Security_Learning

Security_Learning

Project address: Security_Learning

Share some good projects you encounter in your daily work and life, including all aspects of safety, suitable for safety practitioners/learners to read

I hope this project can accompany everyone's study and life~

Continuously updated ~

• Experience
  • Career Planning and Development
  • Some face scriptures
  • Life
    • House purchase knowledge
    • other
• Web Security
  • Enterprise safety construction
  • Host Security
  • Container security
  • Development security
    • SDL
    • scanner
    • Honey jar
    • JAVA Security
      • Resequence
      • Struct2
      • JavaWeb
      • Solr
      • Fastjson
      • Shiro
      • Jenkins
      • other
    • Python Security
    • PHP security
    • Node-js security
  • Vulnerability related
    • sql injection
    • XSS cross-site scripting attack
    • CSRF cross-site request forgery
      • Other front-end security
    • SSRF server-side request forgery
    • XXE (xml external entity injection)
    • JSONP injection
    • SSTI server template injection
    • Code Execution/Command Execution
    • File contains
    • File upload/parsing vulnerability
    • Logical vulnerability
    • PHP related
    • CORS vulnerability
    • DDOS
    • Other vulnerabilities
    • SRC vulnerability mining
  • Safety Testing
    • Information collection
    • Infiltration combat
    • Penetration skills
      • Intranet penetration
      • WAF offense and defense
      • File-free attack
      • Elevate rights
  • Safe operation and maintenance
  • Others
    • RASP
    • Other
• Binary security
  • IOT Security
  • Mobile Security
    • Frida related article collection
    • Related to shelter removal
    • Game Security Series
    • Strange tricks
    • Good cutting-edge article archives
    • Safe development
    • Reverse
• CTF
  • Skill summary
  • CTF PWN

• Career planning for safety practitioners
• My career thinking in Tencent for eight years
• Master Zhuo Zhuo: I have been with PDF for three years
• Programmer's Public Examination Guide
• Notes on internal skills and self-cultivation of wild front-end coders

• sec-interview
• Ten thousand words guide, detailed explanation of Tencent interview
• Information security internship and campus recruitment
• Information security interview list
• Summary of information security interview questions
• Tencent and Alibaba internship mobile security interview
• 404notfound'blog
• yulige's blog
• yangrz's blog

• Knowledge Sharing of House Purchase in Beijing
• Shanghai home buying knowledge sharing
• Share knowledge about buying a house in Hangzhou

• Invest in regular-investing-in-box

• Web Security Learning Notes
• How Web security researchers are made
• Best articles in web security
• Web security offense and defense practical battle

• Enterprise Security Construction - Software Supply Chain

• Meituan Distributed HIDS Cluster Architecture Design
• Osquery architecture design analysis
• ATT&CK Defense Escape
• Observe the behavior of the system through eBPF
• Osquery official documentation
• Use Osquery to monitor rebound shells
• Security operation process
• Linux bash command audit
• Linux permission elevation detection
• Ali Cloud Security Alarm Center Detection Items
• AgentSmith-HIDS
• Elkied-HIDS
• Yulong-HIDS
• Linux intrusion detection process creation monitoring
• Linux Hook method summary

• Tencent Security: Cloud-native vulnerability mining and utilization in the Red and Blue Confrontation
• k0otkit: Hack K8s in a K8s Way
• Container penetration tools
• CIS2020-Attack-in-a-Service-Mesh-Public
• Utilization of K8s penetration test etcd
• kubernetes cluster penetration test

• Developer Security Guide
• Summary of computer programming books

• All stages of SDL
• SDL development security life cycle management
• In-depth exploration and practice of SDL
• The road to SDL exploration
• Lite version of SDL implementation practice
• Books worth reading securitypaper about SDL
• SDL construction-three-party dependency library scanning system
• Fintech SDL security design checklist

• The road to self-development of black box scanners (I) - Kankan Architecture
• The road to self-development: The ten-year journey of Tencent vulnerability scanning system
• Xiaomi Security: Vulnerability Scanning Techniques for Web Vulnerability Scanner
• Ctrip's road to safety automation testing
• Self-developed black box scanner
• Discussing the design and development of vulnerability scanners
• Scanner iteration notation for security development: W9Scan
• XSS Scanner Growth Note

• Honeypot open source technology collection

• Modern honeynet integrates a variety of honeypot installation scripts, which can be quickly deployed and used, and can also quickly collect data from nodes.

