每日checklist(20.10.09-21.01.23)
记录了20201009-20210123之间看到的一些比较感兴趣的文章
尽量将该部分的文章一一清除,转化成为自己的知识。
2020.10.09
- 1、记录如何寻找.init_array的,在IDA中
- 2、如何下断点在.init_Array中?
https://zhuanlan.zhihu.com/p/30851148
- 3、android CTF
https://www.52pojie.cn/thread-820158-1-1.html
其实一点都不简单,其实仔细看也挺简单的。有时间复现一下
- 4、完整apk分析实战
- 5、dex分析的CTF题目
有时间好好理解一下这个玩意
2020.10.10
1、想办法解决一下JEB动态调试无法附加进程这个问题?感觉不是jeb软件的问题而是环境配置问题
2、重写小机器人项目,最近有一份新的开源机器人项目框架
部署一个自己的人工智障机器人 - SiHuan’s Blog
https://github.com/Mrs4s/go-cqhttp
然后打算重构我的爬虫脚本,完成之前没有完成的部分,打造一个二进制爬虫小机器人
项目策划:
①、学习这个机器人框架,打算做的更加有特色
②、增加更多的网站的爬虫
③、考虑增加机器人的互动特色——可以根据关键信息查询数据库的资料
④、打造备忘录提醒功能,可以根据用户自定义提醒
⑤、未完待续….
相关的项目设计细节放在石墨文档中
2020.10.19
前段时间都在培训,所以没有发现一些新的学习点
最近开始继续学习android安全这块
开始搭建android测试相关的环境和熟悉前面学过的内容
https://bbs.pediy.com/thread-262208.htm
这里是android APP安全评估手册
今天打算学习一下抓包分析这块,还有就是分析实战这块
2020.10.20
今天学习drozer这个安全测试框架的基本的搭建的使用,发现了一些比较好的资源
- 1、安全手册
https://bbs.pediy.com/thread-262208.htm
- 2、drozer使用
https://www.jianshu.com/p/dfa92bab3a55
https://blog.csdn.net/jianglianye21/article/details/80667346
https://jwt1399.top/posts/4946.html#toc-heading-9
https://www.dazhuanlan.com/2020/03/03/5e5e2d9d98dd0/
https://www.e-learn.cn/topic/3153010
https://www.secpulse.com/archives/76102.html
- 3、drozer深入理解(源码分析)
https://bbs.pediy.com/thread-191148.htm
- 4、利用drozer实战进行分析的,同时也是漏洞利用的
https://bbs.pediy.com/thread-261854.htm
- 5、一个挑战的apk(frida hook)
https://bbs.pediy.com/thread-255361.htm
- 6、android逆向博主
https://www.jianshu.com/u/3c33ff3bc61e
2020.11.06
- 1、Android开发知识总结
https://www.kancloud.cn/alex_wsc/android/401651
2020.11.10
- 1、Tcpdump抓包指南
https://juejin.im/post/6844904084168769549#heading-0
- 2、解密tlsv.1.2协议
https://blog.csdn.net/wzj_whut/article/details/86626529
- 3、Android的网络编程(okhttp3)
https://www.jianshu.com/p/2663ce3da0db
2020.11.12
- 1、service的启动方式
https://www.jianshu.com/p/4c798c91a613
- 2、okhttp3原理
https://juejin.im/post/6844903894926000141
- 3、开发设计模式中的builder
https://www.jianshu.com/p/e0f9ab062573
https://juejin.im/post/6844903474673483784
https://www.jianshu.com/p/0adc46f457be
2020.11.13
- 1、学习使用okhttp,便于逆向分析
https://square.github.io/okhttp/
https://www.jianshu.com/p/2388f4883120
2020.11.16
- 1、学习service
https://blog.csdn.net/guolin_blog/article/details/11952435
https://blog.csdn.net/guolin_blog/article/details/9797169
- 2、service详解
https://juejin.im/post/6844903781541347341#heading-6
https://juejin.im/post/6844903781931417614
- 3、基于frida抓取okhttp流量
参考r0ysue的文章进行学习抓包
https://cloud.tencent.com/developer/article/1669631
- 4、android 数据库
