/u011721501/article/details/71107858

[web security] new attack uses W3C environment light sensor to steal sensitive information of browser (including demonstration video) http://www.freebuf.com/articles/web/133004.html

[malicious analysis] malware Hunter - Shodan's new tool to find malware C & C servershttp://thehackernews.com/2017/05/shodan-malware-hunter.html

[web security] [hacker story] take stock of the ten most serious hacker attacks in history https://bbs.ichunqiu.com/forum.php? Mod = viewthread & TID = 18986 & extra = page% 3D1% 26filter% 3dtypeid% 26typeid% 3d153

[tools] 80 Linux monitoring toolshttps://www.serverdensity.com/monitor/linux/how-to/

[web security] Android Software Reverse core technology http://www.ichunqiu.com/course/57341

[magazine] sec wiki weekly (issue 165) https://www.sec-wiki.com/weekly/165

[opinion] who is publishing NSA and CIA secrets, and why? Https://www.schneier.com/blog/archives/2017/05/who_is_publishi.html