红日攻防实验室

红日攻防实验室



专注Web及移动安全[红日安全25期]

渗透测试,web安全动态
2018/1/15-2018/1/19

home-bg1_meitu_6.jpg


-安全文章
-安全漏洞
-移动安全
-代码审计


标签:安全动态 安全技能 资源与工具分享

安全动态

[Security_week] 如何成为一名web安全专家

http://t.cn/R8zi5t1

[Security_week] CoffeeMiner:劫持WiFi网络接入设备进行“挖矿”的框架

https://mp.weixin.qq.com/s/ifZFhgMLCxAQICU4A38O1A

[Security_week] 因为两个漏洞,雅虎所有用户通讯录暴露

https://paper.tuisec.win/detail/cd9a1ce85c37f6d

[Security_week] 无线网络将会更安全,Wi-Fi联盟正式引入WPA3新加密规范

https://mp.weixin.qq.com/s/uvUamfhLJOKjwfLWrRMBSw

[Security_week] 脉搏简报| 挖洞技巧与区块链技术 https://mp.weixin.qq.com/s/m16vel4R0bREU1epqKnazg

[Security_week] 年度盘点 | 安全测试者偏爱的安全测试工具

http://www.freebuf.com/sectool/159428.html?from=timeline

[Security_week] 漏洞预警|Winmail 6.2远程代码执行漏洞

http://t.cn/R8zazOT

[Security_week] ImageMagick信息泄露漏洞CVE-2018-5357

http://t.cn/R8za2yH

[Security_week] 偷盗的艺术:Satori变种正在通过替换钱包地址盗取加密货币

https://www.anquanke.com/post/id/95167

[Security_week] 威胁猎人丨人脸识别下的雾霾:过脸产业

https://www.anquanke.com/post/id/95392

[Security_week] SAP爆出内核身份验证绕过漏洞CVE-2018-2360 可执行未授权操作

http://toutiao.secjia.com/cve-2018-2360

[Security_week] IT运维者快读 | 微软安全补丁通告1月 59个漏洞重点7个远程代码执行

http://toutiao.secjia.com/ms-security-patch-notification-201801



安全技能

[Security_technology] linux下反弹shell命令

http://t.cn/R8zip76

[Security_technology] 透过F5获取服务器真实内网IP技巧

http://t.cn/R8ziehN

[Security_technology] 基于代理IP的挖掘与分析

http://t.cn/R8z6hWr

[Security_technology] 实战拿下某技校网站与服务器

https://mp.weixin.qq.com/s/9w3_qW72b3KIJEfLhMiF9Q

[Security_technology] 再不学点现代密码,CTF就Hold不住啦!