• T-POT, which uses docker technology to realize the combination of multiple honeypots, and cooperates with ELK for research and data capture.

• T-Pot multi-honey pot platform usage method

• Replace the one-click installation script of fork's T-POT honeypot with domestic acceleration mirror

• Web Honeypot Intranet Monitoring

  • https://github.com/micheloosterhof/cowrie py2 uses ELK (ElasticSearch, LogStash, Kibana) for data analysis, currently supports ssh, telnet, sftp and other protocols.
  • https://github.com/mushorg/snare py3, web security honeypot, can clone specified web pages
  • https://github.com/honeynet/beeswarm py, use agent probes to interact with honeypots in real time to lure attackers
  • https://github.com/thinkst/opencanary PY2,SNMPRDPSAMBA Honey Can
  • https://github.com/p1r06u3/opencanary_web PY, TORNADO, intranet low-interaction honeypot. Supports automated installation, currently supports common 16 protocols, and is now a probe/honeypot-management architecture. You can consider secondary development as a probe-sandbox-management architecture.
  • https://github.com/p1r06u3/opencanary_web
  • https://github.com/Cymmetria Famous Deception Honeypot Organization. Struct, weblogic, telnet, Cisco ASA, Micros and other simulated honeypots
  • https://github.com/Cymmetria/honeycomb Cymmetria company open source honeypot framework, low interaction
  • https://github.com/honeytrap/honeytrap Extensible honeypot framework, supporting probe deployment and high-interaction honeypot
  • https://gosecure.net/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera/ RDP MITM, creating an RDP honeypot that can record images and keys (https://github.com/gosecure/pyrdp)

• Camera honeypot

  • https://github.com/alexbredo/honeypot-camera camera honeypot. tornado simulates WEB service, pictures replace videos, you can consider adding more pictures and buttons in the later stage
  • https://github.com/EasyDarwin/EasyIPCamera C, RTSP server component is used to build camera honeypots

• Industrial honey can

  • https://github.com/sjhilt/GasPot Simulated oil-electric gas industrial control system
  • https://github.com/djformby/GRFICS IoT Industrial Simulation System Simulation Framework, using MODBUS protocol to monitor and control PLC virtual machines
  • https://github.com/RabitW/IoTSecurityNAT IoT testing system, which facilitates quick access to various devices and conducts security testing.
  • https://github.com/mushorg/conpot Low-interactive industrial honeypot for ICS/SCADA, simulates Modbus and S7comm

• JAVA security SDK and coding specifications
• JAVA Security Coding Specification
• Java Code Audit Series Articles

• Java_JSON Deserialization Sorrow_Watch the Snow Security Developer Summit
• View Java anti-sequence vulnerability from the construction of reflective chain
• Java deserialization vulnerability from understanding to practice
• Java Serialization and Deserialization Security Analysis
• Java-Deserialization-Cheat-Sheet
• How to attack Java deserialization process
• Deep understanding of JAVA deserialization vulnerabilities
• Attacking Java Deserialization
• Detailed analysis of jackson deserialization
• Analysis of deserialization vulnerability in Java security
• Fastjson deserialization vulnerability POC analysis
• Apache Commons Collections Deserialization Vulnerability Learning

• Struts2 Command Execution Series Review

java-Web code audit

• A weekly documentary of Java Web Code Audit: 6 CNVD general vulnerabilities
• Some Tips for JAVA code audit (with scripts)
• Java code audit serialization—SQL injection
• Java code audit serialization - download any file
• Java code audit serialization—XSS
• Java code audit serialization - add fuel to the vinegar
• JAVA Security Coding and Code Audit.md
• Java code audit PPT

• Skay: Apache Solr component security overview

• History of Fastjson deserialization vulnerability

• Apache Shiro deserialization to identify those things

• Jenkins Unauthorized Code Execution Vulnerability Analysis

• About JNDI Injection
• Amplify the attack surface of Java auditing layer by layer
• Let's talk about SQL injection from a Java perspective
• From the perspective of Java, deeply analyze the thief who cannot be guarded against - "XSS"
• Is your Java web configuration safe?
• spring any file reading
• Several ways to execute arbitrary shell commands in Runtime.getRuntime().exec(String cmd)

