每日checklist(20.10.09-21.01.23)

本文最后更新于:4 个月前

记录了20201009-20210123之间看到的一些比较感兴趣的文章

尽量将该部分的文章一一清除,转化成为自己的知识。

2020.10.09

  • 1、记录如何寻找.init_array的,在IDA中

img

  • 2、如何下断点在.init_Array中?

https://zhuanlan.zhihu.com/p/30851148

  • 3、android CTF

https://www.52pojie.cn/thread-820158-1-1.html

其实一点都不简单,其实仔细看也挺简单的。有时间复现一下

  • 4、完整apk分析实战

https://paper.seebug.org/178/

  • 5、dex分析的CTF题目

https://www.52pojie.cn/forum.php?mod=viewthread&tid=1105062&extra=page%3D1%26filter%3Dtypeid%26typeid%3D345%26orderby%3Dlastpost

有时间好好理解一下这个玩意

2020.10.10

1、想办法解决一下JEB动态调试无法附加进程这个问题?感觉不是jeb软件的问题而是环境配置问题

2、重写小机器人项目,最近有一份新的开源机器人项目框架

部署一个自己的人工智障机器人 - SiHuan’s Blog

https://github.com/Mrs4s/go-cqhttp

然后打算重构我的爬虫脚本,完成之前没有完成的部分,打造一个二进制爬虫小机器人

项目策划:

①、学习这个机器人框架,打算做的更加有特色

②、增加更多的网站的爬虫

③、考虑增加机器人的互动特色——可以根据关键信息查询数据库的资料

④、打造备忘录提醒功能,可以根据用户自定义提醒

⑤、未完待续….

相关的项目设计细节放在石墨文档中

2020.10.19

前段时间都在培训,所以没有发现一些新的学习点

最近开始继续学习android安全这块

开始搭建android测试相关的环境和熟悉前面学过的内容

https://bbs.pediy.com/thread-262208.htm

这里是android APP安全评估手册

今天打算学习一下抓包分析这块,还有就是分析实战这块

2020.10.20

今天学习drozer这个安全测试框架的基本的搭建的使用,发现了一些比较好的资源

  • 1、安全手册

https://bbs.pediy.com/thread-262208.htm

  • 2、drozer使用

https://www.jianshu.com/p/dfa92bab3a55

https://blog.csdn.net/jianglianye21/article/details/80667346

https://jwt1399.top/posts/4946.html#toc-heading-9

https://www.dazhuanlan.com/2020/03/03/5e5e2d9d98dd0/

https://www.e-learn.cn/topic/3153010

https://www.secpulse.com/archives/76102.html

  • 3、drozer深入理解(源码分析)

https://bbs.pediy.com/thread-191148.htm

  • 4、利用drozer实战进行分析的,同时也是漏洞利用的

https://bbs.pediy.com/thread-261854.htm

  • 5、一个挑战的apk(frida hook)

https://bbs.pediy.com/thread-255361.htm

  • 6、android逆向博主

https://www.jianshu.com/u/3c33ff3bc61e

2020.11.06

  • 1、Android开发知识总结

https://www.kancloud.cn/alex_wsc/android/401651

2020.11.10

  • 1、Tcpdump抓包指南

https://juejin.im/post/6844904084168769549#heading-0

  • 2、解密tlsv.1.2协议

https://blog.csdn.net/wzj_whut/article/details/86626529

  • 3、Android的网络编程(okhttp3)

https://www.jianshu.com/p/2663ce3da0db

2020.11.12

  • 1、service的启动方式

https://www.jianshu.com/p/4c798c91a613

  • 2、okhttp3原理

https://juejin.im/post/6844903894926000141

  • 3、开发设计模式中的builder

https://www.jianshu.com/p/e0f9ab062573

https://juejin.im/post/6844903474673483784

https://www.jianshu.com/p/0adc46f457be

2020.11.13

  • 1、学习使用okhttp,便于逆向分析

https://square.github.io/okhttp/

https://www.jianshu.com/p/2388f4883120

2020.11.16

  • 1、学习service

https://blog.csdn.net/guolin_blog/article/details/11952435

https://blog.csdn.net/guolin_blog/article/details/9797169

  • 2、service详解

https://juejin.im/post/6844903781541347341#heading-6

https://juejin.im/post/6844903781931417614

  • 3、基于frida抓取okhttp流量

参考r0ysue的文章进行学习抓包

https://mp.weixin.qq.com/s?__biz=MzIzNzA4NDk3Nw==&mid=2457739888&idx=1&sn=96ca660c676543f235f9b4c8c088300e&chksm=ff448a2ec8330338ccacf61e13c74cf5fd6d69559935073d134bba57d58172abc789110302d7&scene=21#wechat_redirect