https://www.jianshu.com/p/5ac84e8497b5
android常用的数据库,可以分析实现一下
2020.11.17
- 1、学习使用greenDao数据库的使用
https://www.cnblogs.com/Free-Thinker/p/10880219.html
https://andrewlcgu.github.io/2017/03/13/greenDAO-analysis/
https://www.jianshu.com/p/d9b25ed46c95
- 2、本地拒绝服务漏洞
https://blogs.360.cn/post/android-app通用型拒绝服务漏洞分析报告.html
- 3、android 常见的漏洞
https://bbs.pediy.com/thread-226791-1.htm
- 4、android安全技术点小结
https://bbs.pediy.com/thread-257766.htm
2020.11.18
- 1、android checklist android检测漏洞
https://github.com/guanchao/AndroidChecklist
https://github.com/M31N99/Mobile-Security-Checklist
- 2、android漏洞
https://ayesawyer.github.io/2019/08/21/Android-App常见安全漏洞/
- 3、activity组件导出实验
http://tea9.xyz/post/2970212528.html
- 4、ContentProvider路径穿越漏洞
https://keenlab.tencent.com/zh/whitepapers/腾讯安全科恩实验室2018年Android应用安全白皮书.pdf
https://www.freebuf.com/articles/terminal/105857.html
http://01hackcode.com/wiki/7.3
https://mabin004.github.io/2019/04/15/Android-Download-Provider漏洞分析/
2020.11.19
- 1、android socket实现
https://blog.csdn.net/DickyQie/article/details/80045639
https://lixiaogang03.github.io/2019/07/30/Android-Socket/
- 2、分析socket攻击
https://www.ms509.com/2015/07/12/android-open-port/
2020.11.20
- 1、ContentProvider开发相关
https://www.jianshu.com/p/ea8bc4aaf057
- 2、Android Binder
https://www.jianshu.com/p/4ee3fd07da14
- 3、利用app的漏洞
https://ayesawyer.github.io/2019/05/28/利用App中的漏洞/
- 4、drozer工具测评
https://ayesawyer.github.io/2019/05/24/Android安全评估工具drozer/
2020.11.21
- 1、如何动态调试android的动态注册函数
https://blog.csdn.net/yjjyxm/article/details/103256634
https://blog.csdn.net/pengyan0812/article/details/43991983
https://bbs.pediy.com/thread-258022.htm
2020.11.22
- 1、OLLVM平坦化(android so)
https://bbs.pediy.com/thread-256299.htm
https://bbs.pediy.com/thread-217727.htm
https://bbs.pediy.com/thread-260507.htm
https://bbs.pediy.com/thread-259848.htm
https://bbs.pediy.com/thread-257878.htm
https://bbs.pediy.com/thread-252321.htm
https://www.anquanke.com/post/id/200744
https://www.anquanke.com/post/id/201459
2020.11.23
- 1、webview跨域访问风险
http://www.nxadmin.com/mobile-sec/1657.html
https://blog.csdn.net/weixin_38031122/article/details/79287396
- 2、webview中的javascript interface接口开放风险
https://www.freebuf.com/articles/terminal/201407.html
2020.11.24
- 1、app渗透测试入门
http://blog.orleven.com/2017/06/22/android-base/
- 2、android渗透测试学习app例子
https://codeengn.com/challenges/
2020.11.25
- 1、js接口暴露
https://blog.csdn.net/u014132820/article/details/86671300
2020.11.28
- 1、DEX-vmp技术
https://geneblue.github.io/2019/09/13/android/sec--android-dex-vmp/