• Python-100-Days

• python web security summary

• Defencely Clarifies Python Object Injection Exploitation

• Exploiting Python Deserialization Vulnerabilities

• Exploring and exploiting deserialization vulnerability with Python(EN)

• Python PyYAML deserialization vulnerability experiment and Payload construction

• Python formatted string vulnerability (Django as an example)

• format injection

• Be Careful with Python's New-Style String Format

• Python urllib HTTP header injection vulnerability

• Hack Redis via Python urllib HTTP Header Injection

• Some Bypass ideas under Python Waf blacklist filtering

• N poses for Python sandbox escape

• Using memory corruption to achieve Python sandbox escape

• Python Sandbox Bypass

• pyt: Source code static analysis tool for Python applications

• Exploiting Python PIL Module Command Execution Vulnerability

• File decompression is better than code execution in Python

• Crawler series

  • From Beginner to Mastery
  • Write Python crawlers from scratch
  • Analysis of crawler and anti-crawler technology
  • Practice of missing sweep dynamic crawler

• Python sandbox escape

  • Python sandbox escape memo--by Master K0rz3n
  • Python sandbox escape Payload collection--by Master Wang Yihang
  • Some simple summary of Python sec--by Master Bendawang
  • Learn Python sandbox escape from a CTF question
  • N poses for Python sandbox escape

PHP security SDK and coding specifications

• A brief discussion on the security issues of Node.js Web
• node.js - postgres from injection into Getshell
• Pentesting Node.js Application: Nodejs Application Security (need to overturn the wall)
• Learning from scratch to penetrate Node.js application
• I encountered a magical "bug" with space URLs in Node.js - a small-scale in-depth HTTP protocol

• Open Source Vulnerability Library
  • Before 2016, Dark Cloud Drops article, public vulnerability details article
  • Before 2016, Dark Cloud Drops article, public vulnerability details article
  • Public vulnerability details article
  • Details of Tongcheng Security Public Vulnerability Articles
  • China's National Industrial Control Vulnerability Library
  • The National Industrial Control Vulnerability Library
  • Green Alliance Vulnerability Library, including Industrial Control
  • Vinut Agent Control Vulnerability Library
  • CVE Chinese Industrial Control Vulnerability Library
  • CVE vulnerability library maintained by MITRE in the United States
  • Vulnerability Library for Offensive Security in the United States
  • The National Information Security Vulnerability Library
• Some vulnerable intelligence websites
• CVE-2020: Some vulnerabilities sorted out in 2020
• Compilation of some key system vulnerabilities that are easily attacked in the Red Team
• Summary of loopholes in Baige Library

Principle - Master SQL injection in practice Why can parameterized queries prevent SQL injection?

MySql

• Ability to read any file through MySQL LOAD DATA feature
• MySQL False Injection and Skills Summary
• MySQL Injection Attack and Defense
• Sql Injection Learning Summary
• Several poses of SQL injection defense and bypass
• MySQL side-domain skills
• MySQL injection can report errors with table name, field name, and library name
• Advanced SQL Injection: Obfuscation and Bypass
• Mysql constraint attack
• Summary of Mysql database penetration and vulnerability utilization
• MySQL bypass WAF practical skills
• NetSPI SQL Injection Wiki
• "Unpopular Position" Injected by SQL
• Three accelerated injection methods for time delay blind injection mysql
• Efficient SQL blind based on time - using MySQL's bit operator
• Mysql UDF BackDoor
• MySQL brackets are filtered blind
• SSRF To RCE in MySQL
• MySQL-Blind Annotation Analysis
• Mysql character encoding techniques
• MySQL Injection in Update, Insert and Delete

MSSQL

• The process of obtaining WEBSHELL with MSSQL DBA permissions
• MSSQL Injection Attack and Defense
• CLR utilization technology in SQL Server
• Two ways to execute commands and get echoes without MSSQL

PostgreSQL

• How to use postgresql database
• PostgreSQL Penetration Testing Guide
• Use postgresql getshell in penetration