https://cloud.tencent.com/developer/article/1669631

  • 4、android 数据库

https://www.jianshu.com/p/5ac84e8497b5

android常用的数据库,可以分析实现一下

2020.11.17

  • 1、学习使用greenDao数据库的使用

https://www.cnblogs.com/Free-Thinker/p/10880219.html

https://andrewlcgu.github.io/2017/03/13/greenDAO-analysis/

https://www.jianshu.com/p/d9b25ed46c95

  • 2、本地拒绝服务漏洞

https://blogs.360.cn/post/android-app通用型拒绝服务漏洞分析报告.html

  • 3、android 常见的漏洞

https://bbs.pediy.com/thread-226791-1.htm

  • 4、android安全技术点小结

https://bbs.pediy.com/thread-257766.htm

2020.11.18

  • 1、android checklist android检测漏洞

https://github.com/guanchao/AndroidChecklist

https://github.com/M31N99/Mobile-Security-Checklist

  • 2、android漏洞

https://ayesawyer.github.io/2019/08/21/Android-App常见安全漏洞/

  • 3、activity组件导出实验

http://tea9.xyz/post/2970212528.html

  • 4、ContentProvider路径穿越漏洞

https://keenlab.tencent.com/zh/whitepapers/腾讯安全科恩实验室2018年Android应用安全白皮书.pdf

https://www.freebuf.com/articles/terminal/105857.html

http://01hackcode.com/wiki/7.3

https://mabin004.github.io/2019/04/15/Android-Download-Provider漏洞分析/

2020.11.19

  • 1、android socket实现

https://blog.csdn.net/DickyQie/article/details/80045639

https://lixiaogang03.github.io/2019/07/30/Android-Socket/

  • 2、分析socket攻击

https://www.ms509.com/2015/07/12/android-open-port/

2020.11.20

  • 1、ContentProvider开发相关

https://www.jianshu.com/p/ea8bc4aaf057

  • 2、Android Binder

https://www.jianshu.com/p/4ee3fd07da14

  • 3、利用app的漏洞

https://ayesawyer.github.io/2019/05/28/利用App中的漏洞/

  • 4、drozer工具测评

https://ayesawyer.github.io/2019/05/24/Android安全评估工具drozer/

2020.11.21

  • 1、如何动态调试android的动态注册函数

https://blog.csdn.net/yjjyxm/article/details/103256634

https://blog.csdn.net/pengyan0812/article/details/43991983

https://bbs.pediy.com/thread-258022.htm

2020.11.22

  • 1、OLLVM平坦化(android so)