- 2、ssl 破除抓包
https://mabin004.github.io/2020/07/24/自动定位webview中的SLL-read和SSL-write/#more
- 3、工具收集
https://mabin004.github.io/hint/
- 4、webview白名单绕过
https://mabin004.github.io/2019/04/23/Android-WebView白名单绕过/
202.11.30
- 1、工控安全
https://www.anquanke.com/member/141205
- 2、TLSv1.2学习
https://www.anquanke.com/post/id/222627
2020.12.02
- 1、逆向360浏览器,辅助红队
https://github.com/hayasec/360SafeBrowsergetpass
https://bbs.pediy.com/thread-263905.htm
2020.12.14
- 1、off-by-one
http://d0m021ng.github.io/2017/03/01/PWN/Linux堆漏洞之off-by-one/
https://wizardforcel.gitbooks.io/sploitfun-linux-x86-exp-tut/content/3.html
http://www.peckerwood.top/post/off-by-one-heap-based/
2020.12.16
- 1、三道IOT相关的pwn题目
https://mp.weixin.qq.com/s/x19DiiitMeAm5VAupqzfdg
https://www.anquanke.com/post/id/224972
2020.12.17
- 1、联动调试插件
https://bbs.pediy.com/thread-252634.htm
2020.12.18
- 1、物联网设备的协议栈漏洞
https://mp.weixin.qq.com/s/cnHk1RQiH4rLU2Mk3QMT7w
- 2、IOT OWASP上的练习实例
https://github.com/OWASP/IoTGoat
2020.12.22
- 1、Android内核提取并逆向分析
https://www.cnblogs.com/csnd/p/11800638.html
2020.12.23
- 1、使用unicorn还原OLLVM算法
https://bbs.pediy.com/thread-264498.htm
- 2、使用OLLVM加密
https://bbs.pediy.com/thread-264497.htm
- 3、乐高加固分析
https://bbs.pediy.com/thread-264531.htm
- 4、[PwnMonkey]海康萤石智能门锁的网关分析
https://www.52pojie.cn/thread-1255338-1-1.html
- 5、binder漏洞CVE-2020-0041
https://www.anquanke.com/post/id/202385
2020.12.26
- 1、CVE-2020-0423 android内核提权漏洞分析
https://bbs.pediy.com/thread-264616.htm
2021.01.04
- 1、CVE-2019-2215 Android的漏洞
https://bbs.pediy.com/thread-264932.htm
- 2、Android PWN
https://www.anquanke.com/post/id/204393#h2-7
2021.01.05
- 1、对端口的探查
https://www.ms509.com/2015/07/12/android-open-port/
- 2、再次看一下这篇
https://bbs.pediy.com/thread-257766.htm
2021.01.06
- 1、OLLVM去混淆
https://bbs.pediy.com/thread-264980.htm
https://bbs.pediy.com/thread-264981.htm
- 2、frida fuzz技术
http://riusksk.me/2019/11/30/Frida框架在Fuzzing中的应用/
- 3、android逻辑漏洞半自动挖掘
http://riusksk.me/2019/11/02/Jandroid:半自动化Android应用逻辑漏洞挖掘/
- 4、fuzz技术汇总
https://github.com/secfigo/Awesome-Fuzzing
http://riusksk.me/2019/07/14/一些值得学习的Fuzzer开源项目/
2021.01.07
- 1、OLLVM混淆
https://bbs.pediy.com/thread-265026.htm
- 2、QEMU逃逸
https://www.anquanke.com/post/id/227283
- 3、QEMU源码分析
https://www.anquanke.com/post/id/224571
2021.01.12
- 1、一个算法分析的apk
https://bbs.pediy.com/thread-265172.htm
2021.01.13
- 1、android下通过UID值查看用户
https://www.jianshu.com/p/b33dd49f2ae6
- 2、android系统目录结构
https://www.jianshu.com/p/d4efc73c155e
https://juejin.cn/post/6844904013515718664
