Skip to content

先知社区文章的链接更新 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
J4chin wants to merge 10 commits into from
Closed

先知社区文章的链接更新 #9

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
6f7fa27
Update README.md
J4chin Apr 24, 2021
7bd7d19
Update README.md
J4chin Apr 24, 2021
113a923
Update README.md
J4chin Apr 24, 2021
3243a6e
Update README.md
J4chin Apr 24, 2021
23ffa07
Update README.md
J4chin Apr 24, 2021
4945ab0
Update README.md
J4chin Apr 24, 2021
2a29453
Update README.md
J4chin Apr 24, 2021
527e07e
Update README.md
J4chin Apr 24, 2021
7c0830d
Update README.md
J4chin Apr 24, 2021
ca986d3
Update README.md
J4chin Apr 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@
+ [mysql注入可报错时爆表名、字段名、库名](http://www.wupco.cn/?p=4117)
+ [高级SQL注入:混淆和绕过](http://www.cnblogs.com/croot/p/3450262.html)
+ [Mysql约束攻击](https://ch1st.github.io/2017/10/19/Mysql%E7%BA%A6%E6%9D%9F%E6%94%BB%E5%87%BB/)
+ [Mysql数据库渗透及漏洞利用总结 ](https://xianzhi.aliyun.com/forum/topic/1491/)
+ [Mysql数据库渗透及漏洞利用总结 ](https://xz.aliyun.com/t/1491/)
+ [MySQL绕过WAF实战技巧 ](http://www.freebuf.com/articles/web/155570.html)
+ [NetSPI SQL Injection Wiki](https://sqlwiki.netspi.com/)
+ [SQL注入的“冷门姿势” ](http://www.freebuf.com/articles/web/155876.html)
Expand Down Expand Up @@ -154,7 +154,7 @@
+ [Bypassing CSP using polyglot JPEGs ](http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html)
+ [Bypass unsafe-inline mode CSP](http://paper.seebug.org/91/)
+ [Chrome XSS Auditor – SVG Bypass](https://brutelogic.com.br/blog/chrome-xss-auditor-svg-bypass/)
+ [Cross site scripting payload for fuzzing](https://xianzhi.aliyun.com/forum/read/1704.html)
+ [Cross site scripting payload for fuzzing](https://xz.aliyun.com/forum/read/1704.html)
+ [XSS Without Dots](https://markitzeroday.com/character-restrictions/xss/2017/07/26/xss-without-dots.html)
+ [Alternative to Javascript Pseudo-Protocol](http://brutelogic.com.br/blog/alternative-javascript-pseudo-protocol/)
+ [不常见的xss利用探索](http://docs.ioin.in/writeup/wps2015.org/_2016_06_27__E4_B8_8D_E5_B8_B8_E8_A7_81_E7_9A_84xss_E5_88_A9_E7_94_A8_E6_8E_A2_E7_B4_A2_/index.html)
Expand Down Expand Up @@ -219,7 +219,7 @@
+ [XML实体注入漏洞的利用与学习](http://uknowsec.cn/posts/notes/XML%E5%AE%9E%E4%BD%93%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E5%AD%A6%E4%B9%A0.html)
+ [XXE注入:攻击与防御 - XXE Injection: Attack and Prevent](http://le4f.net/post/xxe-injection-attack_and_prevent)
+ [XXE (XML External Entity Injection) 漏洞实践](http://www.mottoin.com/101806.html)
+ [黑夜的猎杀-盲打XXE](https://xianzhi.aliyun.com/forum/read/1837.html)
+ [黑夜的猎杀-盲打XXE](https://xz.aliyun.com/t/122/)
+ [Hunting in the Dark - Blind XXE](https://blog.zsec.uk/blind-xxe-learning/)
+ [XMLExternal Entity漏洞培训模块](https://www.sans.org/freading-room/whitepapers/application/hands-on-xml-external-entity-vulnerability-training-module-34397)
+ [XXE被提起时我们会想到什么](http://www.mottoin.com/88085.html)
Expand All @@ -237,7 +237,7 @@
+ [JSONP注入解析 ](http://www.freebuf.com/articles/web/126347.html)
+ [JSONP 安全攻防技术](http://blog.knownsec.com/2015/03/jsonp_security_technic/)
+ [一次关于JSONP的小实验与总结](http://www.cnblogs.com/vimsk/archive/2013/01/29/2877888.html)
+ [利用JSONP跨域获取信息](https://xianzhi.aliyun.com/forum/read/1571.html)
+ [利用JSONP跨域获取信息](https://xz.aliyun.com/t/176)
+ [关于跨域和jsonp的一些理解(新手向)](https://segmentfault.com/a/1190000009577990)
+ [水坑攻击之Jsonp hijacking-信息劫持](http://www.mottoin.com/article/web/88237.html)