http://t.cn/R8z6c4I

[Security_technology] 如何通过Earthworm做Socks5代理进行内网渗透

https://mp.weixin.qq.com/s/VBiwJmpfIcRpdhwwWt2Ciw

[Security_technology] 病毒分析实战篇--远控病毒分析

https://mp.weixin.qq.com/s/bGTu4OXw9BcP36a-u3b3yw

[Security_technology] Misc 总结 ----流量分析 TCP协议的认识

https://paper.tuisec.win/detail/02e249afd4ff6cf

[Security_technology] macOS漏洞导致本地管理员可以使用任何密码解锁App Store系统设置

https://mp.weixin.qq.com/s/WZy0hqrZCULLBha0FUUNSg

[Security_technology] Apache Log4j 反序列化分析—【CVE-2017-5645】

https://mp.weixin.qq.com/s/1tgO3ESSeO3XI13mt208cw

[Security_technology] dedecms修改前台用户密码漏洞分析

https://mp.weixin.qq.com/s/v2HzDSi-6IvwSDiD_5Z7Dw

[Security_technology] 挖洞技巧:绕过短信&邮箱轰炸限制以及后续

https://mp.weixin.qq.com/s/5OSLC2GOeYere9_lT2RwHw

[Security_technology] 针对平昌冬奥会的恶意软件攻击分析

https://mp.weixin.qq.com/s/DS6HlC4XCDqxWi4BKZb_qg

[Security_technology] 文件上传漏洞

https://mp.weixin.qq.com/s/ik9LUKt5j5n7FeUum0i3Iw

[Security_technology] 经验分享 | XSS手工利用方式

https://mp.weixin.qq.com/s/Qz1hwowmsJEr-9SsRZta6g

[Security_technology] 对某开源免费电商公司网站的渗透

https://mp.weixin.qq.com/s/uNgpWE9uE53DBYwlnkj96w

[Security_technology] PowerStager工具分析

https://mp.weixin.qq.com/s/TGIa2_YscCu9NJXZCfH7gg

[Security_technology] 常见Web源码泄露总结

https://mp.weixin.qq.com/s/mdJKM_Ynqmcbw-HMxlL6sQ

[Security_technology] MySQL注入检测

http://t.cn/R8zSZNA

[Security_technology] 文件包含漏洞

https://mp.weixin.qq.com/s/iwXxeMP8Zr1VknBzoVCXoQ

[Security_technology] Apple Webkit漏洞分析—【CVE-2017-13791】

https://paper.tuisec.win/detail/d7e2de04166ee14

[Security_technology] WAF绕过技巧浅谈

https://mp.weixin.qq.com/s/MYnQvmyiynQxTmlKCg6_4g

[Security_technology] 目录遍历漏洞

https://mp.weixin.qq.com/s/Y3MO-vTD9b51vbDFX038xQ

[Security_technology] 常见 Web 安全攻防总结

http://www.danding.net/2018/01/

[Security_technology] DEDECMS 任意重置管理员密码

https://xianzhi.aliyun.com/forum/topic/1959?from=groupmessage

[Security_technology] 看我如何破解加密PDF

https://mp.weixin.qq.com/s/BZOvpT_TfX9a-UEVDI6xdA

[Security_technology] 挖洞技巧:信息泄露之总结

https://www.anquanke.com/post/id/94787

[Security_technology] sql注入指南之常见数据库测试总结 heatlevel

https://bbs.ichunqiu.com/thread-32579-1-1.html

[Security_technology] 黑客修仙之道之pentest wiki 下

https://bbs.ichunqiu.com/thread-32264-1-1.html

[Security_technology] 记一次Blind SSRF发掘和利用

https://bbs.ichunqiu.com/thread-32557-1-1.html

[Security_technology] 还在用kali?No!可以干掉kali的Parrot OS!

https://bbs.ichunqiu.com/thread-32331-1-1.html

[Security_technology] 【游戏漏洞】基于CE的AutoAssemble LUA注入

https://mp.weixin.qq.com/s/IP-QyifAIn0L43d61i8sOQ

[Security_technology] 送你们几个字!对!就是MACCMS注入!

https://mp.weixin.qq.com/s/kCXRZfsNzFqt94dxqku71w

[Security_technology] 74cms v4.2.3前台任意文件读取

https://mp.weixin.qq.com/s/TnS8f8B1ntC3qvd4noc7nA

[Security_technology] 通过POC来学习漏洞的原理

https://mp.weixin.qq.com/s/ogFLjUpd2HU60raUxGNWhg

[Security_technology] Window api(一)

https://mp.weixin.qq.com/s/IiTytdTvJW_XLPJQUmYbqA

[Security_technology] 黑客游戏| Owasp juice shop 终极篇

https://mp.weixin.qq.com/s/Kdv1eWe5wAJnLfkoorFO2w

[Security_technology] 渗透测试技巧之一个XSS引发的漏洞利用与思考

https://mp.weixin.qq.com/s/9q4j4VSO86nKRBds37NeXw


工具与资源

[Security_tools] Python工具分析风险数据

https://paper.tuisec.win/detail/2eed81a7edc26b9

[Security_tools] 子域名爆破后的资产验活工具

https://github.com/ChrisTruncer/EyeWitness
https://bitbucket.org/LaNMaSteR53/peepingtom

[Security_tools] DVAR:路由器漏洞靶场

https://paper.tuisec.win/detail/6b789a97ea9b71e

[Security_tools] 计算机专用英语词汇1500词

http://view.zsxq.com/view/5a6cbf2bbbcb112264edc7e9

[Security_tools] 移动端开源安全测试工具合集

https://mp.weixin.qq.com/s/QPOFov25SL8xTUQcBz65RA

[Security_tools] 百度网盘不限速下载器 2017年12月21日发布

https://github.com/high-speed-downloader/high-speed-downloader

[Security_tools] 渗透测试流程图

http://view.zsxq.com/view/5a6cc106bbcb112264edc7fe

[Security_tools] CISP-PTE白皮书

http://view.zsxq.com/view/5a6cc12cbbcb112264edc800

 标签: none

作者  :  sysyz



关于我

about me

sysyz

联系我