- 3、OTA升级或者recovery升级
https://www.freebuf.com/vuls/135315.html
https://zhuanlan.zhihu.com/p/70377497
https://www.xiezeyang.com/2018/10/05/Framework/Framework层Recovery浅析/
https://juejin.cn/post/6844903783172931597
- 4、android系统升级OTA的专题
https://chendongqi.me/2018/12/11/SystemUpgradeOverView/
该博客写的挺好的
- 5、android IPC通信 binder
https://www.jianshu.com/p/36b488863bc0
2021.01.14
- 1、MQTT IOT协议
http://www.steves-internet-guide.com/mqtt-works/
https://medium.com/@gaikwadchetan93/android-real-time-communication-using-mqtt-9ea42551475d
https://android.jlelse.eu/about-the-mqtt-protocol-for-iot-on-android-efb4973577b
- 2、OTA源码分析
https://blog.csdn.net/wzy_1988/article/details/46862247
https://blog.csdn.net/csdn66_2016/category_6762933.html
2021.01.15
- 1、对flutter抓包
https://bbs.pediy.com/thread-261941.htm
2021.01.18
- 1、android中的加密与解密
https://bbs.pediy.com/thread-265350.htm
- 2、MQTT协议安全
https://www.anquanke.com/post/id/212335
2021.01.19
- 1、车联网案例分析
https://mp.weixin.qq.com/s/Z8MHFHu-tgN6rIepEjm3tg
- 2、RSA做签名验证
https://juejin.cn/post/6869682500453695496
https://zhuanlan.zhihu.com/p/59999022
https://developer.aliyun.com/article/260055
- 3、android app 突破双边认证
https://bbs.pediy.com/thread-265404.htm
- 4、JEB工具的脚本开发
https://www.anquanke.com/post/id/228981
2021.01.20
- 1、查看系统架构的方法
https://www.sysgeek.cn/find-out-linux-system-32-or-64-bit/
- 2、android adb源码分析
https://www.jianshu.com/p/a47e1c90b9bf
- 3、protobuf 协议
https://zhuanlan.zhihu.com/p/141415216
https://www.jianshu.com/p/bf515a264085
2021.01.21
- 1、Frida Android hook
https://eternalsakura13.com/2020/07/04/frida/
- 2、Linux下的防火墙
https://blog.konghy.cn/2019/07/21/iptables/
https://juejin.cn/post/6844903865146425351
3、CAN总线逆向
https://bacde.me/post/hacking-all-the-cars-can-bus-reverse/
2021.01.22
- 1、android抓包通杀实战
https://www.anquanke.com/post/id/228709
工控安全移植过来的
- 1、工控安全入门
https://www.freebuf.com/articles/ics-articles/220302.html
- 2、工控安全系列文章
https://www.freebuf.com/author/VllTomFord?type=article
- 3、工控安全协议系列
https://www.anquanke.com/member/141205
- 4、物联网安全系列之探索IoT通信安全的研究之道
https://security.tencent.com/index.php/blog/msg/171
- 5、工控安全相关的比赛
https://xz.aliyun.com/t/5960#toc-5
可以关注工业信息安全技能大赛,会出现大量与工业有关的CTF赛题
- 6、移植freeRTOS
https://www.cnblogs.com/zc110747/default.html?page=1
2021.01.23
- 1、QEMU逃逸初探
https://bbs.pediy.com/thread-265501.htm
2021.01.24
- 1、特斯拉 NFC 中继攻击(CVE-2020-15912)
https://www.anquanke.com/post/id/213885
- 2、获取固件的9中方法
https://bbs.pediy.com/thread-230095.htm
3、发现一个搜集的比较全的android安全
https://github.com/alphaSeclab/android-security