https://bbs.pediy.com/thread-256299.htm

https://bbs.pediy.com/thread-217727.htm

https://bbs.pediy.com/thread-260507.htm

https://bbs.pediy.com/thread-259848.htm

https://bbs.pediy.com/thread-257878.htm

https://bbs.pediy.com/thread-252321.htm

https://www.anquanke.com/post/id/200744

https://www.anquanke.com/post/id/201459

2020.11.23

  • 1、webview跨域访问风险

http://www.nxadmin.com/mobile-sec/1657.html

https://blog.csdn.net/weixin_38031122/article/details/79287396

  • 2、webview中的javascript interface接口开放风险

https://www.freebuf.com/articles/terminal/201407.html

2020.11.24

  • 1、app渗透测试入门

http://blog.orleven.com/2017/06/22/android-base/

  • 2、android渗透测试学习app例子

https://codeengn.com/challenges/

2020.11.25

  • 1、js接口暴露

https://blog.csdn.net/u014132820/article/details/86671300

2020.11.28

  • 1、DEX-vmp技术

https://geneblue.github.io/2019/09/13/android/sec--android-dex-vmp/

  • 2、ssl 破除抓包

https://mabin004.github.io/2020/07/24/自动定位webview中的SLL-read和SSL-write/#more

  • 3、工具收集

https://mabin004.github.io/hint/

  • 4、webview白名单绕过

https://mabin004.github.io/2019/04/23/Android-WebView白名单绕过/

202.11.30

  • 1、工控安全

https://www.anquanke.com/member/141205

  • 2、TLSv1.2学习

https://www.anquanke.com/post/id/222627

2020.12.02

  • 1、逆向360浏览器,辅助红队

https://github.com/hayasec/360SafeBrowsergetpass

https://bbs.pediy.com/thread-263905.htm

2020.12.14

  • 1、off-by-one

http://d0m021ng.github.io/2017/03/01/PWN/Linux堆漏洞之off-by-one/

https://wizardforcel.gitbooks.io/sploitfun-linux-x86-exp-tut/content/3.html

http://www.peckerwood.top/post/off-by-one-heap-based/

2020.12.16

  • 1、三道IOT相关的pwn题目

https://mp.weixin.qq.com/s/x19DiiitMeAm5VAupqzfdg

https://www.anquanke.com/post/id/224972

2020.12.17

  • 1、联动调试插件

https://bbs.pediy.com/thread-252634.htm

2020.12.18

  • 1、物联网设备的协议栈漏洞

https://mp.weixin.qq.com/s/cnHk1RQiH4rLU2Mk3QMT7w

https://mp.weixin.qq.com/s?__biz=MzAwNTI1NDI3MQ==&mid=2649615617&idx=1&sn=b6df9ee2c5265ded1913b318cc241d90&scene=21#wechat_redirect