MongoDB

• Understand MongoDB's actual offensive and defense battle in ten minutes
• MongoDB Security – PHP Injection Detection
• Technology sharing: How to Hacking MongoDB?
• MongoDB security, injection attack in php
• A case study of MongoDB injection attack

Skill

• My WafBypass (SQL Injection)
• Bypass 360 Host Guard SQL Injection Defense
• SQL Injection's Sexy Pose
• Summary of some experiences in SQL injection in CTF competition
• How to bypass the libinjection of WAF/NGWAF to implement SQL injection
• HackMe-SQL-Injection-Challenges
• Bypass WAF injection
• Share the injected defense ideas of bypassGET and POST
• General ideas and weird techniques of SQL injection
• Beyond SQLi: Obfuscate and Bypass
• The practical battle of Dnslog in SQL injection
• SQL Injection: How to bypass CSRF tokens via Python CGIHTTPServer
• BypassD Shield IIS Firewall SQL Injection Defense (Multi-pose)

tool

• How much do you know about the tamper that comes with SQLmap?
• The use of sqlmap--- comes with bypass script Tamper
• sql injection using burp macros and sqlmap bypassing csrf protection for sql injection
• sqlmap usage summary
• SQLmap tamper script comments
• Secondary SQL injection via Burp and custom Sqlmap Tamper
• SQLMAP JSON format detection
• Note a summary of SQLmap User Manual (I)
• Note a summary of SQLmap user manual (II)

• Talk about the same-original strategy attack and defense
• Let's talk about the same origin strategy
• A summary of cross-domain methods
• Front-end security series (I): How to prevent XSS attacks?
• A brief discussion on cross-site scripting attack and defense
• Cross-site art - Introduction to XSS and introduction
• DOMXSS Wiki
• XSS Bypass Cookbook
• Content Security Policy Introduction Tutorial
• From Swiss Army Knife to Transformers-XSS Attack Surface Expansion
• Front-end defense from entry to abandonment - CSP change
• Several interesting ideas under strict CSP (34c3 CTF)
• Bypassing CSP using polyglot JPEGs
• Bypass unsafe-inline mode CSP
• Chrome XSS Auditor – SVG Bypass
• Cross site scripting payload for fuzzing
• XSS Without Dots
• Alternative to Javascript Pseudo-Protocol
• Uncommon xss utilization exploration
• XSS attack alternative gameplay
• XSS Disguise---Bypass's Coding Confusion-Assisted Script Writing
• Xssing Web With Unicodes
• Electron hack — Cross-platform XSS
• XSS without HTML: Client-Side Template Injection with AngularJS
• Modern Alchemy: Turning XSS into RCE
• Prophet XSS Challenge - L3m0n Writeup
• SheepSec: 7 Reflected Cross-site Scripting (XSS) Examples
• Browser's XSS Filter Bypass Cheat Sheet
• Use JavaScript to bypass XSS filtering
• XSS cross-site script detection and utilization
  • XSS Awesome Series
  • A very comprehensive xss toolkit and information
  • XSS Vulnerability Payload List
  • Classic xss utilization framework
  • Beef-like xss utilization framework
  • The xss utilization framework created by the Blue Lotus Team for CTF
  • Generate xss payload based on specific tags
  • Cosine-written xss using auxiliary tools
  • XSS scanning tool that recognizes and bypasses WAF
  • Go, use the xss vulnerability to return a js interactive shell
  • Use the xss vulnerability to return a js interactive shell
  • An XSS scanner that can inject parameters violently
  • Small XSS scanner can also detect CRLF, XSS, and click hijacking
  • Reflective xss scan of PHP version
  • Batch scan of XSS python scripts
  • Browser plug-in that automates the detection of pages for XSS and CSRF vulnerabilities
  • XSS batch detection using the command line
  • Efficient XSS scanner that supports GET and POST methods
  • If it cannot be used under kali, please download the correct PhantomJS to the directory thirdparty/phantomjs/Linux
  • flash xss scan
  • Targeting reflections in a website XSS
  • Automated use of XSS to invade the intranet

