Aquaboutic | Focus Security Research | Vulnerability Exploit | POC

Home

secwiki weekly (158)

Posted by zura at 2020-04-17
all

Safety technology

[web security] struts 2-045 vulnerability detection utility exp GUI version https://github.com/flytas/struts 2-045-exp

[web security] s2-045 vulnerability analysis http://blog.csdn.net/u011721501/article/details/60768657

[web security] DOM XSS parsing http://mp.weixin.qq.com/s/ia2itmipdbwbvi57gaaeuw

[web security] struts2_pochttp://thief.one/2017/03/07/struts2-045% E6% BC% 8F% E6% B4% 9e/

[programming technology] [King's glory] analysis report on the principle of mutual calling between C ා and C + + http://gslab.qq.com/article-257-1.html

[vulnerability analysis] [vulnerability warning] cve-2017-2636: Linux kernel n ﹐ HDLC driver module local privilege vulnerability http://bobao.360.cn/learning/detail/3586.html

[web security] 60 bytes - no file penetration test experiment https://www.n0tr00t.com/2017/03/09/penetration-test-without-file.html

Rd

[vulnerability analysis] dota2 nthack plug in analysis report http://gslab.qq.com/article-255-1.html

[web security] bcrpscan: an intelligent backup file scanning tool https://github.com/secfree/bcrpscan

[malicious analysis] analysis report of double tail scorpion (apt-c-23) https://ti.360.com/upload/report/file/aptswxlvj8fnjoxck.pdf

[tools] social engineering password analysis https://blog.yesfree.pw/? Post = 152

[tool] one sentence management system on Web https://github.com/boy-hack/webshellmanager

[web security] how to quickly use the vulnerability s02-45 to obtain the server permission http://simeon.blog.51cto.com/18680/1904351

[operation and maintenance security] the road to safe operation of financial industry enterprises 2016.10.28https://pan.baidu.com/s/1ch4ugi

[programming technology] take out order crawler: meituan, hungry, Baidu https://github.com/mudiyouyou/waimai-crawler

[malicious analysis] webshell sample set (2011-2017) https://www.secsilo.com/silo/view? Id = 8e6c876e8fa2d0c5379b0df5afed362b

[web security] domain penetration basic simple information collection (basic chapter) https://xianzhi.aliyun.com/forum/read/805.html

[Video] movies for hackers: hacker movies collection https://github.com/k4m4/movies-for-hackers

[operation and maintenance security] building a Sysmon dashboard with an elk stack https://cyberswardog.blogspot.com/2017/03/building-sysmon-dashboard-with-elk-stack.html

[O & M security] under Kali, install openvashttp://0cx.cc/install ﹣ OpenVAS ﹣ on ﹣ kali.jspx

[web security] phptrace: trace function calls, request information and execution process of PHP at runtime https://github.com/qihoo360/phptrace

[vulnerability analysis] guard the last defense line: analysis of three escape sandbox technologies http://www.4hou.com/technology/3665.html

[malicious analysis] stealing Empire: the black production of consumer finance: http://mp.weixin.qq.com/s? ᦇ biz = mtqzmje1njqwmq = = & mid = 2655538952 & IDX = 4 & Sn = c7db605415da86593c0b6624bdc1529e & scene = 0 ᦇ wechat? Redirect

[web security] s2-045 principle preliminary analysis (cve-2017-5638) http://paper.seebug.org/241/

[web security] intrigue core: domain name information collection platform based on scan and interface https://github.com/intrigueio/intrigue-core

[operation and maintenance security] five steps and seven moves to start the strongest DDoS attack and defense war! http://mt.sohu.com/20170215/n480734620.shtml

[forensic analysis] CIA leaked thousands of confidential documents: all kinds of 0day tools and malicious programs http://www.freebuf.com/news/128802.html

[document] a picture to understand CIA: there is a reason for strong attack ability: http://www.4hou.com/info/3757.html

[web security] Drupal 7. X service module from deserialization to remote command execution http://www.button.com/98140.html

[vulnerability analysis] WordPress username enumeration vulnerability analysis (cve-2017-5487) http://paper.seebug.org/239/

[web security] scanner based on CMS plug-in https://github.com/drope/dropescan

[O & M security] Ponemon Institute's "the value of Threat Intelligence: a study of Companies in North America and the UK", http://mp.weixin.qq.com/s? Biz = mzi4nzu2nju4nq = = & mid = 2247484109 & IDX = 1 & Sn = 56b5d16517082096e982d7d823b87c8e & scene = 0 "wechat" redirect

[operation and maintenance security] [exclusive] my enterprise security promotion method https://xianzhi.aliyun.com/forum/read/793.html

[operation and maintenance security] how to realize the automatic deployment of ansible multi machine room for startups http://www.4hou.com/special/3701.html

[mobile security] reverse engineering Samsung S6 sboothttp://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-i.html

[other] various excellent materials, artifacts and frameworks used by programmers on the road https://github.com/stanzhao/be-a-professional-programmer

[forensic analysis] see how I find the mobile number of Facebook registered users http://www.freebuf.com/vuls/128456.html

[device security] Internet of things device telnet password quick scan tool http://www.freebuf.com/sectool/128661.html

[forensic analysis] privacy disclosure: check the back of the website http://www.freebuf.com/news/128317.html

[web security] native payload? DNS: backdoor payload and anti-virus bypass project transmitted through DNS http://www.motoin.com/98026.html

[web security] hacking gutemalas DNS spying on active directory users by expanding a TLD mischtttps://the hackerblog.com/hacking gutemalas DNS spying on active directory users by expanding a TLD misconfiguration/