- 4、urlscheme风险分析
https://www.jianshu.com/p/7b09cbac1df4
http://01hackcode.com/wiki/7.7
2021.01.25
- 1、gdbserver
mips gdbserver
https://github.com/rapid7/embedded-tools
arm 32 gdbserver
https://github.com/marcinguy/arm-gdb-static
- 2、radare2的入门
https://bbs.pediy.com/thread-229522.htm
- 3、ROPEmporium全解
https://bbs.pediy.com/thread-256914.htm
- 4、gdb调试的原理
https://zhuanlan.zhihu.com/p/336922639
- 5、IPC通信
http://abcdxyzk.github.io/blog/2015/02/09/kernel-mm-shm3/
- 6、Protobuf 协议安全测试
- 7、序列化与反序列化
https://tech.meituan.com/2015/02/26/serialization-vs-deserialization.html
2021.01.26
- 1、Linux下的路由和防火墙规则
https://www.cnblogs.com/sunsky303/p/10859356.html
- 2、ifconfig解析
https://www.jianshu.com/p/82ae15b9420b
- 3、iptables防火墙相关的配置
https://www.jianshu.com/p/2312dd32361a
- 4、解决执行缺库问题的三种方法
实测第二种方案成功率非常高,但是修改并不是永久有效的。
https://www.cnblogs.com/the-tops/p/8810698.html
2021.01.27
- 1、ip rule 命令
https://blog.csdn.net/mergerly/article/details/28918081
- 2、IOT-STM32逆向
https://www.anquanke.com/post/id/229321
https://xuanxuanblingbling.github.io/iot/2020/07/08/stm32/
- 3、dm-verity保护(安全启动)
https://evilpan.com/2020/11/14/android-secure-boot/
https://www.xiezeyang.com/2019/10/20/Security/AndroidVerifiedBoot概述/
https://blog.omitol.com/2017/09/30/Bypass-QCOM-Secure-Boot/
- 4、内网穿透工具配置
https://github.com/creaktive/tsh
https://github.com/stilleshan/frpc
2021.01.28
- 1、android渗透测试中的https
- 2、BLE(低功率蓝牙)安全性能分析
https://xuanxuanblingbling.github.io/wireless/ble/2018/08/01/ble/
https://www.anquanke.com/post/id/168116
http://jdhblog.com/2019/05/14/BLE安全机制从入门到放弃/
https://www.anquanke.com/post/id/166746
http://www.wireghost.cn/2016/07/25/低功耗蓝牙(BLE)安全初探/
- 3、解决UBubntu下无法使用adb的方法
https://blog.csdn.net/freezingxu/article/details/80893025
2021.01.29
- 1、xposed下hook蓝牙函数抓蓝牙数据
https://blog.csdn.net/wangbf_java/article/details/85350130
- 2、frida操作手册
https://github.com/hookmaster/frida-all-in-one
- 3、android HCI log详解
https://www.jianshu.com/p/73f7366161d1
2021.01.30
- 1、OWASP安卓测试指南
https://bbs.pediy.com/thread-260849.htm
- 2、CVE-2020-12351:Linux蓝牙模块拒绝服务漏洞分析
https://bbs.pediy.com/thread-265744.htm
- 3、蓝牙设备侦查方案
https://cloud.tencent.com/developer/article/1169531
- 4、Ubertooth One 使用系列 (一) — 破解蓝牙锁
https://yaseng.org/ubertoothone-1.html
2021.02.02
- 1、BLE-mash技术
http://doc.iotxx.com/BLE-Mesh技术揭秘
- 2、低功耗蓝牙ATT/GATT/Profile/Service/Characteristic规格解读
https://www.cnblogs.com/iini/p/12334646.html
- 3、蓝牙漏洞
https://github.com/engn33r/awesome-bluetooth-security#notable_vulnerabilities
- 4、BLE-Mesh技术揭秘
