Data Science for Cyber Security

LSTM识别恶意HTTP请求

2017-10-04 22:44:09 cdxy LSTM,RNN,WAF

In [1]: import sys import os import json import pandas import numpy import optparse from keras.callbacks import TensorBoard from keras.models import Sequential from keras.layers import LSTM, ... Read More

Vulnerability Analysis

PHPCMS 9.6.3 文件包含漏洞预分析

2017-08-05 00:06:18 cdxy phpcms,文件包含

This post requires access token, contact mail:[email protected] if needed. Read More

Machine Learning

Data Science for Cyber Security

机器学习识别XSS实践

2017-07-27 22:30:09 cdxy Machine Learning,XSS,SVM,word2vec,doc2vec

前言前日看到大佬发的机器学习识别XSS的项目代码 https://github.com/SparkSharly/DL_for_xss 于是搞了一把，记录一下遇到的问题思路大佬代码中给出的流程：数据集：GET/POST query 范化、分词:将数字串、链接替换为固定词，然后用正则分词特征(word2vec) 神经网络(MLP/RNN/CNN) 我实践的流程：范化，分词流程不变 ... Read More

Machine Learning

Sentiment classifier for Amazon product reviews

2017-07-24 00:02:08 cdxy classifier,product reviews,Amazon

This post requires access token, contact mail:[email protected] if needed. Read More

Machine Learning

Text clustering using KNN and TF-IDF

2017-07-23 21:30:08 cdxy clustering

This post requires access token, contact mail:[email protected] if needed. Read More

Data Science for Cyber Security

WEB资源异常检测模型

2017-07-22 11:08:59 cdxy Web,anomaly detection,webshell

This post requires access token, contact mail:[email protected] if needed. Read More

Penetration Testing

Tiki-Wiki, sysPass XSS Filter Bypass

2017-05-30 23:04:26 cdxy tiki,sysPass,XSS,bypass,PHP

Tiki-Wiki XSS Filter Bypass INFO Affected Product: Tiki-Wiki CMS v16.2 Vendor Homepage: https://tiki.org/ DESCRIPTION XSS Filter codes: ... Read More

CTF

[SSCTF 2017] web1-4 writeups

2017-05-08 17:00:00 cdxy CTF,Web,SSCTF,WriteUp

Name:捡吗？ Rank:100 给了个页面，查看源码发现ssrf，根据自身的phpinfo找到本机内网IP：10.23.140.139，根据hint给出的 10.23.173.x 地址段进行扫描，找到 10.23.173.190，查看源码发现新IP：172.17.0.1 以下是当时记录的fuzz过程一次跳板扫描内网 /news.php?url=10.23.173.190 host1 ... Read More

Vulnerability Analysis

Tour of 2 WordPress Exploits Posted on ExploitBox.io

2017-05-04 11:22:08 cdxy wordpress,RCE,0day

前段时间PHPMailer RCE漏洞作者Dawid Golunski在Twitter中放出一个WordPress自动化Getshell的视频引发大量关注。今日漏洞作者在 ExploitBox.io 公布了视频中的EXP细节和一个新的WordPress-0day。 WordPress Core 4.6 - Unauthenticated Remote Code Execution ... Read More

CTF

[360 春秋杯/429] where is my cat(web), mail(web) writeups

2017-04-20 23:38:38 cdxy CTF,Web,429,WriteUp

where is my cat 进站未fuzz到敏感信息，Cookie中有个输入点HOST=0。后来发现IP地址用了https，查看证书。讲该域名写入HOST获得flag。 mail 获取源码 http://106.75.106.156/web.tar.gz 审计之后发现并没有SQL注入，唯一的可控点在putenv("TZ=$timezone");这里。 ... Read More

cdxy.me
Cyber Security / Data Science / Trading

LSTM识别恶意HTTP请求

PHPCMS 9.6.3 文件包含漏洞预分析

机器学习识别XSS实践

Sentiment classifier for Amazon product reviews

Text clustering using KNN and TF-IDF

WEB资源异常检测模型

Tiki-Wiki, sysPass XSS Filter Bypass

[SSCTF 2017] web1-4 writeups

Tour of 2 WordPress Exploits Posted on ExploitBox.io

[360 春秋杯/429] where is my cat(web), mail(web) writeups

Recent Posts

Categories