红日攻防实验室

红日攻防实验室



专注Web及移动安全[红日安全27期]

图片 1_meitu_1.jpg

渗透测试,web安全动态


-安全文章

-安全漏洞

-移动安全

-代码审计


标签:安全动态 安全技能 资源与工具分享

安全动态

[Security_week] 利用DNS隧道通信木马

https://mp.weixin.qq.com/s/OBudKq470e0Hp-p6_njWmg

[Security_week] 火狐浏览器出现严重远程代码执行漏洞,现已修复

http://www.freebuf.com/news/161924.html

[Security_week]

[Security_week] 帝友p2p借贷系统V4.1存在SQL注入漏洞

http://www.cnvd.org.cn/flaw/show/CNVD-2018-00125

[Security_week] DTD 实体 XXE 浅析

https://mp.weixin.qq.com/s/vkCdz6YCoiiJPI30KePD6g



安全技能

[Security_technology] 渗透测试案例入门到精通

https://mp.weixin.qq.com/s/mShMbG97cYI1V6Udlp3ebw

[Security_technology] 挖洞技巧:信息泄露之总结

https://mp.weixin.qq.com/s/FMp5OSB4We6QqCMcieTxSg

[Security_technology] CTF逆向——常规逆向篇(上)

https://mp.weixin.qq.com/s/_3S3yA9am3CIdW0VSvPWiw

[Security_technology] CTF逆向——常规逆向篇(下)

https://mp.weixin.qq.com/s/BGXjnNWdLFmkd4ix6DNORw

[Security_technology] 渗透测试向导—子域名枚举技术

https://zhuanlan.zhihu.com/p/31160156

[Security_technology] Smarty <= 3.1.32 PHP代码执行漏洞分析—【CVE-2017-1000480】

https://xianzhi.aliyun.com/forum/topic/1983

[Security_technology] Oracle常用经典SQL查询(一)

https://mp.weixin.qq.com/s/grFsNxrACx0OMa-VHQStLg

[Security_technology] DEDECMS漏洞集合

https://mp.weixin.qq.com/s/xC7hVVqtXdyirrb-rBH9TA

[Security_technology] 被忽视的隐患-CSRF漏洞攻防实例分析

https://mp.weixin.qq.com/s/MNka3vpBX_Eph-3x8GW6sg

[Security_technology] 新手科普 | MySQL手工注入之基本注入流程

https://mp.weixin.qq.com/s/UJptc2eru9uqCIm0dKsnGw

[Security_technology] DnsLog的改造和自动化调用

http://www.polaris-lab.com/index.php/archives/423/

[Security_technology] 站在 java 的角度探讨 SQL 注入原理

https://mp.weixin.qq.com/s/6WqnBgmmM4mFoke1s2z-VA

[Security_technology] 渗透技巧——导出Chrome浏览器中保存的密码

https://mp.weixin.qq.com/s/43AfEiaVFMw5Gj56FyepEg

[Security_technology] 内含EXP | 华硕路由器曝远程代码执行漏洞!