http://doc.iotxx.com/BLE-Mesh技术揭秘
2021.02.03
- 1、关于汽车的CAN总线相关的系列文章
https://www.zhihu.com/people/hu-zhen-69-33/posts?page=1
- 2、CVE-2020-24581 D-Link DSL-2888A 远程命令执行漏洞分析
https://www.anquanke.com/post/id/229323
2021.02.04
- 1、物联网协议相关的文档
- 2、Mips架构下漏洞分析入门
https://www.anquanke.com/post/id/230259
2021.02.05
- 1、android系统架构
https://nocbtm.github.io/2020/01/12/Android kernel 入门/#Android-系统架构
- 2、android的Linux内核提取
https://geneblue.github.io/2016/07/12/android/sec--get-kernel-file-from-android-devices/
https://www.cnblogs.com/gm-201705/p/9863974.html
2021.02.07
- 1、逆向中的hash算法和对称加密
https://bbs.pediy.com/thread-265939.htm
2021.02.20
- 1、利用angr符号执行去除虚假控制流
https://bbs.pediy.com/thread-266005.htm
- 2、基于LLVM Pass实现控制流平坦化
https://bbs.pediy.com/thread-266082.htm
2021.02.22
- 1、NAS认证前RCE漏洞分析与利用(IOT)
- 2、xposed、root检测
https://bbs.pediy.com/thread-266108.htm
2021.02.24
- 1、17种native反调试
https://bbs.pediy.com/thread-223460.htm
- 2、android NDk & 小壳入门
https://bbs.pediy.com/thread-212071.htm
- 3、逆向分析反调试+OLLVM混淆
https://bbs.pediy.com/thread-266144.htm
- 4、angr入门到精通系列
https://www.anquanke.com/member/143126
- 5、GDB原理
https://bbs.pediy.com/thread-265599.htm
- 6、IDA调试android so的10个技巧
https://bbs.pediy.com/thread-221876.htm
2021.02.25
- 1、学习IDA 脚本使用和编写
2021.02.26
- 1、芯片固件逆向系列
2021.02.28
- 1、数字猫小说阅读软件分析
https://bbs.pediy.com/thread-266195.htm
- 2、Android内核提权漏洞CVE-2019-2215 Binder UAF
https://bbs.pediy.com/thread-266198.htm
2021.03.01
- 1、frida实战小蜜蜂加速器破解vip功能
https://bbs.pediy.com/thread-266185.htm
- 2、固件分析与比较开源项目
https://github.com/fkie-cad/FACT_core
2021.03.02
- 1、一种通用超简单的Android Java Native方法Hook
https://bbs.pediy.com/thread-266238.htm
- 2、梆梆加固简单分析
https://bbs.pediy.com/thread-266247.htm
2021.03,03
- 1、bluetooth_stack开源蓝牙协议栈源码分析与漏洞挖掘
2021.03.05
- 1、Linux沙箱入门
https://www.anquanke.com/post/id/231078
- 2、IOT设备漏洞复现到固件后门植入
https://www.anquanke.com/post/id/232845
2021.03.08
- 1、酒仙app逆向分析
https://bbs.pediy.com/thread-266240.htm
2021.03.09
https://www.zsythink.net/archives/category/运维相关/iptables/page/2
2021.03.10
- 1、Teanda路由器CVE分析
https://www.anquanke.com/post/id/231445
- 2、思科RV110W CVE-2020-3331漏洞调试与iot靶场搭建
https://www.anquanke.com/post/id/233859
- 3、记一次unicorn半自动化逆向——还原某东sign算法
https://bbs.pediy.com/thread-266377.htm
- 4、steam令牌算法分析
https://bbs.pediy.com/thread-266366.htm
- 5、某电商App Sign签名算法解析 内部类的Hook
http://91fans.com.cn/post/dsbuysignone/
2021.03.22
- 1、Android加壳过程中mprotect调用失败的原因及解决方案
https://bbs.pediy.com/thread-266527.htm
2021.03.23
- 1、Android内核提权漏洞CVE-2019-2215 Binder UAF