  • 2、IOT OWASP上的练习实例

https://github.com/OWASP/IoTGoat

2020.12.22

  • 1、Android内核提取并逆向分析

https://www.cnblogs.com/csnd/p/11800638.html

2020.12.23

  • 1、使用unicorn还原OLLVM算法

https://bbs.pediy.com/thread-264498.htm

  • 2、使用OLLVM加密

https://bbs.pediy.com/thread-264497.htm

  • 3、乐高加固分析

https://bbs.pediy.com/thread-264531.htm

  • 4、[PwnMonkey]海康萤石智能门锁的网关分析

https://www.52pojie.cn/thread-1255338-1-1.html

  • 5、binder漏洞CVE-2020-0041

https://www.anquanke.com/post/id/202385

2020.12.26

  • 1、CVE-2020-0423 android内核提权漏洞分析

https://bbs.pediy.com/thread-264616.htm

2021.01.04

  • 1、CVE-2019-2215 Android的漏洞

https://bbs.pediy.com/thread-264932.htm

  • 2、Android PWN

https://www.anquanke.com/post/id/204393#h2-7

2021.01.05

  • 1、对端口的探查

https://www.ms509.com/2015/07/12/android-open-port/

  • 2、再次看一下这篇

https://bbs.pediy.com/thread-257766.htm

2021.01.06

  • 1、OLLVM去混淆

https://bbs.pediy.com/thread-264980.htm

https://bbs.pediy.com/thread-264981.htm

  • 2、frida fuzz技术

http://riusksk.me/2019/11/30/Frida框架在Fuzzing中的应用/

  • 3、android逻辑漏洞半自动挖掘

http://riusksk.me/2019/11/02/Jandroid:半自动化Android应用逻辑漏洞挖掘/

  • 4、fuzz技术汇总

https://github.com/secfigo/Awesome-Fuzzing

http://riusksk.me/2019/07/14/一些值得学习的Fuzzer开源项目/

2021.01.07

  • 1、OLLVM混淆

https://bbs.pediy.com/thread-265026.htm

  • 2、QEMU逃逸

https://www.anquanke.com/post/id/227283

  • 3、QEMU源码分析

https://www.anquanke.com/post/id/224571

2021.01.12

  • 1、一个算法分析的apk

https://bbs.pediy.com/thread-265172.htm

2021.01.13

  • 1、android下通过UID值查看用户

https://www.jianshu.com/p/b33dd49f2ae6

  • 2、android系统目录结构

https://www.jianshu.com/p/d4efc73c155e

https://juejin.cn/post/6844904013515718664

  • 3、OTA升级或者recovery升级

https://www.freebuf.com/vuls/135315.html

https://zhuanlan.zhihu.com/p/70377497

https://www.xiezeyang.com/2018/10/05/Framework/Framework层Recovery浅析/

https://juejin.cn/post/6844903783172931597

  • 4、android系统升级OTA的专题

https://chendongqi.me/2018/12/11/SystemUpgradeOverView/

该博客写的挺好的

  • 5、android IPC通信 binder

https://www.jianshu.com/p/36b488863bc0

2021.01.14

  • 1、MQTT IOT协议

http://www.steves-internet-guide.com/mqtt-works/

https://medium.com/@gaikwadchetan93/android-real-time-communication-using-mqtt-9ea42551475d

https://android.jlelse.eu/about-the-mqtt-protocol-for-iot-on-android-efb4973577b

  • 2、OTA源码分析

https://blog.csdn.net/wzy_1988/article/details/46862247

https://blog.csdn.net/csdn66_2016/category_6762933.html

2021.01.15

  • 1、对flutter抓包

https://bbs.pediy.com/thread-261941.htm

2021.01.18

  • 1、android中的加密与解密

https://bbs.pediy.com/thread-265350.htm

  • 2、MQTT协议安全

https://www.anquanke.com/post/id/212335

2021.01.19

  • 1、车联网案例分析

https://mp.weixin.qq.com/s/Z8MHFHu-tgN6rIepEjm3tg

  • 2、RSA做签名验证

https://juejin.cn/post/6869682500453695496

https://zhuanlan.zhihu.com/p/59999022

https://developer.aliyun.com/article/260055

  • 3、android app 突破双边认证

https://bbs.pediy.com/thread-265404.htm

  • 4、JEB工具的脚本开发

https://www.anquanke.com/post/id/228981

2021.01.20

  • 1、查看系统架构的方法

https://www.sysgeek.cn/find-out-linux-system-32-or-64-bit/

  • 2、android adb源码分析

https://www.jianshu.com/p/a47e1c90b9bf

  • 3、protobuf 协议

https://zhuanlan.zhihu.com/p/141415216

https://www.jianshu.com/p/bf515a264085

2021.01.21

  • 1、Frida Android hook

https://eternalsakura13.com/2020/07/04/frida/

  • 2、Linux下的防火墙

https://blog.konghy.cn/2019/07/21/iptables/

https://juejin.cn/post/6844903865146425351

3、CAN总线逆向

https://bacde.me/post/hacking-all-the-cars-can-bus-reverse/

2021.01.22

  • 1、android抓包通杀实战

https://www.anquanke.com/post/id/228709

工控安全移植过来的

  • 1、工控安全入门

https://www.freebuf.com/articles/ics-articles/220302.html

  • 2、工控安全系列文章

https://www.freebuf.com/author/VllTomFord?type=article

  • 3、工控安全协议系列

https://www.anquanke.com/member/141205

  • 4、物联网安全系列之探索IoT通信安全的研究之道

https://security.tencent.com/index.php/blog/msg/171

  • 5、工控安全相关的比赛

https://xz.aliyun.com/t/5960#toc-5

https://xz.aliyun.com/t/6445

可以关注工业信息安全技能大赛,会出现大量与工业有关的CTF赛题

  • 6、移植freeRTOS

https://www.cnblogs.com/zc110747/default.html?page=1

2021.01.23

  • 1、QEMU逃逸初探

https://bbs.pediy.com/thread-265501.htm

2021.01.24

  • 1、特斯拉 NFC 中继攻击(CVE-2020-15912)

