{"id":13538290,"url":"https://github.com/tom0li/collection-document","last_synced_at":"2025-09-28T23:30:41.242Z","repository":{"id":38360843,"uuid":"102005234","full_name":"tom0li/collection-document","owner":"tom0li","description":"Collection of quality safety articles. Awesome articles. ","archived":false,"fork":false,"pushed_at":"2024-09-26T00:57:16.000Z","size":31930,"stargazers_count":2022,"open_issues_count":0,"forks_count":515,"subscribers_count":116,"default_branch":"master","last_synced_at":"2024-12-19T03:42:54.722Z","etag":null,"topics":["awesome","bounty-hunters","bug-bounty","cloud","dns","fuzz","github","hacker","hacking","java","list","pentest","redteam","research","sec","security","src","waf","web","xss"],"latest_commit_sha":null,"homepage":"https://tom0li.github.io/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tom0li.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-08-31T13:46:12.000Z","updated_at":"2024-12-18T11:03:21.000Z","dependencies_parsed_at":"2022-07-13T19:10:29.394Z","dependency_job_id":null,"html_url":"https://github.com/tom0li/collection-document","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tom0li%2Fcollection-document","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tom0li%2Fcollection-document/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tom0li%2Fcollection-document/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tom0li%2Fcollection-document/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tom0li","download_url":"https://codeload.github.com/tom0li/collection-document/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234569735,"owners_count":18854133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","bounty-hunters","bug-bounty","cloud","dns","fuzz","github","hacker","hacking","java","list","pentest","redteam","research","sec","security","src","waf","web","xss"],"created_at":"2024-08-01T09:01:09.329Z","updated_at":"2025-09-28T23:30:31.231Z","avatar_url":"https://github.com/tom0li.png","language":null,"funding_links":[],"categories":["\u003ca id=\"a4ee2f4d4a944b54b2246c72c037cd2e\"\u003e\u003c/a\u003e收集\u0026\u0026集合","3rdpart lists, mostly outdated","Others","Others (1002)","\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","其他_安全与渗透","miscellaneous"],"sub_categories":["\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","\u003ca id=\"f110da0bf67359d3abc62b27d717e55e\"\u003e\u003c/a\u003e新添加的","资源传输下载"],"readme":"# Project Description\nCollection of quality safety articles(To be rebuilt)\n```\nSome are inconvenient to release. \nSome forget update,can see me star. \ncollection-document awesome\n以前的链接中大多不是优质的 \n渗透测试部分不再更新 \n因精力有限,缓慢更新 \nAuthor: [tom0li] \nBlog: https://tom0li.github.io\n```\n- [Project Description](#project-description)\n - [Github-list](#github-list)\n - [Awesome-list](#awesome-list)\n - [开发](#开发)\n - [其它](#其它)\n - [安全](#安全)\n - [安全list](#安全list)\n - [安全市场洞察](#安全市场洞察)\n - [云安全](#云安全)\n - [云基础知识](#云基础知识)\n - [云原生安全](#云原生安全)\n - [云上攻防](#云上攻防)\n - [VM](#vm)\n - [vCenter](#vcenter)\n - [SLP](#slp)\n - [AI安全](#ai安全)\n - [新安全方案](#新安全方案)\n - [构建下一代安全](#构建下一代安全)\n - [零信任](#零信任)\n - [DevSecOps](#devsecops)\n - [威胁检测](#威胁检测)\n - [RASP](#rasp)\n - [HIDS](#hids)\n - [WAF](#waf)\n - [WAF建设指南](#waf建设指南)\n - [BypassWAF](#bypasswaf)\n - [Webshell检测](#webshell检测)\n - [反弹Shell检测](#反弹shell检测)\n - [EDR](#edr)\n - [AV](#av)\n - [横向移动检测-蜜罐思路](#横向移动检测-蜜罐思路)\n - [恶意流量检测](#恶意流量检测)\n - [IDS](#ids)\n - [文本检测](#文本检测)\n - [安全运营](#安全运营)\n - [数据安全](#数据安全)\n - [网络测绘](#网络测绘)\n - [通信安全](#通信安全)\n - [端对端通信(初版)](#端对端通信初版)\n - [SNI](#sni)\n - [个人安全](#个人安全)\n - [APT研究](#apt研究)\n - [高级威胁-list](#高级威胁-list)\n - [威胁情报](#威胁情报)\n - [钓鱼](#钓鱼)\n - [C2-RAT](#c2-rat)\n - [预警\u0026研究](#预警研究)\n - [ImageMagick](#imagemagick)\n - [Exchange](#exchange)\n - [Privilege-Escalation](#privilege-escalation)\n - [VPN](#vpn)\n - [Sangfor](#sangfor)\n - [Pulse](#pulse)\n - [Palo](#palo)\n - [Fortigate](#fortigate)\n - [Citrix Gateway/ADC](#citrix-gatewayadc)\n - [Tomcat](#tomcat)\n - [FUZZING](#fuzzing)\n - [代码审计-JAVA](#代码审计-java)\n - [反序列化-其他](#反序列化-其他)\n - [RMI](#rmi)\n - [Shiro](#shiro)\n - [Fastjson](#fastjson)\n - [Dubbo](#dubbo)\n - [CAS](#cas)\n - [Solr模版注入](#solr模版注入)\n - [Apache Skywalking](#apache-skywalking)\n - [Spring](#spring)\n - [Spring-boot](#spring-boot)\n - [Spring-cloud](#spring-cloud)\n - [Spring-data](#spring-data)\n - [区块链](#区块链)\n - [渗透](#渗透)\n - [边界渗透](#边界渗透)\n - [渗透记录和总结](#渗透记录和总结)\n - [信息收集](#信息收集)\n - [靶场](#靶场)\n - [渗透技巧](#渗透技巧)\n - [内网渗透](#内网渗透)\n - [Exchange利用(旧)](#exchange利用旧)\n - [hash ticket Credential](#hash-ticket-credential)\n - [代理转发与端口复用](#代理转发与端口复用)\n - [内网平台](#内网平台)\n - [内网技巧](#内网技巧)\n - [提权利用](#提权利用)\n - [Bug_Bounty](#bug_bounty)\n - [Web](#web)\n - [XXE](#xxe)\n - [XSS](#xss)\n - [Jsonp](#jsonp)\n - [CORS](#cors)\n - [CSRF](#csrf)\n - [SSRF](#ssrf)\n - [SQL](#sql)\n - [文件包含](#文件包含)\n - [上传](#上传)\n - [任意文件读取](#任意文件读取)\n - [Web缓存欺骗](#web缓存欺骗)\n - [Web缓存投毒](#web缓存投毒)\n - [SSI](#ssi)\n - [SSTI](#ssti)\n - [JS](#js)\n - [DNS](#dns)\n - [其他](#其他)\n - [Git](#git)\n - [二维码](#二维码)\n - [爬虫](#爬虫)\n - [效率](#效率)\n - [科普](#科普)\n - [Contribute](#contribute)\n - [Acknowledgments](#acknowledgments)\n - [Star](#star)\n\n## Github-list\n### Awesome-list\n\n* [awesome-web-security](https://github.com/qazbnm456/awesome-web-security) \n* [Awesome-Hacking](https://github.com/Hack-with-Github/Awesome-Hacking) - 万星list \n* [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis)\n* [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources.\n* [Security](https://github.com/sbilly/awesome-security) - Software, libraries, documents, and other resources.\n* [An Information Security Reference That Doesn't Suck](https://github.com/rmusser01/Infosec_Reference)\n* [Security Talks](https://github.com/PaulSec/awesome-sec-talks) - Curated list of security conferences.\n* [OSINT](https://github.com/jivoi/awesome-osint) - Awesome OSINT list containing great resources.\n* [The toolbox of open source scanners](https://github.com/We5ter/Scanners-Box) - The toolbox of open source scanners\n* [blackhat-arsenal-tools](https://github.com/toolswatch/blackhat-arsenal-tools) - Official Black Hat Arsenal Security Tools Repository\n* [awesome-iot-hacks](https://github.com/nebgnahz/awesome-iot-hacks)\n* [awesome-awesome](https://github.com/emijrp/awesome-awesome)\n* [Curated list of awesome lists](https://github.com/sindresorhus/awesome)\n* [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists.\n* [PENTESTING-BIBLE](https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE) - 安全相关的内容\n* [Web-Security-Learning](https://github.com/CHYbeta/Web-Security-Learning) - by CHYbeta\n* [Software-Security-Learning](https://github.com/CHYbeta/Software-Security-Learning) - by CHYbeta\n* [MiscSecNotes](https://github.com/JnuSimba/MiscSecNotes) - by JnuSimba notes \n* [AndroidSecNotes](https://github.com/JnuSimba/AndroidSecNotes) - notes\n* [LinuxSecNotes](https://github.com/JnuSimba/LinuxSecNotes) - notes\n* [resource collection of python security and code review](https://github.com/bit4woo/python_sec)\n* [Pentest_Interview](https://github.com/Leezj9671/Pentest_Interview)\n* [tanjiti 信息源](https://github.com/tanjiti/sec_profile) - by 百度tanjiti 每天爬取的安全信息源\n* [CVE-Flow](https://github.com/404notf0und/CVE-Flow) - by 404notfound 监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送\n* [security_w1k1](https://github.com/euphrat1ca/security_w1k1/) euphrat1ca师傅时时刻刻更新和安全相关的仓库\n\n### 开发\n\n* [互联网 Java 工程师进阶知识完全扫盲](https://github.com/doocs/advanced-java)\n* [Java学习+面试指南 一份涵盖大部分Java程序员所需要掌握的核心知识](https://github.com/Snailclimb/JavaGuide)\n* [Python Cheat Sheet ](https://github.com/crazyguitar/pysheeet)\n* [A collection of full-stack resources for programmers.](https://github.com/charlax/professional-programming)\n* [web, 前端, javascript, nodejs, electron, babel, webpack, rollup, react, vue ...](https://github.com/senntyou/blogs)\n* [关于Python的面试题](https://github.com/taizilongxu/interview_python)\n* [Python-100-Days](https://github.com/jackfrued/Python-100-Days)\n* [python3-source-code-analysis](https://github.com/flaggo/python3-source-code-analysis)\n* [Coding Interview University](https://github.com/jwasham/coding-interview-university)\n* [tech-interview-handbook](https://github.com/yangshun/tech-interview-handbook) - good\n* [面试必备基础知识](https://github.com/CyC2018/CS-Notes)\n* [CS基础](https://github.com/selfboot/CS_Offer/)\n* [算法/深度学习/NLP面试笔记](https://github.com/imhuay/Algorithm_Interview_Notes-Chinese)\n* [算法手记](https://github.com/labuladong/fucking-algorithm)\n* [数据结构和算法必知必会的50个代码实现](https://github.com/wangzheng0822/algo)\n* [interview_internal_reference](https://github.com/0voice/interview_internal_reference) \n* [reverse-interview](https://github.com/yifeikong/reverse-interview-zh) - 技术面试最后反问面试官的话\n\n### 其它\n\n* [信息安全从业者书单推荐](https://github.com/riusksk/secbook)\n* [专为程序员编写的英语学习指南 v1.2](https://github.com/yujiangshui/A-Programmers-Guide-to-English)\n* [中国程序员容易发音错误的单词](https://github.com/shimohq/chinese-programmer-wrong-pronunciation)\n* [对开发人员有用的定律、理论、原则和模式](https://github.com/nusr/hacker-laws-zh)\n* [SecLists](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists used during security assessments.\n* [A collection of web attack payloads](https://github.com/foospidy/payloads) payloads集\n* [安全相关思维导图整理收集](https://github.com/phith0n/Mind-Map) - by p牛 \n* [安全思维导图集合](https://github.com/SecWiki/sec-chart) -by SecWiki\n* [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources) - HackerOne Reports\n* [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security.