• Wiping Out CSRF
• CSRF Attack and Defense
• Use code to explain the dangers and defense of Csrf vulnerabilities
• Deficiencies and reflections on Cookie-Form CSRF defense mechanism
• Some thoughts about JSON CSRF
• Exploiting JSON Cross Site Request Forgery (CSRF) using Flash
• A brief discussion on Session mechanism and CSRF offense and defense
• CSRF Fancy Bypass Referer Tips
• CSRF skills in major SRCs
• White Hat Hole Digging—Cross-site Request Forgery (CSRF)
• Read-type CSRF - Content hijacking that requires interaction

• In HTML, closed priority magic tags
• JavaScript Dangerous Functions (Part 1) - HTML Manipulation
• Extended attack surface of safari local file reading vulnerability
• Exploiting ReactJS applications with script injection vulnerability
• JSON hijacking tips for contemporary web
• View front-end code security from WeChat applet

• SSRF Security Guide North
• SSRF:CVE-2017-9993 FFmpeg - AVI - HLS
• SSRF (server-side request forgery) test resources
• Build Your SSRF Exploit Framework SSRF
• Analysis of SSRF attack instance
• SSRF vulnerability analysis and utilization
• Experience in mining SSRF vulnerabilities
• Utilization and learning of SSRF vulnerabilities
• Summary of several ways to bypass IP restrictions in SSRF vulnerability
• Use the SSLF vulnerability to obtain DNS information inside Google
• What is Server Side Request Forgery (SSRF)?
• Use DNS Rebinding to Bypass SSRF in Java
• SSRF in JAVA
• DNS Rebinding technology bypasses SSRF/Proxy IP restrictions
• Several python scripts exploited by Discuz SSRF
• Discuz X series portal article function SSRF vulnerability mining and analysis
• SSRF to GET SHELL
• SSRF Tips

• An article will help you understand the XXE vulnerabilities in depth
• Detailed explanation and audit of XXE vulnerabilities between PHP and JAVA
• A brief discussion on XXE vulnerability attack and defense
• XXE vulnerability analysis
• XML entity injection vulnerability attack and defense
• Utilization and learning of XML entity injection vulnerabilities
• XXE Injection: Attack and Prevent
• XXE (XML External Entity Injection) Vulnerability Practice
• Hunting in the Night - Blindly Kill XXE
• Hunting in the Dark - Blind XXE
• XMLExternal Entity Vulnerability Training Module
• How to explore XXE injection vulnerabilities in Uber websites
• What do we think of when XXE is mentioned
• Simple understanding and testing of XXE vulnerabilities
• My opinion on XXE vulnerability attack and defense
• Some tips for exploiting XXE vulnerabilities
• Magical Content-Type - Playing XXE attack in JSON
• XXE-DTD Cheat Sheet
• XML? Be cautious!
• XSLT Server Side Injection Attacks
• Java XXE Vulnerability
• xml-attacks.md

• JSONP injection parsing
• JSONP security attack and defense technology
• A small experiment and summary about JSONP
• Use JSONP to obtain information across domains
• Some understandings about cross-domain and jsonp (newbies)
• Jsonp hijacking - Information Hijacking

• Jinja2 template injection filter bypasses
• Flask injection
• A brief analysis of server-side template injection attack (SSTI)
• Exploring SSTI in Flask/Jinja2
• Research on server injection problems encountered in Flask Jinja2 development
• Research on server injection problems encountered in FlaskJinja2 development II
• Exploring SSTI in Flask/Jinja2, Part II
• Injecting Flask
• Server-Side Template Injection: RCE for the modern webapp
• Exploiting Python Code Injection in Web Applications
• Execute arbitrary code in Jinja2 templates using Python features
• Python template string and template injection
• Ruby ERB Template Injection
• Server-side template injection attack

• Talking about PHP arbitrary code execution and defense from PHP source code and extension development
• Command Injection/Shell Injection
• PHP Code Injection Analysis
• Use the environment variable LD_PRELOAD to bypass php disable_function to execute system commands
• Hack PHP mail additional_parameters
• Detailed analysis of the exploitation techniques of PHP mail() function
• The bloody case caused by improper use of mail() function in PHP application development
• BigTree CMS - Bypass CSRF filter and execute code with PHPMailer
• RCE based on time feedback
• System command execution vulnerability caused by inappropriate use of regular expressions
• Command injection breaks through length limit

