-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsearch.xml
More file actions
478 lines (478 loc) · 409 KB
/
Copy pathsearch.xml
File metadata and controls
478 lines (478 loc) · 409 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
<?xml version="1.0" encoding="utf-8"?>
<search>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2Fimages%2F%E5%AE%89%E5%85%A8%E5%91%A8%E5%88%8A%EF%BC%9A%2F</url>
<content type="text"><![CDATA[安全周刊: ##❄ 安全动态 [Security_week] 等保2.0高风险项判定汇总 https://mp.weixin.qq.com/s/0-h1XAMIJCuQ_vZw6EJHDQ [Security_week] 等级保护2.0之操作超时 https://mp.weixin.qq.com/s/YlL2xRAXAhVlagvq7JOcug [Security_week] 等保测评:SQLServer操作超时 https://mp.weixin.qq.com/s/ozvNyO9_5gRKlNRRKcGRdQ [Security_week] 等保测评主机安全:CentOS访问控制 https://mp.weixin.qq.com/s/IAdsbE1u6uOyksch-aPBBA [Security_week] CVE-2019-0193:Apache Solr 远程命令执行漏洞预警 https://mp.weixin.qq.com/s/qtrCmkdDBfM5upCmi-zS1Q [Security_week] 记一次授权巡检–内网渗透居然可以这样玩 https://mp.weixin.qq.com/s/Wc3BTO7pYyDvih9IIaHGfA [Security_week] 日志管理与分析(一)——日志收集及来源 https://mp.weixin.qq.com/s/9_an1eI6qCbiarte6Gzv3g [Security_week] 日志管理与分析(二)–日志分析与报告 https://mp.weixin.qq.com/s/W7Z87K7BMtHDGJAfiEfalg [Security_week] 日志管理与分析(三)–对日志系统的攻击 https://mp.weixin.qq.com/s/XkLwT9SAhUAfTCcUrLSOkQ [Security_week] 网络安全渗透测试相关汇总 https://mp.weixin.qq.com/s/V7iV1a7rxWkPY6nrUSBBmQ [Security_week] 网络爬虫技术浅析 https://mp.weixin.qq.com/s/bJL_PkzBAlqusUe0Z4fc4w [Security_week] 网络安全应急响应相关汇总 https://mp.weixin.qq.com/s/yg-tk1HLFkaYLB3C0Opn2w [Security_week] 网络安全威胁情报相关汇总 https://mp.weixin.qq.com/s/RL8IeG7t1RVs4PZ3RSTPgg [Security_week] 网络安全入侵检测相关汇总 https://mp.weixin.qq.com/s/WAOCIvXvLK2hEXSmJJ2JoQ [Security_week] 信息安全漏洞周报(2019年第30期) https://mp.weixin.qq.com/s/GExlY7NhtJI9uq9QteWvOw [Security_week] 学习这件事,目标和环境都很重要 https://mp.weixin.qq.com/s/h6bFNUY-7CZOb1xtnWxYkg [Security_week] 浅谈渗透测试人员职业发展路线 https://mp.weixin.qq.com/s/0IlarNiC3w8TfpmavmDhuA [Security_week] CVE-2018-19127漏洞分析 https://mp.weixin.qq.com/s/GbIDbXUQ4tuxo_ysiFoEgg [Security_week] Discuz ML! V3.x 代码注入漏洞 https://mp.weixin.qq.com/s/o_83X0_BSLkerUFlx3sd9w [Security_week] 关于CVE-2019-13272 linux本地提权的复现经历 https://mp.weixin.qq.com/s/6cVRm7om1j8YcrH_apFGpA [Security_week] 应急响应案例及分析 https://mp.weixin.qq.com/s/krCsmArxNUyzg1kMV5xLKg [Security_week] 服务相关汇总 https://mp.weixin.qq.com/s/wrZShXIV17LuC9inwqQBbQ [Security_week] 验证码相关汇总 https://mp.weixin.qq.com/s/HodunVqxPNasqauleDy-yA [Security_week] 内网相关汇总 https://mp.weixin.qq.com/s/iaP_lODQCQMQEijxwqsvcg [Security_week] 网络安全漏洞相关汇总 https://mp.weixin.qq.com/s/oKTvsZuUICxuU3lVYWXICQ [Security_week] 信息安全漏洞周报(2019年第28期) https://mp.weixin.qq.com/s/EV8-UDaZpPZs2Vbwqwi9lA [Security_week] 信息安全漏洞周报(2019年第29期) https://mp.weixin.qq.com/s/4mZTh-mOW_u0tb5Z77evzw [Security_week] 简述安全学习和工作的各个阶段 https://mp.weixin.qq.com/s/mTljo_CR7DPVQctWWwchEg [Security_week] 安全工程师转正面试题 https://mp.weixin.qq.com/s/KYPcaZ1feiahVAi582HFnQ [Security_week] Drupal 访问权限控制失效漏洞预警 https://mp.weixin.qq.com/s/gc1Mpf8u0Jh0f495xDaq4g [Security_week] 测评相关汇总 https://mp.weixin.qq.com/s/_2eIoeYFuiXLhH2fyQBc_A [Security_week] 网络安全态势感知之大数据处理与分析 https://mp.weixin.qq.com/s/akpbPSv9VFPBF8KwVtcGxg [Security_week] 信息安全漏洞周报(2019年第27期) https://mp.weixin.qq.com/s/aaxFJ_eVkgdgQLT59cyBMw [Security_week] 漏洞分析 | Discuz ML! V3.X 代码注入漏洞 https://mp.weixin.qq.com/s/5Zl3Jve4eblNIXh30t469w [Security_week] Fastjson反序列化漏洞预警 https://mp.weixin.qq.com/s/v_IkhtjFhQbP1xOZExIL9g [Security_week] FastJson 远程代码执行漏洞分析报告 https://mp.weixin.qq.com/s/pTaMKwnLfj4cOlfS1OysdA [Security_week] HW行动小总结 https://mp.weixin.qq.com/s/g-RCf44LGQsRVstGk9ePUg [Security_week] Redis 4.x 5.xRCE的傻瓜式复现 https://mp.weixin.qq.com/s/MSWLqzyNnliX1G7TRYAwVw [Security_week] Microsoft Windows DHCP服务器远程代码执行漏洞(CVE-2019-0785) https://mp.weixin.qq.com/s/EyJrCe6oWqDNJwucK3GIeg [Security_week] Atlassian Jira远程命令执行漏洞 https://mp.weixin.qq.com/s/i6wAWZXuNAjmqtdwyYLHog [Security_week] 网络安全学习方法论之体系的重要性 https://mp.weixin.qq.com/s/yXA4BRbMfJNPQ68_-Nme6g [Security_week] 网络安全之智慧城市安全 https://mp.weixin.qq.com/s/pcb1HZcCoz3lZ1GM2jJFhA [Security_week] 大数据基础知识 https://mp.weixin.qq.com/s/G5XmF_DbOUqE-VMZDAMI6w [Security_week] 工信部发布2019年度防范治理电信网络诈骗创新示范项目 https://mp.weixin.qq.com/s/OJod9oONt1pyihrjSBFq8A [Security_week] 企业网络安全相关汇总 https://mp.weixin.qq.com/s/5MM8F36Tz-eqUDZRYWFvlQ [Security_week] 信息安全漏洞周报(2019年第26期) https://mp.weixin.qq.com/s/3mPsQphTpfRpIHivHfREDA [Security_week] 网站被黑客攻击后,这家企业被罚钱了 https://mp.weixin.qq.com/s/0c84FC0iKxgXnm8Yu6VNXQ [Security_week] 关于漏洞挖掘的一些感想 https://mp.weixin.qq.com/s/pasGT9igsh8mT9_nEGpNaQ [Security_week] 一次面试经历有感而写的经验总结 https://mp.weixin.qq.com/s/cZU9t_k01bORo-EEfpooGw [Security_week] 推荐一些优秀的甲方安全开源项目 https://mp.weixin.qq.com/s/bviX7hXd3qvZPrlS0U1PYg [Security_week] Apache axis远程命令执行漏洞 https://mp.weixin.qq.com/s/QYS8k7O0cXRnaMPIQm5vOg [Security_week] 工信部发布《电信和互联网行业提升网络数据安全保护能力专项行动方案》 https://mp.weixin.qq.com/s/-gX-WpLuZXjiCIcXD0dumA [Security_week] 公安机关网络安全等级保护监督检查工作内容 https://mp.weixin.qq.com/s/lEMy_xrTRZUNVM7AAbp8Pg [Security_week] 判刑相关汇总 https://mp.weixin.qq.com/s/quHm1OAs0RhN1HEKhG_OgQ [Security_week] 网络安全行业从业指南 https://mp.weixin.qq.com/s/RdXizg1TKlIArqqyfYDq-Q [Security_week] 登录相关汇总 https://mp.weixin.qq.com/s/-XGxm01jZLxdOE8Oomd3QQ [Security_week] 政府网站安全浅析 https://mp.weixin.qq.com/s/pWLIJPb8YdiSj8hli5WEYw [Security_week] 政府网站监管工作法规依据 https://mp.weixin.qq.com/s/Y8IavJddM7OPetDywH0TGQ [Security_week] 公安机关针对政府网站监管工作内容 https://mp.weixin.qq.com/s/ah8-uai3EpyyrdjTSoV6xw [Security_week] 信息安全漏洞周报(2019年第25期) https://mp.weixin.qq.com/s/C55JNibCCmJfRoPkl7F4Zg [Security_week] 致远OA 办公自动化软件 0day复现过程 https://mp.weixin.qq.com/s/80xu--UN_GTwECN6AGvOEA [Security_week] 《网络安全法》落地两周年回顾 https://mp.weixin.qq.com/s/yVYLUTM5L9AWvQgD9VGUMw [Security_week] 漏洞预警丨致远OA任意文件写入漏洞 https://mp.weixin.qq.com/s/KfE7FIocHWJHKpIU77faWQ [Security_week] 工控安全标准溯源与入坑指引 https://mp.weixin.qq.com/s/m116TlhmdDnujf9dkmcfkA [Security_week] 各种日志分析方式汇总 https://mp.weixin.qq.com/s/xGykym7m71TXXkFhU8XrfQ [Security_week] 致远 OA A8 无需认证 Getshell 漏洞 https://mp.weixin.qq.com/s/__Er8blkQ0cK3CVgtJZmLw [Security_week] HW之蜜罐总结 https://mp.weixin.qq.com/s/MxUuY26rSIPtiD90kmAQIQ [Security_week] 应急响应案例分享 https://mp.weixin.qq.com/s/xVLIfApux6O2zXjdT7qbZA [Security_week] 六月份期间0day漏洞总结 https://mp.weixin.qq.com/s/nHV-eysns9Y-ea-UuIvKfg [Security_week] 安全预警 ——WebSphere存在远程代码执行漏洞 https://mp.weixin.qq.com/s/OFQyhoKInGgl5bicGqnYGw [Security_week] Web日志安全分析技巧 https://mp.weixin.qq.com/s/CtnHy9X7_csTwrG5KJvDjg [Security_week] Linux文件自动备份方案 https://mp.weixin.qq.com/s/AjqKvlPXhV4deWcP5U1hJw [Security_week] 网络与信息安全通报中心浅析 https://mp.weixin.qq.com/s/5E4G9xm1mLGOuPEVeFLUpg [Security_week] 企业网络安全之隐私保护 https://mp.weixin.qq.com/s/Tl0FcM0r_yaFuwst_yqfbA [Security_week] 企业网络安全之业务安全与风控 https://mp.weixin.qq.com/s/j4dxRpj15oD3d2VJMNEJrA [Security_week] 谁动了我的隐私? https://mp.weixin.qq.com/s/--O0-FNzem9SpCzVGUANKw [Security_week] 企业网络安全之大规模纵深防御体系设计与实现 https://mp.weixin.qq.com/s/BqpF2wBB0APWljVggEBvrA [Security_week] 网络安全保障工作考核指标 https://mp.weixin.qq.com/s/GBpvOQez7bU1EEES_2FYlg [Security_week] 企业网络安全之安全体系建设 https://mp.weixin.qq.com/s/oribGN00x3ypup3lJsd32g [Security_week] 信息安全漏洞周报(2019年第24期) https://mp.weixin.qq.com/s/YdWAfmXNiuhRxLX5PLaBvQ [Security_week] Linux应急响应之工具篇 https://mp.weixin.qq.com/s/YFHLCVHVIB7hDeCVZaunbg [Security_week] 企业安全建设的体系思考与落地实践 https://mp.weixin.qq.com/s/h0J81LX7GUqSGAsSxksHnw [Security_week] 记一次应急中发现的诡异事件 https://mp.weixin.qq.com/s/XanFgX9Py_q8WaD14VC9Fw [Security_week] 堡垒机哲学史:从哪里来?到哪里去?是什么? https://mp.weixin.qq.com/s/rDmTdJ05cVE_jJiqKhywnw [Security_week] ApacheTomca远程执行代码(CVE-2019-0232)漏洞浅析和复现 https://mp.weixin.qq.com/s/7lO7t6iReGxx6CWksI8D2Q [Security_week] PHP_XXE攻击与防御安全实践 https://mp.weixin.qq.com/s/VldRAHtNwu1NFBLgppIAVg [Security_week] CVE-2019-2729:Oracle WebLogic 反序列化漏洞预警 https://mp.weixin.qq.com/s/ArZqB_s-d8ZExeRMFnd4sQ [Security_week] 专属| Linux曝出拒绝服务漏洞 https://mp.weixin.qq.com/s/fO4ufsjw7PMSkUFNPUqNOQ [Security_week] MySQL日志安全分析技巧 https://mp.weixin.qq.com/s/uT6_2H2cV32ghvxnFxw2Fw [Security_week] MSSQL日志安全分析技巧 https://mp.weixin.qq.com/s/_IlvfpuixxJoETLryWGZ-Q [Security_week] 企业网络安全之移动应用安全 https://mp.weixin.qq.com/s/MzOdoseBR_gfDxUnK3NNew [Security_week] 制定网络安全事件应急响应预案 https://mp.weixin.qq.com/s/WlDvwUhpdjH5mJ5HMT_Lqw [Security_week] 企业网络安全之代码审计 https://mp.weixin.qq.com/s/_7YCZBJOfE2DkNkTLK8tbQ [Security_week] 落实网络安全事件应急预案 https://mp.weixin.qq.com/s/Rldc4Ym2fFvFv6KlJz4Ssg [Security_week] 企业网络安全之办公网络安全 https://mp.weixin.qq.com/s/9L3pIZ2fJy63e0_U2ZueQA [Security_week] 企业网络安全之安全管理体系 https://mp.weixin.qq.com/s/65iO12z8YkfHPrjKACprDA [Security_week] 信息安全漏洞周报(2019年第23期) https://mp.weixin.qq.com/s/_U7RGAirn6Dz8BodzOVZkA [Security_week] 漏洞预警丨Oracle WebLogic XMLDecoder反序列化漏洞 https://mp.weixin.qq.com/s/mGi8SF3XYOfELHQmWlpr1Q [Security_week] 我的工控安全学习路线 https://mp.weixin.qq.com/s/XkJ_vkpwwqm6YRPDSl1Qiw [Security_week] Oracle WebLogic 最新远程反序列化命令执行0day漏洞(CVE-2019-2725补丁绕过)预警 https://mp.weixin.qq.com/s/QqbbkEcg5Qi6XdxQ5UzVSg [Security_week] 印象笔记扩展被爆严重漏洞 https://mp.weixin.qq.com/s/dZQn-HEQFcn5nZ3_Nm-Qjw [Security_week] 未来的安全动向,你能抓住吗 https://mp.weixin.qq.com/s/oziY28wXdevWhieCfEA0SQ [Security_week] Linux日志安全分析技巧 https://mp.weixin.qq.com/s/fWlux47luH_zvYpXcZXeYA [Security_week] 网络安全事件的分类分级管理 https://mp.weixin.qq.com/s/NULXUxSt0CgUGZG6xaBD8A [Security_week] Kali Linux 渗透测试相关汇总 https://mp.weixin.qq.com/s/ak6JhjCDeaxjvkwBVcuoyA [Security_week] 网络安全事件应急处置组织机构和保障措施 https://mp.weixin.qq.com/s/ZxAs4EoUbGx8BzFA34tADw [Security_week] 企业网络安全之安全运营思考 https://mp.weixin.qq.com/s/OjoMA5hmLWyhIQ65JAYP3w [Security_week] SSH 相关汇总 https://mp.weixin.qq.com/s/q-yvN2qJCB6LmoBfQM_U6g [Security_week] 网络安全事件监测和预警 https://mp.weixin.qq.com/s/hGe13Gj6JJX-nwETyFrmrw [Security_week] 企业网络安全之漏洞扫描 https://mp.weixin.qq.com/s/yKch-WnmidThRY0CNLmAHg [Security_week] 网络安全事件应急处置 https://mp.weixin.qq.com/s/uOlmcxf569Rst-KZGsTXQg [Security_week] 信息安全漏洞周报(2019年第22期) https://mp.weixin.qq.com/s/BYfTXgv6wkrjQY1S1-iL8A [Security_week] 文本编辑器Vim/Neovim被曝任意代码执行漏洞 https://mp.weixin.qq.com/s/b1a8g5cU6FIoW-ur3sgpYw [Security_week] 渗透测试信息收集心得分享 https://mp.weixin.qq.com/s/pprqACosIunwtN-u7qd6rg [Security_week] Vim编辑器本地代码执行漏洞预警(CVE-2019-12735) https://mp.weixin.qq.com/s/I1QXoD_617rJt8xSE5-s9w [Security_week] 信息安全风险处置浅析 https://mp.weixin.qq.com/s/K-pFXtXRaVxs8cgPIEgvqQ [Security_week] 企业网络安全之入侵检测数据分析 https://mp.weixin.qq.com/s/pQrTs406o9aZTdetzJJeMA [Security_week] 入侵相关汇总 https://mp.weixin.qq.com/s/C2dVTNeR1zSZigORiXAUAg [Security_week] 网络安全事件管理和应急响应法规依据 https://mp.weixin.qq.com/s/irBXuwTUAhxcxyk8ua-SPw [Security_week] 企业网络安全之入侵检测数据模型 https://mp.weixin.qq.com/s/LENopjrmZJyBg4u2y0Hfog [Security_week] 应急响应处置流程Windows篇 https://mp.weixin.qq.com/s/qzNbZLSPMoDU0quo1RsMMw [Security_week] 聊一聊渗透测试过程中的脚本功能 https://mp.weixin.qq.com/s/iIs-8fhn4WDYc4qCiZa-5g [Security_week] Weblogic CVE-2019-2725 分析报告 https://mp.weixin.qq.com/s/BT44IvHbbxSfjdr_1uSeCw [Security_week] 警惕Windows RDP远程漏洞POC传播 https://mp.weixin.qq.com/s/_-4RYExo7GSG2gskC8-qXg [Security_week] Influxdb 认证绕过漏洞预警 https://mp.weixin.qq.com/s/8DM2N4jXv1D_hGpIGteTXw [Security_week] CVE-2019-0708高危漏洞,各家安全厂商的扫描修复方案 https://mp.weixin.qq.com/s/FfXCSlruuXxInw5Am9R4hw [Security_week] Window日志分析 https://mp.weixin.qq.com/s/4kB26XQyAgVzrfOfIt2QvQ [Security_week] 企业网络安全之主机入侵检测 https://mp.weixin.qq.com/s/LZYMkorXHinDZWKEgTJdIQ [Security_week] 企业网络安全之检测 webshell https://mp.weixin.qq.com/s/oosHE694a_Ejvih3A524uA [Security_week] 企业网络安全之 RASP https://mp.weixin.qq.com/s/aYBNd5ACIX0brnq9jcLJ2w [Security_week] 信息安全风险评估浅析 https://mp.weixin.qq.com/s/C5a0aLJAVnDZ-XdlcrWufg [Security_week] 企业网络安全之数据库审计 https://mp.weixin.qq.com/s/A0eWT7t5th3OAf4dajeHxA [Security_week] 信息安全漏洞周报(2019年第20期) https://mp.weixin.qq.com/s/11eCN73QbcxcBX1O9Pch-g [Security_week] 信息安全漏洞周报(2019年第21期) https://mp.weixin.qq.com/s/7iVYBScxuc5wp6ScTch_OA [Security_week] 应急响应系列之 web 实战篇 https://mp.weixin.qq.com/s/Oa20D4gy-gBqoRbrTjnzYw [Security_week] 应急响应实战笔记,一个安全工程师的自我修养! https://mp.weixin.qq.com/s/wCyoPikWahYkIN0R4AVxqw [Security_week] 这一年来做安全负责人的思考和总结 https://mp.weixin.qq.com/s/N5BI4m88NONg5pm_dWXLNQ [Security_week] 聊一聊信安之路的使命愿景和价值观 https://mp.weixin.qq.com/s/bJiitZScCGCPD5v5YyizZg [Security_week] 两年安全分析工作的思考和总结 https://mp.weixin.qq.com/s/ndbaEjX0B4k_tWPeGNMtgA [Security_week] cve-2019-0708 POC放送 https://mp.weixin.qq.com/s/A73WTube5rcJh3MRNKPk-A [Security_week] Numpy反序列化命令执行漏洞分析(CVE-2019-6446)附0day https://mp.weixin.qq.com/s/erc1Pe-_CTotHB0BWHvA0w [Security_week] 网络安全分析报告-04 https://mp.weixin.qq.com/s/sCKjNU2KxSrZPuiq6rk_Vg [Security_week] 企业网络安全之甲方安全建设 https://mp.weixin.qq.com/s/JRdF7UIN_LdnHv1OS3FdtQ [Security_week] 安全防护相关汇总 https://mp.weixin.qq.com/s/6AO4JD860ixZ3WVm0VBXZA [Security_week] 网络安全等级保护之备案 https://mp.weixin.qq.com/s/UaSWiNc4T6erEeW3964ucw [Security_week] 网络安全等级保护之建设整改 https://mp.weixin.qq.com/s/PxO2rxCdUQVHvXSzrJq0hQ [Security_week] 网络安全等级保护之等级测评 https://mp.weixin.qq.com/s/7Sp0-h6Fwmquan4LnLkx0g [Security_week] 企业网络安全之基础安全 https://mp.weixin.qq.com/s/F5ui7qwCT8rCbam3VADN4Q [Security_week] 网络安全等级保护之基本要求 https://mp.weixin.qq.com/s/iukl_4ZKbhHcaAKKC13-sw [Security_week] 企业网络安全之防御 https://mp.weixin.qq.com/s/Bp2ieE49keJ2KmiXrdaf8w [Security_week] 信息安全漏洞周报(2019年第19期) https://mp.weixin.qq.com/s/tg1ywDVfrzYp2JL5cK_dEQ [Security_week] 应急响应系统之 Linux 主机安全检查 https://mp.weixin.qq.com/s/S0OmDRU6uQo8LBBK-GUAaQ [Security_week] Linux安全加固之中间件Tomcat https://mp.weixin.qq.com/s/QpWEk12ObGdL3wTFl2KQmg [Security_week] Microsoft Windows RDP & DHCP服务远程代码执行漏洞 https://mp.weixin.qq.com/s/FQ4Gsg1m37gyINqVVoZt_w [Security_week] CVE-2019-0708:Windows RDP服务蠕虫级漏洞预警 https://mp.weixin.qq.com/s/x-jZoMlJEbIgGLz6BOorLw [Security_week] CVE-2019-2725/CNVD-C-2019-48814第三弹——通杀 https://mp.weixin.qq.com/s/DrOWQn4Kh2J0syI5Uv10dg [Security_week] Intel Processor MDS系列漏洞预警 https://mp.weixin.qq.com/s/SKwIj33sW8YjNNaFCgjYxg [Security_week] 《关键信息基础设施安全保护条例》解读 https://mp.weixin.qq.com/s/1ET6t7tZ41odmp8iOaDFxg [Security_week] Kali Linux 渗透测试:无线渗透 https://mp.weixin.qq.com/s/wYgeSP_NcnGSPmM7MH7dVA [Security_week] Web 相关汇总 https://mp.weixin.qq.com/s/Gjvr9RhU7dvl9EugMkpnyg [Security_week] 网络安全等级保护之定级 https://mp.weixin.qq.com/s/q6VujMig0ryVrwGVNgxP1g [Security_week] 信息安全漏洞周报(2019年第18期) https://mp.weixin.qq.com/s/gNUxTv2LzW_oteOZdYu3wA [Security_week] 干货 | 等保2.0新标准介绍 https://mp.weixin.qq.com/s/87_nFoQO18GAmYxM-M10Pg [Security_week] 企业内部安全之员工安全培训二三事 https://mp.weixin.qq.com/s/umSOlIL_HDKbFrPc5UUpCQ [Security_week] 浅谈入侵溯源过程中的一些常见姿势 https://mp.weixin.qq.com/s/XxMDiRo3RaeOj_Z3WvBmKg [Security_week] Sqlite3 窗口函数UAF漏洞预警通告(CVE-2019-5018) https://mp.weixin.qq.com/s/4kBtliXsWRj4bJ2hWC0tyw [Security_week] WebLogic wls9-async 反序列化漏洞(CNVD-C-2019-48814)复现 https://mp.weixin.qq.com/s/hWKO2gzy7O-XmyHZ9fqq8g [Security_week] SRC逻辑漏洞挖掘那些事儿 https://mp.weixin.qq.com/s/g-LmAV8XDD69zI1HcVKx1g [Security_week] 绕过杀软!SQL Server Transact-SQL 的无文件攻击姿势 https://mp.weixin.qq.com/s/itzMSLVWQbrzyKRTOhYtSQ [Security_week] Domain fronting域名前置网络攻击技术 https://mp.weixin.qq.com/s/9G1qh_azz6SAaZQ7KfvZlg [Security_week] 警惕x3m勒索病毒——CryptON https://mp.weixin.qq.com/s/h4c0n1gV-ghp5CKTo83HZA [Security_week] Kali Linux 渗透测试:信息收集 https://mp.weixin.qq.com/s/d0OhBq54ikmHrtjo0NZ87w [Security_week] Kali Linux 渗透测试:漏洞扫描 https://mp.weixin.qq.com/s/41fOAYR4lgSM_6xaztHQ6w [Security_week] Kali Linux 渗透测试:漏洞利用 https://mp.weixin.qq.com/s/eh83Mp0ZFucTw5pgaOLg2Q [Security_week] Kali Linux 渗透测试:密码攻击 https://mp.weixin.qq.com/s/CyEvnNARLtt5YUnltWQONg [Security_week] 信息安全漏洞周报(2019年第17期) https://mp.weixin.qq.com/s/O-rRS1dnyLj-aNQ02ZVtCw [Security_week] 一文看懂认证安全问题总结篇 https://mp.weixin.qq.com/s/pUamv_JmPXzxPwC8zBfCpg [Security_week] 提高全员安全意识的6个方向 https://mp.weixin.qq.com/s/NY2dprcK2I19Mmz253YZ7w [Security_week] 等保2.0将至,解读新标准的变化 https://mp.weixin.qq.com/s/yLhLif5LDsOlcgvyZv_VSg [Security_week] Windows安全加固 https://mp.weixin.qq.com/s/sVhJw0IdE7PLhE9CUnBXLg [Security_week] Linux安全加固 https://mp.weixin.qq.com/s/fB7l7FsmgdIzyM3nkkhBGw [Security_week] Weblogic反序列化远程代码执行漏洞(CVE-2019-2725)分析报告 https://mp.weixin.qq.com/s/fPZhWOyPexgQy6f-9c-JSw [Security_week] WebLogic wls9-async 反序列化漏洞(CNVD-C-2019-48814)复现 https://mp.weixin.qq.com/s/hWKO2gzy7O-XmyHZ9fqq8g [Security_week] 最新weblogic漏洞复现 https://mp.weixin.qq.com/s/Hdvp1_lUgfynQg_KP-t9Tg [Security_week] 关于Atlassian Confluence Widget Connector 目录穿越、远程代码执行漏洞分析及复现 https://mp.weixin.qq.com/s/fu8dQesXHWg-XmHmvxGryg [Security_week] 公安部相关汇总 https://mp.weixin.qq.com/s/hnbzjdrH72bpByVw5eiefg [Security_week] 网警相关汇总 https://mp.weixin.qq.com/s/k4QTv4zc-c1ik2k_lWTJBg [Security_week] 工信部相关汇总 https://mp.weixin.qq.com/s/PwqV5PKazXPS9u3LUmGk5A [Security_week] 信息安全漏洞周报(2019年第16期) https://mp.weixin.qq.com/s/CtydNIk7BWgGU5EmnlTW8A [Security_week] 做正确的事,比正确地做事更重要 https://mp.weixin.qq.com/s/Qdvu3yKsX64M2LPv8Vlqfw [Security_week] 等保到底是个啥:系统建设管理部分 https://mp.weixin.qq.com/s/QNzCoudWBzJKQCFqxxaRYw [Security_week] 等保到底是个啥(七):系统运维管理部分 https://mp.weixin.qq.com/s/VZ0Bq4RKS6n7OojW42mAGA [Security_week] 计算机基础知识的最小集合 https://mp.weixin.qq.com/s/fugt_y9bl_PyhIJVjYKdTw [Security_week] 简单入门python字节码混淆 https://mp.weixin.qq.com/s/yPglfHWJ5drvyjwmOmgFBw [Security_week] N份多方面学习资源 https://mp.weixin.qq.com/s/e_sL-yllVEaSv8uHYEJ0lA [Security_week] 安全工具下载资源汇总 https://mp.weixin.qq.com/s/bfU7c-nngLW_mxh_bzMbww [Security_week] 持续整理一份多方面学习资源 — 第三季 https://mp.weixin.qq.com/s/FCLlhpTFmVi5mV3zO8yuOw [Security_week] Internet Explorer XXE 漏洞预警 https://mp.weixin.qq.com/s/KHOKzuf2dQazXnuR23JSXg [Security_week] Oracle WebLogic 反序列化远程命令执行漏洞预警 https://mp.weixin.qq.com/s/0wzYQj9PQMLJpsnGp_zjFg [Security_week] 关于Weblogic wls9-async组件存在反序列化漏洞复现及解决方法 https://mp.weixin.qq.com/s/FekGq62wx5di3JyjwW9nWA [Security_week] WebLogic任意文件上传漏洞(CVE-2019-2618) https://mp.weixin.qq.com/s/zWnxlkqh5rvHrT9DzHBMuA [Security_week] Spring Cloud Config目录遍历漏洞(CVE-2019-3799) https://mp.weixin.qq.com/s/6434rhIDYhIrbXW2MrTAjw [Security_week] 数据库相关汇总 https://mp.weixin.qq.com/s/hALKVW5KAMbU3zpyRzQ_3w [Security_week] 骚扰电话相关汇总 https://mp.weixin.qq.com/s/rb8eGTpDYgxPEsMnhT4auA [Security_week] 女朋友相关汇总 https://mp.weixin.qq.com/s/y7YEFH6Rf86JLrWVootlfg [Security_week] 信息安全漏洞周报(2019年第14期) https://mp.weixin.qq.com/s/iiSpp17GYZ73tP6wyxIlPQ [Security_week] 信息安全漏洞周报(2019年第15期) https://mp.weixin.qq.com/s/H-Ez4wQcLFcyfHwkG6lsrQ 81]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F95%2F</url>
<content type="text"><![CDATA[安全周刊 (第95期) 安全动态: [等保测评] 等保2.0高风险项判定汇总 https://mp.weixin.qq.com/s/0-h1XAMIJCuQ_vZw6EJHDQ [等保对比] 等级保护2.0之操作超时 https://mp.weixin.qq.com/s/YlL2xRAXAhVlagvq7JOcug [等保汇总] 等保测评:SQLServer操作超时 https://mp.weixin.qq.com/s/ozvNyO9_5gRKlNRRKcGRdQ [等保测评] 等保测评主机安全:CentOS访问控制 https://mp.weixin.qq.com/s/IAdsbE1u6uOyksch-aPBBA [漏洞分析] CVE-2019-0193:Apache Solr 远程命令执行漏洞预警 https://mp.weixin.qq.com/s/qtrCmkdDBfM5upCmi-zS1Q [渗透过程] 记一次授权巡检–内网渗透居然可以这样玩 https://mp.weixin.qq.com/s/Wc3BTO7pYyDvih9IIaHGfA [日志分析] 日志管理与分析(一)——日志收集及来源 https://mp.weixin.qq.com/s/9_an1eI6qCbiarte6Gzv3g [日志分析] 日志管理与分析(二)–日志分析与报告 https://mp.weixin.qq.com/s/W7Z87K7BMtHDGJAfiEfalg [日志分析] 日志管理与分析(三)–对日志系统的攻击 https://mp.weixin.qq.com/s/XkLwT9SAhUAfTCcUrLSOkQ [渗透测试] 网络安全渗透测试相关汇总 https://mp.weixin.qq.com/s/V7iV1a7rxWkPY6nrUSBBmQ [爬虫] 网络爬虫技术浅析 https://mp.weixin.qq.com/s/bJL_PkzBAlqusUe0Z4fc4w [应急响应] 网络安全应急响应相关汇总 https://mp.weixin.qq.com/s/yg-tk1HLFkaYLB3C0Opn2w [威胁情报] 网络安全威胁情报相关汇总 https://mp.weixin.qq.com/s/RL8IeG7t1RVs4PZ3RSTPgg [入侵检测] 网络安全入侵检测相关汇总 https://mp.weixin.qq.com/s/WAOCIvXvLK2hEXSmJJ2JoQ [漏洞分析] 信息安全漏洞周报(2019年第30期)https://mp.weixin.qq.com/s/GExlY7NhtJI9uq9QteWvOw Web安全: [漏洞分析] PHP反序列化漏洞简介及相关技巧小结 https://mp.weixin.qq.com/s/kwFF9HglaKD9rNwP0ntClQ [漏洞分析] 绕过某通用信息管理系统实现XSS https://mp.weixin.qq.com/s/xqdjhkMB6jNP01PwbkTV1g [其他] 干货 | 靶场 | 工具 | 字典 分享 https://mp.weixin.qq.com/s/bCM8iOowHl2l7DWX9NciwA 渗透测试: [漏洞分析] 利用CVE-2018-8120漏洞简单提权 https://mp.weixin.qq.com/s/IIdiwB1FeWcBWe-tRyAiCQ [漏洞分析] 利用CVE-2019-0803漏洞简单提权 https://mp.weixin.qq.com/s/1AYGZ6BwQAkeFOo-ePBooQ [漏洞分析] 后渗透之维护权限 https://mp.weixin.qq.com/s/2_2kFVeqH1mJQQ6tcIuUpQ [漏洞分析] 记一次实战GetShell https://mp.weixin.qq.com/s/ZvL6MdMjbjWUl_AEodZnsA [数据库] 数据库执行系统命令技巧与总结 https://mp.weixin.qq.com/s/9Nl8aADzb3zBj0YUWJRPoA [渗透测试] CobaltStrike权限维持及其自动化 https://mp.weixin.qq.com/s/zgpReTb6zFDdhIHQ6grFLQ [渗透测试] 记一次内网渗透练习 https://mp.weixin.qq.com/s/RH3cVlMrpcXt9kgFIF3XRA 安全工具: [安全工具] 暴力破解工具 Hydra (九头蛇)https://mp.weixin.qq.com/s/ge5mPjXBFGRqrJD_lXSrAg [安全工具] Pown-Duct:一款功能强大的盲注攻击检测工具 https://mp.weixin.qq.com/s/zOu99YU-psAprN9hjaGIsw [安全工具] Windows安全应急–多种安全工具的介绍 https://mp.weixin.qq.com/s/g1MkXeHXyHdqPbTJH7k6RQ [安全工具] 一款功能强大的子域收集工具 https://mp.weixin.qq.com/s/LOgzi6jBjdhk0VkISe8siw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F94%2F</url>
<content type="text"><![CDATA[安全周刊(第94期) 安全动态: [其他] 学习这件事,目标和环境都很重要 https://mp.weixin.qq.com/s/h6bFNUY-7CZOb1xtnWxYkg [其他] 浅谈渗透测试人员职业发展路线 https://mp.weixin.qq.com/s/0IlarNiC3w8TfpmavmDhuA [漏洞分析] CVE-2018-19127漏洞分析 https://mp.weixin.qq.com/s/GbIDbXUQ4tuxo_ysiFoEgg [漏洞分析] Discuz ML! V3.x 代码注入漏洞 https://mp.weixin.qq.com/s/o_83X0_BSLkerUFlx3sd9w [漏洞分析] 关于CVE-2019-13272 linux本地提权的复现经历 https://mp.weixin.qq.com/s/6cVRm7om1j8YcrH_apFGpA [应急响应] 应急响应案例及分析 https://mp.weixin.qq.com/s/krCsmArxNUyzg1kMV5xLKg [服务汇总] 服务相关汇总 https://mp.weixin.qq.com/s/wrZShXIV17LuC9inwqQBbQ [验证码汇总] 验证码相关汇总 https://mp.weixin.qq.com/s/HodunVqxPNasqauleDy-yA [内网汇总] 内网相关汇总 https://mp.weixin.qq.com/s/iaP_lODQCQMQEijxwqsvcg [漏洞汇总] 网络安全漏洞相关汇总 https://mp.weixin.qq.com/s/oKTvsZuUICxuU3lVYWXICQ [漏洞汇总] 信息安全漏洞周报(2019年第28期)https://mp.weixin.qq.com/s/EV8-UDaZpPZs2Vbwqwi9lA [漏洞汇总] 信息安全漏洞周报(2019年第29期)https://mp.weixin.qq.com/s/4mZTh-mOW_u0tb5Z77evzw Web安全: [SQL注入] mysql 手注入之information_schema数据库详解 https://mp.weixin.qq.com/s/y0Qy8QsDvTPFzoCmhyyF_Q [漏洞分析] 未授权访问漏洞总结 https://mp.weixin.qq.com/s/yW_zVmvWkK3nSMXkANbGkA [XXE漏洞] XXE 打怪升级之路 https://mp.weixin.qq.com/s/VWofHp5lJLYnbw01copnkw [SQLmap注入] 使用 flask + selenium 中转 SQLmap 进行注入 https://mp.weixin.qq.com/s/4_vjLfbr-rUhQDs_wIZGoQ [漏洞分析] 通过挖掘某某 src 来学习 json csrf https://mp.weixin.qq.com/s/0X6-d5Wbv8Ps3pGJpX6FAQ [WAF原理] 从WAF的基本原理 讲讲现代WAF到底有什么 https://mp.weixin.qq.com/s/3nuzMBqBoTwZCHsnEGIjeA [WAF原理] 从WAF的基本原理 讲讲现代WAF到底有什么(下)https://mp.weixin.qq.com/s/dI67TSC1BDvir7oio_7-rA [漏洞分析] 未授权访问漏洞总结JS变异小技巧:使用JavaScript全局变量绕过XSS过滤器 https://mp.weixin.qq.com/s/E_HjUteCbx41zm-78FHCRw [渗透过程] Web渗透初探 https://mp.weixin.qq.com/s/zfyWa_V6LJ5AbyqAL3Rlfg [XSS漏洞] Xss小游戏通关秘籍 https://mp.weixin.qq.com/s/oVoSlXR_TJOYWA6CdBvMWQ [XSS漏洞] Bypass XSS过滤方法 https://mp.weixin.qq.com/s/k3pk-M_prllZ4Hl5VgjtdA [PHP函数] PHP函数基础简章 https://mp.weixin.qq.com/s/zMVIQZLAwmdGAkgB1oig6Q [漏洞分析] 目录遍历漏洞备忘录 https://mp.weixin.qq.com/s/MjSK_5bDXzpa9aShXhIclg [CSRF漏洞] CSRF漏洞详解与挖掘 https://mp.weixin.qq.com/s/3pfXY2VywXnHdOiYP44J5Q [XSS] XSS相关Payload及Bypass的备忘录(上)https://mp.weixin.qq.com/s/Zs9IIqyfcwG08LAWRXZmIw [XSS] XSS相关Payload及Bypass的备忘录(下)https://mp.weixin.qq.com/s/K41O-UBwnvq9yupSo-9kQA 渗透测试: [smbmap] 与 Smbmap 结合攻击 https://mp.weixin.qq.com/s/4KMSy0pXiHk9wj1cr0wcXQ [漏洞分析] 密码重置漏洞骚思路分享 https://mp.weixin.qq.com/s/FZ0F1zBNeeDKscaPnatiQg [漏洞平台] 漏洞平台批量安装 https://mp.weixin.qq.com/s/jROaJiJsQ8u1ZRjpQ3ciSQ [渗透测试] 记一次以小勃大,紧张刺激的渗透测试 https://mp.weixin.qq.com/s/PsiVInmdu3lzLXmu6AeQEA [工具] 内网全局代理工具及特征分析 https://mp.weixin.qq.com/s/r3FaLfZoMkN05z1rKOp0Ew [msf测试] 聊一聊基于 msf 的免杀项目测试过程 https://mp.weixin.qq.com/s/W7mBroOtVUdMHA7f07J_7Q [其他] 一次住酒店的意外收获 https://mp.weixin.qq.com/s/Qm6dQgyKwspYGrzFziOpJw [渗透测试] 记一次时间间隔一年的渗透经历 https://mp.weixin.qq.com/s/MzGNSSAU9gKiiBHlnnCYzg [其他] 你高考志愿的咨询系统真的安全吗?https://mp.weixin.qq.com/s/lUDpLkBUtNuq9DdTxd9Clg [漏洞挖掘] 谈谈企业内部IT系统漏洞的挖掘 https://mp.weixin.qq.com/s/ALMv_MZOsHSrbMCGZ2apfQ [渗透测试] 渗透启示录-用边界机来一场内网漫游 https://mp.weixin.qq.com/s/M5ugjsNJzrXluyfnBR157g [内网渗透] 内网渗透的一次记录 https://mp.weixin.qq.com/s/8yAHl-xmJWpS4UDOKLGMRg [渗透过程] 一次对学校AVCON系统的渗透 https://mp.weixin.qq.com/s/_v4ym4C-eI9A_If92Grs7Q [渗透测试] 【HTB系列】靶机Chaos的渗透测试详解 https://mp.weixin.qq.com/s/ZyzP4RKGz3hyjhRJSHeGgA [内网渗透] 内网渗透-代理篇 https://mp.weixin.qq.com/s/gKaxjVpoI-TeRU51sYblhw [漏洞] 利用HTTP参数污染 https://mp.weixin.qq.com/s/w7THDgVPfnU5KeFLGclxIg [后台汇总] 查找网站后台方法总结整理 https://mp.weixin.qq.com/s/r3CoMvyca3vvALAqNXxp5A [APT资料汇总] APT实战资料推荐 https://mp.weixin.qq.com/s/DFyKHKoQQ20pAHk80k1JbQ 安全工具: [安全工具] shellsum 一款通过md5sum检测本地目录中的Web shell工具 https://mp.weixin.qq.com/s/PY5LLjfEJ5t0OWwI9lN9PQ [安全工具] Empire https://mp.weixin.qq.com/s/cAgEEG0e6pNPakEUWL7BqA 代码审计: [内容管理系统] 代码审计入门:MiniCMS详细分析 https://mp.weixin.qq.com/s/yHkl16sYyH5rOKDwdIAiaQ [代码审计] Ecms定制版代码审计实战思路分享 https://mp.weixin.qq.com/s/LfqddhLiVEKU-CbYqx-kMA 视频分享: [渗透] 工控安全渗透之路 https://www.bugbank.cn/live/view.html?id=112236 [等保] 从技术角度看等保解读 https://www.bugbank.cn/live/view.html?id=112259]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F93%2F</url>
<content type="text"><![CDATA[安全周刊(第93期) 安全动态: [其他] 简述安全学习和工作的各个阶段 https://mp.weixin.qq.com/s/mTljo_CR7DPVQctWWwchEg [其他] 安全工程师转正面试题 https://mp.weixin.qq.com/s/KYPcaZ1feiahVAi582HFnQ [漏洞分析] Drupal 访问权限控制失效漏洞预警 https://mp.weixin.qq.com/s/gc1Mpf8u0Jh0f495xDaq4g [测评汇总] 测评相关汇总 https://mp.weixin.qq.com/s/_2eIoeYFuiXLhH2fyQBc_A [大数据分析] 网络安全态势感知之大数据处理与分析 https://mp.weixin.qq.com/s/akpbPSv9VFPBF8KwVtcGxg [漏洞周报] 信息安全漏洞周报(2019年第27期)https://mp.weixin.qq.com/s/aaxFJ_eVkgdgQLT59cyBMw Web安全: [Mysql注入] Mysql 手工注入【常规 Union 查询篇】 https://mp.weixin.qq.com/s/wvvbSenaLImknqSQvRt90A [其他] SQLi_Labs通关文档【1-65关】https://mp.weixin.qq.com/s/BcAHFo9UCJbAs1-gErdMDA 渗透测试: [渗透分析] 与 CrackMapExec 结合攻击 https://mp.weixin.qq.com/s/rxgbR7cwV-eJ8kuHrWDyjA [渗透分析] 基于 SMB 发现内网存活主机 https://mp.weixin.qq.com/s/GbO60Oj-ZyhRYYsSyS3U6Q [端口转发] Lcx 简单端口转发 https://mp.weixin.qq.com/s/jeiqkpGZMg6897go9_59bA [病毒威胁] 记一次Linux木马清除过程 https://mp.weixin.qq.com/s/NkleRQknAbvwvkYtNCo-Ww [靶机] HTB靶机系列-SwagShop https://mp.weixin.qq.com/s/McCUL4PuIXzMmII_BFJ-lg [渗透分析] 域渗透之中继攻击 https://mp.weixin.qq.com/s/Nh_2RyG2WnU0vhjys0zBXA [内网渗透] 记一次实战学校内网渗透 https://mp.weixin.qq.com/s/ZRnjAD4118dA_AZlGVJ7ZQ [渗透分析] 渗透启示录-从JS信息泄露到Webshell https://mp.weixin.qq.com/s/AlshbKgHOyEhM9aOT5Jxuw [渗透分析] ThinkPHP渗透之经验决定成败 https://mp.weixin.qq.com/s/FrPeMU9ZFEU65e6TvIBUXA [渗透过程] 渗透测试中如何快速拿到Webshell https://mp.weixin.qq.com/s/pN1Yzwlcjd21VGG7A4rLbg 代码审计: [安全工具] DMitry 一款一体化的信息收集工具 https://mp.weixin.qq.com/s/Jk40zQvuPzM3lwmLXP8Ezg [安全工具] sniffglue 一款网络嗅探工具 https://mp.weixin.qq.com/s/67SXituhyll9vK_0Ci8g1A [安全工具] Trivy 一款针对容器的扫描漏洞工具 https://mp.weixin.qq.com/s/PjAYVQhPbXUlw5N9PhmISA [漏洞汇总] 存在SSTI漏洞的CMS合集 https://mp.weixin.qq.com/s/3c3wU-Gtiq3MdfAK_pgNVw 视频分享: [其他] 分析样本时反被调戏了怎么办?—— 浅谈恶意代码对抗技术 https://www.bugbank.cn/live/view.html?id=112223]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F92%2F</url>
<content type="text"><![CDATA[安全周刊(第92期) 安全动态: [漏洞分析] 漏洞分析 | Discuz ML! V3.X 代码注入漏洞 https://mp.weixin.qq.com/s/5Zl3Jve4eblNIXh30t469w [漏洞分析] Fastjson反序列化漏洞预警 https://mp.weixin.qq.com/s/v_IkhtjFhQbP1xOZExIL9g [漏洞分析] FastJson 远程代码执行漏洞分析报告 https://mp.weixin.qq.com/s/pTaMKwnLfj4cOlfS1OysdA [HW汇总] HW行动小总结 https://mp.weixin.qq.com/s/g-RCf44LGQsRVstGk9ePUg [漏洞复现] Redis 4.x 5.xRCE的傻瓜式复现 https://mp.weixin.qq.com/s/MSWLqzyNnliX1G7TRYAwVw [漏洞分析] Microsoft Windows DHCP服务器远程代码执行漏洞(CVE-2019-0785) https://mp.weixin.qq.com/s/EyJrCe6oWqDNJwucK3GIeg [漏洞分析] Atlassian Jira远程命令执行漏洞 https://mp.weixin.qq.com/s/i6wAWZXuNAjmqtdwyYLHog [其他] 网络安全学习方法论之体系的重要性 https://mp.weixin.qq.com/s/yXA4BRbMfJNPQ68_-Nme6g [其他] 网络安全之智慧城市安全 https://mp.weixin.qq.com/s/pcb1HZcCoz3lZ1GM2jJFhA [大数据] 大数据基础知识 https://mp.weixin.qq.com/s/G5XmF_DbOUqE-VMZDAMI6w [其他] 工信部发布2019年度防范治理电信网络诈骗创新示范项目 https://mp.weixin.qq.com/s/OJod9oONt1pyihrjSBFq8A [安全汇总] 企业网络安全相关汇总 https://mp.weixin.qq.com/s/5MM8F36Tz-eqUDZRYWFvlQ [漏洞汇总] 信息安全漏洞周报(2019年第26期) https://mp.weixin.qq.com/s/3mPsQphTpfRpIHivHfREDA Web安全: [木马] 一句话木马的各种变形 https://mp.weixin.qq.com/s/2z6tRmPqbNIdESU1254vIg [漏洞检查] 大家检查一下自己网站的漏洞吧 https://mp.weixin.qq.com/s/Br4UhYxf4I9C3wvc_G38Jw [提权过程] 换了套组合拳打出一个 webshell 你敢信 https://mp.weixin.qq.com/s/J9uC0u-2Yafvdkl_sdMO5g [漏洞分析] 利用 Apache 的解析机制来植入webshell https://mp.weixin.qq.com/s/rOzaZAE6bC6fjaJG1S9SgQ [漏洞汇总] 浅谈轰炸漏洞攻防思路 https://mp.weixin.qq.com/s/W5VYH8mY74OcgiLdVHAzFg [日志汇总] 各种日志分析方式汇总 https://mp.weixin.qq.com/s/gAVuYciQ-JUNw_jNIGp7RA [爆破功能] 验证码爆破总结及python实现爆破功能 https://mp.weixin.qq.com/s/Q5gU_sqTvmkE4aFKA4abBg [靶场] DoraBox(哆啦盒)基础Web漏洞训练靶场 https://mp.weixin.qq.com/s/-06AtU8HijaVYHAUKfS2Ew [XSS思路] XSS bypass新思路 https://mp.weixin.qq.com/s/fGPeJFEUnXmFfa8u5X-xdg [SQL绕过] SQLi绕过技巧 https://mp.weixin.qq.com/s/v7V8M_PQYB9ZdMjB4HMfFg [SQL注入] SQL注入之Order-by-Leak https://mp.weixin.qq.com/s/C8X6ZlyAcJhxQ-wtygmsUg 渗透测试: [渗透] Node.js 反向 Shell https://mp.weixin.qq.com/s/uTFQtDPi5ADy1RWS8jCI5A [渗透] Get Shell By Powershell https://mp.weixin.qq.com/s/elPD2-L9HzhgrQLbJ9cXNA [内网渗透] 基于Beef-XSS+Sunny-Ngrok进行内网安全测试 https://mp.weixin.qq.com/s/5FQPy2vHPqbAjxLV1U8Tgg [文件包含] php文件自包含的奇淫技巧 https://mp.weixin.qq.com/s/aaQVo-3tOmuR2lO4YfjEug [漏洞复现] Redis 4.x 5.xRCE复现 https://mp.weixin.qq.com/s/jaU_G7dq_W3Ju-gbEC8Qmg [手机验证码绕过] 一个有意思的漏洞组合场景 https://mp.weixin.qq.com/s/OInMzXTXrrPiKKEk-_7sOw [渗透] Discuz Ml v3.x 前台Getshell姿势 https://mp.weixin.qq.com/s/DELNgYJtYVgGURM3RX5gnA [渗透] 某大佬的BypassWAF新思路 https://mp.weixin.qq.com/s/aUh2B_zbQgz6zLErgCIkZA 代码审计: [漏洞分析] 一次CMS源码审计与漏洞发现 https://mp.weixin.qq.com/s/KrzjuNA0kHS1s-EC4J5fdA [代码审计] 文件操作类基础代码审计 https://mp.weixin.qq.com/s/1A6mec5_xHPq5Q0G5i4xPQ [代码审计] 游荡在PHP代码审计之间–XSS和CSRF https://mp.weixin.qq.com/s/A9ErT-OTyga4Cw-8QXgCRQ 视频分享: [其他] 流量中的狩猎者 https://www.bugbank.cn/live/view.html?id=112212]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F91%2F</url>
<content type="text"><![CDATA[安全周刊(第91期) 安全动态: [安全动态] 网站被黑客攻击后,这家企业被罚钱了 https://mp.weixin.qq.com/s/0c84FC0iKxgXnm8Yu6VNXQ [安全动态] 关于漏洞挖掘的一些感想 https://mp.weixin.qq.com/s/pasGT9igsh8mT9_nEGpNaQ [安全动态] 一次面试经历有感而写的经验总结 https://mp.weixin.qq.com/s/cZU9t_k01bORo-EEfpooGw [安全动态] 推荐一些优秀的甲方安全开源项目 https://mp.weixin.qq.com/s/bviX7hXd3qvZPrlS0U1PYg [安全动态] Apache axis远程命令执行漏洞 https://mp.weixin.qq.com/s/QYS8k7O0cXRnaMPIQm5vOg [安全动态] 工信部发布《电信和互联网行业提升网络数据安全保护能力专项行动方案》https://mp.weixin.qq.com/s/-gX-WpLuZXjiCIcXD0dumA [安全动态] 公安机关网络安全等级保护监督检查工作内容 https://mp.weixin.qq.com/s/lEMy_xrTRZUNVM7AAbp8Pg [安全动态] 判刑相关汇总 https://mp.weixin.qq.com/s/quHm1OAs0RhN1HEKhG_OgQ [安全动态] 网络安全行业从业指南 https://mp.weixin.qq.com/s/RdXizg1TKlIArqqyfYDq-Q [安全动态] 登录相关汇总 https://mp.weixin.qq.com/s/-XGxm01jZLxdOE8Oomd3QQ [安全动态] 政府网站安全浅析 https://mp.weixin.qq.com/s/pWLIJPb8YdiSj8hli5WEYw [安全动态] 政府网站监管工作法规依据 https://mp.weixin.qq.com/s/Y8IavJddM7OPetDywH0TGQ [安全动态] 公安机关针对政府网站监管工作内容 https://mp.weixin.qq.com/s/ah8-uai3EpyyrdjTSoV6xw [安全动态] 信息安全漏洞周报(2019年第25期)https://mp.weixin.qq.com/s/C55JNibCCmJfRoPkl7F4Zg Web安全: [Web安全] 聊一聊 SQLMAP 在进行 sql 注入时的整个流程 https://mp.weixin.qq.com/s/jVN48BRYb9pECjk9SAuXpA [Web安全] 各种漏洞组合拳打出不一样的姿势 https://mp.weixin.qq.com/s/xDEdgnDNugbpuuWp9wvgag [Web安全] 安全狗最新版Bypass | 附sqlmap tamper脚本 https://mp.weixin.qq.com/s/Ykzfo-ugaTrrVYTobQg6wA [Web安全] URL 跳转漏洞的利用技巧 https://mp.weixin.qq.com/s/2lq-w90reAjxpFZweZMD_w [Web安全] 国内外临时匿名邮箱及接收手机短信验证码网站 https://mp.weixin.qq.com/s/XJj5vCGw-twak1ix6b6cIQ [Web安全] 堆叠注入详解 https://mp.weixin.qq.com/s/bqK1FMKGgcbPtwraenjvew 渗透测试: [渗透测试] 利用自拍照反弹shell https://mp.weixin.qq.com/s/37FU00-i1NFZrSu48h1p6A [渗透测试] 简单利用EtterCap实现DNS劫持 https://mp.weixin.qq.com/s/Izu_14-O1U-2wQNibfXLFw [渗透测试] 发现目标 WEB 程序敏感目录第一季 https://mp.weixin.qq.com/s/dDxQQt2M-jn-jp-lrA6_ng [渗透测试] 基于 MSF 发现内网存活主机第六季 https://mp.weixin.qq.com/s/2W_5UxzgM8m5YdpoOPHhaw [渗透测试] 对抗权限长期把控-伪造无效签名第一季 https://mp.weixin.qq.com/s/VfJDz3hgTA3zdpDdSTWbyw [渗透测试] 关于CMSMS中SQL注入漏洞的复现与分析与利用 https://mp.weixin.qq.com/s/aKZDnPVm4CHFFe_3DUJk_Q [渗透测试] 对某网的一次渗透测试纪实 https://mp.weixin.qq.com/s/5IoUfBTYs6uNm7KfxRCNKA [渗透测试] 针对某网站的渗透浅析 https://mp.weixin.qq.com/s/fBhYk_SPokAfMiBGfRArMw [渗透测试] 从反渗透到病毒分析 https://mp.weixin.qq.com/s/T-459zIffpQKuFDt95aQMA [渗透测试] 靶机Teacher的渗透测试详解 https://mp.weixin.qq.com/s/c8NG54T1VYsteJKJMTlziw [渗透测试] 净网2019打击网络色情,实录渗透某成人”抖音” https://mp.weixin.qq.com/s/boQgUtJCNapNPUQcwl5quA [渗透测试] 物理入侵Win10–渗透系统 https://mp.weixin.qq.com/s/EkYI3IWt8lSRzlT_rs6x4A [渗透测试] 对某钓鱼网站的一次渗透测试 https://mp.weixin.qq.com/s/PkX3Bu3zojmgsmOQR1sOD 安全工具: [安全工具] BoomER 一款检测和利用本地漏洞工具 https://mp.weixin.qq.com/s/bFUGqWq2jxp_V0b--vdjUA [安全工具] BabySploit 一款渗透测试框架 https://mp.weixin.qq.com/s/dAL-dx-X6xGkopOewU4mbg [安全工具] CyberScan 一款开源的数据包取证渗透工具 https://mp.weixin.qq.com/s/xBuRNsXVgNYYetJpELbHUg [安全工具] Vxscan 一款Python3综合扫描工具 https://mp.weixin.qq.com/s/HZXI7PVH_b9vqaiYBrEtyA [安全工具] Vulnx 一款检测多种类型的Cms漏洞工具 https://mp.weixin.qq.com/s/jx88ztCIBYDaRx6K0JW5SQ [安全工具] 你的密码安全吗?https://mp.weixin.qq.com/s/6IlAvxjohgr1O2x3Xi4W5A 移动安全: [移动安全] 基础篇——APP抓包姿势总结 https://mp.weixin.qq.com/s/yFxzFq0Q62irI7WiIVg3RA 代码审计: [代码审计] 记对OpenSNS的一次代码审计 https://mp.weixin.qq.com/s/axz6HI_fGxNsskpUHsVbgw [代码审计] CTF之web小记 https://mp.weixin.qq.com/s/QtwO7UuJGwqTOg4QL9R8Hg [代码审计] 代码审计常用的两种套路 https://mp.weixin.qq.com/s/4TVA5wv2Q-7lWdOQtV6Tjg]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F90%2F</url>
<content type="text"><![CDATA[安全周刊(第90期) 安全动态: [安全动态] 致远OA 办公自动化软件 0day复现过程 https://mp.weixin.qq.com/s/80xu--UN_GTwECN6AGvOEA [安全动态] 《网络安全法》落地两周年回顾 https://mp.weixin.qq.com/s/yVYLUTM5L9AWvQgD9VGUMw [安全动态] 漏洞预警丨致远OA任意文件写入漏洞 https://mp.weixin.qq.com/s/KfE7FIocHWJHKpIU77faWQ [安全动态] 工控安全标准溯源与入坑指引 https://mp.weixin.qq.com/s/m116TlhmdDnujf9dkmcfkA [安全动态] 各种日志分析方式汇总 https://mp.weixin.qq.com/s/xGykym7m71TXXkFhU8XrfQ [安全动态] 致远 OA A8 无需认证 Getshell 漏洞 https://mp.weixin.qq.com/s/__Er8blkQ0cK3CVgtJZmLw [安全动态] HW之蜜罐总结 https://mp.weixin.qq.com/s/MxUuY26rSIPtiD90kmAQIQ [安全动态] 应急响应案例分享 https://mp.weixin.qq.com/s/xVLIfApux6O2zXjdT7qbZA [安全动态] 六月份期间0day漏洞总结 https://mp.weixin.qq.com/s/nHV-eysns9Y-ea-UuIvKfg [安全动态] 安全预警 ——WebSphere存在远程代码执行漏洞 https://mp.weixin.qq.com/s/OFQyhoKInGgl5bicGqnYGw [安全动态] Web日志安全分析技巧 https://mp.weixin.qq.com/s/CtnHy9X7_csTwrG5KJvDjg [安全动态] Linux文件自动备份方案 https://mp.weixin.qq.com/s/AjqKvlPXhV4deWcP5U1hJw [安全动态] 网络与信息安全通报中心浅析 https://mp.weixin.qq.com/s/5E4G9xm1mLGOuPEVeFLUpg [安全动态] 企业网络安全之隐私保护 https://mp.weixin.qq.com/s/Tl0FcM0r_yaFuwst_yqfbA [安全动态] 企业网络安全之业务安全与风控 https://mp.weixin.qq.com/s/j4dxRpj15oD3d2VJMNEJrA [安全动态] 谁动了我的隐私? https://mp.weixin.qq.com/s/--O0-FNzem9SpCzVGUANKw [安全动态] 企业网络安全之大规模纵深防御体系设计与实现 https://mp.weixin.qq.com/s/BqpF2wBB0APWljVggEBvrA [安全动态] 网络安全保障工作考核指标 https://mp.weixin.qq.com/s/GBpvOQez7bU1EEES_2FYlg [安全动态] 企业网络安全之安全体系建设 https://mp.weixin.qq.com/s/oribGN00x3ypup3lJsd32g [安全动态] 信息安全漏洞周报(2019年第24期)https://mp.weixin.qq.com/s/YdWAfmXNiuhRxLX5PLaBvQ Web安全: [Web安全] Mysql 高级盲注之布尔型盲注 https://mp.weixin.qq.com/s/h-T-4YUeq9XtgUm1ogt0Iw [Web安全] Mysql 基于常规显错方式的注入方法 https://mp.weixin.qq.com/s/hX3L35KC8Aysq1cEo1Dpnw [Web安全] Web攻击检测机器学习深度实践 https://mp.weixin.qq.com/s/hVq-oE545FZfnnn-GXyJGQ [Web安全] 谈谈Json格式下的CSRF攻击 https://mp.weixin.qq.com/s/8hE-jCnDsPri0aVIfynpmg [Web安全] 绕过文件上传限制 https://mp.weixin.qq.com/s/sv98FPY3SFnKNRCfsB6EGQ [Web安全] 绕过web服务器的CORS限制 https://mp.weixin.qq.com/s/F9Pem5zU_xyC4X_HiF-bZg [Web安全] 基于BurpSuite快速探测越权-Authz插件 https://mp.weixin.qq.com/s/pxkM7wwGLNexA1RZhtes9A [Web安全] 安全狗最新版Bypass | 附sqlmap tamper脚本 https://mp.weixin.qq.com/s/Ykzfo-ugaTrrVYTobQg6wA [Web安全] URL 跳转漏洞的利用技巧 https://mp.weixin.qq.com/s/2lq-w90reAjxpFZweZMD_w 渗透测试: [渗透测试] 记一次获取远程桌面历程 https://mp.weixin.qq.com/s/9BHA9pIUKkYF3eR3FT6fzA [渗透测试] 靶机Vault的渗透测试详解 https://mp.weixin.qq.com/s/eRrt5mTayRQle-5nsi0wXA [渗透测试] C/S客户端的安全测试流程 https://mp.weixin.qq.com/s/gm1k28RqUlqjzWEiRv4utQ 安全工具: [安全工具] userrecon-py 一款在社交网络中查找用户名工具 https://mp.weixin.qq.com/s/WkCQCnx3xF1qfSJoNfRNNA [安全工具] XSSCon 一款简单的XSS扫描仪工具 https://mp.weixin.qq.com/s/nU-VgO2hA4WfqA75es6VmA [安全工具] Nmap配合Masscan实现高效率扫描资产 https://mp.weixin.qq.com/s/GbswkGHx1V8E_TNdplZhLQ 代码审计: [代码审计] 近期关于代码审计的学习总结 https://mp.weixin.qq.com/s/wcA567aPpl6c4vD0asVv9w 视频分享: [视频分享] 技术又双叒进阶后——分享我的漏洞挖掘奇思妙想 https://www.bugbank.cn/live/view.html?id=112210]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F9%2F</url>
<content type="text"><![CDATA[title: 9date: 2018-1-16 19:05:18tags: 9 Web安全漏洞: 360&xss [web_vlun]Advisory: XSS issues in MantisBT (CVE-2017-6973, CVE-2017-7241, CVE-2017-7309):http://bobao.360.cn/snapshot/index?id=274043cxsecurity [web_vlun]Apple macOS/IOS 10.12.2(16C67) mach_msg Heap Overflow:https://cxsecurity.com/issue/WLB-2017030254exploit [web_vlun]Opensource Classified Ads Script - ‘keyword’ Parameter SQL Injection:https://www.exploit-db.com/exploits/41758/securiteam [web_vlun]IBM Sterling Secure Proxy HTTP Cross Site Scripting Obtain Information Vulnerability:http://www.securiteam.com/securitynews/5GP3V00KUU.htmlCNVD [web_vlun]Dedecms存在储存型跨站脚本漏洞:http://www.cnvd.org.cn/flaw/show/CNVD-2017-01709 Web安全文章: nmap scripts [web_security]Nmap script Help:https://github.com/lyxw/markdown_files/blob/master/nmap%E8%84%9A%E6%9C%AC.mdtwitter&WLC Management [web_security]Black Hat Asia 2017 部分议题和PPT:http://www.yilan.io/home/?category=58d8b14e634239a3046a5d00现在的袭击是成功的,因为防守是相反的:http://t.cn/R60xcXqtwitter& Gabriela Vatu [web_security]Fake WordPress Plugin Opens Sites to Attackers:http://news.softpedia.com/news/fake-wordpress-plugin-opens-sites-to-attackers-514438.shtml恶意软件感染的多个网站:http://t.cn/R60NBPbtwitter&Evan Todd [web_phishing]Cross Site Request Forgery Basics:http://etodd.io/2017/03/29/thirteen-years-of-bad-game-code/twitter&WLC Management [web_security]Part I. Russian APT - APT28 collection of samples including OSX XAgent:http://contagiodump.blogspot.jp/2017/02/russian-apt-apt28-collection-of-samples.html twitter [web_security]European Commission Pushing For Encryption Backdoors:http://www.darknet.org.uk/2017/03/european-commission-pushing-for-encryption-backdoors/twitter [web_security]Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain:https://github.com/Plailect/keyshuffling加密后门:http://t.cn/R60CP2n90sec&MoHun [web_security]CVE-2017-7269 配合MSF 利用:https://forum.90sec.org/forum.php?mod=viewthread&tid=10412#lastpost 网络安全: [andorid]有关Cisco IOS&IOS XE Software CMP安全漏洞情况的通报:http://www.freebuf.com/news/130874.html[andorid]Post-FCC Privacy Rules, Should You VPN?:https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/VPN供商创建一个加密隧道:http://t.cn/R60J5zr 移动安全: [andorid]Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts:http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/攻击者向受害者发送一个无辜的文件,其中包含恶意代码:http://t.cn/R60xeeEtwitter&netsniffer [andorid]Wall Street’s New Favorite Way to Swap Secrets Is Against the Rules:https://www.bloomberg.com/news/articles/2017-03-30/wall-street-s-whatsapp-secret-illegal-texting-is-out-of-control360&shan66 [andorid]【技术分享】安卓Hacking Part 20:使用GDB在Android模拟器上调试应用程序:http://bobao.360.cn/learning/detail/3677.html看雪&世界美景 [andorid] 微信数据库:http://bbs.pediy.com/thread-216734.htmios [IOS] iOS Security:http://security.ios-wiki.com/]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F89%2F</url>
<content type="text"><![CDATA[安全周刊(第89期) 安全动态: [Security_week] Linux应急响应之工具篇 https://mp.weixin.qq.com/s/YFHLCVHVIB7hDeCVZaunbg [Security_week] 企业安全建设的体系思考与落地实践 https://mp.weixin.qq.com/s/h0J81LX7GUqSGAsSxksHnw [Security_week] 记一次应急中发现的诡异事件 https://mp.weixin.qq.com/s/XanFgX9Py_q8WaD14VC9Fw [Security_week] 堡垒机哲学史:从哪里来?到哪里去?是什么? https://mp.weixin.qq.com/s/rDmTdJ05cVE_jJiqKhywnw [Security_week] ApacheTomca远程执行代码(CVE-2019-0232)漏洞浅析和复现 https://mp.weixin.qq.com/s/7lO7t6iReGxx6CWksI8D2Q [Security_week] PHP_XXE攻击与防御安全实践 https://mp.weixin.qq.com/s/VldRAHtNwu1NFBLgppIAVg [Security_week] CVE-2019-2729:Oracle WebLogic 反序列化漏洞预警 https://mp.weixin.qq.com/s/ArZqB_s-d8ZExeRMFnd4sQ [Security_week] 专属| Linux曝出拒绝服务漏洞 https://mp.weixin.qq.com/s/fO4ufsjw7PMSkUFNPUqNOQ [Security_week] MySQL日志安全分析技巧 https://mp.weixin.qq.com/s/uT6_2H2cV32ghvxnFxw2Fw [Security_week] MSSQL日志安全分析技巧 https://mp.weixin.qq.com/s/_IlvfpuixxJoETLryWGZ-Q [Security_week] 企业网络安全之移动应用安全 https://mp.weixin.qq.com/s/MzOdoseBR_gfDxUnK3NNew [Security_week] 制定网络安全事件应急响应预案 https://mp.weixin.qq.com/s/WlDvwUhpdjH5mJ5HMT_Lqw [Security_week] 企业网络安全之代码审计 https://mp.weixin.qq.com/s/_7YCZBJOfE2DkNkTLK8tbQ [Security_week] 落实网络安全事件应急预案 https://mp.weixin.qq.com/s/Rldc4Ym2fFvFv6KlJz4Ssg [Security_week] 企业网络安全之办公网络安全 https://mp.weixin.qq.com/s/9L3pIZ2fJy63e0_U2ZueQA [Security_week] 企业网络安全之安全管理体系 https://mp.weixin.qq.com/s/65iO12z8YkfHPrjKACprDA [Security_week] 信息安全漏洞周报(2019年第23期)https://mp.weixin.qq.com/s/_U7RGAirn6Dz8BodzOVZkA Web安全: [Web_Security] 由 CSRF 引起的 XSS 漏洞小结 https://mp.weixin.qq.com/s/EF2mUDgSWHtGnVVjuXT1_A [Web_Security] 一篇文章由浅入深了解MSSQL注入 https://mp.weixin.qq.com/s/01j8URfEvkfAk2W_HJcluw [Web_Security] Webshell免杀套路 https://mp.weixin.qq.com/s/xhI6hOjN7eTyAiQIPud1Yg [Web_Security] 记一次真实的邮件钓鱼演练 https://mp.weixin.qq.com/s/K1ydmJhVnuYC3016d-QT3w [Web_Security] Dns注入 https://mp.weixin.qq.com/s/CftVKtffPcf7bgvO0eV17Q [Web_Security] 打死也不写远程函数执行高危漏洞 https://mp.weixin.qq.com/s/ID50AVv7ECDlUTnVoSV3bw [Web_Security] SRC逻辑漏洞挖掘浅谈 https://mp.weixin.qq.com/s/wp7kE8p5ugEQVmAHFMBa_g [Web_Security] XSS绕过实战练习 https://mp.weixin.qq.com/s/4m1p1NyOhT0nlStyeYsXlw [Web_Security] XSS绕过姿势 https://mp.weixin.qq.com/s/aHOjd21G1mseofQV4yrxbQ 渗透测试: [Penetration_test] 基于 MSF 发现内网存活主机第二季 https://mp.weixin.qq.com/s/fJ2vwjkycFAJgeLLQB2qmw [Penetration_test] 基于 MSF 发现内网存活主机第四季 https://mp.weixin.qq.com/s/7t1fncvVor4YSnjstVEmJw [Penetration_test] 基于 MSF 发现内网存活主机第五季 https://mp.weixin.qq.com/s/nZAqFMU3S1b2_zcWI23gtA [Penetration_test] 记一次渗透过程中用sqlmap写shell https://mp.weixin.qq.com/s/qmp23H7wliazjjlpzuZ6_A [Penetration_test] 零基础漏洞挖掘 https://mp.weixin.qq.com/s/OnPbtwb_JDf0DAP_b6Z1wQ 安全工具: [Security_tools] Legion 一款网络渗透工具 https://mp.weixin.qq.com/s/1mS0EtjoZwFLFyQgi1k3Qg [Security_tools] 深入了解SQLMAP API https://mp.weixin.qq.com/s/eOqURmczSBYInm2SPTx4QA [Security_tools] 使用Py编写一个子域名爆破工具 https://mp.weixin.qq.com/s/mjwHDIoxHs2V7pNMV9R7fg 代码审计: [Code_audit] 审计某系统从解密到GetShell https://mp.weixin.qq.com/s/yHTJF3evRj_CZwfSe-GFdQ 视频分享: [Video_share] 深度解析隐私数据保护及应急响应 https://www.bugbank.cn/live/view.html?id=112048 [Video_share] 步步为营之游走于内网 https://www.bugbank.cn/live/view.html?id=112196]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F88%2F</url>