Expand Down Expand Up @@ -314,7 +314,7 @@
### redis
+ [利用redis写webshell](https://www.leavesongs.com/PENETRATION/write-webshell-via-redis-server.html)
+ [Redis 未授权访问配合 SSH key 文件利用分析](http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/)
+ [redis未授权访问漏洞利用总结](https://xianzhi.aliyun.com/forum/read/750.html)。
+ [redis未授权访问漏洞利用总结](https://xz.aliyun.com/t/256)。
+ [【应急响应】redis未授权访问致远程植入挖矿脚本(防御篇) ](https://mp.weixin.qq.com/s/eUTZsGUGSO0AeBUaxq4Q2w)

## RPO(relative path overwrite)
Expand Down Expand Up @@ -414,13 +414,13 @@
+ [Struts2 命令执行系列回顾](http://www.zerokeeper.com/vul-analysis/struts2-command-execution-series-review.html)

### java-Web代码审计
+ [JAVA代码审计的一些Tips(附脚本)](https://xianzhi.aliyun.com/forum/topic/1633/)
+ [JAVA代码审计的一些Tips(附脚本)](https://xz.aliyun.com/t/1633/)
+ [Java代码审计连载之—SQL注入](https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=22170&highlight=Java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E8%BF%9E%E8%BD%BD)
+ [Java代码审计连载之—任意文件下载](https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=23587&highlight=Java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E8%BF%9E%E8%BD%BD)
+ [Java代码审计连载之—XSS](https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=22875&highlight=Java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E8%BF%9E%E8%BD%BD)
+ [Java代码审计连载之—添油加醋](https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=25475&highlight=Java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E8%BF%9E%E8%BD%BD)
+ [JAVA安全编码与代码审计.md](https://github.com/Cryin/JavaID/blob/master/JAVA%E5%AE%89%E5%85%A8%E7%BC%96%E7%A0%81%E4%B8%8E%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md)
+ [Java代码审计PPT ](https://xianzhi.aliyun.com/forum/read/1904.html)
+ [Java代码审计PPT ](https://xz.aliyun.com/t/1073)

### 其他

Expand Down Expand Up @@ -464,7 +464,7 @@
+ [WAF绕过参考资料](http://www.mottoin.com/100887.html)
+ [浅谈WAF绕过技巧](http://www.freebuf.com/articles/web/136723.html)
+ [addslashes防注入的绕过案例](https://xianzhi.aliyun.com/forum/read/753.html?fpage=6)
+ [浅谈json参数解析对waf绕过的影响](https://xianzhi.aliyun.com/forum/read/553.html?fpage=8)
+ [浅谈json参数解析对waf绕过的影响](https://xz.aliyun.com/t/306)
+ [WAF攻防研究之四个层次Bypass WAF](http://weibo.com/ttarticle/p/show?id=2309404007261092631700)
+ [使用HTTP头去绕过WAF ](http://www.sohu.com/a/110066439_468673)
+ [会找漏洞的时光机: Pinpointing Vulnerabilities](https://www.inforsec.org/wp/?p=1993)
Expand All @@ -487,14 +487,14 @@
+ [渗透测试向导之子域名枚举技术](http://www.freebuf.com/articles/network/161046.html)
+ [实例演示如何科学的进行子域名收集](http://bobao.360.cn/learning/detail/4119.html)
+ [【渗透神器系列】搜索引擎 ](http://thief.one/2017/05/19/1/)
+ [域渗透基础简单信息收集(基础篇)](https://xianzhi.aliyun.com/forum/read/805.html)
+ [域渗透基础简单信息收集(基础篇)](https://xz.aliyun.com/t/237)
+ [内网渗透定位技术总结](http://docs.ioin.in/writeup/www.mottoin.com/_92978_html/index.html)
+ [后渗透攻防的信息收集](https://www.secpulse.com/archives/51527.html)
+ [安全攻城师系列文章-敏感信息收集](http://www.mottoin.com/99951.html)
+ [子域名枚举的艺术](http://www.mottoin.com/101362.html)
+ [论二级域名收集的各种姿势](https://mp.weixin.qq.com/s/ardCYdZzaSjvSIZiFraWGA)
+ [我眼中的渗透测试信息搜集](https://xianzhi.aliyun.com/forum/read/451.html?fpage=2)
+ [大型目标渗透-01入侵信息搜集](https://xianzhi.aliyun.com/forum/read/1675.html)
+ [我眼中的渗透测试信息搜集](https://xz.aliyun.com/t/339)
+ [大型目标渗透-01入侵信息搜集](https://xz.aliyun.com/t/155)
+ [乙方渗透测试之信息收集](http://www.cnnetarmy.com/%E4%B9%99%E6%96%B9%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E4%B9%8B%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/)
+ [挖洞技巧:信息泄露之总结](https://www.anquanke.com/post/id/94787)