https://www.anquanke.com/post/id/213885

  • 2、获取固件的9中方法

https://bbs.pediy.com/thread-230095.htm

3、发现一个搜集的比较全的android安全

https://github.com/alphaSeclab/android-security

  • 4、urlscheme风险分析

https://www.jianshu.com/p/7b09cbac1df4

http://01hackcode.com/wiki/7.7

https://xz.aliyun.com/t/3233

2021.01.25

  • 1、gdbserver

mips gdbserver

https://github.com/rapid7/embedded-tools

arm 32 gdbserver

https://github.com/marcinguy/arm-gdb-static

  • 2、radare2的入门

https://bbs.pediy.com/thread-229522.htm

  • 3、ROPEmporium全解

https://bbs.pediy.com/thread-256914.htm

  • 4、gdb调试的原理

https://zhuanlan.zhihu.com/p/336922639

  • 5、IPC通信

http://abcdxyzk.github.io/blog/2015/02/09/kernel-mm-shm3/

  • 6、Protobuf 协议安全测试

https://mp.weixin.qq.com/s?__biz=MzAwMjg1NTI2Nw==&mid=503036373&idx=1&sn=3513ec150ddc9fb1d7cab116939062d6&chksm=02cb01d935bc88cfab6d7cafc84593a2ea3b3683cdab91a90c2dbda6011f0e316edf44999c01

  • 7、序列化与反序列化

https://tech.meituan.com/2015/02/26/serialization-vs-deserialization.html

2021.01.26

  • 1、Linux下的路由和防火墙规则

https://www.cnblogs.com/sunsky303/p/10859356.html

  • 2、ifconfig解析

https://www.jianshu.com/p/82ae15b9420b

  • 3、iptables防火墙相关的配置

https://www.jianshu.com/p/2312dd32361a

  • 4、解决执行缺库问题的三种方法

实测第二种方案成功率非常高,但是修改并不是永久有效的。

https://www.cnblogs.com/the-tops/p/8810698.html

2021.01.27

  • 1、ip rule 命令

https://blog.csdn.net/mergerly/article/details/28918081

  • 2、IOT-STM32逆向

https://www.anquanke.com/post/id/229321

https://xuanxuanblingbling.github.io/iot/2020/07/08/stm32/

  • 3、dm-verity保护(安全启动)