<content type="text"><![CDATA[安全周刊(第88期) 安全动态: [Security_week] 漏洞预警丨Oracle WebLogic XMLDecoder反序列化漏洞 https://mp.weixin.qq.com/s/mGi8SF3XYOfELHQmWlpr1Q [Security_week] 我的工控安全学习路线 https://mp.weixin.qq.com/s/XkJ_vkpwwqm6YRPDSl1Qiw [Security_week] Oracle WebLogic 最新远程反序列化命令执行0day漏洞(CVE-2019-2725补丁绕过)预警 https://mp.weixin.qq.com/s/QqbbkEcg5Qi6XdxQ5UzVSg [Security_week] 印象笔记扩展被爆严重漏洞 https://mp.weixin.qq.com/s/dZQn-HEQFcn5nZ3_Nm-Qjw [Security_week] 未来的安全动向,你能抓住吗 https://mp.weixin.qq.com/s/oziY28wXdevWhieCfEA0SQ [Security_week] Linux日志安全分析技巧 https://mp.weixin.qq.com/s/fWlux47luH_zvYpXcZXeYA [Security_week] 网络安全事件的分类分级管理 https://mp.weixin.qq.com/s/NULXUxSt0CgUGZG6xaBD8A [Security_week] Kali Linux 渗透测试相关汇总 https://mp.weixin.qq.com/s/ak6JhjCDeaxjvkwBVcuoyA [Security_week] 网络安全事件应急处置组织机构和保障措施 https://mp.weixin.qq.com/s/ZxAs4EoUbGx8BzFA34tADw [Security_week] 企业网络安全之安全运营思考 https://mp.weixin.qq.com/s/OjoMA5hmLWyhIQ65JAYP3w [Security_week] SSH 相关汇总 https://mp.weixin.qq.com/s/q-yvN2qJCB6LmoBfQM_U6g [Security_week] 网络安全事件监测和预警 https://mp.weixin.qq.com/s/hGe13Gj6JJX-nwETyFrmrw [Security_week] 企业网络安全之漏洞扫描 https://mp.weixin.qq.com/s/yKch-WnmidThRY0CNLmAHg [Security_week] 网络安全事件应急处置 https://mp.weixin.qq.com/s/uOlmcxf569Rst-KZGsTXQg [Security_week] 信息安全漏洞周报(2019年第22期)https://mp.weixin.qq.com/s/BYfTXgv6wkrjQY1S1-iL8A Web安全: [Web_Security] 利用宽字节特性注入 Mysql https://mp.weixin.qq.com/s/PLzksUDuh-iHZR9lL3QUWA [Web_Security] Mysql Root 权限下的注入利用技巧( 一 ) https://mp.weixin.qq.com/s/msf5G0B6bgbcC9NVy0wlyA [Web_Security] Mysql Root 权限下的注入利用技巧( 二 ) https://mp.weixin.qq.com/s/77JYI8OTsgIN6CQXq-EpIQ [Web_Security] WordPress插件Form Maker SQL注入漏洞分析 https://mp.weixin.qq.com/s/nyW1g2Ot1yaE9j4MeIkW6g [Web_Security] Access-SQL手工注入实战 https://mp.weixin.qq.com/s/a-gSCJdSMBECid6GPMmo8A [Web_Security] 挖洞神器—JSFinder https://mp.weixin.qq.com/s/6OCg_CmB9cLxCsUDvBHuaQ 渗透测试: [Penetration_test] 基于 ICMP 发现内网存活主机 https://mp.weixin.qq.com/s/Yak4lG-V-Lc5l_0ChUSI7A [Penetration_test] 从外网到内网的渗透姿势分享 https://mp.weixin.qq.com/s/dQhanuhzpNkJi1xPmqnrUQ [Penetration_test] 基于 MSF 发现内网存活主机第一季 https://mp.weixin.qq.com/s/G94HTHV-5xK0bhaLBXwY0Q [Penetration_test] 靶机Irked的渗透测试详解 https://mp.weixin.qq.com/s/rXkOmGG2B-c-tHJONRfJBg [Penetration_test] Kali 工具 之 Msfvenom 命令自动补全篇 https://mp.weixin.qq.com/s/hC-2LRTuXr9vJBYrBx-Vlw [Penetration_test] 利用BadUSB针对目标优雅的渗透 https://mp.weixin.qq.com/s/UEG7tvDFxlBETe_grYj8JA [Penetration_test] 攻击取证之日志分析(二)https://mp.weixin.qq.com/s/Kfk3tYkvv3GCl7wql28dxQ [Penetration_test] 利用MSF检测CVE-2019-0708漏洞 https://mp.weixin.qq.com/s/GqKAlwW1S3v2_nG6FFY6Qg [Penetration_test] 渗透测试以及安全面试的经验之谈 https://mp.weixin.qq.com/s/w5RRzkKCzCQfUoVzllFtkA 安全工具: [Security_tools] Katoolin - 安装所有Kali Linux工具的工具 https://mp.weixin.qq.com/s/dKEWWI2OS6ixrV000Qutsw [Security_tools] Scanless 一款匿名端口扫描的Pentesting工具 https://mp.weixin.qq.com/s/Stbg0TlsJoxoqRmklLoqXA [Security_tools] Webkiller 简单利用 https://mp.weixin.qq.com/s/lthAGyYmCzSPkXEhvuPurQ [Security_tools] Ettercap 一款嗅探工具 https://mp.weixin.qq.com/s/cxmMAe_aQARpyrb9_hLs7A [Security_tools] DNS Shell 一款控制服务器的工具 https://mp.weixin.qq.com/s/uOUuXO4R4EOlePZ2xqCcnA [Security_tools] Brutespray 一款端口扫描工具 https://mp.weixin.qq.com/s/i5ve6JwyjiegpTUjMielFQ 代码审计: [Code_audit] 代码审计 | ThinkPHP5漏洞分析之代码执行(二)https://mp.weixin.qq.com/s/k1r3UG56vOeHme49WueC9g]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F86%2F</url>
<content type="text"><![CDATA[安全周刊(第86期) 安全动态: [Security_week] 应急响应处置流程Windows篇 https://mp.weixin.qq.com/s/qzNbZLSPMoDU0quo1RsMMw [Security_week] 聊一聊渗透测试过程中的脚本功能 https://mp.weixin.qq.com/s/iIs-8fhn4WDYc4qCiZa-5g [Security_week] Weblogic CVE-2019-2725 分析报告 https://mp.weixin.qq.com/s/BT44IvHbbxSfjdr_1uSeCw [Security_week] 警惕Windows RDP远程漏洞POC传播 https://mp.weixin.qq.com/s/_-4RYExo7GSG2gskC8-qXg [Security_week] Influxdb 认证绕过漏洞预警 https://mp.weixin.qq.com/s/8DM2N4jXv1D_hGpIGteTXw [Security_week] CVE-2019-0708高危漏洞,各家安全厂商的扫描修复方案 https://mp.weixin.qq.com/s/FfXCSlruuXxInw5Am9R4hw [Security_week] Window日志分析 https://mp.weixin.qq.com/s/4kB26XQyAgVzrfOfIt2QvQ [Security_week] 企业网络安全之主机入侵检测 https://mp.weixin.qq.com/s/LZYMkorXHinDZWKEgTJdIQ [Security_week] 企业网络安全之检测 webshell https://mp.weixin.qq.com/s/oosHE694a_Ejvih3A524uA [Security_week] 企业网络安全之 RASP https://mp.weixin.qq.com/s/aYBNd5ACIX0brnq9jcLJ2w [Security_week] 信息安全风险评估浅析 https://mp.weixin.qq.com/s/C5a0aLJAVnDZ-XdlcrWufg [Security_week] 企业网络安全之数据库审计 https://mp.weixin.qq.com/s/A0eWT7t5th3OAf4dajeHxA [Security_week] 信息安全漏洞周报(2019年第20期)https://mp.weixin.qq.com/s/11eCN73QbcxcBX1O9Pch-g [Security_week] 信息安全漏洞周报(2019年第21期)https://mp.weixin.qq.com/s/7iVYBScxuc5wp6ScTch_OA Web安全: [Web_Security] 常见WebShell客户端的流量特征及检测思路 https://mp.weixin.qq.com/s/Y2OiSO66DS-vR5WUwzUJpA [Web_Security] Structs全版本漏洞利用总结 https://mp.weixin.qq.com/s/a06y_BANpGFcgS9hJAAtGw [Web_Security] 第七章:Bypass 云锁注入的多种方式 https://mp.weixin.qq.com/s/mFwd0DwFsqNEX6f66xyxfw [Web_Security] 带你了解一下XML及其注入的相关知识 https://mp.weixin.qq.com/s/ZxwyXWfR5D3aeTjpLBnUlA [Web_Security] XML基本知识以及XXE漏洞 https://mp.weixin.qq.com/s/ftyWcLSqeW5Ekk81WkswmQ 渗透测试: [Penetration_test] 通过反向 SSH 隧道连接 RDP https://mp.weixin.qq.com/s/6JY-4Y82dYxL8jFKf-jgXA [Penetration_test] 记一次实战提权到内网初探 https://mp.weixin.qq.com/s/CgpKGQ0otKg3NBTqv1qtkQ [Penetration_test] 稻草人(dcrcms)企业站模板-漏洞审计复现 https://mp.weixin.qq.com/s/-opCI-xJLcx1uXezgnxOoQ [Penetration_test] 记一次简单的网站渗透测试 https://mp.weixin.qq.com/s/dcf8U8J20qTdBZ9sSndJ3w [Penetration_test] Burpsuite爆破含CSRF-Token的程序 https://mp.weixin.qq.com/s/VXvO5IG1DBB93WRDdubW8Q [Penetration_test] Cobaltstrike-MS17-010 | cna插件分享 https://mp.weixin.qq.com/s/Dc_ji8O26XTp-YPJ0ZqofQ [Penetration_test] 从外网到内网的渗透姿势分享 https://mp.weixin.qq.com/s/LuuwYtZ_Yqq9ucC_YujR3A 安全工具: [Security_tools] Webkiller 一款Python编写的信息收集工具 https://mp.weixin.qq.com/s/uezpRxpeyOGS3OwU2boKKQ [Security_tools] Medusa介绍及简单利用 https://mp.weixin.qq.com/s/ucTQllLknx5rkGuR2Rlq-g [Security_tools] Killshot 一款信息收集和网站漏洞扫描工具 https://mp.weixin.qq.com/s/swg0uheewVRC5wzIaaBjHg [Security_tools] Trigmap:一款专用于渗透测试的Nmap封装工具 https://mp.weixin.qq.com/s/NQ8MFCTaP3WfdzfG9fjd9Q [Security_tools] 勒索病毒解密工具汇总 https://mp.weixin.qq.com/s/ttBactO_ED6nLaISBBxFiA 代码审计: [Code_audit] 代码审计 | ThinkPHP5漏洞分析之文件包含 https://mp.weixin.qq.com/s/3ce6U9rHj7o7S5le8EyUIA [Code_audit] 代码审计 | ThinkPHP5漏洞分析之代码执行(一)https://mp.weixin.qq.com/s/bSO0nUjIyxBeYP9hJb40pw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F87%2F</url>
<content type="text"><![CDATA[安全周刊(第87期) 安全动态: [Security_week] 文本编辑器Vim/Neovim被曝任意代码执行漏洞 https://mp.weixin.qq.com/s/b1a8g5cU6FIoW-ur3sgpYw [Security_week] 渗透测试信息收集心得分享 https://mp.weixin.qq.com/s/pprqACosIunwtN-u7qd6rg [Security_week] Vim编辑器本地代码执行漏洞预警(CVE-2019-12735)https://mp.weixin.qq.com/s/I1QXoD_617rJt8xSE5-s9w [Security_week] 信息安全风险处置浅析 https://mp.weixin.qq.com/s/K-pFXtXRaVxs8cgPIEgvqQ [Security_week] 企业网络安全之入侵检测数据分析 https://mp.weixin.qq.com/s/pQrTs406o9aZTdetzJJeMA [Security_week] 入侵相关汇总 https://mp.weixin.qq.com/s/C2dVTNeR1zSZigORiXAUAg [Security_week] 网络安全事件管理和应急响应法规依据 https://mp.weixin.qq.com/s/irBXuwTUAhxcxyk8ua-SPw [Security_week] 企业网络安全之入侵检测数据模型 https://mp.weixin.qq.com/s/LENopjrmZJyBg4u2y0Hfog Web安全: [Web_Security] Mysql 高级盲注技巧之时间盲注 https://mp.weixin.qq.com/s/vMN-j7_JXV8jAETN8e-xPA [Web_Security] MSSQL注入的高级安全技术 https://mp.weixin.qq.com/s/q8r0zX6ZKYCFvitranSkHw [Web_Security] 让你更容易学会sql注入漏洞利用 https://mp.weixin.qq.com/s/onzCRi8wzhxCEwvwz1SoLA [Web_Security] 漏洞挖掘之信息收集 https://mp.weixin.qq.com/s/aBMZpFy-4cwb1AwxhlcXQQ 渗透测试: [Penetration_test] 基于 MSF 发现内网存活主机第三季 https://mp.weixin.qq.com/s/rlnBthU_8XIvk5-JV817MA [Penetration_test] Apache Tika命令注入漏洞挖掘 https://mp.weixin.qq.com/s/wwGCiiu--BW_hnRxqobbkw [Penetration_test] DataCon 的 DNS 恶意流量检查一题回顾 https://mp.weixin.qq.com/s/M-J4FhGA5zg1WZCA9-Houg [Penetration_test] 漏洞复现-快速开启RMI&&LDAP https://mp.weixin.qq.com/s/TuQWvyro5vphyeZCAo_Y6g [Penetration_test] 记一次获取远程桌面历程 https://mp.weixin.qq.com/s/Y5rwj7Tl2IldzMTYc7x8xg [Penetration_test] 记一次渗透挖洞提权实战 https://mp.weixin.qq.com/s/03HaEnYD5pUEgkX_YK3B_Q 安全工具: [Security_tools] SPARTA - 网络基础设施渗透测试工具 https://mp.weixin.qq.com/s/_VTJk7eOE4ptWxFF1UZdkA [Security_tools] Osmedeus:用于侦察和漏洞扫描的全自动安全工具 https://mp.weixin.qq.com/s/2SHRrURIdPSGIpTtqFJR5Q [Security_tools] Windows、Mac和Linux的最佳数据恢复软件 https://mp.weixin.qq.com/s/YFSgHdArOjte4Bvi-uKhdw 代码审计: [Code_audit] 对于TPCMF框架的一次代码审计 https://mp.weixin.qq.com/s/4On_ez8aQ1yeDz9f_9jhew [Code_audit] PHP代码审计笔记 https://mp.weixin.qq.com/s/aSnID9N_niaqyZi35y4EJQ [Code_audit] ThinkPHP5漏洞分析之代码执行(二) https://mp.weixin.qq.com/s/k1r3UG56vOeHme49WueC9g]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F84%2F</url>
<content type="text"><![CDATA[安全周刊(第84期) 安全动态: [Security_week] 应急响应系统之 Linux 主机安全检查 https://mp.weixin.qq.com/s/S0OmDRU6uQo8LBBK-GUAaQ [Security_week] Linux安全加固之中间件Tomcat https://mp.weixin.qq.com/s/QpWEk12ObGdL3wTFl2KQmg [Security_week] Microsoft Windows RDP & DHCP服务远程代码执行漏洞 https://mp.weixin.qq.com/s/FQ4Gsg1m37gyINqVVoZt_w [Security_week] CVE-2019-0708:Windows RDP服务蠕虫级漏洞预警 https://mp.weixin.qq.com/s/x-jZoMlJEbIgGLz6BOorLw [Security_week] CVE-2019-2725/CNVD-C-2019-48814第三弹——通杀 https://mp.weixin.qq.com/s/DrOWQn4Kh2J0syI5Uv10dg [Security_week] Intel Processor MDS系列漏洞预警 https://mp.weixin.qq.com/s/SKwIj33sW8YjNNaFCgjYxg [Security_week] 《关键信息基础设施安全保护条例》解读 https://mp.weixin.qq.com/s/1ET6t7tZ41odmp8iOaDFxg [Security_week] Kali Linux 渗透测试:无线渗透 https://mp.weixin.qq.com/s/wYgeSP_NcnGSPmM7MH7dVA [Security_week] Web 相关汇总 https://mp.weixin.qq.com/s/Gjvr9RhU7dvl9EugMkpnyg [Security_week] 网络安全等级保护之定级 https://mp.weixin.qq.com/s/q6VujMig0ryVrwGVNgxP1g [Security_week] 信息安全漏洞周报(2019年第18期)https://mp.weixin.qq.com/s/gNUxTv2LzW_oteOZdYu3wA Web安全: [Web_Security] Web指纹识别技术研究与优化实现 https://mp.weixin.qq.com/s/BlxTVLR9bwog_cb-103XHw [Web_Security] 浏览器安全学习笔记(一) https://mp.weixin.qq.com/s/EZBAhWUsqAWgmEtwuaACkw [Web_Security] 让asp的webshell也灵活起来 https://mp.weixin.qq.com/s/dHrv5M7ih2KG2W96VjAuYw [Web_Security] Web入门之攻防世界 https://mp.weixin.qq.com/s/b5e80dzxHi-PiQV2TtFXHQ [Web_Security] 探究apache解析漏洞 https://mp.weixin.qq.com/s/Ukk5Vy3LOR2q4HnbdUW3vQ 渗透测试: [Penetration_test] HTTP 隧道 Tunna 第三季 https://mp.weixin.qq.com/s/N4QCXyogE7--BrGxj9mj8Q [Penetration_test] Kali Linux Web渗透测试手册(第二版) - 9.2 https://mp.weixin.qq.com/s/x-Ufy6ZMHAgIDkgvGcnqUA [Penetration_test] 记两个实战中遇见的逻辑漏洞 https://mp.weixin.qq.com/s/ckPhWW9JpMSHVaduAE898w [Penetration_test] 渗透某德棋牌游戏 https://mp.weixin.qq.com/s/B0xwGC3qUGyFqIwJMDrBXA [Penetration_test] TrackRay-渗透测试自动化框架 https://mp.weixin.qq.com/s/U9qj_HjHZEnxr9TQPzTChg 安全工具: [Security_tools] Nmap是怎么识别主机指纹的 https://mp.weixin.qq.com/s/nGKv-rNR0KuVHNIWCRC6Yg 代码审计: [Code_audit] 初级代码审计之熊海 CMS 源码审计 https://mp.weixin.qq.com/s/HDMCjRSEPfjasR_TRb_j-A]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F85%2F</url>
<content type="text"><![CDATA[安全周刊(第85期) 安全动态: [Security_week] 应急响应系列之 web 实战篇 https://mp.weixin.qq.com/s/Oa20D4gy-gBqoRbrTjnzYw [Security_week] 应急响应实战笔记,一个安全工程师的自我修养! https://mp.weixin.qq.com/s/wCyoPikWahYkIN0R4AVxqw [Security_week] 这一年来做安全负责人的思考和总结 https://mp.weixin.qq.com/s/N5BI4m88NONg5pm_dWXLNQ [Security_week] 聊一聊信安之路的使命愿景和价值观 https://mp.weixin.qq.com/s/bJiitZScCGCPD5v5YyizZg [Security_week] 两年安全分析工作的思考和总结 https://mp.weixin.qq.com/s/ndbaEjX0B4k_tWPeGNMtgA [Security_week] cve-2019-0708 POC放送 https://mp.weixin.qq.com/s/A73WTube5rcJh3MRNKPk-A [Security_week] Numpy反序列化命令执行漏洞分析(CVE-2019-6446)附0day https://mp.weixin.qq.com/s/erc1Pe-_CTotHB0BWHvA0w [Security_week] 网络安全分析报告-04 https://mp.weixin.qq.com/s/sCKjNU2KxSrZPuiq6rk_Vg [Security_week] 企业网络安全之甲方安全建设 https://mp.weixin.qq.com/s/JRdF7UIN_LdnHv1OS3FdtQ [Security_week] 安全防护相关汇总 https://mp.weixin.qq.com/s/6AO4JD860ixZ3WVm0VBXZA [Security_week] 网络安全等级保护之备案 https://mp.weixin.qq.com/s/UaSWiNc4T6erEeW3964ucw [Security_week] 网络安全等级保护之建设整改 https://mp.weixin.qq.com/s/PxO2rxCdUQVHvXSzrJq0hQ [Security_week] 网络安全等级保护之等级测评 https://mp.weixin.qq.com/s/7Sp0-h6Fwmquan4LnLkx0g [Security_week] 企业网络安全之基础安全 https://mp.weixin.qq.com/s/F5ui7qwCT8rCbam3VADN4Q [Security_week] 网络安全等级保护之基本要求 https://mp.weixin.qq.com/s/iukl_4ZKbhHcaAKKC13-sw [Security_week] 企业网络安全之防御 https://mp.weixin.qq.com/s/Bp2ieE49keJ2KmiXrdaf8w [Security_week] 信息安全漏洞周报(2019年第19期)https://mp.weixin.qq.com/s/tg1ywDVfrzYp2JL5cK_dEQ Web安全: [Web_Security] SSRF 漏洞学习实验环境推荐及过程记录 https://mp.weixin.qq.com/s/FXInesMfXaz1l9DibxmMKw [Web_Security] 一次有趣的XSS发现 https://mp.weixin.qq.com/s/Mblf4rXylNckWydd4eMy0A [Web_Security] 深入浅出-XXE漏洞 https://mp.weixin.qq.com/s/N8AyoaYT13WU4Fd4ky_AUw [Web_Security] 从零学习CSRF漏洞并配合实战挖掘CSRF漏洞 https://mp.weixin.qq.com/s/H60QLjoHBkWVZEiim-QrFQ [Web_Security] DVWA靶机之文件上传漏洞通关笔记 https://mp.weixin.qq.com/s/k-skt10avFVjfCginjl96Q [Web_Security] PHP 邮件漏洞小结 https://mp.weixin.qq.com/s/Ztt7ShiSLsR8IntN8eb6Zg [Web_Security] 从二次注入,到报错注入注入,再到正则表达式绕过 https://mp.weixin.qq.com/s/wCYw2rQ-uDTwwUkklaN9Ow 渗透测试: [Penetration_test] HTTP 隧道 ReDuh 第四季 https://mp.weixin.qq.com/s/i0p0JPCjbq3amvh25lFKVA [Penetration_test] 基于 SCF 做目标内网信息搜集第二季 https://mp.weixin.qq.com/s/zrYZhdMegQMl5w-1FcIxwg [Penetration_test] Web渗透测试Fuzz字典分享 https://mp.weixin.qq.com/s/XhN1mlZVXA9gBf_ACed9yQ [Penetration_test] 亲手实践图片木马 https://mp.weixin.qq.com/s/NH9Deb6wh_FrTnDj4Mlzjg [Penetration_test] ubuntu简单密码破解 https://mp.weixin.qq.com/s/-3OeIcnj3d2NGHNYw-LmCg [Penetration_test] kali 简单入侵安卓手机 https://mp.weixin.qq.com/s/tl-ljs_ut-PCqmgwy_DSsA [Penetration_test] 通过DCOM的ShellWindows & ShellBrowserWindow 进行横向渗透 https://mp.weixin.qq.com/s/EsNSd1KX1d9HkoH63gUelQ [Penetration_test] HackBar再再破解 https://mp.weixin.qq.com/s/m5wUS3uOZt09wefPuQBdDQ [Penetration_test] 获取当前系统所有用户的谷歌浏览器密码 https://mp.weixin.qq.com/s/iXQmFY3RzNykAKDM0igERg [Penetration_test] 从零模拟一次实战记录并成功提权 https://mp.weixin.qq.com/s/CzHf7oGWUlycKhU84GE_Rg [Penetration_test] Burpsuite专题学习指南 https://mp.weixin.qq.com/s/G_JT6YGzx4CsLlTnkdxpBg [Penetration_test] 内网渗透 | IPC$入侵大全 https://mp.weixin.qq.com/s/LfKRBZkWfwQxjn8Jpq371w [Penetration_test] 记一次渗透实战 https://mp.weixin.qq.com/s/3Kciz18aSw0N0782Gzj9Sg 安全工具: [Security_tools] Httpscan 一款扫描CIDR网段的小工具 https://mp.weixin.qq.com/s/YEWbwksHT-qJlwcawyCdEQ [Security_tools] ubDomainsBrute 一款快速子域爆破工具 https://mp.weixin.qq.com/s/J5lIZxR7qqxJgvARVW2Yhw [Security_tools] Bolt 一款CSRF扫描工具 https://mp.weixin.qq.com/s/ykScFaow6PW1Gs-H1rR_3w [Security_tools] WINSpect 一款安全审计工具 https://mp.weixin.qq.com/s/MW1cHT2JF075_gMcRjVRTA [Security_tools] Kostebek 一款发现域名工具 https://mp.weixin.qq.com/s/bwXKycWXYCjjewjkGHBuRA [Security_tools] PeekABoo 一款启用远程桌面工具 https://mp.weixin.qq.com/s/mNb9_yoSQAJGOiCc0RXPwg 代码审计: [Code_audit] Weblogic-CVE-2019-2725-通杀payload https://mp.weixin.qq.com/s/psS-paBkn5ZEHNx2xP2fkQ [Code_audit] CVE-2017-17485 Jackson-databind 反序列化 https://mp.weixin.qq.com/s/EKdiz6J1VCgRD6WMHjDxIQ [Code_audit] Spring Cloud Config Server 任意文件读取分析 https://mp.weixin.qq.com/s/JgNI_2_NJi-WW5EcLDZmYA]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F83%2F</url>
<content type="text"><![CDATA[安全周刊(第83期) 安全动态: [Security_week] 干货 | 等保2.0新标准介绍 https://mp.weixin.qq.com/s/87_nFoQO18GAmYxM-M10Pg [Security_week] 企业内部安全之员工安全培训二三事 https://mp.weixin.qq.com/s/umSOlIL_HDKbFrPc5UUpCQ [Security_week] 浅谈入侵溯源过程中的一些常见姿势 https://mp.weixin.qq.com/s/XxMDiRo3RaeOj_Z3WvBmKg [Security_week] Sqlite3 窗口函数UAF漏洞预警通告(CVE-2019-5018) https://mp.weixin.qq.com/s/4kBtliXsWRj4bJ2hWC0tyw [Security_week] WebLogic wls9-async 反序列化漏洞(CNVD-C-2019-48814)复现 https://mp.weixin.qq.com/s/hWKO2gzy7O-XmyHZ9fqq8g [Security_week] SRC逻辑漏洞挖掘那些事儿 https://mp.weixin.qq.com/s/g-LmAV8XDD69zI1HcVKx1g [Security_week] 绕过杀软!SQL Server Transact-SQL 的无文件攻击姿势 https://mp.weixin.qq.com/s/itzMSLVWQbrzyKRTOhYtSQ [Security_week] Domain fronting域名前置网络攻击技术 https://mp.weixin.qq.com/s/9G1qh_azz6SAaZQ7KfvZlg [Security_week] 警惕x3m勒索病毒——CryptON https://mp.weixin.qq.com/s/h4c0n1gV-ghp5CKTo83HZA [Security_week] Kali Linux 渗透测试:信息收集 https://mp.weixin.qq.com/s/d0OhBq54ikmHrtjo0NZ87w [Security_week] Kali Linux 渗透测试:漏洞扫描 https://mp.weixin.qq.com/s/41fOAYR4lgSM_6xaztHQ6w [Security_week] Kali Linux 渗透测试:漏洞利用 https://mp.weixin.qq.com/s/eh83Mp0ZFucTw5pgaOLg2Q [Security_week] Kali Linux 渗透测试:密码攻击 https://mp.weixin.qq.com/s/CyEvnNARLtt5YUnltWQONg [Security_week] 信息安全漏洞周报(2019年第17期)https://mp.weixin.qq.com/s/O-rRS1dnyLj-aNQ02ZVtCwWeb安全: [Web_Security] 聊聊安全测试中如何快速搞定Webshell https://mp.weixin.qq.com/s/N5ueFgdfew8j3pj13Apjww [Web_Security] JSON劫持攻击 https://mp.weixin.qq.com/s/ZCpDSuhict38qd7KrBGxYQ [Web_Security] 小小曲折渗透路之文件上传绕过 https://mp.weixin.qq.com/s/7IwW5WPgz5J7q404iwFMiw [Web_Security] 通过JS发现隐藏未授权接口-惨案发生 https://mp.weixin.qq.com/s/RgiLgrbaj95x_iZNv_wy-A [Web_Security] 如何处理那些杀软都清除不了的病毒 https://mp.weixin.qq.com/s/n7sp5nqYOWdO-NWZ4lDQOg [Web_Security] Webshell免杀套路 https://mp.weixin.qq.com/s/1rwyM5l-qmCorm_L9Kxv9w 渗透测试: [Penetration_test] 基于白名单 Zipfldr.dll 执行 Payload 第十八季 https://mp.weixin.qq.com/s/LXjsVO1lie979txIHzrGHw [Penetration_test] 基于白名单 Ftp.exe 执行 Payload 第十九季 https://mp.weixin.qq.com/s/GrbtnJPOxpLxVT_kU3ZOEQ [Penetration_test] 从目标文件中做信息搜集第一季 https://mp.weixin.qq.com/s/02ZnBe4gSSEnRmzgg0-b5g [Penetration_test] 实战中的 Payload 应用 https://mp.weixin.qq.com/s/DtKTt-wIrgGcbmWHoHzM-A [Penetration_test] 基于实战中的 Small Payload https://mp.weixin.qq.com/s/HF9Mdn5uwQPaN3SmKKyetw [Penetration_test] 基于 Portfwd 端口转发 https://mp.weixin.qq.com/s/nBNEpDAOl41gRb8J78Hc8Q [Penetration_test] HTTP 隧道 ABPTTS 第一季 https://mp.weixin.qq.com/s/OLk06MBS3a7eZ9NPwDkaNw [Penetration_test] MSF 配置自定义 Payload 控制目标主机权限 https://mp.weixin.qq.com/s/EBXyGL8C4475LkKtxmxEaw [Penetration_test] HTTP 隧道 ReGeorg 第二季 https://mp.weixin.qq.com/s/Wxtg7F8XKHk2sen_Lr1t0A [Penetration_test] Metasploit 快速入门(三)—— 服务端漏洞利用 https://mp.weixin.qq.com/s/gUBpjpQ5p4xdntg9ECtCHg [Penetration_test] 如何在无回显时渗透 https://mp.weixin.qq.com/s/tY5XDGu8oSxoJTvXv88fQw [Penetration_test] Kali Linux Web渗透测试第二版—资源整合 https://mp.weixin.qq.com/s/PGT5rmfVh8zDiXSGbfV5nQ [Penetration_test] Mysql客户端任意文件读取学习 https://mp.weixin.qq.com/s/7HSM1TQ1VCCtS5k6FN4Lnw [Penetration_test] 渗透测试报告编写的几个小技巧 https://mp.weixin.qq.com/s/iilj9YKN0ugLOTwS-B0MBw [Penetration_test] 漏洞挖掘思维培养 https://mp.weixin.qq.com/s/qqJzTc9oB4r4rOngYi2_vw [Penetration_test] CTF入门指南 https://mp.weixin.qq.com/s/qQWSyt2MIYYeceoQTg1x4w [Penetration_test] 如何学习SQL注入基础以及深入研究 https://mp.weixin.qq.com/s/ncV1_PO5wVU5ucgvlVwSKw 安全工具: [Security_tools] Kaboom:一款功能强大的自动化渗透测试工具 https://mp.weixin.qq.com/s/TEpHu3mjEhYBo_LpPDEYAg [Security_tools] 安全工具教程资源汇总 https://mp.weixin.qq.com/s/YNtm5ujtx81I8ucC5j3yiA [Security_tools] Awvs12破解版 Acunetix https://mp.weixin.qq.com/s/oWwiVWvtTf-Rgi_ckrhCww 代码审计: [Code_audit] php文件自包含的奇淫技巧 https://mp.weixin.qq.com/s/wJYlQwhXJCz5j062HsE_NA [Code_audit] 代码审计之PHPWIND https://mp.weixin.qq.com/s/wQ9r1PeCGlmK8rotRktsrQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F81%2F</url>
<content type="text"><![CDATA[安全周刊(第81期) 安全动态: [Security_week] 做正确的事,比正确地做事更重要 https://mp.weixin.qq.com/s/Qdvu3yKsX64M2LPv8Vlqfw [Security_week] 等保到底是个啥:系统建设管理部分 https://mp.weixin.qq.com/s/QNzCoudWBzJKQCFqxxaRYw [Security_week] 等保到底是个啥(七):系统运维管理部分 https://mp.weixin.qq.com/s/VZ0Bq4RKS6n7OojW42mAGA [Security_week] 计算机基础知识的最小集合 https://mp.weixin.qq.com/s/fugt_y9bl_PyhIJVjYKdTw [Security_week] 简单入门python字节码混淆 https://mp.weixin.qq.com/s/yPglfHWJ5drvyjwmOmgFBw [Security_week] N份多方面学习资源 https://mp.weixin.qq.com/s/e_sL-yllVEaSv8uHYEJ0lA [Security_week] 安全工具下载资源汇总 https://mp.weixin.qq.com/s/bfU7c-nngLW_mxh_bzMbww [Security_week] 持续整理一份多方面学习资源 — 第三季 https://mp.weixin.qq.com/s/FCLlhpTFmVi5mV3zO8yuOw [Security_week] Internet Explorer XXE 漏洞预警 https://mp.weixin.qq.com/s/KHOKzuf2dQazXnuR23JSXg [Security_week] Oracle WebLogic 反序列化远程命令执行漏洞预警 https://mp.weixin.qq.com/s/0wzYQj9PQMLJpsnGp_zjFg [Security_week] 关于Weblogic wls9-async组件存在反序列化漏洞复现及解决方法 https://mp.weixin.qq.com/s/FekGq62wx5di3JyjwW9nWA [Security_week] WebLogic任意文件上传漏洞(CVE-2019-2618) https://mp.weixin.qq.com/s/zWnxlkqh5rvHrT9DzHBMuA [Security_week] Spring Cloud Config目录遍历漏洞(CVE-2019-3799) https://mp.weixin.qq.com/s/6434rhIDYhIrbXW2MrTAjw [Security_week] 数据库相关汇总 https://mp.weixin.qq.com/s/hALKVW5KAMbU3zpyRzQ_3w [Security_week] 骚扰电话相关汇总 https://mp.weixin.qq.com/s/rb8eGTpDYgxPEsMnhT4auA [Security_week] 女朋友相关汇总 https://mp.weixin.qq.com/s/y7YEFH6Rf86JLrWVootlfg [Security_week] 信息安全漏洞周报(2019年第14期) https://mp.weixin.qq.com/s/iiSpp17GYZ73tP6wyxIlPQ [Security_week] 信息安全漏洞周报(2019年第15期) https://mp.weixin.qq.com/s/H-Ez4wQcLFcyfHwkG6lsrQ Web安全: [Web_Security] 文件包含&奇技淫巧 https://mp.weixin.qq.com/s/jTMWqxNb0NsBvgjW5_oyRA [Web_Security] IE XXE注入0 day漏洞 https://mp.weixin.qq.com/s/7XUe-Qo0Z5eKvSrpSYTNCw [Web_Security] PHP中的随机数安全问题 https://mp.weixin.qq.com/s/Y1vKHQ6OPTUXi0wWSTzOtw [Web_Security] 僵尸扫描详解及实例演示https://mp.weixin.qq.com/s/yJ64O4o7YDPvWree3QED6g [Web_Security] 《Web安全攻防》配套视频之 SQL注入原理 https://mp.weixin.qq.com/s/Wk2G4MOmXNPPN-9RwDzWHA [Web_Security] 《Web安全攻防》配套视频 之与MySql注入相关知识点 https://mp.weixin.qq.com/s/KoTM4kpYWkU4FZhy0MbjKA [Web_Security] 《Web安全攻防》配套视频 之 Union注入攻击及代码分析 https://mp.weixin.qq.com/s/U5oYdD2lH1Y-rv_USM1APQ [Web_Security] 如何绕过xss输入验证 https://mp.weixin.qq.com/s/jUiu8g-La6xT1C_zUVd9ZQ [Web_Security] 安全编码实践之一:注入攻击防御 https://mp.weixin.qq.com/s/nVvP9vmtCmGRe6ILNFX5IQ [Web_Security] 安全编码实践之二:跨站脚本攻击防御 https://mp.weixin.qq.com/s/mJTuToSUXFVuVPwRZASYJQ [Web_Security] 安全编码实践之三:身份验证和会话管理防御 https://mp.weixin.qq.com/s/dLoXi1wKG51Zvuz5WYVP1Q [Web_Security] 数据库备份拿webshell https://mp.weixin.qq.com/s/PacmfedRNdRHgBayEdzIEw 渗透测试: [Penetration_test] Meterpreter 下的 Irb 操作第一季 https://mp.weixin.qq.com/s/crYtFk4SRexX-PkucYXm5g [Penetration_test] 基于白名单 Regasm.exe 执行 Payload 第三季 https://mp.weixin.qq.com/s/84u3Uli7jmQMtzxxGTnJgA [Penetration_test] 基于白名单 Regsvcs.exe 执行 Payload 第四季 https://mp.weixin.qq.com/s/-BaQD_RSF0FLtQRG-fBSwA [Penetration_test] 基于白名单 Mshta.exe 执行 Payload 第五季 https://mp.weixin.qq.com/s/sRSwPra5jJgKLW4rnzwHVA [Penetration_test] 基于白名单 Compiler.exe 执行 Payload 第六季 https://mp.weixin.qq.com/s/svywPnn4j443-qTL00IkZg [Penetration_test] 基于白名单 Csc.exe 执行 Payload 第七季 https://mp.weixin.qq.com/s/eX1XQ5jzyg6Kt1DrEq2uDA [Penetration_test] 企业人员安全意识之邮件钓鱼 https://mp.weixin.qq.com/s/PgyXIfyeU3vLtzn8y7uXEg [Penetration_test] Metasploit快速入门(二)https://mp.weixin.qq.com/s/HC6ii2uq4xvr2b4CotUlBg [Penetration_test] Metasploit 快速入门(二)——信息收集和扫描-续 https://mp.weixin.qq.com/s/QjvqJVSKvtcn44Vl012mQw [Penetration_test] zico靶机实战过程 https://mp.weixin.qq.com/s/-92D5PP_jAPV1j3rwmj4HA [Penetration_test] 靶机Frolic的渗透测试详解 https://mp.weixin.qq.com/s/bnjyi1oycX3jELCdjTvfwg [Penetration_test] CTF解题技能之压缩包分析进阶篇 https://mp.weixin.qq.com/s/wKkitLdVh1M5GTHzShqV-g [Penetration_test] 基于Termux打造Android手机渗透神器 https://mp.weixin.qq.com/s/Dx4E72TA7hEC5WT7qSAzxg [Penetration_test] 一些渗透知识点的总结 https://mp.weixin.qq.com/s/O86UIC2EWcVNUJLyTO8m-A [Penetration_test] 对某网的一次渗透测试纪实 https://mp.weixin.qq.com/s/N-ghWPnMFz5IfWYlcIsMXg 安全工具: [Security_tools] Watcher - 被动Web应用程序漏洞扫描程序 https://mp.weixin.qq.com/s/JtZOYyInlmA4QlmLNPuWOA [Security_tools] wpbf - WordPress暴力工具 https://mp.weixin.qq.com/s/nF0xB0EoLD1rceCqCCEiYQ [Security_tools] SubDomainizer– 查找js文件中隐藏的子域名工具 https://mp.weixin.qq.com/s/Yt2EpyWQpW6X8Gp3A5nIpw [Security_tools] FuzzScanner:信息搜集开源小工具 https://mp.weixin.qq.com/s/CjrP3bK5JU4aS76y3cL3BQ 代码审计: [Code_audit] .NET高级代码审计(第八课) SoapFormatter反序列化漏洞 https://mp.weixin.qq.com/s/HuYI4rtZ5eLvrOugPb2Ppg [Code_audit] .NET高级代码审计(第九课) BinaryFormatter反序列化漏洞 https://mp.weixin.qq.com/s/9_YaDdOOPZCYfb3NOIlg6A [Code_audit] .NET高级代码审计(第十课) ObjectStateFormatter反序列化漏洞 https://mp.weixin.qq.com/s/WeM6myJdhMF6h5bQM0w-2Q [Code_audit] .NET高级代码审计(第十一课) LosFormatter反序列化漏洞 https://mp.weixin.qq.com/s/ETPq6xE0jR6J6NA8JSX7sA [Code_audit] PHP代码审计笔记–任意文件上传 https://mp.weixin.qq.com/s/QaaFpTmEutW5-SMcVGIeEg [Code_audit] 代码审计 | ThinkPHP5漏洞分析之SQL注入(四) https://mp.weixin.qq.com/s/yK4VRz3URXb74luAHYO0Vw [Code_audit] 代码审计 | ThinkPHP5漏洞分析之SQL注入(五) https://mp.weixin.qq.com/s/BwoRWi2wXpSuIHHcxGWVfg [Code_audit] 代码审计 | ThinkPHP5漏洞分析之SQL注入(六) https://mp.weixin.qq.com/s/9UOi2g8yOHcO9-DnENQquQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F82%2F</url>
<content type="text"><![CDATA[安全周刊(第82期) 安全动态: [Security_week] 一文看懂认证安全问题总结篇 https://mp.weixin.qq.com/s/pUamv_JmPXzxPwC8zBfCpg [Security_week] 提高全员安全意识的6个方向 https://mp.weixin.qq.com/s/NY2dprcK2I19Mmz253YZ7w [Security_week] 等保2.0将至,解读新标准的变化 https://mp.weixin.qq.com/s/yLhLif5LDsOlcgvyZv_VSg [Security_week] Windows安全加固 https://mp.weixin.qq.com/s/sVhJw0IdE7PLhE9CUnBXLg [Security_week] Linux安全加固 https://mp.weixin.qq.com/s/fB7l7FsmgdIzyM3nkkhBGw [Security_week] Weblogic反序列化远程代码执行漏洞(CVE-2019-2725)分析报告 https://mp.weixin.qq.com/s/fPZhWOyPexgQy6f-9c-JSw [Security_week] WebLogic wls9-async 反序列化漏洞(CNVD-C-2019-48814)复现 https://mp.weixin.qq.com/s/hWKO2gzy7O-XmyHZ9fqq8g [Security_week] 最新weblogic漏洞复现 https://mp.weixin.qq.com/s/Hdvp1_lUgfynQg_KP-t9Tg [Security_week] 关于Atlassian Confluence Widget Connector 目录穿越、远程代码执行漏洞分析及复现 https://mp.weixin.qq.com/s/fu8dQesXHWg-XmHmvxGryg [Security_week] 公安部相关汇总 https://mp.weixin.qq.com/s/hnbzjdrH72bpByVw5eiefg [Security_week] 网警相关汇总 https://mp.weixin.qq.com/s/k4QTv4zc-c1ik2k_lWTJBg [Security_week] 工信部相关汇总 https://mp.weixin.qq.com/s/PwqV5PKazXPS9u3LUmGk5A [Security_week] 信息安全漏洞周报(2019年第16期)https://mp.weixin.qq.com/s/CtydNIk7BWgGU5EmnlTW8A Web安全: [Web_Security] 最全的PHP反序列化漏洞的理解和应用 https://mp.weixin.qq.com/s/JzGDyP6RGZ4xCxV4gqM2Sw [Web_Security] 最新weblogic漏洞复现 https://mp.weixin.qq.com/s/LrfiwuEkVqBqndujyo9UMQ [Web_Security] 当sqlmap跑不出数据怎么办 https://mp.weixin.qq.com/s/v2VJ2k-fm5q2JvbWyHjpSQ [Web_Security] 常见六大 Web 安全攻防解析 https://mp.weixin.qq.com/s/JttR5idAeAWLHUVu-_7CHA [Web_Security] Weblogic组件存在反序列化漏洞及解决方法 https://mp.weixin.qq.com/s/Qr1tlEk5PUsjEiLO8-5v1A 渗透测试: [Penetration_test] 基于白名单 Msiexec 执行 Payload 第八季 https://mp.weixin.qq.com/s/EqwNkW-fmJSCFqCbtE-g-w [Penetration_test] 基于白名单 Msiexec 执行 Payload 第八季补充 https://mp.weixin.qq.com/s/XQtxlpSvf0LeAWL5Q3U4IQ [Penetration_test] 基于白名单 Regsvr32 执行 Payload 第九季 https://mp.weixin.qq.com/s/gCBHsQDnmpFe4I3kIm0rgg [Penetration_test] 基于白名单 Wmic 执行 Payload 第十季 https://mp.weixin.qq.com/s/fS1yv47zcfRcTj3gtBQKLA [Penetration_test] 基于白名单 Rundll32.Exe 执行 Payload 第十一季 https://mp.weixin.qq.com/s/EX4yfiZmQ4PM_0NRG8901w [Penetration_test] 基于白名单 Odbcconf 执行 Payload 第十二季 https://mp.weixin.qq.com/s/0mTc12TfJv4A0EwVEsmTjQ [Penetration_test] 基于白名单 PsExec 执行 Payload 第十三季 https://mp.weixin.qq.com/s/-kAK8DrjNzPbCATnt2ZNQA [Penetration_test] 基于白名单 Forfiles 执行 Payload 第十四季 https://mp.weixin.qq.com/s/d9A6UISjD7naAdYpb5W2NQ [Penetration_test] 基于白名单 Pcalua 执行 Payload 第十五季 https://mp.weixin.qq.com/s/TBO9rtvaGxVryEs7jOlp0A [Penetration_test] 基于白名单 Cmstp.exe 执行 Payload 第十六季 https://mp.weixin.qq.com/s/tCeRoQ5igRtucyzCElydpg [Penetration_test] 基于白名单 Url.dll 执行 Payload 第十七季 https://mp.weixin.qq.com/s/_8QToOLiExoIVy5Y7pUZPA [Penetration_test] SP eric靶机通关攻略 https://mp.weixin.qq.com/s/DIl_o7n70xKRMNmwpAYV6Q [Penetration_test] 记两个实战中遇见的逻辑漏洞 https://mp.weixin.qq.com/s/MpwJFWAFJH5K2BhCD9K_vQ [Penetration_test] 攻击取证之日志分析(一) https://mp.weixin.qq.com/s/iDBFmQ7y0aXX0VqOKSLeKA [Penetration_test] Fckeditor漏洞Getshell https://mp.weixin.qq.com/s/au-VCgtVXvr1s7LTu8eLZw [Penetration_test] Kali Linux 破解无线网密码 https://mp.weixin.qq.com/s/u4Zc3rTwgBcgk_NiyZPfOg [Penetration_test] Windows认证及抓密码总结 https://mp.weixin.qq.com/s/9EUIamh3L87OWy_uqoJXCw 安全工具: [Security_tools] sshLooter – SSH 密码记录工具 https://mp.weixin.qq.com/s/CLIgjjID31DM36ah_m4q2g [Security_tools] Pupy – 全平台远程控制工具 https://mp.weixin.qq.com/s/1MX05GHQeYvwbGjUGyxEAw [Security_tools] Pythem – Python网络/渗透测试工具 https://mp.weixin.qq.com/s/UyiJecAWrwo6PIjWRHHNxA [Security_tools] trape 一种识别工具 https://mp.weixin.qq.com/s/N6G4QipDn6kmqMg_SjbjpQ [Security_tools] reko - 通用反编译工具 https://mp.weixin.qq.com/s/E-bHfuEFFOfhdCn1HPIfHw [Security_tools] Dirmap:高级Web目录扫描工具 https://mp.weixin.qq.com/s/4mbOoNbZa0dVxPZklnae_A [Security_tools] burp 日志插件从原理到实践 https://mp.weixin.qq.com/s/juvy7t5PVzfFr5vze4758g 代码审计: [Code_audit] php弱类型引发的血案 https://mp.weixin.qq.com/s/D1kN9AVubt3-tpqH8peADw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F80%2F</url>
<content type="text"><![CDATA[安全周刊(第80期) 安全动态: [Security_week] 小师妹聊如何部署IDPS https://mp.weixin.qq.com/s/z0Vlz33FKGNW2_IUaUv_dg [Security_week] 攻防对抗之蓝方技术分享总结 https://mp.weixin.qq.com/s/Wr8hZzSv0eIl_TbcmAIbnw [Security_week] 浅谈等级保护测评 https://mp.weixin.qq.com/s/bQRboKNn6RcjpiKg54vK5Q [Security_week] 学习方法与生活经验 https://mp.weixin.qq.com/s/MsQOHwbwa_-mfNrKLmXigQ [Security_week] 关于Atlassian Confluence Widget Connector存在目录穿越、远程代码执行漏洞 https://mp.weixin.qq.com/s/C65sc89hFSFryT6sKIpUyw [Security_week] Apache Tomcat 远程代码执行漏洞(CVE-2019-0232)预警 https://mp.weixin.qq.com/s/8C_WgYoc6JcNp01q_2mD9A [Security_week] HTTP 相关汇总 https://mp.weixin.qq.com/s/ytx78iZ8VZarOHuA0wXnKg [Security_week] 什么是端口扫描?https://mp.weixin.qq.com/s/5KIblTCCOclqLgyeMPcwlw [Security_week] 后门相关汇总 https://mp.weixin.qq.com/s/PZAPse00HXjBNSVJT9dJGw Web安全: [Web_Security] 某CMS不顺畅的XXE漏洞 https://mp.weixin.qq.com/s/NnZLvpmIzObgfJJzVjR2MQ [Web_Security] FFmpeg HLS SSRF漏洞实例讲解 https://mp.weixin.qq.com/s/bPuWfT9MIDlxTZmzv0812g [Web_Security] SSRF漏洞利用与getshell实战 https://mp.weixin.qq.com/s/1hzfFhh4HBlilNmHxSfa8g [Web_Security] RPO漏洞深入剖析与利用 https://mp.weixin.qq.com/s/TUg02nutEnfk5GJzAjy0Eg [Web_Security] 分块传输绕过WAF https://mp.weixin.qq.com/s/TJnyzVafVr1ELi6aYgLscA [Web_Security] 渗透实战 | 拿下一个智能交易网站经验分享 https://mp.weixin.qq.com/s/gq8WkLVblKUdIA8m23qwMQ 渗透测试: [Penetration_test] Ftp 一句话下载 Payload 补充 https://mp.weixin.qq.com/s/iuonyrc0dNkhCksInOuZ_A [Penetration_test] 基于白名单 Msbuild.exe 执行 Payload 第一季 https://mp.weixin.qq.com/s/8Cb52hewhpZwOqM8TwKn3A [Penetration_test] 基于白名单 Installutil.exe 执行 Payload 第二季 https://mp.weixin.qq.com/s/wqkFzKkqwVO8rOsD00ME3Q [Penetration_test] cURL在Web渗透测试中的应用 https://mp.weixin.qq.com/s/K4lgHAxwXZ8bmS0EdNZkSw [Penetration_test] Metasploit快速入门(一) https://mp.weixin.qq.com/s/AyqMRqumf0Q5ExeJgvr9sw [Penetration_test] 靶机Access的渗透测试详解 https://mp.weixin.qq.com/s/9il_PkBN9DcDqoAwm2lvpw [Penetration_test] 利用Metasploit破解Tomcat登录密码并通过war包部署Getshell https://mp.weixin.qq.com/s/YFJbdr9DLKjKhR73G7udFQ 代码审计: [Code_audit] .NET高级代码审计(第七课) NetDataContractSerializer反序列化漏洞 https://mp.weixin.qq.com/s/9-fOq3HaYnjzFE-8Vo6sCg [Code_audit] 代码审计 | ThinkPHP5漏洞分析之SQL注入(二) https://mp.weixin.qq.com/s/Y-oimjVfiRxA7gVimIWQQw [Code_audit] 代码审计 | ThinkPHP5漏洞分析之SQL注入(三) https://mp.weixin.qq.com/s/pE7wRFJWPScr7zNDVg9BvA]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F8%2F</url>
<content type="text"><![CDATA[title: 8date: 2018-1-16 19:05:18tags: 8 Web安全漏洞: securityfocus&ImageMagick [web_vlun]ImageMagick Incomplete Fix CVE-2017-7275 Memory Corruption Vulnerability: http://www.securityfocus.com/bid/97166 securityfocus&Apache And Microsoft IIS [web_vlun]Apache And Microsoft IIS Range Denial of Service Vulnerability: http://www.securityfocus.com/bid/21865 青楚[web_vlun]医疗也疯狂 :德国美诺( Miele )清洁消毒设备被曝目录遍历漏洞: http://hackernews.cc/archives/8136 Manuel Caballero 译:Holic [web_vlun]Referrer spoofing with iframe injection: http://paper.seebug.org/258/ CNVD: [web_vlun]南京管鲍科技发展有限公司管鲍在线考试系统存在cookie欺骗漏洞: http://www.cnvd.org.cn/flaw/show/CNVD-2017-01969 CNVD: [web_vlun]Wonder CMS路径遍历漏洞: http://www.cnvd.org.cn/flaw/show/CNVD-2017-03527 CNVD: [web_vlun]Wonder CMS PHP远程文件包含: http://www.cnvd.org.cn/flaw/show/CNVD-2017-03526 Web安全文章: twitter&WLC Management [web_security]Running Internal Hands-On Cyber Security Training Programs : https://blog.ctf365.com/2017/03/29/running-cyber-security-training-programs/ 网络安全管理人员以及运行网络安全培训计划:http://dwz.cn/5DVg1o twitter&Nikhil SamratAshok Mittal [web_phishing]如何通过SQL注入获取服务器本地文件: http://www.freebuf.com/articles/web/130061.html twitter&WLC Management [web_security]WLC Management : https://twitter.com/aliardic (twitter&Aditya Gupta) [web_security]Smart TV Hacking: https://t.co/6OkrwijJfm (twitter&Jamie Shaw) [web_security]Privilege Escalation: Manual privilege escalation techniques on Unix and Windows : https://t.co/RDZ5DlHH7w (github) [web_security]猪猪侠历次分享总结 : https://github.com/ring04h/papers (Tools) [web_security]cve-2017-7269 for msf 反弹Meterpreter : https://www.t00ls.net/login.html Web安全工具: (github&MSBuild) [web_tools] COM Session Moniker Exploit running within MSBuild.exe: https://github.com/Cn33liz/MS17-012 (freebuf&SpiderFoot) [web_tools]开源自动化信息收集工具SpiderFoot: http://www.freebuf.com/sectool/130007.html 移动安全: 看雪&netsniffer [andorid]修改ro属性的小工具新版本-170119: http://bbs.pediy.com/thread-215311.htm 看雪&scxc [andorid]百度加固逆向分析: http://bbs.pediy.com/thread-216701.htm]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F79%2F</url>
<content type="text"><![CDATA[安全周刊(第79期) 安全动态: [Security_week] 漏洞预警 | Confluence Server 远程代码执行漏洞 https://mp.weixin.qq.com/s/7PBKDJ7bjRJHtXUau-swNw [Security_week] CVE-2019-0211:Apache HTTP服务组件存在提权漏洞 https://mp.weixin.qq.com/s/-jTtm2VkWFjvbwlP5aVr2g [Security_week] Android 相关汇总 https://mp.weixin.qq.com/s/nFqz39Oa6xQ4BF1zQRWwsQ [Security_week] iPhone 相关汇总 https://mp.weixin.qq.com/s/rTVpJl1b_uWvnOZoERN2-w [Security_week] 蜜罐相关汇总 https://mp.weixin.qq.com/s/yuic_yelYREdXrmzwvtmzQ [Security_week] 照片相关汇总 https://mp.weixin.qq.com/s/rRLKNl8XNw54jAF5RwveFQ [Security_week] Kali Linux 相关汇总 https://mp.weixin.qq.com/s/SD_wJZr2emilqeBj-hTQ9w [Security_week] 信息安全漏洞周报(2019年第12期) https://mp.weixin.qq.com/s/yahWzeWE190z94asx4by9w [Security_week] 信息安全漏洞周报(2019年第13期)https://mp.weixin.qq.com/s/1YhDjhV5LPxgnaGykdXNUA Web安全: [Web_Security] 由小小姐炫耀引起的一次钓鱼网站入侵并溯源 https://mp.weixin.qq.com/s/j9gLpXvnz0MwHtbwFclRVA [Web_Security] SharePoint邮件通知服务中的XSS漏洞 https://mp.weixin.qq.com/s/3-G0MY43-t01iKgWiib52w [Web_Security] Web安全学习笔记 https://mp.weixin.qq.com/s/L0C2TajMEM3veHgB0Yazxg [Web_Security] 组合拳玩转self-xss https://mp.weixin.qq.com/s/B4YbrZgdGp3NHDTK39zNoQ [Web_Security] JAVA漏洞修复-XSS漏洞 https://mp.weixin.qq.com/s/ccq7LJUv3jpoJmyZa_FkvQ [Web_Security] MSSQL手工注入安全项目实战 https://mp.weixin.qq.com/s/WtC-FRLfc8ZJqGX9a3T_Ww [Web_Security] mysql注入的小tips https://mp.weixin.qq.com/s/ylih8yhomFbsNIoIg5oQYQ [Web_Security] Web安全 | 未授权漏洞访问 https://mp.weixin.qq.com/s/iam5WlWCHLuyLkKI2c4-Ig 渗透测试: [Penetration_test] 高级持续渗透-第二季关于后门补充一 https://mp.weixin.qq.com/s/47CWPC-FVm8Q4HXEC3VDBg [Penetration_test] 高级持续渗透-第三季关于后门补充二 https://mp.weixin.qq.com/s/DO0QXEPQWU0MAyGJH22Q2g [Penetration_test] 高级持续渗透-第四季关于后门 https://mp.weixin.qq.com/s/ZZgMWXB9ZKeDM3_s_QPR5w [Penetration_test] 高级持续渗透-第七季 Demo 的成长 https://mp.weixin.qq.com/s/UG-xdX1r_yxqKE-ISUCgrw [Penetration_test] 高级持续渗透-第八季 Demo 便是远控 https://mp.weixin.qq.com/s/gYbIHNdVkPdgM9Y1mIl31w [Penetration_test] 从SSRF到最终获取AWS S3 Bucket访问权限的实际案例 https://mp.weixin.qq.com/s/4LTmSHpXWMWDjexY-5CcFg [Penetration_test] 记一次入侵应急响应分析 https://mp.weixin.qq.com/s/UegzWF4XN3k5QcNupig3vQ [Penetration_test] Ruby on Rails路径穿越与任意文件读取漏洞分析 https://mp.weixin.qq.com/s/1RFgOMENGgEOfrcGLgIfwA [Penetration_test] Nmap在VMware NAT网络下探测主机存活误报的分析 https://mp.weixin.qq.com/s/U9W_77Ao7YoO9-Y4Xgsh9g [Penetration_test] 深入理解metasploit的payload https://mp.weixin.qq.com/s/jRUQzphnCrAi-4CJp_m1CQ [Penetration_test] 推荐一个渗透测试实战平台 https://mp.weixin.qq.com/s/KDvf_b3BUB7Pbvel9GGxTQ [Penetration_test] 黑客札记:Linux与unix安全 https://mp.weixin.qq.com/s/qA4meIfUbakuuQfDxGDDzw [Penetration_test] 网络安全学习路程随笔分享 https://mp.weixin.qq.com/s/7q76vL59d93Br-0z9slB3A 安全工具: [Security_tools] FDsploit:文件包含路径回溯漏洞的挖掘枚举和利用 https://mp.weixin.qq.com/s/MqoYH_2WEqUTj1ZvkeKdHw [Security_tools] sqlmapapi使用手册 https://mp.weixin.qq.com/s/FIMBqD0J0DSBYmYZD0MTMg [Security_tools] 那些年我们遇到的开源扫描器 https://mp.weixin.qq.com/s/FtahbIFEdm09jZqVBs7uPg 代码审计: [Code_audit] 代码审计从入门到放弃(四)& phpmagic https://mp.weixin.qq.com/s/NSOq6EK-YhbAVfLmKSMt8A [Code_audit] .NET高级代码审计(第六课) DataContractSerializer反序列化漏洞 https://mp.weixin.qq.com/s/7IpfQE_EwcTByT_tyIJ1Dw [Code_audit] PHP代码审计笔记–XSS跨站脚本 https://mp.weixin.qq.com/s/s18y9W5ISXY4EwLPyDyyiQ [Code_audit] PHP代码审计笔记–CSRF跨站请求伪造 https://mp.weixin.qq.com/s/eWaRK30pRJjetLzCr1D4Og [Code_audit] Java-web学习之路-序列化和反序列化 https://mp.weixin.qq.com/s/ozpNWTuCeH9H3qnsO5Hi0g [Code_audit] ReDOS初探 https://mp.weixin.qq.com/s/BfNwQDH6wodZ0YfbgIEkNg [Code_audit] Metinfo<=6.1.3前台getshell https://mp.weixin.qq.com/s/9pc73qbqzbynX6XuSwcKNw [Code_audit] ThinkPHP5漏洞分析之SQL注入(一) https://mp.weixin.qq.com/s/3ug1uLFRnOlSNKn2H3U3YA]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F78%2F</url>
<content type="text"><![CDATA[安全周刊(第78期) 安全动态: [Security_week] 企业安全建设之HIDS(二):入侵检测&应急响应 https://mp.weixin.qq.com/s/U7Roe3fJDBkVMksyG3EkTA [Security_week] 小师妹聊安全标准(二) https://mp.weixin.qq.com/s/TCcXZfKzFDqpymcSlWU8CQ [Security_week] 如何用 Linux 技巧大大提高工作效率? https://mp.weixin.qq.com/s/1LFV2B-QA1WgphSewJB8KA [Security_week] 一文读懂相关汇总 https://mp.weixin.qq.com/s/AtdOAA4gUbeD0UUa0VE7IQ [Security_week] 服务器相关汇总 https://mp.weixin.qq.com/s/zlGMk5mFHGsxet7oE1aphA [Security_week] 大数据相关汇总(认知篇) https://mp.weixin.qq.com/s/ob-EugPUhBOoGAHaOoGCnw [Security_week] 大数据相关汇总(技术篇) https://mp.weixin.qq.com/s/MZrSsqS0lQ7lxKbYbXRk3w [Security_week] 2018 相关汇总 https://mp.weixin.qq.com/s/dQb3tU90CkfOl9lFZ0rMOg Web安全: [Web_Security] 那些年挖过的SRC之我是捡漏王 https://mp.weixin.qq.com/s/EzhPK96cI5iLt5O0f7L0cw [Web_Security] CSRF 原理与防御案例分析 https://mp.weixin.qq.com/s/RlcWpAll_U6N6dpCK6ZkqA [Web_Security] 从 session 角度学习反序列化 https://mp.weixin.qq.com/s/MKiosdN_3e33-vsbhTOWYA [Web_Security] SSRF 从入门到批量找漏洞 https://mp.weixin.qq.com/s/mlk0t6aTeKp90Tb3IDYYjg [Web_Security] CTF必备技能之编码大全 https://mp.weixin.qq.com/s/a28yG1bBg-dyyZNG0R8qKw [Web_Security] APT资源乱入+ 学会编写sqlmap tamper https://mp.weixin.qq.com/s/97woBnaeE-HXH3zOHs990w [Web_Security] Web安全学习路线 | 附干货 https://mp.weixin.qq.com/s/umdHxBGbX4bXRPAl0Ituyg [Web_Security] 一份巨强大的字典分享 https://mp.weixin.qq.com/s/-CU0ffkP0WmY59iFZBzTZw 渗透测试: [Penetration_test] 内网渗透中的文件传输 https://mp.weixin.qq.com/s/JZsxAVsTCHwj1Fepvruofw [Penetration_test] 与 Smbmap 结合攻击 https://mp.weixin.qq.com/s/1EBrFrDUlCmJdpwXb-sexA [Penetration_test] 针对活动目录(AD)的渗透测试全攻略 https://mp.weixin.qq.com/s/1L-lIHBaIw__tNq4BjkGWg 安全工具: [Security_tools] pMap - 被动发现,扫描和指纹识别工具 https://mp.weixin.qq.com/s/Qm2V3gKEgDknnsS19czdag [Security_tools] Snort - OpenSource网络入侵检测工具 https://mp.weixin.qq.com/s/3bpcNKNsxnlFbnmF2yFQXA [Security_tools] NMAP使用指南 https://mp.weixin.qq.com/s/ITENZE3XWQihT-Mfwjm7lg 代码审计: [Code_audit] “代码审计”了解一下 https://mp.weixin.qq.com/s/Btmdpzog6e14d7_6JKoMlQ [Code_audit] PHP代码审计笔记–SQL注入 https://mp.weixin.qq.com/s/6WAnFs-bKAV-zN4niyJZXA [Code_audit] 代码审计 | PHP反序列化入门之寻找POP链(三) https://mp.weixin.qq.com/s/HRKh4u8Rl8y-Bb7mUI98hw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F77%2F</url>
<content type="text"><![CDATA[安全周刊(第77期) 安全动态: [Security_week] 等保到底是个啥:网络安全部分 https://mp.weixin.qq.com/s/4-4_-guzlT9fJp0BtNk6Ig [Security_week] 小师妹聊安全标准 https://mp.weixin.qq.com/s/gWA7681XEtAsG7ceoNxdtw [Security_week] 网络安全应急响应相关汇总 https://mp.weixin.qq.com/s/exqeio2sT4O-t4WRuDjFDQ [Security_week] C语言逆向基础知识 https://mp.weixin.qq.com/s/G8AXio9NHd8WZGeF6tF1dQ [Security_week] 一文读懂 SQL 注入 https://mp.weixin.qq.com/s/Fk-A1OsL-z3Y5nW904WhfA [Security_week] 提权相关汇总 https://mp.weixin.qq.com/s/34hXGdg8_zQEcClWhxY6AQ [Security_week] 802.11无线网络安全基础知识 https://mp.weixin.qq.com/s/eoF1j9UHGSJkkfipfsOeQA [Security_week] 交换机相关汇总 https://mp.weixin.qq.com/s/LD0Q_LxFbftE_fW5M_7mHg [Security_week] 802.11无线网络安全之扫描和发现 https://mp.weixin.qq.com/s/KyAxV9g-PSIsagGZ6jZOjQ [Security_week] 路由器相关汇总 https://mp.weixin.qq.com/s/EqnNpzLmcJMin2SsRBn51Q [Security_week] 802.11无线网络之安全攻防 https://mp.weixin.qq.com/s/7pusUd5EBHh_yMPZceW-rw [Security_week] 信息安全漏洞周报(2019年第11期)https://mp.weixin.qq.com/s/erw2m52aLETfuhXSljXIJA Web安全: [Web_Security] ECShop 4.0反射型XSS漏洞分析 https://mp.weixin.qq.com/s/wd8B01GMKY0jMdxnlp1pYg [Web_Security] 由小小姐炫耀引起的一次钓鱼网站入侵并溯源 https://mp.weixin.qq.com/s/GhIzsLNEHHb2g3EvAe6CTg [Web_Security] 这都学不好Web安全 你真的太让我失望了 https://mp.weixin.qq.com/s/iK6ujbAFAzFmpeikzhrsYQ [Web_Security] .NET高级代码审计(第四课) JavaScriptSerializer反序列化漏洞 https://mp.weixin.qq.com/s/FvyGr5mrweLV3yGX39rr-w [Web_Security] sql盲注的学习 https://mp.weixin.qq.com/s/IgAFe7jBXKLnX0Fm9RtgHA [Web_Security] 漏洞环境搭建之 Windows+IIS6.0+SqlServer+ASP https://mp.weixin.qq.com/s/ib4yRtPSkxtUGIu0c62SXA [Web_Security] Burpsuite绕waf插件 https://mp.weixin.qq.com/s/uciF4QLqcKkigoA30JU8xQ [Web_Security] 漏洞环境搭建之Linux+Apache+Mysql+PHP https://mp.weixin.qq.com/s/mpe5NFxg6yrWDmKLnC0Nng [Web_Security] sqlmap_修改tamper脚本_绕过WAF并制作通杀0day https://mp.weixin.qq.com/s/5mYkg_ABiY2G4veTwI6BVQ 渗透测试: [Penetration_test] Payload 分离免杀思路 https://mp.weixin.qq.com/s/QLhL5U7BiB_i3L8uwtW42Q [Penetration_test] 渗透测试实战:DC-1 靶场入侵 https://mp.weixin.qq.com/s/sOjBWpcox9niv8-zEu2mFw [Penetration_test] 记一次渗透测试实战 https://mp.weixin.qq.com/s/8HrqClcoDQ1vJbKZXFUtBQ [Penetration_test] phpBB v3.2.X Phar反序列化远程代码漏洞分析 https://mp.weixin.qq.com/s/jNY7MceZJqDG4afUyn3onw [Penetration_test] CTF| 攻击取证之内存分析 https://mp.weixin.qq.com/s/GWc_bkLYzk5jCqqOFBvafQ [Penetration_test] 分享一些近期红队和渗透方面的资料 https://mp.weixin.qq.com/s/_lBqKG-eU-gFO3ec_HnqWQ 安全工具: [Security_tools] ParameterFuzz - Web应用程序安全扫描程序 https://mp.weixin.qq.com/s/jacsYLxbS7jbmZY8seSFiQ [Security_tools] DirBuster - 文件和目录暴力强制工具 https://mp.weixin.qq.com/s/X5jJ0UKgTrS-vyURiFsaRA 代码审计: [Code_audit] 代码审计|PHP反序列化入门之寻找POP链(一) https://mp.weixin.qq.com/s/ftDHQ_0qrI39EkaUC0Iq9g [Code_audit] 代码审计 | PHP反序列化入门之寻找POP链(二) https://mp.weixin.qq.com/s/ZldW8Re9TM-0_YZT-QT0FQ 视频分享: [Video_share] 漏洞挖掘思维培养 —— 由“萌”转“骚”的必看入门宝典 https://www.bugbank.cn/live/view.html?id=111930]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F76%2F</url>
