Hacking Book | Free Online Hacking Learning

 Home

focus on web and mobile security [red sun security phase 16]

Posted by harmelink at 2020-03-28
all

Penetration test, web security dynamic 2017 / 7 / 9-2017 / 7 / 16

-Security article - Security Vulnerability - Mobile Security - code audit

Security dynamic security skill resource and tool sharing

Weekly trends

[security UK] the cybersecurity eco summit has begun to sign up!

https://mp.weixin.qq.com/s/9hLkNOLpTA1-v___RSdiog

[security] wechat Office released the full text of regulations on security protection of key information infrastructure (Draft for comments)

https://mp.weixin.qq.com/s/qnG4A9HkPQPWAZgae_LSqQ

[security_week] mobile app should pay more attention to network security, and also carry out the work of equal security in time

https://mp.weixin.qq.com/s/wt1jlPNTCV7JJUJ9RWj-zQ

[security] it is necessary to introduce the rules of cyber war if the big country has already launched cyber war secretly!

https://mp.weixin.qq.com/s/K6SKWSOJ9_-tT7b5PI6F9A

[security UK] MSRC Security Research - Summary of speech materials of Microsoft MSRC team in recent years

https://github.com/Microsoft/MSRC-Security-Research/tree/master/presentations

On the defense of blackmail software

https://mp.weixin.qq.com/s/IayXVSFQ2pVw-q7ODeHyHA

[security] R basic language introduction

https://www.shiyanlou.com/courses/855

[security] Python web framework introduction

http://t.cn/RKHAMVX

[security_week] information security vulnerability weekly (issue 27, 2017)

https://mp.weixin.qq.com/s/tg4KGajO89-bLL-ELfJhGA

[security UK week] second issue of 2017 Quarterly

http://bobao.360.cn/download/book/security-geek-2017-q2.pdf

[security_week] security alert: VMware virtual machine escape tools have been widely used on the Internet. Users please update http://www.tuicool.com/articles/je7rei6 as soon as possible

The path of an architect: the knowledge and skills an architect needs to master

http://weizhan.51cto.com/article/view/59142577f2dd874ef5571ed1

[security UK] checklist for developing secure APIs

https://github.com/shieldfy/API-Security-Checklist/blob/master/README-zh.md

Skill display

[security technology] windows platform runs masscan and nmap

http://www.4hou.com/penetration/6173.html

[security technology] splash SSRF to get root permission of intranet server

https://xianzhi.aliyun.com/forum/read/1872.html

[security technology] Splunk learning and Practice (audit tool)

https://mp.weixin.qq.com/s/O5Jt-DDpskimfz8kHunZ8Q

[security technology] memcached - a story of failed patching and fragile servers

http://blog.talosintelligence.com/2017/07/memcached-patch-failure.html#more

[security technology] vulnerability analysis of web applications using burp scanner

http://www.hackingarticles.in/vulnerability-analysis-web-application-using-burp-scanner/

[Security_technology]  Inject All the Things

http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/

[security technology] Apache structs2 s2-048 vulnerability dynamic analysis

http://t.cn/RKLTBpb

[security technology] some fatal knowledge about PHP code security

https://mp.weixin.qq.com/s/wD_SzRUWVuh4mruaF0qs5g

[security technology] more than 10 power enterprises in the US have been attacked by template injection

https://mp.weixin.qq.com/s/fCg70lBTi-dWQN9zAL97yA

[security technology] [translation] JSON hijacking in modern web

http://bbs.pediy.com/thread-219036.htm

[security technology] [translation] new SQL injection tutorial (Part 2)

http://bbs.pediy.com/thread-219115.htm

[security technology] can be used in practice: Jenkins (cve-2017-1000353) deserialization Command Execution Vulnerability verification

http://t.cn/RKTDNCh

[security technology] dry goods from shallow model to deep model: overview of machine learning optimization algorithm

https://mp.weixin.qq.com/s/jnWH7KcVVmxh0Ywxi4GM9Q

[security technology] using createrestrictedtoken API bypass AppLocker

https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/

[security technology] Cisco Talos team's analysis of using word template injection to attack infrastructure

http://blog.talosintelligence.com/2017/07/template-injection.html

Multiple rce vulnerabilities exist in [security technology] Popper PDF, which can fully control the user's computer

http://t.cn/RKHv7K2

[security technology] attack method of getting domain administrator's permission in Active Directory

http://www.cnblogs.com/backlion/p/7159296.html?from=timeline&isappinstalled=0

[security technology] how to use common port forwarding tools (2)

https://mp.weixin.qq.com/s/vlPRk7jKJXO8ZyopNIfzrg

[security technology] about IP, here is everything you want to know! (middle length)

https://mp.weixin.qq.com/s/ZjQ9VAatFmqwHNhTVd7yXA

[security technology] share penetration tools used under Android (Introduction)

https://mp.weixin.qq.com/s/HND4hYuqVbGS-PAwLPwaNA

[security technology] Linux Security - iptables (7)

https://mp.weixin.qq.com/s/Fv0TP9Gff4tu4g3gtQDQ8g

[security technology] Struts2 s2-048 high risk vulnerability recurrence! A comparative analysis on the utilization of attack load of several vulnerabilities

https://mp.weixin.qq.com/s/XLeRNPN_CcpVG7firXC47w

[security technology] password cracking

https://mp.weixin.qq.com/s/-K8tO58kUPMSVL2xge5vUA

Industry tools

[security] tools] reverseapk - quick reverse analysis of bash scripts for Android Applications

https://github.com/1N3/ReverseAPK

[security? Tools] xsstrike - a tool for fuzz XSS vulnerabilities that can automatically discover and bypass common WAFS

https://github.com/UltimateHackers/XSStrike

[Security_tools] Android_Kernel_CVE_POCs CVE-2017-8260 CVE-2017-0705 CVE-2017-8259

http://t.cn/RKVrpqt

[security] tools] canape.core - cross platform network protocol test library

https://github.com/tyranid/CANAPE.Core

[security] tools] salt Scanner - Linux vulnerability scanner based on salt open and vulners audit API

https://github.com/0x4D31/salt-scanner

Deep understanding of Android hotfix Technology

https://m.aliyun.com/yunqi/articles/115122

[security] tools] w8scan: a scanner imitating bugscan

https://github.com/boy-hack/w8scan

[security] tools] slackshell - Implementation of C & C command control of PowerShell version based on slack API

https://github.com/bkup/SlackShell

[security? Tools] winpayloads - a killing free windows payloads generator based on Python 2.7

https://github.com/nccgroup/Winpayloads

[security_tools] object - a Frida based IOS app runtime detection tool exposed by SensePost, which can inject object execution code into app

https://sensepost.com/blog/2017/objection-mobile-runtime-exploration/

Directory scanning tool

http://pentestit.com/cangibrina-domain-admin-dashboard-finder/

[security? Tools] T50 - fastest hybrid package injector tool

https://www.darknet.org.uk/2017/07/t50-fastest-mixed-packet-injector-tool/

[security? Tools] burp vulners Scanner - vulnerability scanner

https://vulners.com/

Forum security articles

Penetration test

http://bbs.sec-redclub.com/hr/forum.php?mod=forumdisplay&fid=36&page=1

Security video

http://bbs.sec-redclub.com/hr/forum.php?mod=forumdisplay&fid=41

© 2023