https://mp.weixin.qq.com/s/To797Cr46hMOsVDAeAve-g

[Security_technology] 工具| sqlmap payload修改之路

https://mp.weixin.qq.com/s/tAVkI981dIfhdMLcqkCKAA

[Security_technology] 如何通过Earthworm做Socks5代理进行内网渗透

https://mp.weixin.qq.com/s/VBiwJmpfIcRpdhwwWt2Ciw

[Security_technology] PHP漏洞函数总结

https://mp.weixin.qq.com/s/ABMaZVQihRaDYWfLVtw5zA

[Security_technology] 记一次审计 xiaocms 的过程

https://mp.weixin.qq.com/s/1G6q7Mk5aQL_9yZ6t58_nA

[Security_technology] 一种简单的Android全局注入方案

https://mp.weixin.qq.com/s/6DEqXARPDpAleuAcLypfkw

[Security_technology] WordPress插件YITH WooCommerce Wishlist SQL注入漏洞

http://www.freebuf.com/articles/web/160657.html

[Security_technology] 谁动了我的金矿:深扒黑产挖矿进阶之路

http://suo.im/22PWpp

[Security_technology] DedeCMS最新版(20180109)任意用户密码修改漏洞分析

https://blog.formsec.cn/2018/01/11/DedeCMS-password-reset/

[Security_technology] DSmall多用户商城系统存在SQL注入漏洞

http://www.cnvd.org.cn/flaw/show/CNVD-2018-00128

[Security_technology] PHP常见漏洞与代码审计

https://mp.weixin.qq.com/s/VxHUHpQjlDH2sjXYlENtDA

[Security_technology] 07V8第23篇技术分享|挖洞技巧:信息收集

https://mp.weixin.qq.com/s/IG8wLrMsbJyVagSQCa5LaA

[Security_technology] 疑似蔓灵花APT团伙钓鱼邮件攻击分析

https://www.anquanke.com/post/id/96375

[Security_technology] redis未授权访问漏洞利用总结

http://p0sec.net/index.php/archives/69/

[Security_technology] CVE-2017-8570首次公开的野外样本及漏洞分析

https://mp.weixin.qq.com/s/dMqovzZ70SJgdnfAZtcZMg

[Security_technology] 通过x64分页机制的PTE Space实现内核漏洞利用

https://mp.weixin.qq.com/s/Th2YVmGcMcdEn4_FalmW8w

[Security_technology] 仰望PHPSHE1.5漏洞

https://mp.weixin.qq.com/s/UedDZFAo-W4mZUXT0wZAMg

[Security_technology] What?利用获取IP方式,进行SQL注入攻击

https://mp.weixin.qq.com/s/LdDwoeE9mk8E_d1GrCh9gA

[Security_technology] XSS的各种用途(窃取用户cookie、界面劫持......)

https://shimo.im/docs/qigwCWLpvHgBgZFa/

[Security_technology] 7-Zip:RAR和ZIP的多个内存损坏漏洞

https://mp.weixin.qq.com/s/jPPTBx-iuOwprhyeni9JWg

[Security_technology] 利用HTTP host头攻击的技术

https://mp.weixin.qq.com/s/oW06LbgLOmtz0CRgnuw0aw

[Security_technology] 通过CVE-2017-17215学习路由器漏洞分析,从入坑到放弃

http://www.freebuf.com/vuls/160040.html

[Security_technology] CVE-2018-5711:一张GIF图片就能让服务器宕机的PHP漏洞

https://mp.weixin.qq.com/s/3ouUP_S23q1tTXU_lKJDSA

[Security_technology] 【原创】某PHP加密文件调试解密过程

https://mp.weixin.qq.com/s/NeMHgkXrdWNFiOBRm0lFqQ

[Security_technology] 深入研究的套路之黑客与区块链

https://mp.weixin.qq.com/s/7F2-eLqIdSiNIHHJDzkwcg

[Security_technology] 域信任机制的攻击技术指南(六)

http://www.4hou.com/system/10211.html

[Security_technology] CVE-2018-5711:一张GIF图片就能让服务器宕机的PHP漏洞

https://mp.weixin.qq.com/s/ZWLqZ0V9zYRWrAR5WdPuBQ

[Security_technology] Windows 提权命令指南

https://mp.weixin.qq.com/s/oDKh2gyjH_zudhMW-Xd9Iw

[Security_technology] HPMailer 命令执行漏洞(CVE-2016-10033)分析

http://blog.csdn.net/wyvbboy/article/details/53969278

[Security_technology] 4道与CVE结合web题目

https://mp.weixin.qq.com/s/eAgw1ABhi_fZXuYLuZF3Nw

[Security_technology] Web安全 -- 逻辑漏洞小谈

https://mp.weixin.qq.com/s/qG0ELSi5zVTi9YRhN1UmGQ

[Security_technology] CrossRAT-一款新型的跨平台间谍软件

http://www.freebuf.com/news/161852.html

[Security_technology] 湖湘杯2017 PWN 200格式化字符串漏洞详细WriteUp

https://mp.weixin.qq.com/s/4XKZ4vGl7HK3mMkH7HQV0g


工具与资源

[Security_tools] python学习总结

http://suo.im/AV3Nt

[Security_tools] Invoke-Obfuscation- Powershell编码与混淆框架

https://mp.weixin.qq.com/s/Yy375akNrYLe3jWDjrKofw

[Security_tools] Oracle常用经典SQL查询(一)

https://mp.weixin.qq.com/s/grFsNxrACx0OMa-VHQStLg

[Security_tools] Oracle常用经典SQL查询(二)

https://mp.weixin.qq.com/s/u4yV5HMTncZv1KddWvLguw

 标签: none

作者  :  sysyz



关于我

about me

sysyz

联系我