<content type="text"><![CDATA[安全周刊(第76期) 安全动态: [Security_week] CVE-2019-5786:chrome在野利用0day漏洞预警 https://mp.weixin.qq.com/s/0is3XHeNNVIXHo7CyhaJcw [Security_week] Windows 域环境存在远程代码执行风险预警 https://mp.weixin.qq.com/s/FXoLLfcX1Qcc9yBIv0wbuw [Security_week] 渗透测试之提权 https://mp.weixin.qq.com/s/0KEbHYeKGTd1NdxJ9xkJSw [Security_week] DNS 相关汇总 https://mp.weixin.qq.com/s/jzICjcc3y3v7eUQMrKwf6w [Security_week] 大学生相关汇总 https://mp.weixin.qq.com/s/YG9cHEQJXiAmjjYlNMfgWQ [Security_week] 渗透测试之维持控制权 https://mp.weixin.qq.com/s/y3RnbDIDgKkfxZMHfQ_0VA [Security_week] 无线网络相关汇总 https://mp.weixin.qq.com/s/5AKKCdezwjgxQuH5gCW1fw [Security_week] 撰写渗透测试报告 https://mp.weixin.qq.com/s/agDDrThcolFrQwqyYQCroQ [Security_week] PE 相关汇总 https://mp.weixin.qq.com/s/57hQC8-FE5mgDsdXQdc1Nw [Security_week] 渗透测试之辅助工具 https://mp.weixin.qq.com/s/1tbJfAEt4j73aPyPhRdi2w [Security_week] 信息安全漏洞周报(2019年第8期)https://mp.weixin.qq.com/s/KJAurP5To-2a1Dd8KkhFWg [Security_week] 信息安全漏洞周报(2019年第9期) https://mp.weixin.qq.com/s/ILGenKv_ffXxqfQhiLbcCA [Security_week] 信息安全漏洞周报(2019年第10期)https://mp.weixin.qq.com/s/oy8kqN1eK_SstbCxTzdQvQ Web安全: [Web_Security] 基于Web页面验证码机制漏洞的检测 https://mp.weixin.qq.com/s/uOzO1WGH-CgWsJHq2oP5SQ [Web_Security] SSRF 从入门到批量找漏洞 https://mp.weixin.qq.com/s/bjjChubAvo8iOUYYU78uaw 渗透测试: [Penetration_test] 解决Vps上Ssh掉线 https://mp.weixin.qq.com/s/P8GVC44Tyq2Fw8MEdQIH3Q [Penetration_test] Sh00t:一个渗透测试管理工具 https://mp.weixin.qq.com/s/KNxHzbe-HAmj5RJ_ACudEg [Penetration_test] CTF论剑场 Web1-13 WriteUp https://mp.weixin.qq.com/s/LdcrSrT-B1zyTE6tpp27CA [Penetration_test] 记出师之后一次不完整的渗透测试 https://mp.weixin.qq.com/s/1SEaMlLWhQRCdszNDreRtA [Penetration_test] SRC漏洞挖掘经验+技巧篇 https://mp.weixin.qq.com/s/8OPMmIgoU1EggI_mMkdbHg [Penetration_test] 记一次对简单的渗透测试 https://mp.weixin.qq.com/s/rg4fcbYTgLpQiidIUjjmow 安全工具: [Security_tools] Router Brute Force - 适用于黑客的Android应用程序 https://mp.weixin.qq.com/s/ZuSLZ2SVWjPk0zjm5_WxSg [Security_tools] aNmap - 适用于黑客的Android应用程序 https://mp.weixin.qq.com/s/VJiIVh2rY2RHoamWK8gozQ [Security_tools] SSHDroid - 适用于黑客的Android应用程序 https://mp.weixin.qq.com/s/jNnrZovm6Mk-1mSP78JtoA 代码审计: [Code_audit] Java代码审计之SpEL表达式注入 https://mp.weixin.qq.com/s/M3KQhG7STyWVzEXtgYfEgg [Code_audit] 代码审计从入门到放弃(三) & phplimit https://mp.weixin.qq.com/s/M2OJFFUQ4-o8s_aQDyENog [Code_audit] 代码审计|PHP反序列化入门之phar https://mp.weixin.qq.com/s/-DDzCAxXFgInBNfJ48q6tQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F75%2F</url>
<content type="text"><![CDATA[安全周刊(第75期) 安全动态: [Security_week] 等保到底是个啥 https://mp.weixin.qq.com/s/5xkk5b7-u7TTdPEAjlqcPw [Security_week] 2019“两会时间”,信息安全圈有哪些声音?https://mp.weixin.qq.com/s/iJwZQ9s0EcE8nMYgT4UmVA [Security_week] CVE-2019-5786:chrome在野利用0day漏洞预警 https://mp.weixin.qq.com/s/0is3XHeNNVIXHo7CyhaJcw [Security_week] Windows 域环境存在远程代码执行风险预警 https://mp.weixin.qq.com/s/FXoLLfcX1Qcc9yBIv0wbuw [Security_week] 渗透测试之服务枚举 https://mp.weixin.qq.com/s/50ZOWkfcUac-8P0HtPvYkg [Security_week] 入侵检测相关汇总 https://mp.weixin.qq.com/s/w-nVKWFkboDyt1EgR2DO2A [Security_week] 微信相关汇总 https://mp.weixin.qq.com/s/C-kzpvRpdVW3R8GR9HIG5g [Security_week] 社会工程学攻击浅析 https://mp.weixin.qq.com/s/b3d45vY70kwuoWRErtfguQ [Security_week] TCP 相关汇总 https://mp.weixin.qq.com/s/8nQzSY3wWKLGykQd467jkw [Security_week] 薅羊毛相关汇总 https://mp.weixin.qq.com/s/InLZwV8Y06_foCxWKcte4Q [Security_week] 渗透测试 | 再谈漏洞利用 https://mp.weixin.qq.com/s/Z3lTEiyj2vzcIOmcIbpCow [Security_week] shell 相关汇总 https://mp.weixin.qq.com/s/CdhgL4tPdFddZTdbg2cJyw [Security_week] Window应急响应(五):ARP病毒 https://mp.weixin.qq.com/s/W14sGr_1xxqJG3_i1xE9Ng [Security_week] 应急响应篇–挖矿病毒 https://mp.weixin.qq.com/s/3iwA7BEpcxRAVvnZKktSLA Web安全: [Web_Security] SSRF漏洞利用与getshell实战 https://mp.weixin.qq.com/s/ktDhEteG7TTx6RinT2GhNA [Web_Security] 与 Sqlmap 结合攻击 https://mp.weixin.qq.com/s/u-2thajnn2_EDQ_Lla3WFg [Web_Security] WordPress5.0 远程代码执行分析 https://mp.weixin.qq.com/s/qt_RLAOnssis3YsV_9bsJA [Web_Security] 前端Hack之XSS攻击个人学习笔记 https://mp.weixin.qq.com/s/NTL04e9YqGAuVwn6LmMSqw [Web_Security] php文件包含漏洞的学习 https://mp.weixin.qq.com/s/iFBoTziyQRDKzFfBd-88uA [Web_Security] 如何利用GitHub搜索敏感信息 https://mp.weixin.qq.com/s/0RPRntgNxDXUOgkX0m9Ong 渗透测试: [Penetration_test] 基于 Netbios 发现内网存活主机 https://mp.weixin.qq.com/s/9C2-zmguvnprRpc_YQO7aw [Penetration_test] 一套实用的渗透测试岗位面试题 https://mp.weixin.qq.com/s/gURBomxu5kWlXe2ShUgZLA [Penetration_test] 基于 Snmp 发现内网存活主机 https://mp.weixin.qq.com/s/FL4xCGlGrzOz7HIQwPwyjA [Penetration_test] 攻击 Mysql 服务 https://mp.weixin.qq.com/s/OMog1qgIM2kbOT8kQPhTMQ [Penetration_test] APP漏洞挖掘之捡漏技巧 https://mp.weixin.qq.com/s/GKXEeiOP0NPoKJLBooGwTQ [Penetration_test] WordPress Remote Code Execution 分析 https://mp.weixin.qq.com/s/Yy1W8Bd75Ibis0aSD7yawg [Penetration_test] 再见,域渗透 https://mp.weixin.qq.com/s/6xBF1VWZrvhIIKj8RA0ETQ [Penetration_test] Getshell姿势文章大集合 https://mp.weixin.qq.com/s/-c0DrMtjoF-6YtJejeR2Mg [Penetration_test] Andorid-APP 安全(五)之android取证-文件系统与数据结构 https://mp.weixin.qq.com/s/8YtXRBJOm2NYpV3LFxkwyA 安全工具: [Security_tools] CTF流量分析之wireshark使用 https://mp.weixin.qq.com/s/2HIxzhx-4gIoHIuX5LXz7g 代码审计: [Code_audit]从小众blueCMS入坑代码审计 https://mp.weixin.qq.com/s/4uC3wwOtoWZMRFsiuIKaGg [Code_audit]代码审计之Empire CMS v7.5个人空间伪造任意用户留言 https://mp.weixin.qq.com/s/LBTtjq5psiAtV-TOF2p_KA [Code_audit]代码审计实战思路之浅析PHPCMS https://mp.weixin.qq.com/s/-babrNQwq2S_7sv-8GorJQ [Code_audit]代码审计从入门到放弃(一) & function https://mp.weixin.qq.com/s/7rHB4-hzeImKc8YBxDRf4A [Code_audit]代码审计从入门到放弃(二) & pcrewaf https://mp.weixin.qq.com/s/pqihFkzTvlX-Xvzrd1S8PQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F74%2F</url>
<content type="text"><![CDATA[安全周刊(第74期) 安全动态: [Security_week] 那些年走过的信安面试路 https://mp.weixin.qq.com/s/mofdLzWL9B0UKXsb4yYfTQ [Security_week] 渗透测试之范围界定 https://mp.weixin.qq.com/s/TMQKL6Nuz0imukz54wE-wQ [Security_week] Windows 相关汇总 https://mp.weixin.qq.com/s/KsP8Ni8JjPB-yxz-ti_h-w [Security_week] 隐私相关汇总 https://mp.weixin.qq.com/s/gudGQ7yo7BcSlPh5Xe_fgQ [Security_week] 渗透测试之信息收集 https://mp.weixin.qq.com/s/xWZuz8jLDaKRajgYjTJ6hw [Security_week] 运维相关汇总 https://mp.weixin.qq.com/s/CPuHEseWg_sS9YbQphj-Rg [Security_week] 色情相关汇总 https://mp.weixin.qq.com/s/Uc2EX3WYB6pZM4tV_8JFyQ [Security_week] 渗透测试之目标识别 https://mp.weixin.qq.com/s/RJNx-oDLU0_pxZDAlK4GfA [Security_week] 局域网相关汇总 https://mp.weixin.qq.com/s/wDtRCUdHPWlqmFrbjr1izw [Security_week] 关于Linux挖矿、DDOS等应急事件处置方法 https://mp.weixin.qq.com/s/JP_CteKXJ48y4zKtmPx7Zw [Security_week] CNNVD漏洞月报(2019年2月)https://mp.weixin.qq.com/s/F1w43_GZ3mEqz_iUkBohzg Web安全: [Web_Security] 研究 WAF 系统从这个开源项目开始 https://mp.weixin.qq.com/s/UBLsn8-1k9cbUEZsPBKJag [Web_Security] 使用Arachni发现Web漏洞 https://mp.weixin.qq.com/s/HawKxFkEZZfGqAIzZQKYdQ [Web_Security] 业务逻辑漏洞探索之活动类漏洞 https://mp.weixin.qq.com/s/rpTxlUOQNJjYg7hMQwgrWA 渗透测试: [Penetration_test] 基于 UDP 发现内网存活主机 https://mp.weixin.qq.com/s/2YryfYP_kOIrnFdzwIaRig [Penetration_test] 基于 ARP 发现内网存活主机 https://mp.weixin.qq.com/s/M1LybYHWt1aks7O_Pi1AMg [Penetration_test] 凭运气提权的那些事 https://mp.weixin.qq.com/s/VeCpjzJSeb580ayDttf4Gg [Penetration_test] 记一次有趣的密码重置 https://mp.weixin.qq.com/s/hsixJwG-ZPzqpxdIBJ4feg [Penetration_test] 新手入门 | Powershell渗透利用 https://mp.weixin.qq.com/s/5dYVuCH9bjwlvMmtMdkK2A [Penetration_test] WinRAR目录穿越漏洞复现及防御 https://mp.weixin.qq.com/s/qT-lL-kCDHJKCMCmeQq7Ng [Penetration_test] 一次水平越权,导致平台两万人被修改密码 https://mp.weixin.qq.com/s/ja235f_CRxpP9NowY0PU4Q [Penetration_test] 记某次服务器入侵溯源 https://mp.weixin.qq.com/s/C9pGf1bLKwX-JmKfu3EEwQ [Penetration_test] 记一次在工作组的渗透 https://mp.weixin.qq.com/s/Bl12-yD3UeTxkzt29nIHUA [Penetration_test] 一次渗透实战记录 https://mp.weixin.qq.com/s/CGTgk9JeiGt1vBc98Q_vcg [Penetration_test] Wiki | Red Team攻击思维 https://mp.weixin.qq.com/s/8YtXRBJOm2NYpV3LFxkwyA [Penetration_test] 三层网络靶场搭建&MSF内网渗透 https://mp.weixin.qq.com/s/Xjcx5MHZCwH4uuWaZybzSg 安全工具: [Security_tools] 愤怒的IP扫描仪 - 一种快速的网络扫描工具 https://mp.weixin.qq.com/s/wx6JgDVcGABsUXN0bxf8zg [Security_tools] CeWL - 自定义单词列表生成器 https://mp.weixin.qq.com/s/BIp55VlrNM7HXJl3Y_EgqQ [Security_tools] 一些有用的资源分享(工具+电子书) https://mp.weixin.qq.com/s/MKMloudAj7Z1XEdFARMyVw [Security_tools] Turbo Intruder:BurpSuite高速Intruder插件介绍 https://mp.weixin.qq.com/s/dsiWSQMQoeEpgR1TOR87Nw 视频分享: [Video_share] 打开横向渗透大门 https://www.bugbank.cn/live/view.html?id=111923]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F73%2F</url>
<content type="text"><![CDATA[安全周刊(第73期) 安全动态: [Security_week] 我对 SRC 和 CTF 的一点小理解 https://mp.weixin.qq.com/s/0N6qhI0ZCn5K1fe5JPyiXg [Security_week] 黑客相关汇总(技术篇) https://mp.weixin.qq.com/s/habtJ8uY64MkB6XOaBOqpA [Security_week] 代码审计相关汇总 https://mp.weixin.qq.com/s/RyH8Gw0GFO4QtJEAV5IFGg [Security_week] 第三期学员预言的安全入坑之路 https://mp.weixin.qq.com/s/ZbSmJLswFk90pi0iSz-nQQ [Security_week] 我挖洞的第一桶金 https://mp.weixin.qq.com/s/b2JdIoH83NbrsALLuPJt0w [Security_week] 干货 | 信息安全类思维导图整理分享 https://mp.weixin.qq.com/s/Y4NwP4uh4hAGrefamezghg [Security_week] 第80期漏洞态势 https://mp.weixin.qq.com/s/HBDNSIB16t1F9dFeVDl1kw [Security_week] OWASP Top 10 2017 | 10项最严重的Web 应用程序安全风险(一)https://mp.weixin.qq.com/s/bgMSSHkkgSKhWEVzIatgDQ [Security_week] 10项最严重的Web 应用程序安全风险(二)https://mp.weixin.qq.com/s/qKaHKfJWEaUYpspV24EbHA [Security_week] OWASP Top 10 2017 10项最严重的 Web 应用程序安全风险 (完结篇)https://mp.weixin.qq.com/s/4t6qOVdvf4ETIhKCa3s3LA [Security_week] 信息泄露相关汇总 https://mp.weixin.qq.com/s/Awd3g6WYVzz3XtVuGYUe5A [Security_week] 恶意程序浅析 https://mp.weixin.qq.com/s/roBF3v4GhpA-Z2nGUL_aVQ [Security_week] 电信诈骗相关汇总 https://mp.weixin.qq.com/s/CF_7TcU3UE-UabfeURwh5Q [Security_week] 渗透测试概述 https://mp.weixin.qq.com/s/FwmhLd5-QS-FcdMdodjx8Q [Security_week] KindEditor 网站编辑器组件上传漏洞利用预警 https://mp.weixin.qq.com/s/70r5Fd5KZbGNJBEjHTBIfA [Security_week] 内附POC以及干货 | WinRAR代码执行漏洞威胁预警 https://mp.weixin.qq.com/s/5jAfQyAI3iepmRGga-u5KA [Security_week] 【安全预警】关于WordPress 5.0.0 远程代码执行 https://mp.weixin.qq.com/s/k0x4V7KNClj5WpvAiZ3bbg [Security_week] 异空间安全团队招生了 https://mp.weixin.qq.com/s/feUVCsCtg09CNLxW_pcbGg [Security_week] 有个姑娘网恋奔现发现自己被人卖了,跟她见面的是另一个人 https://mp.weixin.qq.com/s/UdvYEA5ZDk5-CiS0goO4pg [Security_week] 信息安全漏洞周报(2019年第6期)https://mp.weixin.qq.com/s/2n4GLhALuBKZ8JLki9OJ6A [Security_week] 信息安全漏洞周报(2019年第7期)https://mp.weixin.qq.com/s/JOksowcfeoT1RSLA7JNPiA Web安全: [Web_Security] 利用XSS维持网站后台权限 https://mp.weixin.qq.com/s/iKeuJzT-nIlsjbmiZI75GQ [Web_Security] 宽字节注入剖析 https://mp.weixin.qq.com/s/9NhlcQzdkJrjwsA39IrJVA [Web_Security] kindeditor<=4.1.5文件上传漏洞复现 https://mp.weixin.qq.com/s/agqUaAvFkUGutT1USJYIMQ [Web_Security] PHP代码层防护与绕过 https://mp.weixin.qq.com/s/o4JohfMkTSz___82MezgKQ [Web_Security] 都 9102 年了,还问 GET 和 POST 的区别 https://mp.weixin.qq.com/s/0DgR4qunkL0LaIYuqkDZSA 渗透测试: [Penetration_test] 系统安全之SSH入侵的检测与响应 https://mp.weixin.qq.com/s/e0FLyOuK1RIQykEiAvAG9g [Penetration_test] Web中间件常见漏洞总结 https://mp.weixin.qq.com/s/gL37veFJHAGWLf9JSn2dKQ [Penetration_test] 揭秘一句话木马的套路 https://mp.weixin.qq.com/s/vtAt7z6HOJBRfOBWjiGUvQ [Penetration_test] 逻辑漏洞挖掘初步总结篇 https://mp.weixin.qq.com/s/SDmovMd4IhzNmoCLBIzRKA [Penetration_test] 信息的利用 https://mp.weixin.qq.com/s/mWF3U8Q-Ek1nssIot2HtcQ [Penetration_test] Micro8-渗透沉思录 https://mp.weixin.qq.com/s/0K_zVfkgzRT4sj--qqCZpQ [Penetration_test] WIKI | 未授权访问的tips https://mp.weixin.qq.com/s/ki0RwGtMqi8dhsdJ-qq8Kg [Penetration_test] 2018-2019年 | K8工具集合 https://mp.weixin.qq.com/s/Io7YvMLEk_wcmTji36PTZw [Penetration_test] 学员实战 | 记一次对非法站点测试的反思 https://mp.weixin.qq.com/s/cFmAi6kiw-emB3wpVMH83A 代码审计: [Code_audit] CMS代码审计之emlog 6.0 https://mp.weixin.qq.com/s/qGUzzTp_W44x_M1bcCgJxg [Code_audit] 对 Dbshop 的一次代码审计过程 https://mp.weixin.qq.com/s/vZO_4uPLOO56EM3U9pqqtg]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F72%2F</url>
<content type="text"><![CDATA[安全周刊(第72期) 安全动态: [Security_week] 如何做到系统服务安全运行?https://mp.weixin.qq.com/s/Q0apKXnnSNO9KoUJIJnvpQ [Security_week] 全流程信息收集方法总结 https://mp.weixin.qq.com/s/dvV7CScE3EnfNNvJzE7IQg [Security_week] DDOS 相关汇总 https://mp.weixin.qq.com/s/gzglqz2VoYqb0zlRC-KNiA [Security_week] 网络安全之前端安全 https://mp.weixin.qq.com/s/-qyAiTG3xim430cjhvwGIQ [Security_week] MySQL 相关汇总 https://mp.weixin.qq.com/s/GgqYnNSHvOwCs-DsFDbGFg [Security_week] 网络犯罪相关汇总 https://mp.weixin.qq.com/s/SpFeKusU1Xi0haVWzHNB8Q [Security_week] Linux 相关汇总 https://mp.weixin.qq.com/s/QgmNTAxI7XeAUj78ODIzEQ [Security_week] 暗网相关汇总 https://mp.weixin.qq.com/s/9dfWLiSRdB1uJ2OwCDrr1g [Security_week] 漏洞相关汇总 https://mp.weixin.qq.com/s/kRApdIHZb4wshGSSpANq3w [Security_week] 网络安全攻防相关汇总 https://mp.weixin.qq.com/s/f6bsdH5oEtT_LPpiLb486g [Security_week] 免杀相关汇总 https://mp.weixin.qq.com/s/9THMdgXW1Jkn89xt8VUFww [Security_week] 人工智能相关汇总 https://mp.weixin.qq.com/s/6txQ9BsaKzB16H-R_kPiMw [Security_week] 网络安全攻防学习路线指南 https://mp.weixin.qq.com/s/L3HaJ02xH1qshCCOlkjk3Q [Security_week] 情报相关汇总 https://mp.weixin.qq.com/s/65od15TKpLe0_WVrZv7t5A [Security_week] 防火墙相关汇总 https://mp.weixin.qq.com/s/YgHG_kykOuAVUV948PnZyA [Security_week] 黑客相关汇总(认知篇) https://mp.weixin.qq.com/s/MoZBkWdVwtyMqDwOcmKlGg [Security_week] 每周网安十事 第136期 https://mp.weixin.qq.com/s/J0yQR_xEKCqml6nPfHbprQ [Security_week] 每周网安十事 第135期 https://mp.weixin.qq.com/s/UixAcXnDY_6H05f7bfMmpA Web安全: [Web_Security] SQL注入绕过WAF(上) https://mp.weixin.qq.com/s/RDJ8e4tjH3gJsSkIbQ4ZSg [Web_Security] SQL注入绕过WAF(下) https://mp.weixin.qq.com/s/aoB16eCf8bz5zRLWVjZNcg [Web_Security] 对 XSS 的一次深入分析认识 https://mp.weixin.qq.com/s/vHAsDuJMcaSY0g3lAm42Zw [Web_Security] 攻击Tomcat的多种姿势 https://mp.weixin.qq.com/s/UcPsKuvOKHD9HjnahGpXxQ [Web_Security] Java XXE注入修复问题填坑实录 https://mp.weixin.qq.com/s/sGcaDCokVxhELd63-0TmIw [Web_Security] 浅谈XML注入 https://mp.weixin.qq.com/s/tYofhJ7rL4wbLOxxECkErw 渗透测试: [Penetration_test] Sql Server 常用操作远程桌面语句 https://mp.weixin.qq.com/s/yjqpjQnLhxtkGVSRemihjA [Penetration_test] Lcx 简单端口转发 https://mp.weixin.qq.com/s/vNREZzjx8FWWu79Tr0-K9Q [Penetration_test] 没错…又拿到教务系统最高权限了 https://mp.weixin.qq.com/s/26I83kefcoN82OfV5pSnzA [Penetration_test] 如何配置安全的rdp进行远程内网运维操作 https://mp.weixin.qq.com/s/014NhT4GPd5yPFEGLdM_cw [Penetration_test] Windows提权WiKi https://mp.weixin.qq.com/s/-65UQGKyftyAZouqJD8GcA 安全工具: [Security_tools] Acunetix - Web漏洞扫描程序 https://mp.weixin.qq.com/s/MkxuHjGZzcrwnunus-bx2A [Security_tools] Burp Suite - Web应用程序渗透测试工具 https://mp.weixin.qq.com/s/CmjvSf3qxgZwykCkDudF6Q [Security_tools] iOS渗透测试工具,第2篇:Cycript https://mp.weixin.qq.com/s/EG1BqaZWDxCbqXnFPKWx0g 代码审计: [Code_audit] Java Web安全之代码审计 https://mp.weixin.qq.com/s/xemmOUOROS84-A_OACCscQ [Code_audit] 0基础学员入坑代码审计sql注入 https://mp.weixin.qq.com/s/OIRjUHmj8QqPJZU88kimgg [Code_audit] 代码审计|PHP反序列化入门之常见魔术方法 https://mp.weixin.qq.com/s/ENNeLbtrBxgps10YBhXI1Q [Code_audit] 代码审计|phpmyadmin-4.8.1-复现分析 https://mp.weixin.qq.com/s/Cc0WktHpxgv6jQkl71Y1Pg [Code_audit] 代码审计|PHP反序列化入门之session反序列化 https://mp.weixin.qq.com/s/n5ofmXbDxWgOCg4oNgPtsw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F71%2F</url>
<content type="text"><![CDATA[安全周刊(第71期) 安全动态: [Security_week] phpMyAdmin 4.8.5 发布,修复重要安全漏洞 https://mp.weixin.qq.com/s/X3xLrS_v2_ecs5f1_o7g6Q [Security_week] 企业安全建设之HIDS https://mp.weixin.qq.com/s/Bwa0xmyajMpRrM3T_Xtffw [Security_week] 推荐几个免费的知识星球 https://mp.weixin.qq.com/s/OwEP42zH8WWmUOPk1-4o_w [Security_week] CVE-2019-6707 CVE-2019-6708分析 https://mp.weixin.qq.com/s/w6AerH0tAcoStzwwyRNrWw [Security_week] 网络安全现状 https://mp.weixin.qq.com/s/j2uPWWZPsm6Pt8-cxA2pMA [Security_week] 网络安全 | 等级保护、风险评估相关汇总 https://mp.weixin.qq.com/s/_TFkOj-gI_CAUWcQvYbqaQ [Security_week] 社会工程学相关汇总 https://mp.weixin.qq.com/s/l3gH8U5iHM-KN5jSmcnyxA [Security_week] 个人信息相关汇总 https://mp.weixin.qq.com/s/PDp0qi9CQCaJ7j24PBJpqA [Security_week] 网络安全 | 威胁情报、态势感知相关汇总 https://mp.weixin.qq.com/s/1N94qBL4fux74N2hbyyJ-Q [Security_week] 定位相关汇总 https://mp.weixin.qq.com/s/Op5-_1jP--6pNoLNtPXoDQ [Security_week] 网络安全之无线安全 https://mp.weixin.qq.com/s/uqNG5qiqhsKwlF7tIOH5CA [Security_week] 等保 2.0 与等保 1.0 基本要求技术控制点详细对比 https://mp.weixin.qq.com/s/0TrBZ4WbqERFm-AFFKw5GQ [Security_week] 给我两分钟让你深度解读网络安全等级保护的重要性 https://mp.weixin.qq.com/s/VByhxUpmPlR58gg_MzkOVA [Security_week] 信息安全漏洞周报(2019年第4期) https://mp.weixin.qq.com/s/Jor_YYeiGmHo9cEqqB9M1Q [Security_week] 信息安全漏洞周报(2019年第5期) https://mp.weixin.qq.com/s/MYkInrKMYDfcADtW7WKxGA Web安全: [Web_Security] XXE萌新进阶全攻略 https://mp.weixin.qq.com/s/mq2YO1Xg292n4InBTM0AsQ [Web_Security] 安卓APP测试之HOOK大法 https://mp.weixin.qq.com/s/3vNeeLm8Wy75tJJ7JvFsfA [Web_Security] 安卓APP测试之HOOK大法-Xposed篇 https://mp.weixin.qq.com/s/vnganjOQp5pUpc8hUswtww [Web_Security] Web渗透之文件上传漏洞总结 https://mp.weixin.qq.com/s/FUNJM3P5g-_uGfSCB4MrjQ [Web_Security] Web安全测试学习手册 https://mp.weixin.qq.com/s/83F4M15MTssHVbzDozbP7Q [Web_Security] 如何快速入门系统化学习Web安全 https://mp.weixin.qq.com/s/wwkXePyVrimzOeIhCKRk3g [Web_Security] Web应用程序防火墙(WAF)bypass技术(三)start https://mp.weixin.qq.com/s/zufTLh2ImTNRL70ngzvuvQ [Web_Security] PDO场景下的SQL注入探究 https://mp.weixin.qq.com/s/1vB26g-JakVqWf2ZJ1zfKg [Web_Security] SQL 注入 https://mp.weixin.qq.com/s/2d45tchD7eDeQCubp7SwWA [Web_Security] WAF Bypass数据库特性(Oracle探索篇) https://mp.weixin.qq.com/s/L-adNw3Xw-zIcq-5XsY79w [Web_Security] WAF Bypass数据库特性(Access探索篇)https://mp.weixin.qq.com/s/fgclW-28Cbgo9G9DcRjhUg [Web_Security] 浅析端口扫描的几种方式 https://mp.weixin.qq.com/s/zmRxbFEvftnjjxC0E7YA1w 渗透测试: [Penetration_test] Samurai Web测试框架 https://mp.weixin.qq.com/s/Y0C4xiWHrup_oh-uVJ8iYA [Penetration_test] 反攻的一次溯源–项目实战 https://mp.weixin.qq.com/s/VWk_VtLS31y8UfzUw-8a_A [Penetration_test] Web渗透测试方法和技巧 https://mp.weixin.qq.com/s/iZPsg-_3oGVbp_Fbgo2XtQ [Penetration_test] Linux提权学习 https://mp.weixin.qq.com/s/w9M9Oy5KJweCwqVcS7btlQ [Penetration_test] 内网渗透Tips https://mp.weixin.qq.com/s/DJQGxag1_F4bUxZ8gKCe1Q 安全工具: [Penetration_test] Samurai Web测试框架 https://mp.weixin.qq.com/s/Y0C4xiWHrup_oh-uVJ8iYA [Penetration_test] 反攻的一次溯源–项目实战 https://mp.weixin.qq.com/s/VWk_VtLS31y8UfzUw-8a_A [Penetration_test] Web渗透测试方法和技巧 https://mp.weixin.qq.com/s/iZPsg-_3oGVbp_Fbgo2XtQ [Penetration_test] Linux提权学习 https://mp.weixin.qq.com/s/w9M9Oy5KJweCwqVcS7btlQ [Penetration_test] 内网渗透Tips https://mp.weixin.qq.com/s/DJQGxag1_F4bUxZ8gKCe1Q 代码审计: [Code_audit] Delphi 代码审计–项目实战 1 https://mp.weixin.qq.com/s/FlwUthp5Ep-2otUrYLL90g [Code_audit] Asp 代码审计–项目实战 https://mp.weixin.qq.com/s/ZXgNLzPshW224Bq7rOTATg [Code_audit] 怎样来php代码审计 https://mp.weixin.qq.com/s/PbUe0fEFcy6M00IediCsTA [Code_audit] 代码审计方法和技巧 https://mp.weixin.qq.com/s/saDarLDS-QI5Y8bx0aT45A [Code_audit] 代码审计|ECShop 注入&命令执行 https://mp.weixin.qq.com/s/A9xLCo1nAF0zF4hNNRgo2Q 视频分享: [Video_share] CISP-PTE认证指南 https://www.bugbank.cn/live/view.html?id=111904 [Video_share] 看Fuzz与漏洞挖掘擦出火花 https://www.bugbank.cn/live/view.html?id=111909]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F70%2F</url>
<content type="text"><![CDATA[安全周刊(第70期) 安全动态: [Security_week] 网络安全等级保护之关键活动建设 https://mp.weixin.qq.com/s/9sEGnnwO_H8GEsvf3mbq0g [Security_week] 初创公司从创业之初到上市的安全建设之路 https://mp.weixin.qq.com/s/1e-f6OVPEdKMdxcG_Npo3A [Security_week] 常规web渗透测试漏洞合集 https://mp.weixin.qq.com/s/N2QKsD75K1lJgfYRI6PkJw [Security_week] 漏洞研究|ThinkPHP request函数远程代码执行 https://mp.weixin.qq.com/s/sfU0ndyWPvwDOAAAplBYZQ [Security_week] 信息安全漏洞周报(2019年第3期) https://mp.weixin.qq.com/s/cWOWz2bqv1J9Bxtxagod_A Web安全: [Web_Security] 多种测试HTTP身份验证的方法 https://mp.weixin.qq.com/s/lqLaHRoUb5G5ZbUGMEv3aQ [Web_Security] 攻防系统之攻防环境介绍&搭建 https://mp.weixin.qq.com/s/_Rb-YlTlNpYHDVtChDTQ0Q [Web_Security] 命令注入新玩法:巧借环境攻击目标 https://mp.weixin.qq.com/s/Ftk6polD2rK2X_V8SGdgjw [Web_Security] WAF 绕过的捷径与方法 https://mp.weixin.qq.com/s/sXcMFa-WSzyNuHkuLRgZHw [Web_Security] Web应用程序防火墙(WAF)bypass技术讨论(一) https://mp.weixin.qq.com/s/Ni7Z0Q84NpRNnrUwHRd97w [Web_Security] Web应用程序防火墙(WAF)bypass技术(二) https://mp.weixin.qq.com/s/_jRrdHIjI5fJXTmrjIO31Q [Web_Security] Web应用程序防火墙(WAF)bypass技术(三) https://mp.weixin.qq.com/s/zufTLh2ImTNRL70ngzvuvQ [Web_Security] PDO场景下的SQL注入探究 https://mp.weixin.qq.com/s/1vB26g-JakVqWf2ZJ1zfKg [Web_Security] SQL 注入 https://mp.weixin.qq.com/s/2d45tchD7eDeQCubp7SwWA [Web_Security] WAF Bypass数据库特性(Oracle探索篇)https://mp.weixin.qq.com/s/L-adNw3Xw-zIcq-5XsY79w [Web_Security] WAF Bypass数据库特性(Access探索篇) https://mp.weixin.qq.com/s/fgclW-28Cbgo9G9DcRjhUg [Web_Security] 浅析端口扫描的几种方式 https://mp.weixin.qq.com/s/zmRxbFEvftnjjxC0E7YA1w 渗透测试: [Penetration_test] 局域网内mysql互连 https://mp.weixin.qq.com/s/jNnuUsBFAvIoMcob7d-W0g [Penetration_test] Windows 提权-快速查找 Exp https://mp.weixin.qq.com/s/uoeb6ew5NREyLUACsEqBfA [Penetration_test] Linux 提权-依赖 Exp 篇 https://mp.weixin.qq.com/s/TI0YzfRN0tPK6H2TiPB6mg 安全工具: [Security_tools] Sparta简单爆破入侵 https://mp.weixin.qq.com/s/Qm7UqSCqrDGG1_M48EfvgQ [Security_tools] Linux搭建socks5代理服务器 https://mp.weixin.qq.com/s/CBo8nnis_CNNNvr98Q42Hg [Security_tools] BinWalk安装和命令参数详解 https://mp.weixin.qq.com/s/MuM8Cs7k6oQZvTO3YgBZBw 代码审计: [Code_audit] 代码审计|DuomiCms3.0最新版漏洞挖掘 https://mp.weixin.qq.com/s/a-Oc0emb64TVm8J5GzgCVw [Code_audit] 代码审计|XSS-挑战赛 https://mp.weixin.qq.com/s/EGZ2mnKEhqC6UzpkIqdUYQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F7%2F</url>
<content type="text"><![CDATA[title: 7date: 2018-1-16 19:05:18tags: 7 Web安全漏洞: securityfocus&绿盟科技 [web_vlun]【预警通告】Microsoft Windows Server 2003 R2 IIS 6.0远程代码执行漏洞: http://blog.nsfocus.net/microsoft-windows-server-2003-r2-iis-6-0-remote-code-execution/ https://github.com/edwardz246003/IIS_exploit securityfocus/adlab_puky [web_vlun]3月28日 - 每日安全知识热点: http://www.yilan.io/home/?category=58d8b14e634239a3046a5d00 Web安全文章: twitter&Signal Chaos [web_javascript]This book reads you - using JavaScript: https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html 使用JavaScript: http://t.cn/R6a60wV twitter&MLT(@ ret2libc) [web_apt]APT29 Domain Fronting With TOR: https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html twitter&Kelly Jackson Higgins [web_security]Hacking the Business Email Compromise[企业高管的电子邮件帐户的普通欺骗—http://t.cn/R6aokAu: http://www.darkreading.com/threat-intelligence/hacking-the-business-email-compromise-/d/d-id/1328497?_mc=sm_dr&hootPostID=951b9308d4d57f7efb0d20cb0b41b145 sec-wiki [web_security]我的白帽学习路线—20170325 : https://github.com/ring04h/papers/blob/master/%E6%88%91%E7%9A%84%E7%99%BD%E5%B8%BD%E5%AD%A6%E4%B9%A0%E8%B7%AF%E7%BA%BF—20170325.pdf 90sec&w7oami [web_security]一次简单的渗透测试 : https://forum.90sec.org/forum.php?mod=viewthread&tid=10386 Web安全工具: github&yescrypt [web_tools] yescrypt: large-scale password hashing[密码分析工具]: http://www.openwall.com/presentations/BSidesLjubljana2017-Yescrypt-Large-scale-Password-Hashing/ kitploit&Lydecker Black [web_tools]NETATTACK – PYTHON SCRIPT TO SCAN AND ATTACK WIRELESS NETWORKS.[python扫描无线设备]: http://seclist.us/netattack-python-script-to-scan-and-attack-wireless-networks.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29 seclist&cydec [web_tools]SECUREWV 2016 - PYTHON SCRIPTING - PART 1[python脚本编写]: http://www.securitytube.net/video/17062?utm_source=HT&utm_medium=twitter&utm_campaign=SM seclist&黑白之道 [web_tools]CCleaner v5.28.6005(32/64位)汉化专业单文件版: http://t.cn/R6aT6Lj 下载地址:https://pan.baidu.com/s/1cIbvHG 移动安全: Nermor&看雪 [andorid]某APP收费音频无会员绕过下载过程分析: http://bbs.pediy.com/thread-216670.htm]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F69%2F</url>
<content type="text"><![CDATA[安全周刊(第69期) 安全动态: [Security_week] zabbix监控CPU,内存,流量,硬盘 https://mp.weixin.qq.com/s/uszVB1EeC6yGUCFBn6a-kg [Security_week] Zabbix3.4配置中文,解决乱码问题 https://mp.weixin.qq.com/s/4NkVZ990Tk43Hi69ACY9WA [Security_week] 安装最新版的zabbix4.0–LTS https://mp.weixin.qq.com/s/WebCOvhTLwzlxUPqrxKU4g [Security_week] 哪些汽车容易被黑进来 https://mp.weixin.qq.com/s/E2XfZGqlPT9hrVm32aTHFQ [Security_week] 腊八节美文欣赏:那一缕醇厚的甜香! https://mp.weixin.qq.com/s/dOI-HTnn3bQ5K8nsKyl0Dg [Security_week] 干货视频教程分享 https://mp.weixin.qq.com/s/Vl7iWU-tbNS4VNhC0lvZgw [Security_week] 信息安全漏洞周报(2019年第2期)https://mp.weixin.qq.com/s/ahw-4NZJs2_eQpjvpjxzwQ [Security_week] 漏洞威胁周报(2019/1/7-2019/1/13) https://mp.weixin.qq.com/s/caa4dk-OYNxmBibDH-kKbw Web安全: [Web_Security] 某开源cms前台漏洞集合 https://mp.weixin.qq.com/s/s31l7NFLAWmlQyjq5Rw38g [Web_Security] Springboot之actuator配置不当的漏洞利用 https://mp.weixin.qq.com/s/396wZEBc4uALmjWdrd-6vQ [Web_Security] 在HTTP协议层面绕过WAF https://mp.weixin.qq.com/s/klrwKzq60OEgwCuViO2WDw [Web_Security] 轻松理解端口转发和端口映射 https://mp.weixin.qq.com/s/AjsDc7Nkas7lPWG_B3vncg [Web_Security] Fuzz脚本的编写 https://mp.weixin.qq.com/s/wdhek0KtHEOVKpcpV2YZTQ [Web_Security] 浅析Java序列化和反序列化 https://mp.weixin.qq.com/s/8lkpqHJ_CrRizPDZ38svTg [Web_Security] WAF Bypass数据库特性(MSsql探索篇) https://mp.weixin.qq.com/s/RdIwXoYag-IXECsZvmgwPw [Web_Security] Java反序列化漏洞总结 https://www.secpulse.com/archives/95012.html?bsh_bid=3537154247&from=timeline&isappinstalled=0 [Web_Security] 奇yin技巧|关于WAF的那些事 https://mp.weixin.qq.com/s/uxPs4RgXYN8QD4li7v7FqA 渗透测试: [Penetration_test] 维持域管权限的一些简单办法https://mp.weixin.qq.com/s/ruQI6HnHNvddRuSIIGk-RQ [Penetration_test] MSF下利用MS17-010漏洞入侵 https://mp.weixin.qq.com/s/tihG4hCG_Fbs19X-54H3zQ [Penetration_test] CVE-2018-13024复现及一次简单的内网渗透 https://mp.weixin.qq.com/s/I6mWQE5GUW07A0nk08CBHA [Penetration_test] 简单实现MySQL数据库的日志审计 https://mp.weixin.qq.com/s/Z_Ki1eagSFbuo0LY4dWULA [Penetration_test] Webshell如何bypass安全狗,D盾 https://mp.weixin.qq.com/s/aAK2pLf3XX8AKz2-UoQbYQ [Penetration_test] 如何配置安全的rdp进行远程内网运维操作 https://mp.weixin.qq.com/s/014NhT4GPd5yPFEGLdM_cw [Penetration_test] 一次某系统的后台拿shell过程 https://mp.weixin.qq.com/s/Wb-z1tfEt_L-NfdZwipPAw [Penetration_test] 渗透测试之ASP Web提权 https://mp.weixin.qq.com/s/gSG0QKodzw_Dy7USEPqvPQ [Penetration_test] 内网渗透之_内网IPC$入侵 https://mp.weixin.qq.com/s/RAsGduXGh_pQysr0kZuS_g 安全工具: [Security_tools] WordBrutePress - 多线程Wordpress强制执行工具 https://mp.weixin.qq.com/s/y-HndtGxP8U27SQQVKHfPA [Security_tools] Katoolin - 安装所有Kali Linux工具的工具 https://mp.weixin.qq.com/s/vZqmafwvW9odaVj9uZLWgQ [Security_tools] BurpSuite的简单使用 https://mp.weixin.qq.com/s/WKWg1PKC4AX0fB3Um-GX7Q 代码审计: [Code_audit] 代码审计|PHP反序列化初识 https://mp.weixin.qq.com/s/uU_oG8Xmnl6ezQ0bApSIiw [Code_audit] 代码审计|PHPCMS 2008远程代码执行 https://mp.weixin.qq.com/s/p7cmcwoEzIMA3RlMdRCsSg]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F68%2F</url>
<content type="text"><![CDATA[安全周刊(第68期) 安全动态: [Security_week] 12月重大安全事件 https://mp.weixin.qq.com/s/iOg-fzV3mC-5utiUAVyoHQ [Security_week] 安全研究者的自我修养 https://mp.weixin.qq.com/s/dzaa0ufAocst-2ct1RxtSg [Security_week] 安全建设之平台搭建 https://mp.weixin.qq.com/s/dmeH9-2H9vwRzBrrmNutSw [Security_week] 你为企业提出的安全问题都复现了吗 https://mp.weixin.qq.com/s/PodeY7A5Xvy--HVHubd_dw [Security_week] 轻松理解什么是模糊测试 https://mp.weixin.qq.com/s/GEi2Atz53N315_xB5JGZCg [Security_week] 黑客清除攻击痕迹 https://mp.weixin.qq.com/s/R4Izd9nmjrmTYoZ335OI1g [Security_week] PE 文件格式详解 https://mp.weixin.qq.com/s/idKwlAJr1PEB64JOwFYIiw [Security_week] 企业安全体系建设之路之系统安全篇 https://mp.weixin.qq.com/s/Ksz8OmoATue3WR_G6iV6wA [Security_week] APT攻防学习资料 https://mp.weixin.qq.com/s/hwFXOdGS7O0-UudNRbWFkg [Security_week] 黑客免杀思路浅析 https://mp.weixin.qq.com/s/zT91PXi9iOyeZOOpF4wwlw [Security_week] 十种常见数据泄露攻击技术 https://mp.weixin.qq.com/s/oveRI4-tpmUQ6AxDWAgJzA [Security_week] ThinkPHP 5.0.* 远程命令执行漏洞预警 https://mp.weixin.qq.com/s/hTlsrC9Zz22CquuWzKLFTQ [Security_week] 信息安全漏洞周报(2019年第1期) https://mp.weixin.qq.com/s/iTdj84Cr94QM-NHg0WM-Ow [Security_week] 漏洞威胁周报 (2018/12/30-2019/1/6) https://mp.weixin.qq.com/s/vOIzRiYRDwbuhv5XVz6V3g [Security_week] 漏洞威胁周报 (2018/12/24-2018/12/30) https://mp.weixin.qq.com/s/pJkBPPcVnvFhPv3azrzhtg Web安全: [Web_Security] 轻松理解网络端口是什么 https://mp.weixin.qq.com/s/8npxl9_EJSvT0Ylu7EhpBg [Web_Security] MongoDB操作&&注入漏洞&&未授权访问漏洞 https://mp.weixin.qq.com/s/izpkRMPYFZbjfP13r_rLWg [Web_Security] 企业安全体系建设之路之Web安全篇 https://mp.weixin.qq.com/s/92FEIKQxYi3WMh8DtjrARA [Web_Security] Struts2-005远程代码执行漏洞分析 https://mp.weixin.qq.com/s/OikBB91NexGUjK6odhHqBA [Web_Security] 漏洞挖掘与防范 https://mp.weixin.qq.com/s/Prb5NGlFo8de3zybYFLQ3A [Web_Security] 企业安全体系建设之路之网络安全篇 https://mp.weixin.qq.com/s/cvpwzfaCnCAZRUDj6EDpTA [Web_Security] Fckeditor上传各版本绕过 https://mp.weixin.qq.com/s/pSNsiCYBzjLYKdAGhr4zKw [Web_Security] github_dis,一款精简版github信息泄露搜集工具 https://mp.weixin.qq.com/s/h9wdczuN-v0pZKBDd0h_Rg [Web_Security] 看我如何突破某主机卫士搞定asp站点 https://mp.weixin.qq.com/s/aQSTTXbaLClhdA4zSHAmfg [Web_Security] 小心 !跨站点websocket劫持! https://mp.weixin.qq.com/s/xMdvZEEPPdbMFrqRpKZDTA [Web_Security] 社工实验:邮件钓鱼 https://mp.weixin.qq.com/s/hJoUNmdynR3IRyIfcdN3Ig [Web_Security] WAF Bypass数据库特性(Mysql探索篇) https://mp.weixin.qq.com/s/qG_m7YXvEw2PwFXQDj6_qw [Web_Security] Metinfo6.0.0-6.1.2前台注入漏洞生命线https://mp.weixin.qq.com/s/xF3SmPdd07cBy-aNjbDAtA 渗透测试: [Penetration_test] 记一次破解shift后门 https://mp.weixin.qq.com/s/ekEoRmYzo_QRpVb86uXmjQ [Penetration_test] Windows中net session的利用 https://mp.weixin.qq.com/s/3xWrv1W05PuBowGX5cFCww [Penetration_test] 高级持续渗透-第六季关于后门 https://mp.weixin.qq.com/s/0p3re4QovW8kLmlePX1KGg [Penetration_test] 域内信息搜集实战 https://mp.weixin.qq.com/s/kIsCpK_su5RoIPkJ05vgGA [Penetration_test] 某idc的vnc管理系统渗透过程 https://mp.weixin.qq.com/s/WomKv1ehgcfBvSF610mJ_A [Penetration_test] 靶机渗透之Typhoon实战 https://mp.weixin.qq.com/s/5Vb4jAsTlGKORYsi7vA7Sg [Penetration_test] Redis匿名访问漏洞 https://mp.weixin.qq.com/s/m-qOt0O5ICsJdlrRb7VX5A [Penetration_test] 某企业官网的一次渗透 https://mp.weixin.qq.com/s/Zqufqox9_XF3fyT88qeVYQ [Penetration_test] 高级渗透测试第八季-demo即是远控 https://mp.weixin.qq.com/s/9Qrd3CC-lDwVq-5B9YqDRA [Penetration_test] Armitage 简单入侵 https://mp.weixin.qq.com/s/WY_avf9hczaMkkZnFQ8TSA [Penetration_test] 安全渗透 https://mp.weixin.qq.com/s/AiDBtRpQMhy9lsPMPRUEIA [Penetration_test] 大型互联网公司如何防止黑客入侵(上) https://mp.weixin.qq.com/s/eq80WSnDCAvhEqauZ9eq_g [Penetration_test] 大型互联网公司如何防止黑客入侵(下) https://mp.weixin.qq.com/s/F7oFiZqh6xPn_5upNW7Hug 安全工具: [Security_tools] Wireshark - 安全工具 https://mp.weixin.qq.com/s/2ChoNvlaYL_hcWYjOm5IRw [Security_tools] Kracker - 破解FTP密码的免费工具 https://mp.weixin.qq.com/s/yzTXnP2LsF_XoQqMU7Mc3g [Security_tools] 社工神器之Maltego https://mp.weixin.qq.com/s/UwKnSaOFlTboH29Mspw8xw [Security_tools] R3Con1Z3R:一款功能强大的轻量级Web信息收集工具 https://mp.weixin.qq.com/s/EA8G6sfFjhvMoMq0tuduzQ [Security_tools] Hash Decrypt - 一个破解哈希的Android工具 https://mp.weixin.qq.com/s/ErqI6GrAwKvXe9ynlHOwqw [Security_tools] Fing - 网络工具(Android App) https://mp.weixin.qq.com/s/_FBXFGja2lDZcOvlkaUpTg [Security_tools] Burpsuite Collaborato模块详解 https://mp.weixin.qq.com/s/MKqh2hPv1uWNJcqlyBVKQg [Security_tools] winhex在ctf中简单的使用 https://mp.weixin.qq.com/s/a2qQhqEM6eVhToYHlTU3FQ [Security_tools] 适用于Windows,Linux和Mac的12款最佳黑客工具 https://mp.weixin.qq.com/s/nrsh6pico4gvTkUXFH66-w [Security_tools] Pacu工具牛刀小试之基础篇 https://mp.weixin.qq.com/s/Yu3EAqW3pIbIbQRnTXpp8g 代码审计: [Code_audit] 代码审计之 UsualToolCMS https://mp.weixin.qq.com/s/r8HaX6Yp3ZD3X7lz-o4UUQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F67%2F</url>
<content type="text"><![CDATA[安全周刊(第67期) 安全动态: [Security_week] 回顾红日整年大事件 https://mp.weixin.qq.com/s/rHBn9gTzQ_q3eMCBqgydnw [Security_week] 2018网络安全大事件 https://mp.weixin.qq.com/s/VdIVoHfC7roUGBTCGo-dHg [Security_week] 不平凡的2018,但愿2019能平凡一点 https://mp.weixin.qq.com/s/ril56zq-zW0vbeHBwzSA [Security_week] 漫漫漏洞扫描之路 https://mp.weixin.qq.com/s/FL0Cl2W58u8br7VYaxsYwg [Security_week] 应急响应的整体思路和基本流程 https://mp.weixin.qq.com/s/s0Rvlzrwx6uW_Po5AcusnQ [Security_week] 我对互联网安全行业的一点小理解 https://mp.weixin.qq.com/s/PLkLf9HL8_9r3HQeJyk57w [Security_week] 社会工程学之诱导 https://mp.weixin.qq.com/s/WPW8TAym3do4x3QAvwstoQ [Security_week] 从乙方到甲方,我在做什么 https://mp.weixin.qq.com/s/V6JsuumzgkIvIzmGSVBgaA [Security_week] 新的一年,我们公开课见 https://mp.weixin.qq.com/s/jKE7Vy3C3b7Q6tMkMHnbbQ [Security_week] 就这样,我成了一名安全人 https://mp.weixin.qq.com/s/i80UFCAdTg9lRM2v_H95kg [Security_week] 信息安全漏洞周报(2018年第49期) https://mp.weixin.qq.com/s/-oFxY3DmTLkZBUwpCZcOZw [Security_week] 信息安全漏洞周报(2018年第50期) https://mp.weixin.qq.com/s/C6alivOcHfD4YKKHKPq8EA [Security_week] 漏洞威胁周报(2018/12/17-2018/12/23) https://mp.weixin.qq.com/s/uvqC-PDRD1XFV3vdaWvl2w Web安全: [Web_Security] 某web入侵事件案例分析 https://mp.weixin.qq.com/s/zIqCN1ntWzKFuH0hxGcDbA [Web_Security] 简单实现MySQL数据库的日志审计 https://mp.weixin.qq.com/s/v4uwCq-WghlMw6be6pZL6g [Web_Security] 利用XSStrike Fuzzing XSS漏洞 https://mp.weixin.qq.com/s/ZQYfVfHYktSAO8P9jR7l6Q [Web_Security] 我的信息搜集之道 https://mp.weixin.qq.com/s/XGdeoQKjOkUFpc6HV3IfGw [Web_Security] WordPress Plugin AutoSuggest插件SQL注入复现与分析 https://mp.weixin.qq.com/s/F17jl4zxei-ruUT2Pupeeg [Web_Security] 记一次XSS蠕虫渗透实验 https://mp.weixin.qq.com/s/VNY_K6BAst5SfBf3wHwrfQ [Web_Security] XSS绕过filter高级技术 part1 https://mp.weixin.qq.com/s/M8h_Cf0bHLm-GGUjeki7rg [Web_Security] SQL 注入类型详解 https://mp.weixin.qq.com/s/CgcJuSq6ummrwsZvAZ98BA [Web_Security] PHP 文件包含漏洞姿势总结 https://mp.weixin.qq.com/s/MEm_yMDsSuBm8vE2NJ9s8Q [Web_Security] sqlmap tamper脚本编写 https://mp.weixin.qq.com/s/6jiK8TzgbuzhiqeEFJTCzw [Web_Security] Sqlite3的二次盲注 https://mp.weixin.qq.com/s/NCMT9IP7LlLsbqd-B3lw [Web_Security] 业务逻辑漏洞探索之上传漏洞 https://mp.weixin.qq.com/s/snTKlT7SEqnt_5fi6LapHw [Web_Security] Weblogic渗透测试指南 https://mp.weixin.qq.com/s/HkMaPMM4zt25fcSWUH6mNw [Web_Security] 中间件渗透测试之JBoss https://mp.weixin.qq.com/s/uu5RHHPa99tis-JgfibSzg 渗透测试: [Penetration_test] 后渗透攻击 https://mp.weixin.qq.com/s/QMD2S1JkB6T6tE6IbLuCLw [Penetration_test] 双上传突破拿WEBSHELL演示 https://mp.weixin.qq.com/s/UuCFb4fK92hNBYKe4294oQ [Penetration_test] 对某菠菜网站的一次渗透测试 https://mp.weixin.qq.com/s/hgcr9dR1nGjeSkTNS2fh7A [Penetration_test] 靶机渗透之Raven实战 https://mp.weixin.qq.com/s/t2TaQnTGFGejgOzYxX7VpA [Penetration_test] 渗透体系的本质是知识点的串联 https://mp.weixin.qq.com/s/pvApvjn6gwTiQFyRjaKCaA 安全工具: [Security_tools] Wireshark简单介绍和数据包分析 https://mp.weixin.qq.com/s/qjLNOopwvWlJOWW6SAcTig 代码审计: [Codeaudit] 代码审计Day16 - 深入理解$REQUESTS数组 https://mp.weixin.qq.com/s/Iq6qapFOb471lGRY_Y2cvQ [Code_audit] 代码审计Day17 - Raw MD5 Hash引发的注入 https://mp.weixin.qq.com/s/eIJvT3MMpD1PtB80WdaOfA [Code_audit] PHP-Audit-Labs题解之Day5-8 https://mp.weixin.qq.com/s/imENMomkAc9AXfZgHUfeBA [Code_audit] PHP-Audit-Labs题解之Day9-12 https://mp.weixin.qq.com/s/W_zEjZbq0ZwAyFe-6GRWQg [Code_audit] PHP-Audit-Labs题解之Day13-16 https://mp.weixin.qq.com/s/DuFYqTJbg94tC_VlUkSuyg]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F66%2F</url>
<content type="text"><![CDATA[安全周刊(第66期) 安全动态: [Security_week] ThinkPHP 5.0 & 5.1远程命令执行漏洞利用分析 https://mp.weixin.qq.com/s/sKQP1fVRm7kOOkyk5JOOpA [Security_week] 木马攻防 https://mp.weixin.qq.com/s/Ag6gB9lN9QjmCINesMWi_g [Security_week] 黑客攻防基础知识 https://mp.weixin.qq.com/s/Tphkma7m5mxjtDQgMCMUkg [Security_week] 2018年度弱密码出炉,看你用了哪个 https://mp.weixin.qq.com/s/Sob2jtdpoQKFKB6cnx6i0A [Security_week] 信息安全漏洞周报(2018年第48期) https://mp.weixin.qq.com/s/1Hacy9PqP6TDzwYCPpncGQ [Security_week] 漏洞威胁周报(2018/12/10-2018/12/16) https://mp.weixin.qq.com/s/qbgyl_bW-H0NoKoN7GnyQw Web安全: [Web_Security] upload-labs靶场第三关 https://mp.weixin.qq.com/s/gcJUiBqRhsJAjoXK7vZqVA [Web_Security] thinkphp代码执行getshell https://mp.weixin.qq.com/s/NQAZPz8uT8eNFyeMT4l8Ig [Web_Security] upload-labs靶场第四关 https://mp.weixin.qq.com/s/KFcPfwkEXHHHxKIt8QbLxA [Web_Security] upload-labs靶场第五关 https://mp.weixin.qq.com/s/1hxKHaZNnLEBWjbsf4_tQA [Web_Security] 会话固定漏洞的一点学习、分析与思考 https://mp.weixin.qq.com/s/TiBed71KxKcIHOyG02AdQQ [Web_Security] Upload-labs&Upload Bypass Summarize https://mp.weixin.qq.com/s/MHH1QsYuWV8qxzYiq7ME6A [Web_Security] phar反序列化rce https://mp.weixin.qq.com/s/vp6VzzrlmX9V9C65iMjQ [Web_Security] 过气的00截断 https://mp.weixin.qq.com/s/wAa9DrTmi3ooVzRx5wWiOw [Web_Security] upload-labs靶场第六关 https://mp.weixin.qq.com/s/TXlBBy1BVeqSTUwQlOeNNg [Web_Security] XSS有长度限制?试试这几招 https://mp.weixin.qq.com/s/Hn9H1Ls1EqNBo7FDi9nHbw [Web_Security] Web漏洞扫描器的设计与实现(一) https://mp.weixin.qq.com/s/h8ApDH1lG7Jsb1bqwE588Q [Web_Security] IIS写权限漏洞-菜刀工具 https://mp.weixin.qq.com/s/tWQcr3WuRVqWS0RJaSiXXg 渗透测试: [Penetration_test] LinEnum - 本地Linux枚举和提权脚本 https://mp.weixin.qq.com/s/lSvkK79YNEDPvfrrb4vUyg [Penetration_test] 局域网内mysql互连 https://mp.weixin.qq.com/s/8Mb1b8J-oE1tixyH3TZdnw [Penetration_test] Web渗透入侵思路 https://mp.weixin.qq.com/s/TqsX7OUbdEK2l_3z9fWOvw [Penetration_test] 绕过CDN找到源站的思路 https://mp.weixin.qq.com/s/8NUvPqEzVjO3XbmCBukUvQ [Penetration_test] CVE-2018-1111复现环境搭建与dhcp命令注入 https://mp.weixin.qq.com/s/LGOPnlHtxVidnO1e_TDMOA [Penetration_test] API 接口渗透测试 https://mp.weixin.qq.com/s/kpJxO14LpwFN-PjV2XNPkA 安全工具: [Security_tools] 20个堪称神器的Linux命令行软件 https://mp.weixin.qq.com/s/Vg3fnRXDvemaaPHejwVbog [Security_tools] ZMap - 互联网扫描仪 https://mp.weixin.qq.com/s/SFDPXJHjOOH3ZffkeUj42w [Security_tools] 通过Burp Macros自动化平台对Web应用的模糊输入进行处理 https://mp.weixin.qq.com/s/xqYukfWiZ1UXTvFcRXl4Pg [Security_tools] 适用于渗透测试不同阶段的工具收集整理 https://mp.weixin.qq.com/s/uClheUFDvToiUG78oOOr6w 代码审计: [Code_audit] PHP 代码审计之死磕 SQL 注入 https://mp.weixin.qq.com/s/a5nb1wEDIr0x_rD8QeLk1Q [Code_audit] 一个审计的小trick https://mp.weixin.qq.com/s/E8K8tO1oX95TDhN8IiUtAQ [Codeaudit] 代码审计Day15 - $SERVER[PHP_SELF]导致的防御失效问题 https://mp.weixin.qq.com/s/MZcL_G3ouGFasdNKvZLZeQ [Code_audit] PHP-Audit-Labs题解之Day1-4 https://mp.weixin.qq.com/s/BRcugHD8dOjvuxvQoHP9bw 视频分享 [Video_share] Windows取证艺术赏析 https://www.bugbank.cn/live/view.html?id=111836]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F65%2F</url>
<content type="text"><![CDATA[安全周刊(第65期) 安全动态: [Security_week] PE 文件格式详解(上) https://mp.weixin.qq.com/s/r_Evk8LG2EuOnw1rxaKOrw [Security_week] PE 文件格式详解(中) https://mp.weixin.qq.com/s/2svoW_IFRLfYNv4F-KlsOQ [Security_week] PE 文件格式详解(下) https://mp.weixin.qq.com/s/cQKymApsviCkp7O06q67Hg [Security_week] 几款数据恢复工具的使用 https://mp.weixin.qq.com/s/8rABhX7SrXDfoZmeNO_vUg [Security_week] 黑客必备基础知识 https://mp.weixin.qq.com/s/g8nOz6yeC3mpn8SBmBNxUg [Security_week] Linux应急响应与分析 https://mp.weixin.qq.com/s/hqyIO-lSJWgAHYhJ40J7Kg [Security_week] 信息安全漏洞周报(2018年第46期) https://mp.weixin.qq.com/s/i8P8fX8kuqkJniU51XOOMg [Security_week] 信息安全漏洞周报(2018年第47期) https://mp.weixin.qq.com/s/PNy0PnxGN52CstA-HUUmmw [Security_week] 漏洞威胁周报(2018/11/26-2018/12/2) https://mp.weixin.qq.com/s/O_ciU8QMomfjfvUrNVnGlw [Security_week] 漏洞威胁周报(2018/12/3-2018/12/9) https://mp.weixin.qq.com/s/0617H85KWkAcpTG8kBIhLQ Web安全: [Web_Security] upload-labs靶场第一关 https://mp.weixin.qq.com/s/Fdk4ecVEiNgL-Q3Y35d9tA [Web_Security] 从零学习安全测试,从XSS漏洞攻击和防御开始 https://mp.weixin.qq.com/s/6vg7Athgm7bJ-O6KcSqFUg [Web_Security] upload-labs靶场第二关 https://mp.weixin.qq.com/s/2ljJMCDM5Weupa_v632MCA [Web_Security] SQL注入常规Fuzz全记录 https://mp.weixin.qq.com/s/vUui35i90Qy5JQk6xSdKZw [Web_Security] SQL注入测试技巧TIP:再从Mysql注入绕过过滤说起 https://mp.weixin.qq.com/s/6PeFKcJ1sDqw7qNWl3Op6A [Web_Security] 一则有趣的XSS WAF规则探测与绕过 https://mp.weixin.qq.com/s/2Js3HZARipJY11L6HxJyiw [Web_Security] 业务逻辑漏洞探索之敏感信息泄露 https://mp.weixin.qq.com/s/VdAOnVMY7EWtQfj0M0yI-A [Web_Security] SQL注入总结 https://mp.weixin.qq.com/s/t8SgYs61K07fHAtvK-eVSg [Web_Security] 干货 | MSSQL 注入攻击与防御 https://mp.weixin.qq.com/s/K7Yce3PG7wsk8o9wVhEQ 渗透测试: [Penetration_test] 渗透,持续渗透,后渗透的本质 https://mp.weixin.qq.com/s/X9IyEVD-fHbAR-480cChUQ [Penetration_test] zabbix反弹shell并拿下系统root权限 https://mp.weixin.qq.com/s/o4ozaZN6QhZfnCyVfFfN4Q [Penetration_test] 我所了解的内网渗透——内网渗透知识大总结 https://mp.weixin.qq.com/s/aIWFHctiVEueYguvUZ0Cdw [Penetration_test] 安全运维之日志追踪 https://mp.weixin.qq.com/s/ZOzdowejm2eaB0VV1ArM-g [Penetration_test] 理解DNS记录以及在渗透测试中的简单应用 https://mp.weixin.qq.com/s/vEVOHQV5Ki-zniFRsRWcAw [Penetration_test] OSINT 之信息收集上 https://mp.weixin.qq.com/s/DCl2degi-BvDSq5s1ZY8GA [Penetration_test] 记一次对SRC站点测试 https://mp.weixin.qq.com/s/1jy0k0MsH2Z5xhOzkfSbvQ [Penetration_test] 图片隐写术–如何在图片中藏匿信息 https://mp.weixin.qq.com/s/dEhql2ckwyImMB42Tas-5w [Penetration_test] 内网渗透学习流程 https://mp.weixin.qq.com/s/TIHrZ347XYoy88_t0JXU3g [Penetration_test] 搭建WEB版Kali Linux渗透系统 https://mp.weixin.qq.com/s/WfqgAbdr4XSirrdGC73vUA 安全工具: [Security_tools] NoSQLMap - 自动Mongo数据库和NoSQL Web应用程序开发工具 https://mp.weixin.qq.com/s/W5biPKPYoOdmIJzZREfsCw [Security_tools] Lynis - Unix / Linux系统的安全审计工具 https://mp.weixin.qq.com/s/hmUnvUU51l2nYzP7BmJSog [Security_tools] AWVS中文教程 https://mp.weixin.qq.com/s/VnqcK1stLsI4-vv6kebMXA 代码审计: [Code_audit] 代码审计Day11 - unserialize反序列化漏洞 https://mp.weixin.qq.com/s/MMziYQaD9BkT1I3NKwmfGA [Code_audit] 代码审计Day12 - 误用htmlentities函数引发的漏洞 https://mp.weixin.qq.com/s/04PsUu6ziy1kfdoNLg6YiQ [Code_audit] 代码审计Day13 - 特定场合下addslashes函数的绕过 https://mp.weixin.qq.com/s/RKhLHgpcNuWZN2MyJpYSrg [Code_audit] 代码审计Day14 - 从变量覆盖到getshell https://mp.weixin.qq.com/s/Msz95cgWz-6VFyzPkcu4Ww 视频分享 [Video_share] 跨域资源共享(CORS)漏洞详解 https://www.bugbank.cn/live/view.html?id=111824]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F64%2F</url>
<content type="text"><![CDATA[安全周刊(第64期) 安全动态: 安全动态: [Security_week] 黑客学习网站汇总 https://mp.weixin.qq.com/s/ayq_zyVdSm9qOEG45ckU9Q [Security_week] 扫描器编程浅析 https://mp.weixin.qq.com/s/cZKWaB_lGNJlotYAJL423g [Security_week] 从零开始系统化的学习写Python爬虫 https://mp.weixin.qq.com/s/XJpdZblO8V0uFdvaOq3KFw [Security_week] 某盘信息公开泄露了咋么办? https://mp.weixin.qq.com/s/zfivdZTgo_D73fGOFhk55A [Security_week] 关于PHPCMS 2008存在代码注入漏洞 https://mp.weixin.qq.com/s/2F0sCXmRSMN4xCd_9CSHyg [Security_week] 分享一个适合新手的学习资源 https://mp.weixin.qq.com/s/EGj2Jf6VmWuwFSNQNj_Wqg [Security_week] 信息安全漏洞周报(2018年第44期) https://mp.weixin.qq.com/s/3e5vEyyCR2Sk95xq4i1uNg [Security_week] 信息安全漏洞周报(2018年第45期) https://mp.weixin.qq.com/s/39ivhC6Fcuq6OffKPUQuDA [Security_week] 漏洞威胁周报(2018/11/12-2018/11/18) https://mp.weixin.qq.com/s/VbYVtKrKP80jyTrpxp6CCg [Security_week] 漏洞威胁周报(2018/11/19-2018/11/25) https://mp.weixin.qq.com/s/yQBZqCMx7wGYFDCWNpRHRQ Web安全: [Web_Security]WebShell文件上传漏洞靶场第一关 https://mp.weixin.qq.com/s/7KRORI3XOQxTp_t-KhGKmw [Web_Security]拿webshell之上传过D盾到高并发getshell https://mp.weixin.qq.com/s/lkIsg1O8RMvvk-YfKaY0dA [Web_Security]WordPress Plugin Quizlord 2.0 XSS漏洞复现与分析 https://mp.weixin.qq.com/s/oi6Bl6kyeNg9wdfxbsIVyQ [Web_Security]轻松了解 web 日志分析过程 https://mp.weixin.qq.com/s/Z23aIuocXUKWOHuEloS15Q [Web_Security]网页木马的免杀 https://mp.weixin.qq.com/s/eUvrMFEx6onxUMt9wr5glg [Web_Security]XSS 漏洞攻击 https://mp.weixin.qq.com/s/k7dTgNzpPLYyl4rVS9vlUw [Web_Security]那些年让我们心惊胆战的IIS漏洞 https://mp.weixin.qq.com/s/FHb82rhk-63HSU7R_g1Atw [Web_Security]即使用了 https 也不要通过 query strings 传敏感数据 https://mp.weixin.qq.com/s/Iqb1Z3t5hhT8TJN83JOw_Q [Web_Security]WebShell文件上传漏洞靶场第二关 https://mp.weixin.qq.com/s/Blva8CRDXhRwoitl81EiEg [Web_Security]FeiFeiCms 前台逻辑漏洞分析 https://mp.weixin.qq.com/s/w66dHR43f82wzNMuJlcrfA [Web_Security]再谈 XSS 攻击 https://mp.weixin.qq.com/s/5B2bnNwap5p_9WfHRJNl6A 渗透测试: [Penetration_test]如何使用Metasploit进行汽车安全性测试? https://mp.weixin.qq.com/s/O6bvdI9PH6UtUpKQen6_ZA [Penetration_test]IOT渗透测试(一) https://mp.weixin.qq.com/s/3Md1Sfj9K_6H7VD-O0jvpQ [Penetration_test] 分享10种方法—访问被屏蔽网站 https://mp.weixin.qq.com/s/xs66RMKA5xVJZJhMZ1PGSw [Penetration_test] 捕获一起恶意入侵事件的攻击溯源 https://mp.weixin.qq.com/s/Pe-LIKhTCwemxG6gM8QkYg [Penetration_test] 如何通过QQ号获取绑定的手机号 https://mp.weixin.qq.com/s/qVdPqBwV9of5JaiY8A6Vgg [Penetration_test] 我的兄弟叫顺溜之大马后门 https://mp.weixin.qq.com/s/JxSLXkRRyys1FK6mw3pMvg [Penetration_test] 渗透技巧——Windows系统文件执行记录的获取与清除 https://mp.weixin.qq.com/s/srf7BHB5uDdvxXA2xRQgJA [Penetration_test] 内网渗透测试定位技术总结 https://mp.weixin.qq.com/s/qaR7ZOD4zo8WTBXFRqyO-A 安全工具: [Security_tools]CSRFTester - 跨站点请求伪造漏洞测试程序 https://mp.weixin.qq.com/s/zoZq7yRB29EshuR63JrjGA [Security_tools]全网首发—真正的Awvs 12原版程序和完美破解补丁 https://mp.weixin.qq.com/s/RIYeQV6I7xLqowow13pF1w [Security_tools]CVE-2018-11776 (S2-057)安全检测工具 https://mp.weixin.qq.com/s/vs_KhgY9Lp9dK3-9QOolrQ 代码审计: [Code_audit]代码审计Day7 - parse_str函数缺陷 https://mp.weixin.qq.com/s/0IXp38BdMdWY4oye-vbcPA [Code_audit]代码审计Day8 - preg_replace函数之命令执行 https://mp.weixin.qq.com/s/JtCsMT-b6EwlOyqHw-CbHg [Code_audit]代码审计Day9 - str_replace函数过滤不当 https://mp.weixin.qq.com/s/lZ6uSnu9ulC_fx6tkIBjNA [Code_audit]代码审计Day10 - 程序未恰当exit导致的问题 https://mp.weixin.qq.com/s/HMZ6ZGtLaetoYKq3Mt562g 视频分享 [Video_share] 攻破Windows远程桌面协议 https://www.bugbank.cn/live/view.html?id=111781 [Video_share] 走进MSF新世界——全方位MSF渗透利用探究 https://www.bugbank.cn/live/view.html?id=111794]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F63%2F</url>
