Aquaboutic | Focus Security Research | Vulnerability Exploit | POC


secwiki weekly (158)

Posted by zura at 2020-04-17

Safety technology

[web security] struts 2-045 vulnerability detection utility exp GUI version 2-045-exp

[web security] s2-045 vulnerability analysis

[web security] DOM XSS parsing

[web security] struts2_poc E6% BC% 8F% E6% B4% 9e/

[programming technology] [King's glory] analysis report on the principle of mutual calling between C ා and C + +

[vulnerability analysis] [vulnerability warning] cve-2017-2636: Linux kernel n ﹐ HDLC driver module local privilege vulnerability

[web security] 60 bytes - no file penetration test experiment


[vulnerability analysis] dota2 nthack plug in analysis report

[web security] bcrpscan: an intelligent backup file scanning tool

[malicious analysis] analysis report of double tail scorpion (apt-c-23)

[tools] social engineering password analysis Post = 152

[tool] one sentence management system on Web

[web security] how to quickly use the vulnerability s02-45 to obtain the server permission

[operation and maintenance security] the road to safe operation of financial industry enterprises 2016.10.28

[programming technology] take out order crawler: meituan, hungry, Baidu

[malicious analysis] webshell sample set (2011-2017) Id = 8e6c876e8fa2d0c5379b0df5afed362b

[web security] domain penetration basic simple information collection (basic chapter)

[Video] movies for hackers: hacker movies collection

[operation and maintenance security] building a Sysmon dashboard with an elk stack

[O & M security] under Kali, install openvas ﹣ OpenVAS ﹣ on ﹣ kali.jspx

[web security] phptrace: trace function calls, request information and execution process of PHP at runtime

[vulnerability analysis] guard the last defense line: analysis of three escape sandbox technologies

[malicious analysis] stealing Empire: the black production of consumer finance: ᦇ biz = mtqzmje1njqwmq = = & mid = 2655538952 & IDX = 4 & Sn = c7db605415da86593c0b6624bdc1529e & scene = 0 ᦇ wechat? Redirect

[web security] s2-045 principle preliminary analysis (cve-2017-5638)

[web security] intrigue core: domain name information collection platform based on scan and interface

[operation and maintenance security] five steps and seven moves to start the strongest DDoS attack and defense war!

[forensic analysis] CIA leaked thousands of confidential documents: all kinds of 0day tools and malicious programs

[document] a picture to understand CIA: there is a reason for strong attack ability:

[web security] Drupal 7. X service module from deserialization to remote command execution

[vulnerability analysis] WordPress username enumeration vulnerability analysis (cve-2017-5487)

[web security] scanner based on CMS plug-in

[O & M security] Ponemon Institute's "the value of Threat Intelligence: a study of Companies in North America and the UK", Biz = mzi4nzu2nju4nq = = & mid = 2247484109 & IDX = 1 & Sn = 56b5d16517082096e982d7d823b87c8e & scene = 0 "wechat" redirect

[operation and maintenance security] [exclusive] my enterprise security promotion method

[operation and maintenance security] how to realize the automatic deployment of ansible multi machine room for startups

[mobile security] reverse engineering Samsung S6 sboot

[other] various excellent materials, artifacts and frameworks used by programmers on the road

[forensic analysis] see how I find the mobile number of Facebook registered users

[device security] Internet of things device telnet password quick scan tool

[forensic analysis] privacy disclosure: check the back of the website

[web security] native payload? DNS: backdoor payload and anti-virus bypass project transmitted through DNS

[web security] hacking gutemalas DNS spying on active directory users by expanding a TLD mischtttps://the gutemalas DNS spying on active directory users by expanding a TLD misconfiguration/

[other] thinking triggered by a command

[malicious analysis] hidden attack - to fronting

[wireless security] what did I do after I modified the router's DNS?

[other] Internet company WAF system design

[malicious analysis] another posture of kerberoast attack

[malicious analysis] exploit kits: Winter 2017 review malicious exploitation package overview

[news] ා experience sharing meeting of PCSA member units at RSA conference in 2017 ා in depth sharing of documents: ᦇ biz = mzi0nju3odk1nw = = & mid = 2247484796 & IDX = 1 & Sn = 902d107f4ce6cba227bfe08f8b2ea289 & scene = 0 ᦇ wechat ﹐ redirect

[forensic analysis] CIA malware and hacking tools Id = 1381015 & from = timeline

[malicious analysis] top exploit kit activity Roundup - winter 2017 active vulnerability exploit package

[operation and maintenance security] how to build a system that can effectively resist the "wool party" attacks?

[mobile security] 2016 Antian mobile security annual report: full migration of threats

[device security] nearly 200000 WiFi surveillance cameras have a remote code execution vulnerability. You can set up a botnet at will

[forensic analysis] spammers expose their entire operation through bad backups

[malicious analysis] the US intelligence system is trapped in the window breaking effect: Wikileaks re exposes the inside story of the CIA [Download] ᥸ biz = mzi4mja1mzkyna = = & mid = 2655295027 & IDX = 1 & Sn = 82d6f63084d9409c588a27b447d62012 & scene = 0 ﹐ wechat ﹐ redirect

[forensic analysis] spammergate: the fall of an empire 1.4 billion?

[malicious analysis] crypt0l0cker (torrentlocker): old dog, new tricks

[operation and maintenance security] the Tianyan system for security construction exploration of financial enterprises: ʍ biz = mzi2mjq1nta4ma = = & mid = 2247483712 & IDX = 1 & Sn = 19cefe91aa204505ad87a5150e011559 & scene = 0 ʍ wechat A redirect

[web security] talk about OSP's role in OpenVAS scanning system

[mobile security] aliju security 2016 annual report Group id = 823212209231519744

[web security] 7 ways to exploit RFI vulnerability

[malicious analysis]. Net Reverse Engineering (I)

[web security] content type: Malicious - New Apache struts 2 0-day under attack M = 1

[mobile security] summary of APP Security Online Detection System

[web security] intrigue core: discover new attack surface

[equipment safety] analysis of penetration test of industrial control system & IDX = 1 & Sn = 176b8a4d5ee8250ebf95a0c96160d1ce & scene = 0 ﹐ wechat ﹐ redirect

[magazine] sec wiki weekly (issue 157)

[malicious analysis] analyze the newly added protection layer of neutrino botnet

[web security] how I found a $5000 Google Maps XSS (by padding with protobuf) [FQ] / @ marin_m / how-i-found-a-5-000-google-maps-xss-by-padding-with-protobuf-963ee0d9caff#. Qd4siqiac

[operation and maintenance security] improve the security of windows ad (3)

[forensic analysis] the WikiLeaks CIA dump shows hacking secrets of spies

[web security] EXIF analysis and utilization (I)

[operation and maintenance security] the way for enterprises in the financial industry to operate safely ᥼ biz = mzizmtaznzuxmq = = & mid = 2652876136 & IDX = 1 & Sn = da491605c5a7251f69170ca13f43a3ff & scene = 0 ᥼ wechat ᦆ redirect

[malicious analysis] WordPress Hacks: functions.php backdoors

[other] Microsoft Security Technology

[web security] the OEM version vulnerability of WiFi cam for wireless IP Camera affects more than 1250 models

[web security] development of an abnormal based web application firewall