安全文章
安全漏洞
Web安全
代码审计
标签:安全动态 Web安全 渗透测试 安全工具 代码审计 移动安全 视频分享
安全动态
[Security_week] xKungfoo 2018 信息安全交流大会 PPT下载
http://www.4hou.com/info/news/11370.html
[Security_week] 事件应急响应管理的5条建议
http://www.freebuf.com/articles/neopoints/172377.html
[Security_week] 记一次web应急事件处置
https://www.secdic.com/go/18678.html
[Security_week] 点外卖,再也不用担心隐私泄露
https://www.secdic.com/go/18717.html
[Security_week] 360公司Vulcan(伏尔甘)团队披露区块链平台EOS严重漏洞
https://mp.weixin.qq.com/s/UeXrbT5BFe9WKd63wDiQhg
[Security_week] 信息安全漏洞周报(2018年第20期)
https://mp.weixin.qq.com/s/W_xjTpCP7JldIcN6F7dWjg
[Security_week] VPNFilter-新型IoT Botnet深度解析
https://mp.weixin.qq.com/s/SnchceLdNX7JYiWfSH2Hmw
Web安全
[Web_Security] Bypass 360主机卫士SQL注入防御(多姿势)
https://mp.weixin.qq.com/s/-JkeLtaUo7qN3zxkFlf0-w
[Web_Security] 浅析SSRF原理及利用方式
https://www.secdic.com/go/18745.html
[Web_Security] Xpath定位经验总结
https://www.secdic.com/go/18735.html
[Web_Security] burp trick;Retile:LKM Linux rootkit和后门
https://mp.weixin.qq.com/s/H-48n-g_ypZ3k1rikOaodg
[Web_Security] 命令行下的信息搜集
https://mp.weixin.qq.com/s/_VdMOnsUwp0PiqxjrosQGg
[Web_Security] SSRF中的绕过姿势
https://mp.weixin.qq.com/s/467pD6VIpiYXfw2QTSzB4A
[Web_Security] 史上最强内网渗透知识点总结
https://mp.weixin.qq.com/s/U2MqcjA_YmMlajJzvDCZZw
[Web_Security] UEditor SSRF漏洞(JSP版本)分析与复现
https://mp.weixin.qq.com/s/OPbyYQNWiN2dy_BHhqd9eg
[Web_Security] ISCC 2018 Writeup
https://mp.weixin.qq.com/s/h9egb5ZQbdRtkaw9PBjw1w
[Web_Security] Linux查webshell
https://mp.weixin.qq.com/s/-3N2WDASdXSsPifoBiuQsQ
[Web_Security] 为什么要禁止除GET和POST之外的HTTP方法?
https://mp.weixin.qq.com/s/AIbTW9wmd3aWvZWWq3QYgw
[Web_Security] 如何快速查找网站有效子域名
http://www.4hou.com/technology/11782.html
[Web_Security] 黑客常说SQL注入是什么?手把手入门白帽子 (二)
https://mp.weixin.qq.com/s/XWA-vVu-9Jod_lMn6rXqGw
[Web_Security] phpMyadmin提权那些事
https://mp.weixin.qq.com/s/EMkZCHB3uKM7M1998eUlFg
[Web_Security] SQL注入攻击方式及防御方法,手把手入门白帽子 (二)
https://mp.weixin.qq.com/s/hkuAZOiRdcAHzVWPnUIX4g
[Web_Security] kindeditor文件遍历漏洞payload
https://www.secdic.com/go/19114.html
渗透测试
[Penetration_test] DMZ下使用web_delivery 介绍
https://mp.weixin.qq.com/s/JTLrHQDrjnGSSXxbvOxXSw
[Penetration_test] metasploit模块移植/开发--初识篇
https://www.secdic.com/go/18673.html
[Penetration_test] DDCTF 2018 writeup(二) 逆向篇
https://www.anquanke.com/post/id/145553
[Penetration_test] 内网渗透测试之域渗透详解