<content type="text"><![CDATA[安全周刊(第63期) 安全动态: [Security_week] 红日AI安全-基于机器学习的攻击检测系统 https://mp.weixin.qq.com/s/yxAuWYucvD3FaBa4oWnn9g [Security_week] 信息安全漏洞周报(2018年第43期) https://mp.weixin.qq.com/s/kr_gZ7L6CZkBSiynLlc5zA [Security_week] 漏洞周报2018年第十八期(2018/11/5-2018/11/11) https://mp.weixin.qq.com/s/TDL25vYAeXgd3TA_NyHRDQ Web安全: [Web_Security] bypass waf入门之sql注入 [ 内联注释篇 ] https://mp.weixin.qq.com/s/-FFZZ48nxKO7VfgEcSa14g [Web_Security] Tomcat样列目录session操控漏洞 https://mp.weixin.qq.com/s/wTHlnO7w60VLESifwQw_3A [Web_Security] 看!我手里有个Email收集神器 https://mp.weixin.qq.com/s/Yx44ZutjUOKrk_M_omHyzg [Web_Security] CMS真的安全吗?(三)洞鉴Discuz! https://mp.weixin.qq.com/s/yooVd1wm66VzwCTSbcF38w 渗透测试: [Penetration_test] 从MySQL出发的反击之路 https://mp.weixin.qq.com/s/CI_mq2O9y2-nam2FRI5usw [Penetration_test] 构造优质上传漏洞Fuzz字典 https://mp.weixin.qq.com/s/8FJV_20guN2Qa7t4oEY6Aw [Penetration_test] 渗透思路总结 https://mp.weixin.qq.com/s/FBtLEKKKiz3IZnS5bzrDig [Penetration_test] Bybass Windows AppLocker https://mp.weixin.qq.com/s/9VSkfFK1OkNRqC5ZCtTMYA [Penetration_test] 浅谈PowerShell在渗透测试中的应用 https://mp.weixin.qq.com/s/w4FFRamg0tb3OsTNnfat9w 安全工具: [Security_tools] DirBuster - 文件和目录暴力强制工具 https://mp.weixin.qq.com/s/iF7YuG2YK3b1ClBrtEiRkA [Security_tools] 现代密码学工具包说明及分享 https://mp.weixin.qq.com/s/42C20pgDj9sU_hUXg9w9vQ [Security_tools] 中国菜刀使用简介 https://mp.weixin.qq.com/s/H46A7QST-rHWJgmI0IobiA 代码审计: [Code_audit] 代码审计Day5 - escapeshellarg与escapeshellcmd使用不当 https://mp.weixin.qq.com/s/233qaiI6xF1AnxwVhwTFWg [Code_audit] 代码审计Day6 - 正则使用不当导致的路径穿越问题 https://mp.weixin.qq.com/s/ZhCtTW-a9daaIqpBdn5NYQ 视频分享 [Video_share] 安全入门引导——网络安全评估综述 https://www.bugbank.cn/live/view.html?id=111770 [Video_share] 安全威胁情报——打造企业安全神盾局 https://www.bugbank.cn/live/view.html?id=111778]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F62%2F</url>
<content type="text"><![CDATA[安全周刊(第62期) 安全动态: [Security_week] 50个mysql数据库共享 https://mp.weixin.qq.com/s/NWU5DDkHTDxGdSYI7cY4Pw [Security_week] 信息安全等级保护三级要求,安全管理机构多年测评经验分享 https://mp.weixin.qq.com/s/MYbazxsaib7I_gkkNTjiTA [Security_week] 拒绝服务攻击原理 https://mp.weixin.qq.com/s/14oom7s0dMEYnDW1gcgLAA [Security_week] 甲方安全建设–ISO27001 https://mp.weixin.qq.com/s/A9qAwI7kN9xxdIDLszssfA [Security_week] 寒门再难出贵子? https://mp.weixin.qq.com/s/mkrLzjoTCqjlDw1CatwABw [Security_week] Microsoft SQL Server漏洞浅析 https://mp.weixin.qq.com/s/FftsRSyyzmgC7ASIeOhVkQ [Security_week] 勒索病毒攻防演练 https://mp.weixin.qq.com/s/zjUhsE-n6riAoGEo95jKMg [Security_week] 信息安全漏洞周报(2018年第42期) https://mp.weixin.qq.com/s/jSsSTRFurg7L2CA6TGMm9A [Security_week] 漏洞威胁周报(2018/10/29-2018/11/4) https://mp.weixin.qq.com/s/oL0NRy6lzmPT3T7UaaoS-Q Web安全: [Web_Security] 记一次对WebScan的Bypass https://mp.weixin.qq.com/s/O8MbOU9QlB7F1n3q_w73Jw [Web_Security] 理解php反序列化漏洞 https://mp.weixin.qq.com/s/EDUqzJI9SDQwrS5-2oXq6Q [Web_Security] FTP工具传输原理您了解吗? https://mp.weixin.qq.com/s/S7SmvofJKQ-PyEyvv5TBJA [Web_Security] 邮件伪造技术与检测 https://mp.weixin.qq.com/s/AGklNGcMLELcPoHg8BEg_g [Web_Security] 前后端均适用的网络知识点大全 https://mp.weixin.qq.com/s/uF3bJrjGbGCAzCuCWk18BA [Web_Security] 从SQL注入到内网漫游 https://mp.weixin.qq.com/s/010XGBEomk1RXEHIsaiZug [Web_Security] Web安全该怎么入手? https://mp.weixin.qq.com/s/u1lECvpztQzpi8JdzlQ--Q [Web_Security] 看我如何使用yara扫描webshell https://mp.weixin.qq.com/s/xn9tsFEEGgy_T9mw7wfa7g [Web_Security] xxe攻击 https://mp.weixin.qq.com/s/w6LBoVR-vJfl3mtIjKWv6w [Web_Security] 业务逻辑漏洞探索之绕过验证 https://mp.weixin.qq.com/s/n5U-O-4uvW9NsLzGIr91kQ [Web_Security] Google SQL 注入搜索列表:2018最新版 https://mp.weixin.qq.com/s/KFLXol15ClK_febsmHr7zQ 渗透测试: [Penetration_test] 过某锁+安全狗双WAF Getshell南方站点编辑器 https://mp.weixin.qq.com/s/dczs3rblRa9UKHSupCs7GQ [Penetration_test] 破解win2008管理员密码 https://mp.weixin.qq.com/s/gEtf3CbWMKx-Rm0YN9bulA [Penetration_test] CTF靶机——bounty通关攻略 https://mp.weixin.qq.com/s/fWA_dh-tEzv808L0GdjEcQ [Penetration_test] 渗透测试及漏洞挖掘技巧干货分享 https://mp.weixin.qq.com/s/DNDvngY19a53av9d8EG01Q [Penetration_test] 搜索引擎 – 永不过时的渗透神器 https://mp.weixin.qq.com/s/sd9uEePgJzqziKyC7Ye-qQ [Penetration_test] 网络安全知识垂直搜索引擎 https://mp.weixin.qq.com/s/vp8XZjaAcfWuyxK6XVLMSg [Penetration_test] KaLi sqlmap 简单入侵 https://mp.weixin.qq.com/s/hf1fhtcrj-4TnbNXUjg62Q [Penetration_test] 记一次曲折的Linux提权 https://mp.weixin.qq.com/s/KlQn69OnJNL-1yC2jtZBcg [Penetration_test] 利用metasploit绕过UAC的5种方式 https://mp.weixin.qq.com/s/vUla-Uzu5tdujjGWYiK8fg [Penetration_test] 记一次未授权的渗透测试 https://mp.weixin.qq.com/s/Jt2Gq41t7BpKiISN0njWaA [Penetration_test] 渗透测试实战-Blacklight靶机+DeRPnStiNK靶机入侵 https://mp.weixin.qq.com/s/l6gNsGBLAsW1wbsCDyCKJw 安全工具: [Security_tools] pMap - 被动发现,扫描和指纹识别工具 https://mp.weixin.qq.com/s/RdC2p22Wyd3z1ouXKGL95w [Security_tools] 安卓平台上黑客常用工具有那些? https://mp.weixin.qq.com/s/n0__xQAAw4u0_pfRXPCe6A 代码审计: [Code_audit] 从某cms的xss漏洞来学习代码审计 https://mp.weixin.qq.com/s/QnS2lomBeSusX5SqwzjbTQ 视频分享: [Video_share] 内网攻击利器 —— SSRF漏洞绕过与利用 https://www.bugbank.cn/live/view.html?id=111708 [Video_share] 探秘深藏不漏之马 —— 撬开PHP加密后门 https://www.bugbank.cn/live/view.html?id=111754]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F61%2F</url>
<content type="text"><![CDATA[安全周刊(第61期) 安全动态: [Security_week] 保护SSH端口安全性的多种技巧介绍 https://mp.weixin.qq.com/s/h9Lcz-kK5-QQ2mtmppiSuQ [Security_week] 入侵检测系统(IDS) https://mp.weixin.qq.com/s/jIXKBwh9M4J0vheK1MpDWw [Security_week] 个人原创文章汇总 https://mp.weixin.qq.com/s/x17QA9FdidKI3VAEFb9AQw [Security_week] 网络安全之紧急响应与恢复 https://mp.weixin.qq.com/s/o8XJ2XgiFpWZw5SKVfldYA [Security_week] 信息安全漏洞周报(2018年第41期) https://mp.weixin.qq.com/s/zZHVfPufvFb3nhiZTEFoyA [Security_week] 漏洞威胁周报(2018/10/22-2018/10/28) https://mp.weixin.qq.com/s/1_UFt7Rkukm5AVtrG8yHXA Web安全: [Web_Security] SQL注入access数据库【一】 https://mp.weixin.qq.com/s/PwM1K41d_o03noUK8wVvJA [Web_Security] SQL注入access数据库【二】 https://mp.weixin.qq.com/s/Yg4-oVVU6dwxQfCeAeyRGA [Web_Security] 记一次文件上传 Bypass WAF实战 https://mp.weixin.qq.com/s/IAqNUgOqZPkFywL90lpeTw [Web_Security] WEB应用漏洞及修复汇总 https://mp.weixin.qq.com/s/8g1iF6ehVzXYss4sHqxCJQ [Web_Security] 中间件漏洞及修复汇总 https://mp.weixin.qq.com/s/fxJiKimg-i-sX_sC6vi43w [Web_Security] 系统漏洞及修复汇总 https://mp.weixin.qq.com/s/xZgQclqboQsRx5LYWgLy-Q [Web_Security] XSS专题(一) https://mp.weixin.qq.com/s/IetoFEIbFohv2t8aS0njZw [Web_Security] 跨域几种方式 https://mp.weixin.qq.com/s/WTCbHr9zPPCCeHLviOUgPg 渗透测试: [Penetration_test] 记一次远程命令执行漏洞的挖掘过程 https://mp.weixin.qq.com/s/5jSzwa0qdIt2_Jfn6-4pcQ [Penetration_test] sqlmap系列综合教程-渗透测试实战篇 https://mp.weixin.qq.com/s/00oyvOyCyAYYiZh2Uq1_QQ [Penetration_test] 记一次挖洞思路 https://mp.weixin.qq.com/s/rkaonbUpArgANKQ_rvIlww 安全工具: [Security_tools] Burp CO2 - 一种Burp Suite增强采集的扩展 https://mp.weixin.qq.com/s/3NG2POodGXVMTG4lqviExg [Security_tools] ParameterFuzz - Web应用程序安全扫描程序 https://mp.weixin.qq.com/s/G_3dJK1qVJDLK4mRFW1zBQ 代码审计: [Code_audit] PHP代码审计实战思路浅析 https://mp.weixin.qq.com/s/XlSyxWR8KqEsnQl4syqdMg [Code_audit] 代码审计之 zzzphp https://mp.weixin.qq.com/s/gHRgMkC3dbGqzFZt-gFYnQ 安全视频 [Security_Viedo]78期|内网攻击利器 —— SSRF漏洞绕过与利用 https://www.bugbank.cn/live/view.html?id=111708]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F60%2F</url>
<content type="text"><![CDATA[安全周刊(第60期) 安全动态: [Security_week] 甲方安全建设的一些思路和思考 https://mp.weixin.qq.com/s/o9pmvnVeIVLA7EF6J6dAIQ [Security_week] VPN 的安装和设计 https://mp.weixin.qq.com/s/COq0F8Fw7EOBMuxpzBWk8Q [Security_week] weblogic多个漏洞预警(包含五个重要漏洞) https://mp.weixin.qq.com/s/o64PTRaybUoiCzSff2o9TA [Security_week] WebLogic java反序列化漏洞CVE-2018-3245 https://mp.weixin.qq.com/s/mEaMRpVRroO3-lLva7RjCA [Security_week] tomcat反序列化漏洞(cve-2016-8735) https://mp.weixin.qq.com/s/JbhqS8aNykeHeO5gTnsuYg [Security_week] WebLogic反序列化漏洞CVE-2018-3191 https://mp.weixin.qq.com/s/Fz76-NG1ASZeYP56Aj_-Zg [Security_week] Struts2变种来袭 https://mp.weixin.qq.com/s/1SodOXsFUt58Wej62a-VMA [Security_week] CVE-2018-14665 : Xorg X Server 权限提升漏洞 https://mp.weixin.qq.com/s/XGLYim1cMUqS1utkVsov_g [Security_week] 940万名客户信息遭泄露 https://mp.weixin.qq.com/s/zZUD97aefQYF0rTsx_zH7w [Security_week] 信息安全漏洞周报(2018年第40期) https://mp.weixin.qq.com/s/mbDo8S0Rj8NfUHImrV7PjA [Security_week] 漏洞威胁周报(2018/10/15-2018/10/21) https://mp.weixin.qq.com/s/PIT1kn2aVqPDmIZjaseu3A Web安全: [Web_Security] Cookie篡改与命令注入 https://mp.weixin.qq.com/s/8VAutaPAeC4JnsidQZ6xWA [Web_Security] 详解cookie和session的运作机制(上篇) https://mp.weixin.qq.com/s/VeodMTKbwCdodx0fZjTlhw [Web_Security] 详解cookie和session的运作机制(中篇) https://mp.weixin.qq.com/s/gmTax107SwaEm6VKSC21CQ [Web_Security] 详解cookie和session的运作机制(下篇) https://mp.weixin.qq.com/s/l7XdrNWbZAAyz0DNb3O0yw [Web_Security] 浅析命令注入漏洞 https://mp.weixin.qq.com/s/VssTiWz-oExFqdEkiE9J4g [Web_Security] 看我如何在Weblogic里捡一个XXE(CVE-2018-3246) https://mp.weixin.qq.com/s/8R4tY1F8suWdXUudbSSeXg [Web_Security] gmail 和 google 的两个 xss 老漏洞分析 https://mp.weixin.qq.com/s/28EtuPikEn0KEyR10isALw [Web_Security] 关于反序列化攻击方法探究 https://mp.weixin.qq.com/s/B-Amnpg7gmVq8WcDLqy3og [Web_Security] 被动信息收集(上) https://mp.weixin.qq.com/s/i2ZI6XOda0luyOy_ZeKN8Q [Web_Security] 被动信息收集(下) https://mp.weixin.qq.com/s/qkb6om8xv3wbeZU9iPJmew [Web_Security] sqlmap系列综合教程-入门介绍与实战 https://mp.weixin.qq.com/s/_kQ0Ex_YmI-r0x_caOenKg [Web_Security] 从WebLogic看反序列化漏洞的利用与防御 https://mp.weixin.qq.com/s/KBHfvXjxVR-Z6Vy7Z64OaA [Web_Security] 通杀绝⼤多数交易平台的Tradingview Dom XSS漏洞分析 https://mp.weixin.qq.com/s/xCLyOeikoOYBrus-SyEvfA [Web_Security] 业务逻辑漏洞探索之越权漏洞 https://mp.weixin.qq.com/s/B6TwGFzBjPoXY-OeE8nuQw 渗透测试: [Penetration_test] 首次尝试使用nc反弹提权 https://mp.weixin.qq.com/s/8Y4peTgRT4Q6XfMg9wgU0A [Penetration_test] web渗透第一步之信息搜集 [ 找目标内网入口 ] https://mp.weixin.qq.com/s/-mXKaHfeAW8FRDqX4HN-lA [Penetration_test] 网站渗透思路总结 https://mp.weixin.qq.com/s/R9d-oIkjhrE71QoGGWcNLQ [Penetration_test] 入侵取证 [ web日志分析初步 ] https://mp.weixin.qq.com/s/_zRI6QqGXbVHa2uCpCcm1A [Penetration_test] 接力打力之getshell https://mp.weixin.qq.com/s/5UKAC_EljGV87NoBAVy02w [Penetration_test] 记一次对某福利站的渗透 https://mp.weixin.qq.com/s/_f_bSM-IvZQyJCY-DfwFiQ [Penetration_test] 实现lcx功能的参考方法 https://mp.weixin.qq.com/s/QFvLYKd1WjlZLjhgyKDbtw 安全工具: [Security_tools] Wireshark中文版主要功能使用笔记 https://mp.weixin.qq.com/s/r9TeIEi_Y-wRPERtu461cA [Security_tools] Metasploit学习笔记 https://mp.weixin.qq.com/s/8RjRKNGQWjIz3_kEJiQplQ [Security_tools] Tcpdump使用笔记 https://mp.weixin.qq.com/s/qf3llcY5s5CxwmdUSUcbMQ [Security_tools] ANDRAX:最新的Android智能手机上的渗透测试平台 https://mp.weixin.qq.com/s/cROT9VnX_qrG49x4xtR7yQ 代码审计: [Code_audit] 记一次对 Java 项目的代码审计 https://mp.weixin.qq.com/s/nhE3lNBKCKya5-wxqibeFw 视频分享: [Video_share] 基于业务攻击场景的安全测试 https://www.bugbank.cn/live/view.html?id=111662 [Video_share] WEB混不下去了怎么办?——CTF PWN从入门到入坑 https://www.bugbank.cn/live/view.html?id=111671]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F6%2F</url>
<content type="text"><![CDATA[title: 6date: 2018-1-16 19:05:18tags: 6 Web安全漏洞: securityfocus&IBM [web_vlun]IBM Kenexa LMS on Cloud CVE-2016-8935 Cross-Site Scripting Vulnerability: http://www.securityfocus.com/bid/97077 securityfocus&WebSphere [web_vlun]IBM WebSphere Portal CVE-2017-1120 Cross Site Scripting Vulnerability: http://www.securityfocus.com/bid/97075 securityfocus/SLiMS [web_vlun]SLiMS 7 Cendana CVE-2017-7242 Multiple Cross Site Scripting Vulnerabilities: http://www.securityfocus.com/bid/97062 MYHACK58 [web_vlun]Within the network roaming of how to use JavaScript on the router to execute arbitrary code-a vulnerability warning-the black bar safety net: https://vulners.com/myhack58/MYHACK58:62201784685 MirSultan [web_vlun]ststore.com.tr Security Vulnerability: https://vulners.com/openbugbounty/OBB:221372 CNVD[web_vlun]欧虎政务系统/design/catid_user_save.php代码执行漏洞: http://www.cnvd.org.cn/flaw/show/CNVD-2017-03334 CNVD [web_vlun]Fastspot BigTree CMS跨站请求伪造漏洞: http://www.cnvd.org.cn/flaw/show/CNVD-2017-03334 CNVD [web_vlun]iTrackGPS监控管理系统存在SQL注入漏洞: http://www.cnvd.org.cn/flaw/show/CNVD-2017-01976 Web 漏洞安全文章twitter&Nikhil SamratAshok Mittal [web_phishing]14,766 Let’s Encrypt SSL Certificates Issued to PayPal Phishing Sites: https://www.bleepingcomputer.com/news/security/14-766-lets-encrypt-ssl-certificates-issued-to-paypal-phishing-sites/ 加密发送到PayPal网络钓鱼网站的SSL证书: http://t.cn/R6i8oTX twitter&MLT(@ ret2libc) [web_webfix]Webfix FlashIntro: https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ 加载恶意SWF或执行JavaScript,导致与常规XSS攻击: http://t.cn/R6iRrYx twitter&Mustafa Kaan Demirhan [web_security]IEEE CSCON 2017 Linux101: https://canyoupwn.me/ieee-cscon-2017-linux101/ twitter&Mustafa Kaan Demirhan [web_security]IEEE CSCON 2017 Linux101: https://canyoupwn.me/ieee-cscon-2017-linux101/ weibo [web_security]读书笔记 实施情报先导的信息安全方法与实践 :http://danqingdani.blog.163.com/blog/static/186094195201722373135164/# 看雪 [web_security][翻译]MySQL-Out-of-Band-Hacking&&SQL-injection-in-an-UPDATE-query-a-bug-bounty-story : http://bbs.pediy.com/thread-216415.htm sec-wiki [web_security]《Web之困》读书笔记 : http://www.pythoner.com/386.html Tools [web_security]记一次有趣的二次越权 : https://www.t00ls.net/thread-38883-1-1.html Web安全工具github&mimikatz [web_tools] mimikatz[密码分析工具]: https://github.com/gentilkiwi/mimikatz kitploit&Lydecker Black [web_tools]mosh - Mobile Shell replacement for SSH (more robust and responsive, especially over Wi-Fi, cellular, and long-distance links)[APP连接代替ssh]: http://www.kitploit.com/2017/03/mosh-mobile-shell-replacement-for-ssh.html seclist&cydec [web_tools]SETH – PERFORM A MITM ATTACK & EXTRACT CLEAR TEXT CREDENTIALS FROM RDP CONNECTIONS.[执行中间人攻击并从RDP连接中提取明文凭据]: http://seclist.us/seth-perform-a-mitm-attack-extract-clear-text-credentials-from-rdp-connections.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29 seclist&King-Pin [web_tools]SETH – LOGDISSECT IS A TOOL FOR GAINING INSIGHT INTO SYSLOG FILES.[了解SYSLOG文件的工具]: http://seclist.us/seth-perform-a-mitm-attack-extract-clear-text-credentials-from-rdp-connections.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29 Web安全工具: github&yescrypt [web_tools] yescrypt: large-scale password hashing[密码分析工具]: http://www.openwall.com/presentations/BSidesLjubljana2017-Yescrypt-Large-scale-Password-Hashing/ kitploit&Lydecker Black [web_tools]NETATTACK – PYTHON SCRIPT TO SCAN AND ATTACK WIRELESS NETWORKS.[python扫描无线设备]: http://seclist.us/netattack-python-script-to-scan-and-attack-wireless-networks.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29 seclist&cydec [web_tools]SECUREWV 2016 - PYTHON SCRIPTING - PART 1[python脚本编写]: http://www.securitytube.net/video/17062?utm_source=HT&utm_medium=twitter&utm_campaign=SM seclist&黑白之道 [web_tools]CCleaner v5.28.6005(32/64位)汉化专业单文件版: http://t.cn/R6aT6Lj 下载地址:https://pan.baidu.com/s/1cIbvHG 移动安全: Roee Hay [andorid]Owning OnePlus 3/3T with a Malicious Charger: The Last Piece in the Puzzle[OnePlus 3 / 3T与恶意充电器]: https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/ ele7enxxh [andorid]poc or exp of android vulnerability[poc和exp]: https://github.com/ele7enxxh/poc-exp]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F59%2F</url>
<content type="text"><![CDATA[安全周刊(第59期) 安全动态: [Security_week] windows 应急流程及实战演练 https://mp.weixin.qq.com/s/odo2Fjtklj-ibStAsyUjHw [Security_week] Linux 应急响应流程及实战演练 https://mp.weixin.qq.com/s/mG0O8Pr8kFF195JLc-XD3A [Security_week] 网络安全管理政策制定步骤 https://mp.weixin.qq.com/s/Zkgo9Vi025CjfRvgGyO7Bw [Security_week] 网络欺骗攻击浅析 https://mp.weixin.qq.com/s/J91CDk0bt-NqZ_LRC_jKIQ [Security_week] 移动终端安全 https://mp.weixin.qq.com/s/8GpaV9wBIHm63ACMkGnYEQ [Security_week] 网络安全态势感知 https://mp.weixin.qq.com/s/CE9NeKwlrbdBIPTfdkwSTw [Security_week] 网络访问控制和防火墙 https://mp.weixin.qq.com/s/mqpoQpS147Saw5ffyX9tXA [Security_week] 一次入侵应急响应分析 https://mp.weixin.qq.com/s/9uJ9Sl57noydnvPzeMxLow [Security_week] 隐藏bash历史命令的小技巧 https://mp.weixin.qq.com/s/g_mI9-WZF4iqITNBchACrA [Security_week] 等保视角下的SSH加固之旅 https://mp.weixin.qq.com/s/816E8706IDGPOdInUETFzQ [Security_week] 详解cookie和session的运作机制(上篇) https://mp.weixin.qq.com/s/VeodMTKbwCdodx0fZjTlhw [Security_week] Tomcat的PUT的上传漏洞(CVE-2017-12615) https://mp.weixin.qq.com/s/HU8ItQftfvLB6uRCvJQRFg [Security_week] 关于Oracle WebLogic Server远程代码执行漏洞 https://mp.weixin.qq.com/s/1HkTgDNWTIqPJc1dOVsGhA [Security_week] MetInfo 6.1.2版本爆出SQL注入漏洞 https://mp.weixin.qq.com/s/jHxHcoPY8qucz3lQ01sAww [Security_week] 信息安全漏洞周报(2018年第39期) https://mp.weixin.qq.com/s/9r8qKIvCQ7NA3b4DJpQdrg [Security_week] 漏洞威胁周报(2018/10/8-2018/10/14) https://mp.weixin.qq.com/s/RF-Yb1XdYXtoBgB4U2_bZw Web安全: [Web_Security] Webbug靶场第六关 https://mp.weixin.qq.com/s/VnLfEYLOeIqpjmLxI1ZYlg [Web_Security] 如何使用基于整数的手动SQL注入技术 https://mp.weixin.qq.com/s/3nThslOoDktMP5YgTzUZow [Web_Security] 无字母数字Webshell之提高篇 https://mp.weixin.qq.com/s/gNGvLI3XByjr_kZLt9jV6g 渗透测试: [Penetration_test] 利用MS12-020进行的一次简单渗透测试 https://mp.weixin.qq.com/s/AEAcvj2SYT9qP4skRjeemA [Penetration_test] 记一次有授权的渗透测试 https://mp.weixin.qq.com/s/0ooXBDwJ6mloZjc9hsotXA [Penetration_test] 护网杯REFINAL——write up https://mp.weixin.qq.com/s/2gQQHvfdKf9b1wETBOrssQ [Penetration_test] SOCKS代理 | 渗透之内网漫游代理姿势 https://mp.weixin.qq.com/s/0dy1wlHmi0ySGLw8TMtl6w [Penetration_test] 检测博彩网站 https://mp.weixin.qq.com/s/UteVfE1m2KoNeejacBCL9g [Penetration_test] 一个人的武林:渗透测试常规分析(一) https://mp.weixin.qq.com/s/AkVfsUS4sfaLAe0flQmfpw [Penetration_test] 一个人的武林:内网渗透测试思路(二) https://mp.weixin.qq.com/s/lnQNPiQARtuSJ1RkkfVJqQ [Penetration_test] 一个人的武林:渗透测试常规分析(三) https://mp.weixin.qq.com/s/KhtXarJbHAKW2dai_5MB2A [Penetration_test] 网络篇-“Ping 127.0.0.1”工作原理你知道吗? https://mp.weixin.qq.com/s/IuUwWWrAhxDxnf1liWTz3A [Penetration_test] 挖洞姿势:浅析命令注入漏洞 https://mp.weixin.qq.com/s/VssTiWz-oExFqdEkiE9J4g 安全工具: [Security_tools] YASAT - 一个简单的安全审计工具 https://mp.weixin.qq.com/s/2Vt7At0SKcBQOHq9M27lIQ [Security_tools] 分享一下整理的CTF工具包 https://mp.weixin.qq.com/s/Z1F_8_YQ7MsmNbLSI15TJA [Security_tools] 安全运维中基线检查的自动化之ansible工具巧用 https://mp.weixin.qq.com/s/RdoZDZjBJbJT3F11vdvPtQ [Security_tools] 多种Nmap Ping 扫描姿势 https://mp.weixin.qq.com/s/IVGtxrem2gJP_Vb8DhOKGg [Security_tools] NETCAT使用笔记 https://mp.weixin.qq.com/s/QstxtrMEbpNPL-c9RlMheQ [Security_tools] kali工具入门之wireshark的使用 https://mp.weixin.qq.com/s/seJpLXXyxLyAV2BIhMfbTA 移动安全: [Mobile_Security] 安卓应用程序渗透测试(十) https://mp.weixin.qq.com/s/E8I7yb_Gv6MuShX4SG3XFQ [Mobile_Security] 安卓应用程序渗透测试(十一) https://mp.weixin.qq.com/s/ikY1qEIAOPnKm1E7SJpE8A [Mobile_Security] 安卓应用程序渗透测试(十二) https://mp.weixin.qq.com/s/f8m2vMX80TB3OY5VsJI33g 代码审计: [Code_audit] 通过代码审计找出网站中的XSS漏洞实战 https://mp.weixin.qq.com/s/uruVMAjm2uQgZy9H4vXxKg]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F58%2F</url>
<content type="text"><![CDATA[安全周刊(第58期) 安全动态: [Security_week] Redis未授权访问漏洞复现 https://mp.weixin.qq.com/s/Iis4smkGdfl_GWJsLuWYnA [Security_week] 网络安全之操作系统安全 https://mp.weixin.qq.com/s/HespSjwZgRn3yH0dYAhbTw [Security_week] 网络安全应急响应具体实施 https://mp.weixin.qq.com/s/2vLeJDzRJxMNE4SnEYtm5w [Security_week] Tomcat安全部署实战指南 https://mp.weixin.qq.com/s/w-is7Zpo0mq5L_Ex_WQCWg [Security_week] 浅谈PHP安全规范 https://mp.weixin.qq.com/s/UOQa6yj-7bxUpb_1Xr4tYQ [Security_week] 网络安全事件调查取证 https://mp.weixin.qq.com/s/PZh0i1jAeRrN_JZF5XLHFQ [Security_week] 网络安全之数据库安全 https://mp.weixin.qq.com/s/Uq-dgc3gRQNzmy461UeefQ [Security_week] 网络安全应急预案规范 https://mp.weixin.qq.com/s/FkdiR2VAh9Luk2e5O7iKAQ [Security_week] 网络安全应急响应执行步骤 https://mp.weixin.qq.com/s/0fgWFHlCdxMNc1aFD7vayg [Security_week] 信息安全漏洞周报(2018年第38期) https://mp.weixin.qq.com/s/Z1-3wuAn5uwZP8DX8lL9cg [Security_week] 漏洞威胁周报(2018/9/24-2018/9/30) https://mp.weixin.qq.com/s/QIyyPbFRj6FkMl23f9I9Yw Web安全: [Web_Security] Webbug靶场第一关 https://mp.weixin.qq.com/s/kK5XDrvz0rfcudNrffnL2Q [Web_Security] 手工sql注入&&绕过waf &&一个实例分析 https://mp.weixin.qq.com/s/HN7PuP_jo254XIUhCO6b8A [Web_Security] CSAW CTF’18 web writeup https://mp.weixin.qq.com/s/0ixj8uAt-0Kffetlqju4Ow [Web_Security] 黑客攻防之核心防御 https://mp.weixin.qq.com/s/QdJ1DHbYZeuJO5EwuZ03sw [Web_Security] 大兄弟带你研究kali https://mp.weixin.qq.com/s/KDrwLXOYKTBXZEsnZC5lsQ [Web_Security] 不再让 泄露 拖你的后腿 [ subversion篇 ] https://mp.weixin.qq.com/s/dr6f0bSFp3Qs6hMcxXeyqQ [Web_Security] Webbug靶场第二关 https://mp.weixin.qq.com/s/ve6YowkoM1XtKWjT_wdbrg [Web_Security] Webbug靶场第三关 https://mp.weixin.qq.com/s/NhutjZmF9Zdi48GyHGJJMQ [Web_Security] ThinkPHP 5.1.x SQL注入漏洞分析 https://mp.weixin.qq.com/s/uIyH0UKN83bXthugdmQomg [Web_Security] 命令执行WAF绕过技巧总结 https://mp.weixin.qq.com/s/BZ1Oxogf0l62kVs4WwUTOA [Web_Security] WEB渗透测试DVWA漏洞靶场通关系列教程 https://mp.weixin.qq.com/s/lidmq4k4ahjfsTEf6_slmw [Web_Security] 安全龙旧版系统支付漏洞利用复现分享 https://mp.weixin.qq.com/s/wuUiehA5ehd53mWWe8jiKw [Web_Security] WEB渗透测试btstab漏洞靶场通关教程【完整】 https://mp.weixin.qq.com/s/cL2m2-LMqwB2inrrSTpsSQ [Web_Security] Webbug靶场第四关 https://mp.weixin.qq.com/s/8Yf3tMB3arv_IPXcjS3Jbg [Web_Security] Webbug靶场第五关 https://mp.weixin.qq.com/s/UngEpihtPCR1_eELghYJtA 渗透测试: [Penetration_test] 挑战赛第四关应急响应题目通关秘籍 https://mp.weixin.qq.com/s/pb28pCARbNvf8sU2G9uRpA [Penetration_test] 我是如何通关信安之路巅峰挑战赛的 https://mp.weixin.qq.com/s/xM5jLlvwqm7FWX-MuzdD6Q [Penetration_test] 如何安全快速地部署多道 ctf pwn 比赛题目 https://mp.weixin.qq.com/s/UDgBYTeQqjpqK0D1CFThMA [Penetration_test] 渗透技巧——PPTP口令的获取与爆破 https://mp.weixin.qq.com/s/b27HoZag1fEj-CJB75Ckkw [Penetration_test] 论账号安全的重要性 https://mp.weixin.qq.com/s/NE72M2bDkneMBylGybQOJw [Penetration_test] 使用kali生成木马入侵安卓手机 https://mp.weixin.qq.com/s/keAdjrzOeXz6tNdMRwSvyA [Penetration_test] 内网漫游之SOCKS代理大结局 https://mp.weixin.qq.com/s/02_Sv6L4aFO_ODC6AZWt5Q [Penetration_test] 一篇文章精通PowerShell Empire 2.3(上) https://mp.weixin.qq.com/s/RSB3Y3ap6ENkEbYFL7WIbQ [Penetration_test] 一篇文章精通PowerShell Empire 2.3(下) https://mp.weixin.qq.com/s/eMxDYix_j9DrvlRj46zlYw [Penetration_test] 简述 FTP 入侵与防御 [ vsftpd ] https://mp.weixin.qq.com/s/EDZtHZReM8I2N4dXGQB1cw [Penetration_test] 自动化Web渗透Payload提取技术 https://mp.weixin.qq.com/s/_xsF0e2hYCJ5Qr2LmyILxg [Penetration_test] IPC黑客入侵命令 https://mp.weixin.qq.com/s/shJT0Z4Hw7pSvW95d9KZiA [Penetration_test] 为什么你的服务器老被入侵 | Linux SSH密码暴力破解实战 https://mp.weixin.qq.com/s/PptJeo20dDWlTYWqjro9UQ [Penetration_test] 渗透资料大全 | ASP程序20个+PHP程序100个+0day30套+资料1000篇 https://mp.weixin.qq.com/s/Yp5aZbXTVI8150rQOV8A2A [Penetration_test] Web渗透技术及实战案例解析 https://mp.weixin.qq.com/s/VTbGoSCzdP4cNEP_kuIoyw [Penetration_test] OSCE注册关破解笔记 https://mp.weixin.qq.com/s/mEQL-PjKSjbn7AfZzutU2A 安全工具: [Security_tools] 适用于渗透测试不同阶段的工具收集整理 https://mp.weixin.qq.com/s/hPCAVQ4LKQqWEl1riutD8Q [Security_tools] MASSCAN 海量IP端口扫描仪 https://mp.weixin.qq.com/s/uWm1aHhQ_8qfE9hDUO_LhQ [Security_tools] CrackMapExec:一款针对大型Windows活动目录(AD)的后渗透工具 https://mp.weixin.qq.com/s/upgIQSpuMIH8cjcZdDR_iA [Security_tools] 黑客文本编辑工具:UltraEdit、WinHex、PEditor https://mp.weixin.qq.com/s/Tosvf18rza0WSw2-Kc-kaw [Security_tools] 黑客六道:送大家一款破解工具包 https://mp.weixin.qq.com/s/49w85JQbQA7Hhu2V2Toa2g [Security_tools] 分享一下整理的CTF工具包 https://mp.weixin.qq.com/s/egt2MrqKeFZazlojdYNrxw 移动安全: [Mobile_Security] 看我如何发现雅虎邮箱APP的存储型XSS漏洞 https://mp.weixin.qq.com/s/kDspyvK2sA6JXR-G-aPFSQ [Mobile_Security] Andorid-APP 安全测试(二) https://mp.weixin.qq.com/s/1yLz-8vEU_dJm2UdTR-pvw [Mobile_Security] 安卓应用程序渗透测试(六) https://mp.weixin.qq.com/s/fvqcWLD1DoUBb6PsLW0fOg [Mobile_Security] 安卓应用程序渗透测试(七) https://mp.weixin.qq.com/s/3rD1OJlrXEai_os7bdX3OQ [Mobile_Security] 安卓应用程序渗透测试(八) https://mp.weixin.qq.com/s/BM0UBjOXD4KQb0dDVz7ncw [Mobile_Security] 安卓应用程序渗透测试(九) https://mp.weixin.qq.com/s/9cYXOfD_GWORqoO7dfBJew 视频分享: [Video_share] 深入linux内核防御机制——kaslr实现细节详解 https://www.bugbank.cn/live/view.html?id=111635]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F57%2F</url>
<content type="text"><![CDATA[安全周刊(第57期) 安全动态: [Security_week] 西数MyCloud设备存在认证绕过漏洞(CVE-2018-17153) https://mp.weixin.qq.com/s/Iicszno04Ze8gocGMiisbw [Security_week] 网络安全之身份认证 https://mp.weixin.qq.com/s/xNw3akV5_YWwP1zQ8gZ_3Q [Security_week] 网络安全测评 https://mp.weixin.qq.com/s/Z6jbCI_KEmvn1EYHOZrk1Q [Security_week] 网络安全应急响应流程 https://mp.weixin.qq.com/s/fcK84vKTJxdctI69VhQ7qg [Security_week] 网络安全之访问控制 https://mp.weixin.qq.com/s/y9kG19-x2_gzemPIMyucdA [Security_week] 网络安全测评未来展望 https://mp.weixin.qq.com/s/clpUTZpmPn1-yaGHBMbB4g [Security_week] 网络安全应急响应组织体系与机制 https://mp.weixin.qq.com/s/GReACQjGTQ4WBR292eRiEQ [Security_week] 详解网络攻击 https://mp.weixin.qq.com/s/bpDykc59_GjFxU0Jmulj7g [Security_week] TCP/IP 协议安全 https://mp.weixin.qq.com/s/NXzRUqyUAauBoiLcND72mw [Security_week] 网络安全应急响应部署与策略 https://mp.weixin.qq.com/s/koFdD7FZYunbp2a-Ocpfrg [Security_week] 网络安全之物理与人员安全 https://mp.weixin.qq.com/s/tKvbPK9ngzn_peQbe8XeUg [Security_week] 信息安全漏洞周报(2018年第37期) https://mp.weixin.qq.com/s/NPhMueZaXUaf4XU9EE3qrA [Security_week] 漏洞威胁周报(2018/9/17-2018/9/23) https://mp.weixin.qq.com/s/eaCp1Mb-2U1dNEx1H0ulNA Web安全: [Web_Security] sql注入入门 之 mysql root权限下的注入利用方式 https://mp.weixin.qq.com/s/5Qcy3KIgL-xCGMXR3cTTdA [Web_Security] 秒D盾安全狗一句话木马 https://mp.weixin.qq.com/s/H4WdLZuRSQHdf7BpCpqMdw [Web_Security] sql注入入门 之 sqlite3常规注入 [ union方式 ] https://mp.weixin.qq.com/s/mwg8drZNxM51dqtglcVK1g [Web_Security] 基于机器学习的WEB攻击分类检测模型 https://mp.weixin.qq.com/s/D7VCF59iXmX--zS4WQHlJQ [Web_Security] 子域名劫持漏洞的挖掘指南 https://mp.weixin.qq.com/s/P7CxeCz5M1AjjwMRo3x-8Q [Web_Security] 前端题目怎么就成了一个 sql 注入的题 https://mp.weixin.qq.com/s/m3nqBY7ijj8LNJGKT8eyyQ [Web_Security] 信安之路挑战赛红蓝对抗题目全解析 https://mp.weixin.qq.com/s/wtxJbAKI4YtRALU_cYzbGg [Web_Security] 通过拆分请求来实现的SSRF攻击 https://mp.weixin.qq.com/s/MWOuGv-vXaN9PqvpyWOiLw [Web_Security] Web 应用程序安全 https://mp.weixin.qq.com/s/Jx12go4aZudV7coSpgtPig [Web_Security] DVWA漏洞靶场之文件上传与文件包含漏洞 https://mp.weixin.qq.com/s/C6I9XY54AJcpd1q7AxPTVQ [Web_Security] 增加盲注效率之DNSLOG注入 https://mp.weixin.qq.com/s/ki1qoNk5IZ_Nz7Fmy7tTmw [Web_Security] 从MSSQL到命令执行 https://mp.weixin.qq.com/s/aAG1T3bKBko84GKOW-a5PQ 渗透测试: [Penetration_test] powershell 渗透框架 [PowerSploit] https://mp.weixin.qq.com/s/cKfBseKM27Y6svDjqbG-NQ [Penetration_test] 技术分享 | 黑盒渗透测试的一些姿势和个人总结 https://mp.weixin.qq.com/s/ijdzbz8tZWzDCX-Tj3dsEg [Penetration_test] 一次比赛的木马从分析到种马接着删马 https://mp.weixin.qq.com/s/sU3S0AoojLg49iRDjIeDgQ [Penetration_test] 几个隐写题目的总结 https://mp.weixin.qq.com/s/kxpmNpk8xAA3mbMtzyWaiw [Penetration_test] Windows 10 账户安全防护 https://mp.weixin.qq.com/s/aZ2MPa3bq2cGM8HoOCaFtg [Penetration_test] 系统入侵与远程控制 https://mp.weixin.qq.com/s/IcquWBE4ZzTlhXJcPlgRhg [Penetration_test] 教你一些MySQL数据库入侵及防御方法 https://mp.weixin.qq.com/s/E81Uz92UqgzqctEYfyqZ2w [Penetration_test] 从“小白”到“白帽子黑客”的实用指南 https://mp.weixin.qq.com/s/p4O2y3cNgqAWo_TjaglHhQ [Penetration_test] Linux内网渗透 https://mp.weixin.qq.com/s/ldX4hsstE3ZyBBOL_fT7kg [Penetration_test] 渗透技巧——Windows单条日志的删除 https://mp.weixin.qq.com/s/tFZGm_unxdfMIp2ViIF03A 安全工具: [Security_tools] Whatcms - 支持超过300+的cms识别与漏洞检测工具 https://mp.weixin.qq.com/s/nkuidDCf9kUpKtVu4401gw [Security_tools] Ridrelay:一款在内网中快速查找域用户名的工具 https://mp.weixin.qq.com/s/RWogTNmiwKyZoJTJtR59Qg [Security_tools] 四种捕获DDoS攻击的监测工具 https://mp.weixin.qq.com/s/AWuBfv-bLuFjF1tFuI-6GA [Security_tools] Windows木马软件检测工具 https://mp.weixin.qq.com/s/44g4BnPu7GwiUTzCp-mZJw [Security_tools] HashMyFiles-文件校验工具分享 https://mp.weixin.qq.com/s/HLhmLlcEagTZnk6JdmNxww [Security_tools] docker简单实用教程 https://mp.weixin.qq.com/s/7lESAxQvWqS6mgrdxBO8qQ [Security_tools] 中国菜刀使用指南 https://mp.weixin.qq.com/s/UxPdIQs-1vdYcLXpWcNW6w [Security_tools] 可以内网穿透的10款工具 https://mp.weixin.qq.com/s/ypaxxSELVWCcCpqHs7MoNw [Security_tools] 内网渗透的一些工具和平台汇总 https://mp.weixin.qq.com/s/i0Joxtbmcip8Cupe4iR7XQ 移动安全: [Mobile_Security] 安卓应用程序渗透测试(一) https://mp.weixin.qq.com/s/FmHEa5RecuXeTY-4HZqj8w [Mobile_Security] 安卓应用程序渗透测试(二) https://mp.weixin.qq.com/s/GJ3FIZtJx0QuMC0BP1_CpQ [Mobile_Security] 安卓应用程序渗透测试(三) https://mp.weixin.qq.com/s/YPYbui-aQY1uCcfhR_xqUA [Mobile_Security] 安卓应用程序渗透测试(四) https://mp.weixin.qq.com/s/qmk4wUZ8sf6Y6xrfqDfVXA [Mobile_Security] 安卓应用程序渗透测试(五) https://mp.weixin.qq.com/s/P-Z_V7Hb5i5ALLWn51LjPw [Mobile_Security] 某教务管理系统APP逆向分析之协议漏洞 https://mp.weixin.qq.com/s/5G5MFtjdyJS7ewd73BkTvQ [Mobile_Security] Android逆向之动态分析so篇 https://mp.weixin.qq.com/s/P313J0vtVTs0gmUdrP1kLA 视频分享: [Video_share] 一般人我不告诉的WAF绕过新姿势 https://www.bugbank.cn/live/view.html?id=111608]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F56%2F</url>
<content type="text"><![CDATA[安全周刊(第56期) 安全动态: [Security_week] 网络安全应急响应 https://mp.weixin.qq.com/s/gVXT9gCTRDgvh7uh1zaRCg [Security_week] 网络安全风险评估 https://mp.weixin.qq.com/s/0zEfvHVqwQjIUYRtA9ZUQQ [Security_week] 网络安全风险评估之脆弱性识别 https://mp.weixin.qq.com/s/f7mlCFzKWyY4uZBU_7m0Ag [Security_week] 关于服务器常见问题汇总 https://mp.weixin.qq.com/s/JaMTpS0iN3ceg-qYStx7ew [Security_week] 安全运维中基线检查的自动化 https://mp.weixin.qq.com/s/ggtC-0e-UVF0H9cNNb06mw [Security_week] 信息安全漏洞周报(2018年第36期) https://mp.weixin.qq.com/s/EFd1Sc6Z7vkCIIXzq9TLkQ [Security_week] 漏洞威胁周报(2018/9/8-2018/9/14) https://mp.weixin.qq.com/s/NlKIa2Vyfek2WUPYMdF2jg Web安全: [Web_Security] 如何绕过电子邮件格式过滤进行SQL注入 https://mp.weixin.qq.com/s/tviMDs7pSHx-NGzWAWW3vA [Web_Security] 中文点选验证码之自动识别 https://mp.weixin.qq.com/s/5pGrZMusQLDOLrgpXdF8Jw [Web_Security] 一处代码执行引发的思考 https://mp.weixin.qq.com/s/_5MyinSBgLzD7sWlY4VFZg [Web_Security] SQLmap入门指南 https://mp.weixin.qq.com/s/Bu909q9BtvxJypFYs2dQYw [Web_Security] SQLmap中文笔记重制版 https://mp.weixin.qq.com/s/oANWtuR0G_sPd4D7j9iybw [Web_Security] 代码安全之参数安全过滤 https://mp.weixin.qq.com/s/_mBXdTIBCqdlaLnIkbff3A [Web_Security] 网络安全开发之业务功能安全设计 https://mp.weixin.qq.com/s/-barZ0IDzQAKcyvTwYX9fA [Web_Security] 网络安全之应用安全体系建设 https://mp.weixin.qq.com/s/TYv1POSxgdk-FXyxE-LTmQ [Web_Security] 解决常见手机端https抓包证书校验问题 https://mp.weixin.qq.com/s/Q4XfLjuCENtaAQ35gmfglA [Web_Security] Chrome 调试技巧 https://mp.weixin.qq.com/s/ws3O8iUTCKD44rnh1cklUQ 渗透测试: [Penetration_test] 利用icmp隧道 轻松穿透 tcp/udp四层 封锁 https://mp.weixin.qq.com/s/xtB_NJp_gV3jZywJu_-jRA [Penetration_test] Windows平台下实现提权的新姿势 https://mp.weixin.qq.com/s/lKBVGn0K0l8bgMKAacVuFA [Penetration_test] getshell之后难忘的经历 https://mp.weixin.qq.com/s/cG2fSnD34cHhjDswxSy5MQ [Penetration_test] ecshop3.X 命令执行漏洞分析 https://mp.weixin.qq.com/s/7iz24i6Znr-3LifWQGh8Zw [Penetration_test] 二进制学习系列-栈溢出之libc_init https://mp.weixin.qq.com/s/6YD8UuHM6Prdc666AB7zrA [Penetration_test] Linux应急响应(三):挖矿病毒 https://mp.weixin.qq.com/s/0q1XXqqQZiux3jvrP9zUOg [Penetration_test] Linux应急响应(四):盖茨木马 https://mp.weixin.qq.com/s/-T9wupsSfW1Q73ocPgvMBg [Penetration_test] CMS真的安全吗?(二)——洞鉴DedeCMS https://mp.weixin.qq.com/s/3SSwoJQs0VQCJqZjcOVryw [Penetration_test] 渗透测试实战 https://mp.weixin.qq.com/s/mfnaZMc92X98h1Tf-gtg8w 安全工具: [Security_tools] 渗透测试常用“神器” https://mp.weixin.qq.com/s/ZYa38RQBPMEu7en3WmvW-A [Security_tools] Tplmap - 扫描服务器端模板注入漏洞的开源工具 https://mp.weixin.qq.com/s/v31779Ud2Xa3cAbFoJN0XQ [Security_tools] iOS和Android移动应用渗透测试框架——Scrounger介绍 https://mp.weixin.qq.com/s/3v2rS9-VpAr0QO7beTiQhw [Security_tools] 渗透测试工具实战技巧合集(一) https://mp.weixin.qq.com/s/5EuWZzzF8zbPFl9eGq2EOA [Security_tools] 渗透测试工具实战技巧合集(二) https://mp.weixin.qq.com/s/Pzc0KXn4RdqatAvuynG2Vw 代码审计: [Code_audit] 代码审计技巧 https://mp.weixin.qq.com/s/ru62RgTssdYarXwssksVig 视频分享: [Video_share] 绕过求职“WAF”的奇淫巧技 https://www.bugbank.cn/live/view.html?id=111599]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F55%2F</url>
<content type="text"><![CDATA[安全周刊(第55期) 安全动态: [Security_week] 一些实用的社工教程 https://pan.baidu.com/s/1i53K6Rb [Security_week] 信息安全漏洞周报(2018年第35期) https://mp.weixin.qq.com/s/BThGT0WNXQ_Slgy5l1i5sw [Security_week] 漏洞威胁周报(2018/9/1-2018/9/7) https://mp.weixin.qq.com/s/S_0Q9z4YFrk9ieWy-t3-1w Web安全: [Web_Security] sql注入入门之mssql常规显错注入 https://mp.weixin.qq.com/s/hFZlYpCLa6Z9Jl_noHs7ew [Web_Security] 永不消失的 ‘0day’ [ 弱口令 ] https://mp.weixin.qq.com/s/tIwEen_4HT0gu5ZuN4uq8g [Web_Security] 通过Password Vault的XSS漏洞获取用户密码测试 https://mp.weixin.qq.com/s/VA14eTNoPo1QmhRR2zpqiA [Web_Security] 漏洞挖掘与防范(一) https://mp.weixin.qq.com/s/Prb5NGlFo8de3zybYFLQ3A [Web_Security] 漏洞挖掘与防范(二) https://mp.weixin.qq.com/s/0i_z_KAIQQdS1Qw0HNOZKw [Web_Security] 漏洞挖掘与防范(三) https://mp.weixin.qq.com/s/Y6YUrO0emG0URfIaXaxk6w [Web_Security] 社会工程之信息收集 https://mp.weixin.qq.com/s/nGu9XY6xcXaiQwbK1Eufbg [Web_Security] 二次漏洞审计 https://mp.weixin.qq.com/s/boWNkWEuvp4ZC782cMnqpw [Web_Security] 业务逻辑漏洞探索之暴力破解 https://mp.weixin.qq.com/s/DChij-pLITOp96edN6cRuA 渗透测试: [Penetration_test] powershell 渗透框架[ nishang ] https://mp.weixin.qq.com/s/HNTSepRTm6_kFPxfcKBMsA [Penetration_test] 安全运维之如何找到隐匿于last和w命令中的ssh登录痕迹 https://mp.weixin.qq.com/s/kGknc9bG9Eonk8xQadIbmw [Penetration_test] 浅谈狡猾的一句话木马 https://mp.weixin.qq.com/s/hJLeuADFI7honmcl9SSy4w [Penetration_test] 端口渗透大全 https://mp.weixin.qq.com/s/vLylhXkE2mFDaoxeXK3eZg [Penetration_test] 【防止被脱裤】如何在服务器上设置一个安全的 MySQL https://mp.weixin.qq.com/s/vl15KXhWdDauoIJExxZrrg [Penetration_test] 渗透测试神器 | Metasploit 使用简介 https://mp.weixin.qq.com/s/U2fMxOfbFjH2PjbfWoSUDQ [Penetration_test] 渗透,持续渗透,后渗透的本质 https://mp.weixin.qq.com/s/drkyLz2QdU2py4YuIMm3gg 安全工具: [Security_tools] 简谈渗透测试各阶段我常用的那些“神器” https://mp.weixin.qq.com/s/gftEKslsUEufXPphde3fRQ [Security_tools] Android App渗透测试工具分享 https://mp.weixin.qq.com/s/-eJg4FRo55l7rHtNC_Pt7w [Security_tools] DDoS 攻击的工具 https://mp.weixin.qq.com/s/fo0wqLxLKSXFi2bxkGadrQ [Security_tools] 社会工程之在线信息收集工具 https://mp.weixin.qq.com/s/fVuOK1EQH-l0qO_7roLa6w 移动安全: [Mobile_Security] Android 进程注入危害与测试 https://mp.weixin.qq.com/s/YSf3RuFzi3JTvBYT22md_g]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F54%2F</url>
<content type="text"><![CDATA[安全周刊(第54期) 安全动态: [Security_week] 等级保护测评 主机安全 三级 详解测评要求项、测评方法及测评步骤,测评判分标准:0分标准和满分标准 https://mp.weixin.qq.com/s/GjT4hB9K0P8HNi49WWydYA [Security_week] burpsuite_pro_v2.0beta抢先测试版 https://mp.weixin.qq.com/s/0VtwqEWjDfVhtE5G-PVbfw [Security_week] Apache Struts2 S2-057漏洞 https://mp.weixin.qq.com/s/A1Nj0TJ9jnLSIaVsxrZr7Q [Security_week] Struts2-057/CVE-2018-11776两个版本RCE漏洞分析(含EXP) https://mp.weixin.qq.com/s/wkkkseZjXKPae_t0i3Nceg [Security_week] zzcms 8.3 最新CVE漏洞分析 https://mp.weixin.qq.com/s/ROgA0e9qExM7P7p3cwqUnQ [Security_week] UEditor .Net版本任意文件上传漏洞 https://mp.weixin.qq.com/s/6lhiqO9_vvpYQeanz6QCDA [Security_week] 信息安全漏洞周报(2018年第32期) https://mp.weixin.qq.com/s/nGspOPCA10qA9NM75uUmuw [Security_week] 信息安全漏洞周报(2018年第33期) https://mp.weixin.qq.com/s/mpdAwlurj-OOgclBHk4c8Q [Security_week] 信息安全漏洞周报(2018年第34期) https://mp.weixin.qq.com/s/0gyE1hxo0kickBjfm7pK8A [Security_week] 漏洞威胁周报(2018/8/11-2018/8/17) https://mp.weixin.qq.com/s/Q1k8EQlk1SRBcLySnBRI9g [Security_week] 漏洞威胁周报(2018/8/18-2018/8/24) https://mp.weixin.qq.com/s/9KniC6c-coQlRAjVUpjyFg [Security_week] 漏洞威胁周报(2018/8/25-2018/8/31) https://mp.weixin.qq.com/s/nD-wh7JL_QSHEUePria3pQ Web安全: [Web_Security] 熟练使用各类敏感目录文件扫描工具 https://mp.weixin.qq.com/s/RRJ2mYB2KrWJb8qL4bLm7g [Web_Security] bypass waf入门之sql注入 [ 内联注释篇 ] https://mp.weixin.qq.com/s/95MzmfYVqM8cR2SCV1lXoQ [Web_Security] 文件上传限制绕过技巧 https://mp.weixin.qq.com/s/lSSCBeZ-JT8znchjlYJWVA [Web_Security] 靶机渗透测试实战–hack the ch4inrulz https://mp.weixin.qq.com/s/4x-q8KbNxWLxJshQ5GStJA [Web_Security] 记一次Node.Js反序列化攻击测试 http://www.freebuf.com/news/180882.html [Web_Security] 从零开始的CTF学习过程 https://mp.weixin.qq.com/s/61-anZM145227C0jG0nOtw [Web_Security] 一个合格程序猿应该知道的基础知识(二)—XXE注入攻击 https://mp.weixin.qq.com/s/B8aTiZ_YYi8YNa7Yeh1jWQ [Web_Security] 文件上传各种绕过姿势 https://mp.weixin.qq.com/s/FlG305wPbbD3Pfx2-UKIng [Web_Security] sql注入入门 之mysql宽字节注入 https://mp.weixin.qq.com/s/cIcR3Pb8FaWSm1zsvXVjSg [Web_Security] 搭建dvwa环境学习从MySql注入到GetShell https://mp.weixin.qq.com/s/0k0W4WB1IriUjijDRdCE9w [Web_Security] 你知道吗?图形验证码可能导致服务器崩溃 https://mp.weixin.qq.com/s/KK8LLIG9kT3iZ4qykrAfPQ [Web_Security] 一种针对PHP对象注入漏洞的新型利用方法 http://www.freebuf.com/articles/system/182197.html [Web_Security] DOM XSS的三种常见案例介绍 https://mp.weixin.qq.com/s/hX_b3voN-Avevt4jy3Ujmw [Web_Security] 如何通过Password Vault的XSS漏洞窃取用户密码信息 http://www.4hou.com/vulnerable/13261.html [Web_Security] SQL Server 注入小结 https://mp.weixin.qq.com/s/wDGSsUCyTu1kaMssduIuTA [Web_Security] UEditor编辑器两个版本任意文件上传漏洞分析 https://mp.weixin.qq.com/s/MH0xmDxC1Obwsdt-VYhm8g [Web_Security] GET请求-Referer限制绕过总结 https://www.secpulse.com/archives/74691.html [Web_Security] 我的Web应用安全模糊测试之路 https://www.secpulse.com/archives/74763.html [Web_Security] 网站和 Web 应用攻击 https://mp.weixin.qq.com/s/WiW25WnzUZJjeIPQLV1GLw [Web_Security] DVWA漏洞靶场之XSS漏洞渗透测试 https://mp.weixin.qq.com/s/tw9g1_AeXZbRQupjmUPTaQ [Web_Security] XSS的常见绕过方法 https://mp.weixin.qq.com/s/Pdv1bmFkAqKer0qKYjSMZA [Web_Security] SQLi-Labs环境搭建 https://mp.weixin.qq.com/s/uDVCqWMeWA6Hrio_koHW8Q [Web_Security] 【注入练习】SQLi-Labs过关全攻略 https://mp.weixin.qq.com/s/V2EstHKdAmassP7DmkRkMQ 渗透测试: [Penetration_test] 通向彼岸之内网代理转发 [ htran篇 ] https://mp.weixin.qq.com/s/_SRk24BIPn3xv_LpX-U_eQ [Penetration_test] win内网中利用ipc弹shell 小记 https://mp.weixin.qq.com/s/Lr08h6KFwrj0O2k9dNLRUw [Penetration_test] 服务器入侵溯源小技巧整理 https://mp.weixin.qq.com/s/A1tPlv8YpSr6w-zvUxxxxg [Penetration_test] nc高级攻击技术 http://www.4hou.com/tools/13070.html [Penetration_test] 对某webmail的渗透测试 https://mp.weixin.qq.com/s/J14IHFq9nvzmbVWqLOBOag [Penetration_test] 如何绕过Duo的双因素身份验证 https://mp.weixin.qq.com/s/L69ecN5gCtSgZxG8t2b2RA [Penetration_test] Struts2-057漏洞从搭建到复现 https://mp.weixin.qq.com/s/L4LADYes1Mun44RdPMEeAQ [Penetration_test] 记一次难忘的渗透测试 https://mp.weixin.qq.com/s/Dtv4koLWmN_kF397FdYMYA [Penetration_test] 网鼎杯第一场writeup https://mp.weixin.qq.com/s/d4KB9b83D5iiQAfNieqh3w [Penetration_test] 巅峰极客 第二场 WriteUp https://mp.weixin.qq.com/s/ivQLNSCMaH-zXrAqBUEiCg [Penetration_test] 网鼎杯 第四场 部分WriteUp https://mp.weixin.qq.com/s/XgFUSlV8I1G5GKfh5wzzyQ [Penetration_test] AD线下赛——防守思路分析 https://mp.weixin.qq.com/s/E7lL1dJUZy1Q8X1VLhT7PQ [Penetration_test] 一次对认证服务器的渗透测试 https://mp.weixin.qq.com/s/T3ukTjeWHrnJlt00fcM-Uw [Penetration_test] 溯源小记 https://mp.weixin.qq.com/s/ZHLBPnvWH0KHic1XAhjJ9A [Penetration_test] 渗透测试之漏洞利用 https://mp.weixin.qq.com/s/jU_BVqsTLDEAnoro48je8A [Penetration_test] 网络攻击之后期利用:提权 https://mp.weixin.qq.com/s/6EfPmCOZXbxipPic776PnA [Penetration_test] 网络攻击之后期利用:后门 https://mp.weixin.qq.com/s/qC-ACUvTSkbOZ3b9juKiAA [Penetration_test] NSA工具包实战–32位XP系统(MS17-010) https://mp.weixin.qq.com/s/hCxDlnWSwlg86kpaL5d0tA [Penetration_test] UEditor .net版本 getshell https://mp.weixin.qq.com/s/HozJphBLPSNT0NUnCBd6_Q [Penetration_test] Linux入侵排查思路 https://mp.weixin.qq.com/s/MAN6LjmWEhFGpucBbXO6Zw [Penetration_test] Linux应急响应(一):SSH暴力破解 https://mp.weixin.qq.com/s/1I0MpWXcyJoe5zGFLnv8gw 安全工具: [Security_tools] Pafish – 反调试工具 https://mp.weixin.qq.com/s/NyOqoYQkfLoq7gMi8snWAQ [Security_tools] Androl4b – 安卓安全检测系统 https://mp.weixin.qq.com/s/E6m1hgmLWWxhF8r0v_93Ug [Security_tools] 让Docker更强大的10个安全开源工具 https://mp.weixin.qq.com/s/A26Jb6SjsIoMsw-lJf7GAQ [Security_tools] XXEinjector – XXE自动化测试工具 https://mp.weixin.qq.com/s/DGP5clZTlZpSdYs1ETxLgw [Security_tools] Docker从入门到放弃 https://mp.weixin.qq.com/s/S8RsI15J6xVCpa74xxCp6A [Security_tools] WAScan:一款功能强大的Web应用程序扫描工具 https://mp.weixin.qq.com/s/sAy87NN-WhSdivu4km7FGw [Security_tools] Ridrelay:一款用于在内网中快速查找域用户名的工具 https://mp.weixin.qq.com/s/NCdWk_7Gtx16A8n4hZ2W7w [Security_tools] acccheck - smb爆破工具 https://mp.weixin.qq.com/s/Y0ptLZnogYT-m27BIuI2iA [Security_tools] Commix - 自动化命令注入测试与利用工具 https://mp.weixin.qq.com/s/duHTT244JFEof6mxnEAO9g [Security_tools] 老旧但不乏经典的高级组包工具 [ hping3 ] https://mp.weixin.qq.com/s/0xQGZ_TplwzH8pJwNGqi-g [Security_tools] 渗透测试神器Burp Suite现已推出2.0测试版 https://mp.weixin.qq.com/s/bmxqhqPIr4gEOvIKWMBuuA [Security_tools] Pure Blood v2.0:白帽子、Bug猎人专用的开源渗透测试框架 http://www.freebuf.com/sectool/180626.html 移动安全: [Mobile_Security] Andorid-APP 安全测试(一) https://www.secpulse.com/archives/74861.html [Mobile_Security] Android逆向之静态分析 https://mp.weixin.qq.com/s/mGhjmWDsE3qSKyBUz1hkyg 代码审计: [Code_audit] 浅谈APK安全及自动化审计 https://mp.weixin.qq.com/s/RDEmlLeLTprOXdXNW85_uQ [Code_audit] 代码审计 | DedeCMS v 5.7 sp2 RemoveXSS bypass https://mp.weixin.qq.com/s/MZ_rFUwBerE68RFuNyEsUA [Code_audit] 代码审计所需工具及使用 https://mp.weixin.qq.com/s/XjOnIv8Fr7dyNwV3gZIGQA 视频分享: [Video_share] 安全人才当下发展现状 https://www.bugbank.cn/live/view.html?id=111544 [Video_share] 那些年我遇过的软件保护 https://www.bugbank.cn/live/view.html?id=111570 [Video_share] 企业安全建设启示录 https://www.bugbank.cn/live/view.html?id=111572]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F53%2F</url>
