红日攻防实验室

红日攻防实验室



专注Web及移动安全[红日安全41期]

home-bg1_meitu_6.jpg

渗透测试,web安全动态


-安全文章

-安全漏洞

-Web安全

-代码审计


标签:安全动态 Web安全 渗透测试 安全工具 代码审计 移动安全 视频分享

安全动态

[Security_week] xKungfoo 2018 信息安全交流大会 PPT下载

http://www.4hou.com/info/news/11370.html

[Security_week] 事件应急响应管理的5条建议

http://www.freebuf.com/articles/neopoints/172377.html

[Security_week] 记一次web应急事件处置

https://www.secdic.com/go/18678.html

[Security_week] 点外卖,再也不用担心隐私泄露

https://www.secdic.com/go/18717.html

[Security_week] 360公司Vulcan(伏尔甘)团队披露区块链平台EOS严重漏洞

https://mp.weixin.qq.com/s/UeXrbT5BFe9WKd63wDiQhg

[Security_week] 信息安全漏洞周报(2018年第20期)

https://mp.weixin.qq.com/s/W_xjTpCP7JldIcN6F7dWjg

[Security_week] VPNFilter-新型IoT Botnet深度解析

https://mp.weixin.qq.com/s/SnchceLdNX7JYiWfSH2Hmw



Web安全

[Web_Security] Bypass 360主机卫士SQL注入防御(多姿势)

https://mp.weixin.qq.com/s/-JkeLtaUo7qN3zxkFlf0-w

[Web_Security] 浅析SSRF原理及利用方式

https://www.secdic.com/go/18745.html

[Web_Security] Xpath定位经验总结

https://www.secdic.com/go/18735.html

[Web_Security] burp trick;Retile:LKM Linux rootkit和后门

https://mp.weixin.qq.com/s/H-48n-g_ypZ3k1rikOaodg

[Web_Security] 命令行下的信息搜集

https://mp.weixin.qq.com/s/_VdMOnsUwp0PiqxjrosQGg

[Web_Security] SSRF中的绕过姿势

https://mp.weixin.qq.com/s/467pD6VIpiYXfw2QTSzB4A

[Web_Security] 史上最强内网渗透知识点总结

https://mp.weixin.qq.com/s/U2MqcjA_YmMlajJzvDCZZw

[Web_Security] UEditor SSRF漏洞(JSP版本)分析与复现

https://mp.weixin.qq.com/s/OPbyYQNWiN2dy_BHhqd9eg

[Web_Security] ISCC 2018 Writeup

https://mp.weixin.qq.com/s/h9egb5ZQbdRtkaw9PBjw1w

[Web_Security] Linux查webshell

https://mp.weixin.qq.com/s/-3N2WDASdXSsPifoBiuQsQ

[Web_Security] 为什么要禁止除GET和POST之外的HTTP方法?

https://mp.weixin.qq.com/s/AIbTW9wmd3aWvZWWq3QYgw

[Web_Security] 如何快速查找网站有效子域名

http://www.4hou.com/technology/11782.html

[Web_Security] 黑客常说SQL注入是什么?手把手入门白帽子 (二)

https://mp.weixin.qq.com/s/XWA-vVu-9Jod_lMn6rXqGw

[Web_Security] phpMyadmin提权那些事

https://mp.weixin.qq.com/s/EMkZCHB3uKM7M1998eUlFg

[Web_Security] SQL注入攻击方式及防御方法,手把手入门白帽子 (二)

