-安全文章
-安全漏洞
-Web安全
-代码审计
标签:安全动态 Web安全 渗透测试 代码审计 安全工具
安全动态
[Security_week] CVE-2018-10561/62: GPON光纤路由器漏洞分析预警
https://mp.weixin.qq.com/s/H6cRTzr2FsoRK0BmKsJIwA
[Security_week] 每周网安十事 第97期
https://mp.weixin.qq.com/s/XIR7umy6uBSod8z9nqOjIQ
[Security_week] 浅谈以太坊智能合约的安全漏洞
https://mp.weixin.qq.com/s/H6cRTzr2FsoRK0BmKsJIwA
[Security_week] Spectre-NG:多个新 CPU 漏洞预警
https://mp.weixin.qq.com/s/xz0dKClBskZ6MMcOfmAf6A
[Security_week] 季刊| 骚技术汇总精编
https://mp.weixin.qq.com/s/4JtFYNMkRGZqQp6JsWPl_w
[Security_week] 入侵监控设备最新漏洞附Poc工具
https://mp.weixin.qq.com/s/H6cRTzr2FsoRK0BmKsJIwA
[Security_week] 信息安全漏洞周报(2018年第17期)
https://mp.weixin.qq.com/s/o9sW81sMKFBf3MA77Y9hdg
Web安全
[Web_Security] 看我如何挖掘YouPorn的XSS并成功利用
http://www.freebuf.com/articles/web/169918.html
[Web_Security] 使用burpsuite抓https包
https://mp.weixin.qq.com/s/p5yBNgp8KH523A6E5XF7xA
[Web_Security] PHP使用了PDO还可能存在sql注入的情况
https://mp.weixin.qq.com/s/LPmE52XU0A01p4ZYv4wwzA
[Web_Security] Bypass ngx_lua_waf SQL 注入防御(多姿势)
https://mp.weixin.qq.com/s/hy0eSorsxK_fKaNJ0r0glA
[Web_Security] burpsuite插件开发之检测越权访问漏洞
https://www.secdic.com/go/17640.html
[Web_Security] 记录一次利用业务设计漏洞的精彩实战测试
https://mp.weixin.qq.com/s/JshlT1uxO_2gCv-0BK6Dhg
[Web_Security] 只需通过4个NagiosXI漏洞 就可以构造一个远程代码执行
https://mp.weixin.qq.com/s/JshlT1uxO_2gCv-0BK6Dhg
[Web_Security] 利用/绕过 PHP escapeshellarg/escapeshellcmd函数
https://www.secdic.com/go/17790.html
渗透测试
[Penetration_test] 渗透测试神器Cobalt Strike使用教程
https://mp.weixin.qq.com/s/aHKzIVLy6EfW1pX2FVmfLQ
[Penetration_test] ORACLE PEOPLESOFT远程执行代码:将XXE盲注到SYSTEM SHELL
https://www.secdic.com/go/17589.html
[Penetration_test] CTF 玩转 pwn 月度总结
https://mp.weixin.qq.com/s/H-2yLfM3rd8g9KOx-r5dpA
[Penetration_test] 红帽杯部分Wp
https://mp.weixin.qq.com/s/9rTtLoucMpaWAeniTj27Xg
[Penetration_test] 了解一下,PowerShell的内网渗透之旅(一)
https://mp.weixin.qq.com/s/eQ_flYcMvVZdMjNDgn2CnA
[Penetration_test] 利用.NET反序列化漏洞获取NTLM Hashes
http://www.freebuf.com/articles/system/170640.html
[Penetration_test] python之paramiko模块
https://mp.weixin.qq.com/s/QdzHkWBdxVJ1U0WyJw11Cg
代码审计
[Code_audit] 代码审计 | HDWiki v6.0最新版referer注入漏洞
https://mp.weixin.qq.com/s/jb5iMmq1f54YARA5qZ67FA
[Code_audit] 蝉(feng)知(wo)cms
https://mp.weixin.qq.com/s/8QVM_qwAHFqJ8wdYdbjVGw
[Code_audit] 源码审计之缓冲区溢出漏洞
http://www.freebuf.com/vuls/170323.html
[Mobile_Security] 利用python开发app实战
https://www.secdic.com/go/17787.html
安全工具
[Security_tools] PentestPackage - Pentesting脚本集合
https://mp.weixin.qq.com/s/UZHZA5GpMNSyrNCjzYaBFw
[Security_tools] Hostscan - 用于网络扫描的PHP工具
https://mp.weixin.qq.com/s/EXOao848kUHZLKXAI-8wGQ
[Security_tools] 工具| Burp Suite API学习思路
https://mp.weixin.qq.com/s/WHzP47XUjKxaLN19NhinJQ
[Security_tools] OWTF - 攻击性Web测试框架
https://mp.weixin.qq.com/s/JKW1376dBC0orwAM2hL3KA
[Security_tools] Phan - PHP静态分析器
https://mp.weixin.qq.com/s/tO-5U1B8ZJAix64csT8tZQ
[Security_tools] Nmap使用空闲扫描进行信息收集
https://mp.weixin.qq.com/s/CRQlVaVCU0j2tMZwnR_0cA
[Security_tools] Whonow:一款可实时执行DNS重绑定测试的DNS服务器
http://www.freebuf.com/sectool/170740.html