• PHP file contains vulnerabilities
• Turning LFI into RFI
• PHP file contains vulnerability summary
• Common files include scenarios and defenses
• Cloud-based local file contains vulnerabilities
• Zip or Phar protocol contains files
• File contains vulnerability one
• File contains vulnerability 2

• File upload and WAF attack and defense
• My WafBypass (upload)
• File upload vulnerability (bypass pose)
• Server resolution vulnerability
• File upload summary
• File upload bypass posture summary
• To the best possible analysis of uploading source code and exploit methods
• Test the upload function from XSSer's perspective
• Logical upload vulnerability mining for code audit
• Penetration test methodology file upload
• Some explorations on file name resolution
• Web Security—Upload vulnerability bypass

• A couple more common OAuth 2.0 vulnerabilities
• Logical upload vulnerability mining for code audit
• Logic first—including all kinds of cool poses
• Analysis of common logic vulnerabilities in web security testing (Practical article)
• Logical vulnerability password reset
• Logical vulnerability of payment vulnerability
• Logical vulnerability for overriding access
• Summary of logical vulnerabilities for password recovery
• Some common password reset vulnerabilities analysis and sorting out
• Summary of password logic vulnerabilities
• Logical vulnerability mining
• tom0li: Logical vulnerability summary

Weak type

• From weak type utilization and object injection to SQL injection
• Security issues of the "==" operator in PHP
• Summary of PHP weak type safety issues
• A brief discussion on PHP weak type safety
• The security issue of php comparison operators

Random number problem

• PHP mt_rand() random number security
• Cracking PHP rand()
• Random numbers in php
• php_mt_seed - PHP mt_rand() seed cracker
• The GLIBC random number generator
• A CTF question for pseudo-random number

Pseudo-Protocol

• Talk about the wonderful uses of php://filter
• php pseudo protocol
• Use the Gopher protocol to expand the attack surface
• PHP pseudo-protocol Phar protocol (bypassed included)
• PHP pseudo-protocol analysis and application
• Learn about security issues of LFI, RFI, and PHP packaging protocols

Serialization

• PHP deserialization vulnerability
• A brief discussion on php deserialization vulnerability
• Causes of PHP deserialization vulnerabilities and vulnerability mining techniques and cases

PHP Code Audit

• PHP Vulnerability Mining-Advanced Chapter
• On common vulnerabilities in PHP
• A brief discussion on the introduction to code auditing: the latest version of the audit journey of a certain blog system
• PHP Code Audit Tips in ctf
• PHP code audit tips
• Code auditing for file overreach and file upload search techniques
• PHP Code Audit Introduction Collection
• PHP code audit learning
• PHP vulnerability mining ideas - Example
• PHP vulnerability mining ideas - Example Chapter 2
• A brief discussion on the introduction to code auditing: the latest version of the audit journey of a certain blog system
• PHP Code Audit Summary (I)
• 2018 PHP Application Security Design Guide

php mail header injection

• What is Email Header Injection?
• PHP Email Injection Example

other

• Summary of ideas for Php Shell Bypass
• Decrypt PHP's eval based encryption with debugger
• Upgrade from LFI to RCE via PHP Sessions
• Xdebug: A Tiny Attack Surface
• Exploitable PHP functions
• Talking about PHP formatting string issues from WordPress SQLi
• php & apache2 & some dark magic between operating systems
• PHP Memory Crush Vulnerability Exp Writing and Disable Functions Bypass
• Mining PHP disable functions bypass exploitation poses
• PHP backdoor composed of .user.ini file

• Complete guide to cors safety

• DDoS offensive and defense supplement
• A little idea of ​​reflecting DDOS attack defense
• Summary of DDOS attack methods
• DDoS defense and DDoS protection methods, please help me see if these 7 statements are reliable.
• DDoS defense and DDoS protection see what individual webmasters, Guoke.com and security companies say
• DDoS Defense: Large Traffic DDoS Protection Solution and Calculator Estimate Loss
• freeBuf column
• Handling of CC attacks

• API security testing

  • API security test 31 Tips

• CDN2021 Complete Attack Guide

  • CDN 2021 Complete Attack Guide (I)
  • CDN 2021 Complete Attack Guide (II)
  • CDN 2021 Complete Attack Guide (III)
  • https://github.com/bin-maker/2021CDN/

