Hacking Book | Free Online Hacking Learning


secwiki weekly (issue 161)

Posted by forbes at 2020-03-23

Safety technology

1 & srcid = 0329atmpia7rbzfd84swuopt × Rd

[web security] CTF always loses? You almost got to trickshtttps://drive.google.com/file/d/0b4uxe69uafd5c0lbgh1njnoogm/view

& srcid = 0330ahrbighm8firszjkmfn & key = 69fcea0

[vulnerability analysis] docker container escape case analysis https://yq.aliyun.com/articles/57803

[web security] summary of bendiao's Web vulnerability scanner ideas and skills (Web crawler-1) http://weibo.com/ttarticle/p/show? Id = 2309404089676607652351

[paper] NDSS 2017 attendance notes https://xuanlan.zhihu.com/p/26082974? Group ﹣ id = 830733298354491392

[web security] my way of penetration testing http://mp.weixin.qq.com/s/zxolyfzzsu-wxh6ro3gzrg

& srcid = 0330hzvyeyl3laxvqgnh3rso × Rd

[tools] sec box https://github.com/tengzhangchao/sec-box

= 1 & srcid = 0329ssid1q8fcaygqeesayk × Rd

Ene = 1 & srcid = 0329tptq2znutl7d5sjsl9wk × Rd

[Web security] dnsbrute: domain name explosion, based on API interface and dictionary https://github.com/chuhades/dnsbrute

Scene = 1 & srcid = 0401nl11l5gms3uxlp6biuwl & key = 65f240a

[document] black hat Asia 2017 PPT download https://www.blackhat.com/asia-17/briefs.html

[web security] reading notes of Web dilemma | Python http://www.python.com/386.html

Key = be209c0774a2a72dbd7c466abaf71566f5d42699ce4d22d5

[web security] filesensor: a crawler based dynamic sensitive file detection tool https://github.com/xyntax/filesensor

[vulnerability analysis] event analysis of sensitive information leakage of Dahua camera http://paper.seebug.org/257/

[web security] ring04h's white hat learning route -- 20170325https://github.com/ring04h/papers/blob/master/% E6% 88% 91% E7% 9A% 84% E7% 99% BD% E5% B8% BD% E5% ad% A6% E4% B9% A0% E8% B7% AF% E7% Ba% BF -- 20170325.pdf

[web security] sharing summary of pig man https://github.com/ring04h/papers

[web security] detect Java deserialization vulnerability through DNS log http://gosecure.net/2017/03/22/detecting-deserialization-bugs-with-dns-exfiltration/

[malicious analysis] apt29 domain fronting with torhttps://www.fireeye.com/blog/thread-research/2017/03/apt29_domain_frontin.html

[web security] iis6.0 remote command execution vulnerability (cve-2017-7269) http://thief.one/2017/03/29/iis6-0% E8% BF% 9C% E7% A8% 8b% E5% 91% BD% E4% BB% A4% E6% 89% A7% E8% A1% 8C% E6% BC% 8F% E6% B4% 9e-cve-2017-7269/

[Video] balccon2k16 (video list) https://ftp.lugons.org/balccon2k16/

[web security] internal network penetration thought arrangement and tool use http://bobao.360.cn/learning/detail/3683.html

[web security] the TTPS of alexsey belan, a Russian hacker suspected of invading Yahoo, http://www.freebuf.com/news/130209.html

[other] talk about several file backups of vim http://www.evilclay.com/2017/03/31 /% E8% B0% 88% E8% B0% 88 VIM -% E7% 9A% 84% E5% 87% A0% E7% A7% 8D% E6% 96% 87% E4% BB% B6% E5% A4% 87% E4% BB% BD/

[equipment security] fingerprint identification technology of industrial control system https://mp.weixin.qq.com/s? ᥧbiz = mza5otmwmzy1nq = = & mid = 2647833962 & IDX = 1 & Sn = c29ac1492087fedf1203d69094f3e50c & scene = 0 ᥧ wechat ʍ redirect