<content type="text"><![CDATA[安全周刊(第53期) 安全动态: [信安之路]Linux 闯关游戏之通关秘籍 https://mp.weixin.qq.com/s/7N--mAlG2o4ixfpHyUAc_A [信安之路]Linux 闯关游戏之通关秘籍续 https://mp.weixin.qq.com/s/MnmXvDkaRQVCxFRUYHukmg [黑白之道]sql注入入门之mysql布尔型盲注 https://mp.weixin.qq.com/s/u6VjUf0FgeWG8EGX9JUy2A [合天智汇]Weblogic (下) https://mp.weixin.qq.com/s/8hzrPebe_XRVoPDtEW4gUg 安全工具:[KACK学习呀]2018 BlackHat 黑客大会工具分享 https://mp.weixin.qq.com/s/oh_fU7uW-N9vAEUXf-PNKw 渗透测试神器Burp Suite现已推出2.0测试版——版 https://www.secdic.com/go/21689.html CloudMapper:一款帮助你分析Amazon Web Services环境安全性的强大工具——具 https://www.secdic.com/go/21688.html 攻防对抗: IDA F5 在 CTF逆向中的坑——坑 https://www.secdic.com/go/21681.html DOM XSS的三种常见案例介绍——绍 https://www.secdic.com/go/21677.html 你说安全就安全?对红芯浏览器的一次安全测试——试 https://www.secdic.com/go/21678.html 通过Unquoted service Path进行Windows权限提升——升 https://www.secdic.com/go/21679.html 看我如何hack BlackHat:使用BCard API枚举注册与会者——者 https://www.secdic.com/go/21687.html 安全运维: 大数据时代下的隐私保护(三)——) https://www.secdic.com/go/21683.html]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F52%2F</url>
<content type="text"><![CDATA[安全周刊(第52期) 安全动态: [Security_week] 红日安全|渗透测试指南电子书籍免费下载 https://mp.weixin.qq.com/s/JXpmkBn--qdirzzKdbubOw [Security_week] CVE-2018-5390:Linux内核TCP中发现远程拒绝服务漏洞 https://mp.weixin.qq.com/s/Ct6mxcsSQ7OJOL1xOdZ6Zg [Security_week] 深入解读社会工程攻击 https://mp.weixin.qq.com/s/r_IhD6eg7ADNT_SGnvt4wA [Security_week] 信息安全漏洞周报(2018年第31期) https://mp.weixin.qq.com/s/kkhTOmt2R8Etb2lCq8CMWw [Security_week] 漏洞周报2018年第六期(2018/8/4-2018/8/10)https://mp.weixin.qq.com/s/posE_UsMR0t3GmHvEItOYA Web安全: [Web_Security] sql注入入门 之 mysql 显错注入 [ floor()显错 ] https://mp.weixin.qq.com/s/mx43Lzihc5xP-ervC8Vsww [Web_Security] php 不用字母,数字和下划线写 shell https://mp.weixin.qq.com/s/fCxs4hAVpa-sF4tdT_W8-w [Web_Security] 打造基于Nginx的敏感信息泄露检测系统 http://www.freebuf.com/articles/web/179848.html [Web_Security] 一文掌握 MySQL https://mp.weixin.qq.com/s/RdTvEzfk0UMCJyo5uescMg [Web_Security] XML注入介绍 https://mp.weixin.qq.com/s/KJWw9JEqDd8jDyqISdpkVQ [Web_Security] Weblogic https://mp.weixin.qq.com/s/nL0g9mT7GKR5jK2rpk4FfA [Web_Security] NodeJS反序列化漏洞利用getshell https://mp.weixin.qq.com/s/k91vpp3w6zPESvFLEgojRg [Web_Security] SSL协议详解 https://mp.weixin.qq.com/s/7nl9cENKFqIKB_UAWT8Z3Q [Web_Security] 新手玩转XSS,一篇就够了 https://mp.weixin.qq.com/s/AszVtutUAWGePsAXqu2AQw [Web_Security] sql注入入门之mysql布尔型盲注 https://mp.weixin.qq.com/s/u6VjUf0FgeWG8EGX9JUy2A [Web_Security] Weblogic (下) https://mp.weixin.qq.com/s/8hzrPebe_XRVoPDtEW4gUg 渗透测试: [Penetration_test] kali实战渗透环境配置指南 https://mp.weixin.qq.com/s/Ou7xMNwO_jhMM2toGylmAQ [Penetration_test] 蜜罐学习之ssh https://mp.weixin.qq.com/s/GtCTDWo0iy_yQ9-jNAL8ZA [Penetration_test] OverTheWire Bandit Writeup (11-20) https://mp.weixin.qq.com/s/BZl5TngCglYn5y0_R_Ow9A [Penetration_test] OverTheWire Bandit Writeup (20-33) https://mp.weixin.qq.com/s/u4OkvlAJpVcRWg6utJwbFw [Penetration_test] Docker入门命令学习 https://mp.weixin.qq.com/s/HmaMgVkQPrkTIVssPaEBCQ [Penetration_test] 修改PHP扩展作为持久后门 http://www.freebuf.com/articles/web/179713.html [Penetration_test] 后门混淆和反检测技术 http://www.freebuf.com/articles/web/180263.html [Penetration_test] metasploit模块可以利用shellshock漏洞getshell http://www.4hou.com/vulnerable/12984.html [Penetration_test] MeePwn-Web复现 https://mp.weixin.qq.com/s/uAqABE8lQtO4cBGlmn7kOQ [Penetration_test] 浅谈逻辑漏洞之越权访问 https://mp.weixin.qq.com/s/BD77OTppMku5MJN9Q2SGDA [Penetration_test] powershell渗透框架 https://mp.weixin.qq.com/s/Y37Fkr0kNhsrXc1wq2k56w 安全工具: [Security_tools] WIBR - 安卓上的无线破解工具 https://mp.weixin.qq.com/s/bKS8j3be9RD9VnaynYD6kQ [Security_tools] jexboss – Jboss漏洞检测/利用工具 https://mp.weixin.qq.com/s/Y02gQ7klNHPQe118ejhZ2Q [Security_tools] 一款多平台网络穿透工具EW https://mp.weixin.qq.com/s/DPMTQLbR2Q3ESk4S2CNvEw [Security_tools] Burp Extractor扩展工具介绍 https://mp.weixin.qq.com/s/J14dO2vw93OzAZL-RLFZqA [Security_tools] 逆向工具OD(面板、快捷键) https://mp.weixin.qq.com/s/yCXOP9XfbxlW72rSgx-obg [Security_tools] 逆向工具IDA(基础简介) https://mp.weixin.qq.com/s/6dFX0I0tQhltY_c2J92eBg [Security_tools] SqlMap 1.2.7.20 Tamper详解及使用指南 http://www.freebuf.com/sectool/179035.html [Security_tools] wireshark教程及分析SSL https://mp.weixin.qq.com/s/UAZyxzJ--vh9syDLzdnnSQ [Security_tools] 2018 BlackHat 黑客大会工具分享 https://mp.weixin.qq.com/s/oh_fU7uW-N9vAEUXf-PNKw 代码审计: [Code_audit] 代码审计浅析 https://mp.weixin.qq.com/s/dv2ojQ2k6YbRsHydEXyNdg [Code_audit] 代码审计| Spring框架实例篇 https://mp.weixin.qq.com/s/RizNlkYDnYZX5wd0e-jEwA [Code_audit] MetInfo 最新版代码审计漏洞合集 https://mp.weixin.qq.com/s/kmrIJnTdZtaQyQRTvL-6dQ [Code_audit] 代码审计Day8 - preg_replace函数之命令执行 https://xz.aliyun.com/t/2577 视频分享: [Video_share] 私人定制无线攻击硬件武器 —— 无线攻击原理及实战演示 https://www.bugbank.cn/live/view.html?id=111524]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F50%2F</url>
<content type="text"><![CDATA[安全周刊(第50期) 安全动态: [Security_week] 一直在努力,从未放弃,你放弃了吗 https://mp.weixin.qq.com/s/ChiXtcrEyQeLkGOkm4PTog [Security_week] 浅谈企业安全建设 https://www.secdic.com/go/20979.html [Security_week] 信息安全漏洞周报(2018年第29期) https://mp.weixin.qq.com/s/pcSFc6qRmjwPalVrLuJ8Ug [Security_week] 漏洞威胁周报(2018/7/21-2018/7/27) https://mp.weixin.qq.com/s/tlWfhgmOZLBXCNgcUiCmUw Web安全: [Web_Security] 网络基础知识 | TCP 三次握手和四次挥手(动画版 & 女朋友版) https://mp.weixin.qq.com/s/teu447tamWl6nh-Hge5HrQ [Web_Security] JSON Web Token 入门教程 https://mp.weixin.qq.com/s/82kGtrI1QK7gkswtd-QsAQ [Web_Security] Taipan - C#开源跨平台web漏洞扫描器 https://mp.weixin.qq.com/s/NkIIFjk7ikPepjkUGcBwDg [Web_Security] Hongcms 3.0.0后台SQL注入漏洞分析 https://mp.weixin.qq.com/s/x1-ZfdkYBe8QtPDBD22hXg [Web_Security] XXE漏洞利用技巧:从XML到远程代码执行 https://mp.weixin.qq.com/s/CI4ew4YvPvLPsg4Pzvvu3w [Web_Security] 服务器针对文件的解析漏洞汇总 https://mp.weixin.qq.com/s/f0y_AjRtc4NjEqeJe6cPhw [Web_Security] WEB渗透测试DVWA漏洞靶场之命令行注入 https://mp.weixin.qq.com/s/cUbgQaCCiS8kQqVrUnrtLw [Web_Security] WEB渗透测试DVWA漏洞靶场之暴力破解 https://mp.weixin.qq.com/s/-hy0RjYUFVVwgCct5m0oDw [Web_Security] 又一个登陆框引起的血案 https://mp.weixin.qq.com/s/z1Gr1aR1kha0u4ak2ah3IA [Web_Security] 当Strust2遇到防火墙,你的思路够骚吗? https://mp.weixin.qq.com/s/iFffF8BSnM3nm_g8GaaiNg [Web_Security] 在Web服务器防止Host头攻击 http://www.freebuf.com/articles/web/178315.html [Web_Security] PHP 代码审计之死磕 SQL 注入 https://mp.weixin.qq.com/s/I8432k8nl55vfY5NTrfsow [Web_Security] Real World CTF国际大赛 部分WP https://mp.weixin.qq.com/s/zRpYN5_0w6aj-gHJCM2AjQ [Web_Security] CTF入门第二节 https://mp.weixin.qq.com/s/A3KMnQlpx5ZXcLwMuq242w [Web_Security] http、html和浏览器 https://mp.weixin.qq.com/s/u7OL32ArPG9tveYwpobe-w [Web_Security] 浅谈信息收集的思路 https://mp.weixin.qq.com/s/a42btf8PffD6cx4wKX6N5A [Web_Security] 我的Web应用安全模糊测试之路 https://www.anquanke.com/post/id/152729 [Web_Security] SQL注入WIKI https://mp.weixin.qq.com/s/oDs5Vf9BbriR-3UWQM-KSA 渗透测试: [Penetration_test] FTP权限详解(中篇) https://mp.weixin.qq.com/s/vy39KxoSq21LFaKaduHrIg [Penetration_test] 渗透测试实战-Blacklight靶机+DeRPnStiNK靶机入侵 https://www.secdic.com/go/20954.html [Penetration_test] 一次绕过防火墙获取RCE以及提权到root权限的渗透过程 https://mp.weixin.qq.com/s/WIs2dF6sX7r1d-5y7w-d_w [Penetration_test] 初识Linux渗透:从枚举到内核利用 https://mp.weixin.qq.com/s/WM2xpDlzRteO7ByWJ5D00Q [Penetration_test] Linux下几种反弹Shell方法的总结与理解 http://www.freebuf.com/articles/system/178150.html [Penetration_test] 探索基于.NET下实现一句话木马之SVC篇 https://mp.weixin.qq.com/s/zibOpbVcPd7ILcBHrjBpMw [Penetration_test] 渗透测试工程师从业经验 https://mp.weixin.qq.com/s/5sp3E3UdLngaxyqccWFvWA 安全工具: [Security_tools] 渗透必备工具:burpsuite_pro_v1.7.35 https://www.secpulse.com/archives/73745.html [Security_tools] 一款专门针对Microsoft SQL数据库的渗透测试工具 http://www.freebuf.com/sectool/177187.html [Security_tools] Pythem – Python网络/渗透测试工具 https://mp.weixin.qq.com/s/vqzo71bokuKE25ZFpanyKg [Security_tools] 信息安全工具汇总 https://mp.weixin.qq.com/s/3-18VD9DuyEw5hrL6_JPNA [Security_tools] 如何在只有Bash反弹Shell的情况下上传文件 http://www.freebuf.com/articles/system/178515.html 代码审计: [Code_audit] Java代码审计丨某开源系统源码审计 https://mp.weixin.qq.com/s/SLG7Y1-_A4BvZFIkB6HKnA [Code_audit] 代码审计树洞X_FORWARDED_FOR注入 https://mp.weixin.qq.com/s/dE0apMGcwmIEHCOs9xWapg 视频分享: [Video_share] 如何优雅隐藏你的Webshell https://www.bugbank.cn/live/view.html?id=111487]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F51%2F</url>
<content type="text"><![CDATA[安全周刊(第51期) 安全动态: [Security_week] 信息安全漏洞周报(2018年第30期) https://mp.weixin.qq.com/s/4MAkLIzUyQ4AtGVaea_HgQ [Security_week] 漏洞威胁周报(2018/7/28-2018/8/3) https://mp.weixin.qq.com/s/UJ_CqXwSQi2N1idU1Pwt9g Web安全: [Web_Security] 逐梦2期之如何成为一个优秀的白帽子 https://mp.weixin.qq.com/s/L0iSJVscnlfyl2HLHfZgzA [Web_Security] 缝缝补补的Weblogic——绕过的艺术 https://mp.weixin.qq.com/s/ShXdCUr5m8YZl0jEoxgJyQ [Web_Security] sql注入入门 之 access常规注入 [ union方式 ] https://mp.weixin.qq.com/s/fT2c48p6tTX3V-SjA4qY1A [Web_Security] 谈谈渗透测试中的信息搜集 https://mp.weixin.qq.com/s/a7VugkNQd9tOk_6NF3Sx4Q [Web_Security] SQL约束攻击引发的思考 https://mp.weixin.qq.com/s/5FBtjWtaoVY2TZ4KTmNkxA [Web_Security] Burpsuite出神入化之-半自动化注入 https://mp.weixin.qq.com/s/zBX3g8JVG9IAsxNH7j_ozw [Web_Security] HTTP PUT方法利用的几种方式 https://mp.weixin.qq.com/s/GnJDGUH4EGveYC4dExC49g [Web_Security] Java | Web 抓取 https://mp.weixin.qq.com/s/8ZNZTqT8UEqEHBMRUt_e0w 渗透测试: [Penetration_test] FTP权限详解(下篇) https://mp.weixin.qq.com/s/Q3nfFCVGKaav8BCCr6oyzw [Penetration_test] 探索基于.NET下妙用DLL处理映射实现后渗透权限维持 https://mp.weixin.qq.com/s/26YQa05rjQ8hhsS6aU40Nw [Penetration_test] DVWA漏洞靶场之弱会话ID漏洞渗透测试 https://mp.weixin.qq.com/s/A9PByl36aODmtflw3V5E1A [Penetration_test] DVWA漏洞靶场之密码修改漏洞渗透测试 https://mp.weixin.qq.com/s/J1dpuy_XxxwJSH8muGTLgg [Penetration_test] DVWA漏洞靶场之SQL盲注渗透测试 https://mp.weixin.qq.com/s/nfR1RjOQu5THe-423ZHL2A [Penetration_test] DVWA漏洞靶场之SQL注入渗透测试 https://mp.weixin.qq.com/s/SaVnqZv9ufV7sS-0Npq9bg [Penetration_test] Burp与sqlmap进行SQL注入渗透测试 https://mp.weixin.qq.com/s/JsHfazkeFtYSqTIPiB21VQ [Penetration_test] skr ~~HID攻击之实战篇 https://mp.weixin.qq.com/s/JJ5Vfzf5zAyxQAYqZqacPw [Penetration_test] linux溢出提权小记 https://mp.weixin.qq.com/s/XsKE0gDyO6DjkQPOqWvmLg [Penetration_test] 记一次扎心的渗透测试 https://mp.weixin.qq.com/s/JA6TZR3SLzjZZpRvuR048w [Penetration_test] 后门混淆和反检测技术 http://www.4hou.com/technology/12718.html [Penetration_test] 深度聊聊PHP下的“截断”问题 http://www.freebuf.com/articles/web/179401.html [Penetration_test] 域渗透分析工具BloodHound 1.5.2入门实战 http://www.freebuf.com/sectool/179002.html 安全工具: [Security_tools] WPSeku - Wordpress漏洞扫描工具 https://mp.weixin.qq.com/s/AVGtV_ksrgdUEP5qX1Qmwg [Security_tools] Nmap扩展开发(三)——扩展脚本-主机、端口对象 https://www.secdic.com/go/21074.html [Security_tools] Nmap扩展开发(四)——HTTP包的使用 https://www.secdic.com/go/21088.html [Security_tools] 黑客工具+精品教程 +XSS漏洞视频 https://mp.weixin.qq.com/s/9WlswNjUAvySTP2NWuntXQ [Security_tools] 一款针对AWS环境的安全审计工具 https://mp.weixin.qq.com/s/ye4RloC5BTR_8goIExgJ_A 代码审计: [Code_audit] 对自助提卡系统的一次代码审计 https://mp.weixin.qq.com/s/NWxFqA4xhs8WuVs6_tpTOg [Code_audit] 代码审计Day1 – in_array函数缺陷 https://www.secdic.com/go/21065.html [Code_audit] 代码审计Day2 – filter_var函数缺陷 https://www.secdic.com/go/21101.html [Code_audit] 代码审计Day3 – 实例化任意对象漏洞 https://www.secdic.com/go/21114.html [Code_audit] 代码审计PHP-Audit-Labs题解之Day1-4 https://xz.aliyun.com/t/2491 [Code_audit] 代码审计Day5 - escapeshellarg与escapeshellcmd使用不当 https://xz.aliyun.com/t/2501 [Code_audit] 代码审计Day6 - 正则使用不当导致的路径穿越问题 https://xz.aliyun.com/t/2523 [Code_audit] 代码审计Day7 - parse_str函数缺陷 https://xz.aliyun.com/t/2541 视频分享: [Video_share] 那些年的文件上传姿势总结 https://www.bugbank.cn/live/view.html?id=111501]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F5%2F</url>
<content type="text"><![CDATA[title: 5date: 2018-1-16 19:05:18tags: 5 Web安全漏洞: exploit&Persian Hack Team [web_vlun]Joomla Component FocalPoint 1.2.3 - SQL Injection[joomla组件sql注入: https://cxsecurity.com/issue/WLB-2017030207 exploit&Ihsan Sencan [web_vlun]Flippa Clone - SQL Injection: https://www.exploit-db.com/exploits/41674/ US-CERT/NIST [web_vlun]CVE-2017-7251[xss跨站漏洞: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7251 Benjamin K.M. [web_vlun]Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability: https://www.vulnerability-lab.com/get_content.php?id=2042 CNVD [web_vlun]安达通SJW74VPN与IAM网关系统存在任意文件下载漏洞: http://www.cnvd.org.cn/flaw/show/CNVD-2017-02029 CNVD [web_vlun]西西音乐电台v1.0系统存在SQL注入漏洞: http://www.cnvd.org.cn/flaw/show/CNVD-2017-01357 Web 漏洞安全文章 twitter&Nikhil SamratAshok Mittal [web_oracle]Using SQL Server for attacking a Forest Trust: http://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html 使用SQL Server攻击信任区域: http://t.cn/RieF4bf twitter&Manuel Caballero [web_oracle]Referrer spoofing with iframe injection: https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ 引用iframe注入欺骗: http://t.cn/RieF4bf twitter&Manuel Caballero [web_oracle]Hacking the Worldwide Banking System: https://drive.google.com/file/d/0B_tRQHq1vrtxYXg0T05Yd0xkUVU/view Web安全工具github&ins1gn1a [web_tools]PWDLYSER – PASSWORD ANALYSIS & REPORTING TOOL.[密码分析以及报告工具]: http://seclist.us/pwdlyser-password-analysis-reporting-tool.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29 github&mehulj94 [web_tools]BrainDamage[功能齐全的后门工具]: https://github.com/mehulj94/BrainDamage/ 移动安全: cve [andorid]CVE-2017-0532: http://www.cvedetails.com/cve/CVE-2017-0532/]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F48%2F</url>
<content type="text"><![CDATA[安全周刊(第48期) 安全动态: [Security_week] 浅谈信息安全管理体系建设 https://mp.weixin.qq.com/s/ho91vlCNYHUEKvw-OUZ50g [Security_week] Intel Active Management Technology(AMT)漏洞预警 https://mp.weixin.qq.com/s/t7r5Nhc1l1pD2mjWauLbcg [Security_week] 信息安全漏洞周报(2018年第27期) https://mp.weixin.qq.com/s/mvGJT5gin_Duyzx2EZLFrg [Security_week] 漏洞威胁周报(2018/7/7-2018/7/13) https://mp.weixin.qq.com/s/rzGPnv0MnBTG8VvkxvrZDg Web安全: [Web_Security] 用 JavaScript 框架绕过 XSS 防御 https://mp.weixin.qq.com/s/NwTUKecgUVa17xImRp10LQ [Web_Security] Red Team 工具集之信息收集 https://mp.weixin.qq.com/s/ItDg3vq0alCt10Q7vae2hw [Web_Security] 利用XSS绕过CSRF防御 https://mp.weixin.qq.com/s/CPnTz0rvk9BfVklvL6Cpyg [Web_Security] 实战入侵朋友的大学 https://mp.weixin.qq.com/s/rvjg7JcC6SOHLRkIthZdQw [Web_Security] SSRF 漏洞分析与利用(含 CTF 例题) https://mp.weixin.qq.com/s/JBsxBSfZk-groD-OmGZDjg [Web_Security] 基于Chorme headless的xss检测实践 https://mp.weixin.qq.com/s/FDb1bXblxUVD38FwjwABbQ [Web_Security] CMS真的安全吗?洞鉴PHPCMS https://mp.weixin.qq.com/s/S82e8JVDbj9jGLLpV36g-A [Web_Security] 浅说 XSS 和 CSRF https://mp.weixin.qq.com/s/Rf4dag7Z1rFNl4LxbAjyqw [Web_Security] 两道CTF Reverse题目(windows平台) https://mp.weixin.qq.com/s/3imhnIUrWyzKPUj1W5w6Ug [Web_Security] XXE 漏洞攻击浅析 https://mp.weixin.qq.com/s/T0zawe9FUVHFPXjtQOa0Bw 渗透测试: [Penetration_test] Windows 渗透与提权技巧 https://mp.weixin.qq.com/s/Q6R99sSnpGtwZLiQGJ9Y-g [Penetration_test] MySQL 数据库入侵及防御 https://mp.weixin.qq.com/s/dYEKS3lWlLhDZ5AWyzvChw [Penetration_test] Linux 渗透与提权技巧 https://mp.weixin.qq.com/s/9hg82fPbWPNRVpRzByiWVQ [Penetration_test] QCTF部分 writeup https://mp.weixin.qq.com/s/hW8jTFLiPWElcEBkUO4_aQ [Penetration_test] 【应急响应】windows入侵排查思路 https://mp.weixin.qq.com/s/17L_fQJ1qjSvt8UL7VSemg 安全工具: [Security_tools] NSEarch - Nmap脚本引擎搜索 https://mp.weixin.qq.com/s/oA1JRsR152jpYfh1jrwhlw [Security_tools] SQL注入被动扫描工具 https://mp.weixin.qq.com/s/DsD8pQ48OOxaVNcdfWXAdQ [Security_tools] 使用scapy进行ARP攻击 https://mp.weixin.qq.com/s/PllsdVfJbrseYO60pie76g [Security_tools] Red Team 工具集之攻击武器库 https://mp.weixin.qq.com/s/HNJRq_yTX_NLrXsvMXUrTA [Security_tools] 软件推荐之-——压缩软件特辑 https://mp.weixin.qq.com/s/OOLh-vcMFxQfLDfaOkOuXg [Security_tools] Autocrack – 自动化破解工具 https://mp.weixin.qq.com/s/12RxbSailnqcvylQErug9w [Security_tools] retire.js - 扫描JavaScript库漏洞 https://mp.weixin.qq.com/s/v-GwJhbF56CGAzgScmGqSw [Security_tools] Autocrack:一款强大的自动化Hash破解工具 http://www.freebuf.com/sectool/177298.html 代码审计: [Code_audit] Java代码审计| Spring框架思路篇 https://mp.weixin.qq.com/s/G8sP-FCWG-t3Z-Evc_BPoQ 视频分享: [Video_share] 网络安全攻击介绍 https://mp.weixin.qq.com/s/utPgLUeKBRxHElhT4vEd1Q [Video_share] SQL 注入工具 sqlmap 的使用 https://mp.weixin.qq.com/s/1JmMYHndBym2mRC1qAQYRg [Video_share] 越?权?—— 越权姿势详解与特殊案例集锦 https://www.bugbank.cn/live/view.html?id=111450]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F49%2F</url>
<content type="text"><![CDATA[安全周刊(第49期) 安全动态: Security_week] CVE-2018-2893:Oracle WebLogic Server 远程代码执行漏洞分析预警 https://mp.weixin.qq.com/s/eMBlFfvidiTHkIZdtyVdCQ [Security_week] 信息系统安全建设 建议方案.doc https://mp.weixin.qq.com/s/qUFFuzIyPrAQplIsVnXbJQ [Security_week] 信息安全漏洞周报(2018年第28期) https://mp.weixin.qq.com/s/iS5-33KMm_70TlAH5sMGog [Security_week] 漏洞威胁周报(2018/7/14-2018/7/20) https://mp.weixin.qq.com/s/_Jyc8ZXfscX1HToPpVzYfQ Web安全: [Web_Security] Vulnhub实战靶场IMF教程 http://www.freebuf.com/articles/system/177116.html [Web_Security] Web QCTF-WrtieUp-2018 https://www.secpulse.com/archives/73650.html [Web_Security] 某入群题之命令执行字符限制绕过(WEB100) https://mp.weixin.qq.com/s/zxBf4ZSuwTZEpRYH1LssqA [Web_Security] 技巧|三分钟绕过浏览器拦截XSS机制进行安全测试 https://mp.weixin.qq.com/s/dQGQvtwPA07ROGixno2-gg [Web_Security] WEB渗透测试DVWA漏洞靶场通关系列教程 https://mp.weixin.qq.com/s/HCN3ykQxyIOD074XIqA_lw [Web_Security] ourphp 前台注册登入前台某用戶 https://mp.weixin.qq.com/s/NEE_N1ytAn-U5wiVQFx-Vg [Web_Security] 如何在SQL注入中使用DNS技术获取数据 https://mp.weixin.qq.com/s/fFEj9xrI1Ow_TFtIR1NDkA [Web_Security] SQLServer注入技巧 https://mp.weixin.qq.com/s/1Kiwm_n9N3AnfMTmTk1BSg 渗透测试: [Penetration_test] 看雪ctf部分题解 https://mp.weixin.qq.com/s/5dnhNp3RZNQt3-1pbGb5PA [Penetration_test] 探索基于.NET下实现一句话木马之ashx篇 https://mp.weixin.qq.com/s/A_bPoA_RUdWuMljseexHJA [Penetration_test] 探索基于.NET下实现一句话木马之asmx篇 https://mp.weixin.qq.com/s/75eEFQIpwrN65pFUTacvyQ [Penetration_test] phpmyadmin从找目标到拿下服务器 https://mp.weixin.qq.com/s/Sqo0xp6QhWHIpXhroXPD2Q [Penetration_test] LeakVM - 安卓应用安全测试框架 https://mp.weixin.qq.com/s/9UUMbv7duVOSG2Ng58S8YQ [Penetration_test] 模拟挖矿黑客攻击过程 https://mp.weixin.qq.com/s/-HwW599xSlKuY3ZcqgnAhQ [Penetration_test] 记一次猥琐的渗透 https://mp.weixin.qq.com/s/xTrEzkg4Ajv5cZI-U8KWCQ [Penetration_test] FTP权限详解(上篇) https://mp.weixin.qq.com/s/OH8MxreA9xzG7NmD6nyGUA [Penetration_test] 渗透测试基本技巧与经验分享 https://mp.weixin.qq.com/s/CkbRZF0p5JM55HzIq9RFVg [Penetration_test] Netcat实践 https://mp.weixin.qq.com/s/DpQpz6Pf_7refSxzrO7how [Penetration_test] Window应急响应(一):FTP暴力破解 https://mp.weixin.qq.com/s/ZUJ87wWbzccw_zSRADfCVg 安全工具: [Security_tools] Kwacha - 通过ssh批量种马工具 https://mp.weixin.qq.com/s/CB03GzmAl2Mcs0UeD3lHSg [Security_tools] MacOS下将burpsuite制作为APP https://mp.weixin.qq.com/s/m3j6HbEW50UvyOCK_s6Sow [Security_tools] Arpag - 自动化Exploit工具 https://mp.weixin.qq.com/s/w9hSy_uXHEE5yLntXOibaQ [Security_tools] ADHRIT - 安卓APK逆向分析工具 https://mp.weixin.qq.com/s/-raCSrLfhoN-4qppNltq5w [Security_tools] 内网工具学习之Empire后渗透 https://mp.weixin.qq.com/s/SpWVO3QAoUkyDqn7qV6R6A 代码审计: [Code_audit] 代码审计入门总结 https://mp.weixin.qq.com/s/gHVs2PSMUhXOoRK4Y1xFBg [Code_audit] Java代码审计| Spring框架知识篇 https://mp.weixin.qq.com/s/2cVlQyVwKzWuULORX4nBiQ 视频分享: [Video_share] 独家getshell技巧详解 —— phpMyAdmin利用之法 https://www.bugbank.cn/live/view.html?id=111477]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F47%2F</url>
<content type="text"><![CDATA[安全周刊(第47期) 安全动态: [Security_week] 微信支付存在漏洞,可导致商家服务器绕过支付 https://mp.weixin.qq.com/s/8Dmgs0FbtFuumBoMvzVXVg [Security_week] 从最近的微信支付看XXE漏洞 https://mp.weixin.qq.com/s/naSscBBGsG9cj9mKdvNQbA [Security_week] 信息安全漏洞周报(2018年第26期) https://mp.weixin.qq.com/s/TOLy1QZLswMfBC9HkSSBhg [Security_week] 安全从业人员的职业规划 https://mp.weixin.qq.com/s/134C13nbVtJkg-MM0eRe8g Web安全: [Web_Security] 不小心入侵了学校洗衣机 https://mp.weixin.qq.com/s/GsFB2O1MLEdjvRiqxIm7lw [Web_Security] 信息搜集总结 https://mp.weixin.qq.com/s/6gbTwZR_fgsOZG_MjvOOqQ [Web_Security] HTTPS 真的安全吗? https://mp.weixin.qq.com/s/GMC2HykfpnQKoVwDO3xlAw [Web_Security] wordpress任意文件删除漏洞分析 https://mp.weixin.qq.com/s/FiwJ0uqW60kBZUpVBewlAg [Web_Security] phpMyadmin实战提权某云云服务器 https://mp.weixin.qq.com/s/AxNuWEds52iDCucjVWxNwg [Web_Security] XSS小白基础篇 https://mp.weixin.qq.com/s/Le19O5E-dh0l4TLdlBDRrw [Web_Security] 记一次峰回路转的注入 https://mp.weixin.qq.com/s/RulsXG54d1wVzlG0v2GoxQ [Web_Security] 网站必备的五大HTTP安全标头 https://mp.weixin.qq.com/s/c4qHurrlhYrR0ol9C06CmQ [Web_Security] 什么是CSRF与XSS的安全漏洞? https://mp.weixin.qq.com/s/udhfLMdrw6hGu6aA4z5Z1g [Web_Security] dedecms5.7最新sql利用 guestbook.php注射漏洞 https://mp.weixin.qq.com/s/_1WcHcwfm5CbpeTM1xVvXg [Web_Security] 什么是文件包含漏洞?手把手入门白帽子(七) https://mp.weixin.qq.com/s/mOxSWwJncu0lFQ4Kk3K2Lg [Web_Security] 初探Burp Suite API 开发 https://mp.weixin.qq.com/s/QzOm2ZbNjhsY6c9H2NLRMA [Web_Security] APP测试 — 检测SQL注入 https://mp.weixin.qq.com/s/_cHGWxnSZkSrL8cEOk6B3Q [Web_Security] nginx开启更为安全的tls1.3 https://mp.weixin.qq.com/s/uq8ltnvTGJYddtW7O4zmAA 渗透测试: [Penetration_test] 闲聊Windows系统日志 https://mp.weixin.qq.com/s/vFiKcrPrpQTDF4T3KOHo1A [Penetration_test] 【渗透技巧】内网渗透思路 https://mp.weixin.qq.com/s/SfSXcb0J-hGSyNEaxKfNXQ [Penetration_test] AXIS2 弱口令提权 https://mp.weixin.qq.com/s/1c8ulmZM0cL6SVEcQwbczg [Penetration_test] 如何利用DCOM实现横向渗透 https://mp.weixin.qq.com/s/sEL420YQHf_VyYyDJJh0fA [Penetration_test] 利用通配符进行Linux本地提权 https://mp.weixin.qq.com/s/BdQJMZ3V8HN-eV33TGsEGQ [Penetration_test] 内网攻击总结 https://mp.weixin.qq.com/s/gqtKbpUFrM1huvjxmI_-5g [Penetration_test] CTF入门第一节 https://mp.weixin.qq.com/s/J2WPjqIDf5hThJKoDlBeYw [Penetration_test] web提权思路 https://mp.weixin.qq.com/s/aZgUIqbkhMf7WOWVCE-0RA [Penetration_test] 从暴力枚举用户到获取域所有信息 https://mp.weixin.qq.com/s/ssCeYjorQzLFN6FNsYnRJw 安全工具: [Security_tools] 镰刀框架 - 一个帐户枚举工具 https://mp.weixin.qq.com/s/2OcbsZ_EFCEyFFA6n2JATA [Security_tools] ASLR过程扫描仪 - 识别启用ASLR的过程的工具 https://mp.weixin.qq.com/s/H61RkPm91JhJmKpmxaU93g [Security_tools] 适用于渗透测试不同阶段的工具收集整理 https://mp.weixin.qq.com/s/bLOjWBdU2EWtqYLyHHr3EA [Security_tools] VOOKI:一款免费的Web应用漏洞扫描工具 https://mp.weixin.qq.com/s/uP4MZ0qYpxLsBgJM5JCiCg [Security_tools] HideToolz 进程隐藏工具 https://mp.weixin.qq.com/s/igiO3uPC3Lvcq-4vLqsVGQ [Security_tools] ViPer - Bruteforce 暴力破解密码工具 https://mp.weixin.qq.com/s/N_fZfikb8zbXH796uTLURg [Security_tools] LaserCrack:一款可扩展的暴力破解框架 https://mp.weixin.qq.com/s/77NY9OdE0CH3bQlByh1C4w [Security_tools] 黑客六道:内网信息收集工具V1.0 https://mp.weixin.qq.com/s/G48mlPadRkXKE16W-8Z9rA 代码审计: [Code_audit] 任意文件删除漏洞实例 https://mp.weixin.qq.com/s/DxcnldeS8UDyEJvsf0s11Q [Code_audit] 代码审计系统 https://mp.weixin.qq.com/s/EYgzdjZ0H4bg5z_LeQTDBQ 视频分享: [Video_share] 二进制自动化解题技术 https://www.bugbank.cn/live/view.html?id=111348]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F46%2F</url>
<content type="text"><![CDATA[安全周刊(第46期) 安全动态: [Security_week] 科普:黑客渗透时为什么先找指纹? https://mp.weixin.qq.com/s/BWjavsE2AD3aMqANhplWKA [Security_week] 【漏洞预警】WordPress <= 4.9.6 任意文件删除漏洞 https://mp.weixin.qq.com/s/GwyahEIA8AiAUZYBIts2dA [Security_week] 信息安全漏洞周报(2018年第25期) https://mp.weixin.qq.com/s/QTGhQYDOZOuR6Yw5_1oRdA [Security_week] 菜鸡的安全岗面试之路 https://mp.weixin.qq.com/s/r8QSNhvUmY5bpWX1bZiKLQ [Security_week] 合天又来送福利啦!点开有惊喜哦!!! https://mp.weixin.qq.com/s/eDGOzrNQGe59Zh7qhh7njA [Security_week] CVE-2018-4878的复现 https://www.secpulse.com/archives/73085.html Web安全: [Web_Security] 轻松理解 X-XSS-Protection https://mp.weixin.qq.com/s/qVM2haPcLdSBE_xLaXI65g [Web_Security] 如何为开发人员演示DOM型XSS漏洞利用过程 https://mp.weixin.qq.com/s/muHSDMEB75NcdVdKK_2T9g [Web_Security] JDK7u21反序列化漏洞分析 http://www.freebuf.com/vuls/175754.html [Web_Security] 浅谈SQL盲注测试方法解析与技巧 https://mp.weixin.qq.com/s/Y3X_vk_2x29r7mcRX1YxTQ [Web_Security] 高级CORS利用技术分享 https://mp.weixin.qq.com/s/e41yf6E5rOhkdgNCT2NG-g [Web_Security] WordPress内核中一个任意文件删除漏洞,可导致攻击者执行任意代码 https://mp.weixin.qq.com/s/9iBwlhr2m28nD0qPv2USIw [Web_Security] xssgame通关攻略 https://mp.weixin.qq.com/s/xCyCK3SjBV5qsIyzK8L2-w [Web_Security] WordPress 漏洞详情:从任意文件删除到任意代码执行 https://www.secpulse.com/archives/73019.html [Web_Security] Catch Me If You Can靶机实战演练 http://www.freebuf.com/articles/web/175543.html [Web_Security] 浅谈XML实体注入漏洞 http://www.freebuf.com/vuls/175451.html [Web_Security] PublicCMS 任意目录文件写入漏洞分析与利用 https://mp.weixin.qq.com/s/bbEMrUkD5ItQAeiBj4mErw [Web_Security] 【过waf篇】一句话木马如何优雅地过waf https://mp.weixin.qq.com/s/n41VaXgOWo2BP-UrQBJjDw [Web_Security] PHPCMS任意文件下载之exp编写 https://mp.weixin.qq.com/s/Pdpfny-n5l5L8W7kEZNSRg 渗透测试: [Penetration_test] 对学校机房的一次测试 https://mp.weixin.qq.com/s/XVM0vUPkLwif9rGOhTNt-w [Penetration_test] 记一次linux被入侵植入挖矿程序 https://mp.weixin.qq.com/s/0KwZ-g1ehTmmrhQrwVYbeA [Penetration_test] 如何使用Cron Jobs实现Linux提权 https://mp.weixin.qq.com/s/icqLuo2eS-By7FgZaKwlzQ [Penetration_test] 通过可写文件获取Root权限的多种方式 https://mp.weixin.qq.com/s/-fEIxoUK3LVYZ5Q06L2COA [Penetration_test] Tokenvator:使用Windows Token提升权限的工具 https://mp.weixin.qq.com/s/cWknghf5k6i2eAqP-Zy2og [Penetration_test] 记一次小型 APT 恶意攻击 https://mp.weixin.qq.com/s/Yr4jbqIRQi9DjgF-dO5vpg [Penetration_test] 渗透测试必不可少的浏览器插件 https://mp.weixin.qq.com/s/43e4lbjWK0r-kqBtBYu4pQ [Penetration_test] 渗透测试神器之PowerShell入门必备 https://mp.weixin.qq.com/s/emeYOVSkFTkuAD83yt1UAA 安全工具: [Security_tools] HashMyFiles-文件校验工具分享 https://mp.weixin.qq.com/s/17McNFUAmf-NaKj_C4Ql_g [Security_tools] 基于端口的弱口令检测工具–iscan https://mp.weixin.qq.com/s/Txx-zWxDcWDfQh_FOKd4SQ [Security_tools] 分享我的信息收集器 https://mp.weixin.qq.com/s/jSvMRUSZgfLR7lYyKBeXfQ [Security_tools] Security Onion - 用于入侵检测Linux版 https://mp.weixin.qq.com/s/ksnbKVnZsFuDk91seCpbfQ [Security_tools] NetworkMiner - 网络取证分析工具 https://mp.weixin.qq.com/s/N_UMkDYVZ74vp5mmOfCdRA [Security_tools] Web-Sorrow - 检测错误配置和收集服务器信息的工具 https://mp.weixin.qq.com/s/-PyvDcZwNVH8-vZ9kkJhJA [Security_tools] python视频教程 https://mp.weixin.qq.com/s/Hqqm95h-YZmOhK7dXce-dA [Security_tools] Subfinder:一个子域名发现工具,可以为任何目标枚举海量的有效子域名 https://mp.weixin.qq.com/s/PQimIauruhOlNipBCSPSRA [Security_tools] Impacket网络协议工具包介绍 http://www.freebuf.com/sectool/175208.html [Security_tools] 4款最佳免费WiFi工具你值得拥有 https://mp.weixin.qq.com/s/jz91EuZHRW9cmOmfJVfDOA 视频分享: [Video_share] 内网生存之道——内网渗透中的技巧集锦 https://www.bugbank.cn/live/view.html?id=111295]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F44%2F</url>
<content type="text"><![CDATA[安全周刊(第44期) 安全动态: [Security_week] 黑客风云录:眼前的黑不是黑 你说的白是什么白 https://mp.weixin.qq.com/s/YuQcyRSHpj-RoVXuKrQWEQ [Security_week] 高危预警:暗网开始出售A站,摩拜单车高权重shell和内网权限,大量用户信息外泄。提示各位A站、摩拜单车用户尽快修改密码!!! https://mp.weixin.qq.com/s/uvXADp2g6pWq-ibYMv5DPw [Security_week] 信息安全漏洞周报(2018年第23期) https://mp.weixin.qq.com/s/dUlk3sWzNZyFm4a7ZKC74w [Security_week] 预警:Scarab勒索病毒变种来袭 https://mp.weixin.qq.com/s/PbkmCCy1x3Dp3yR7SOnDvg [Security_week] 关于CVE-2018-8120的最新Windows提权漏洞分析 http://www.freebuf.com/vuls/174183.html [Security_week] 教你搭建个家庭局域网吧,可以秒传文件~~ https://mp.weixin.qq.com/s/S5aUeeKlP2kOwtMb_WRh0Q [Security_week] 拖库和撞库浅析 https://mp.weixin.qq.com/s/mTFIQ2WCQOctLAWk8IHO5w Web安全: [Web_Security] 2018红帽杯线下攻防赛Web总结 https://mp.weixin.qq.com/s/0p-_rOnYSfPJW4ZVnLlpQQ [Web_Security] wuzhicms注入 https://mp.weixin.qq.com/s/8lFL2daC3xzWeZcqeBjmIA [Web_Security] 新手指南 | permeate靶场漏洞挖掘思路分享 https://mp.weixin.qq.com/s/zd8bGAow6U-3XXx7gPnaTg [Web_Security] SQL注入之重新认识 https://mp.weixin.qq.com/s/KCKBCGE4ubqVmMz1sNbW1Q [Web_Security] 一个登陆框引起的血案 https://mp.weixin.qq.com/s/dDSvRQQNVXXPw7hS2dTA9w [Web_Security] 奇技淫巧 | 上传web.config文件获取远程代码执行权限 http://www.freebuf.com/articles/web/173831.html [Web_Security] Burp Suite API学习思路(二) https://mp.weixin.qq.com/s/ih3SgU5ZHo7O9AtcPdgNgA 渗透测试: [Penetration_test] 通过VPS SSH隧道使用本地msf https://mp.weixin.qq.com/s/Z1TUoM4wIgx80lj-HOAZnw [Penetration_test] nishang之花样shell https://mp.weixin.qq.com/s/ePhV-dig-JJeU1bPkIf4SQ [Penetration_test] 关于“入侵检测”的一些想法 https://mp.weixin.qq.com/s/L_mz7nvZikGK7eCJfB9vmg [Penetration_test] 使用SCCM和Viewfinity进行提权实验 https://mp.weixin.qq.com/s/8VFRnb60FFSdfqEAn-RGsw [Penetration_test] 渗透技巧–浅析web暴力猜解 https://mp.weixin.qq.com/s/dSIFoBdr44BLc7TrPR8u8Q [Penetration_test] redis未授权批量提权脚本(python) https://mp.weixin.qq.com/s/WQvUEjRBW_9L9GtLKStcyg [Penetration_test] 在Linux上通过可写文件获取root权限的多种方式 https://mp.weixin.qq.com/s/7dOf4TTK69fN-wDv7473fQ [Penetration_test] 轻松理解什么是 C&C 服务器 https://mp.weixin.qq.com/s/uiXmL36bsr5415mLJ-T04g 安全工具: [Security_tools] 高级Windows服务管理器 - 分析Windows服务的工具 https://mp.weixin.qq.com/s/mrayaqkeDnZqDgXrcKLR1Q [Security_tools] 10款你应该了解的开源安全工具 https://mp.weixin.qq.com/s/1VCfMf_-b9IkzKeSMHa7Pg [Security_tools] Vega - Web应用程序安全扫描程序 https://mp.weixin.qq.com/s/fc2So5SYHg2s4W-afBkXmA [Security_tools] DotDotPwn - 目录遍历模糊器 https://mp.weixin.qq.com/s/Njn6q23hhWKPt-vji5VRPw [Security_tools] OSForensics - 从计算机中提取取证数据的工具 https://mp.weixin.qq.com/s/UNqtMkaxsJtMYE-xnnruMA [Security_tools] 渗透测试工具集:【网站】【系统】【数据库】【WiFi黑客】 https://mp.weixin.qq.com/s/PJg-sJ1FMBFZwM9BvoMGvQ [Security_tools] Metasploit 使用浅析 https://mp.weixin.qq.com/s/GhDSjvoCi3q3--amUgHCBw [Security_tools] 有猫病的剪辑,一款靠谱的APK反编译工具 https://mp.weixin.qq.com/s/wGNLg6PPA9HZniUWfu1MMA 移动安全: [Mobile_Security] Drozer实践指南 https://mp.weixin.qq.com/s/7hTaMYE18Y_7Xiz2aXO34g]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F45%2F</url>
<content type="text"><![CDATA[安全周刊(第45期) 安全动态: [Security_week] 先知白帽大会2018 | 议题下载 附2018先知白帽大会-议题压缩包 https://mp.weixin.qq.com/s/ySe3Rj1HQPnI0I4LbK6F2g [Security_week] 用不同姿势复现 CVE-2018-8174 漏洞 https://mp.weixin.qq.com/s/AGWCU7snrDQWy8UIKJURmQ [Security_week] 信息安全漏洞周报(2018年第24期) https://mp.weixin.qq.com/s/fvJXLYRSM7FiomP33Dwd5A [Security_week] phpMyAdmin本地文件包含漏洞可导致getshell https://mp.weixin.qq.com/s/HK698TPIyKwBCWeZkYU7AQ [Security_week] Redis服务器拒绝服务漏洞(cve-2018-12453) https://mp.weixin.qq.com/s/1qCBVkJTTk8IwXEJxBr8cg [Security_week] 老树开新花–njRAT家族恶意软件分析报告 https://mp.weixin.qq.com/s/xW1s_l7ZLK62W_JdslK33A Web安全: [Web_Security] web安全开发指南中文版首发 https://mp.weixin.qq.com/s/YESmdgN2o4MqoXVP8JLt_A [Web_Security] RPO分析+Share your mind分析 https://mp.weixin.qq.com/s/zVotMB_2tuXp8-W4xGyoug [Web_Security] 什么是命令执行漏洞?手把手入门白帽子 (五) https://mp.weixin.qq.com/s/R0FrwYoHC7HWhjWPIlsk8A [Web_Security] 新出Web安全开发好书送 https://mp.weixin.qq.com/s/Ag8wbM-Juj_Hh1kColRHlg [Web_Security] 在Metasploit下利用ms16-075提权 https://www.secdic.com/go/19851.html [Web_Security] 先知议题解读 | Java反序列化实战 https://www.anquanke.com/post/id/148593 [Web_Security] 我的WAF Bypass实战系列 https://mp.weixin.qq.com/s/3_l-Zi7EH6D_N1imY61nsg [Web_Security] Wifi 四次握手认证过程介绍 https://mp.weixin.qq.com/s/sFk15theGX4eotiu9bJUCg [Web_Security] 一道有意思的web题&DC0531-web https://www.anquanke.com/post/id/148346 [Web_Security] 多种方式执行XSS https://www.anquanke.com/post/id/148357 [Web_Security] Apache-Commons-Collections反序列化漏洞分析 http://www.freebuf.com/vuls/175252.html [Web_Security] 挖洞经验 | 看我如何发现Paypal内部信息泄露漏洞 http://www.freebuf.com/articles/web/174962.html [Web_Security] php 后门隐藏技巧 https://mp.weixin.qq.com/s/wyH0Rr4IX3Vv552_tR3ImA [Web_Security] 暴力破解测试入门到放弃 https://mp.weixin.qq.com/s/Kp5Lw5h1ek9HWr9AoO3n_g [Web_Security] 浅谈非常态SQL注入防护,提升数据库安全 https://www.secdic.com/go/19972.html [Web_Security] 看我如何挖掘并成功利用印度Popular Sports公司网站主机头的SQL注入漏洞 http://www.freebuf.com/articles/web/174869.html [Web_Security] SCTF 2018 web部分writeup https://www.anquanke.com/post/id/149324 [Web_Security] 如何更好地防范撞库和拖库 http://www.aqniu.com/learn/35241.html [Web_Security] ESAPI结合Top10安全开发实战 https://mp.weixin.qq.com/s/VZ0NhYWfPG6QgEONKRtXDw [Web_Security] 什么是文件上传漏洞?送键盘记录器制作教程 | 手把手入门白帽子 (五) https://mp.weixin.qq.com/s/eKGxElzO-ANTtigTQjSltw 渗透测试: [Penetration_test] 在Linux中使用环境变量进行提权 https://mp.weixin.qq.com/s/ATRvdQOXRLEObA7pItgFaw [Penetration_test] Meterpreter提权那些事 https://mp.weixin.qq.com/s/QXOmGCL8f2ISWAlYQ0mqPA [Penetration_test] 记一次初级渗透测试模拟过程 https://www.secdic.com/go/19839.html [Penetration_test] 渗透测试常用方法总结 https://www.secdic.com/go/19842.html [Penetration_test] SeLoadDriverPrivilege 在提权中的应用 https://mp.weixin.qq.com/s/VSF7nNnh0x7ptdtyDWDYsA [Penetration_test] 通过可写文件获取Linux root权限的5种方法 https://mp.weixin.qq.com/s/Sy-uv-4613qfmavvz-T6cQ [Penetration_test] Metasploit之你可能不知道的黑魔法(一) https://mp.weixin.qq.com/s/RG7RX0RDqTCz4CKH3yKJdw [Penetration_test] Metasploit之你可能不知道的黑魔法(二) https://mp.weixin.qq.com/s/FGQiaJjYHKZTzJL_XhKmhg [Penetration_test] phpmyadmin4.8.1后台getshell https://www.secdic.com/go/19891.html [Penetration_test] JIS-CTF_VulnUpload靶机攻略 http://www.freebuf.com/vuls/175057.html [Penetration_test] 奇淫异巧之 PHP 后门 https://mp.weixin.qq.com/s/RPMzhspueI91PfJbUQgclg [Penetration_test] 一款针对WordPress网站的渗透测试框架 http://www.freebuf.com/sectool/175094.html [Penetration_test] 网络空间攻击浅析 https://www.secdic.com/go/19891.html [Penetration_test] 记一次服务器被入侵的调查取证 http://www.freebuf.com/articles/rookie/175370.html 安全工具: [Security_tools] airgeddon - 无线安全审计脚本 https://mp.weixin.qq.com/s/d3ERtYcKCgviDNzeDUCmEg [Security_tools] WPScan使用完整攻略:如何对WordPress站点进行安全测试 https://mp.weixin.qq.com/s/sDtnovlsfHgYpCrJEakzOQ [Security_tools] 黑客们会用到哪些Python技术?附python教程 https://mp.weixin.qq.com/s/vj9zerCZnN0AKUMmdOfTMQ [Security_tools] 开源GPU密码破解工具–HashCat https://mp.weixin.qq.com/s/xz1f5BN6jdp3hAUtrF9hjA [Security_tools] windows提权小工具Windows-Exploit-Suggester https://www.secdic.com/go/19841.html [Security_tools] Zizzania - 自动化的DeAuth攻击 https://mp.weixin.qq.com/s/iwt-6S7mKy4v8D7i87hB9Q [Security_tools] 啄木鸟hash Bruteforce https://mp.weixin.qq.com/s/4ejMCq16m0kI8gipq66Ziw [Security_tools] Hash-Buster v2.0:一款能调用多个API进行hash查询的工具 https://mp.weixin.qq.com/s/fXRM2fh2znuj7mZy1fGTFA [Security_tools] BadMod V2.0:一款用于扫描网站并自动执行渗透的工具 http://www.freebuf.com/sectool/175088.html 视频分享: [Code_audit] Java代码审计入门篇 https://mp.weixin.qq.com/s/X0FeRl_lH3pqzM5bia3Npg]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F43%2F</url>
<content type="text"><![CDATA[安全周刊(第43期) 安全动态: [Security_week] CVE-2018-8174 “双杀”0day漏洞复现 https://mp.weixin.qq.com/s/8mQIcWl6kIvrczbduSn7ag [Security_week] 14亿邮箱泄露密码明文信息查询网站惊现网络 https://mp.weixin.qq.com/s/crWMRzwterdKV3J9PZIV2w [Security_week] 信息安全漏洞周报(2018年第22期) https://mp.weixin.qq.com/s/Bwyuq_VuHgYPpDVHg_mH4A [Security_week] “网络安全卓越人才” 可破格录取不受高考分数限制 https://mp.weixin.qq.com/s/gOyh8kZ3Ol8yWGsvXHKk9Q [Security_week] A站被黑-安全负责人们颤抖吧 https://mp.weixin.qq.com/s/96Xvb8JMN_fHiMY9XEzGvw Web安全: [Web_Security] 从AWVS插件到伪代理扫描 https://www.secdic.com/go/19474.html [Web_Security] 工资被黑客偷偷转账?那可能受到了CSRF攻击!手把手入门白帽子 (四) https://mp.weixin.qq.com/s/hJdhvJtky4xCUVwREylOKg [Web_Security] 轻松理解什么是 SQL 注入 https://mp.weixin.qq.com/s/H7fs_lKgvZM6s_ywjUk1_w [Web_Security] 利用Host Header来查找SQL注入,使用sqlmap篡改脚本绕过网站黑名单规则 https://mp.weixin.qq.com/s/1Y4Jetbf8hPixHINvO8TAg [Web_Security] CSRF攻防之道 https://mp.weixin.qq.com/s/2FR5w-kvg_GcDQCKnZFB7Q [Web_Security] 合天侠的故事 https://mp.weixin.qq.com/s/abKxgY47DpOz3oA9mVHLAg [Web_Security] 黑客如何用 sql 注入攻破一个网站,图文讲解全流程! https://mp.weixin.qq.com/s/t4ciBIjnlwtpJHiRv6N5eA 渗透测试: [Penetration_test] 回忆一次校招笔试的题目 https://mp.weixin.qq.com/s/Hk9skcTH7kmEMQz1E-uBUw [Penetration_test] MySQL | 数据库入侵及防御 https://mp.weixin.qq.com/s/u1MWUk6ReYvgy8aKrWe2Cg [Penetration_test] Powershell渗透测试系列-进阶篇 https://mp.weixin.qq.com/s/IsUw67FcgVkpAklQGzH6pg [Penetration_test] Linux入侵应急响应案例及处置总结 https://mp.weixin.qq.com/s/P0XNYebY1FCZChR4YgaLMA [Penetration_test] Powrshell 提权框架-Powerup https://mp.weixin.qq.com/s/i4wMjB2D1lXHOQQLz1CAsA [Penetration_test] 浅谈针对rdp协议的四种测试方法 https://mp.weixin.qq.com/s/mCMBpx_jLmy6jDYqA67EjQ 安全工具: [Security_tools] 自己动手打造Github代码泄露监控工具 https://mp.weixin.qq.com/s/qe44cC42kyN-BXtwt9FRZg [Security_tools] 分析BruteXss来拓展python工具开发思路 https://mp.weixin.qq.com/s/NLKx1FLWuOKrKxo8DWomlw [Security_tools] Bypass 护卫神SQL注入防御(多姿势) https://mp.weixin.qq.com/s/f0laS8pfInZpNpz2UKuG3w [Security_tools] XSSer:自动化XSS漏洞检测及利用工具 http://www.freebuf.com/sectool/173228.html [Security_tools] bypassAV_hanzoInjection https://mp.weixin.qq.com/s/3lRAxv4iTnV71hwDSk5EJg [Security_tools] Hijacker:一款具有图形化功能的Android无线渗透工具 https://mp.weixin.qq.com/s/_7qdNkan-iUARDIa3MobYw [Security_tools] 大数据搜索引擎之elasticsearch安装篇 https://mp.weixin.qq.com/s/VuKPJpu6mSYBiBjk7VMzMQ [Security_tools] Web应用安全测试前期情报收集方法与工具的介绍 http://www.freebuf.com/sectool/174417.html [Security_tools] 火狐浏览器uXSS和CSS XSS;archaeologit:指定GitHub仓库的敏感信息泄露扫描工具 https://mp.weixin.qq.com/s/yzLeiICFNst2Vpli4XNn3Q 代码审计: [Code_audit] 代码审计之Fiyo CMS案例分享 https://mp.weixin.qq.com/s/otuie1NQtO9caQI9yDskPQ [Code_audit] 审计SEMCMSv2.7之捡来的两个洞加漏洞复现 https://mp.weixin.qq.com/s/tNY4ZKNDpskzrebnotYbkw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F42%2F</url>
<content type="text"><![CDATA[安全周刊(第42期) 安全动态: [Security_week] Spring-data-commons(CVE-2018-1273)漏洞分析 http://www.freebuf.com/vuls/172984.html [Security_week] 信息安全漏洞周报(2018年第21期) https://mp.weixin.qq.com/s/pGZqCwkw0xEZqaMLllHsQw Web安全: [Web_Security] 上传Word文件形成存储型XSS路径 https://mp.weixin.qq.com/s/SzuGHS2K-QdJu5EPLG3vTA [Web_Security] 利用HTTP参数污染方式绕过谷歌reCAPTCHA验证机制 https://mp.weixin.qq.com/s/VqyqfVvnmK0W2k9ko6GjLw [Web_Security] 实战中遇到的sql小姿势 https://mp.weixin.qq.com/s/q36aIKCEdY_XXI59xFJKqg [Web_Security] 你的网站还在使用不安全的HTTP协议吗 https://mp.weixin.qq.com/s/K8imh86EWDwtLMontvd1VA [Web_Security] 爬虫教程(1)基础入门 https://www.secdic.com/go/19202.html [Web_Security] 爬虫教程(2)性能进阶 https://www.secdic.com/go/19201.html [Web_Security] 知乎用户信息爬虫(规模化爬取) https://www.secdic.com/go/19198.html [Web_Security] 2018信息安全铁人三项数据赛题解 https://www.anquanke.com/post/id/146704 [Web_Security] 2018.5.18信息安全铁人三项赛数据赛题解 https://mp.weixin.qq.com/s/0Vm89p3UojvWiBDEnmxWng [Web_Security] 跨站脚本攻击,附相关学习资源!手把手入门白帽子 (三) https://mp.weixin.qq.com/s/BRplhZu3MYRrksZ6Bn5JNg [Web_Security] 从CTF中看XPATH注入攻击 https://mp.weixin.qq.com/s/fGEfd1qvfCUiSxj-IaaIPw [Web_Security] 同源策略与跨域请求 https://mp.weixin.qq.com/s/bSXhcnQk_2Omv89rVefocQ [Web_Security] 2018.6.1信息安全铁人三项赛数据赛题解 https://mp.weixin.qq.com/s/wsHIpAVS9eOEMqPl5iP8Qg 渗透测试: [Penetration_test] 别动我的shell https://mp.weixin.qq.com/s/WuSK9pFcevZ7HFcWhYPYug [Penetration_test] 利用Java反射和类加载机制绕过JSP后门检测 https://mp.weixin.qq.com/s/6a0t7qs1Wf7_Qq71ZrqH5Q [Penetration_test] 利用 nslookup 解析 DNS 记录 https://mp.weixin.qq.com/s/R1jDDCwWje9-BXhiPekAhQ [Penetration_test] metasploit与Nessus的小结合 https://mp.weixin.qq.com/s/qLD7zebsSSYNevmjDMPklA [Penetration_test] 深入渗透某诈骗仿冒网站 https://mp.weixin.qq.com/s/Xlb0Bd3FJrhZ_UFGtG9KAA [Penetration_test] XSS三重URL编码绕过实例 https://mp.weixin.qq.com/s/27_ElU2oqsv9Wu6yvZ-7DQ [Penetration_test] 13种方式下载文件 https://mp.weixin.qq.com/s/BZiai8GKua7IAqLBAzUNZA [Penetration_test] 如何渗透测试以太坊dApps https://mp.weixin.qq.com/s/LrBsi7rgigOg21YDTHF5Sw [Penetration_test] 一个病毒样本分析的全过程 https://mp.weixin.qq.com/s/EMftyoxaWNPq2rezwjjZtw [Penetration_test] 渗透测试学习笔记之综合渗透案例一 https://www.secdic.com/go/19337.html [Penetration_test] 不包含数字字母的WebShell http://www.freebuf.com/articles/web/173579.html [Penetration_test] 编写属于大表哥的POC(上) https://mp.weixin.qq.com/s/ekKWAnd6U2Pc_MI6V98izA [Penetration_test] WMI在渗透测试中的重要性 https://www.secdic.com/go/19454.html [Penetration_test] AssassinGo: 基于Go的高并发可拓展式Web渗透框架 http://www.freebuf.com/sectool/173156.html 安全工具: [Security_tools] BSQLinjector – 盲SQL注入开发工具 https://mp.weixin.qq.com/s/j42jt4c_RdnwPnSD5g_rMA [Security_tools] Galileo:一款开源Web应用审计框架 https://mp.weixin.qq.com/s/NmsMuMpYznIDeL_bw1hxdA [Security_tools] 甲方安全之企业安全自动化工具SeMF分享 https://mp.weixin.qq.com/s/ikjCnx1gX2hcMwngb-WNJg [Security_tools] 黑客六道:网络安全工具 https://mp.weixin.qq.com/s/ykBHmr_vwz6eIqGCW-u5XQ [Security_tools] PenTBox – 一个开源的安全套件 https://mp.weixin.qq.com/s/PyvAUwYTJFnpOJKjJOgjAg [Security_tools] 在Linux上安装libtorrent https://mp.weixin.qq.com/s/26OYa9g1wVEf0Q8oYpJYsg 代码审计: [Code_audit] 代码审计之任意文件下载漏洞案例分享 https://mp.weixin.qq.com/s/iagwfPsSFANqOE5m52XOeA [Code_audit] 详解Linux开源安全审计和渗透测试工具Lynis http://www.freebuf.com/sectool/173491.html]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F41%2F</url>
<content type="text"><![CDATA[安全周刊(第41期) 安全动态: [Security_week] xKungfoo 2018 信息安全交流大会 PPT下载 http://www.4hou.com/info/news/11370.html [Security_week] 事件应急响应管理的5条建议 http://www.freebuf.com/articles/neopoints/172377.html [Security_week] 记一次web应急事件处置 https://www.secdic.com/go/18678.html [Security_week] 点外卖,再也不用担心隐私泄露 https://www.secdic.com/go/18717.html [Security_week] 360公司Vulcan(伏尔甘)团队披露区块链平台EOS严重漏洞 https://mp.weixin.qq.com/s/UeXrbT5BFe9WKd63wDiQhg [Security_week] 信息安全漏洞周报(2018年第20期) https://mp.weixin.qq.com/s/W_xjTpCP7JldIcN6F7dWjg [Security_week] VPNFilter-新型IoT Botnet深度解析 https://mp.weixin.qq.com/s/SnchceLdNX7JYiWfSH2Hmw Web安全: [Web_Security] Bypass 360主机卫士SQL注入防御(多姿势 )https://mp.weixin.qq.com/s/-JkeLtaUo7qN3zxkFlf0-w [Web_Security] 浅析SSRF原理及利用方式 https://www.secdic.com/go/18745.html [Web_Security] Xpath定位经验总结 https://www.secdic.com/go/18735.html [Web_Security] burp trick;Retile:LKM Linux rootkit和后门 https://mp.weixin.qq.com/s/H-48n-g_ypZ3k1rikOaodg [Web_Security] 命令行下的信息搜集 https://mp.weixin.qq.com/s/_VdMOnsUwp0PiqxjrosQGg [Web_Security] SSRF中的绕过姿势 https://mp.weixin.qq.com/s/467pD6VIpiYXfw2QTSzB4A [Web_Security] 史上最强内网渗透知识点总结 https://mp.weixin.qq.com/s/U2MqcjA_YmMlajJzvDCZZw [Web_Security] UEditor SSRF漏洞(JSP版本)分析与复现 https://mp.weixin.qq.com/s/OPbyYQNWiN2dy_BHhqd9eg [Web_Security] ISCC 2018 Writeup https://mp.weixin.qq.com/s/h9egb5ZQbdRtkaw9PBjw1w [Web_Security] Linux查webshell https://mp.weixin.qq.com/s/-3N2WDASdXSsPifoBiuQsQ [Web_Security] 为什么要禁止除GET和POST之外的HTTP方法? https://mp.weixin.qq.com/s/AIbTW9wmd3aWvZWWq3QYgw [Web_Security] 如何快速查找网站有效子域名 http://www.4hou.com/technology/11782.html [Web_Security] 黑客常说SQL注入是什么?手把手入门白帽子 (二) https://mp.weixin.qq.com/s/XWA-vVu-9Jod_lMn6rXqGw [Web_Security] phpMyadmin提权那些事 https://mp.weixin.qq.com/s/EMkZCHB3uKM7M1998eUlFg [Web_Security] SQL注入攻击方式及防御方法,手把手入门白帽子 (二) https://mp.weixin.qq.com/s/hkuAZOiRdcAHzVWPnUIX4g [Web_Security] kindeditor文件遍历漏洞payload https://www.secdic.com/go/19114.html 渗透测试: [Penetration_test] DMZ下使用web_delivery 介绍 https://mp.weixin.qq.com/s/JTLrHQDrjnGSSXxbvOxXSw [Penetration_test] metasploit模块移植/开发–初识篇 https://www.secdic.com/go/18673.html [Penetration_test] DDCTF 2018 writeup(二) 逆向篇 https://www.anquanke.com/post/id/145553 [Penetration_test] 内网渗透测试之域渗透详解 https://mp.weixin.qq.com/s/XLkCJ3KNkHLqvcfQW8HsFA [Penetration_test] 域渗透中找DC https://mp.weixin.qq.com/s/NJEhKIY9kogXqJyau2Cnyw [Penetration_test] LINUX下内网反弹技巧总结和杂谈 https://mp.weixin.qq.com/s/YNGxYjXwh3NXlCCunh0iXw [Penetration_test] 渗透过程中的端口反弹 https://mp.weixin.qq.com/s/LQhErXdwj9kR0ReTu-NQjA [Penetration_test] Linux| 基线脚本编写(二) https://mp.weixin.qq.com/s/Ttq5Ug5-AC38W8TOebl5oQ [Penetration_test] Dnscat2-建立DNS隧道反弹SHELL https://mp.weixin.qq.com/s/vjmCX6JhdVeURCrhuMK4Aw [Penetration_test] 从WebShell到域控的奇妙之旅 http://www.freebuf.com/articles/network/172578.html [Penetration_test] 攻破黑市之拿下吃鸡DNF等游戏钓鱼站群 http://www.freebuf.com/articles/web/172330.html [Penetration_test] 一道OSCP缓冲区溢出分析到利用 https://www.anquanke.com/post/id/146562 [Penetration_test] 渗透测试实战-超级玛丽靶机入侵 https://www.anquanke.com/post/id/146527 安全工具: [Security_tools] Noriben – 基于Python的恶意软件分析沙箱 https://mp.weixin.qq.com/s/6is5QXESrPyKcJqMgof23g [Security_tools] 增强IoT安全和可见性的7种工具 http://www.aqniu.com/tools-tech/34296.html [Security_tools] 服务异常处理指南 https://mp.weixin.qq.com/s/wdmaLsbsdY7YdfmWzpuKbQ [Security_tools] Detekt – 防止监视的工具 https://mp.weixin.qq.com/s/WxXgI4JMI4_JfJOd7rcJUg [Security_tools] 10款最佳免费WiFi黑客工具(附传送门) http://www.aqniu.com/hack-geek/34350.html [Security_tools] websocket-fuzzer : WebSocket Fuzz 测试工具;Bash读取/etc/passwd技巧 https://mp.weixin.qq.com/s/IUQoqUaWYNaqkSmAdFVOig [Security_tools] SSLyze – 分析SSL / TLS配置的工具 https://mp.weixin.qq.com/s/Sw_iDoFDSMOkx6LTJmw_ZA [Security_tools] wvs结果批量整理工具 https://mp.weixin.qq.com/s/21MxYBr2mDdH6SSxA9pFKA [Security_tools] 扫描不能停之Appscan批量扫描 https://mp.weixin.qq.com/s/OwMAcomXRRmjjKClk7jaow [Security_tools] V3n0M – 一款开源漏洞扫描器 https://mp.weixin.qq.com/s/BjS3miitgRu2DxyAOwUE3A [Security_tools] LogonTracer:用于可视化分析Windows安全事件日志寻找恶意登录的工具 http://www.freebuf.com/sectool/172623.html [Security_tools] burpa: burp 自动化扫描工具;Firefox中通用CSP bypass详细信息(CVE-2018-5175) https://mp.weixin.qq.com/s/akHIPUTh-vK54ffmm4WfHA [Security_tools] 网络安全工具汇总 https://mp.weixin.qq.com/s/fx8emiLSKxge6P7nT1az7w 代码审计: [Code_audit] 代码审计 | ECShop3.6.0最新版本任意文件删除 https://mp.weixin.qq.com/s/UMBL3-nkI4xnFyuHbfj11Q 移动安全: [Mobile_Security] Android序列化与反序列化不匹配漏洞详解 https://www.secdic.com/go/19144.html 视频分享: [Video_share] 招招致命,CSRF与多种漏洞的组合出击 https://www.bugbank.cn/live/view.html?id=111256]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F4%2F</url>