https://mp.weixin.qq.com/s/XLkCJ3KNkHLqvcfQW8HsFA
[Penetration_test] 域渗透中找DC
https://mp.weixin.qq.com/s/NJEhKIY9kogXqJyau2Cnyw
[Penetration_test] LINUX下内网反弹技巧总结和杂谈
https://mp.weixin.qq.com/s/YNGxYjXwh3NXlCCunh0iXw
[Penetration_test] 渗透过程中的端口反弹
https://mp.weixin.qq.com/s/LQhErXdwj9kR0ReTu-NQjA
[Penetration_test] Linux| 基线脚本编写(二)
https://mp.weixin.qq.com/s/Ttq5Ug5-AC38W8TOebl5oQ
[Penetration_test] Dnscat2-建立DNS隧道反弹SHELL
https://mp.weixin.qq.com/s/vjmCX6JhdVeURCrhuMK4Aw
[Penetration_test] 从WebShell到域控的奇妙之旅
http://www.freebuf.com/articles/network/172578.html
[Penetration_test] 攻破黑市之拿下吃鸡DNF等游戏钓鱼站群
http://www.freebuf.com/articles/web/172330.html
[Penetration_test] 一道OSCP缓冲区溢出分析到利用
https://www.anquanke.com/post/id/146562
[Penetration_test] 渗透测试实战-超级玛丽靶机入侵
https://www.anquanke.com/post/id/146527
安全工具
[Security_tools] Noriben - 基于Python的恶意软件分析沙箱
https://mp.weixin.qq.com/s/6is5QXESrPyKcJqMgof23g
[Security_tools] 增强IoT安全和可见性的7种工具
http://www.aqniu.com/tools-tech/34296.html
[Security_tools] 服务异常处理指南
https://mp.weixin.qq.com/s/wdmaLsbsdY7YdfmWzpuKbQ
[Security_tools] Detekt - 防止监视的工具
https://mp.weixin.qq.com/s/WxXgI4JMI4_JfJOd7rcJUg
[Security_tools] 10款最佳免费WiFi黑客工具(附传送门)
http://www.aqniu.com/hack-geek/34350.html
[Security_tools] websocket-fuzzer : WebSocket Fuzz 测试工具;Bash读取/etc/passwd技巧
https://mp.weixin.qq.com/s/IUQoqUaWYNaqkSmAdFVOig
[Security_tools] SSLyze - 分析SSL / TLS配置的工具
https://mp.weixin.qq.com/s/Sw_iDoFDSMOkx6LTJmw_ZA
[Security_tools] wvs结果批量整理工具
https://mp.weixin.qq.com/s/21MxYBr2mDdH6SSxA9pFKA
[Security_tools] 扫描不能停之Appscan批量扫描
https://mp.weixin.qq.com/s/OwMAcomXRRmjjKClk7jaow
[Security_tools] V3n0M - 一款开源漏洞扫描器
https://mp.weixin.qq.com/s/BjS3miitgRu2DxyAOwUE3A
[Security_tools] LogonTracer:用于可视化分析Windows安全事件日志寻找恶意登录的工具
http://www.freebuf.com/sectool/172623.html
[Security_tools] burpa: burp 自动化扫描工具;Firefox中通用CSP bypass详细信息(CVE-2018-5175)
https://mp.weixin.qq.com/s/akHIPUTh-vK54ffmm4WfHA
[Security_tools] 网络安全工具汇总
https://mp.weixin.qq.com/s/fx8emiLSKxge6P7nT1az7w
代码审计
[Code_audit] 代码审计 | ECShop3.6.0最新版本任意文件删除
https://mp.weixin.qq.com/s/UMBL3-nkI4xnFyuHbfj11Q
移动安全
[Mobile_Security] Android序列化与反序列化不匹配漏洞详解
https://www.secdic.com/go/19144.html
视频分享
[Video_share] 招招致命,CSRF与多种漏洞的组合出击
https://www.bugbank.cn/live/view.html?id=111256