[malicious analysis] equationdrug rootkit analysis (mstcp32. Sys) http://artemionsecurity.blogspot.com/2017/03/equationdrug-rootkit-analysis-mstcp32sys.html

[other] 800 yuan 8-core server? Second hand server building guide http://www.freebuf.com/geek/130366.html

[web security] gr36, a white hat, teaches you how to dig holes. Vulnerability research https://xianzhi.aliyun.com/forum/read/1427.html

[other] docker image accelerator https://yq.aliyun.com/articles/29941

[programming technology] phantomjs correctly opened http://thief.one/2017/03/31/phantomjs% E6% ad% A3% E7% A1% AE% E6% 89% 93% E5% BC% 80% E6% 96% B9% E5% BC% 8F/

[O & M security] secure host baseline: windows security configuration baseline https://github.com/iadgov/secure-host-baseline

[web security] hashview: the web visualization and management platform for hashcat password cracking http://www.button.com/99205.html

[other] Application Verifier in penetration test (Introduction to the use of Doubleagent) http://www.4hou.com/uncategorized/reverse/4005.html

[web security] IIS 6.0 remote code execution https://github.com/edwardz246003/iis_exploit/

[web security] outline weekly technology sharing materials of Security Lab http://www.polaris-lab.com/index.php/share.html

[conference] 201703 ﹣ bsidescbr-zxsecurity ﹣ practical ﹣ GPS ﹣ spoofinghttps://zxsecurity.co.nz/presentations/201703 ﹣ bsidescbr-zxsecurity ﹣ practical ﹣ GPS ﹣ spoofing.pdf

[operation and maintenance security] anomali staxx Threat Intelligence subscription analysis system play http://phantom0301.cc/2017/03/27/staxx/

[operation and maintenance security] Endpoint Protection: review popular EDR products abroad http://www.freebuf.com/articles/terminal/131024.html

[Video] building large scale WAF cluster with open source software for enterprise security construction http://www.freebuf.com/special/127713.html

[data mining] Apriori https://mp.weixin.qq.com/s/fpuaqlfacm6dstoronf3ia for security

[malicious analysis] shamoon 2 malicious sample technology analysis and detection protection program http://blog.nsfocus.net/shamoon 2-malicious-sample-technology-analysis-detection-protection-program/

[web security] a brief introduction and demonstration of a traffic hijacking attack http://mp.weixin.qq.com/s/cq-hg7innb4fp06jkws7rjg

[web security] remember an interesting second ultra vires https://www.t00ls.net/thread-38883-1-1.html

[forensics analysis] another way to trace: the security mechanism of being "backfired" http://www.arkteam.net/? P = 1646

[vulnerability analysis] pwnbox: a docker container for Reverse Engineering & exploitation! Https://github.com/superkojiman/pwnbox

[operation and maintenance security] the six most recommended free Linux firewalls in 2017 http://www.4hou.com/info/news/4018.html

[device security] thread landscape for industrial automation systems in the second half of 2016 https://ics-cert.kaspersky.com/reports/2017/03/28/thread-landscape-for-industrial-automation-systems-in-the-second-half-of-2016/

[magazine] sec wiki weekly (issue 160) https://www.sec-wiki.com/weekly/160

[forensic analysis] Intel ﹣ collection ﹣ tools: script file of multiple Threat Intelligence Analysis https://github.com/wolfpack1/intel ﹣ collection ﹣ tools

[web security] refer spoofing with iframe injection http://paper.seebug.org/258/

[data mining] payment risk control model and process analysis https://xianzhi.aliyun.com/forum/read/1437.html

[device security] initial experience of IOT device program development and compilation environment construction http://www.freebuf.com/sectool/130091.html

[web security] RDP degradation attack based on mitm https://xianzhi.aliyun.com/forum/read/1434.html

[web security] database firewall https://github.com/nim4/dbshield