渗透测试,web安全动态
-安全文章
-安全漏洞
-移动安全
-代码审计
标签:安全动态 安全技能 资源与工具分享
安全动态
[Security_week] 利用DNS隧道通信木马
https://mp.weixin.qq.com/s/OBudKq470e0Hp-p6_njWmg
[Security_week] 火狐浏览器出现严重远程代码执行漏洞,现已修复
http://www.freebuf.com/news/161924.html
[Security_week]
[Security_week] 帝友p2p借贷系统V4.1存在SQL注入漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2018-00125
[Security_week] DTD 实体 XXE 浅析
https://mp.weixin.qq.com/s/vkCdz6YCoiiJPI30KePD6g
安全技能
[Security_technology] 渗透测试案例入门到精通
https://mp.weixin.qq.com/s/mShMbG97cYI1V6Udlp3ebw
[Security_technology] 挖洞技巧:信息泄露之总结
https://mp.weixin.qq.com/s/FMp5OSB4We6QqCMcieTxSg
[Security_technology] CTF逆向——常规逆向篇(上)
https://mp.weixin.qq.com/s/_3S3yA9am3CIdW0VSvPWiw
[Security_technology] CTF逆向——常规逆向篇(下)
https://mp.weixin.qq.com/s/BGXjnNWdLFmkd4ix6DNORw
[Security_technology] 渗透测试向导—子域名枚举技术
https://zhuanlan.zhihu.com/p/31160156
[Security_technology] Smarty <= 3.1.32 PHP代码执行漏洞分析—【CVE-2017-1000480】
https://xianzhi.aliyun.com/forum/topic/1983
[Security_technology] Oracle常用经典SQL查询(一)
https://mp.weixin.qq.com/s/grFsNxrACx0OMa-VHQStLg
[Security_technology] DEDECMS漏洞集合
https://mp.weixin.qq.com/s/xC7hVVqtXdyirrb-rBH9TA
[Security_technology] 被忽视的隐患-CSRF漏洞攻防实例分析
https://mp.weixin.qq.com/s/MNka3vpBX_Eph-3x8GW6sg
[Security_technology] 新手科普 | MySQL手工注入之基本注入流程
https://mp.weixin.qq.com/s/UJptc2eru9uqCIm0dKsnGw
[Security_technology] DnsLog的改造和自动化调用
http://www.polaris-lab.com/index.php/archives/423/
[Security_technology] 站在 java 的角度探讨 SQL 注入原理
https://mp.weixin.qq.com/s/6WqnBgmmM4mFoke1s2z-VA
[Security_technology] 渗透技巧——导出Chrome浏览器中保存的密码
https://mp.weixin.qq.com/s/43AfEiaVFMw5Gj56FyepEg
[Security_technology] 内含EXP | 华硕路由器曝远程代码执行漏洞!
https://mp.weixin.qq.com/s/To797Cr46hMOsVDAeAve-g
[Security_technology] 工具| sqlmap payload修改之路
https://mp.weixin.qq.com/s/tAVkI981dIfhdMLcqkCKAA
[Security_technology] 如何通过Earthworm做Socks5代理进行内网渗透
https://mp.weixin.qq.com/s/VBiwJmpfIcRpdhwwWt2Ciw
[Security_technology] PHP漏洞函数总结
https://mp.weixin.qq.com/s/ABMaZVQihRaDYWfLVtw5zA
[Security_technology] 记一次审计 xiaocms 的过程
https://mp.weixin.qq.com/s/1G6q7Mk5aQL_9yZ6t58_nA
[Security_technology] 一种简单的Android全局注入方案
https://mp.weixin.qq.com/s/6DEqXARPDpAleuAcLypfkw
[Security_technology] WordPress插件YITH WooCommerce Wishlist SQL注入漏洞
http://www.freebuf.com/articles/web/160657.html
[Security_technology] 谁动了我的金矿:深扒黑产挖矿进阶之路
[Security_technology] DedeCMS最新版(20180109)任意用户密码修改漏洞分析
https://blog.formsec.cn/2018/01/11/DedeCMS-password-reset/
[Security_technology] DSmall多用户商城系统存在SQL注入漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2018-00128