• RPO(relative path overwrite)

  • A preliminary study on Relative Path Overwrite
  • Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities
  • RPO
  • A few RPO exploration techniques

• Web Cache

  • A brief analysis of Web Cache spoofing attacks

• redis

  • Write webshell using redis
  • Redis Unauthorized Access with SSH key file utilization analysis
  • Redis Unauthorized Access Vulnerability Exploit Summary.
  • [Emergency Response] Redis Unauthorized Access to Remote Implant Mining Script (Defense Chapter)

• Web Sleep Notes

• Summary of common web source code leakage

• Github information leakage upgraded case

• Hacking iSCSI

• Technical details: Web-based LDAP injection vulnerability

• Summary of unauthorized access vulnerabilities

• Detection and utilization of unauthorized access vulnerabilities

• Practical SRC Vulnerability Mining Techniques
• Business Vulnerability Mining Notes
• An interesting arbitrary password reset
• Remember the "five degrees of plum blossom" of SMS verification code
• Digging experience | See how I comprehensively exploit 4 vulnerabilities to implement remote code execution of GitHub Enterprise
• Share ideas for public welfare SRC mining from the first list

• Web Service Penetration Testing From Beginner to Mastery
• Penetration standards
• Penetration Testing Tools Cheat Sheet

• OneForAll is a powerful subdomain collection tool
• See how I collect whois information on the IP of the entire network
• A brief discussion on information collection in web penetration testing
• Penetration testing tutorial: How to detect targets and collect information?
• Summary of ideas and techniques of the web vulnerability scanner (domain name information collection)
• The art of subdomain
• Penetration Test Wizard's subdomain name enumeration technology
• Examples demonstrate how to scientifically collect subdomain names
• 【Pepsizing Artifact Series】Search Engine
• Simple information collection for domain penetration basics (basics)
• Summary of intranet penetration positioning technology
• Information collection of post-infiltration offense and defense
• Safety Siege Series Articles - Sensitive Information Collection
• The art of subdomain enumeration
• On the various postures of collecting secondary domain names
• Penetration test information collection in my eyes
• Large-scale target penetration-01 intrusion information collection
• Information collection of Party B penetration test
• Tips for digging: Summary of information leakage

• Splash SSRF to obtain ROOT permissions for intranet servers
• Pivoting from blind SSRF to RCE with HashiCorp Consul
• How do I get the intranet root permissions through the command to the end
• Information collection of SVN source code social worker acquisition and penetration practice
• SQL injection-XXE-File traversal vulnerability combination punch penetrates Deutsche Telekom
• Infiltrate Hacking Team
• Permissions injected into the server by the video system SQL
• From Serialized to Shell :: Exploiting Google Web Toolkit with EL Injection
• A brief discussion on the practical battle of penetration testing
• Penetration test study notes case 1
• Penetration test study notes case 2
• Penetration test study notes case four
• Record an intranet penetration
• fishing:
  • The idea of ​​fishing infrastructure automation
  • Fishing frame - gophish
  • How to send phishing emails in batches
  • Fishing drills and pit breaking notes

• Summary of domain penetration knowledge
• Powershell attack guide---The way to infiltrate after hacking
• Party B Penetration Test Fuzz Blasting
• Domain penetration artifact Empire installation and simple use
• How to convert a simple shell into a fully interactive TTY
• Research on the implementation and defense of forward backdoor of web port reuse
• Talk about the experience and principles of port detection
• Port penetration summary
• Port scans for those things
• Penetration tips—N ways to upload files through cmd
• Domain penetration TIPS: Obtain LAPS administrator password
• Domain penetration—Security Support Provider
• Domain infiltration traffic hijacking
• Penetration skills - parameter hiding skills for shortcut files
• Back door sorting
• Linux backdoor sorting collection (pulse recommendation)
• Penetration Testing Guide Domain User Group Scope
• Summary of Linux port forwarding characteristics
• Practical SSH port forwarding
• Multiple forwarding penetration and hidden internal network
• Various methods of rebound shells under Linux
• linux various words rebound shell summary
• php rebound shell
• Windows domain horizontal penetration
• A Red Teamer's guide to pivoting
• Positions crossing borders
• Reverse Shell Cheat Sheet
• Awesome payload and bypass summary
• Addslashes anti-injection bypass case
• A brief discussion on the impact of json parameter analysis on waf bypass
• Use HTTP headers to bypass WAF
• Time machine that will find vulnerabilities: Pinpointing Vulnerabilities

