{"id":13389664,"url":"https://github.com/JoyChou93/sks","last_synced_at":"2025-03-13T14:31:43.371Z","repository":{"id":119511696,"uuid":"125458404","full_name":"JoyChou93/sks","owner":"JoyChou93","description":"Security Knowledge Structure(安全知识汇总)","archived":false,"fork":false,"pushed_at":"2018-10-12T06:08:55.000Z","size":13,"stargazers_count":241,"open_issues_count":0,"forks_count":59,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-02-26T11:12:57.140Z","etag":null,"topics":["deserialize","java","nginx-lua","php","python","security","waf","webshell","xxe"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JoyChou93.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-03-16T03:27:59.000Z","updated_at":"2024-12-14T21:15:26.000Z","dependencies_parsed_at":"2023-03-18T08:16:04.832Z","dependency_job_id":null,"html_url":"https://github.com/JoyChou93/sks","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoyChou93%2Fsks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoyChou93%2Fsks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoyChou93%2Fsks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoyChou93%2Fsks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JoyChou93","download_url":"https://codeload.github.com/JoyChou93/sks/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243422551,"owners_count":20288477,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deserialize","java","nginx-lua","php","python","security","waf","webshell","xxe"],"created_at":"2024-07-30T13:01:25.548Z","updated_at":"2025-03-13T14:31:42.946Z","avatar_url":"https://github.com/JoyChou93.png","language":null,"readme":"# Security Knowledge Structure\n\n欢迎大家提交ISSUE和Pull Requests。\n\n## 1. 企业安全\n\n### 1.1 黑盒扫描\n\n- [静态xss检测](http://blog.wils0n.cn/archives/160/)\n- [对AWVS一次简单分析](http://blog.wils0n.cn/archives/145/)\n- [初见Chrome Headless Browser](https://lightless.me/archives/first-glance-at-chrome-headless-browser.html)\n- [用phantomJS检测URL重定向](https://joychou.org/web/dom-url-redirect.html)\n- [用SlimerJS检测Flash XSS](https://joychou.org/web/Flash-Xss-Dynamic-Detection.html)\n\n### 1.2 白盒扫描器\n\n- [Cobra](https://github.com/FeeiCN/cobra)\n\n### 1.3 WAF自建\n\n- [如何建立云WAF](https://joychou.org/web/how-to-build-cloud-waf.html)\n- [如何建立HTTPS的云WAF](https://joychou.org/web/how-to-build-https-cloud-waf.html)\n- [ngx_lua_waf](https://github.com/loveshell/ngx_lua_waf)\n- [VeryNginx](https://github.com/alexazhou/VeryNginx)\n- [lua-resty-waf](https://github.com/p0pr0ck5/lua-resty-waf)\n\n### 1.4 堡垒机\n\n- [jumpserver](https://github.com/jumpserver/jumpserver)\n\n### 1.5 HIDS\n\n- [yulong-hids](https://github.com/ysrc/yulong-hids)\n\n### 1.6 子域名爆破\n\n- [ESD](https://github.com/FeeiCN/ESD)\n- [subDomainsBrute](https://github.com/lijiejie/subDomainsBrute)\n\n### 