Hacking Book | Free Online Hacking Learning


secwiki weekly (issue 201)

Posted by graebner at 2020-04-06

Safety technology

[web security] look at the security of front-end code from wechat applet https://share.whoboy.com/weapp.html

[vulnerability analysis] Weblogic xmldecoder deserialization vulnerability - cve-2017-10271 http://pirogue.org/2017/12/29/weblogic-xmldecoder/

[vulnerability analysis] performance vs security? CPU chip vulnerability attack practice (1) - cracking Mac OS kaslr https://media.weibo.cn/article? Id = 2309404192549521743410

[vulnerability analysis] processor a vulnerability meltdown and spectre analysis report https://weibo.com/ttarticle/p/show? Id = 2309404192764286877696

[vulnerability analysis] AFL (American Fuzzy LOP) implementation details and file variation https://paper.seebug.org/496/

[tool] scanner using bugscan plug-in https://github.com/boy-hack/w9scan

[vulnerability analysis] security problems caused by CPU disordered execution and predicted execution https://zhanglan.zhihu.com/p/32654221

[web security] one of the ways to open SRC vulnerability in batch - Design and implementation of vulnerability scanning based on CMS https://mp.weixin.qq.com/s/zdaxg1dmth1i6n4hgust5g

[data mining] reading network packets as a natural language for introduction detectionhttp://www.icisc.org/icisc/asp/papers/sec8__slide.pdf

[malicious analysis] malicious sample analysis manual - traceability chapter http://blog.nsfocus.net/trace-source/

[forensic analysis] design sensitive honeypot sensor https://www.xsec.io/2018/1/4/design ﹣ more ﹣ sensitive ﹣ honeypot ﹣ sensors.html

[competition] inndy's hack game strategy (web part) http://www.freebuf.com/articles/web/158885.html

[web security] tips for social workers to find out the behind the scenes fraud (2) https://bbs.ichunqiu.com/thread-31905-1-1.html? From = sec

[operation and maintenance security] use docker to deploy web application https://jiayi.space/post/shi-yong-dockeryi-jian-bu-shu-webying-yong

[other] bitcoin tutorial http://www.ruanyifeng.com/blog/2018/01/bitcoin-tutorial.html

[vulnerability analysis] adapting the POC for cve-2017-1000112 to other kernels https://rickarabee.blogspot.jp/2017/12/adapting-poc-for-cve-2017-1000112-to.html

[programming technology] hand in hand to teach you how to create a vulnerability replication environment http://mp.weixin.qq.com/s/xxd2fo3zfmrjv90mrjyl7q

[web security] post penetration: esxi rebound shellhttps://www.anquanke.com/post/id/93672

[vulnerability analysis] Intel CPU vulnerability description https://weibo.com/ttarticle/p/show? Id = 2309404192902644407039

[web security] beautiful list of deep learning tutorial case https://github.com/xyntax/ml

[wireless security] fishing with 360 WiFi http://mp.weixin.qq.com/s/duvuswym s67a6znxlu8a

[forensic analysis] honeypot system construction for traceability http://www.4hou.com/technology/9687.html

[operation and maintenance security] openrasp technical analysis http://blog.nsfocus.net/openrasp-tech/

[web security] redis is not authorized to access the remote implanting mining script (end) http://mp.weixin.qq.com/s/i1fnlytovsi7h715ffg3tg

[web security] PowerShell Empire introduction http://www.freebuf.com/sectool/158393.html

[tools] intranet automation penetration http://mp.weixin.qq.com/s/0qagy9yz1zkgy6b26absbg

[device security] new exploration of Huawei hg532 remote command execution vulnerability http://xlab.tencent.com/cn/2018/01/05/a-new-way-to-exploit-cve-2017-17215/

[mobile security] Android penetration tool androtickler demining direction north https://mp.weixin.qq.com/s/xi3qlgr9jmlbjl3mep IQ

[forensic analysis] enterprise security construction - design ideas and ideas of modular honeypot platform https://xianzhi.aliyun.com/forum/topic/1885/? From = timeline

[mobile security] hole digging skills: summary of APP gesture password bypass ideas https://www.anquanke.com/post/id/93662

[web security] Web scraping with selenium http://sm0nk.com/2017/11/27/% E5% 9F% Ba% E4% Ba% 8eseleium% E7% 9A% 84% E5% 8F% A3% E4% BB% A4% E7% 88% 86% E7% A0% B4% E5% Ba% 94% E7% 94% A8/

[data mining] tensorflow practical learning notes https://github.com/machinelp/tensorflow-

[device security] 2017 Internet of things Security Research Report http://www.nsfocus.com.cn/content/details_.html