• Intranet penetration (continuously updated)
• What I know about intranet penetration - A summary of intranet penetration knowledge
• Intranet port forwarding and penetration
• Intranet penetration ideas and tools for organizing and using intranet
• Summary of intranet penetration forwarding tools
• Intranet forwarding tools
• Intranet forwarding posture
• Secretly penetrate the intranet - using DNS to establish VPN transmission tunnels
• Use ew to easily penetrate multi-level target intranet
• Wrong talk about intranet penetration of windows
• Intranet penetration thoughts
• Exploration and verification of new ideas for intranet penetration ideas
• Supplementary skills for discovering intranet hosts
• Play with Linux system] Linux intranet penetration
• The use of Cobalt strike in intranet penetration
• Roaming through double springboards isolating the internal network

• WAF offensive and defense research: Four levels Bypass WAF
• Detailed discussion on WAF and static statistics analysis
• WAF bypass reference materials
• A brief discussion on WAF bypass techniques
• CRLF Injection and Bypass Tencent WAF

• Various poses of file-free attack
• 60 bytes - File-free Penetration Test Experiment

• License skills
• linux-kernel-exploits collection of privilege escalation vulnerabilities in Linux platform
• Windows-kernel-exploits Windows platform privilege escalation vulnerability collection
• Linux MySQL Udf escalation
• Windows License Series
• Windows License Elevation Series
• Various poses to obtain SYSTEM permissions

• Those holes for safe operation and maintenance
• Meituan Takeout Automation Business Operation and Maintenance System Construction
• Ele.me operation and maintenance infrastructure evolution history
• One nginx configuration article is enough
• Security configuration of Docker Remote API
• Apache server security configuration
• IIS Server Security Configuration
• Tomcat server security configuration
• Internet Enterprise Security Port Monitoring
• A brief discussion on Linux emergency response posture
• Emergency analysis of hacker intrusion manual investigation
• Detection and fixation of common service vulnerabilities in enterprises
• Linux baseline reinforcement
• Apache server security: 10 tips to secure installation
• Actual offense and defense in Oracle database operation and maintenance (full)
• 18 common commands to monitor network bandwidth on Linux servers

• Tencent: RASP offense and defense——A brief analysis of RASP security application and limitations
• Learning of PHP RASP starting from 0
• Implementation of a Class of PHP RASP
• Bird Brother: taint

• Detailed analysis of Padding Oracle penetration test full analysis
• Exploring Compilation from TypeScript to WebAssembly
• High-Level Approaches for Finding Vulnerabilities
• Talk about HTML5 local storage—WebStorage
• Uses of commands that are easily overlooked in Linux
• Summary of opening HTTP servers in different versions of various scripting languages
• Getting Started with WebAssembly: Bringing Bytecode into the Web World
• phpwind uses hash length extension attack to getshell
• Deeply understand hash length extension attack (sha1 as an example)
• Analysis of program execution flow and directory structure of Joomla framework
• How to implant backdoors in Atom through malicious plugins

• Internet of Things Security Encyclopedia
• OWASP TOP10 Internet of Things Vulnerabilities List

• FRIDA Java Hook Principles

• Frida actively calls to unshell

• Perfare<-- Pioneer in the gaming security industry

• Anti-debugging technology sorting
• Ollvm principle

• Flutter reverse engineering

• Hook Framework Detection

• Basic reverse tutorial

• CTF offline defense warfare - turn your target machine into a "copper wall"
• ctf-wiki
• Those enigmatic encodings and encryptions in CTF
• CTF encryption and decryption
• Summary of the separation method of image hidden files in CTF
• Principles and applications of Md5 extension attack
• Summary of zip in CTF competition
• Fifteen Web Dogs' CTF question setting routine
• CTF Memorandum
• rcoil: CTF offline offensive and defensive match summary
• CTF memory evidence for getting into the pit! stable!

• PWN Getting Started Guide CTF WIKI