[Security_technology] PHP常见漏洞与代码审计
https://mp.weixin.qq.com/s/VxHUHpQjlDH2sjXYlENtDA
[Security_technology] 07V8第23篇技术分享|挖洞技巧:信息收集
https://mp.weixin.qq.com/s/IG8wLrMsbJyVagSQCa5LaA
[Security_technology] 疑似蔓灵花APT团伙钓鱼邮件攻击分析
https://www.anquanke.com/post/id/96375
[Security_technology] redis未授权访问漏洞利用总结
http://p0sec.net/index.php/archives/69/
[Security_technology] CVE-2017-8570首次公开的野外样本及漏洞分析
https://mp.weixin.qq.com/s/dMqovzZ70SJgdnfAZtcZMg
[Security_technology] 通过x64分页机制的PTE Space实现内核漏洞利用
https://mp.weixin.qq.com/s/Th2YVmGcMcdEn4_FalmW8w
[Security_technology] 仰望PHPSHE1.5漏洞
https://mp.weixin.qq.com/s/UedDZFAo-W4mZUXT0wZAMg
[Security_technology] What?利用获取IP方式,进行SQL注入攻击
https://mp.weixin.qq.com/s/LdDwoeE9mk8E_d1GrCh9gA
[Security_technology] XSS的各种用途(窃取用户cookie、界面劫持......)
https://shimo.im/docs/qigwCWLpvHgBgZFa/
[Security_technology] 7-Zip:RAR和ZIP的多个内存损坏漏洞
https://mp.weixin.qq.com/s/jPPTBx-iuOwprhyeni9JWg
[Security_technology] 利用HTTP host头攻击的技术
https://mp.weixin.qq.com/s/oW06LbgLOmtz0CRgnuw0aw
[Security_technology] 通过CVE-2017-17215学习路由器漏洞分析,从入坑到放弃
http://www.freebuf.com/vuls/160040.html
[Security_technology] CVE-2018-5711:一张GIF图片就能让服务器宕机的PHP漏洞
https://mp.weixin.qq.com/s/3ouUP_S23q1tTXU_lKJDSA
[Security_technology] 【原创】某PHP加密文件调试解密过程
https://mp.weixin.qq.com/s/NeMHgkXrdWNFiOBRm0lFqQ
[Security_technology] 深入研究的套路之黑客与区块链
https://mp.weixin.qq.com/s/7F2-eLqIdSiNIHHJDzkwcg
[Security_technology] 域信任机制的攻击技术指南(六)
http://www.4hou.com/system/10211.html
[Security_technology] CVE-2018-5711:一张GIF图片就能让服务器宕机的PHP漏洞
https://mp.weixin.qq.com/s/ZWLqZ0V9zYRWrAR5WdPuBQ
[Security_technology] Windows 提权命令指南
https://mp.weixin.qq.com/s/oDKh2gyjH_zudhMW-Xd9Iw
[Security_technology] HPMailer 命令执行漏洞(CVE-2016-10033)分析
http://blog.csdn.net/wyvbboy/article/details/53969278
[Security_technology] 4道与CVE结合web题目
https://mp.weixin.qq.com/s/eAgw1ABhi_fZXuYLuZF3Nw
[Security_technology] Web安全 -- 逻辑漏洞小谈
https://mp.weixin.qq.com/s/qG0ELSi5zVTi9YRhN1UmGQ
[Security_technology] CrossRAT-一款新型的跨平台间谍软件
http://www.freebuf.com/news/161852.html
[Security_technology] 湖湘杯2017 PWN 200格式化字符串漏洞详细WriteUp
https://mp.weixin.qq.com/s/4XKZ4vGl7HK3mMkH7HQV0g
工具与资源
[Security_tools] python学习总结
[Security_tools] Invoke-Obfuscation- Powershell编码与混淆框架
https://mp.weixin.qq.com/s/Yy375akNrYLe3jWDjrKofw
[Security_tools] Oracle常用经典SQL查询(一)
https://mp.weixin.qq.com/s/grFsNxrACx0OMa-VHQStLg
[Security_tools] Oracle常用经典SQL查询(二)
https://mp.weixin.qq.com/s/u4yV5HMTncZv1KddWvLguw