November 25, 2019
How we found 5 0days in WordPress Simon Scannell, RIPS Technologies https://xzfile.aliyuncs.com/upload/affix/20191120153657-8840b7a2-0b68-1.pdf 拿WordPress开刀——点亮代码审计技能树(一) https://xz.aliyun.com/t/6805#toc-11
November 25, 2019
SWIFT related APT operation https://content.fireeye.com/apt/rpt-apt38 https://published-prd.lanyonevents.com/published/rsaap15.6381_ap18/sessionsFiles/4437/FLE-R09_Analysis%20of%20Cobalt%20Attacks%20on%20Financial%20Institutions-SWIFT,%20Processing,%20ATMs.pdf
November 25, 2019
Flan Scan:Cloudflare 开源轻量级网络漏洞扫描软件 https://nosec.org/home/detail/3212.html https://blog.cloudflare.com/introducing-flan-scan/
November 21, 2019
网络空间测绘 再谈 ZoomEye:打造世界领先网络空间测绘能力 https://mp.weixin.qq.com/s/A3-DdTQJI02gcsyCe20NAA 网络空间测绘的生与死(一) https://mp.weixin.qq.com/s/TWGUSmSaXc56KW9CzfPOCQ
November 19, 2019
FireEye Cyber Defense Summit 2019: Achievement Unlocked Chinese Cyber Espionage Evolves to Support Higher Level Missions cds19-executive-s08-achievement-unlocked.pdf
November 15, 2019
对 Nmap 的导出文件 (xml) 直接进行暴力破解 python brutespray -f nmap.xml https://github.com/x90skysn3k/brutespray/blob/master/brutespray.py#L274 直接用 nmap 导出的 xml 文件来开启爆破(后端调用medusa)的一个胶水脚本。 The Tool Box | BruteSpray Tool Demo – BruteSpray 数据库爆破 https://github.com/se55i0n/DBScanner 超级弱口令 https://github.com/shack2/SNETCracker
November 15, 2019
10 types of MySQL error-based sql injection 基本原理 在服务端会返回 MySQL 执行 SQL 时的错误信息的条件下可以构造报错注入来利用。 显然报错注入不是最方便的(利用SQL注入获取信息的)方式,但可能在某些情况下我们尝试用联合查询来获取数据时会遇到受阻的情况。 MySQL 报错注入利用的常见错误有以下几种: 1. BIGINT 等数据类型溢出 2. xpath 语法错误 3. concat+rand()+group_by() 导致主键重复 Type Storage Minimum Value Maximum Value (Bytes) (Signed/Unsigned) (Signed/Unsigned) TINYINT 1 -128 127 0 255 SMALLINT 2 -32768 32767 0 65535 MEDIUMINT 3 -8388608 8388607 […]
November 12, 2019
CVE-2019-7238 Nexus Repository Manager 3 RCE 漏洞复现