https://mp.weixin.qq.com/s/hkuAZOiRdcAHzVWPnUIX4g

[Web_Security] kindeditor文件遍历漏洞payload

https://www.secdic.com/go/19114.html



渗透测试

[Penetration_test] DMZ下使用web_delivery 介绍

https://mp.weixin.qq.com/s/JTLrHQDrjnGSSXxbvOxXSw

[Penetration_test] metasploit模块移植/开发--初识篇

https://www.secdic.com/go/18673.html

[Penetration_test] DDCTF 2018 writeup(二) 逆向篇

https://www.anquanke.com/post/id/145553

[Penetration_test] 内网渗透测试之域渗透详解

https://mp.weixin.qq.com/s/XLkCJ3KNkHLqvcfQW8HsFA

[Penetration_test] 域渗透中找DC

https://mp.weixin.qq.com/s/NJEhKIY9kogXqJyau2Cnyw

[Penetration_test] LINUX下内网反弹技巧总结和杂谈

https://mp.weixin.qq.com/s/YNGxYjXwh3NXlCCunh0iXw

[Penetration_test] 渗透过程中的端口反弹

https://mp.weixin.qq.com/s/LQhErXdwj9kR0ReTu-NQjA

[Penetration_test] Linux| 基线脚本编写(二)

https://mp.weixin.qq.com/s/Ttq5Ug5-AC38W8TOebl5oQ

[Penetration_test] Dnscat2-建立DNS隧道反弹SHELL

https://mp.weixin.qq.com/s/vjmCX6JhdVeURCrhuMK4Aw

[Penetration_test] 从WebShell到域控的奇妙之旅

http://www.freebuf.com/articles/network/172578.html

[Penetration_test] 攻破黑市之拿下吃鸡DNF等游戏钓鱼站群

http://www.freebuf.com/articles/web/172330.html

[Penetration_test] 一道OSCP缓冲区溢出分析到利用

https://www.anquanke.com/post/id/146562

[Penetration_test] 渗透测试实战-超级玛丽靶机入侵

https://www.anquanke.com/post/id/146527



安全工具

[Security_tools] Noriben - 基于Python的恶意软件分析沙箱

https://mp.weixin.qq.com/s/6is5QXESrPyKcJqMgof23g

[Security_tools] 增强IoT安全和可见性的7种工具

http://www.aqniu.com/tools-tech/34296.html

[Security_tools] 服务异常处理指南

https://mp.weixin.qq.com/s/wdmaLsbsdY7YdfmWzpuKbQ

[Security_tools] Detekt - 防止监视的工具

https://mp.weixin.qq.com/s/WxXgI4JMI4_JfJOd7rcJUg

[Security_tools] 10款最佳免费WiFi黑客工具(附传送门)

http://www.aqniu.com/hack-geek/34350.html

[Security_tools] websocket-fuzzer : WebSocket Fuzz 测试工具;Bash读取/etc/passwd技巧

https://mp.weixin.qq.com/s/IUQoqUaWYNaqkSmAdFVOig

[Security_tools] SSLyze - 分析SSL / TLS配置的工具

https://mp.weixin.qq.com/s/Sw_iDoFDSMOkx6LTJmw_ZA

[Security_tools] wvs结果批量整理工具

https://mp.weixin.qq.com/s/21MxYBr2mDdH6SSxA9pFKA

[Security_tools] 扫描不能停之Appscan批量扫描

https://mp.weixin.qq.com/s/OwMAcomXRRmjjKClk7jaow

[Security_tools] V3n0M - 一款开源漏洞扫描器

https://mp.weixin.qq.com/s/BjS3miitgRu2DxyAOwUE3A

[Security_tools] LogonTracer:用于可视化分析Windows安全事件日志寻找恶意登录的工具

http://www.freebuf.com/sectool/172623.html

[Security_tools] burpa: burp 自动化扫描工具;Firefox中通用CSP bypass详细信息(CVE-2018-5175)

https://mp.weixin.qq.com/s/akHIPUTh-vK54ffmm4WfHA

[Security_tools] 网络安全工具汇总

https://mp.weixin.qq.com/s/fx8emiLSKxge6P7nT1az7w



代码审计

[Code_audit] 代码审计 | ECShop3.6.0最新版本任意文件删除

https://mp.weixin.qq.com/s/UMBL3-nkI4xnFyuHbfj11Q



移动安全

[Mobile_Security] Android序列化与反序列化不匹配漏洞详解

https://www.secdic.com/go/19144.html



视频分享

[Video_share] 招招致命,CSRF与多种漏洞的组合出击

https://www.bugbank.cn/live/view.html?id=111256

 标签: none

作者  :  ba91ing



关于我

about me

ba91ing

联系我