<content type="text"><![CDATA[title: 4date: 2018-1-16 19:05:18tags: 4 [twitter]Developing complex Suricata rules with Lua – part 2#[使用Lua开发复杂的Suricata规则 - 第2部分#http://t.cn/RieF4bf] https://blog.nviso.be/2017/03/15/developing-complex-suricata-rules-with-lua-part-2/ [twitter]Invoke-Obfuscation v1.7#[http://t.cn/RiDOS6o] https://github.com/danielbohannon/Invoke-Obfuscation [twitter]CVE-2017-5638: New Remote Code Execution (RCE) Vulnerability in Apache Struts 2#[CVE-2017-5638:Apache Struts2远程执行代码(RCE)漏洞#http://t.cn/RiesEfq] https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/ [twitter]Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts[检查披露了允许黑客接管数百万个WhatsApp和电报帐户的漏洞#http://t.cn/RieI5tl] http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/ [twitter]GRRCON 2016 - QUICK AND EASY WINDOWS TIMELINES WITH PYHON, MYSQL, AND SHELL SCRIPTING#[快速容易使用windows利用python、mysql以及shell脚本#http://t.cn/RiDz45g] http://www.securitytube.net/video/17011?utm_source=HT&utm_medium=twitter&utm_campaign=SM [twitter]HACKING ANDROID APPS WITH FRIDA I#[使用FRIDA攻击andorid设备APP#http://t.cn/RiDzQJi] https://www.codemetrix.net/hacking-android-apps-with-frida-1/ [twitter]Four Men Charged With Hacking 500M Yahoo Accounts#[四个粗人hacking500万雅虎账号#http://t.cn/RiDZKV6] https://krebsonsecurity.com/2017/03/four-men-charged-with-hacking-500m-yahoo-accounts/ [twitter]Car Hacker’s Handbook by OpenGarages#[汽车黑客手册#http://t.cn/RiDZB7a] http://opengarages.org/handbook/ [twitter]GitHub Enterprise Remote Code Execution#[GitHub企业远程执行代码#http://t.cn/RiDwcUc] http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html twitter]PCAUSA Rawether for Windows local privilege escalation#[PCAUSA用于Windows本地权限升级的Rawether#http://t.cn/RiDweDA] [twitter]PCAUSA Rawether for Windows local privilege escalation#[PCAUSA用于Windows本地权限升级的Rawether#http://t.cn/RiDweDA] http://blog.rewolf.pl/blog/?p=1778 [twitter]KERBEROASTING - CRACKING SERVICE ACCOUNT PASSWORD#[KERBEROASTING - 破解账号服务密码#] http://www.securitytube.net/video/17004?utm_source=HT&utm_medium=twitter&utm_campaign=SM [twitter]FILELESS UAC BYPASS USING COMPMGMTLAUNCHER.EXE#[使用COMPMGMTLAUNCHER.EX绕过EFILELESS UAC#http://t.cn/RiDNchE] http://x42.obscurechannel.com/?p=368 [twitter]chromebackdoor#[浏览器后门工具#http://t.cn/RiDpu0Q] https://github.com/graniet/chromebackdoor [twitter]HSEVD-StackOverflowGDI#[rop’ing一StackOverflow成任意读/写用GDI/位图#http://t.cn/RiD0NX2] https://github.com/Cn33liz/HSEVD-StackOverflowGDI]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F40%2F</url>
<content type="text"><![CDATA[安全周刊(第40期) 安全动态: [Security_week] DynoRoot:Red Hat DHCP客户端命令执行漏洞(CVE-2018-1111)预警 https://mp.weixin.qq.com/s/JPUqa1FS9uD5x5INPdqLLA [Security_week] 从ZipperDown漏洞谈iOS App安全实践 https://mp.weixin.qq.com/s/qugyYyAGffSuI5ad4WTDDQ [Security_week] Nagios XI多个漏洞分析预警 https://mp.weixin.qq.com/s/Io7xdHjenxF78NMbQmy1oQ [Security_week] Janus签名漏洞(CVE-2017-13156)原理与利用分析 https://mp.weixin.qq.com/s/bLcb8Ufbi4OUZDSy-DbqMQ [Security_week] CVE2018-1111 漏洞复现 https://mp.weixin.qq.com/s/eLWNi1AD_M61CCtYnrsyJw [Security_week] 信息安全漏洞周报(2018年第19期) https://mp.weixin.qq.com/s/vYFs0oibjOmQ8j8BbdrmQA [Security_week] 收藏 | 文件误删除怎么办?数据恢复软件汇总 https://mp.weixin.qq.com/s/DwWE954ugLWDAiyFs99Mhg [Security_week] 2018先知白帽大会 | 参会指南 https://mp.weixin.qq.com/s/LFxLZprIR-sNL3RfUA3O7g [Security_week] 福利 | 推荐几个精品技术号,安全圈资源大放送(附安全资料包) https://mp.weixin.qq.com/s/C8GX6_iLazVqJUosIylyOw [Security_week] CVE-2018-3639 & CVE-2018-3640:CPU SSB/RSRE 漏洞预警 https://mp.weixin.qq.com/s/75eVYYjnq0WXcjVeyegClQ Web安全: [Web_Security] WEB安全小白入坑笔记 http://www.hetianlab.com/html/news/news-2018051601.html [Web_Security] 看我如何通过一个通用型设计缺陷无限制getshell https://mp.weixin.qq.com/s/EpgyAImYJHa4r6srKqGujg [Web_Security] 如何利用Struts2漏洞绕过防火墙获取Root权限 https://mp.weixin.qq.com/s/Z6G2twcB-UekdMr4wW5i_w [Web_Security] 铁人三项赛数据赛 writeup https://mp.weixin.qq.com/s/ObE3k-KrUNeV6xUP3Wjzzw [Web_Security] SQL语句利用日志写shell https://mp.weixin.qq.com/s/ecvVsloQpL4ymW8O_vtcTw [Web_Security] Burpsuite结合SQLMap API产生的批量注入插件(X10) https://mp.weixin.qq.com/s/8BRxSXxdF7p2bPvJPLe0MA [Web_Security] Burp XXE Scanner 插件开发(附下载) https://mp.weixin.qq.com/s/mTSapBbyRFNpVyYyzE3pvA [Web_Security] PHP 文件包含漏洞姿势总结 https://mp.weixin.qq.com/s/RaxfIg9x5Rh1qjDgFBr82Q [Web_Security] juice-shop : Node.js 编写的 Web 安全漏洞测试项目;GraphQL – 安全概述和测试技巧 https://mp.weixin.qq.com/s/o6lR9T6yYk7Hv36RkuTuyg [Web_Security] MySQL联合注入之绕过安全狗到GetShell https://mp.weixin.qq.com/s/4fRI5jdGecAipqf7JCaQ9Q [Web_Security] 挖洞技巧:信息收集 https://mp.weixin.qq.com/s/5GxO8C4rh349WeLiZiGmnw [Web_Security] 绕过内容安全策略总结 https://mp.weixin.qq.com/s/z_XmhrTUg_yUfkyAFFfaKQ [Web_Security] WordPress的xmlrpc.php中常见的漏洞及利用;CVE:智能合约中发现新的 burnOverflow 漏洞 https://mp.weixin.qq.com/s/TtVPdONx10zlhxXx3nCEjQ 渗透测试: [Penetration_test] CTRL-INJECT进程注入技术详解 https://mp.weixin.qq.com/s/NY_8PWHl0v5dQrLuaXu-1w [Penetration_test] 内网渗透之端口转发与代理工具总结 http://www.freebuf.com/articles/web/170970.html [Penetration_test] 【渗透技巧】手机验证码常见漏洞总结 https://mp.weixin.qq.com/s/jtJl2GFacMyRCQsBUiTVSA [Penetration_test] 端口转发流量操控工具总结 http://www.freebuf.com/articles/web/171589.html [Penetration_test] 从零基础到成功解题之0ctf-ezdoor https://mp.weixin.qq.com/s/90Awbl_NPasJ_k3Kfs_JIg [Penetration_test] American Fuzz Lop (AFL) Fuzz 初探 https://mp.weixin.qq.com/s/K1tuwm-8Yu8kxF7flDpmwA [Penetration_test] 你能找到我么?– 隐藏用户建立(Powershell) https://mp.weixin.qq.com/s/N1Iz1lLIH9FhMdpA7ApIQw [Penetration_test] 看我如何获取Chef服务器的Meterpreter Shell https://mp.weixin.qq.com/s/eZDMnljkCExwclNlxnfs4g [Penetration_test] 使用 Wave 文件绕过 CSP 策略 https://mp.weixin.qq.com/s/ljBB5jStB7fcJq4cgdWnnw [Penetration_test] VulnHub渗透测试实战靶场Breach 1.0 http://www.freebuf.com/articles/system/171318.html [Penetration_test] 工具| 基线脚本编写之Linux篇(一) https://mp.weixin.qq.com/s/AcdVYm0CL7wnb8QhzWTy3g [Penetration_test] 一个能让你技能加身的HDWiki漏洞 https://mp.weixin.qq.com/s/5PZOgXERwUuxVhmndSbRGw [Penetration_test] PYTHON黑客编程(一):wifi密码暴力破解 https://mp.weixin.qq.com/s/rep2regLAknRx5g2e55-ig [Penetration_test] 【渗透技巧】资产探测与信息收集 https://mp.weixin.qq.com/s/B-NX3uC3hpURrf3Sjsxn5g [Penetration_test] MS16-032 windows本地提权 https://mp.weixin.qq.com/s/B9VCKjkKB1tgKW1F5p2Grw [Penetration_test] 利用PHP脚本从浏览器中获得Net-NTLM哈希 https://www.secdic.com/go/18609.html 安全工具: [Security_tools] Sonar.js – 识别和发起针对内部网络主机的攻击的框架 https://mp.weixin.qq.com/s/9qJ-Wyos17w7xs-PwAucmA [Security_tools] SUID Privilege Escalation https://mp.weixin.qq.com/s/Zw0qj6RU_R3UMCBdLPBDfA [Security_tools] 推荐几个好用的在线编译器 https://mp.weixin.qq.com/s/wsOM2lTvRi9CDPylv-9rkg [Security_tools] Nipe – 脚本使Tor网络成为您的默认网关 https://mp.weixin.qq.com/s/QTrvh-u0QId3f7fv1svyTg [Security_tools] CenoCipher – 易于使用的端到端加密通信工具 https://mp.weixin.qq.com/s/JqdqJ7Rbh531sWo4yjo3oQ [Security_tools] DDoS Deflate – 用于阻止DDoS攻击的Shell脚本 https://mp.weixin.qq.com/s/BB_6MPdnqLmeW5KyyPdjIw [Security_tools] Gryffin – 网络安全扫描平台 https://mp.weixin.qq.com/s/QuS_ltycj36aTPJawkzeCw [Security_tools] 信息安全工具汇总 https://mp.weixin.qq.com/s/N4uaDfTLf-bmMBmHXmEzPg 视频分享: [Video_share] 暴力破解实战与专属工具定制 https://www.bugbank.cn/live/view.html?id=111233]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F39%2F</url>
<content type="text"><![CDATA[安全周刊(第39期) 安全动态: [Security_week] APT-C-06组织在全球范围内首例使用“双杀”0day漏洞(CVE-2018-8174)发起的APT攻击分析及溯源 https://mp.weixin.qq.com/s/tRQ3yunhRpNRcjB4HV35sQ [Security_week] 谁偷了我们的个人信息? https://mp.weixin.qq.com/s/LDcC-50CBhhw36L4OSdzQw [Security_week] Spring Integration Zip不安全解压(CVE-2018-1261)漏洞分析 https://mp.weixin.qq.com/s/SJPXdZWNKypvWmL-roIE0Q [Security_week] Spring Security OAuth2 RCE(CVE-2018-1260)漏洞分析 https://mp.weixin.qq.com/s/5nTz6bexDFLkIT5EfDpnYA [Security_week] CVE-2018-2628补丁绕过分析与修复建议 https://mp.weixin.qq.com/s/NF7hMlvs-yWR7gu05fO7WQ [Security_week] 信息安全漏洞周报(2018年第18期) https://mp.weixin.qq.com/s/BT1LUGfY0Z5Xv_Mt_rGmxA [Security_week] 关于CVE-2018-1259-XXE漏洞复现 http://www.polaris-lab.com/index.php/archives/524/ Web安全: [Web_Security] 构造PPSX钓鱼文件 https://mp.weixin.qq.com/s/n-5HG7L7gDUkjZxKdXj0Jw [Web_Security] SQL语句利用日志写shell https://mp.weixin.qq.com/s/wNIsxAhGL79eqss7XmEB1A [Web_Security] php 一句话木马检测绕过研究 https://mp.weixin.qq.com/s/LytVSOt81UpRyetMh6twnw [Web_Security] php 反序列漏洞初识 https://mp.weixin.qq.com/s/XxnSEg-Fmv8fniQ0BMiQgg [Web_Security] MySQL mmm_agent远程代码注入漏洞分析 https://mp.weixin.qq.com/s/kAXu6V8hOEbaBMGb2PObgQ [Web_Security] 深入浅出WebExtensions(上) https://mp.weixin.qq.com/s/NFFbKssSuqnaKjjzlLwHvw [Web_Security] 我给你变一个ECShop漏洞魔术 https://mp.weixin.qq.com/s/mn77cuWq2eDsGrENE9Gxaw [Web_Security] 简单分析SQL注入语义分析库Libinjection http://www.freebuf.com/articles/web/170930.html [Web_Security] DDCTF 2018 writeup(一) WEB篇 https://www.secdic.com/go/18163.html [Web_Security]【撞库测试】 Selenium+验证码打码时的特殊情况-【遇到滚动条】 http://www.polaris-lab.com/index.php/archives/513/ 渗透测试: [Penetration_test] Exploit-Exercise之Nebula实践指南(一) https://mp.weixin.qq.com/s/Z95ffyBCX0MxyKSGGAoj9g [Penetration_test] Twitter bug: Twitter建议用户修改账户密码;badpdf: 创建恶意PDF来从Windows机器上窃取NTLM https://mp.weixin.qq.com/s/aTJLkffA8ltrcg6eh-VegA [Penetration_test] python使用pexpect实现ftp的操作 https://mp.weixin.qq.com/s/wx1ZipTNGMWK8iHxJcmaMA [Penetration_test] 普通用户借助docker容器提权思路分享 https://mp.weixin.qq.com/s/yjxGTXLuRoACVwpiG3VKEw [Penetration_test] linux实践 | Exploit-Exercise之Nebula实践指南(三) https://mp.weixin.qq.com/s/38oxdhBBVglYk7ulnDLo9Q [Penetration_test] 通过HTTP协议获得Net-NTLM hash https://www.secdic.com/go/17991.html [Penetration_test] CTF实战 | Kioptrix(#3)靶机渗透测试 http://www.freebuf.com/articles/rookie/170656.html [Penetration_test] 使用hashcat破解加密office文件 https://mp.weixin.qq.com/s/BAb0euDmLhGQ4KIt8k15QA [Penetration_test] VulnHub渗透实战Billu_b0x http://www.freebuf.com/sectool/170713.html [Penetration_test] Z3Py在CTF逆向中的运用 https://mp.weixin.qq.com/s/8pHqlCVJ-M-oTa_ihy6lUQ [Penetration_test] 教你如何去掉git历史中的敏感信息 https://mp.weixin.qq.com/s/gSGWbHEQXl1OAL-JZodXrQ [Penetration_test] 渗透技巧——如何逃逸Linux的受限制shell执行任意命令 https://mp.weixin.qq.com/s/KKyq2_a0RxNMIWfTwNQwhQ [Penetration_test] 爬虫工具的信息挖掘 https://mp.weixin.qq.com/s/AXlCUzm7rmNj4vzQd8M5Jg [Penetration_test] Defcon China 靶场题 – 内网渗透Writeup https://www.secdic.com/go/18183.html [Penetration_test] redis 在渗透中 getshell 方法总结 https://www.secdic.com/go/18193.html 安全工具: [Security_tools] Hostscan – 用于网络扫描的PHP工具 https://mp.weixin.qq.com/s/lwrJrVKo4mSNfyMXy-RLqw [Security_tools] YaVol – 用于Volatility Framework和Yara的GUI https://mp.weixin.qq.com/s/69zBujQ63V-RITy1ru2-PQ [Security_tools] Git Shell Bypass https://mp.weixin.qq.com/s/_jI9g60QhvPWb7qG79um2w [Security_tools] 一记组合拳,批量SSH弱密码爆破检测工具分享 https://mp.weixin.qq.com/s/d_pkFGL9PReqUTCxZsy4Uw [Security_tools] 工具| PowerShell的内网渗透之旅(二) https://mp.weixin.qq.com/s/xZGNpZLJxpxoKf8kiDdztQ [Security_tools] DDoS Deflate – 用于阻止DDoS攻击的Shell脚本 https://mp.weixin.qq.com/s/BB_6MPdnqLmeW5KyyPdjIw [Security_tools] 黑客喜欢的扫描器盒子 https://mp.weixin.qq.com/s/Cw3fdeVqjMUSItcBA4pkpw [Security_tools] Sublist3r – 针对渗透测试人员的快速子域枚举工具 https://mp.weixin.qq.com/s/BaiU9lUIo92cwJvI6dQcPw [Security_tools] Linux下的字典生成工具Crunch,创造自己的专属字典 https://mp.weixin.qq.com/s/F5azNOEWlqI4RjJw3sOydQ 视频分享: [Video_share] 见招拆招,深入解读Oracle提权 https://www.bugbank.cn/live/view.html?id=111188]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F38%2F</url>
<content type="text"><![CDATA[安全周刊(第38期) 安全动态: [Security_week] CVE-2018-10561/62: GPON光纤路由器漏洞分析预警 https://mp.weixin.qq.com/s/H6cRTzr2FsoRK0BmKsJIwA [Security_week] 每周网安十事 第97期 https://mp.weixin.qq.com/s/XIR7umy6uBSod8z9nqOjIQ [Security_week] 浅谈以太坊智能合约的安全漏洞 https://mp.weixin.qq.com/s/H6cRTzr2FsoRK0BmKsJIwA [Security_week] Spectre-NG:多个新 CPU 漏洞预警 https://mp.weixin.qq.com/s/xz0dKClBskZ6MMcOfmAf6A [Security_week] 季刊| 骚技术汇总精编 https://mp.weixin.qq.com/s/4JtFYNMkRGZqQp6JsWPl_w [Security_week] 入侵监控设备最新漏洞附Poc工具 https://mp.weixin.qq.com/s/H6cRTzr2FsoRK0BmKsJIwA [Security_week] 信息安全漏洞周报(2018年第17期) https://mp.weixin.qq.com/s/o9sW81sMKFBf3MA77Y9hdg Web安全: [Web_Security] 看我如何挖掘YouPorn的XSS并成功利用 http://www.freebuf.com/articles/web/169918.html [Web_Security] 使用burpsuite抓https包 https://mp.weixin.qq.com/s/p5yBNgp8KH523A6E5XF7xA [Web_Security] PHP使用了PDO还可能存在sql注入的情况 https://mp.weixin.qq.com/s/LPmE52XU0A01p4ZYv4wwzA [Web_Security] Bypass ngx_lua_waf SQL 注入防御(多姿势) https://mp.weixin.qq.com/s/hy0eSorsxK_fKaNJ0r0glA [Web_Security] burpsuite插件开发之检测越权访问漏洞 https://www.secdic.com/go/17640.html [Web_Security] 记录一次利用业务设计漏洞的精彩实战测试 https://mp.weixin.qq.com/s/JshlT1uxO_2gCv-0BK6Dhg [Web_Security] 只需通过4个NagiosXI漏洞 就可以构造一个远程代码执行 https://mp.weixin.qq.com/s/JshlT1uxO_2gCv-0BK6Dhg [Web_Security] 利用/绕过 PHP escapeshellarg/escapeshellcmd函数 https://www.secdic.com/go/17790.html 渗透测试: [Penetration_test] 渗透测试神器Cobalt Strike使用教程 https://mp.weixin.qq.com/s/aHKzIVLy6EfW1pX2FVmfLQ [Penetration_test] ORACLE PEOPLESOFT远程执行代码:将XXE盲注到SYSTEM SHELL https://www.secdic.com/go/17589.html [Penetration_test] CTF 玩转 pwn 月度总结 https://mp.weixin.qq.com/s/H-2yLfM3rd8g9KOx-r5dpA [Penetration_test] 红帽杯部分Wp https://mp.weixin.qq.com/s/9rTtLoucMpaWAeniTj27Xg [Penetration_test] 了解一下,PowerShell的内网渗透之旅(一) https://mp.weixin.qq.com/s/eQ_flYcMvVZdMjNDgn2CnA [Penetration_test] 利用.NET反序列化漏洞获取NTLM Hasheshttp://www.freebuf.com/articles/system/170640.html [Penetration_test] python之paramiko模块 https://mp.weixin.qq.com/s/QdzHkWBdxVJ1U0WyJw11Cg 代码审计: [Code_audit] 代码审计 | HDWiki v6.0最新版referer注入漏洞 https://mp.weixin.qq.com/s/jb5iMmq1f54YARA5qZ67FA [Code_audit] 蝉(feng)知(wo)cms https://mp.weixin.qq.com/s/8QVM_qwAHFqJ8wdYdbjVGw [Code_audit] 源码审计之缓冲区溢出漏洞 http://www.freebuf.com/vuls/170323.html [Mobile_Security] 利用python开发app实战 https://www.secdic.com/go/17787.html 安全工具: [Security_tools] PentestPackage – Pentesting脚本集合 https://mp.weixin.qq.com/s/UZHZA5GpMNSyrNCjzYaBFw [Security_tools] Hostscan – 用于网络扫描的PHP工具 https://mp.weixin.qq.com/s/EXOao848kUHZLKXAI-8wGQ [Security_tools] 工具| Burp Suite API学习思路 https://mp.weixin.qq.com/s/WHzP47XUjKxaLN19NhinJQ [Security_tools] OWTF – 攻击性Web测试框架 https://mp.weixin.qq.com/s/JKW1376dBC0orwAM2hL3KA [Security_tools] Phan – PHP静态分析器 https://mp.weixin.qq.com/s/tO-5U1B8ZJAix64csT8tZQ [Security_tools] Nmap使用空闲扫描进行信息收集 https://mp.weixin.qq.com/s/CRQlVaVCU0j2tMZwnR_0cA [Security_tools] Whonow:一款可实时执行DNS重绑定测试的DNS服务器 http://www.freebuf.com/sectool/170740.html]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F37%2F</url>
<content type="text"><![CDATA[安全周刊(第37期) 安全动态: [Security_week] RouterOS 重要漏洞 https://mp.weixin.qq.com/s/iX7lgUC1jaHPSZhBDZI0Gw [Security_week] CVE-2018-7602:Drupal核心远程代码执行漏洞分析预警 https://mp.weixin.qq.com/s/lp0vvaZeZACgBlqHi0wfug [Security_week] 每周网安十事 第96期 https://mp.weixin.qq.com/s/-MBd-NvRVLF0LTvzNzZosA [Security_week] CNNVD信息安全漏洞周报(2018年第16期) https://mp.weixin.qq.com/s/-oMYiYZ3bLUzglmaBZuiLA Web安全: [Web_Security] 新手如何系统的学习Web安全? https://mp.weixin.qq.com/s/740wJARdj8BpOiBpcXCmxw [Web_Security] 构造PPSX钓鱼文件 https://mp.weixin.qq.com/s/TeoSHHYoAox0Z8FPS9XRUA [Web_Security] 挖洞经验 | 利用密码重置功能实现账号劫持 https://mp.weixin.qq.com/s/Ijg4pa6IZ-Lc68nziAfOAg [Web_Security] PentesterLab新手教程(二):XML注入 http://www.freebuf.com/sectool/169122.html [Web_Security] BruteXSS – 跨站脚本BruteForcer https://mp.weixin.qq.com/s/LMWvxdzJtBk3A3MI431S9w [Web_Security] Xsl Exec Webshell (aspx) https://mp.weixin.qq.com/s/Ynvx-IK3wdk_-wmDyPi9Qw [Web_Security] Xenotix – XSS漏洞检测和利用框架 https://mp.weixin.qq.com/s/ym2vRot8V2W8AqFeHb6yNQ [Web_Security] PHP中通过bypass disable functions执行系统命令的几种方式 http://www.freebuf.com/articles/web/169156.html [Web_Security] CSRF之你登陆我的账号-通用性业务逻辑组合拳劫持你的权限 https://www.anquanke.com/post/id/106961 渗透测试: [Penetration_test] 对混淆的Android应用进行渗透测试 https://www.secdic.com/go/17107.html [Penetration_test] DCShadow渗透技术入门 https://www.secdic.com/go/17139.html [Penetration_test] 流量分析-企业渗透过程 https://mp.weixin.qq.com/s/gVe_eGzNHKSITs_QRz27Mw [Penetration_test] 渗透过程中的端口反弹 https://mp.weixin.qq.com/s/Z-x2Y9OeO_wDA-8AfBVLDQ [Penetration_test] 如何使用RDP中间人攻击进行横向渗透 https://mp.weixin.qq.com/s/PflC1VDoh1a3cw_6-fzTXQ [Penetration_test] NetBIOS名称欺骗和LLMNR欺骗 https://mp.weixin.qq.com/s/kEtWonAqV0odIXRQKa-G2w [Penetration_test] 渗透过程中的SSH https://mp.weixin.qq.com/s/3-zYdi519O-x-Rty1TsLeA [Penetration_test] 渗透中的ADS https://mp.weixin.qq.com/s/-XdZuQCsUVzh63BhLVvThg [Penetration_test] JIS-CTF靶机+Kioptrix靶机渗透 https://mp.weixin.qq.com/s/mSkeHk4bRQmvGZFVQMEUnQ [Penetration_test] CTF 玩转 Crypto 月度总结 https://mp.weixin.qq.com/s/fNaz7v_dLedPsGMnJtQ-Cg [Penetration_test] CTF经验 | Off-By-One相关知识点浅析 https://mp.weixin.qq.com/s/tt0jd22seg3pNyAhUf3PSg [Penetration_test] 渗透测试实战-BlackMarket靶机入侵 https://www.secdic.com/go/17388.html [Penetration_test] SSRF(XXE、LFI)漏洞利用数据字典;Gitmails:在Github上收集git commit email信息 https://mp.weixin.qq.com/s/Ag1Ostuvp3yG0RV71mgwvA 代码审计: [Code_audit] CTF线下赛AWD代码审计—flasky https://www.secdic.com/go/17133.html [Code_audit] 代码审计 | ThinkPHP3.2.x框架SQL注入 https://mp.weixin.qq.com/s/oxjmnm3L0imqmgCLkanXWw [Code_audit] 代码审计| WebGoat源码审计之XXE注入 https://mp.weixin.qq.com/s/t0rVMDFduRZyg1BT5AHbWg [Code_audit] 源码审计之空指针引用漏洞 https://mp.weixin.qq.com/s/D95_K3YILizRuD4B3f3yXA [Code_audit] DDCTF 2018 逆向 baby_mips Writeup https://mp.weixin.qq.com/s/A20U4_5MvCXtcq0zxqlhrA 安全工具: [Security_tools] CookieScanner – 检查多个站点Cookie标记的工具 https://mp.weixin.qq.com/s/g8RXrLXpSiu76F4Ar8SuIQ [Security_tools] 一款基于APT威胁程度评估安全产品和监控解决方案的工具 http://www.freebuf.com/sectool/169519.html [Security_tools] BeEF – 浏览器开发工具 https://mp.weixin.qq.com/s/oKT5U9wT0c6y0ncfr7gM_g [Security_tools] 社会工程师工具包 https://mp.weixin.qq.com/s/VV00wIr-8SGgrU3hjP9tmw [Security_tools] 一个可以动态分析恶意软件的工具——Kernel Shellcode Loader https://mp.weixin.qq.com/s/I73KhX8SCidb-Zm39BgVnw [Security_tools] 工具| Metasploit与OpenVAS的结合使用 https://mp.weixin.qq.com/s/uLExb_jCxSh0CxMK_IcUOQ [Security_tools] Samhain – 基于主机的入侵检测系统 https://mp.weixin.qq.com/s/9H8oj1qFXsAbqtFtIvNPJA [Security_tools] D-TECT – 基于命令行的Web应用程序渗透测试工具 https://mp.weixin.qq.com/s/1U4C1-DzzWB-EfbQf524Dg [Security_tools] DomLink:一款自动化的域发现工具 https://mp.weixin.qq.com/s/RItm7Ry03UHZfwnPEdiPww [Security_tools] 分享一款基于Pocsuite的漏洞扫描系统 https://mp.weixin.qq.com/s/mm-T2iqcnCnN0W5layix8Q [Security_tools] Burpsuit结合SQLMapAPI产生的批量注入插件 http://www.freebuf.com/articles/web/169727.html 视频分享: [Video_share] 骚姿势搞定挖洞“老大难” https://www.bugbank.cn/live/view.html?id=111174]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F36%2F</url>
<content type="text"><![CDATA[安全周刊(第36期) 安全动态: [Security_week] WebLogic反序列化漏洞(CVE-2018-2628)安全处置建议 http://mp.weixin.qq.com/s/9Kc7btt4De8IIravJkemGQ [Security_week] 每周网安十事 第95期 http://mp.weixin.qq.com/s/_nr140tFkCuRbXF-HC1GTg [Security_week] CVE-2018-7600 Drupal 7.x 版本代码执行 https://www.secdic.com/go/16891.html [Security_week] Go语言任意代码执行漏洞 CVE-2018-6574 https://www.secdic.com/go/16966.html [Security_week] CNNVD信息安全漏洞周报(2018年第15期) https://mp.weixin.qq.com/s/mprE00wSnECTKn4yS_D1qg Web安全: [Web_Security] HTTPS重定向方法;Drupal漏洞poc http://mp.weixin.qq.com/s/Vq41ZZofizN8iEXtvVfHXw [Web_Security] 浅谈文件上传漏洞 http://mp.weixin.qq.com/s/lzuzLDKE8LrzChCByeSG9A [Web_Security] 一次特殊场景下的鸡肋XSS https://www.secdic.com/go/16699.html [Web_Security] 某cms任意账户密码重置漏洞分析和利用 https://www.secpulse.com/archives/70849.html [Web_Security] 利用缓存服务形成的SSRF和其它客户端形式渗透 https://mp.weixin.qq.com/s/LWFMvwSMHjV-fRpG826DAA [Web_Security] 利用Java反序列化漏洞在Windows上的挖矿实验 http://www.freebuf.com/articles/system/168067.html [Web_Security] 某次XSS绕过总结 https://www.secdic.com/go/16871.html [Web_Security] 记Discuz!的一个绕过技巧 https://www.secdic.com/go/16960.html [Web_Security] 渗透测试介绍|附实例 https://www.secdic.com/go/17042.html [Web_Security] PentesterLab新手教程(一):代码注入 http://www.freebuf.com/sectool/168653.html 渗透测试: [Penetration_test] 记录强网杯2018一道内核pwn的解题思路 https://www.secdic.com/go/16537.html [Penetration_test] 防止服务器被下shift后门的思路 http://mp.weixin.qq.com/s/G38gC-B1tClNbaB5EB2uDw [Penetration_test] 如何在CTF中少走弯路(基础篇(上)) http://mp.weixin.qq.com/s/5mI-xOaKb8s-FnyThal3lQ [Penetration_test] 记一次渗透测试过程中的Zabbix命令执行利用 http://www.freebuf.com/articles/web/168819.html [Penetration_test] Hack with rewrite https://mp.weixin.qq.com/s/gdAsb95QMSL1ElCkrKKjEg [Penetration_test] powershell中使用ReflectivePEInjection绕过杀毒 https://mp.weixin.qq.com/s/7DwedaqitVrtv-3Z36LEnQ [Penetration_test] 现代版荆轲刺秦王:Struts2 REST插件漏洞分析 https://mp.weixin.qq.com/s/R9RKd0tPTxChz6A0bWH-9w [Penetration_test] ESP技巧:教你如何解包可执行文件 https://mp.weixin.qq.com/s/E9TuFr07rLIiDE2j-va_kw [Penetration_test] 实现一个简单的Burp验证码本地识别插件 https://mp.weixin.qq.com/s/Qlke1dxAQ8vMurAfXrGqjw [Penetration_test] Windows 密码抓取方式总结 https://mp.weixin.qq.com/s/As4YZ8XDWCfBfieDUU30Ow [Penetration_test] 如何在CTF中少走弯路(基础篇(下)) https://mp.weixin.qq.com/s/RdHbQrhJdJrbaI5MsHGpkg [Penetration_test] 有一种内涵叫Z-BlogGetShell漏洞分析 https://mp.weixin.qq.com/s/MdwXJtUnEuVQsjQgoyF27g [Penetration_test] 炒冷饭系列之利用Office文档get shell https://mp.weixin.qq.com/s/_87ajQ7-nojWNw48PiUP8A [Penetration_test] 通过SUID提升权限 https://mp.weixin.qq.com/s/dPS3ZljKw7NiinTeHuWIVw [Penetration_test] 记一次详细的勒索病毒分析 https://mp.weixin.qq.com/s/TznmkeU1zZU_wJSw0Jx6GQ [Penetration_test] Windows 密码抓取方式总结 https://mp.weixin.qq.com/s/TG7NuQdW1LT5z_XTdeHgLA [Penetration_test] CVE-2017-16995 Ubuntu本地提权测试(任意地址读写利用) http://www.freebuf.com/vuls/168980.html [Penetration_test] 端口反向模拟 https://mp.weixin.qq.com/s/IzHcs0lYpQS14XGjBaN7GQ [Penetration_test] 流量分析-CTF题目实战 https://mp.weixin.qq.com/s/fdoyTm9NnqzTB8liFWvInQ 代码审计: [Code_audit] 安卓源码逆向 http://mp.weixin.qq.com/s/47JbC9iaQVUIYfnuGDzhuw [Code_audit] 解密混淆的PHP程序 http://mp.weixin.qq.com/s/S2QJ2HiAqPFW2wo6aUAhCA [Code_audit] 工具| WebGoat源码审计之SQL注入篇 https://mp.weixin.qq.com/s/kLOOyXMLD7w–Kk8kWlXOw 安全工具: [Security_tools] Mosca – 查找错误的静态分析工具 http://mp.weixin.qq.com/s/33Qcch4a3sJxtnP14r1f_A [Security_tools] Deep Exploit:结合机器学习的全自动渗透测试工具 http://www.freebuf.com/sectool/167844.html [Security_tools] 黑客六道:SpyNote https://mp.weixin.qq.com/s/3F4czb_eRrxuPKseEJANRw [Security_tools] WordBrutePress – 多线程Wordpress Bruteforcing工具 http://mp.weixin.qq.com/s/1y3RttPzaBFUpv3DYvP4iQ [Security_tools] Zarp – 网络攻击工具 https://mp.weixin.qq.com/s/YxgtWVuFDFYWusAdGJxWrQ [Security_tools] WATOBO – Web应用程序安全审计工具箱 https://mp.weixin.qq.com/s/7dbiF3YL__-y1flGJBVhrg [Security_tools] 浅析加密DNS(附子域名爆破工具) https://mp.weixin.qq.com/s/qpoJzJs1XRKZ-adYjeo9oQ [Security_tools] WebVulScan – Web应用程序漏洞扫描程序 https://mp.weixin.qq.com/s/7B9_zZ6fT114IKhfgmpuAg [Security_tools] Malcom – 恶意软件通信分析器 https://mp.weixin.qq.com/s/CwXqaCxBXeJuTFv4jiaYBg [Security_tools] pyt :检测 Python Web 应用安全漏洞的静态扫描工具;DoxyCannon:ip隐藏 https://mp.weixin.qq.com/s/cpUhEt9lfTyOe_cyHfUaWw 视频分享: [Video_share] 深度剖析数据库提权的背后玄机 https://www.bugbank.cn/live/view.html?id=111161]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F35%2F</url>
<content type="text"><![CDATA[安全周刊(第35期) 安全动态: [Security_week] Spring CVE-2018-1273,CVE-2018-1274和CVE-2018-1275漏洞预警 http://mp.weixin.qq.com/s/lUx17QiDXjH4Dd0d1cPjWA [Security_week] 每周网安十事 第94期 http://mp.weixin.qq.com/s/anmEXYWG3wGShoM0pgPXoA [Security_week] CVE-2017-12542简单分析及复现 http://www.freebuf.com/vuls/167124.html [Security_week] Drupal 代码执行漏洞POC(CVE-2018-7600) http://mp.weixin.qq.com/s/zxz7bAu9Rj-NeoqAXCKSvQ [Security_week] CNNVD信息安全漏洞周报(2018年第14期) http://mp.weixin.qq.com/s/g8J3VG9Xjjcpncnw2LP1Ww [Security_week] Microsoft Outlook漏洞CVE-2018-0950分析 https://mp.weixin.qq.com/s/-U-o0c_xzpudPvkurXVxZw Web安全: [Web_Security] 任意密码重置的一个场景 http://mp.weixin.qq.com/s/1c98V3v18YHTo0RF1gInzQ [Web_Security] 初窥火狐浏览器插件后门 http://mp.weixin.qq.com/s/4XG4piakrBm2MCFX3u9D_A [Web_Security] Web应用安全七大“致命”错误 http://mp.weixin.qq.com/s/-rrNav3uR9wLjo9-LkIRUg [Web_Security] ThinkPHP 5.0版本 SQL注入漏洞分析 http://blog.nsfocus.net/thinkphp-5-0-sql/ [Web_Security] SSRF的简单科普 https://www.secpulse.com/archives/70471.html [Web_Security] 记一次利用BLIND OOB XXE漏洞获取文件系统访问权限的测试 http://mp.weixin.qq.com/s/V69dAsnCHTgKH7Ze4PlA1Q [Web_Security] 以女朋友为例讲解 TCP/IP 三次握手与四次挥手 https://mp.weixin.qq.com/s/-68MlEbH7gg51RCZNcEdEw [Web_Security] 斗哥牌OTCMS3.20漏洞组合,照亮你的心 http://mp.weixin.qq.com/s/173PxcRq_7hGhD67qLNXrw [Web_Security] XSS的另一种利用思路 https://www.secdic.com/go/16295.html [Web_Security] 某搜索引擎Self-XSS点击劫持案例分享 http://mp.weixin.qq.com/s/muKlgyXiXqmNhHmCmxw-WQ [Web_Security] 从PNG tEXt到存储型XSS https://www.secdic.com/go/16417.html [Web_Security] 从0CTF一道题看move_uploaded_file的一个细节问题 https://www.secdic.com/go/16407.html 渗透测试: [Penetration_test] 记一次有趣的渗透测试 http://mp.weixin.qq.com/s/T3VtB3yQZUA-wzWJ7AJ8MQ [Penetration_test] 渗透测试实战-Nineveh靶机测试 https://www.anquanke.com/post/id/104336 [Penetration_test] 利用msfvenom与metasploit入侵windows http://mp.weixin.qq.com/s/fMePndEfs3Ur3vGE4Fvieg [Penetration_test] 如何在CTF中少走弯路(基础篇) http://mp.weixin.qq.com/s/3hyDx4ZsAIvsTuA9s1JDwQ [Penetration_test] Window 提权基础 http://mp.weixin.qq.com/s/JeYxI2usvJCwmijYEefmOw [Penetration_test] windows下原来可以这样隐藏webshell http://mp.weixin.qq.com/s/BO89vHxnLbhAxDLa5rqKYQ [Penetration_test] Metasploit的简单木马免杀技术及后渗透面临的问题 http://mp.weixin.qq.com/s/1eVtuu8TmvUW80sN1Ff0sg [Penetration_test] 从0开始编写信息收集器 http://mp.weixin.qq.com/s/eEumrZy-NWcc25mpicFn9A 代码审计: [Code_audit] 代码安全审计大牛讲THINKPHP开发框架审计 http://mp.weixin.qq.com/s/C_pAzzrs_JUhx2jQUv3xOA [Code_audit] 代码审计 | ThinkPHP 5.0.x框架SQL注入 https://mp.weixin.qq.com/s/lNaH2-AAtk9JVKbbCBeIRA [Code_audit] PHP代码审计&2018-HITB-PHPLover https://www.secdic.com/go/16414.html 安全工具: [Security_tools] MassBleed - SSL漏洞扫描器 http://mp.weixin.qq.com/s/CohzCzWnUHJqghqHQqu2fg [Security_tools] 使用Nmap进行大规模的分布式漏洞检测 http://www.freebuf.com/articles/network/167596.html [Security_tools] 在vps上搭建Burp Collaborator Server;Microsoft Windows的LPAC到非LPAC权限提升 http://mp.weixin.qq.com/s/nUl9hWH4swQ3hKP46r0HmQ [Security_tools] 网络安全技术之抓包工具:Fiddler&Wireshark https://mp.weixin.qq.com/s/cGTDMzuA1G02L9fCXXvU1A [Security_tools] Patator - 强大的命令行暴力破解器 http://mp.weixin.qq.com/s/KCiSGazJwld7GQF0ymN8gw [Security_tools] Snort - 开源网络入侵检测工具 https://mp.weixin.qq.com/s/Cn75XMMT-3hwFqnDlYUr6Q [Security_tools] Nessus - 高级漏洞扫描程序 http://mp.weixin.qq.com/s/Rok98Vz1Q-xefTLEUFmbCg [Security_tools] 黑帽大会八大热门黑客工具,附演示链接 http://mp.weixin.qq.com/s/XK9KvMoKY-OH_HRQf5op6w [Security_tools] 工具| Nodejs暴力破解实践 http://mp.weixin.qq.com/s/xGPmTBy9o98dKZ61n92qMw [Security_tools] Vulscan - 使用Nmap进行高级漏洞扫描 http://mp.weixin.qq.com/s/9x3xzk0oQ7XVto3z67M3og [Security_tools] JoomlaVS-黑盒子Ruby Powered,Joomla漏洞扫描器 http://mp.weixin.qq.com/s/252toEE9K7KG_BQ_Yfi1GQ [Security_tools] 那些提升开发人员工作效率的在线工具 http://mp.weixin.qq.com/s/Bl0xjUmHkotxUfy_UBGfbA [Security_tools] “瑞士军刀”Netcat使用方法总结 https://www.secdic.com/go/16420.html [Security_tools] 在任意手机部署Nethunter http://mp.weixin.qq.com/s/DssvwWYgBTNGQ8_dGBIG_w]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F34%2F</url>
<content type="text"><![CDATA[安全周刊(第34期) 安全动态: [Security_week] 近年来APT组织使用的10大(类)安全漏洞 https://www.anquanke.com/post/id/104180 [Security_week] 路由器漏洞分析第五弹:CVE-2018-5767远程代码执行 http://mp.weixin.qq.com/s/GGMv7AEELJTnJP8VgvbP0w [Security_week] 突发!思科底层设备漏洞遭滥用,国内多家IDC及机构网络瘫痪 https://mp.weixin.qq.com/s/Ia_WDfQYmjQKttEZcmXf7w [Security_week] CVE-2018-1270:spring-messaging远程代码执行漏洞分析预警 http://mp.weixin.qq.com/s/zW53wlWm5Bk1ZJV8i3b6QQ [Security_week] CNNVD信息安全漏洞周报(2018年第13期) http://mp.weixin.qq.com/s/M1gyes5VG6r2ZO9NHmnNsA [Security_week] FreeBuf 2018年企业安全月报(三月刊) http://mp.weixin.qq.com/s/O09YcRBdcICCOnYOWIKb2g Web安全: [Web_Security] 0d1n - 暴力破解Web应用程序的工具 http://mp.weixin.qq.com/s/TFbCl6upeW33YGjipMebdg [Web_Security] Xenotix - XSS漏洞检测和利用框架 http://mp.weixin.qq.com/s/jveARyp7eHrbL8OTdoNHkQ [Web_Security] 关于Sql注入以及Burpsuite Intruders使用的一些浅浅的见解 http://mp.weixin.qq.com/s/-CNN-8dWBWa7KdNAzdUZdA [Web_Security] 使用Django编写简易测试报告生成器 http://mp.weixin.qq.com/s/NTvgzAvW7PWN2Z14aWp_Ig [Web_Security] 打造一款自动扫描全网漏洞的扫描器 https://mp.weixin.qq.com/s/OFD821QhL0sjmXerqgPyCQ [Web_Security] 分析绕过一款适合练手的云 WAF http://mp.weixin.qq.com/s/uy4NjyxN_17fCeYETWH1KQ [Web_Security] XSS二次编码漏洞绕过实例研究报告 http://mp.weixin.qq.com/s/BDD3U3iTWcLNAZ5L_uqygQ [Web_Security] 科普一种猥琐的黑客攻击方式,附攻防指南 http://mp.weixin.qq.com/s/LovtyWTf7eCpp5wsmrRkdg [Web_Security] webshell 常见 Bypass waf 技巧总结 http://mp.weixin.qq.com/s/AM1lXA-y-pYbC3ZcoVPi8g [Web_Security] 前端跨域安全 http://mp.weixin.qq.com/s/Ih96u2qwgh2uPd3mWOFOQQ [Web_Security] RPO 相对路径覆盖攻击 http://mp.weixin.qq.com/s/57mGcUQoYhy65X-Uhmb_rw [Web_Security] 0CTF h4x0rs.club1/2 复现 http://mp.weixin.qq.com/s/Ua27ZN3kH8Bx9TkU-vE-Gw [Web_Security] 如何在没有ROOT访问的Android上执行SQL注入 http://mp.weixin.qq.com/s/4XG4piakrBm2MCFX3u9D_A 渗透测试: [Penetration_test] 黑客怎样用谷歌查找信息? https://mp.weixin.qq.com/s/rIPuipux3--7v-lsmRml7A [Penetration_test] 记一次破解shift后门 http://mp.weixin.qq.com/s/pTvFrWxyHLAZTtqJQ8LWtA [Penetration_test] Linux无文件渗透执行ELF https://mp.weixin.qq.com/s/SdR6ce9xjbS5UQbh14kfgg [Penetration_test] Hakluke的OSCP终极指南:第3部分——实用的黑客技巧和窍门(上篇) http://www.4hou.com/technology/10967.html [Penetration_test] Hakluke的OSCP终极指南:第3部分——实用的黑客技巧和窍门(下篇) http://mp.weixin.qq.com/s/w2tiASdMO7D1MfQ8fc8FBA [Penetration_test] 制作ADS流文件进行钓鱼 http://mp.weixin.qq.com/s/Y34VKudgJ8bHcioqdOTDRA [Penetration_test] 文件隐藏技术 - 文档存于图片 http://mp.weixin.qq.com/s/dMim_7UvCj1oVU8tQqJf2g [Penetration_test] 使用PowerShell脚本执行命令并绕过AppLocker;Ruby CVE-2017-17405 分析 https://mp.weixin.qq.com/s/CU9TxLBNVqdKruAjlidHSg [Penetration_test] 双上传突破拿WEBSHELL演示 http://mp.weixin.qq.com/s/EXkFGbDi8UOa6IoRPkC5qQ [Penetration_test] 新型渗透手法:利用XSS绕过WAF进行SQL注入 http://mp.weixin.qq.com/s/yMqU7Tu5SsMhKPmbF0c1wA 移动安全: [Mobile_Security] Android APP安全测试入门 http://mp.weixin.qq.com/s/_-oZpOlw9LUP1JKgnDGokA [Mobile_Security] 黑客六道:骷髅病毒简单分析 https://mp.weixin.qq.com/s/bjh8KBYbpDVSKImDoMQB4w 安全工具: [Security_tools] MDK3使用介绍 http://mp.weixin.qq.com/s/4Fs7Mf66e9qQBMvnIAOJXg [Security_tools] 针对某mysql批量提权工具的后门分析 https://mp.weixin.qq.com/s/QLY-OvIBKlaDlG5clmSSxA [Security_tools] Harpoon:OSINT威胁情报工具 http://mp.weixin.qq.com/s/OcekBEOmE7SRFnhIAMfu8g [Security_tools] Linux下的暴力密码在线破解工具Hydra详解 http://mp.weixin.qq.com/s/q0I3gx1wKOOvT7GaRc4pAg [Security_tools] jSQL注入 - 一个跨平台的SQL注入工具 http://mp.weixin.qq.com/s/p8Twe3RpemTB3mxQGU1HHg [Security_tools] Hydra - 强大的网络密码破解工具 http://mp.weixin.qq.com/s/2Yf_ZAP20eeV22C4gPuoGA [Security_tools] Capsa - 分析网络流量的工具 http://mp.weixin.qq.com/s/2MyRChN_tov6qGzL_F_W4g 视频分享: [Video_share] 任意代码执行 http://mp.weixin.qq.com/s/-ZA9rzVMDfaaNZ3Ih9b5Dw [Video_share] Django 漏洞攻防 http://mp.weixin.qq.com/s/7BZJxVR9tupI-J2p6D7ulw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F33%2F</url>
<content type="text"><![CDATA[安全周刊(第33期) 安全动态: [Security_week] CVE-2018-7600:Drupal核心远程代码执行漏洞预警 http://mp.weixin.qq.com/s/8Iiv_IYtk0EeedojnmTejw [Security_week] CVE-2018-0171:Cisco Smart Install远程命令执行漏洞预警 http://mp.weixin.qq.com/s/QBB-b4VsraUK46WJ9pLyJw [Security_week] CVE-2018-1038: 微软TotalMeltdown漏洞分析预警 http://mp.weixin.qq.com/s/IuRyOXUCzEjT0KxBlYfbHQ [Security_week] 每周网安十事 第92期 — 合天智汇 http://mp.weixin.qq.com/s/Z9wGSgrRGd59DuWRdpC4rQ [Security_week] CNNVD最新漏洞(2018-04-03) https://mp.weixin.qq.com/s/u6WPs_hXOFFPY5tv_G1koA [Security_week] CNNVD信息安全漏洞周报(2018年第12期) http://mp.weixin.qq.com/s/Z3a5M3ZWlxIRHqMHh48ujw [Security_week] 以UPX漏洞为例介绍整数溢出(基础篇) http://mp.weixin.qq.com/s/pjfbzffE-0V14hXglvQn0A [Security_week] 火绒安全周报:新版macOS以明文存储密码 微软Meltdown补丁引发更大安全漏洞 http://mp.weixin.qq.com/s/iawwCphiCmVYUeqzmc793g [Security_week] 这年头, 普通人也该认识这些黑客工具吧? http://mp.weixin.qq.com/s/Jx711XGLHNVI1w-mSd7XIQ Web安全: [Web_Security] 使用burpsuite爆破后台账号密码 http://mp.weixin.qq.com/s/RXP1laHkZHzxFL3AxVXCLg [Web_Security] “强网杯”部分题目Writeup http://mp.weixin.qq.com/s/qdjYYdxu7WTv6o8Ru9pyjQ [Web_Security] writeup | 强网杯web题目四道 http://mp.weixin.qq.com/s/KPE-EjU5FJ5ZD2tvDZbX4A [Web_Security] 从sql注入到xslt再到xxe的一道ctf题目 http://mp.weixin.qq.com/s/OVf3eUxjSq9N5wGzfg8F-Q [Web_Security] 某CTF线下赛某CMS SQL注入分析 https://www.secpulse.com/archives/69910.html [Web_Security] SQL注入详解基于MSSQL “order by”语句报错的SQL注入技术 http://blog.nsfocus.net/mssql-order-by/ [Web_Security] DAws – 高级Web Shell http://mp.weixin.qq.com/s/Bxbd6x4Xv8ygfOX4hnnidg [Web_Security] safe3 web漏洞简单使用 http://mp.weixin.qq.com/s/QgqAhRyHLit__E07GqkgTw [Web_Security] 从长亭的wiki上获取我想要的数据 http://mp.weixin.qq.com/s/xpClaDBOtIERwTUv3sbPvg [Web_Security] 企业邮箱安全之web端邮箱漏洞挖掘小记 http://mp.weixin.qq.com/s/2qcABTKXlRmOSkMf5djv8Q [Web_Security] 白帽子挖洞经验干货分享,json跨域劫持 https://mp.weixin.qq.com/s/vxHQykCy99RfHcYqsvWDBQ [Web_Security] 用户数据安全之任意账户密码重置逻辑漏洞挖掘 http://mp.weixin.qq.com/s/qQTR1fomGbWniKNRHDSSlw [Web_Security] 修仙第一步:08CMS SQL 注入 http://mp.weixin.qq.com/s/yLwzKXCTxKOqAZ-NBCNLqA [Web_Security] 一种绕过限制下载论文的思路 http://mp.weixin.qq.com/s/VUBU6HxmWiMTmjhurf0NKA [Web_Security] 简单粗暴的文件上传漏洞 http://mp.weixin.qq.com/s/e1jy-DFOSROmSvvzX_Ge5g [Web_Security] 扒一扒那些和编程语言无关的技术 http://mp.weixin.qq.com/s/5SNxAF5-thGMngAMMTgiFw 渗透测试: [Penetration_test] 使用kali生成木马入侵安卓手机 http://mp.weixin.qq.com/s/l8BR4Q3aDNQnGRI67RKpFQ [Penetration_test] 利用白文件打造超级渗透测试后门程序的思路分享 http://mp.weixin.qq.com/s/0SOXgZ8eO7IPpXZbKsgGBQ [Penetration_test] 分析、还原一次typecho入侵事件 http://mp.weixin.qq.com/s/Qi7uGimlIbVALZSnQks72Q [Penetration_test] 批量提权小黑服务器 http://mp.weixin.qq.com/s/o2sTNuD7GOSfKKl59_9w_A [Penetration_test] 解读NSA对APT组织的透视 https://mp.weixin.qq.com/s/DfvAIZYuDTtNMkijJNledQ [Penetration_test] 新型渗透思路:两种密码重置之综合利用 http://mp.weixin.qq.com/s/ruCgmaH-qAihD0KlmSG6Jw [Penetration_test] PE 病毒与 msf 奇遇记 https://mp.weixin.qq.com/s/kRMuGMFOxUCW0whh8TtlTQ [Penetration_test] IP地址与ASN映射, 可在线查询, 可下载映射数据库 https://iptoasn.com [Penetration_test] 渗透指点站点笔记分享 http://mp.weixin.qq.com/s/zOAYUr2JyJScZlskAGRE5Q [Penetration_test] 在你的内网中获得域管理员权限的五种方法 http://mp.weixin.qq.com/s/TvTOcdt6ngei1-CAdt_zcg [Penetration_test] 红队渗透测试5方面大解密;MSSQL “order by” 语句的报错注入方法 http://mp.weixin.qq.com/s/lyVWx-7oKD9iX_3EneE5cQ 移动安全: [Mobile_Security] 如何绕过安卓的网络安全配置功能 http://mp.weixin.qq.com/s/5GUAesRtTqlcUKFlHcHhMA [Mobile_Security] 一文了解安卓APP逆向分析与保护机制 http://mp.weixin.qq.com/s/fG0syEtdrXgSVtHzCzfA [Mobile_Security] 了解针对“所有”版本Android的Cloak & Dagger攻击 https://mp.weixin.qq.com/s/U1hlDG7CXzy-MaVN0IgGBg [Mobile_Security] 脱壳系列—— *加密脱壳(Android使用手册破解) http://www.freebuf.com/column/167245.html [Mobile_Security] 软件安全技术中的二进制安全 https://mp.weixin.qq.com/s/LiNARKEuQ-7w1-udxuSGnQ 安全工具: [Security_tools] WiFi-Pumpkin – 恶意WiFi接入点攻击框架 http://mp.weixin.qq.com/s/EXxKadUsZgX9S7y6_P9CDw [Security_tools] 如何写一个开放WLAN下的嗅探测试工具? http://mp.weixin.qq.com/s/cfoTa3jhd3drgTj0IEsq5g [Security_tools] IVRE – 网络侦察框架 http://mp.weixin.qq.com/s/M4g2NZ6iGxR5fi65a0Odpg [Security_tools] Acrolinx Dashboard 目录穿越漏洞披露(CVE 2018-7719);SubOver:多线程运行的子域名扫描工具 http://mp.weixin.qq.com/s/Soh03BaJVFixn8mYUGBGHg [Security_tools] CMSmap – 开源CMS扫描仪 http://mp.weixin.qq.com/s/FVqhhLoycKV_FbwJmyQrPw [Security_tools] Graudit – Grep源代码审计工具 http://mp.weixin.qq.com/s/rmHV-c2Ik8ioFvUp28x-Bg [Security_tools] ezXSS:一款功能强大的XSS盲测工具 http://mp.weixin.qq.com/s/4ilwOm-fnTJfPBlnVdZukw [Security_tools] Visual Basic GUI:一款在SSH客户端上注入击键的工具 http://mp.weixin.qq.com/s/kK174nq2N-JQHzQ1XPZp3A [Security_tools] XSSYA – XSS漏洞确认工具 https://mp.weixin.qq.com/s/tt1NDweTkmIJke1VS7s7jw [Security_tools] w3af – Web应用程序攻击和审计框架 http://mp.weixin.qq.com/s/cfjHlmDJwuk7zhR5CUauxA 视频分享: [Video_share] 大数据与机器学习下的WEB安全 http://mp.weixin.qq.com/s/Me2kpi3iOmoFGoVf1wregQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F32%2F</url>
<content type="text"><![CDATA[安全周刊(第32期) 安全动态: [Security_week] 每日攻防资讯汇总(03-21) — 天融信阿尔法实验室 http://mp.weixin.qq.com/s/UVSPUpkFLIRj0GQ-mNE0aQ [Security_week] 每日攻防资讯汇总(03-22) — 天融信阿尔法实验室 http://mp.weixin.qq.com/s/bmS6VX9ZPQbFBOMie32r4w [Security_week] 每日攻防资讯汇总(03-23) — 天融信阿尔法实验室 http://mp.weixin.qq.com/s/jYL-zdBz0EoFPugRbEazZQ [Security_week] 每日攻防资讯汇总(03-26) — 天融信阿尔法实验室 http://mp.weixin.qq.com/s/CsIcGf5hdKCo8wqWFcrYSw [Security_week] 每日攻防资讯汇总(03-27) — 天融信阿尔法实验室 http://mp.weixin.qq.com/s/l5gAaU8PR_AbClcl2Sk5kQ [Security_week] 熟悉的Str2-045,不一样的认识 http://mp.weixin.qq.com/s/sMsAagJDgAaLsH_Cd8F6vw [Security_week] 每周网安十事 第91期 — 合天智汇 http://mp.weixin.qq.com/s/EVaa-U4XfWa1YwQDwi54Aw [Security_week] CNNVD最新漏洞(2018-03-21) http://mp.weixin.qq.com/s/HplKhSToKWUcMuhA-PpAnQ [Security_week] CNNVD最新漏洞(2018-03-22) http://mp.weixin.qq.com/s/cm_2pVw08VfEslzv8Z7pog [Security_week] CNNVD最新漏洞(2018-03-23) http://mp.weixin.qq.com/s/lA-RDsh3B5yAxOa4FL29_w [Security_week] CNNVD最新漏洞(2018-03-26) https://mp.weixin.qq.com/s/XNp5KoJJUwA_NdtnA0kkKA [Security_week] CNNVD最新漏洞(2018-03-27) http://mp.weixin.qq.com/s/e1UR_F8nnUMkYY1Utf61sw [Security_week] 20180321-今日网络安全热点 — 安全字典 http://mp.weixin.qq.com/s/xL2iM_smnusCISvrwNLaNA [Security_week] 20180322-今日网络安全热点 — 安全字典 http://mp.weixin.qq.com/s/y7ZiZfNNg5JI-HxmMJzHwg [Security_week] 20180323-今日网络安全热点 — 安全字典 https://mp.weixin.qq.com/s/3PHgV95yUlTVdm4kTmxDug [Security_week] 20180324-今日网络安全热点 — 安全字典 http://mp.weixin.qq.com/s/KPmO4bY3dfdzoSOqMKCK3w [Security_week] 20180325-今日网络安全热点 — 安全字典 http://mp.weixin.qq.com/s/K7CO_3SfWxsX5weRhLp0rQ [Security_week] 20180326-今日网络安全热点 — 安全字典 http://mp.weixin.qq.com/s/tMgtF8IQPs9rVJo3W4uYRg [Security_week] 20180327-今日网络安全热点 — 安全字典 http://mp.weixin.qq.com/s/b3C7oduJ9waAuIU9rbTeCQ [Security_week] 每日安全动态推送(03-21) — 腾讯玄武实验室 http://mp.weixin.qq.com/s/RJq8Pr0VQcz77yiBinObbQ [Security_week] 每日安全动态推送(03-22) — 腾讯玄武实验室 http://mp.weixin.qq.com/s/OryblvTXTLOQMhC4Buxgbg [Security_week] 每日安全动态推送(03-23) — 腾讯玄武实验室 http://mp.weixin.qq.com/s/cNcqM-7ZetqE0-8BauIKwg [Security_week] 每日安全动态推送(03-26) — 腾讯玄武实验室 http://mp.weixin.qq.com/s/5kFveW-irbXepB0X0Lkyhw [Security_week] 每日安全动态推送(03-27) — 腾讯玄武实验室 https://mp.weixin.qq.com/s/aTCBK5v31OHRPtcNrFVvqQ [Security_week] 国内外技术分享-2018.3.21 http://mp.weixin.qq.com/s/PGGdxoDiCWuZSmnaJz0pyQ [Security_week] 国内外技术分享-2018.3.22 http://mp.weixin.qq.com/s/0deq0ldqbW30Cqjy8GhH-w [Security_week] 国内外技术分享-2018.3.23 http://mp.weixin.qq.com/s/N-7XGyars0Od1yUpe6t5-Q [Security_week] 国内外技术分享-2018.3.26 http://mp.weixin.qq.com/s/eIJGm_-pGNnxKRJEiur5Vw [Security_week] 国内外技术分享-2018.3.27 https://mp.weixin.qq.com/s/chgyHBF_RK6dlaIfGaUXiA [Security_week] 看我如何发现Facebook密码重置漏洞获得$15000赏金(附POC)http://mp.weixin.qq.com/s/f6VoOM5fVxQbfFQlmUUZyQ [Security_week] 看我如何在Jive-n中发现了一个XXE漏洞 (CVE-2018-5758) http://mp.weixin.qq.com/s/5fAm6rLtNS5DyY0tjjBdFg [Security_week] Windows远程协助利用的一个严重漏洞(CVE-2018-0878) http://mp.weixin.qq.com/s/tiiyVM29PcOaqm-R9rEmTg [Security_week] Ledger硬件钱包漏洞,Red Team Tales 0×01: 从 MSSQL 到 RCE https://mp.weixin.qq.com/s/boVe7iGzQ2n8ZbXmGS3uwA [Security_week] Microsoft Excel CSV代码执行/注入方法;构建指挥与控制基础设施:C2K http://mp.weixin.qq.com/s/mhn00xnY_jfsMKldwwvqqw [Security_week] 网络安全的9个热门趋势和4个渐冷趋势 http://mp.weixin.qq.com/s/0WFD50NwQJAbm1n904eZLw [Security_week] 信安之路拓展秘籍 http://mp.weixin.qq.com/s/P820xN7v-vq1Jzqi6VZdUA 安全技能: [Security_technology] Hr-Papers|Nmap 渗透测试脚本指南 http://mp.weixin.qq.com/s/_Q4KWRNGUHfsrxW6Nhhq5Q [Security_technology] 手把手打造404页面隐藏后门 http://mp.weixin.qq.com/s/Gn8Go9z6anaxniRt1qp4HA [Security_technology] 由MetInfo 深入理解PHP变量覆盖漏洞 http://mp.weixin.qq.com/s/I7tEDv12e65KI93TCXN8Ug [Security_technology] 如何在3天内在Facebook上找到3个存储的XSS:俄罗斯gov上的apt攻击手法 https://mp.weixin.qq.com/s/8PeJlvSy4wbphp1AuHghBg [Security_technology] web狗的硬件研究路(环境搭建篇) http://mp.weixin.qq.com/s/VgtN9OBJ7lUiIubg00bv7w [Security_technology] bugkuctf_web_writeup(部分)–上 http://mp.weixin.qq.com/s/636UY_3NgJMfxl7e1EKkJw [Security_technology] bugkuctf_web_writeup(部分)–下 http://mp.weixin.qq.com/s/l7gHcM1Mxh6Ytfqxc-CTig [Security_technology] SQL和NoSQL注入原理剖析(上) http://mp.weixin.qq.com/s/LsqQo_04ROuf2_wLrBRRZQ [Security_technology] SQL和NoSQL注入原理剖析(下) http://mp.weixin.qq.com/s/aaLdXIbMu_WVq8E65OAQsQ [Security_technology] 全局SQL注入防御代码 http://mp.weixin.qq.com/s/TRd20PzlzXpyKMy_zMQL0A [Security_technology] SecOS渗透过程 http://mp.weixin.qq.com/s/l4rkkvlSxJziJT0aCUBguA [Security_technology] Toxy – 适用于弹性测试和模拟网络条件的黑客HTTP代理 https://mp.weixin.qq.com/s/JyLWXGLMo4xJ08zCKaUqPA [Security_technology] burp结合sqlmap进行后台登录框post注入 http://mp.weixin.qq.com/s/_sBvM_piKYFoB7TgBU0wCg [Security_technology] 小白都能看懂的JSON反序列化远程命令执行 http://mp.weixin.qq.com/s/J0hBzUDtOwaw7WA5dddsHg [Security_technology] 审计 tinyshop 中风险 http://mp.weixin.qq.com/s/tdyTY_x2AUYQAygHN15olA [Security_technology] F5做负载均衡时,如何通过修改cookie查找敏感信息 http://mp.weixin.qq.com/s/Bo579kZb9Ec0ILrFfX4zhA [Security_technology] 如何预防应用程序中的XSS漏洞 http://mp.weixin.qq.com/s/Z4aAbc62l7poeKNZDRtoJQ [Security_technology] HTTPS:从入门到熟悉 http://mp.weixin.qq.com/s/BArxl3TGwkXf7FqnW7OU2g [Security_technology] Python+字典,实现 WiFi 破解 http://mp.weixin.qq.com/s/nemT-kAUff1V3v351N7_uA [Security_technology] CSRF攻击与防御 http://mp.weixin.qq.com/s/_tgs0yN-Tvru1sDOhM_QVg [Security_technology] 看我如何绕过限制访问到Google内部管理系统(价值$13337) http://mp.weixin.qq.com/s/S4T-2ssrL0FSb3KrvXMEhQ [Security_technology] CTF实战:USV-2017全题解 http://mp.weixin.qq.com/s/CLWi98oKBpEmv4S7ekH0Og [Security_technology] 揭露某些所谓”大佬”不为人知的另一面 http://mp.weixin.qq.com/s/cRSJhhALlDX54stKj_kwoQ [Security_technology] APT32海莲花组织最新活动:老技术,新后门 http://mp.weixin.qq.com/s/r5AaOOGzWTrI82KH9BqYxQ [Security_technology] SSH隧道综合指南 http://mp.weixin.qq.com/s/lv0n7KnSlXb0qXkNkAEqrw [Security_technology] 路由器漏洞 EXP 开发实践 https://mp.weixin.qq.com/s/PcuX4ZpxlRRlmwvA9v42mA [Security_technology] kali下进行局域网断网攻击 http://mp.weixin.qq.com/s/NRNutHzP5hOkgbyJdT4tgQ [Security_technology] 渗透技巧——通过SAM数据库获得本地用户hash http://mp.weixin.qq.com/s/CIRUkIoONmp6MLVIeT1Dww [Security_technology] 记一次有趣的渗透测试 http://mp.weixin.qq.com/s/0ioymp55ohakUCjCI_lNog 资源与工具分享: [Security_tools] ARDT – Akamai反射式DDoS工具 http://mp.weixin.qq.com/s/xuy3YjbLGc3x3rlHcPKuqg [Security_tools] Powershell-RAT:基于Python的后门程序,w3af可扫描反序列化漏洞 http://mp.weixin.qq.com/s/DXH1mv8SkR-AbSJIK02BUw [Security_tools] InfernalWireless – 自动无线黑客工具 http://mp.weixin.qq.com/s/bBI3LUN0vvoAmljznXfRbw [Security_tools] windows下提权辅助工具 http://mp.weixin.qq.com/s/P6MuSSeoQhKYWdzN_6E7Ag [Security_tools] SmarTTY – 带SCP支持的多标签SSH客户端 http://mp.weixin.qq.com/s/WMFwU4shuqbWco_oIPXPAg [Security_tools] 爬虫代理搭建与批量安装 https://mp.weixin.qq.com/s/ZU7XK2dmUZbHoiV-qg9wtQ [Security_tools] 在线破解SNMP密码的多种方法 http://mp.weixin.qq.com/s/JIUjw_06nEGUr_SlD41Aaw [Security_tools] WPHunter:wp漏洞扫描器;Th3inspector:信息收集工具 http://mp.weixin.qq.com/s/HPLLoZEVlvdOHuwFWRGb1g [Security_tools] Loki – 简单的IOC和事件响应扫描器 http://mp.weixin.qq.com/s/WPBCHBNLNlWZDGNYEc_hAw [Security_tools] FristiLeaks渗透过程 http://mp.weixin.qq.com/s/0ioymp55ohakUCjCI_lNog [Security_tools] WPHunter:wp漏洞扫描器;Th3inspector:信息收集工具 http://mp.weixin.qq.com/s/HPLLoZEVlvdOHuwFWRGb1g [Security_tools] LiME – Linux内存提取器 http://mp.weixin.qq.com/s/QVlHjJmtfXu_fM5EXdSFDA [1] http://sec-redclub.com/usr/uploads/2017/07/945728869.jpg]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F31%2F</url>