https://evilpan.com/2020/11/14/android-secure-boot/

https://www.xiezeyang.com/2019/10/20/Security/AndroidVerifiedBoot概述/

https://blog.omitol.com/2017/09/30/Bypass-QCOM-Secure-Boot/

  • 4、内网穿透工具配置

https://github.com/creaktive/tsh

https://github.com/stilleshan/frpc

2021.01.28

  • 1、android渗透测试中的https

https://xz.aliyun.com/t/8047

  • 2、BLE(低功率蓝牙)安全性能分析

https://xuanxuanblingbling.github.io/wireless/ble/2018/08/01/ble/

https://www.anquanke.com/post/id/168116

http://jdhblog.com/2019/05/14/BLE安全机制从入门到放弃/

https://www.anquanke.com/post/id/166746

http://www.wireghost.cn/2016/07/25/低功耗蓝牙(BLE)安全初探/

  • 3、解决UBubntu下无法使用adb的方法

https://blog.csdn.net/freezingxu/article/details/80893025

2021.01.29

  • 1、xposed下hook蓝牙函数抓蓝牙数据

https://blog.csdn.net/wangbf_java/article/details/85350130

  • 2、frida操作手册

https://github.com/hookmaster/frida-all-in-one

  • 3、android HCI log详解

https://www.jianshu.com/p/73f7366161d1

2021.01.30

  • 1、OWASP安卓测试指南

https://bbs.pediy.com/thread-260849.htm

  • 2、CVE-2020-12351:Linux蓝牙模块拒绝服务漏洞分析

https://bbs.pediy.com/thread-265744.htm

  • 3、蓝牙设备侦查方案

https://cloud.tencent.com/developer/article/1169531

  • 4、Ubertooth One 使用系列 (一) — 破解蓝牙锁

https://yaseng.org/ubertoothone-1.html

2021.02.02

  • 1、BLE-mash技术

http://doc.iotxx.com/BLE-Mesh技术揭秘

  • 2、低功耗蓝牙ATT/GATT/Profile/Service/Characteristic规格解读

https://www.cnblogs.com/iini/p/12334646.html

  • 3、蓝牙漏洞

https://github.com/engn33r/awesome-bluetooth-security#notable_vulnerabilities

  • 4、BLE-Mesh技术揭秘

http://doc.iotxx.com/BLE-Mesh技术揭秘

2021.02.03

  • 1、关于汽车的CAN总线相关的系列文章

https://www.zhihu.com/people/hu-zhen-69-33/posts?page=1

  • 2、CVE-2020-24581 D-Link DSL-2888A 远程命令执行漏洞分析

https://www.anquanke.com/post/id/229323

2021.02.04

  • 1、物联网协议相关的文档

http://doc.iotxx.com/首页

  • 2、Mips架构下漏洞分析入门

https://www.anquanke.com/post/id/230259

2021.02.05

  • 1、android系统架构

https://nocbtm.github.io/2020/01/12/Android kernel 入门/#Android-系统架构

  • 2、android的Linux内核提取

https://geneblue.github.io/2016/07/12/android/sec--get-kernel-file-from-android-devices/

https://www.cnblogs.com/gm-201705/p/9863974.html

2021.02.07

  • 1、逆向中的hash算法和对称加密

https://bbs.pediy.com/thread-265939.htm

2021.02.20

  • 1、利用angr符号执行去除虚假控制流

https://bbs.pediy.com/thread-266005.htm

  • 2、基于LLVM Pass实现控制流平坦化

https://bbs.pediy.com/thread-266082.htm

2021.02.22

  • 1、NAS认证前RCE漏洞分析与利用(IOT)

https://xz.aliyun.com/t/9169

  • 2、xposed、root检测

https://bbs.pediy.com/thread-266108.htm

2021.02.24

  • 1、17种native反调试

https://bbs.pediy.com/thread-223460.htm

  • 2、android NDk & 小壳入门

https://bbs.pediy.com/thread-212071.htm

  • 3、逆向分析反调试+OLLVM混淆

https://bbs.pediy.com/thread-266144.htm

  • 4、angr入门到精通系列

https://www.anquanke.com/member/143126

  • 5、GDB原理

https://bbs.pediy.com/thread-265599.htm

  • 6、IDA调试android so的10个技巧

https://bbs.pediy.com/thread-221876.htm

2021.02.25

  • 1、学习IDA 脚本使用和编写

2021.02.26

  • 1、芯片固件逆向系列

https://xz.aliyun.com/t/9185

2021.02.28

  • 1、数字猫小说阅读软件分析

https://bbs.pediy.com/thread-266195.htm

  • 2、Android内核提权漏洞CVE-2019-2215 Binder UAF

https://bbs.pediy.com/thread-266198.htm

2021.03.01

  • 1、frida实战小蜜蜂加速器破解vip功能

https://bbs.pediy.com/thread-266185.htm

  • 2、固件分析与比较开源项目

https://github.com/fkie-cad/FACT_core

2021.03.02

  • 1、一种通用超简单的Android Java Native方法Hook

https://bbs.pediy.com/thread-266238.htm

  • 2、梆梆加固简单分析

https://bbs.pediy.com/thread-266247.htm

2021.03,03

  • 1、bluetooth_stack开源蓝牙协议栈源码分析与漏洞挖掘

https://xz.aliyun.com/t/9205

2021.03.05

  • 1、Linux沙箱入门

https://www.anquanke.com/post/id/231078

  • 2、IOT设备漏洞复现到固件后门植入

https://www.anquanke.com/post/id/232845

2021.03.08

  • 1、酒仙app逆向分析

https://bbs.pediy.com/thread-266240.htm

2021.03.09

https://www.zsythink.net/archives/category/运维相关/iptables/page/2

2021.03.10

  • 1、Teanda路由器CVE分析

https://www.anquanke.com/post/id/231445

  • 2、思科RV110W CVE-2020-3331漏洞调试与iot靶场搭建

https://www.anquanke.com/post/id/233859

  • 3、记一次unicorn半自动化逆向——还原某东sign算法

https://bbs.pediy.com/thread-266377.htm

  • 4、steam令牌算法分析

https://bbs.pediy.com/thread-266366.htm

  • 5、某电商App Sign签名算法解析 内部类的Hook

http://91fans.com.cn/post/dsbuysignone/

2021.03.22

  • 1、Android加壳过程中mprotect调用失败的原因及解决方案

https://bbs.pediy.com/thread-266527.htm

2021.03.23

  • 1、Android内核提权漏洞CVE-2019-2215 Binder UAF

https://bbs.pediy.com/thread-266198.htm