渗透测试,web安全动态
-安全文章
-安全漏洞
-Web安全
-代码审计
标签:安全动态 Web安全 渗透测试 安全工具 视频分享
安全动态
[Security_week] APT-C-06组织在全球范围内首例使用“双杀”0day漏洞(CVE-2018-8174)发起的APT攻击分析及溯源
https://mp.weixin.qq.com/s/tRQ3yunhRpNRcjB4HV35sQ
[Security_week] 谁偷了我们的个人信息?
https://mp.weixin.qq.com/s/LDcC-50CBhhw36L4OSdzQw
[Security_week] Spring Integration Zip不安全解压(CVE-2018-1261)漏洞分析
https://mp.weixin.qq.com/s/SJPXdZWNKypvWmL-roIE0Q
[Security_week] Spring Security OAuth2 RCE(CVE-2018-1260)漏洞分析
https://mp.weixin.qq.com/s/5nTz6bexDFLkIT5EfDpnYA
[Security_week] CVE-2018-2628补丁绕过分析与修复建议
https://mp.weixin.qq.com/s/NF7hMlvs-yWR7gu05fO7WQ
[Security_week] 信息安全漏洞周报(2018年第18期)
https://mp.weixin.qq.com/s/BT1LUGfY0Z5Xv_Mt_rGmxA
[Security_week] 关于CVE-2018-1259-XXE漏洞复现
http://www.polaris-lab.com/index.php/archives/524/
Web安全
[Web_Security] 构造PPSX钓鱼文件
https://mp.weixin.qq.com/s/n-5HG7L7gDUkjZxKdXj0Jw
[Web_Security] SQL语句利用日志写shell
https://mp.weixin.qq.com/s/wNIsxAhGL79eqss7XmEB1A
[Web_Security] php 一句话木马检测绕过研究
https://mp.weixin.qq.com/s/LytVSOt81UpRyetMh6twnw
[Web_Security] php 反序列漏洞初识
https://mp.weixin.qq.com/s/XxnSEg-Fmv8fniQ0BMiQgg
[Web_Security] MySQL mmm_agent远程代码注入漏洞分析
https://mp.weixin.qq.com/s/kAXu6V8hOEbaBMGb2PObgQ
[Web_Security] 深入浅出WebExtensions(上)
https://mp.weixin.qq.com/s/NFFbKssSuqnaKjjzlLwHvw
[Web_Security] 我给你变一个ECShop漏洞魔术
https://mp.weixin.qq.com/s/mn77cuWq2eDsGrENE9Gxaw
[Web_Security] 简单分析SQL注入语义分析库Libinjection
http://www.freebuf.com/articles/web/170930.html
[Web_Security] DDCTF 2018 writeup(一) WEB篇
https://www.secdic.com/go/18163.html
[Web_Security]【撞库测试】 Selenium+验证码打码时的特殊情况-【遇到滚动条】
http://www.polaris-lab.com/index.php/archives/513/
渗透测试
[Penetration_test] Exploit-Exercise之Nebula实践指南(一)
https://mp.weixin.qq.com/s/Z95ffyBCX0MxyKSGGAoj9g
[Penetration_test] Twitter bug: Twitter建议用户修改账户密码;badpdf: 创建恶意PDF来从Windows机器上窃取NTLM
https://mp.weixin.qq.com/s/aTJLkffA8ltrcg6eh-VegA
[Penetration_test] python使用pexpect实现ftp的操作
https://mp.weixin.qq.com/s/wx1ZipTNGMWK8iHxJcmaMA
[Penetration_test] 普通用户借助docker容器提权思路分享
https://mp.weixin.qq.com/s/yjxGTXLuRoACVwpiG3VKEw
[Penetration_test] linux实践 | Exploit-Exercise之Nebula实践指南(三)
https://mp.weixin.qq.com/s/38oxdhBBVglYk7ulnDLo9Q
[Penetration_test] 通过HTTP协议获得Net-NTLM hash
https://www.secdic.com/go/17991.html
[Penetration_test] CTF实战 | Kioptrix(#3)靶机渗透测试
http://www.freebuf.com/articles/rookie/170656.html
[Penetration_test] 使用hashcat破解加密office文件
https://mp.weixin.qq.com/s/BAb0euDmLhGQ4KIt8k15QA
[Penetration_test] VulnHub渗透实战Billu_b0x
http://www.freebuf.com/sectool/170713.html
[Penetration_test] Z3Py在CTF逆向中的运用
https://mp.weixin.qq.com/s/8pHqlCVJ-M-oTa_ihy6lUQ
[Penetration_test] 教你如何去掉git历史中的敏感信息
https://mp.weixin.qq.com/s/gSGWbHEQXl1OAL-JZodXrQ
[Penetration_test] 渗透技巧——如何逃逸Linux的受限制shell执行任意命令
https://mp.weixin.qq.com/s/KKyq2_a0RxNMIWfTwNQwhQ
[Penetration_test] 爬虫工具的信息挖掘
https://mp.weixin.qq.com/s/AXlCUzm7rmNj4vzQd8M5Jg
[Penetration_test] Defcon China 靶场题 – 内网渗透Writeup
https://www.secdic.com/go/18183.html
[Penetration_test] redis 在渗透中 getshell 方法总结
https://www.secdic.com/go/18193.html
安全工具
[Security_tools] Hostscan - 用于网络扫描的PHP工具
https://mp.weixin.qq.com/s/lwrJrVKo4mSNfyMXy-RLqw
[Security_tools] YaVol - 用于Volatility Framework和Yara的GUI
https://mp.weixin.qq.com/s/69zBujQ63V-RITy1ru2-PQ
[Security_tools] Git Shell Bypass
https://mp.weixin.qq.com/s/_jI9g60QhvPWb7qG79um2w
[Security_tools] 一记组合拳,批量SSH弱密码爆破检测工具分享
https://mp.weixin.qq.com/s/d_pkFGL9PReqUTCxZsy4Uw
[Security_tools] 工具| PowerShell的内网渗透之旅(二)
https://mp.weixin.qq.com/s/xZGNpZLJxpxoKf8kiDdztQ
[Security_tools] DDoS Deflate - 用于阻止DDoS攻击的Shell脚本
https://mp.weixin.qq.com/s/BB_6MPdnqLmeW5KyyPdjIw
[Security_tools] 黑客喜欢的扫描器盒子
https://mp.weixin.qq.com/s/Cw3fdeVqjMUSItcBA4pkpw
[Security_tools] Sublist3r - 针对渗透测试人员的快速子域枚举工具
https://mp.weixin.qq.com/s/BaiU9lUIo92cwJvI6dQcPw
[Security_tools] Linux下的字典生成工具Crunch,创造自己的专属字典
https://mp.weixin.qq.com/s/F5azNOEWlqI4RjJw3sOydQ
视频分享
[Video_share] 见招拆招,深入解读Oracle提权
https://www.bugbank.cn/live/view.html?id=111188