红日攻防实验室

红日攻防实验室



专注Web及移动安全[红日安全92期]

20181011202924.jpg

渗透测试,web安全动态


-安全文章

-安全漏洞

-Web安全

-代码审计


标签:安全动态 Web安全 渗透测试 代码审计 视频分享

安全动态

[Security_week] 漏洞分析 | Discuz ML! V3.X 代码注入漏洞

https://mp.weixin.qq.com/s/5Zl3Jve4eblNIXh30t469w

[Security_week] Fastjson反序列化漏洞预警

https://mp.weixin.qq.com/s/v_IkhtjFhQbP1xOZExIL9g

[Security_week] FastJson 远程代码执行漏洞分析报告

https://mp.weixin.qq.com/s/pTaMKwnLfj4cOlfS1OysdA

[Security_week] HW行动小总结

https://mp.weixin.qq.com/s/g-RCf44LGQsRVstGk9ePUg

[Security_week] Redis 4.x 5.xRCE的傻瓜式复现

https://mp.weixin.qq.com/s/MSWLqzyNnliX1G7TRYAwVw

[Security_week] Microsoft Windows DHCP服务器远程代码执行漏洞(CVE-2019-0785)

https://mp.weixin.qq.com/s/EyJrCe6oWqDNJwucK3GIeg

[Security_week] Atlassian Jira远程命令执行漏洞

https://mp.weixin.qq.com/s/i6wAWZXuNAjmqtdwyYLHog

[Security_week] 网络安全学习方法论之体系的重要性

https://mp.weixin.qq.com/s/yXA4BRbMfJNPQ68_-Nme6g

[Security_week] 网络安全之智慧城市安全

https://mp.weixin.qq.com/s/pcb1HZcCoz3lZ1GM2jJFhA

[Security_week] 大数据基础知识

https://mp.weixin.qq.com/s/G5XmF_DbOUqE-VMZDAMI6w

[Security_week] 工信部发布2019年度防范治理电信网络诈骗创新示范项目

https://mp.weixin.qq.com/s/OJod9oONt1pyihrjSBFq8A

[Security_week] 企业网络安全相关汇总

https://mp.weixin.qq.com/s/5MM8F36Tz-eqUDZRYWFvlQ

[Security_week] 信息安全漏洞周报(2019年第26期)

https://mp.weixin.qq.com/s/3mPsQphTpfRpIHivHfREDA



Web安全

[Web_Security] 一句话木马的各种变形

https://mp.weixin.qq.com/s/2z6tRmPqbNIdESU1254vIg

[Web_Security] 大家检查一下自己网站的漏洞吧

https://mp.weixin.qq.com/s/Br4UhYxf4I9C3wvc_G38Jw

[Web_Security] 换了套组合拳打出一个 webshell 你敢信

https://mp.weixin.qq.com/s/J9uC0u-2Yafvdkl_sdMO5g

[Web_Security] 利用 Apache 的解析机制来植入webshell

https://mp.weixin.qq.com/s/rOzaZAE6bC6fjaJG1S9SgQ

[Web_Security] 浅谈轰炸漏洞攻防思路

https://mp.weixin.qq.com/s/W5VYH8mY74OcgiLdVHAzFg

[Web_Security] 各种日志分析方式汇总

https://mp.weixin.qq.com/s/gAVuYciQ-JUNw_jNIGp7RA

[Web_Security] 验证码爆破总结及python实现爆破功能

https://mp.weixin.qq.com/s/Q5gU_sqTvmkE4aFKA4abBg

[Web_Security] DoraBox(哆啦盒)基础Web漏洞训练靶场

https://mp.weixin.qq.com/s/-06AtU8HijaVYHAUKfS2Ew

[Web_Security] XSS bypass新思路

https://mp.weixin.qq.com/s/fGPeJFEUnXmFfa8u5X-xdg

[Web_Security] SQLi绕过技巧

https://mp.weixin.qq.com/s/v7V8M_PQYB9ZdMjB4HMfFg

[Web_Security] SQL注入之Order-by-Leak

https://mp.weixin.qq.com/s/C8X6ZlyAcJhxQ-wtygmsUg



渗透测试

[Penetration_test] Node.js 反向 Shell

https://mp.weixin.qq.com/s/uTFQtDPi5ADy1RWS8jCI5A

[Penetration_test] Get Shell By Powershell

https://mp.weixin.qq.com/s/elPD2-L9HzhgrQLbJ9cXNA

[Penetration_test] 基于Beef-XSS+Sunny-Ngrok进行内网安全测试

https://mp.weixin.qq.com/s/5FQPy2vHPqbAjxLV1U8Tgg

[Penetration_test] php文件自包含的奇淫技巧

https://mp.weixin.qq.com/s/aaQVo-3tOmuR2lO4YfjEug

[Penetration_test] Redis 4.x 5.xRCE复现

https://mp.weixin.qq.com/s/jaU_G7dq_W3Ju-gbEC8Qmg

[Penetration_test] 一个有意思的漏洞组合场景

https://mp.weixin.qq.com/s/OInMzXTXrrPiKKEk-_7sOw

[Penetration_test] Discuz Ml v3.x 前台Getshell姿势

https://mp.weixin.qq.com/s/DELNgYJtYVgGURM3RX5gnA

[Penetration_test] 某大佬的BypassWAF新思路

https://mp.weixin.qq.com/s/aUh2B_zbQgz6zLErgCIkZA



代码审计

[Code_audit] 一次CMS源码审计与漏洞发现

https://mp.weixin.qq.com/s/KrzjuNA0kHS1s-EC4J5fdA

[Code_audit] 文件操作类基础代码审计

https://mp.weixin.qq.com/s/1A6mec5_xHPq5Q0G5i4xPQ

[Code_audit] 游荡在PHP代码审计之间--XSS和CSRF

https://mp.weixin.qq.com/s/A9ErT-OTyga4Cw-8QXgCRQ



视频分享

[Video_share] 流量中的狩猎者

https://www.bugbank.cn/live/view.html?id=112212

 标签: none

作者  :  ba91ing



关于我

about me

ba91ing

联系我