[data mining] data mining for typical comments of users in Python https://mp.weixin.qq.com/s/iytarh75ejydnfxkbqnoeow

[malicious analysis] use snort to detect enterprise traffic https://green-m.github.io/2018/01/05/network-detection-with-snort-in-company/

[Web security] CSRF of "taking advantage of the sword to kill" takes down the background of the stolen dog https://bbs.ichunqiu.com/thread-31779-1-1.html? From=sec

[web security] [Social Engineering] tips to find out the scam behind the scenes (I) https://bbs.ichunqiu.com/thread-31584-1-1.html? From = sec

[wireless security] how to create a malicious access point using mitmap http://www.4hou.com/technology/9154.html

[device security] penetrate the defense line of the intranet, and summarize the USB automatic penetration techniques http://www.freebuf.com/sectool/158784.html

[vulnerability analysis] office 365 safe links bypass https://oddvar.moe/2018/01/03/office-365-safe-links-bypass/

[mobile security] Android malware detection: system call log + machine learning algorithm http://www.4hou.com/info/news/9669.html

[malicious analysis] removing backdoors – PowerShell image edition – n00py blogs://www.n00py.io/2017/01/removing-backdoors-powershell-empty-edition/

[operation and maintenance security] terminal Antivirus of enterprise security construction https://mp.weixin.qq.com/s/jkydmnol3ebf5njxknqba

[malicious analysis] normalized data logs from 250K sandboxed samples malicious sample function call dataset http://www.hexacorn.com/blog/2017/12/31/happy-new-year-2018-get-yourself-logs-from-250k-sandboxed-samples/

[tools] fsociety hacking tools pack – a penetration testing framework https://github.com/manisso/fsociety

[web security] a CMS injection analysis and injection point summary http://www.freebuf.com/articles/web/157827.html

[malicious analysis] Trojan horse analysis report of potplayer player optimized version https://www.anquanke.com/post/id/93227

[vulnerability analysis] on wechat hop plug-in http://www.h4ck.org.cn/2018/01 /% E4% B9% 9F% E8% B0% 88% E5% be% AE% E4% BF% A1 -% E8% B7% B3% E4% B8% 80% E8% B7% B3 -% E5% A4% 96% E6% 8C% 82/

[web security] RSAP technology analysis http://blog.nsfocus.net/rsap-tech/

[operation and maintenance security] "one person" mutual fund enterprise security construction summary http://www.freebuf.com/articles/neopoints/158724.html

[vulnerability analysis] Introduction to process doppelganging https://3gstudent.github.io/3gstudent.github.io/process-doppelganging% E5% 88% A9% E7% 94% A8% E4% BB% 8b% E7% BB% 8D/

[tool] fail2ban: a small application that can monitor system logs http://www.4hou.com/tools/9066.html

[other] security analysis of blockchain https://mp.weixin.qq.com/s/vbmjaiaps7ihe6jreky1a

[malicious analysis] see how I can reverse Kaspersky engine to detect confidential files https://www.anquanke.com/post/id/93462

[operation and maintenance security] take you step by step to experience openvashttp://mp.weixin.qq.com/s/6ks5 ﹣ tnfhkqofr1q3wgjhg

[vulnerability analysis] Huawei home routes in botnet reclamation https://research.checkpoint.com/good-zero-day-skiddie/

[tools] phishing methods other than web form phishing http://mp.weixin.qq.com/s/mw2ptmjklbfixglgv-q2pg

[web security] open redirect payloads: open redirect payloadshttps://github.com/cujanovic/open redirect payloads

[data mining] review 2017 | Threat Intelligence Review threat https://mp.weixin.qq.com/s/dsafrx9zcdbhwoeh8xlyaw

[data mining] machine learning security data set https://xianzhi.aliyun.com/forum/topic/1879/

[device security] router worm triggered network security AI practice https://mp.weixin.qq.com/s/o3apmnzddzt2trehetwekug

[tool] graxcode / reversecrypt: extract crypted jar archives https://github.com/graxcode/reversecrypt

[web security] get Python code from pyinstallerhttps://lightless.me/archives/get-python-code-from-pyinstaller.html

[forensic analysis] cyber intelligence 2017 summary report http://www.clearskysec.com/cyber2017/

[magazine] sec wiki weekly (issue 200) https://www.sec-wiki.com/weekly/200

[malicious analysis] 2017 China mobile terminal MLM fraud threat situation analysis report http://blog.avlsec.com/2017/12/5083/paper/

[malicious analysis] 2017 blackmail threat situation analysis report https://www.anquanke.com/post/id/93031

[web security] some interesting ideas under strict CSP (34c3 CTF) http://www.melody.pw/? P = 935