Safety technology

[web security] learning summary of rebound shell - Part 2http://mp.weixin.qq.com/s/s9luvf2drj4adqkwujtwg

[web security] (cve-2019-1030) Microsoft edge - Universal xsshttps://legacy.com/microsoft-edge-uxss/

[other] overview of cyberspace search engine https://mp.weixin.qq.com/s/adrohua0mpjctdpwjpc1jg

[tools] end to end encrypted wechat chat plug-in https://github.com/dplusec/tgwechat

[tools] jwtpycrack-jwt attack script https://github.com/ch1ngg/jwtpycrack

[vulnerability analysis] fastjson denial of Service Vulnerability Analysis https://nosec.org/home/detail/2933.html

[data mining] postscript of Baidu entity link competition: behavior modeling and entity link (including code sharing) https://mp.weixin.qq.com/s/higmw_j5xevluxa4hfhzsa

[programming technology] no file execution in Linux environment elfhttp://www.polaris-lab.com/index.php/archives/666/

[tools] fireeye / sharpersist https://github.com/fireeye/sharpersist

[competition] 2019 suctf writeuphttp://zerou.xyz/2019/09/05/2019-suctf-writeup/

[programming technology] the idea of a vulnerability verification framework https://nosec.org/home/detail/2919.html

[operation and maintenance security] how to build an effective security operation system https://mp.weixin.qq.com/s/jjkq8s4qw0rigoa9xzhyw

[web security] automatic detection of unauthorized vulnerabilities in security open source projects https://mp.weixin.qq.com/s/vwf7atvk-u-snjqo3f80ga

[data mining] identify WAF rules through time-based side channel attack https://xz.aliyun.com/t/6175

[malicious analysis] DNS tunnel communication characteristics and detection http://blog.nsfocus.net/dns-tunnel-communication-characteristics-detection/

[magazine] sec wiki weekly (issue 287) https://www.sec-wiki.com/weekly/287

[mobile security] [IPA cracker] zero code one click to generate prison free IPA! http://iosre.com/t/ipa-ipa/15494

[vulnerability analysis] Twitter's golden pulse secure SSL VPN remote command execution attack chain https://nosec.org/home/detail/2924.html

[forensic analysis] new exploration of data security protection for Internet companies https://tech.meituan.com/2018/05/20/data-security-protection-new-exploration.html

[vulnerability analysis] sensitive information disclosure caused by grahql query vulnerability https://nosec.org/home/detail/2922.html

[data mining] social networks influence collective decision-making, or change election results https://mp.weixin.qq.com/s/kqyf7epxwrhat4spgwhxsw

[forensic analysis] an intrusion detection technology based on deception defense https://mp.weixin.qq.com/s/6bey9qpi0rfk1 t1k1lwmg

[malicious analysis] coinblockerlistshttps://zerodot1.gitlab.io/coinblockerlistsweb/

[vulnerability analysis] attacking SSL VPN - Part 3: the golden pulse secure SSL VPN rce chain http://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html

[operation and maintenance security] no file execution in Linux environment elfhttps://mp.weixin.qq.com/s/gz77yy3ykpm10jsdg1oyiw

[data mining] core technology of big data security (from CSDN) https://bloodzer0.github.io/ossa/data_security / big_data_security_copy/

[vulnerability analysis] Logitech unifying vulnerability ieshttps://github.com/mame82/unifyingvulnsdisclosurerepo/tree/master/vulnerability'reports

[malicious analysis] deep learning risks: new methods for detecting malicious PowerShell https://www.microsoft.com/security/blog/2019/09/03/deep-learning-risks-new-methods-for-detecting-malicious-powershell/

[malicious analysis] developing machine learning malware classifiers https://medium.com/ @ william.fleshman/evaluating-machine-learning-malware-classifiers-ce52dabdb713

[operation and maintenance security] use ptrace and memfd_create to confuse program name and parameter https://mp.weixin.qq.com/s/ab9gkxfaneglibbp6 jh-a