Expand All @@ -519,10 +519,10 @@
+ [Cobalt strike在内网渗透中的使用 ](http://www.freebuf.com/sectool/125237.html)
+ [反向socks5代理(windows版)](http://x95.org/archives/reverse-socks5-proxy.html)
+ [Windows渗透基础](http://www.mottoin.com/89355.html)
+ [通过双重跳板漫游隔离内网](https://xianzhi.aliyun.com/forum/read/768.html)
+ [通过双重跳板漫游隔离内网](https://xz.aliyun.com/t/249)
+ [A Red Teamer's guide to pivoting](https://artkond.com/2017/03/23/pivoting-guide/)
+ [穿越边界的姿势 ](https://mp.weixin.qq.com/s/l-0sWU4ijMOQWqRgsWcNFA)
+ [内网端口转发及穿透](https://xianzhi.aliyun.com/forum/read/1715.html)
+ [内网端口转发及穿透](https://xz.aliyun.com/t/142)
+ [秘密渗透内网——利用 DNS 建立 VPN 传输隧道](http://www.4hou.com/technology/3143.html)
+ [Reverse Shell Cheat Sheet](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)
+ [我所了解的内网渗透——内网渗透知识大总结](https://www.anquanke.com/post/id/92646)
Expand All @@ -532,7 +532,7 @@
+ [Splash SSRF到获取内网服务器ROOT权限](http://bobao.360.cn/learning/detail/4113.html)
+ [Pivoting from blind SSRF to RCE with HashiCorp Consul](http://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html)
+ [我是如何通过命令执行到最终获取内网Root权限的 ](http://www.freebuf.com/articles/web/141579.html)
+ [信息收集之SVN源代码社工获取及渗透实战](https://xianzhi.aliyun.com/forum/read/1629.html)
+ [信息收集之SVN源代码社工获取及渗透实战](https://xz.aliyun.com/t/165)
+ [SQL注入+XXE+文件遍历漏洞组合拳渗透Deutsche Telekom](http://paper.seebug.org/256/)
+ [渗透 Hacking Team](http://blog.neargle.com/SecNewsBak/drops/%E6%B8%97%E9%80%8FHacking%20Team%E8%BF%87%E7%A8%8B.html)
+ [由视频系统SQL注入到服务器权限](https://bbs.ichunqiu.com/thread-25827-1-1.html?from=sec)
Expand Down Expand Up @@ -582,7 +582,7 @@
+ [Tomcat服务器安全配置](http://foreversong.cn/archives/816)
+ [互联网企业安全之端口监控 ](https://mp.weixin.qq.com/s/SJKeXegWG3OQo4r0nBs7xQ)
+ [Linux应急响应姿势浅谈](http://bobao.360.cn/learning/detail/4481.html)
+ [黑客入侵应急分析手工排查](https://xianzhi.aliyun.com/forum/read/1655.html)
+ [黑客入侵应急分析手工排查](https://xz.aliyun.com/t/1140)
+ [企业常见服务漏洞检测&修复整理](http://www.mottoin.com/92742.html)
+ [Linux基线加固](https://mp.weixin.qq.com/s/0nxiZw1NUoQTjxcd3zl6Zg)
+ [Apache server security: 10 tips to secure installation](https://www.acunetix.com/blog/articles/10-tips-secure-apache-installation/)
Expand Down