<content type="text"><![CDATA[安全周刊(第31期) 安全动态: [Security_week] 每日攻防资讯汇总(03-14) https://mp.weixin.qq.com/s/NTcthz1bouFQvVlS9nSMVg [Security_week] CVE-2018-0907 | 微软Office Excel安全特性绕过 https://mp.weixin.qq.com/s/FZwgQJv4XS9A2V-70R3Rhg [Security_week] Samba CVE-2018-1050和CVE-2018-1057预警 https://mp.weixin.qq.com/s/9kEtvVFcAVqmGZ3k2Vg2Hg [Security_week] 新的挖矿攻击再次利用“永恒之蓝”漏洞感染服务器 https://mp.weixin.qq.com/s/BZkZRnWyXMFxosLCaeiziw [Security_week] 中国某军工企业被美、俄两国黑客攻击 https://mp.weixin.qq.com/s/FkhyBVYxjMemSN2fvWp2RA [Security_week] 阿里 8.6 亿美元再押 ofo,与摩拜合并再无可能? https://mp.weixin.qq.com/s/MT2BsGc33BMdDd6p4qzwsw [Security_week] CVE-2018-6376:Joomla!二阶SQL注入漏洞 https://mp.weixin.qq.com/s/IyFDWR9tL-ysAHTpPZ79Mw [Security_week] CVE-2018-0886:”MS-RDP 逻辑 RCE 漏洞” 初步解读 https://mp.weixin.qq.com/s/7tKZeY23otlNLk7tJv-lfQ [Security_week] 兜哥的信安之路 https://mp.weixin.qq.com/s/9GTwaNEvWSRBIkdVFtf8Hg 安全技能: [Security_technology] 任意用户密码重置(四):重置凭证未校验 https://mp.weixin.qq.com/s/NKDq53K2L9N0Ype19OTRLg [Security_technology] 从小白变RSA大神,附常用工具使用方法及CTF中RSA典型例题 https://mp.weixin.qq.com/s/aU3XDBOVbr-nt_FMfTHMGg [Security_technology] Chaos:Linux后门卷土重来 https://mp.weixin.qq.com/s/2phYAp4taA508BKpNxj_zQ [Security_technology] CTF Hackplayers 2018 WriteUp 之拿到Jax的权限 https://mp.weixin.qq.com/s/8GI7G5uFGbRMgULUnxmn-w [Security_technology] 逆向学习手记 https://mp.weixin.qq.com/s/YcQX1rR2Jto6YJzuqH8-DA [Security_technology] iOS安全基础之钥匙串与哈希 https://mp.weixin.qq.com/s/WWwG_02GvBlXZMMlFXF8GA [Security_technology] N1CTF2018 APFS&Lipstick题解 https://mp.weixin.qq.com/s/xL-Ec57DswEryUseajjFvQ [Security_technology] Docker容器构建过程的安全性分析 https://mp.weixin.qq.com/s/AFRk4clsm8wE2cLF6UI4fQ [Security_technology] zoomeye的简单使用(很恐怖的搜索引擎) https://mp.weixin.qq.com/s/9vdhotnVebwGuKN9QgfECg [Security_technology] 人见人爱的vDSO机制,如今也靠不住了 https://mp.weixin.qq.com/s/0e3XjZzqnoPoO3AWkdU77w [Security_technology] windows下安装docker(纠正报错)+加速下载kali镜像 https://mp.weixin.qq.com/s/12wylLU4ToXUG64yJcmTYA [Security_technology] 密码窃取软件AGENT TESLA的传播渠道分析 https://mp.weixin.qq.com/s/arirTZ7vau4kN29x2m1Ffw [Security_technology] 记一次有趣的渗透测试 https://mp.weixin.qq.com/s/w5Dl54oOA7-XYuSIrguy-w [Security_technology] 混在运维部的安全员说“端口与口令安全 https://mp.weixin.qq.com/s/eJiNOwS6OpYEg0D5SbMRPA [Security_technology] 深度解析密码破解程序 https://mp.weixin.qq.com/s/fdb8Qo0Z7pxhVYydUadVvA [Security_technology] 如何利用Webhooks绕过支付环节 https://mp.weixin.qq.com/s/p5joqegP1dbGtHsmS-3fRQ [Security_technology] PHP代码/命令注入小结 [https://mp.weixin.qq.com/s/e-qNJaXZh-t5H7AJEOBIAQ(https://mp.weixin.qq.com/s/e-qNJaXZh-t5H7AJEOBIAQ) [Security_technology] ring3层恶意代码实例汇总 https://mp.weixin.qq.com/s/wY3KnCewAw6WS5bNYlm-2Q [Security_technology] Java代码审计-铁人下载系统 https://mp.weixin.qq.com/s/8mmj-mixScgOKq7cL2_YcQ [Security_technology] 关于网络钓鱼的深入讨论 https://mp.weixin.qq.com/s/7Xnv84qtffSjWzRTn–uWA [Security_technology] 远程桌面协议 CredSSP 存在严重漏洞,影响所有版本的 Windows https://mp.weixin.qq.com/s/GGUMg8tlJuNB2asN9KLxZA 资源与工具分享: [Security_tools] Process-Forest-Window进程日志分析工具;python版的BloodHound https://mp.weixin.qq.com/s/XlyhJDM3MwTBzpWp83Mhsg [Security_tools] 《轻而易举-黑客攻防入门》扫描版[PDF] https://mp.weixin.qq.com/s/qTsW8engi0zBAp0pSaay8Q [Security_tools] 精讲php代码执行与命令执行漏洞 https://mp.weixin.qq.com/s/12hElUJv5PYwK2u19bcFtw [Security_tools] Powershell And Metasploit(上) https://mp.weixin.qq.com/s/UV25c70OfMqkkOD69Kzf1Q]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F30%2F</url>
<content type="text"><![CDATA[安全周刊(第30期) 安全动态: [Security_week] 每日安全动态推送(03-02) –腾讯玄武实验室 https://mp.weixin.qq.com/s/1iSUSofBZsG2mopjLYg4Ow [Security_week] CNNVD最新漏洞(03-02) –CNNVD安全动态 https://mp.weixin.qq.com/s/WmL5n33VTxkt1emK2Oxi4A [Security_week] 每日攻防资讯汇总(03-02) –天融信阿尔法实验室 https://mp.weixin.qq.com/s/zw28b5AzhljTnEedBnPMYw [Security_week] 工信领域本周(2月26日-3月4日)要闻回顾 –工信微报 https://mp.weixin.qq.com/s/YKyt5N1SG1k5zfZRh2E1zQ [Security_week] 政安信息安全资讯播报-2018年第8期 –政安信息安全研究中心 https://mp.weixin.qq.com/s/nybyb7zMMgD0oiYZq9QV1w [Security_week] 20180303-今日网络安全热点 –安全字典 https://mp.weixin.qq.com/s/WZoo3E8SYDnMkBGRYQlOrg [Security_week] GlobeImposter勒索病毒技术分析报告 https://mp.weixin.qq.com/s/83LzZOInKHX3bYEUIirtKw [Security_week] 苹果警告用户警惕钓鱼邮件 GitHub遭最严重DDoS攻击 https://mp.weixin.qq.com/s/4LZWnpL9uuwN4aCVEOtNdw [Security_week] 2018年中国金融科技发展现状研究—以爱财集团为例 https://mp.weixin.qq.com/s/Tn11KY4KsIGzOH5j5oqNWg [Security_week] 外媒:朝鲜超级黑客大国养成记 https://mp.weixin.qq.com/s/0tCL0FJCVOLQJ0Uq9PGfqg [Security_week] 德外交内政部门遭APT28入侵 https://mp.weixin.qq.com/s/0_XLx0RtJNYHhGv43XQ-1Q [Security_week] Adobe Acrobat Reader中存在远程代码注入漏洞 https://mp.weixin.qq.com/s/i_tuDQ8kw4Nwm_26qMkswg [Security_week] Github遭遇史上最大1.35 Tbps DDoS攻击 https://mp.weixin.qq.com/s/pNWF1PNmW6Le_179xFJoUQ [Security_week] 重谈入侵检测系统:已经落伍但必不可少 https://mp.weixin.qq.com/s/KaOdqIgjaEPO3jDGGVsu9Q [Security_week] 黑客成功侵入印度国有电信运营商内网 4.7万员工个人信息随意浏览 https://mp.weixin.qq.com/s/3_xSCJEsDf8qunLzBoCq0Q [Security_week] 十分钟看懂比特币,硅谷密探带来区块链最强音 https://mp.weixin.qq.com/s/WYepZUFQ3JxTzKDjE0tVOg [Security_week] 两会上区块链的无眠时分 https://mp.weixin.qq.com/s/-i9077FibVNpxGPDT6A5Xg [Security_week] 发现新4G漏洞:可盗取用户信息、位置甚至发出虚假警告 https://mp.weixin.qq.com/s/zfK2MIP2vKNPcWbxtQaNCg [Security_week] 解读:《网络安全法》在个人信息保护方面的指导意义 | 岂安低调分享 https://mp.weixin.qq.com/s/-Df0oYyt8oXmDQN_EpVdIA 安全技能: [Security_technology] 图片隐写破解及思路延伸,webug靶场实战 https://mp.weixin.qq.com/s/VWltD-X3O0kuTp2X-grKIA [Security_technology] FineCMS 漏洞不仅皮囊好看,灵魂更有趣 https://mp.weixin.qq.com/s/myNm8OOC020iDyx1O6tD7w [Security_technology] 路由器攻击:从嗅探PPPoE到隐蔽性后门 https://mp.weixin.qq.com/s/Dy2mbfMiCXbU9aSLQ3PrAA [Security_technology] SQL注入ByPass的一些小技巧 https://mp.weixin.qq.com/s/fSBZPkO0-HNYfLgmYWJKCg [Security_technology] Kali Linux下社工密码字典生成工具Cupp和Cewl教程 https://mp.weixin.qq.com/s/fqQX9MPayNg3XUQp-a2f1A [Security_technology] sqlmap被ban了ip怎么办 https://mp.weixin.qq.com/s/JDUYCy18-KPaLr8lZdcBfg [Security_technology] 杂谈区块链生态里的前端黑 https://mp.weixin.qq.com/s/d_4gUc3Ay_He4fintNXw6Q [Security_technology] Android物理按键监听以及恶意代码分析 https://mp.weixin.qq.com/s/rSYXqJzgPYWwP30wYTnKcg [Security_technology] web渗透实例之克市教育局web渗透—市OA系统 https://mp.weixin.qq.com/s/OcC9dY62bUVrexAp7lms-A [Security_technology] 使用Python和Tesseract来识别图形验证码 https://mp.weixin.qq.com/s/OmYdGaLDwvZ0iOJ9sbUskA 资源与工具分享: [Security_tools] 网络安全扫描平台 - Gryffin https://mp.weixin.qq.com/s/0o6HZ0LsZwYaj0bcVTvlkQ [Security_tools] 安卓端渗透工具DVHMA:自带漏洞的混合模式APP https://mp.weixin.qq.com/s/3gGM0O9j6N_zK9IinUu3DA [Security_tools] 诸神之眼nmap定制化之初识篇 https://mp.weixin.qq.com/s/VkltDc3yip-Lvc1-QfnuiA [Security_tools] 后门捆绑工具-shellter https://mp.weixin.qq.com/s/SPu6BN6shjdzkVsK-CjHbw [Security_tools] 分享一些小编收集的一些信息安全学习的PDF书籍 https://mp.weixin.qq.com/s/XebHMnAQTp8nU3KUMW4RLw [Security_tools] 五大开源OSINT工具介绍 https://mp.weixin.qq.com/s/IpAJ9ZT5v2FV_7dGie_1lQ [Security_tools] Exe2Image :EXE转JPEG格式小工具;ESD:子域名扫描工具 https://mp.weixin.qq.com/s/4EvFtOuN8EN5SJciverkaQ [Security_tools] Injectify:一款执行MiTM攻击的工具 https://mp.weixin.qq.com/s/t8-EglLZwpKno8goS1s9gw [Security_tools] Tunna:一款神奇的工具,它可以通过HTTP封装隧道通信任何TCP https://mp.weixin.qq.com/s/0k8gKO6Rjq8PtRt56Shcbg [Security_tools] Sn1per - 自动化渗透扫描工具 https://mp.weixin.qq.com/s/F2gQmeKiAvuJ7tYcRIlz0A [Security_tools] 区块链人才月薪飙到100k的学习清单 https://mp.weixin.qq.com/s/ahtG9ZH76sqgrsNzbuL0FQ [Security_tools] 爬虫基础篇[Web 漏洞扫描器] https://mp.weixin.qq.com/s/VGOfZoDxCNd2HB3tJ1rDxA [Security_tools] Droopescan - 基于CMS的插件化安全扫描器 https://mp.weixin.qq.com/s/tdbmJ4__L150Ss68LB_6wQ [Security_tools] Harpoon:一款实用威胁情报工具 https://mp.weixin.qq.com/s/bipLZBp4I8NUHzrLK32yZA]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F3%2F</url>
<content type="text"><![CDATA[title: 3date: 2018-1-16 19:05:18tags: 3 [Twitter]Top 47 Log Management Tools [Twitter]Security Information and Event Management (SIEM) – A Detailed Explanationhttps://www.peerlyst.com/posts/security-information-and-event-management-siem-a-detailed-explanation-balaji-n-1?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_resources [Twitter]Best Guide for Preparation of SIEM POC (Proof of Concept) http://resources.infosecinstitute.com/best-guide-for-preparation-of-siem-poc-proof-of-concept/ [Twitter]A little toolbox to play with Microsoft Kerberos in C https://github.com/gentilkiwi/kekeo [Twitter]Confide App used by White House staffers Found Vulnerable for MITM attacks https://gbhackers.com/confide-app-used-by-white-house-staffers-found-vulnerable-for-mitm-attacks/ [Twitter]Penetration testing Android Application checklist https://gbhackers.com/penetration-testing-android-application-checklist/ [Twitter]Python Requests and Burp Suite http://www.th3r3p0.com/random/python-requests-and-burp-suite.html [Twitter]AuthMatrix v0.6.2https://github.com/SecurityInnovation/AuthMatrix https://www.youtube.com/watch?v=pMXTmXUsEL8 [Twitter]XiomaraCTF 2017 – mint https://www.reversingcode.re/2017/03/10/xiomaractf-2017-mint/ Vulnerability Spotlight: R - PDF LoadEncoding Code Execution Vulnerability http://blog.talosintelligence.com/2017/03/r-pdf-vuln.html Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F29%2F</url>
<content type="text"><![CDATA[title: 29date: 2018-1-16 19:05:18tags: 29 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 信息安全漏洞周报(2018年第6期)–CNNVD安全动态 https://mp.weixin.qq.com/s/h0BTNFiaicv6O9NJah1cgg [Security_week] CNNVD最新漏洞(2018-02-11) –CNNVD安全动态 https://mp.weixin.qq.com/s/BHz7TAEU0KJVYaAGj5ZvRQ [Security_week] 20180212-今日网络安全热点 –CNNVD安全动态 https://mp.weixin.qq.com/s/6P-ow3e0GMPXa00w0xQfJg [Security_week] 每日安全动态推送(02-12) –腾讯玄武实验室 https://mp.weixin.qq.com/s/FaPvtXbh0cmLlNq7BwjPHQ [Security_week] 20180220 -今日网络安全热点 –安全字典 https://mp.weixin.qq.com/s/7R3eWhdDP-Qf-T8jM4asXA [Security_week] 每日安全动态推送(02-26)及春节合集.上(02-13—02-17) https://mp.weixin.qq.com/s/eMu4F6_Qbj3Fgvfj-giV4g [Security_week] Apache Tomcat绕过漏洞预警 https://mp.weixin.qq.com/s/hbva4kkRGFMC__i34fxukg [Security_week] CNNVD最新漏洞(2018-02-26) –CNNVD安全动态 https://mp.weixin.qq.com/s/fF1wRps6GD1SYOCAZQb_Pg [Security_week] 【国内外技术分享-2018.2.28】 –SAINTSEC https://mp.weixin.qq.com/s/PzGauWIHfZnCtj9jxx5DRA [Security_week] CNNVD最新漏洞(2018-02-28) –CNNVD安全动态 https://mp.weixin.qq.com/s/b6YS-6PVtQB8F4_zRa48gA 安全技能: [Security_technology] [Security_technology] TinyShop缓存文件获取WebShell之0day https://mp.weixin.qq.com/s/mZW4U3u1Cd9ycrJtWZ_2Hg [Security_technology] Adobe Flash零日漏洞(cve-2018-4878)在野攻击完全分析报告 https://mp.weixin.qq.com/s/-88BZHfMUixMqFaTHX0P0Q [Security_technology] 逆向必备工具分析小技巧 https://mp.weixin.qq.com/s/hIYli6T-e6zbdlvjFVkwcg [Security_technology] 打造属于自己的渗透神器 https://mp.weixin.qq.com/s/prcJJWUKW3-76k3MYtQiUA [Security_technology] 就一加手机支付漏洞讨论在线支付中的安全风险 https://mp.weixin.qq.com/s/_JbpHqy1CvcH3KLPDACQtA [Security_technology] 又一波神操作:横向渗透中的 SSH 劫持技巧 https://mp.weixin.qq.com/s/d_sCHqLcD-8MkSXJzjYxTg [Security_technology] Key的黑客日常:日了沙盒的表兄 https://mp.weixin.qq.com/s/1p65hKO9Ne7v2W9Po_rO1g [Security_technology] HackTheBox Writeup (上) https://mp.weixin.qq.com/s/JgW3-NRVCO8t_dAcgy8u3Q [Security_technology] 浅谈文件包含漏洞 https://mp.weixin.qq.com/s/0GfdES4P5IjJDxrkk9XhDw [Security_technology] Moctf-web题解 https://mp.weixin.qq.com/s/zUhS-Wr13qr8wYaWykRvuQ [Security_technology] CVE-2018-0802简单利用 https://mp.weixin.qq.com/s/Q0beRSGD12Q7w6_Jp_h80g [Security_technology] linux缓冲区溢出漏洞简介 https://mp.weixin.qq.com/s/-m8tLKcqC96IdPfx8PborA [Security_technology] 利用XSS维持网站后台权限 https://mp.weixin.qq.com/s/EBrdO-k0fbazlV_oRJOqMw [Security_technology] 技术解析 | Web缓存欺骗测试 https://mp.weixin.qq.com/s/Acl6Bzx7V1ntB1_zv3tOPw [Security_technology] CTF中RSA题型解题思路及技巧,附小白福利 https://mp.weixin.qq.com/s/vJ0WWQPzznT0tTJGBJ_eJA [Security_technology] 从漏洞复现到代码审计,深入学习csrf漏洞原理 https://mp.weixin.qq.com/s/ZJrpqmpZelKeUGQ78a2R6A [Security_technology] 突破封闭 Web 系统的技巧之正面冲锋 https://mp.weixin.qq.com/s/Fl0-5t3WPuWTjBT2u_Ay3A [Security_technology] writeup | 应该不是 XSS https://mp.weixin.qq.com/s/Pyl6XVdj0ti77uKQU5cmVg [Security_technology] 从代码讲常用文件上传漏洞原理分析 https://mp.weixin.qq.com/s/W8EvPPr-ZKN-weg1wCU0eg [Security_technology] Win提权思路,方法,工具(小总结) https://mp.weixin.qq.com/s/vewoJGM1j4m38XPhHX8ldw [Security_technology] *nux 提权思路,方法,工具(小总结) https://mp.weixin.qq.com/s/WAjJuLD8jLtL_GUcx_3z9g [Security_technology] Web Service 和 Web API渗透测试指南(一) https://mp.weixin.qq.com/s/Px5JO2IPjbHmDXlAp6gAvw [Security_technology] 渗透技巧——利用Masterkey离线导出Chrome浏览器中保存的密码 https://mp.weixin.qq.com/s/e4G4VqdxVOSjlgaXNPRUuQ [Security_technology] IAT 三连之什么是 IAT? https://mp.weixin.qq.com/s/NYL-9lOBoOXEJF1x3Lp4NA [Security_technology] MS14-058 提权演示 https://mp.weixin.qq.com/s/PyZakgPGnuWGPILwRVfcFw [Security_technology] 一个渗透实例 https://mp.weixin.qq.com/s/OK-mf_VK4Nrm0WaZ-1b_rA [Security_technology] 渗透技巧——获取Windows系统下DPAPI中的MasterKey https://mp.weixin.qq.com/s/yLRNJT2MUkTVF3wVc6Zbaw [Security_technology] shellcode快捷编写工具,可针对多种常见系统指令编写;POT:Twitter钓鱼,全自动模仿给好友发钓鱼链接 https://mp.weixin.qq.com/s/84v3i4xwXAty4Wsq4iBLzA 资源与工具分享: [Security_tools] [Security_tools] 一款好用的php webshell检测工具 https://mp.weixin.qq.com/s/cI486aDedi-rLtV8pii0IA [Security_tools] 新手Python黑客工具入门(续) https://mp.weixin.qq.com/s/nYNHPoOmNH4-8aZ2CTexgA [Security_tools] InterWorx 弱口令批量检测 https://mp.weixin.qq.com/s/59b-Wg3Umr_94WwwGEtN4A [Security_tools] Altdns:运用置换扫描技术的子域发现工具 https://mp.weixin.qq.com/s/_HQNSjfkuReygS2S1WcnIw [Security_tools] 端口ping检测工具 https://mp.weixin.qq.com/s/pQTQP1pwBKqg7tfOdWoigg [Security_tools] 轻松理解什么是 webshell https://mp.weixin.qq.com/s/x2Tw3ukaTFDJvZ0YCuZBog [Security_tools] 公开课 | web常见攻击之信息收集 https://mp.weixin.qq.com/s/005eguPJs4ZqRkg82NUzOA [Security_tools] 高效与争议并存:大规模自动化渗透工具AutoSploit https://mp.weixin.qq.com/s/X-1onhR4QUbmMm8V7AdF4A [Security_tools] Python 资源大全中文版 https://github.com/jobbole/awesome-python-cn [Security_tools] python算法教程 https://github.com/qiwsir/algorithm [Security_tools] python面试题之基础知识 https://github.com/taizilongxu/interview_python [Security_tools] AutoSploit–MSF自动化攻击脚本 https://github.com/RootUp/AutoSploit [Security_tools] 安全思维导图集合 https://github.com/SecWiki/sec-chart [Security_tools] MongoDB 渗透测试工具 https://github.com/stampery/mongoaudit]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F28%2F</url>
<content type="text"><![CDATA[title: 28date: 2018-1-16 19:05:18tags: 28 安全动态 安全技能 资源与工具分享安全动态: [Security_week] [Security_week] WordPress CMS平台存在严重的DoS 漏洞 几乎影响所有版本 https://mp.weixin.qq.com/s/I9dnrnnUUcygFV21mNA4Rw [Security_week] 流密码与RC4密码初认识 http://www.freebuf.com/articles/rookie/160891.html [Security_week] Google Project Zero 成员教你如何入门搞安全 https://zhuanlan.zhihu.com/p/33678187 [Security_week] ZZCMS v8.2 最新版SQL注入漏洞 https://mp.weixin.qq.com/s/Vc8wlt4rj42vYo9NB9KFxQ [Security_week] DTD 实体 XXE 浅析 https://mp.weixin.qq.com/s/vkCdz6YCoiiJPI30KePD6g [Security_week] CNNVD最新漏洞(2018-02-08) https://mp.weixin.qq.com/s/MbQe67gAJh_4YatldVB8jg 安全技能: Security_technologyPHPMailer任意文件读取 https://mp.weixin.qq.com/s/q6t-zdbOue6aQ8yURRFIzQ [Security_technology] FreeFloat FTP1.0 溢出漏洞分析 https://mp.weixin.qq.com/s/MSaEbeNN0zbrNY50_30FRQ [Security_technology] 渗透测试 — VulnHub –CTF FristiLeaks v1.3 https://mp.weixin.qq.com/s/vroN1CKPjf2x033E0e43vg [Security_technology] 利用macOS时间戳溯源攻击行为 https://mp.weixin.qq.com/s/TW56QKPCCZIJFhIEt0f0xg [Security_technology] Apache ActiveMQ Artemis 反序列化—【CVE-2016-4978】 https://xianzhi.aliyun.com/forum/topic/2015 [Security_technology] 加固 C/C++ 程序 https://mp.weixin.qq.com/s/K7QiPPTpYIhEFk-BD2LYaA [Security_technology] 从一道高质量的ctf题中看渗透测试 https://www.anquanke.com/post/id/97567 [Security_technology] 基于机器学习的 Webshell 发现技术探索 https://mp.weixin.qq.com/s/5wJbvuG0IUOX4jdFtYNnkg [Security_technology] 从 Ajax 聊一聊 Jsonp 点击劫持 https://mp.weixin.qq.com/s/0rTTpt0GtBDgdjVl0dDl8Q [Security_technology] 渗透测试之cisco路由器在渗透中的利用 https://mp.weixin.qq.com/s/9_n_TdkeREdbLkfpldrRtA [Security_technology] Metasploitable2 漏洞评估详解 https://mp.weixin.qq.com/s/ueTT8-DLgTJ-WVjf-7PRlg [Security_technology] 思科ASA安全设备远程代码执行和拒绝服务漏洞(CVE-2018-0101)预警更新 https://mp.weixin.qq.com/s/62Mwyr-O6CfC1VN7N8scxw [Security_technology] CTF逆向–.NET与Python篇 https://mp.weixin.qq.com/s/Rs7opbwM2qp38QpQXREYfA [Security_technology] 挖洞经验之代理不当日进内网 https://mp.weixin.qq.com/s/EtUmfMxxJjYNl7nIOKkRmA [Security_technology] 任意用户密码重置(三):用户混淆 https://mp.weixin.qq.com/s/zU69T_L3q14LJ8bjnvT6Dw [Security_technology] HITCTF2018-web全题解 https://mp.weixin.qq.com/s/K9XYMAazQ3vwv2L8yFtx1w [Security_technology] 4道与CVE结合web题目 https://mp.weixin.qq.com/s/eAgw1ABhi_fZXuYLuZF3Nw [Security_technology] 三道有趣的web题 https://mp.weixin.qq.com/s/xs7jTrRRzkt4dZ5grcYHnQ [Security_technology] CTF逆向题——IgniteMe https://mp.weixin.qq.com/s/rleXE3xD4nZrTpvgi4uEKQ [Security_technology] 汇编指令级混淆器的实现 https://mp.weixin.qq.com/s/dONVbZ4v4cbwpLd3qve2Cw [Security_technology] BurpSuite基于SS抓取流量 https://mp.weixin.qq.com/s/4R9NDYM3WhlhBKo9WiBCdA 资源与工具分享: [Security_tools] 漏洞银行技能书 https://skills.bugbank.cn/ [Security_tools] MS17-010攻击脚本与开发模块 https://github.com/rapid7/metasploit-framework/pull/9473 [Security_tools] 华盟网:2017年最优秀黑客工具大合集 https://www.77169.com/html/194249.html [Security_tools] Linux SSH密码暴力破解技术及攻击实战 http://blog.51cto.com/simeon/2066269?wx= [Security_tools] CNNVD最新漏洞(2018-02-07) https://mp.weixin.qq.com/s/rk9tShKhFOUGM-7hBeGMKQ [Security_tools] CNNVD最新漏洞(2018-02-06) https://mp.weixin.qq.com/s/_fu90lXZF-kB6p_1Ex47EQ [Security_tools] 新手Python黑客工具入门 https://mp.weixin.qq.com/s/ZiqBUop9nLTCmxIDlrXqdA [Security_tools] pentestdb 架构详解 https://mp.weixin.qq.com/s/b4cpUQf5K9oz2b3ka6dNgQ [Security_tools] 工具| PocSuite 使用介绍 https://mp.weixin.qq.com/s/uTGff7wZI2-2e2vXp_OQvA]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F27%2F</url>
<content type="text"><![CDATA[title: 27date: 2018-1-16 19:05:18tags: 27 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 利用DNS隧道通信木马 https://mp.weixin.qq.com/s/OBudKq470e0Hp-p6_njWmg [Security_week] 火狐浏览器出现严重远程代码执行漏洞,现已修复 http://www.freebuf.com/news/161924.html [Security_week] [Security_week] 帝友p2p借贷系统V4.1存在SQL注入漏洞 http://www.cnvd.org.cn/flaw/show/CNVD-2018-00125 [Security_week] DTD 实体 XXE 浅析 https://mp.weixin.qq.com/s/vkCdz6YCoiiJPI30KePD6g 安全技能: [Security_technology] 渗透测试案例入门到精通 https://mp.weixin.qq.com/s/mShMbG97cYI1V6Udlp3ebw [Security_technology] 挖洞技巧:信息泄露之总结 https://mp.weixin.qq.com/s/FMp5OSB4We6QqCMcieTxSg [Security_technology] CTF逆向——常规逆向篇(上) https://mp.weixin.qq.com/s/_3S3yA9am3CIdW0VSvPWiw [Security_technology] CTF逆向——常规逆向篇(下) https://mp.weixin.qq.com/s/BGXjnNWdLFmkd4ix6DNORw [Security_technology] 渗透测试向导—子域名枚举技术 https://zhuanlan.zhihu.com/p/31160156 [Security_technology] Smarty <= 3.1.32 PHP代码执行漏洞分析—【CVE-2017-1000480】 https://xianzhi.aliyun.com/forum/topic/1983 [Security_technology] Oracle常用经典SQL查询(一) https://mp.weixin.qq.com/s/grFsNxrACx0OMa-VHQStLg [Security_technology] DEDECMS漏洞集合 https://mp.weixin.qq.com/s/xC7hVVqtXdyirrb-rBH9TA [Security_technology] 被忽视的隐患-CSRF漏洞攻防实例分析 https://mp.weixin.qq.com/s/MNka3vpBX_Eph-3x8GW6sg [Security_technology] 新手科普 | MySQL手工注入之基本注入流程 https://mp.weixin.qq.com/s/UJptc2eru9uqCIm0dKsnGw [Security_technology] DnsLog的改造和自动化调用 http://www.polaris-lab.com/index.php/archives/423/ [Security_technology] 站在 java 的角度探讨 SQL 注入原理 https://mp.weixin.qq.com/s/6WqnBgmmM4mFoke1s2z-VA [Security_technology] 渗透技巧——导出Chrome浏览器中保存的密码 https://mp.weixin.qq.com/s/43AfEiaVFMw5Gj56FyepEg [Security_technology] 内含EXP | 华硕路由器曝远程代码执行漏洞! https://mp.weixin.qq.com/s/To797Cr46hMOsVDAeAve-g [Security_technology] 工具| sqlmap payload修改之路 https://mp.weixin.qq.com/s/tAVkI981dIfhdMLcqkCKAA [Security_technology] 如何通过Earthworm做Socks5代理进行内网渗透 https://mp.weixin.qq.com/s/VBiwJmpfIcRpdhwwWt2Ciw [Security_technology] PHP漏洞函数总结 https://mp.weixin.qq.com/s/ABMaZVQihRaDYWfLVtw5zA [Security_technology] 记一次审计 xiaocms 的过程 https://mp.weixin.qq.com/s/1G6q7Mk5aQL_9yZ6t58_nA [Security_technology] 一种简单的Android全局注入方案 https://mp.weixin.qq.com/s/6DEqXARPDpAleuAcLypfkw [Security_technology] WordPress插件YITH WooCommerce Wishlist SQL注入漏洞 http://www.freebuf.com/articles/web/160657.html [Security_technology] 谁动了我的金矿:深扒黑产挖矿进阶之路 http://suo.im/22PWpp [Security_technology] DedeCMS最新版(20180109)任意用户密码修改漏洞分析 https://blog.formsec.cn/2018/01/11/DedeCMS-password-reset/ [Security_technology] DSmall多用户商城系统存在SQL注入漏洞 http://www.cnvd.org.cn/flaw/show/CNVD-2018-00128 [Security_technology] PHP常见漏洞与代码审计 https://mp.weixin.qq.com/s/VxHUHpQjlDH2sjXYlENtDA [Security_technology] 07V8第23篇技术分享|挖洞技巧:信息收集 https://mp.weixin.qq.com/s/IG8wLrMsbJyVagSQCa5LaA [Security_technology] 疑似蔓灵花APT团伙钓鱼邮件攻击分析 https://www.anquanke.com/post/id/96375 [Security_technology] redis未授权访问漏洞利用总结 http://p0sec.net/index.php/archives/69/ [Security_technology] CVE-2017-8570首次公开的野外样本及漏洞分析 https://mp.weixin.qq.com/s/dMqovzZ70SJgdnfAZtcZMg [Security_technology] 通过x64分页机制的PTE Space实现内核漏洞利用 https://mp.weixin.qq.com/s/Th2YVmGcMcdEn4_FalmW8w [Security_technology] 仰望PHPSHE1.5漏洞 https://mp.weixin.qq.com/s/UedDZFAo-W4mZUXT0wZAMg [Security_technology] What?利用获取IP方式,进行SQL注入攻击 https://mp.weixin.qq.com/s/LdDwoeE9mk8E_d1GrCh9gA [Security_technology] XSS的各种用途(窃取用户cookie、界面劫持……) https://shimo.im/docs/qigwCWLpvHgBgZFa/ [Security_technology] 7-Zip:RAR和ZIP的多个内存损坏漏洞 https://mp.weixin.qq.com/s/jPPTBx-iuOwprhyeni9JWg [Security_technology] 利用HTTP host头攻击的技术 https://mp.weixin.qq.com/s/oW06LbgLOmtz0CRgnuw0aw [Security_technology] 通过CVE-2017-17215学习路由器漏洞分析,从入坑到放弃 http://www.freebuf.com/vuls/160040.html [Security_technology] CVE-2018-5711:一张GIF图片就能让服务器宕机的PHP漏洞 https://mp.weixin.qq.com/s/3ouUP_S23q1tTXU_lKJDSA [Security_technology] 【原创】某PHP加密文件调试解密过程 https://mp.weixin.qq.com/s/NeMHgkXrdWNFiOBRm0lFqQ [Security_technology] 深入研究的套路之黑客与区块链 https://mp.weixin.qq.com/s/7F2-eLqIdSiNIHHJDzkwcg [Security_technology] 域信任机制的攻击技术指南(六) http://www.4hou.com/system/10211.html [Security_technology] CVE-2018-5711:一张GIF图片就能让服务器宕机的PHP漏洞 https://mp.weixin.qq.com/s/ZWLqZ0V9zYRWrAR5WdPuBQ [Security_technology] Windows 提权命令指南 https://mp.weixin.qq.com/s/oDKh2gyjH_zudhMW-Xd9Iw [Security_technology] HPMailer 命令执行漏洞(CVE-2016-10033)分析 http://blog.csdn.net/wyvbboy/article/details/53969278 [Security_technology] 4道与CVE结合web题目 https://mp.weixin.qq.com/s/eAgw1ABhi_fZXuYLuZF3Nw [Security_technology] Web安全 – 逻辑漏洞小谈 https://mp.weixin.qq.com/s/qG0ELSi5zVTi9YRhN1UmGQ [Security_technology] CrossRAT-一款新型的跨平台间谍软件 http://www.freebuf.com/news/161852.html [Security_technology] 湖湘杯2017 PWN 200格式化字符串漏洞详细WriteUp https://mp.weixin.qq.com/s/4XKZ4vGl7HK3mMkH7HQV0g 资源与工具分享: [Security_tools] python学习总结 http://suo.im/AV3Nt [Security_tools] Invoke-Obfuscation- Powershell编码与混淆框架 https://mp.weixin.qq.com/s/Yy375akNrYLe3jWDjrKofw [Security_tools] Oracle常用经典SQL查询(一) https://mp.weixin.qq.com/s/grFsNxrACx0OMa-VHQStLg [Security_tools] Oracle常用经典SQL查询(二) https://mp.weixin.qq.com/s/u4yV5HMTncZv1KddWvLguw]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F26%2F</url>
<content type="text"><![CDATA[title: 26date: 2018-1-16 19:05:18tags: 26 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 中国首个区块链标准《区块链参考架构》发布(附完整版PPT) https://mp.weixin.qq.com/s/qXLFLiKWqGumQPJRr_XG6g [Security_week] 【企业安全】企业安全架构建设 https://mp.weixin.qq.com/s/okBcP4OvXLOCzhYkwHbA5g [Security_week] 为了让每个人安心上网,蚂蚁金服喊上整个安全圈搞了一件大事 https://www.anquanke.com/post/id/95452 [Security_week] 运营商劫持系列1–疯狂的支付包红包 http://suo.im/1hhk4x [Security_week] 【企业安全】企业安全威胁简述 https://mp.weixin.qq.com/s/rBUVmQOlHljkdDNK4Nx9RA [Security_week] 360企业安全培训中心招聘 https://mp.weixin.qq.com/s/A1JFNO4K1dVQUttdVkeanQ [Security_week] 大数据安全保护思考 http://www.freebuf.com/articles/database/160564.html [Security_week] 一个干掉所有“暴雪游戏”的漏洞,暴雪玩家小心了! https://mp.weixin.qq.com/s/VNYceTi4A-WV-c84SdE8oA 安全技能: [Security_technology] 一步一步带你体验 openvas https://mp.weixin.qq.com/s/6kS5_tnfhkQoFR1q3WGjHg [Security_technology] NFTP缓冲区溢出漏洞 https://mp.weixin.qq.com/s/gbHuDPWSgGtKSZI17nEvbw [Security_technology] 常见信息泄露 https://mp.weixin.qq.com/s/hp8DS5v_0_ryITiXNiPiAQ [Security_technology] WannaDie 勒索病毒 详细分析 https://mp.weixin.qq.com/s/akTIYa4EKaqZnQwGjLHyMg [Security_technology] CVE-2017-11882漏洞复现和利用 https://mp.weixin.qq.com/s/OXt8DUzoU9RnTcP7cGxDYQ [Security_technology] JS敏感信息泄露 https://mp.weixin.qq.com/s/vUtAGc4jEM-zkQrMy1AREQ [Security_technology] 应用克隆,从支付宝自动领红包链接谈起 https://mp.weixin.qq.com/s/fCX2ltpmei9R6MzTZV0vmQ [Security_technology] 【视频】| 手机克隆攻击方法揭秘 https://mp.weixin.qq.com/s/14pKfbhpDuUmixaa3igxXQ [Security_technology] 赛博地球杯初赛第三名,ChaMd5安全团队的writeup http://suo.im/3XIynv](http://suo.im/3XIynv) [Security_technology] 用汇编语言(ARM 32位)编写TCP Bind Shell的菜鸟教程 https://mp.weixin.qq.com/s/qgHucaovSlYUbJDRRcKQ9A [Security_technology] 对TRITON工业恶意软件的分析(上) https://www.anquanke.com/post/id/95198 [Security_technology] 对TRITON工业恶意软件的分析(下) https://www.anquanke.com/post/id/95355 [Security_technology] PHPInfo()信息泄漏 https://mp.weixin.qq.com/s/az2XwmlmPz18vKgJrc8GHA [Security_technology] 记一次内网渗透【一】【持续更新中】 https://mp.weixin.qq.com/s/6a46ZGdsL4rQayhv659iHw [Security_technology] [石破天惊」新思路:一键从ssrf到getshell https://mp.weixin.qq.com/s/aVg_HPAD6YchAZyOSGLYJw [Security_technology] WPA2 “KRACK” 漏洞简介与重现 https://mp.weixin.qq.com/s/Euz4tnKIS7CAISGWUzva9w [Security_technology] 浅谈Metasploit框架中的Payload http://www.4hou.com/technology/10063.html [Security_technology] tenda某路由器信息泄露查找技术详解 https://mp.weixin.qq.com/s/QPdJN8PIT7WD5NXR3RoUzw [Security_technology] 一个二进制POC的诞生之旅CVE-2018-0802 https://mp.weixin.qq.com/s/_hWP3eprVq57jUKNFFnHPQ [Security_technology] 实战教程:用Burpsuite测试移动应用程序 http://www.4hou.com/penetration/8965.html [Security_technology] 记一次挖掘存储型XSS漏洞过程 http://www.secist.com/archives/5388.html [Security_technology] 常见进程注入的实现及内存dump分析——反射式DLL注入(上) https://mp.weixin.qq.com/s/biy0wiXOA851DdEfupdMlQ [Security_technology] 渗透测试自动化:使用NTLM中继和Deathstar获取域管理员权限 http://www.freebuf.com/sectool/160884.html [Security_technology] MITM6:用IPv6攻陷IPv4网络的工具 https://mp.weixin.qq.com/s/K_jqZjmkuK8aBt5dSZY-MA [Security_technology] 数据库配置信息安全问题 https://mp.weixin.qq.com/s/WQmfTLXitq3NJn_JqLQs-Q [Security_technology] 【动手实验】NFTP缓冲区溢出漏洞 https://mp.weixin.qq.com/s/gbHuDPWSgGtKSZI17nEvbw [Security_technology] 自建搜索引擎:一个专门服务于安全圈的工具 http://www.4hou.com/technology/9868.html 资源与工具分享: [Security_tools] 榜单 | 2018年最流行安卓黑客工具集萃 http://suo.im/qIkrG [Security_tools] 强大的安卓监控软件Skygofree横空出世 https://www.anquanke.com/post/id/95143 [Security_tools] 卫星系统——酒店后端全链路日志收集工具介绍 https://tech.meituan.com/satellite_system.html [Security_tools] 这些堪称神器的Chrome插件,提升效率不止10倍 https://mp.weixin.qq.com/s/D_e7piHfiF9JCXWZHxR7RQ [Security_tools] 制作漏洞复现环境(含Docker操作) https://wx.zsxq.com/dweb/# [Security_tools] 2017滴滴安全大会讲师PPT https://pan.baidu.com/s/1miVJ3nE]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F25%2F</url>
<content type="text"><![CDATA[title: 25date: 2018-1-16 19:05:18tags: 25 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 如何成为一名web安全专家http://t.cn/R8zi5t1 [Security_week] CoffeeMiner:劫持WiFi网络接入设备进行“挖矿”的框架https://mp.weixin.qq.com/s/ifZFhgMLCxAQICU4A38O1A [Security_week] 因为两个漏洞,雅虎所有用户通讯录暴露https://paper.tuisec.win/detail/cd9a1ce85c37f6d [Security_week] 无线网络将会更安全,Wi-Fi联盟正式引入WPA3新加密规范https://mp.weixin.qq.com/s/uvUamfhLJOKjwfLWrRMBSw [Security_week] 脉搏简报| 挖洞技巧与区块链技术 https://mp.weixin.qq.com/s/m16vel4R0bREU1epqKnazg[Security_week] 年度盘点 | 安全测试者偏爱的安全测试工具http://www.freebuf.com/sectool/159428.html?from=timeline [Security_week] 漏洞预警|Winmail 6.2远程代码执行漏洞http://t.cn/R8zazOT [Security_week] ImageMagick信息泄露漏洞CVE-2018-5357http://t.cn/R8za2yH [Security_week] 偷盗的艺术:Satori变种正在通过替换钱包地址盗取加密货币https://www.anquanke.com/post/id/95167 [Security_week] 威胁猎人丨人脸识别下的雾霾:过脸产业https://www.anquanke.com/post/id/95392 [Security_week] SAP爆出内核身份验证绕过漏洞CVE-2018-2360 可执行未授权操作http://toutiao.secjia.com/cve-2018-2360 [Security_week] IT运维者快读 | 微软安全补丁通告1月 59个漏洞重点7个远程代码执行http://toutiao.secjia.com/ms-security-patch-notification-201801 安全技能: [Security_technology] linux下反弹shell命令http://t.cn/R8zip76 [Security_technology] 透过F5获取服务器真实内网IP技巧http://t.cn/R8ziehN [Security_technology] 基于代理IP的挖掘与分析http://t.cn/R8z6hWr [Security_technology] 实战拿下某技校网站与服务器https://mp.weixin.qq.com/s/9w3_qW72b3KIJEfLhMiF9Q [Security_technology] 再不学点现代密码,CTF就Hold不住啦!http://t.cn/R8z6c4I [Security_technology] 如何通过Earthworm做Socks5代理进行内网渗透https://mp.weixin.qq.com/s/VBiwJmpfIcRpdhwwWt2Ciw [Security_technology] 病毒分析实战篇–远控病毒分析https://mp.weixin.qq.com/s/bGTu4OXw9BcP36a-u3b3yw [Security_technology] Misc 总结 —-流量分析 TCP协议的认识https://paper.tuisec.win/detail/02e249afd4ff6cf [Security_technology] macOS漏洞导致本地管理员可以使用任何密码解锁App Store系统设置https://mp.weixin.qq.com/s/WZy0hqrZCULLBha0FUUNSg [Security_technology] Apache Log4j 反序列化分析—【CVE-2017-5645】https://mp.weixin.qq.com/s/1tgO3ESSeO3XI13mt208cw [Security_technology] dedecms修改前台用户密码漏洞分析https://mp.weixin.qq.com/s/v2HzDSi-6IvwSDiD_5Z7Dw [Security_technology] 挖洞技巧:绕过短信&邮箱轰炸限制以及后续https://mp.weixin.qq.com/s/5OSLC2GOeYere9_lT2RwHw [Security_technology] 针对平昌冬奥会的恶意软件攻击分析https://mp.weixin.qq.com/s/DS6HlC4XCDqxWi4BKZb_qg [Security_technology] 文件上传漏洞https://mp.weixin.qq.com/s/ik9LUKt5j5n7FeUum0i3Iw [Security_technology] 经验分享 | XSS手工利用方式https://mp.weixin.qq.com/s/Qz1hwowmsJEr-9SsRZta6g [Security_technology] 对某开源免费电商公司网站的渗透https://mp.weixin.qq.com/s/uNgpWE9uE53DBYwlnkj96w [Security_technology] PowerStager工具分析https://mp.weixin.qq.com/s/TGIa2_YscCu9NJXZCfH7gg [Security_technology] 常见Web源码泄露总结https://mp.weixin.qq.com/s/mdJKM_Ynqmcbw-HMxlL6sQ [Security_technology] MySQL注入检测http://t.cn/R8zSZNA [Security_technology] 文件包含漏洞https://mp.weixin.qq.com/s/iwXxeMP8Zr1VknBzoVCXoQ [Security_technology] Apple Webkit漏洞分析—【CVE-2017-13791】https://paper.tuisec.win/detail/d7e2de04166ee14 [Security_technology] WAF绕过技巧浅谈https://mp.weixin.qq.com/s/MYnQvmyiynQxTmlKCg6_4g [Security_technology] 目录遍历漏洞https://mp.weixin.qq.com/s/Y3MO-vTD9b51vbDFX038xQ [Security_technology] 常见 Web 安全攻防总结http://www.danding.net/2018/01/ [Security_technology] DEDECMS 任意重置管理员密码https://xianzhi.aliyun.com/forum/topic/1959?from=groupmessage [Security_technology] 看我如何破解加密PDFhttps://mp.weixin.qq.com/s/BZOvpT_TfX9a-UEVDI6xdA [Security_technology] 挖洞技巧:信息泄露之总结https://www.anquanke.com/post/id/94787 [Security_technology] sql注入指南之常见数据库测试总结 heatlevelhttps://bbs.ichunqiu.com/thread-32579-1-1.html [Security_technology] 黑客修仙之道之pentest wiki 下https://bbs.ichunqiu.com/thread-32264-1-1.html [Security_technology] 记一次Blind SSRF发掘和利用https://bbs.ichunqiu.com/thread-32557-1-1.html [Security_technology] 还在用kali?No!可以干掉kali的Parrot OS!https://bbs.ichunqiu.com/thread-32331-1-1.html [Security_technology] 【游戏漏洞】基于CE的AutoAssemble LUA注入https://mp.weixin.qq.com/s/IP-QyifAIn0L43d61i8sOQ [Security_technology] 送你们几个字!对!就是MACCMS注入!https://mp.weixin.qq.com/s/kCXRZfsNzFqt94dxqku71w [Security_technology] 74cms v4.2.3前台任意文件读取https://mp.weixin.qq.com/s/TnS8f8B1ntC3qvd4noc7nA [Security_technology] 通过POC来学习漏洞的原理https://mp.weixin.qq.com/s/ogFLjUpd2HU60raUxGNWhg [Security_technology] Window api(一)https://mp.weixin.qq.com/s/IiTytdTvJW_XLPJQUmYbqA [Security_technology] 黑客游戏| Owasp juice shop 终极篇https://mp.weixin.qq.com/s/Kdv1eWe5wAJnLfkoorFO2w [Security_technology] 渗透测试技巧之一个XSS引发的漏洞利用与思考https://mp.weixin.qq.com/s/9q4j4VSO86nKRBds37NeXw 资源与工具分享: [Security_tools] Python工具分析风险数据https://paper.tuisec.win/detail/2eed81a7edc26b9 [Security_tools] 子域名爆破后的资产验活工具https://github.com/ChrisTruncer/EyeWitnesshttps://bitbucket.org/LaNMaSteR53/peepingtom [Security_tools] DVAR:路由器漏洞靶场https://paper.tuisec.win/detail/6b789a97ea9b71e [Security_tools] 计算机专用英语词汇1500词http://view.zsxq.com/view/5a6cbf2bbbcb112264edc7e9 [Security_tools] 移动端开源安全测试工具合集https://mp.weixin.qq.com/s/QPOFov25SL8xTUQcBz65RA [Security_tools] 百度网盘不限速下载器 2017年12月21日发布https://github.com/high-speed-downloader/high-speed-downloader [Security_tools] 渗透测试流程图http://view.zsxq.com/view/5a6cc106bbcb112264edc7fe [Security_tools] CISP-PTE白皮书http://view.zsxq.com/view/5a6cc12cbbcb112264edc800]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F24%2F</url>
<content type="text"><![CDATA[title: 24date: 2018-1-16 19:05:18tags: 24 安全动态 安全技能 资源与工具分享安全动态: [Security_week] GPS 追踪服务存在漏洞,用户隐私易泄露https://mp.weixin.qq.com/s/GfUbiv5XJG0-vQL06meq7Q [Security_week] 淘宝开了一家大型网上“赌场”,无数人深陷其中家破人亡,但却合法!https://mp.weixin.qq.com/s/WVtLzBU4qvtlSPIo4sfQLw [Security_week] Intel CPU 漏洞通俗解答https://mp.weixin.qq.com/s/MVtQOO6eYyY7lIBrX1Hw0g [Security_week] 西部数据My Cloud NAS自带后门:用户任由宰割http://t.cn/RQTrEAX [Security_week] 常规WEB渗透测试漏洞描述及修复http://t.cn/RQHhX34 [Security_week] 腾讯安全玄武实验室发现“应用克隆”攻击模型 过半应用或需重新设计http://t.cn/RQzRQvo [Security_week] 2017全球僵尸网络DDoS攻击威胁态势报告http://t.cn/RQ7c5fR [Security_week] 企业安全建设—模块化蜜罐平台的设计思路与想法http://t.cn/RQRfO4H [Security_week] SAP爆出内核身份验证绕过漏洞CVE-2018-2360 可执行未授权操作http://toutiao.secjia.com/cve-2018-2360 [Security_week] 通往CISSP成功之路http://t.cn/RQRxioB 安全技能: [Security_technology] 使用MSBuild.exe绕过白名单https://mp.weixin.qq.com/s/oUfZkVzcCf_ikXjK_LUXTQ [Security_technology] 新手白帽教程-webshell命令执行http://t.cn/RQTyOYt [Security_technology] 批量挖SRC漏洞的一种打开方式http://www.freebuf.com/articles/es/158882.html [Security_technology] 记一次JS木马分析https://mp.weixin.qq.com/s/omIBTqqYj8DNh3m5ndBMnA [Security_technology] 如何进行一次完整的 SSLStrip 攻击https://www.jianshu.com/p/983d43b4ba1e [Security_technology] NC工具的使用说明教程http://blog.csdn.net/xysoul/article/details/52270149 [Security_technology] Inndy的Hack Game攻略(WEB篇)http://www.freebuf.com/articles/web/158885.html [Security_technology] 真实网站劫持案例分析http://www.freebuf.com/articles/web/153788.html# [Security_technology] 看我如何在无法导出一句话的情况下获取webshellhttps://mp.weixin.qq.com/s/MJMwmh3UIwJnp_bVGNBMxg [Security_technology] 利用打印机窃取目标系统哈希值http://www.freebuf.com/articles/system/158935.html [Security_technology] 网站IIS7.5解析漏洞利用实例演示https://www.exehack.net/144.html [Security_technology] 针对国内一大厂的后渗透 - 持续http://payloads.online/archivers/2017-12-28/1 [Security_technology] Android逆向之旅—Android中分析某短视频的数据请求加密协议(IDA静态分析SO)第三篇http://t.cn/RQTdiiu [Security_technology] 骚姿势破解后台管理员密码http://t.cn/RQHh2aE [Security_technology] 一杯咖啡“造就“”的挖矿模式https://mp.weixin.qq.com/s/gRF0Ab8cHVb0DuIcrEyL_A [Security_technology] 任鸟飞谈逆向—-FALSH游戏解密https://mp.weixin.qq.com/s/aROGX8Iw_zLpSFukgIWSMA [Security_technology] 域信任机制的攻击技术指南Part.1http://www.4hou.com/technology/9796.html [Security_technology] 文件上传姿势整理 实战篇http://t.cn/RQRVDVj [Security_technology] 深度 - Java 反序列化 Payload 之 JRE8u20http://t.cn/RQRfGjh [Security_technology] 反序列化的花式利用http://t.cn/RQcsM40 [Security_technology] 老牌工具 PsExec 一个琐碎的细节http://t.cn/RQwwOtx [Security_technology] 以D-Link为例教你如何挖掘漏洞https://www.anquanke.com/post/id/94196 [Security_technology] 分享几个绕过URL跳转限制的思路https://www.anquanke.com/post/id/94377 [Security_technology] Termite使用指南http://t.cn/RQRx8HW [Security_technology] JYMUSIC 1.x 版本 前台getshellhttp://t.cn/RQRXMbt [Security_technology] 无线渗透之——wep实战破解http://t.cn/RQRXrKn [Security_technology] XXE攻击指南http://t.cn/RQRXs19 [Security_technology] 记一次通过某软件的查询接口获取MM信息https://mp.weixin.qq.com/s/eDWx8ium61vPnYKRwEqF2Q 资源与工具分享: [Security_tools] 最全面的常用正则表达式大全http://t.cn/RQTUfJs [Security_tools] 专为渗透测试人员设计的 Python 工具大合集https://mp.weixin.qq.com/s/EY6TyK_AH60ikJpwvpUtRQ [Security_tools] 开源工具Zeus-Scanner宙斯扫描器http://www.freebuf.com/sectool/158355.html [Security_tools] 服务器安防工具http://t.cn/RQT3J1v [Security_tools] Fsociety 黑客工具包 – 一个渗透测试框架https://open.appscan.io/article-364.html [Security_tools] Decodify - 自动判断编码方式并解码的工具https://open.appscan.io/article-346.html [Security_tools] fuxploider — 文件上传漏洞扫描及验证工具https://open.appscan.io/article-328.html]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F23%2F</url>
<content type="text"><![CDATA[title: 23date: 2018-1-16 19:05:18tags: 23 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 微信小程序漏洞:可下载任意微信小游戏源代码http://t.cn/RQceg9W [Security_week] 2017安全圈不容错过的年终盘点http://t.cn/RQcDcF9 [Security_week] 网络空间安全的本质是什么?http://t.cn/RQcFKaK [Security_week] 海莲花(OceanLotus)团伙漏洞利用类攻击样本分析http://t.cn/RQcFH9W [Security_week] ntel CPU 曝大 BUG:迫使重新设计 Linux 和 Windows http://t.cn/RQcFngV 安全技能: [Security_technology] 向 Metasploit 中增加自定义 exploit 模块https://zhuanlan.zhihu.com/p/32509309 [Security_technology] Python: 通过预置后门的方式调试运行中的进程 http://t.cn/RQcgrMP[Security_technology] 绕过waf防火墙上传文件,搭建靶机环境实验http://t.cn/RQcecZp [Security_technology] Invoke-PSImage利用分析http://www.4hou.com/technology/9472.html [Security_technology] Web基础知识和技术 https://www.tuicool.com/articles/f6Jzqa[Security_technology] 用 360 随身 WiFi 钓鱼http://t.cn/RQcemXD [Security_technology] 服务器常用端口及用途介绍http://t.cn/RQcekNW [Security_technology] Android逆向之旅—Android中分析某拍短视频的数据请求加密协议(IDA动态调试SO)第二篇http://t.cn/RQcDLUr [Security_technology] 解析漏洞和文件上传http://t.cn/RQcDb32 [Security_technology] 零基础入门python爬虫http://t.cn/RQckXr2http://t.cn/RQck9Vfhttp://t.cn/RQckphm [Security_technology] 安卓渗透利器AndroTickler排雷指北http://t.cn/RQcklkY [Security_technology] 靶机上传拿shellhttp://t.cn/RQcFPlC [Security_technology] 实战 SSH 端口转发http://t.cn/R61YBGz [Security_technology] sql注入原理http://t.cn/R7r0Uhx [Security_technology] Linux后门整理合集http://t.cn/RQcFpr8 [Security_technology] 上传过Waf总结 http://view.zsxq.com/view/5a5b88612540ed2230214bfe[Security_technology] 从零开始学CSRFhttp://t.cn/RZStjE4 [Security_technology] 反序列化的花式利用 http://t.cn/RQcsM40[Security_technology] Burpsuite抓取非HTTP流量 http://t.cn/RQcsS2k[Security_technology] 审计之PHP反序列化漏洞详解(附实例)https://mp.weixin.qq.com/s/3lq_D0-9KVG-GDDtyScr9Q 资源与工具分享: [Security_tools] burpsuite实战指南http://view.zsxq.com/view/5a5b7c8f2540ed2230214ab4 [Security_tools] 2018 PHP 应用程序安全设计指北http://t.cn/RH5AJq0 [Security_tools] 欺骗的艺术http://t.cn/RQceCuE [Security_tools] SqlMap WiKi-信息之路http://view.zsxq.com/view/5a5b80082540ed2230214b2f [Security_tools] 重定向攻击测试Payload http://t.cn/RHYs6lb[Security_tools] 靶场–破壳漏洞社区https://mp.weixin.qq.com/s/1QMAwWEpqTB4fUOncmuDJw [Security_tools] Web应用程序安全测试备忘录http://t.cn/RQcFw9W [Security_tools] XSS绕过姿势http://t.cn/RQcFxRf [Security_tools] 中文版pentest wikihttps://mp.weixin.qq.com/s/mPOWp5bJoYEKEre305PIDg [Security_tools] cpu漏洞pochttp://t.cn/RH8xyiw [Security_tools] 2017物联网安全研究报告 绿盟科技 [Security_tools] Meltdown攻击 http://t.cn/RQcs0RO]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F22%2F</url>
<content type="text"><![CDATA[title: 22date: 2018-1-16 19:05:18tags: 22 安全动态 安全技能 资源与工具分享安全动态: [Security_week] BlackHat 2017欧洲站大会议程详见https://www.blackhat.com/eu-17/training/schedule/index.html [Security_week] 凶险、罪恶还是自由?暗网到底是什么?http://t.cn/RHNUEHr [Security_week] 大揭秘:程序员值得读的开源好书及一线互联网公司面试题库https://www.tuicool.com/articles/ABJby2R [Security_week] 2018年全球网络安全威胁十大趋势https://mp.weixin.qq.com/s/fkDutIzPbM4aOEkK95oe2w 安全技能: [Security_technology] 红日安全 2017总结报告https://mp.weixin.qq.com/s/NqwWUVrVkvbQlmhi_YbKdw [Security_technology] 安全课程系列发布第八节(BurpSuite实战下)https://mp.weixin.qq.com/s/J-dlz3DMd1OhMtST0ib1Jw [Security_technology] 从 Zero 到 Hero ,一文掌握 Pythonhttps://www.tuicool.com/articles/NrMBbmZ [Security_technology] Weblogic XMLDecoder RCE (CVE-2017-10271)分析http://t.cn/RTsYc35 [Security_technology] FTP内网穿透https://github.com/fatedier/frp配置http://t.cn/RfXR4qk [Security_technology] 2017杭州云栖大会100位大咖视频+讲义全分享https://yq.aliyun.com/articles/231065 [Security_technology] 四叶草马坤:安全并非产出服务,所以赚钱会慢一点https://www.tuicool.com/articles/7Rbuaij[Security_technology] “雷鸟”安全飞行:Mozilla 修复 Thunderbird 高危漏洞http://hackernews.cc/archives/18932 资源与工具分享: [Security_tools] Python Cookbook(第三版)http://t.cn/RHN4cII [Security_tools] 渗透测试靶场https://www.vulnhub.com/ [Security_tools] Cyclotron:一个构建仪表盘的Web开源应用https://github.com/ExpediaInceCommercePlatform/cyclotron [Security_tools] 免费电子书https://www.syncfusion.com/resources/techportal/ebooks [Security_tools] 全球所有程序员通用的计算机知识拓扑。不定期更新https://github.com/universe-proton/universe-topology [Security_tools] Web应用程序安全测试备忘录https://www.secpulse.com/archives/66154.html [Security_tools] 图像隐写术:使用PHP隐藏图像中的文本http://t.cn/RYXsBUA [Security_tools] markdown语法学习http://reborncodinglife.com/2016/08/29/markdown-tips/ [Security_tools] 使用Vulhub一键搭建漏洞测试靶场http://vulhub.org/]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F20%2F</url>