1.7 命令监控\n\n- [Netlink Connector](https://www.ibm.com/developerworks/cn/linux/l-connector/)\n- [Netlink(Go版本)](https://github.com/vishvananda/netlink)\n- [Linux执行命令监控驱动实现解析](https://mp.weixin.qq.com/s/ntE5FNM8UaXQFC5l4iKUUw)\n\n### 1.8 文件监控和同步\n\n- [lsyncd (文件监控)](https://github.com/axkibe/lsyncd)\n\n### 1.9 Java安全开发组件\n\n- [Trident](https://github.com/JoyChou93/trident)\n- [Java安全漏洞及修复代码](https://github.com/JoyChou93/java-sec-code)\n\n### 1.10 Github信息泄露监控\n\n- [GSIL](https://github.com/FeeiCN/GSIL)\n- [Hawkeye](https://github.com/0xbug/Hawkeye)\n\n### 1.11 解析域名后端IP\n\n- [Nginx Parser](https://github.com/WhaleShark-Team/nginxparser)\n\n\n## 2. 运维安全\n\n### 2.1 NGINX配置安全\n\n- [Gixy (一款开源的Nginx配置安全扫描器)](https://github.com/yandex/gixy)\n- [三个案例看Nginx配置安全](https://www.leavesongs.com/PENETRATION/nginx-insecure-configuration.html)\n- [Nginx Config Security](https://joychou.org/web/nginx-config-security.html)\n\n### 2.2 Tomcat配置安全\n\n- [Tomcat Config Security](https://joychou.org/operations/tomcat-config-security.html)\n\n## 3. Backdoor\n\n### 3.1 Nginx后门\n\n- [pwnnginx](https://github.com/t57root/pwnginx)\n- [浅谈nginx + lua在安全中的一些应用](https://zhuanlan.zhihu.com/p/21362834)\n\n\n### 3.2 Webshell\n\n- [Github上webshell大杂烩](https://github.com/tennc/webshell)\n- [入侵分析发现的webshell](https://github.com/JoyChou93/webshell)\n\n\n### 3.3 Linux SSH 后门\n\n- [Linux SSH Backdoor](https://joychou.org/hostsec/linux-ssh-backdoor.html)\n- [sshLooter（一款Python的PAM后门）](https://github.com/mthbernardes/sshLooter)\n- [Pam my Unix](https://github.com/LiGhT1EsS/pam_my_unix)\n\n### 3.4 反弹Shell\n\n- [Linux Crontab定时任务反弹shell的坑](https://joychou.org/hostsec/linux-crontab-rebound-shell-hole.html)\n\n### 3.5 清除Linux挖矿后门\n\n- [Linux Ddos后门清除脚本](https://joychou.org/hostsec/linux-ddos-backdoor-killer-script.html)\n- [Kill Ddos Backdoor](https://github.com/JoyChou93/kill_ddos_backdoor)\n\n\n## 4. WAF Bypass\n\n- [文件上传和WAF的功与防](https://joychou.org/web/bypass-waf-of-file-upload.html)\n- [Nginx Lua WAF通用绕过方法](https://joychou.org/web/nginx-Lua-waf-general-bypass-method.html)\n\n### 4.1 菜刀\n\n- [新版菜刀@20141213一句话不支持php assert分析](https://joychou.org/web/caidao-20141213-does-not-support-php-assert-oneword-backdoor-analysis.html)\n- [菜刀连接密码不是可显示字符的一句话](https://joychou.org/web/913.html)\n- [花式Bypass安全狗对菜刀特征的拦截规则](https://joychou.org/web/bypass-safedog-blocking-rules-for-chopper.html)\n- [定制过狗菜刀](https://joychou.org/web/make-own-chopper-which-can-bypass-dog.html)\n- [Cknife (一款开源菜刀)](https://github.com/Chora10/Cknife)\n\n\n## 5. 主机安全\n\n### 5.1 提权\n\n- [脏牛CVE-2016-5195提权](https://github.com/FireFart/dirtycow/blob/master/dirty.c)\n\n\n## 6. 