Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

SWIFT related APT operation

November 25, 2019

SWIFT related APT operation

SWIFT related APT operation https://content.fireeye.com/apt/rpt-apt38 https://published-prd.lanyonevents.com/published/rsaap15.6381_ap18/sessionsFiles/4437/FLE-R09_Analysis%20of%20Cobalt%20Attacks%20on%20Financial%20Institutions-SWIFT,%20Processing,%20ATMs.pdf

November 25, 2019

Flan Scan:Cloudflare 开源轻量级网络漏洞扫描软件

Flan Scan:Cloudflare 开源轻量级网络漏洞扫描软件 https://nosec.org/home/detail/3212.html https://blog.cloudflare.com/introducing-flan-scan/

November 21, 2019

freebuf CIS 2019

https://cis.freebuf.com/

November 21, 2019

网络空间测绘

网络空间测绘 再谈 ZoomEye:打造世界领先网络空间测绘能力 https://mp.weixin.qq.com/s/A3-DdTQJI02gcsyCe20NAA 网络空间测绘的生与死(一) https://mp.weixin.qq.com/s/TWGUSmSaXc56KW9CzfPOCQ

November 19, 2019

FireEye Cyber Defense Summit 2019: Achievement Unlocked

FireEye Cyber Defense Summit 2019: Achievement Unlocked Chinese Cyber Espionage Evolves to Support Higher Level Missions cds19-executive-s08-achievement-unlocked.pdf

November 18, 2019

github 代码分析引擎 CodeQL

github 代码分析引擎 CodeQL https://paper.seebug.org/1078/

November 15, 2019

对 Nmap 的导出文件 (xml) 直接进行暴力破解

对 Nmap 的导出文件 (xml) 直接进行暴力破解 python brutespray -f nmap.xml https://github.com/x90skysn3k/brutespray/blob/master/brutespray.py#L274 直接用 nmap 导出的 xml 文件来开启爆破(后端调用medusa)的一个胶水脚本。 The Tool Box | BruteSpray Tool Demo – BruteSpray 数据库爆破 https://github.com/se55i0n/DBScanner 超级弱口令 https://github.com/shack2/SNETCracker

November 15, 2019

10 types of MySQL error-based sql injection

10 types of MySQL error-based sql injection 基本原理 在服务端会返回 MySQL 执行 SQL 时的错误信息的条件下可以构造报错注入来利用。 显然报错注入不是最方便的(利用SQL注入获取信息的)方式,但可能在某些情况下我们尝试用联合查询来获取数据时会遇到受阻的情况。 MySQL 报错注入利用的常见错误有以下几种: 1. BIGINT 等数据类型溢出 2. xpath 语法错误 3. concat+rand()+group_by() 导致主键重复 Type Storage Minimum Value Maximum Value   (Bytes) (Signed/Unsigned) (Signed/Unsigned) TINYINT 1 -128 127     0 255 SMALLINT 2 -32768 32767     0 65535 MEDIUMINT 3 -8388608 8388607 […]

November 12, 2019

CVE-2019-7238 Nexus Repository Manager 3 RCE 漏洞复现

CVE-2019-7238 Nexus Repository Manager 3 RCE 漏洞复现

November 11, 2019

leetcode 练习

leetcode 练习