<content type="text"><![CDATA[title: 20date: 2018-1-16 19:05:18tags: 20 安全动态 安全技能 资源与工具分享安全动态: [Security_week] BUF早餐铺 | FireEye在GitHub上开源密码破解工具;日本出现ONI勒索软件攻击;WordPress 出现 SQL注入漏洞http://www.yilan.io/article/59fa457075f7e98e15b91dc2 [Security_week] FB字幕组|FreeBuf公开课http://open.freebuf.com/category/subtitle [Security_week] 移动 Pwn2Own 黑客大会:iPhone 7 等多台旗舰智能机被攻破http://hackernews.cc/archives/16393 [Security_week] 2017年最优秀的七大开源网络监控工具http://www.cnn6.net/html/net/2017614/202045.html [Security_week] 走进科学 | Harioboy水坑攻击这点事http://www.freebuf.com/articles/terminal/151456.html [Security_week] 关于最近的 Typecho 安全漏洞https://joyqi.com/typecho/about-typecho-20171027.html 安全技能: [Security_technology] 安全工具之信息收集https://mp.weixin.qq.com/s/Zjdt3Fs3pRKx-KifLpWJYw [Security_technology] 内网穿透工具的原理与开发实战https://zhuanlan.zhihu.com/p/30351943 [Security_technology] 使用curl来调试你的应用http://stormzhang.com/devtools/2014/11/07/use-curl-debug/ [Security_technology] XSLT 服务端注入攻击介绍https://www.contextis.com/blog/xslt-server-side-injection-attacks [Security_technology] sqlmap自带的tamper你了解多少?https://mp.weixin.qq.com/s/vEEoMacmETUA4yZODY8xMQ [Security_technology] CSV文件被低估的注入漏洞隐患https://mp.weixin.qq.com/s/1kjjmoTYoAfWPl4mCpwoLQ [Security_technology] Osprey鱼鹰开源漏洞检测框架Docker使用指南https://mp.weixin.qq.com/s/A9IgTPT8-j4Ldh9vDMHn1w 资源与工具分享: [Security_tools] 恶意软件分析大合集http://t.cn/Rl6z7NA [Security_tools] 免费编程书籍http://t.cn/RoCkRhv [Security_tools] 《因为拒绝升级到Python 3您无法使用的10个超棒的Python功能》http://www.asmeurer.com/python3-presentation/python3-presentation.pdf [Security_tools] 收集子域名接口https://crt.sh/ [Security_tools] 专为学生学习开发提供的开发工具包https://education.github.com/pack [Security_tools] 正则表达式的可视化开源工具https://regexper.com/ [Security_tools] 国外渗透测试报告集合https://github.com/juliocesarfort/public-pentesting-reports [Security_tools] 查找DNS记录的Web站点https://dnsrecords.io/ [Security_tools] Cisco思科认证资料下载https://mp.weixin.qq.com/s/z5VX_L4HLsSSYuIyVSmRcA]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F21%2F</url>
<content type="text"><![CDATA[title: 21date: 2018-1-16 19:05:18tags: 21 安全动态 安全技能 资源与工具分享安全动态: [Security_week] LCTF 2017 官方Writeuphttps://www.tuicool.com/articles/Q77rYvz [Security_week] Python这么热,运维要不要追赶Python的热潮?https://www.tuicool.com/articles/FFvQFfn [Security_week] 这个黑客单枪匹马攻破了最大的儿童性侵内容暗网https://www.tuicool.com/articles/iu6fqmU [Security_week] 卡巴斯基自证清白之路:安全领域将要“巴尔干化”了吗?https://www.tuicool.com/articles/MJBBjiV 安全技能: [Security_technology] 启程-渗透测试前言https://mp.weixin.qq.com/s/Y_iu9y5b0ZZS6bDFwA-DSw [Security_technology] 渗透测试信息收集工具篇https://mp.weixin.qq.com/s/9PnuUq8jESODRQ_Et4ax0Q [Security_technology] Web安全Csrf漏洞利用https://mp.weixin.qq.com/s/T1amu_8Bnb1TihvfSK0Dig [Security_technology] 渗透测试BurpSuite使用https://mp.weixin.qq.com/s/AptfBao-MgDIX9YTmuQIIg [Security_technology] 利用Python进行Web渗透测试系列http://zmister.com/archives/159.html [Security_technology] Python爬虫实战入门系列http://zmister.com/archives/81.html [Security_technology] Android蓝牙远程命令执行漏洞利用实践:从PoC到Exploithttps://paper.seebug.org/430/ [Security_technology] shell环境设置http://reborncodinglife.com/2016/07/05/shell-share/ [Security_technology] Node.js 目录穿越漏洞(CVE-2017-14849)https://github.com/vulhub/vulhub/tree/master/node/CVE-2017-14849 [Security_technology] IE11 0day: CVE-2015-2425 UAF分析https://www.tuicool.com/articles/I7vmMv6 [Security_technology] Java反序列化漏洞通用利用分析http://blog.csdn.net/gl74gs48/article/details/51459742 [Security_technology] Gnuboard 漏洞分析https://www.tuicool.com/articles/26ZJNrv 资源与工具分享: [Security_tools] AWVS11 Web安全扫描器下载和使用-红日论坛http://bbs.sec-redclub.com/hr/forum.php?mod=viewthread&tid=41&extra= [Security_tools] 安全书籍下载-红日论坛http://bbs.sec-redclub.com/hr/forum.php?mod=viewthread&tid=42&extra=page%3D1 [Security_tools] CTF解密工具,Python3https://github.com/ttttmr/ctf-tools [Security_tools] 命令解析网站https://explainshell.com/ [Security_tools] 中国国内可用API合集https://microzz.com/2017/02/03/API/ [Security_tools] 隐藏17年的Office远程代码执行漏洞 CVE-2017-11882https://github.com/embedi/CVE-2017-11882 [Security_tools] Kali Linux 工具使用中文说明https://hackfun.org/tags/kali-linux/]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F19%2F</url>
<content type="text"><![CDATA[title: 19date: 2018-1-16 19:05:18tags: 19 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 打造自己漏洞工具和靶场平台 https://mp.weixin.qq.com/s/gNIqSO1r3Aupzb5QfDb-nA[Security_week] 最新Office 0day漏洞(CVE-2017-11826)在野攻击通告 https://mp.weixin.qq.com/s/2FZGroiI-w9-2DHikPCd-g[Security_week] WPA2脆弱性报导 http://www.yilan.io/article/59e494ca75f7e98e15ad1bae[Security_week] 密钥重新安装:在WPA2迫使临时使用ACK https://papers.mathyvanhoef.com/ccs2017.pdf 安全技能: [Security_technology] 正则表达式必知必会教程 https://blog.patricktriest.com/you-should-learn-regex/[Security_technology] 每个开发人员应该知道的10个Linux命令 http://azer.bike/journal/10-linux-commands-every-developer-should-know/[Security_technology] 蹭你wifi后 我竟然干了这样的事 http://www.yilan.io/article/59e48e1b74471793151689a5[Security_technology] 1分钟破解:研究人员发布WPA2协议的破解演示视频 https://www.landiannews.com/archives/41253.html?utm_sources=wxky 资源与工具分享: [Security_tools] Python编写的开源Struts2全版本漏洞检测工具 http://www.freebuf.com/sectool/149815.html[Security_tools] Dedsploit:网络协议攻击框架 https://mp.weixin.qq.com/s/le3SuJdZ8tDE7UyoXmIPpg[Security_tools] 检查Java相关库缺陷工具 https://github.com/jeremylong/DependencyCheck[Security_tools] 用于将.csv转换为LaTeX表的Python脚本 https://github.com/narimiran/tably[Security_tools] Eclipse Java教程 https://www.linuxhint.com/eclipse-java-tutorial/[Security_tools] spidy - 简单的命令行网页抓取工具 https://github.com/rivermont/spidy[Security_tools] Colly:一个用Golang实现快速优雅的爬虫框架 https://github.com/asciimoo/colly[Security_tools] 一份RootKit列表&恶意软件源代码数据库 http://www.ddosi.com/2017/10/13/rootkits-list/[Security_tools] 国产靶场Webug https://mp.weixin.qq.com/s/2DsOgT3ouO7rfgTIFnX3jQ]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F2%2F</url>
<content type="text"><![CDATA[title: 2date: 2018-1-16 19:05:18tags: 2 [twitter]Transferring Backdoor Payloads with BSSID by Wireless Traffic https://www.peerlyst.com/posts/transferring-backdoor-payloads-with-bssid-by-wireless-traffic-damon-mohammadbagher [twitter]OWASP APPSEC CALIFORNIA 2016 - POSTCARDS FROM THE TOTAL PERSPECTIVE VORTEX - ALEX GANTMAN http://www.securitytube.net/video/16954?utm_source=HT&utm_medium=twitter&utm_campaign=SM [twitter]Metasploit team released Metasploit Vulnerable Services Emulator http://securityaffairs.co/wordpress/56886/hacking/metasploit-vulnerable-services-emulator.html [twitter]A bug in the popular Slack application could be exploited by attackers to steal an access token and take over a user account. http://securityaffairs.co/wordpress/56901/hacking/slack-flaw.html [twitter]Cryptic thoughts, analysis of code, assembler projects, information security topics http://a41l4.blogspot.jp/2017/03/polynetcatrevshell1434.html [twitter]RED TEAM PENETRATION TESTING – ANYTHING GOES (PART 1 OF 3) https://blog.anitian.com/red-team-testing-anything-goes-part1/ [twitter]Veil 3.0 https://github.com/Veil-Framework/Veil [twitter]Uber Patches Payments Bug that Allowed Users to Get Free Rides [Video] http://1reddrop.com/2017/03/05/uber-patches-payments-bug-allowed-users-get-free-rides/?utm_content=bufferf5750&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer [twitter]NEW FILELESS ATTACK USING DNS QUERIES TO CARRY OUT POWERSHELL COMMANDS https://threatpost.com/new-fileless-attack-using-dns-queries-to-carry-out-powershell-commands/124078/ [twitter]Senior Security Researcher https://akamaijobs.referrals.selectminds.com/jobs/senior-security-researcher-2656 [twitter]dockerscan https://github.com/cr0hn/dockerscan [twitter]CrikeyCon 2017 CTF online https://ctf.crikeycon.com/ [twitter]ISC StormCast for Monday, March 6th 2017 https://isc.sans.edu/podcastdetail.html?podcastid=5401 [twitter]Windows 10 Vulnerability Found by Project Zero Gets Third Party Patch https://winbuzzer.com/2017/03/03/windows-10-vulnerability-found-project-zero-gets-third-party-patch-xcxwbn/?utm_content=buffer0aad9&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer [twitter]Multi-bridge Oz-daemon and Clearnet Sandboxed Chromium https://subgraph.com/sgos/documentation/clearnet-chromium/ [twitter]Bypassing Next-Gen AV For Fun and Profit https://virtualizedcomputing.wordpress.com/2017/03/02/bypassing-next-gen-av-for-fun-and-profit/ twitter[Video] Ieee Security And Privacy - S$A: A Shared Cache Attack That Works Across Cores And Defies Vm Sandboxing. http://www.securitytube.net/video/15921?utm_source=HT&utm_medium=twitter&utm_campaign=SM [weibo]那个程序员的Linux常用软件清单(AShellTools.sh) https://github.com/alicance/Alic_env/blob/master/dever/AShellTools.shhttp://www.jianshu.com/p/ac6e13290698 [weibo]阴阳师:一个非酋的逆向旅程 http://paper.seebug.org/232/#0-tsina-1-94692-397232819ff9a47a7b7e80a40613cfe1 [weibo]腾讯要去大学里抢安全人才,没学安全专业就后悔吧 http://weibo.com/ttarticle/p/show?id=2309404081695077840726#_0 [weibo]iOS下音视频通信的实现-基于WebRTC http://www.cocoachina.com/ios/20170306/18837.html [weibo]Wordpress Username Enumeration 漏洞分析(CVE-2017-5487) http://paper.seebug.org/239/#0-tsina-1-10909-397232819ff9a47a7b7e80a40613cfe1]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F18%2F</url>
<content type="text"><![CDATA[title: 18date: 2018-1-16 19:05:18tags: 18 安全动态 安全技能 资源与工具分享安全动态: [Security_week] Apache Struts 2 S2-053漏洞威胁 https://cwiki.apache.org/confluence/display/WW/S2-053Struts2 Freemarker tags 远程代码执行漏洞(S2-053)环境 https://github.com/Medicean/VulApps/tree/master/s/struts2/s2-053 [Security_week] Discuz! X任意文件删除漏洞分析报告 https://cert.360.cn/report/detail?id=37b39434132113bd285fc004e765b245 安全技能: [Security_technology] s2-052漏洞利用 https://mp.weixin.qq.com/s/qjbfBUaAb4OBP3Gh3Ca6Kw[Security_technology] Struts S2-052反弹Shell实验 http://www.freebuf.com/vuls/147017.html[Security_technology] 后渗透测试神器Empire详解 https://mp.weixin.qq.com/s/xCtkoIwVomx5f8hVSoGKpA[Security_technology] Web源码泄露浅析 https://mp.weixin.qq.com/s/7W9GayKlF6vasyJ4QecvdA[Security_technology] Office 2016 远程代码执行漏洞详情(CVE-2017-8630)https://securingtomorrow.mcafee.com/mcafee-labs/microsoft-kills-potential-remote-code-execution-vulnerability-in-office-cve-2017-8630/ 资源与工具分享: [Security_tools] nmap使用指南(终极版) https://mp.weixin.qq.com/s/hMO8UHJaTeV-ltc00n3PCw[Security_tools] S2-052验证工具 https://github.com/mazen160/struts-pwn_CVE-2017-9805[Security_tools] 蓝牙协议 Android 信息泄露漏洞 (CVE-2017-0785/Blueborne) 的 PoC https://github.com/ojasookert/CVE-2017-0785]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F17%2F</url>
<content type="text"><![CDATA[title: 17date: 2018-1-16 19:05:18tags: 17 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 物联网等保测评必读-《信息安全技术 网络安全等级保护测评要求 第4部分:物联网安全扩展要求》解读 https://mp.weixin.qq.com/s/udrWsJw2qarC7GrGq7mZIg[Security_week] 安全小课堂第六十九期【企业安全基础框架】https://www.secpulse.com/archives/59965.html[Security_week] IEEE Spectrum 2017 编程语言排行:Python 夺冠 https://mp.weixin.qq.com/s/jJQOAkHYFl1nVKlsJ6wgcw[Security_week] 2017黑帽大会兵工厂工具列表 https://mp.weixin.qq.com/s/ygh2JE69FRRdLJEOXYTcUg[Security_week] 客人换衣被直播,黑客表示:“太LOW~”https://mp.weixin.qq.com/s/7gWXpecKeSS1fi1aZVVTaQ[Security_week] CVE–2017–8543 Windows Search远程代码执行漏洞预警(含演示) https://mp.weixin.qq.com/s/g6rHcZz2_0bU-0vPlyJB-g[Security_week] 代码未写,漏洞已出—架构和设计的安全 http://djt.qq.com/article/view/1555[Security_week] 富裕国家和发展中国家之间的编程语言差异有多大?http://t.cn/RNb9Dfx[Security_week] Rust SGX SDK v0.2.0 发布 | 31GB内存支持来了 http://t.cn/RKk2ic5 安全技能: [Security_technology] Windows环境下的信息收集 https://mp.weixin.qq.com/s/37xtTdjVetMg5P1WaJvYvA[Security_technology] 内网渗透主机发现的技巧 https://mp.weixin.qq.com/s/fg8f7ydniZiQZ87niDTwqA[Security_technology] 浏览器漏洞挖掘思路 https://zhuanlan.zhihu.com/p/28719766[Security_technology] 记一次渗透英格科技 http://foreversong.cn/archives/336[Security_technology] web测试方法工具篇 https://mp.weixin.qq.com/s/iBlBbPjVne_MON6RU2O1yg[Security_technology] CVE-2012-1889 个人漏洞分析报告 https://mp.weixin.qq.com/s/Gxn9qUEXnrMYq5-F-wCH6A[Security_technology] VMware Horizon的macOS客户端代码注入漏洞分析 https://mp.weixin.qq.com/s/eH6rpiLLUuMlOe2yOWQBgw[Security_technology] 路由器固件安全分析技术(二) https://www.vulbox.com/knowledge/detail/?id=42[Security_technology] Cure53 对 Briar 项目应用与协议的渗透测试报告 https://briarproject.org/raw/BRP-01-report.pdf[Security_technology] 利用 Paypal 服务器的任意文件上传漏洞远程执行代码 http://blog.pentestbegins.com/2017/07/21/hacking-into-paypal-server-remote-code-execution-2017/[Security_technology] 能能实战:android逆向,当apk反编译失败时 http://t.cn/RNsyavP[Security_technology] 能能实战:安卓逆向学习破解签名验证(不修改so) http://t.cn/RNsvxYp[Security_technology] 能能实战,二次安卓逆向http://t.cn/RNFuDDC[Security_technology] 基于Python&Facepp打造智能监控系统 https://mp.weixin.qq.com/s/pahSPl_7tAC1f4xA2vyfYg[Security_technology] 一句话开启HTTP服务 http://t.cn/R93OaKy[Security_technology] NESSUS的高级扫描方法 http://www.freebuf.com/column/144167.html[Security_technology] 恶意样本分析手册-虚拟机检测篇(下)http://blog.nsfocus.net/malicious-sample-analysis-manual-virtual-machine-test-bottom/[Security_technology] WebSocket应用安全问题分析 https://security.tencent.com/index.php/blog/msg/119[Security_technology] 攻击PowerShell 的代码注入漏洞,绕过它的语言约束模式[Security_technology] 无 PowerShell.exe 执行 Empire 的几种姿势 https://mp.weixin.qq.com/s/FBXEiJbGRUxsYu1lBcw7_A 资源与工具分享: [Security_tools] 免费的在线计算机科学课程http://www.openculture.com/computer_science_free_courses[Security_tools] htcap:一款实用的递归型Web漏洞扫描工具 https://mp.weixin.qq.com/s/izihU3bTnPRP2jz9F2cNBg[Security_tools] hydra - 密码暴力破解工具 https://github.com/vanhauser-thc/thc-hydra[Security_tools] WordPress 漏洞扫描工具 wpscan 2.9.3发布https://github.com/wpscanteam/wpscan/releases/tag/2.9.3[Security_tools] angularjs-csti-scanner - 用于自动化检测 AngularJS 客户端模板注入攻击的工具https://github.com/tijme/angularjs-csti-scanner[Security_tools] 域渗透神器Empire安装和简单使用 https://mp.weixin.qq.com/s/VqrUTW9z-yi3LqNNy-lE-Q[Security_tools] Linux本地root提权exp CVE-2017-1000112https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-1000112/poc.c[Security_tools] 用C语言编写哈希表https://github.com/jamesroutley/write-a-hash-table/tree/v0.1.0[Security_tools] 破解随机数生成器(xoroshiro128 +) https://lemire.me/blog/2017/08/22/cracking-random-number-generators-xoroshiro128/[Security_tools] 用Clojure提取Chrome Cookieshttps://blog.laurentcharignon.com/post/extracting-chrome-cookie-clojure/[Security_tools] Python的隐藏特性(StackOverflow)http://pyzh.readthedocs.io/en/latest/python-hidden-features.html[Security_tools] Whatruns:识别任何网站上使用的技术的免费FireFox插件https://www.whatruns.com[Security_tools] Python编写的简单的微信客户端 https://github.com/justdoit0823/pywxclient[Security_tools] 滥用爬虫进行间接的 Web 攻击(Paper)http://t.cn/RNGUa38[Security_tools] 全球所有程序员通用的计算机知识拓扑https://github.com/universe-proton/universe-topology[Security_tools] 漏洞自动化验证之XSS篇 https://mp.weixin.qq.com/s/MHmdmDi8vS0zLu4ktTOV6A[Security_tools] 自动化测试原理http://www.lihaoyi.com/post/PrinciplesofAutomatedTesting.html[Security_tools] st2-052远程命令执行漏洞POC+复现测试 http://www.chengyin.org/forum.php?mod=viewthread&tid=2648&fromuid=1]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F16%2F</url>
<content type="text"><![CDATA[title: 16date: 2018-1-16 19:05:18tags: 16 安全动态 安全技能 资源与工具分享 论坛安全文章 安全视频安全动态: [Security_week] 网络安全生态峰会开始报名啦! https://mp.weixin.qq.com/s/9hLkNOLpTA1-v___RSdiog [Security_week] 网信办发布《关键信息基础设施安全保护条例(征求意见稿)》全文 https://mp.weixin.qq.com/s/qnG4A9HkPQPWAZgae_LSqQ [Security_week] 移动APP更要注重网络安全,也要及时开展等保工作 https://mp.weixin.qq.com/s/wt1jlPNTCV7JJUJ9RWj-zQ [Security_week] 大国或已暗地打响网络战 有必要出台网络战规则! https://mp.weixin.qq.com/s/K6SKWSOJ9_-tT7b5PI6F9A [Security_week] MSRC-Security-Research - 微软 MSRC 团队近几年演讲资料的汇总 https://github.com/Microsoft/MSRC-Security-Research/tree/master/presentations [Security_week] 再谈勒索软件的防御 https://mp.weixin.qq.com/s/IayXVSFQ2pVw-q7ODeHyHA [Security_week] R 语言基础入门 https://www.shiyanlou.com/courses/855 [Security_week] Python Web 框架介绍 http://t.cn/RKHAMVX [Security_week] 信息安全漏洞周报(2017年第27期) https://mp.weixin.qq.com/s/tg4KGajO89-bLL-ELfJhGA [Security_week] 安全客 2017 季刊第二期 http://bobao.360.cn/download/book/security-geek-2017-q2.pdf [Security_week] 安全预警:VMware虚拟机逃逸利用工具已在网上大规模流传,用户请尽快更新 http://www.tuicool.com/articles/jE7rei6 [Security_week] 架构师之路:一个架构师需要掌握的知识技能 http://weizhan.51cto.com/article/view/59142577f2dd874ef5571ed1 [Security_week] 开发安全的 API 所需要核对的清单 https://github.com/shieldfy/API-Security-Checklist/blob/master/README-zh.md 安全技能: [Security_technology] Windows平台运行Masscan和Nmap http://www.4hou.com/penetration/6173.html [Security_technology] Splash SSRF到获取内网服务器ROOT权限 https://xianzhi.aliyun.com/forum/read/1872.html [Security_technology] Splunk学习与实践(审计工具) https://mp.weixin.qq.com/s/O5Jt-DDpskimfz8kHunZ8Q [Security_technology] Memcached -一个故事失败的修补和脆弱的服务器 http://blog.talosintelligence.com/2017/07/memcached-patch-failure.html#more [Security_technology] 在使用Burp Scanner的Web应用程序脆弱性分析 http://www.hackingarticles.in/vulnerability-analysis-web-application-using-burp-scanner/ [Security_technology] Inject All the Things http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/ [Security_technology] Apache Structs2 S2-048 漏洞动态分析 http://t.cn/RKLTBpb [Security_technology] 谈谈关于PHP的代码安全相关的一些致命知识 https://mp.weixin.qq.com/s/wD_SzRUWVuh4mruaF0qs5g [Security_technology] 美10余家电力企业遭模板注入攻击 https://mp.weixin.qq.com/s/fCg70lBTi-dWQN9zAL97yA [Security_technology] [翻译]现代Web中的JSON劫持 http://bbs.pediy.com/thread-219036.htm [Security_technology] [翻译]SQL注入新手教程(第二部分) http://bbs.pediy.com/thread-219115.htm [Security_technology] 能能实战:Jenkins(cve-2017-1000353)反序列化命令执行漏洞验证 http://t.cn/RKTDNCh [Security_technology] 干货丨从浅层模型到深度模型:概览机器学习优化算法 https://mp.weixin.qq.com/s/jnWH7KcVVmxh0Ywxi4GM9Q [Security_technology] 利用 CreateRestrictedToken API Bypass AppLocker https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/ [Security_technology] Cisco Talos 团队对利用 Word 模板注入攻击基础设施的分析 http://blog.talosintelligence.com/2017/07/template-injection.html [Security_technology] Poppler PDF 存在多个 RCE 漏洞,成功利用可以完全控制用户计算机 http://t.cn/RKHv7K2 [Security_technology] Active Directory中获取域管理员权限的攻击方法 http://www.cnblogs.com/backlion/p/7159296.html?from=timeline&isappinstalled=0 [Security_technology] 常见端口转发工具的使用方式(二) https://mp.weixin.qq.com/s/vlPRk7jKJXO8ZyopNIfzrg [Security_technology] 关于IP,这里有你想知道的一切!(中篇) https://mp.weixin.qq.com/s/ZjQ9VAatFmqwHNhTVd7yXA [Security_technology] 分享下android下使用的渗透工具(介绍) https://mp.weixin.qq.com/s/HND4hYuqVbGS-PAwLPwaNA [Security_technology] Linux安全——iptables(七) https://mp.weixin.qq.com/s/Fv0TP9Gff4tu4g3gtQDQ8g [Security_technology] Struts2 S2-048高危漏洞复现!详解几个漏洞攻击载荷利用的对比分析 https://mp.weixin.qq.com/s/XLeRNPN_CcpVG7firXC47w [Security_technology] 密码破解那些事 https://mp.weixin.qq.com/s/-K8tO58kUPMSVL2xge5vUA 资源与工具分享: [Security_tools] ReverseAPK - 快速逆向分析安卓应用的 Bash 脚本 https://github.com/1N3/ReverseAPK [Security_tools] XSStrike - Fuzz XSS 漏洞的工具,可以自动发现并绕过常见 WAF https://github.com/UltimateHackers/XSStrike [Security_tools] Android_Kernel_CVE_POCs CVE-2017-8260 CVE-2017-0705 CVE-2017-8259 http://t.cn/RKVrpqt [Security_tools] CANAPE.Core - 跨平台的网络协议测试库 https://github.com/tyranid/CANAPE.Core [Security_tools] salt-scanner - 基于 Salt Open 和 Vulners audit API 的 Linux 漏洞扫描器 https://github.com/0x4D31/salt-scanner [Security_tools] 《深入理解Android热修复技术原理》 https://m.aliyun.com/yunqi/articles/115122 [Security_tools] w8scan 一款模仿bugscan的扫描器 https://github.com/boy-hack/w8scan [Security_tools] SlackShell - 基于 Slack API 的 PowerShell 版本 C&C 命令控制实现 https://github.com/bkup/SlackShell [Security_tools] Winpayloads - 基于 Python2.7 编写的免杀 Windows Payload 生成器 https://github.com/nccgroup/Winpayloads [Security_tools] objection - SensePost 公开的基于 Frida 的 iOS APP Runtime 探测工具,可以向 APP 中注入对象执行代码 https://sensepost.com/blog/2017/objection-mobile-runtime-exploration/ [Security_tools] 目录扫描工具 http://pentestit.com/cangibrina-domain-admin-dashboard-finder/ [Security_tools] T50-最快混合包注入器工具 https://www.darknet.org.uk/2017/07/t50-fastest-mixed-packet-injector-tool/ [Security_tools] Burp Vulners Scanner -漏洞扫描器 https://vulners.com/ 论坛安全文章: 渗透测试 MySQL注入技术之系统表利用常用安全工具介绍安全攻防之信息搜集http://bbs.sec-redclub.com/hr/forum.php?mod=forumdisplay&fid=36&page=1 安全视频: Wireshark课程学习无线安全攻防网络课程http://bbs.sec-redclub.com/hr/forum.php?mod=forumdisplay&fid=41]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F15%2F</url>
<content type="text"><![CDATA[title: 15date: 2018-1-16 19:05:18tags: 15 安全动态 安全技能 资源与工具分享安全动态: [Security_week] 《网络安全等级保护测评要求 第2部分:云计算安全扩展要求》解读https://mp.weixin.qq.com/s/F17y003bc0PUbKadIp0vaw [Security_week] 信息安全漏洞周报(2017年第26期)https://mp.weixin.qq.com/s/8qrvR31PgdrXTor0wo8_NA [Security_week] 360互联网安全中心发布权威文档型漏洞攻击研究报告https://mp.weixin.qq.com/s/QqPa0JIJ6yC-Sa5lncyrlg [Security_week] 白帽子小A的故事:《网安法》时代,挖漏洞安全姿势指南https://xianzhi.aliyun.com/forum/read/1816.html [Security_week] windows漏洞价值分类排名http://www.4byte.cn/learning/44312.html [Security_week] Android企业安全控制https://mp.weixin.qq.com/s/Wnw-_mP8zwXHWLWMq-gr-Q [Security_week] 宜信防火墙自动化运维之路https://mp.weixin.qq.com/s/nXdPtodKpl7FKiJKJBvWlQ 安全技能: [Security_technology] RDPInception:另类RDP攻击手段(附演示视频)http://m.bobao.360.cn/learning/appdetail/4055.html [Security_technology] Android锁屏勒索APK分析http://m.bobao.360.cn/learning/appdetail/4053.html [Security_technology] 关机窃听原理与实现http://www.tuicool.com/articles/BBbQNjv [Security_technology] 如何将Metasploit Payloads 注射到 Android APP(自动+手工)https://mp.weixin.qq.com/s/qQLewniNcP1EBkhIWRgieg [Security_technology] 想不到的晒自拍后果https://mp.weixin.qq.com/s/jLz_DhGMSzj5g5-ynrcBMA [Security_technology] Android O 迁移应用官方指南https://mp.weixin.qq.com/s/RumP0C9PeqM9kJFeKRenZg [Security_technology] Petya勒索蠕虫完全分析报告https://mp.weixin.qq.com/s/fBz4a97a4GXFMtwFd4LZvQ [Security_technology] Thinkphp5.X设计缺陷泄漏数据库账户和密码https://mp.weixin.qq.com/s/hToNCw2JnsY6z4-j_Ki6-w [Security_technology] ThinkPHP5 SQL注入漏洞 && PDO真/伪预处理分析https://www.leavesongs.com/PENETRATION/thinkphp5-in-sqlinjection.html [Security_technology] OOB(out of band)分析系列之DNS渗漏http://www.tuicool.com/articles/UR3AfqE [Security_technology] Windows日志的删除与绕过http://t.cn/RoDwI5g [Security_technology] 骚年,看我如何把 PhantomJS 图片的 XSS 升级成 SSRF/LFRhttp://paper.seebug.org/344/ 资源与工具分享: [Security_tools] 红日攻防实验室http://sec-redclub.com/index.php/580.html [Security_tools] 专为渗透测试人员设计的Python工具大合集http://www.tuicool.com/articles/IzqYVne [Security_tools] 研究员 Moony Li 总结的漏洞挖掘、利用、缓解的脑图http://t.cn/RKqAYBj [Security_tools] 固件可视化分析工具https://mp.weixin.qq.com/s/eJzzpqSQZw1I7M0wlDgcjQ [Security_tools] dnssearch -子域名收集工具https://github.com/evilsocket/dnssearch [Security_tools] 第三届 MOSEC 移动安全技术峰会PPT下载https://github.com/aozhimin/MOSEC-2017 [Security_tools] wooyun密码合集包http://t.cn/RKqzpuX [Security_tools] FakeNet-NG - FireEye 开源的一款网络分析工具, Python 语言编写http://t.cn/RK7Ly4a]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F14%2F</url>
<content type="text"><![CDATA[title: 14date: 2018-1-16 19:05:18tags: 14 标签(空格分隔): 更新方法 扫描工具 安全开发安全动态: [Security_week] 中央网信办关于印发《国家网络安全事件应急预案》的通知-中央网络安全和信息化领导小组办公室 http://www.cac.gov.cn/2017-06/27/m_1121220113.htm?from=groupmessage&isappinstalled=0[Security_week] 中国人民银行关于印发《中国金融业信息技术“十三五”发展规划》的通知 http://www.pbc.gov.cn/zhengwugongkai/127924/128038/128109/3333998/index.html[Security_week] 一法牵动万人心——网络安全法实施开启新纪元 https://mp.weixin.qq.com/s/-Sr1cslKqTfphwsJ46Qxsg[Security_week] 金融行业10大领域网络安全报告 https://mp.weixin.qq.com/s/otB91WPX89EWqmcAs3Pvsg[Security_week] Petrwrap勒索病毒正在全球疯狂传播 https://mp.weixin.qq.com/s/j0bzAoOaoo01poglfNQk8g[Security_week] 瑞星:Petya勒索病毒全球爆发 目前已影响到中国 https://mp.weixin.qq.com/s/hjJ5GgcRvJQpld2DQTByuw[Security_week] 红队攻击手法的要点备忘录https://github.com/vysec/RedTips[Security_week] 攻击容器集群管理平台 http://paper.seebug.org/332/[Security_week] Weblogic Java反序列化漏洞补丁绕过攻击分析安全公告 https://mp.weixin.qq.com/s/FkrUe8Mqncnf9gUzEjXrSw[Security_week] 回答好这十大难度问题 搞定安全人员面试 https://mp.weixin.qq.com/s/cs53NVDkTsJdADpvFETx_w[Security_week] SecWiki周刊(第174期)https://mp.weixin.qq.com/s/IzwaurbXI9838SrYQtl9SQ 安全技能: [Security_technology] Linux&bash闯关CTF https://mp.weixin.qq.com/s/8jlry-AVOocN2M6n425rIg[Security_technology] PythonWaf黑名单过滤下的一些Bypass思路 http://dwz.cn/BypassWaf[Security_technology] 服务端指南 | HTTPS 项目实战指南 http://www.tuicool.com/articles/67veErI[Security_technology] 从SSRF到命令执行惨案 http://www.tuicool.com/articles/2UBbqqU[Security_technology] 收集NPM弱密码的多种方式 https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md[Security_technology] JSONP注入实例 https://www.exploit-db.com/docs/42250.pdf[Security_technology] Alpine Linux: 从发现漏洞到代码执行 https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/[Security_technology] 渗透测试基础架构系列 part4: 后渗透攻击 http://bitvijays.github.io/LFF-IPS-P4-PostExploitation.html[Security_technology] 渗透测试工程师常用的 Python 库和程序列表 https://vulnerablelife.wordpress.com/2017/05/13/python-for-penetration-testers/[Security_technology] MAMP 存在CSRF与目录遍历漏洞,可进一步导致远程代码执行 https://www.itsec.nl/en/2017/06/26/drive-by-remote-code-execution-by-mamp/[Security_technology] CVE-2017-6920:Drupal远程代码执行漏洞分析及POC构造 http://paper.seebug.org/334/[Security_technology] 看雪.WiFi万能钥匙 CTF 2017第十三题 点评及解题思路 https://mp.weixin.qq.com/s/RTHmvOrEErgtEhIq0ff2xw[Security_technology] 使用 Burp Infiltrator 进行漏洞挖掘 https://mp.weixin.qq.com/s/x78QiMc7zTj8m1Gk0s52aA[Security_technology] Python JSON Fuzzer: PyJFuzz https://n0where.net/python-json-fuzzer-pyjfuzz/[Security_technology] Sucuri 的安全研究员发现 WordPress 的插件 WP Statistics 中存在 SQL 注入漏洞影响 30 万+网站 http://securityaffairs.co/wordpress/60596/hacking/wordpress-wp-statistics-flaw.html[Security_technology] 从 PhantomJS 图片渲染中的 XSS 到 SSRF/本地文件读取 http://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/[Security_technology] 雅虎小企业服务平台 Luminate 身份认证漏洞 https://mp.weixin.qq.com/s/otB91WPX89EWqmcAs3Pvsg 资源与工具分享: [Security_tools] Little Snitch 4:重新设计网络监视器与地图视图,基于地理位置的可视化网络连接 https://www.obdev.at/products/littlesnitch/whatsnew.html[Security_tools] hyperapp:用于构建前端应用程序的1kb JavaScript库。 https://github.com/hyperapp/hyperapp[Security_tools] Python源代码搜索引擎Nullegehttp://nullege.com/[Security_tools] 基于nmap扫描结果的端口爆破工具:BrutesPray https://mp.weixin.qq.com/s/y7Z19WmSlacNbrdMxOcDjQ[Security_tools] RTFM - 以数据库形式存储常用工具的命令行参数的工具 https://github.com/leostat/rtfm[Security_tools] json-web-token-attacker - 针对 JavaScript 对象注册与加密的渗透测试助手 https://portswigger.net/bappstore/bapps/details/f923cbf91698420890354c1d8958fee6[Security_tools] Owasp Orizon 是一款源代码静态分析工具,用于发现 Java 应用中的安全问题 https://github.com/thesp0nge/owasp-orizon[Security_tools] Apache ActiveMQ 5.x 上传 Web Shell 的 MSF 漏洞利用脚本 https://packetstormsecurity.com/files/143191/apache_activemq_upload_jsp.rb.txt[Security_tools] 构造PPSX钓鱼文件 https://evi1cg.me/archives/Create_PPSX.html[Security_tools] DataSploit - 用于搜集域名/邮箱/用户名等信息的工具 https://github.com/DataSploit/datasploit[Security_tools] MBRFilter - 一个用于防护 MBR 注入攻击的工具 http://pentestit.com/mbrfilter-protect-mbr-infection/]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F11%2F</url>
<content type="text"><![CDATA[title: 11date: 2018-1-16 19:05:18tags: 11 安全动态 安全技能 资源与工具分享安全动态: flash 远程代码执行漏洞http://www.securityfocus.com/bid/98347 RCTF 2017 web writeuphttp://www.91ri.org/17121.html 运用最广的远控-TeamViewer被黑了http://www.91ri.org/15890.html [CTF 攻略]第14届全国大学生信息安全与对抗技术竞赛(ISCC 2017) Writeup http://bobao.360.cn/ctf/detail/199.html中美网络信息安全政策比较与评估 https://mp.weixin.qq.com/s/nD-z1FElODOtMcwTCFpsZA谈论支付攻击和防护的方法+视频https://youtu.be/VI7HVDy_bYU 进程注入的技巧工具。进程注入是一种非常流行的方法,用于隐藏恶意代码的恶意行为,并被恶意软件作者大量使用。http://pentestit.com/short-post-injectproc-process-injection-techniques/ 2017CNCERT安全年会学习笔记https://mp.weixin.qq.com/s/Nt7KdLhCvpqf1jIJ0coBQQ Windows曝出漏洞:输入这4个字符,电脑就会卡到不能自理https://mp.weixin.qq.com/s/Aphf2UFIrgNdmqAYyp-Wmg 利用普通用户对HTTPS协议的信任,越来越多的钓鱼攻击都在使用HTTPhttps://threatpost.com/rash-of-phishing-attacks-use-https-to-con-victims/125937/ 如果您对商业选择有所警惕,那么该如何构建自己的VPN呢https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/ Intel Xeon E3-1200 v5处理器的HPE ML10 Gen 9服务器,远程访问限制绕过http://www.securityfocus.com/archive/1/540634 WordPress一个插件,Twitter API秘密密钥和令牌的曝光http://seclists.org/bugtraq/2017/May/67 私营部门和对网络威胁的主动防御(一)https://www.sec-un.org/%E8%BF%9B%E5%85%A5%E7%81%B0%E8%89%B2%E5%9C%B0%E5%B8%A6%EF%BC%9A%E7%A7%81%E8%90%A5%E9%83%A8%E9%97%A8%E5%92%8C%E5%AF%B9%E7%BD%91%E7%BB%9C%E5%A8%81%E8%83%81%E7%9A%84%E4%B8%BB%E5%8A%A8%E9%98%B2%E5%BE%A1/ 海莲花组织针对亚洲某公司的APT攻击—Cobalt Kitty 行动分析http://www.4hou.com/system/4980.html SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE SSD LoadMaster XSS前验证远端控制https://blogs.securiteam.com/index.php/archives/3194 安全技术: Linux安全运维:谁动了我的主机? 之活用History命令http://m.bobao.360.cn/learning/appdetail/3918.html SSRF漏洞分析与利用http://www.91ri.org/17111.html [ Android ] 内网穿透——ANDROID木马进入高级攻击阶段(二)http://blogs.360.cn/360mobile/2017/05/25/analysis_of_milkydoor/ 调用Acunetix11 API接口实现扫描-屌丝归档笔记http://0cx.cc/about_awvs11_api.jspx 绕过XSS缓解https://www.youtube.com/watch?v=p07acPBi-qw&index=4&list=PLpr-xdpM8wG8RHOguwOZhUHkKiDeWpvFp 零基础入门篇Linux Shellcoding (Part 1.0)https://0x00sec.org/t/linux-shellcoding-part-1-0/289 CVE-2012-0158 两种 PoC 分析http://www.yilan.io/article/592b5797d59c201341d8db75 如何构建SMB蜜罐https://benkowlab.blogspot.fr/2017/05/feedback-on-how-to-build-smb-honeypot.html 针对闲鱼钓鱼团伙分析https://mp.weixin.qq.com/s/dcf5JOy41LUMigCuj9obQg 一种Bypassing Windows Attachment Manager的有趣姿势https://mp.weixin.qq.com/s/QpZOZaMYvH6Q9m8QibP47A Intel产品AMT本地及远程提权漏洞(CVE-2017-5689)复现https://mp.weixin.qq.com/s/XJnyYKk_U1kZjB2R_Fjw-A FineCMS v2.1.5前台一处XSS+CSRF可getshellhttp://0day5.com/archives/4397/ 从零开始构建数据库防火墙https://raz0r.name/talks/database-firewall-from-scratch/ 使用虚拟机搭建信息安全实验环境的教程https://blindseeker.com/AVATAR/AVATAR-FINAL.pdf Building Searchable Encrypted Databases with PHP and SQL 建立可搜索加密的数据库使用PHP和SQLhttps://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql 密码重置的中间人攻击http://mp.weixin.qq.com/s/u24vyexAbTWZU2g0nbdMTg 安全工具: LoadLibrary:一款能够允许Linux程序从DLL文件中加载或调用函数的工具 http://www.freebuf.com/sectool/135683.html OWASP Directory Access scannerhttps://n0where.net/owasp-directory-access-scanner/ 在线被动端口扫描器https://github.com/vesche/scanless RouterSploit: The Metasploit For Routers!http://pentestit.com/routersploit-router-exploitation-framework/ Gixy是分析Nginx配置的工具http://buff.ly/2pM1hLO kube-auto-analyzer: Kubernetes 配置自动化分析工具https://github.com/nccgroup/kube-auto-analyzer hfiref0x 开源的 UAC 对抗工具UACMehttps://github.com/hfiref0x/UACME nmap的一个检测samba漏洞(CVE-2017-7494)的脚本https://github.com/Waffles-2/SambaCry/blob/master/CVE-2017-7494.nse NSEarch - Nmap脚本引擎搜索http://www.kitploit.com/2017/05/nsearch-nmap-scripting-engine-search.html?utm_source=dlvr.it&utm_medium=twitter File2pcap - 随意指定文件,生成 Pcap 流量包的工具,支持多种协议http://blog.talosintelligence.com/2017/05/file2pcap.html Java 反序列化漏洞的检测和利用,序列化漏洞的检测是基于 Burp Suite 的插件实现的https://techblog.mediaservice.net/2017/05/reliable-discovery-and-exploitation-of-java-deserialization-vulnerabilities/ backslash-powered-scanner - 用于寻找未知类型注入漏洞的 Burp Suite 扩展https://github.com/PortSwigger/backslash-powered-scanner BruteSpray: 自动根据 Nmap 输出结果对开放的服务进行暴力破解https://github.com/x90skysn3k/brutespray 资源分享: Linux目录结构详细介绍http://mp.weixin.qq.com/s/imfJoKD3RpU6U5loLmNqtw ReactOS 0.4.5 版发布。https://reactos.org/project-news/reactos-045-released 写给想成为前端工程师的同学们http://www.techug.com/post/who-to-be-a-front-end-developer.html MySQL 调优/优化的 100 个建议http://www.techug.com/post/paddx.html 从维基百科挖掘的100K句话,帮助母语为非英语的学习者。近期学英语的拿走~https://buildmyvocab.in/ 可以将HTML转换为Markdown的工具,用Python编写https://github.com/gaojiuli/tomd/ 收集有用库和资源的网站https://www.libhunt.com/ 我正在「红日俱乐部」和朋友们讨论有趣的话题,你一起来吧?http://t.xiaomiquan.com/JmQFmEq]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F13%2F</url>
<content type="text"><![CDATA[title: 13date: 2018-1-16 19:05:18tags: 13 安全动态 安全技能 资源与工具分享安全动态: [Security_week]TP-Link WR841N路由器任意代码执行漏洞分析(附演示视频) http://m.bobao.360.cn/learning/appdetail/4008.html [Security_week]打印机安全之从安全公告到远程代码执行 https://www.tenable.com/blog/rooting-a-printer-from-security-bulletin-to-remote-code-execution?utm_content=bufferde44c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer [Security_week]新型PPT钓鱼攻击分析(含gootkit木马详细分析) http://www.tuicool.com/articles/QZFnEnr [Security_week]修复两个严重远程代码执行漏洞(CVE-2017-8543/8464) http://www.freebuf.com/articles/system/137283.html [Security_week]堡垒机工作机制 http://sec-redclub.com/index.php/archives/551/ [Security_week]独家逆向报告:APT28缘何使sai门铁克躺枪 http://sec-redclub.com/index.php/archives/551/ [Security_week]Spring WebFlow 远程代码执行漏洞分析(CVE-2017-4971) https://threathunter.org/topic/593d562353ab369c55425a9 [Security_week]两篇反击awvs扫描的文章 http://www.freebuf.com/news/136476.html http://www.91ri.org/14712.html [Security_week]穿越边界的姿势 http://sec-redclub.com/index.php/archives/551/ [Security_week]关于Google发布Chrome 59正式版修复多个漏洞的情况通报 http://www.cnvd.org.cn/webinfo/show/4160 [Security_week]Defcon Quals CTF的二进制文件与源码 https://github.com/legitbs/quals-2017 [Security_week]kernel exploit - Windows/Linux 的各种提权 exp http://sec-redclub.com/index.php/archives/551/ [Security_week]如何通过命令注入漏洞搞定雅虎子公司的生产服务器 http://m.bobao.360.cn/learning/appdetail/3942.html [Security_week]CTF比赛中关于zip的总结 http://m.bobao.360.cn/ctf/applearning/203.html [Security_week]SSL 中间人劫持小工具,C# 实现,采用子签名 CA 证书 https://gist.github.com/subTee/61b8e7852e5ed8212cddd039285ea324 安全技术: [Security_technology]Web日志安全分析浅谈 http://m.bobao.360.cn/learning/appdetail/4009.html [Security_technology]Phoenix Talon 的详细分析 http://paper.seebug.org/327/ [Security_technology]Python爬虫之BeautifulSoup http://www.tuicool.com/articles/UneYzea [Security_technology]解包 APK http://www.tuicool.com/articles/Avy2qeU [Security_technology]如何通过Windows 10中的Guest帐户获取Admin权限(含视频) http://www.tuicool.com/articles/6jyqAfr [Security_technology]自动化挖掘 windows 内核信息泄漏漏洞 http://paper.seebug.org/324/?from=timeline [Security_technology]浅谈WAF绕过技巧 http://www.yilan.io/article/593cb6945d126b1d4116a68f [Security_technology]Set up your own malware analysis lab with VirtualBox, INetSim and Burp https://blog.christophetd.fr/set-up-your-own-malware-analysis-lab-with-virtualbox-inetsim-and-burp/ [Security_technology]论二级域名收集的各种姿势 http://sec-redclub.com/index.php/archives/551/ [Security_technology]Weblogic 常见漏洞环境的搭建及其利用链接 http://sec-redclub.com/index.php/archives/551/ [Security_technology]powershell版本的nc https://github.com/besimorhino/powercat [Security_technology]记一次ThinkPHP源码审计 http://www.tuicool.com/articles/RjQfu22 [Security_technology]三个案例看Nginx配置安全 http://www.tuicool.com/articles/Yb2eai3 [Security_technology]fshell - 基于机器学习的分布式webshell检测系统 https://github.com/Lingerhk/fshell [Security_technology]如何实现渗透过程中的 Fileless 反弹 shell https://0x00sec.org/t/running-binaries-without-leaving-tracks/2166 [Security_technology]渗透测试小技巧之过waf木马 http://www.tuicool.com/articles/vYza6zn [Security_technology]浅谈WLAN安全防护 | 绿盟科技博客 http://blog.nsfocus.net/talking-wlan-security/ [Security_technology]黑客入侵应急分析手工排查|技术讨论 https://xianzhi.aliyun.com/forum/read/1655.html [Security_technology]大型目标渗透-01入侵信息搜集 http://sec-redclub.com/index.php/archives/551/ [Security_technology]Samba远程代码执行漏洞(CVE-2017-7494)复现过程 http://fuping.site/2017/05/25/Samba-Remote-Code-Execution-Vulnerability-Replication/ 资源与工具分享: [Security_tools]网络扫描工具NMAP 7.50 http://toutiao.secjia.com/nmap-7-50-released?from=timeline&isappinstalled=0 [Security_tools]nmap接口界面,方面检索数据 https://github.com/RASSec/NMAP_INTERFACE [Security_tools]初识 Fuzzing 工具 WinAFL http://paper.seebug.org/323/?from=timeline [Security_tools]From Linux to AD https://medium.com/@br4nsh/from-linux-to-ad-10efb529fae9 [Security_tools]JArchitect 2017.1.3现在提供下载 http://www.jarchitect.com/jarchitectv2017 [Security_tools]TS-Security-Editor: Windows 远程桌面服务安全配置工具 http://t.cn/RSjP0FA [Security_tools]nessus更新插件经验 http://sec-redclub.com/index.php/archives/551/ [Security_tools]DeathStar:一键自动化域渗透工具(含演示视频) http://www.freebuf.com/sectool/136224.html [Security_tools]Lazydroid - 为评估 Android 应用程序提供方便的 Bash 脚本 http://t.cn/RSNotdr [Security_tools]PRET - 针对打印机的漏洞利用工具包 http://t.cn/RSNotDT [Security_tools]portspider - 轻量级的多线程极速网络扫描工具 http://www.kitploit.com/2017/06/portspider-lightning-fast-multithreaded.html]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F10%2F</url>
<content type="text"><![CDATA[title: 10date: 2018-1-16 19:05:18tags: 10 安全动态 安全技能 资源与工具分享安全动态: ThreatPost-“永恒之蓝”蠕虫传播攻击7个国家安全局: https://threatpost.com/eternalrocks-worm-spreads-seven-nsa-smb-exploits/125825/ kitploit-网络缓存欺骗攻击 : http://www.kitploit.com/2017/05/airachnid-burp-extension-burp-extension.html XPN-apt32钓鱼软件观点 :http://cache.xiaomiquan.com/201705/d473aebd76673b4819fb9772cc325cfccfd10f560ac5223baf21e76a54ba18e5/ Randy Westergren-XSS短信:黑客短信在Verizon的消息 :https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages/ 安全脉搏-DocuSign网站用户资料泄露 病毒团伙利用邮件疯狂作恶 :http://www.yilan.io/article/5921a1e05d126b1d41014bac FreeBuf-维基解密公开CIA Vault7系列中的间谍软件Athena文档 :http://www.freebuf.com/news/135324.html 第38届IEEE隐私与安全研讨会部分议题资料 :http://www.ieee-security.org/TC/SP2017/program.html 了解lot系统网络安全 :http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html Twitter任意账号发消息漏洞: http://www.zdnet.com/article/twitter-flaw-allowed-you-to-tweet-from-any-account/ 安全技术: XiphosResearch-Joomla 3.7.0 SQL注入测试攻击 : https://github.com/XiphosResearch/exploits/tree/master/Joomblah Nick Craver-堆栈溢出:一条漫长的路的尽头 :https://nickcraver.com/blog/2017/05/22/https-on-stack-overflow/ PentestLtd-psychoPATH隐藏式文件上传和LFI检测: https://github.com/PentestLtd/psychoPATH Android UI攻击+视频 http://cloak-and-dagger.org/ “斗篷和匕首”攻击,上帝模式,影响所有版本的Android :http://cloak-and-dagger.org/ 恶意Word文件获取系统访问权限:http://niiconsulting.com/checkmate/2017/05/getting-system-access-using-malicious-word-file/ Metasploit ms17_010测试Windows7-sp1-x64 https://astr0baby.wordpress.com/2017/05/23/bashbunny-with-metasploit-ms17_010_eternalblue-vs-windows-7-sp1-x64/ 绕过限制执行任意JavaScript代码-自编Rundll32利用 https://pentestlab.blog/2017/05/23/applocker-bypass-rundll32/ 七种dell注入思路 http://lallouslab.net/2017/05/15/7-dll-injection-techniques-in-the-microsoft-windows/ 反射攻击工作原理https://blog.cloudflare.com/reflections-on-reflections/ oss-sec - Java 多个开源 marshalling 库中存在的对象序列化漏洞研究 http://seclists.org/oss-sec/2017/q2/307?utm_source=dlvr.it&utm_medium=twitter Samba-CVE-2017-7494 漏洞分析 https://lists.samba.org/archive/samba-announce/2017/000406.html invoiceplane 1.4.10文件上传/跨站点脚本 https://packetstormsecurity.com/files/142639 入门级爬虫教程 https://mp.weixin.qq.com/s/3uYV6-tTXCOOsZ9K6uD5EA 绿盟-永恒之石EternalRocks蠕虫病毒处置手册 http://blog.nsfocus.net/eternalrocks-worm-virus-handbook/ 安全客-CVE-2017-0199结合powershell过杀软弹回meterpreter http://bobao.360.cn/learning/detail/3889.html 安全工具: WindowsExploits 脚本源码 :https://github.com/abatchy17/WindowsExploits WinSystemHelper 工具包: https://github.com/brianwrf/WinSystemHelper powershell工具:PsPunch https://github.com/vysec/PSPunch/blob/master/README.md 漏洞扫描器pyfiscan:本地Web应用程序漏洞扫描器 :https://github.com/fgeek/pyfiscan 开源扫描仪的工具箱:安全行业从业人员自研开源扫描器合集 :http://www.tuicool.com/articles/3mAFJnI WordPress测试框架 Ruby开发 :https://github.com/rastating/wordpress-exploit-framework 收集分析日志工具Invoke-Phant0m http://pentestit.com/invoke-phant0m-windows-event-log-killer/ Linux内核审计工具 http://www.droidsec.org/blogs/2017/05/22/a-simple-tool-for-linux-kernel-audits.html 从序列化到Shell:利用EL注入谷歌Web工具包 http://srcincite.io/blog/2017/05/22/from-serialized-to-shell-auditing-google-web-toolkit-with-el-injection.html KDE通杀root工具 https://github.com/stealth/plasmapulsar 打印机渗透测试工具 https://github.com/RUB-NDS/PRET PowerShell 脚本集合,可管理 AD、SCCM、Exchange 等多种应用 http://t.cn/RarFbm8 黑白之道-Vulhub:一键搭建漏洞测试环境 http://www.yilan.io/article/5921ee175d126b1d410172f8 shanks’s Blog-搭建ELK日志分析平台 http://www.tuicool.com/articles/JrEjMjv 用于无线网络和安全测试的工具书 http://seclist.us/boopsuite-a-suite-of-tools-written-in-python-for-wireless-auditing-and-security-testing.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29 网站开发者安全检查表 https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist/blob/master/README.md#database 移动安全指南 https://github.com/OWASP/owasp-mstg 小密圈加入方式如下我正在「红日俱乐部」和朋友们讨论有趣的话题,你一起来吧?http://t.xiaomiquan.com/JmQFmEq]]></content>
</entry>
<entry>
<title></title>
<url>%2F2019%2F10%2F20%2Fhongri%2F1%2F</url>
<content type="text"><![CDATA[title: 专注web及移动安全1date: 2018-1-16 19:05:18tags: 专注web及移动安全1 alert('xss');> alert('xss') alert(xss); alert("xss"); 1111111111111 [Twitter]Defeating CSRF Protections Through Expired cross-domain.xml Domains# https://blog.netspi.com/defeating-csrf-protections-expired-cross-domain-xml-domains/ [Twitter]Attacking Windows SMB Zero-Day Vulnerability# https://www.secureworks.com/blog/attacking-windows-smb-zero-day-vulnerability [Twitter]x86_64 - Random Listener Shellcode (54 bytes) [shellcode ]# http://0day.today/exploits/27142?utm_source=dlvr.it&utm_medium=twitter [Twitter]New Neutrino Bot comes in a protective loader# https://blog.malwarebytes.com/threat-analysis/2017/02/new-neutrino-bot-comes-in-a-protective-loader/ [Twitter]JEXBOSS V1.2.0 – JBOSS VERIFY AND EXPLOITATION TOOL. # http://seclist.us/jexboss-v1-2-0-jboss-verify-and-exploitation-tool.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29[Twitter]Detecting and Preventing Spear Pishing Attacks Using DNS# https://n0where.net/domain-name-typosquatting-crazyparser/[Twitter]WAF Security Benchmark: WAFPASS# https://n0where.net/waf-security-benchmark-wafpass/[Twitter]Bitdefender Bug Bounty 2016 - Cross Site Request Forgery Vulnerability# https://www.youtube.com/watch?v=jnNa4i01aok&feature=youtu.be&a[Twitter]Bypassing User Account Control (UAC) using TpmInit.exe# http://uacmeltdown.blogspot.jp/ [Twitter]Web Cache Deception Attack# http://omergil.blogspot.jp/2017/02/web-cache-deception-attack.html [Twitter]Abusing Google App Scripting Through Social Engineering# http://www.redblue.team/2017/02/abusing-google-app-scripting-through.html [Twitter]Analysis of a Simple PHP Backdoor# https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/ [Twitter]Demo of CloudPets toy functionality using Web Bluetooth# https://github.com/pdjstone/cloudpets-web-bluetooth/ [Twitter]We Interviewed Kali Linux Hacking Tool Developers! # https://hacker.equipment/interview-hackers/#ryandewhurst[微博]五大最前沿的实战主题,与Gopher大咖面对面 http://mp.weixin.qq.com/s/nkXA2BaE_5gric8HQFLLBA [微博]保护IoT设备上的数据:有哪些可用的加密工具? http://www.searchsecurity.com.cn/showcontent_94575.htm [微博]iOS10 适配 ATS(App支持https通过App Store审核) http://www.cocoachina.com/ios/20170228/18433.html[微博]Boston Key Party 2017 writeup http://www.melodia.pw/?p=771]]></content>
</entry>
</search>