前端安全\n\n- [JavaScript反调试技巧](http://www.freebuf.com/articles/system/163579.html)\n- [Devtools detect](https://github.com/sindresorhus/devtools-detect)\n- [代码混淆](https://github.com/javascript-obfuscator/javascript-obfuscator)\n\n\n## 7. 业务安全\n\n### 7.1 PC设备指纹\n\n- [fingerprintjs2](https://github.com/Valve/fingerprintjs2)\n- [跨浏览器设备指纹](https://github.com/Song-Li/cross_browser)\n- [2.5代指纹追踪技术—跨浏览器指纹识别](https://paper.seebug.org/350/)\n\n### 7.2 安全水印\n\n- [水印开发](https://github.com/saucxs/watermark)\n- [水印的攻击与防御](https://joychou.org/business/watermark-security.html)\n\n\n\n## 8. JAVA安全\n\n\n- [find-sec-bug](http://find-sec-bugs.github.io/bugs.htm)\n- [Java安全漏洞及修复代码](https://github.com/JoyChou93/java-sec-code)\n\n\n### 8.1 RASP\n\n- [OpenRASP](https://github.com/baidu/openrasp)\n- [RASP，从 Java 反序列化命令执行说起](https://toutiao.io/posts/4kt0al/preview)\n\n### 8.2 Java反序列化\n\n- [Lib之过？Java反序列化漏洞通用利用分析](https://blog.chaitin.cn/2015-11-11_java_unserialize_rce/)\n- [JAVA Apache-CommonsCollections 序列化漏洞分析以及漏洞高级利用](https://www.iswin.org/2015/11/13/Apache-CommonsCollections-Deserialized-Vulnerability/)\n- [Java反序列化漏洞-玄铁重剑之CommonsCollection(上)](https://xz.aliyun.com/t/2028)\n- [Commons Collections Java反序列化漏洞分析](https://joychou.org/java/commons-collections-java-deserialize-vulnerability-analysis.html)\n\n### 8.3 JDWP\n\n这个漏洞可能会有意想不到的收获。\n\n- [Hacking the Java Debug Wire Protocol](http://blog.ioactive.com/2014/04/hacking-java-debug-wire-protocol-or-how.html)\n- [Java Debug Remote Code Execution](https://joychou.org/web/Java-Debug-Remote-Code-Execution.html)\n- [jdwp-shellifier](https://github.com/IOActive/jdwp-shellifier)\n\n\n### 8.4 Java SSRF\n\n- [Java SSRF 漏洞代码](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java)\n- [SSRF in Java](https://joychou.org/web/javassrf.html)\n- [Use DNS Rebinding to Bypass SSRF in JAVA](https://joychou.org/web/use-dnsrebinding-to-bypass-ssrf-in-java.html)\n\n### 8.5 Java XXE\n\n- [Java XXE Vulnerability](https://joychou.org/web/java-xxe-vulnerability.html)\n- [Java XXE 漏洞代码](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XMLInjection.java)\n\n### 8.6 URL白名单绕过\n\n- [URL白名单绕过](https://joychou.org/web/url-whitelist-bypass.html)\n\n\n## 9. PHP安全\n\n### 9.1 PHP SSRF\n\n- [Typecho SSRF漏洞分析和利用](https://joychou.org/web/typecho-ssrf-analysis-and-exploit.html)\n- [SSRF in PHP](https://joychou.org/web/phpssrf.html)\n\n### 9.2 PHP反序列化\n\n- [Typecho反序列化漏洞分析](https://joychou.org/web/typecho-unserialize-vulnerability.html)\n- [浅谈php反序列化漏洞](https://chybeta.github.io/2017/06/17/%E6%B5%85%E8%B0%88php%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/)\n\n## 10. Python安全\n\n- [Exploit SSTI in Flask/Jinja2](https://joychou.org/web/exploit-ssti-in-flask-jinja2.html)\n- [tplmap - SSTI服务端模板注入利用工具](https://github.com/epinna/tplmap)\n- [Ptyhon沙盒绕过](https://joychou.org/web/python-sandbox-bypass.html)\n- [Python安全代码审计](https://joychou.org/web/python-sec-code-audit.html)\n- [Python任意命令执行漏洞修复](https://joychou.org/codesec/fix-python-arbitrary-command-execution-vulnerability.html)\n- [从一个CTF题目学习Python沙箱逃逸](https://www.anquanke.com/post/id/85571)\n\n\n## 11. Lua安全\n\n- [Nginx Lua Web应用安全](https://joychou.org/web/nginx-lua-web-application-security.html)\n\n## 12. Node.js安全\n\n- [Node.js URL重定向](https://www.npmjs.com/advisories/35)\n- [Node.js CVE-2017-14849任意文件读取](https://security.tencent.com/index.php/blog/msg/121)\n\n## 13. 漏洞修复\n\n- [Python任意命令执行漏洞修复](https://joychou.org/codesec/fix-python-arbitrary-command-execution-vulnerability.html)\n- [CVE-2016-5195 Dirty Cow漏洞修复](https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-dirty-cow-linux-vulnerability)\n\n\n## 14. 黑科技\n\n- [Mysql任意文件读取](https://lightless.me/archives/read-mysql-client-file.html)\n\n## 15. 基本技能\n\n- Linux RPM理解及使用\n- PIP理解及使用\n- Python、PHP、Java、Bash\n- iptables、定时任务、反弹shell\n- 正向和反向代理\n- Nginx使用及配置\n- 域名配置\n- TCP/IP、HTTP协议\n- BurpSuite工具使用\n\n## 16. 安全面试问题\n\n\u003e面试的问题跟自己简历相关，只是面试官会根据你回答的点继续深挖，看看你有没有回答他想要的答案。\n\n### 16.1 甲方\n\n#### 16.1.1 技术\n\n基础\n\n- 服务器的Web目录发现一个一句话webshell后门，如何排查入侵原因、后门如何清除以及排查数据是否有泄露？\n- XXE常用payload\n- DDOS如何人工防御？\n- 邮件伪造如何防御？\n- 拿到WEBSHELL，无法提权，还有什么思路？\n- Linux服务器中了DDOS木马，如何使用系统自带命令清除木马？\n- Linux服务器被抓鸡后的入侵原因检测思路？\n- Webshell检测有什么方法？\n    - 静态文本匹配，存在误报和漏洞\n    - 动态hook，但要运行php代码，存在风险\n    - D盾的方式\n    - AST\n    - 离线大数据算法\n- Redis未授权访问漏洞的修复方式有哪些？入侵方式有哪些？\n- 简述JSON劫持原理以及利用方式？\n- SSRF一般如何利用和修复？\n- 入侵分析和应急响应一般如何操作？\n- XSS（反射、dom）黑盒方式一般如何检测？\n- 动态检测Webshell存在什么弊端和安全风险？\n- 新应用上线的安全流程？\n    1. 应用设计阶段 - 整个架构、逻辑、框架的安全评估\n    2. 应用开发阶段 - 提供安全相关组件\n    3. 应用测试阶段 - 进行黑盒和白盒安全测试\n    4. 应用上线阶段 - 外部SRC、日常黑白盒安全测试以及主机等监控等\n- 在PHP中，LFI如何转变为RCE？\n- CSRF漏洞一般出现在什么接口？并简述下原理以及修复方式。\n- CORS绕过有什么风险，有什么利用场景？\n- URL常见的绕过方式？\n- 哪些漏洞WAF不好拦截？\n    - JDWP这种非HTTP协议请求（主机WAF另说）\n    - CSRF、JSONP、CORS绕过等Referer绕过的漏洞\n    - 未授权、匿名访问、弱口令等主机漏洞\n    - URL跳转\n    - 信息泄露\n    - SSRF利用http、file协议的攻击\n- CSRF Token防御方式的整个流程？前后端分离和不分离防御有什么不同？\n- WAF漏报如何统计？\n\n深入\n\n- SDL流程\n- 挖过哪些牛逼的、有意思的漏洞？\n- 安全如何闭环？\n- 越权有什么检测方式？\n    - 黑盒两个账户Cookie\n    - 鉴权函数 + 数据库查询\n- 类似JDWP这种传统HTTP层WAF不能拦截，可以如何检测？\n    - RASP\n    - 命令监控(父进程是Java，并且执行了恶意命令)\n- Java反序列化如何检测和防御？\n- HTTP请求日志和数据库日志都有的情况下，如何检测存储型XSS？\n    - 只要数据库存在未编码、过滤的xss payload其实已经存在存储型XSS了，HTTP请求日志作用不是很大。\n- 如何判断WAF拦截的攻击请求中，哪些请求是人为请求，哪些是扫描器请求？\n\n#### 16.1.2 非技术\n\n- 觉得自己哪方面比较牛逼\n- 为什么离开之前公司\n- 在之前公司的成长\n- 工作成就感\n- 做的最大、最牛逼的项目\n- 对未来规划是什么\n- 安全培训怎样衡量价值？\n- 后面安全的方向是什么？\n- 对自己在安全的定位是什么？\n","funding_links":[],"categories":["Others","Others (1002)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJoyChou93%2Fsks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJoyChou93%2Fsks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJoyChou93%2Fsks/lists"}