Hacking Book | Free Online Hacking Learning


secwiki weekly (issue 5)

Posted by harmelink at 2020-03-29

Safety technology

[malicious analysis] decaf (dynamic executable code analysis framework) dynamic binary analysis platform http://blog.sina.com.cn/s/blog a1bf0101wrqi.html

[web security] struts 2 s2-020 command execution analysis under Tomcat 8 http://www.freebuf.com/articles/web/31039.html

[web security] in depth understanding of JavaScript hijacking principle http://www.cnblogs.com/hyddd/archive/2009/07/02/1515768.htm

[book] UNIX system on Modern Architecture -- SMP and caching technology of kernel programmer http://vdisk.weibo.com/s/qfp9ntxv48oa

[web security] Web application firewall are worth the investment for enterprises http://www.gartner.com/technology/reprints.do? Id = 1-1rtlh9w & CT = 140313 & St = sb

[news] rethinking of traditional security industry http://hi.baidu.com/fs_fx / item / fa8f65fd5649ad0d84d278c5

[web security] smbexec: rapid post exploitation tool http://www.secttechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/

[operation and maintenance security] Falcon eye: Linux monitor toolhttps://github.com/ulricqin/falcon-eye

[paper] International Conference on learning representatives 2014http://openreview.net/venue/iclr1014

[news] more than 24m home routes enabling DNS authentication DDoS attackshttp://www.scmagazine.com/more-than-24m-home-routes-enabling-dns-authentication-ddos-attacks/article/341265/

[web security] sqlmap instance Cookbook http://drops.wooyun.org/tips/1343

[malicious analysis] a close look at RTF Zero Day attack cve-2014-1761 http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers

[operation and maintenance security] lnav: the log file navigator http://lnav.org/

[programming technology] nuclear: nuclear detection with Python https://github.com/hhatto/nuclear.py

[web security] Ninja Pingu: open source high performance network scannerhttp://owasp.github.io/ninja-pingu/index.html

[web security] polyphasshash: a password hashing scheme http://polyphasshash.github.io/polyphasshash/

[malicious analysis] sysanalyzer: automated malcode run time analysis applicationhttp://www.aldeid.com/wiki/sysanalyzer

[operation and maintenance security] watchman: Link Tracking and service quality assurance system of microblog platform http://www.infoq.com/cn/articles/weibo-watchman

[meeting] the second JD jsrc e-commerce security salon documentary ppthttp://static.3001.net/upload/20140402/13964200397156.rar

[other] cheating on the network http://segmentfault.com/a/1190000045352

[malicious analysis] office "combination" vulnerability sample analysis http://blog.vulnhunt.com/index.php/2014/04/04/office% E7% BB% 84% E5% 90% 88% E5% BC% 8F% E6% BC% 8F% E6% B4% 9E% E6% 94% BB% E5% 87% BB% E6% A0% B7% E6% 9C% AC% E5% 88% 86% E6% 9E% 90/

[malicious analysis] DLL side loading: another blind spot for anti virus http://www.fireeye.com/blog/technical/cell-exploits/2014/04/dll-side-loading-another-blind-spot-for-anti-virus.html

[web security] wildcard DNS, content pooling, XSS and certificate pinning http://w00tsec.blogspot.jp/2014/03/wilcard-dns-content-pooling-xss-and.html

[web security] DNS pan resolution and content poisoning, XSS vulnerability and certificate verification http://drops.wooyun.org/tips/1354

[programming technology] dpdk: data plane development kit http://dpdk.org/

[device security] translator for 27 MHz wireless keyboards from logitechhttps://www.cgran.org/wiki/logitech27mhztransceiver

[programming technology] instructions for use of phantomjs http://zhouhua.github.io/2014/03/19/phantomjs/

[web security] a web botnet based on web workers and CORS technology http://hi.baidu.com/html5sec/item/bd0a12e5a3b4af0a570f1d4e

[book] reverse engineering for beginershttp://yurichev.com/writes/re_for_beginners-en.pdf

[other] three ways of statistical analysis of time log3http://www.gtdlife.com/2014/3375/three-ways-to-write-the-timelog3 /? Utm_source = feed & amp; utm_reader = feed & amp; utm_medium = rss & utm_campaign = three-ways-to-write-the-timelog3

[operation and maintenance security] Research on security database system supporting multiple policies http://vdisk.weibo.com/s/zaka9ptdkdefs/1396588548

[vulnerability analysis] struts 2 s2-020 command execution analysis under Tomcat 8 http://sec.baidu.com/index.php? Research / detail / ID / 18

[programming technology] what kind of team tool does a technology media team use http://jianshu.io/p/3631a398cd9b#

[operation and maintenance security] ngxtop: real time metrics for nginx server https://github.com/lebinh/ngxtop

[web security] h5sc: HTML5 security cheatsheethttps://github.com/cure53/h5sc

[malicious analysis] financial cell threads in 2013. Part 1: phishing http://www.securelist.com/en/analysis/204792330/financial cell threads in 2013 Part 1 phishing

[device security] how to own a router – Fritz! Box AVM vulnerability analysis http://www.insunitor.net/2014/03/how-to-own-a-router-fritzbox-avm-vulnerability-analysis/

[paper] a formula for academic papers: introduction http://slowsearching.blogspot.sg/2014/04/a-formula-for-academic-papers.html

[wireless security] exploring the effectiveness of wireless based attackshttps://docs.google.com/document/d/16rprcocofqymkd4fsrtydi035jsit5r9zuivjfbg3zm / edit

[programming technology] imilo real time engine: Solr vs elasticsearchhttp://www.imilo.cn/findlog/36

[web security] download files through DNS http://drops.wooyun.org/tools/1344

[mobile security] Android source code analysis tools and methods http://static.sanwho.com/uploads/2014/01/android% E6% Ba% 90% E7% A0% 81% E5% 88% 86% E6% 9E% 90% E5% B7% a5% E5% 85% B7% E5% 8F% 8A% E6% 96% B9% E6% B3% 95.pdf

[web security] 500 lines of PHP code for rich text security filtering http://www.wellefen.com/only-500-line-php-code-for-filter-rich-content.html

[programming technology] D2 enters the campus Chengdu station successfully, http://ued.taobao.org/blog/2014/04/d2campus-at-chengdu/

[web security] DNS pan resolution and content poisoning, XSS vulnerability and certificate verification http://drops.wooyun.org/tips/1354

[vulnerability analysis] Using the Immunity Debugger API to Automate Analysishttp://vrt-blog.snort.org/2014/04/using-immunity-debugger-api-to-automate.html

[mobile security] open technology found cryptocat IOS http://vdisk.weibo.com/s/g Υ jlebjwrgrb/1396496915

[programming technology] 30 tips on Python http://blog.jobball.com/63320/

9A% 84% E5% 89% 8D% E7% AB% AF% E5% 90% 8e% E7% AB% AF% E5% 88% 86% E7% A6% BB/

[web security] HTML5 using corshttp://www.html5rocks.com/en/tutorials/cors/

[programming technology] how to write security Yii applicationshttp://www.yiiframework.com/wiki/275/how-to-write-security-yii-applications / ාhh18

[programming technology] front end workflow http://willkan.github.io/blog/html/workflow/

[web security] trustedsec tools and exploits https://www.trustedsec.com/downloads/tools-download/