[other] thinking triggered by a command https://xianzhi.aliyun.com/forum/mobile/read/790.html

[malicious analysis] hidden attack - to frontinghttp://www.4hou.com/technology/3516.html

[wireless security] what did I do after I modified the router's DNS? http://t.tips/?action=show&id=23440

[other] Internet company WAF system design http://www.freebuf.com/articles/network/128370.html

[malicious analysis] another posture of kerberoast attack http://www.4hou.com/technology/3640.html

[malicious analysis] exploit kits: Winter 2017 review malicious exploitation package overview https://blog.malwarebytes.com/thread-analysis/2017/03/exploit-kits-winter-2017-review/

[news] ා experience sharing meeting of PCSA member units at RSA conference in 2017 ා in depth sharing of documents: http://mp.weixin.qq.com/s ᦇ biz = mzi0nju3odk1nw = = & mid = 2247484796 & IDX = 1 & Sn = 902d107f4ce6cba227bfe08f8b2ea289 & scene = 0 ᦇ wechat ﹐ redirect

[forensic analysis] CIA malware and hacking tools https://news.ycombinator.com/item? Id = 1381015 & from = timeline

[malicious analysis] top exploit kit activity Roundup - winter 2017 active vulnerability exploit package https://www.zscaler.com/blogs/research/top-exploit-kit-activity-roundup-winter-2017

[operation and maintenance security] how to build a system that can effectively resist the "wool party" attacks? http://www.4hou.com/info/news/3714.html

[mobile security] 2016 Antian mobile security annual report: full migration of threats http://blog.avlsec.com/2017/03/4474/2016-security-report/

[device security] nearly 200000 WiFi surveillance cameras have a remote code execution vulnerability. You can set up a botnet at will http://www.4hou.com/info/news/3778.html

[forensic analysis] spammers expose their entire operation through bad backupshttp://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

[malicious analysis] the US intelligence system is trapped in the window breaking effect: Wikileaks re exposes the inside story of the CIA [Download] http://mp.weixin.qq.com/s? ᥸ biz = mzi4mja1mzkyna = = & mid = 2655295027 & IDX = 1 & Sn = 82d6f63084d9409c588a27b447d62012 & scene = 0 ﹐ wechat ﹐ redirect

[forensic analysis] spammergate: the fall of an empire 1.4 billion? https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire

[malicious analysis] crypt0l0cker (torrentlocker): old dog, new trickshttp://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html

[operation and maintenance security] the Tianyan system for security construction exploration of financial enterprises: http://mp.weixin.qq.com/s? ʍ biz = mzi2mjq1nta4ma = = & mid = 2247483712 & IDX = 1 & Sn = 19cefe91aa204505ad87a5150e011559 & scene = 0 ʍ wechat A redirect

[web security] talk about OSP's role in OpenVAS scanning system http://www.button.com/98347.html

[mobile security] aliju security 2016 annual report https://xuanlan.zhihu.com/p/25666246? Group id = 823212209231519744

[web security] 7 ways to exploit RFI vulnerability http://www.hackingarticles.in/7-ways-exploit-rfi-vulnerability/

[malicious analysis]. Net Reverse Engineering (I) http://www.4hou.com/technology/3641.html

[web security] content type: Malicious - New Apache struts 2 0-day under attack http://blog.talosintelligence.com/2017/03/apache-0-day-expanded.html? M = 1

[mobile security] summary of APP Security Online Detection System http://www.jianshu.com/p/946bdea18f49

[web security] intrigue core: discover new attack surface http://www.motif.com/98263.html

[equipment safety] analysis of penetration test of industrial control system http://mp.weixin.qq.com/s? & IDX = 1 & Sn = 176b8a4d5ee8250ebf95a0c96160d1ce & scene = 0 ﹐ wechat ﹐ redirect

[magazine] sec wiki weekly (issue 157) https://www.sec-wiki.com/weekly/157

[malicious analysis] analyze the newly added protection layer of neutrino botnet http://www.4hou.com/technology/3740.html

[web security] how I found a $5000 Google Maps XSS (by padding with protobuf) [FQ] https://medium.com / @ marin_m / how-i-found-a-5-000-google-maps-xss-by-padding-with-protobuf-963ee0d9caff#. Qd4siqiac

[operation and maintenance security] improve the security of windows ad (3) http://www.4hou.com/technology/3456.html

[forensic analysis] the WikiLeaks CIA dump shows hacking secrets of spies https://www.wired.com/2017/03/cia-can-hack-phone-pc-tv-says-wikileaks/

[web security] EXIF analysis and utilization (I) http://www.button.com/97860.html

[operation and maintenance security] the way for enterprises in the financial industry to operate safely http://mp.weixin.qq.com/s? ᥼ biz = mzizmtaznzuxmq = = & mid = 2652876136 & IDX = 1 & Sn = da491605c5a7251f69170ca13f43a3ff & scene = 0 ᥼ wechat ᦆ redirect

[malicious analysis] WordPress Hacks: functions.php backdoorshttps://www.polaris64.net/blog/cyber-security/2017/wordpress-hacks-functions-php-backdoors

[other] Microsoft Security Technology https://technet.microsoft.com/zh-cn/library/mt589972

[web security] the OEM version vulnerability of WiFi cam for wireless IP Camera affects more than 1250 models http://www.button.com/98152.html

[web security] development of an abnormal based web application firewallhttps://github.com/matthiasmaes/analogywebapplicationfirewall