\n* [Infosec](https://github.com/onlurking/awesome-infosec) - Information security resources for pentesting, forensics, and more.\n* [YARA](https://github.com/InQuest/awesome-yara) - YARA rules, tools, and people.\n* [macOS-Security-and-Privacy-Guide](https://github.com/drduh/macOS-Security-and-Privacy-Guide)\n* [awesome-security-weixin-official-accounts](https://github.com/DropsOfZut/awesome-security-weixin-official-accounts) \n* [2018-2020青年安全圈-活跃技术博主/博客](https://github.com/404notf0und/Security-Data-Analysis-and-Visualization) - by 404notf0und\n* [996.Leave](https://github.com/623637646/996.Leave)\n* [租房要点,适用于北上广深杭](https://github.com/soulteary/tenant-point)\n* [北京买房](https://github.com/facert/beijing_house_knowledge)\n* [北京买房图鉴](https://github.com/yangyiRunning/Beijing-House)\n* [上海买房](https://github.com/ayuer/shanghai_house_knowledge)\n* [杭州买房](https://github.com/houshanren/hangzhou_house_knowledge)\n* [awesome-macOS](https://github.com/iCHAIT/awesome-macOS) - mac软件\n* [awesome-mac](https://github.com/jaywcjlove/awesome-mac/blob/master/README-zh.md#%E5%BC%80%E5%8F%91%E8%80%85%E5%B7%A5%E5%85%B7) - mac软件\n* [ruanyf](https://github.com/ruanyf/weekly) - 科技爱好者周刊\n\n## 安全\n### 安全list\n\n* [arxiv.org](https://arxiv.org/) 论文库\n* [404notf0und学习记录](https://github.com/404notf0und/Always-Learning#APT%E6%A3%80%E6%B5%8B) 关注安全检测部分\n* [Donot师傅收集的入侵检测相关的内容](https://github.com/donot-wong/SecAcademic)\n* [郑瀚-Blog](https://www.cnblogs.com/littlehann/) 遍历看\n* [cdxy-Blog](https://www.cdxy.me/) 太帅\n* [zuozuovera-Blog](https://www.zuozuovera.com/) 心灵手巧\n* [安全学术圈2018年度总结](https://mp.weixin.qq.com/s/eQ5os0Fdb498BoQLKUDmrA) - 微信号安全学术圈\n* [security-hardening](https://github.com/decalage2/awesome-security-hardening) 安全加固大全\n\n### 安全市场洞察\n介绍安全市场概况、趋势、规律。国内外有安全业务厂商\n\n* [XDef安全峰会2021](https://mp.weixin.qq.com/s/RlEu_qVaj1rIhBuf0vQp8g)\n\n### 云安全\n#### 云基础知识\n\n* [虚拟化简介](https://yuvaly0.github.io/2020/06/19/introduction-to-virtualization.html)\n* [kvm](https://github.com/yifengyou/learn-kvm) yifengyou师傅 kvm笔记\n\n#### 云原生安全\n\n* [Google:BeyondProd模型](https://cloud.google.com/security/beyondprod?hl=zh-cn)\n* [美团云原生之容器安全实践](https://tech.meituan.com/2020/03/12/cloud-native-security.html) \n* [云原生入侵检测趋势观察](https://xz.aliyun.com/t/7841)\n* [云原生带来的云安全机遇](https://www.freebuf.com/articles/network/242950.html) 云原生安全市场概况(非技术)\n* [阿里云安全白皮书](https://github.com/tom0li/collection-document/blob/master/%E9%98%BF%E9%87%8C%E4%BA%91%E5%AE%89%E5%85%A8%E7%99%BD%E7%9A%AE%E4%B9%A6.pdf)\n\n#### 云上攻防\n\n* [Awesome-serverless](https://github.com/puresec/awesome-serverless-security/)\n* [云原生渗透](https://mp.weixin.qq.com/s/Aq8RrH34PTkmF8lKzdY38g) neargle师傅的关于云原生渗透记录,介绍云原生渗透可能碰到的服务及对应的测试思路,目前是国内公开的介绍渗透云原生概论最全的\n* [Red Teaming for Cloud](https://mp.weixin.qq.com/s/lUHd6lmFl3m9BMdSC2wwcw) 清晰的阐述什么是red team, 部分典型cloud pentest路径\n* [tom0li: docker逃逸小结](https://tom0li.github.io/Docker%E9%80%83%E9%80%B8%E5%B0%8F%E7%BB%93%E7%AC%AC%E4%B8%80%E7%89%88/) 以攻击角度介绍docker逃逸3类方法,介绍一些逃逸实际场景以及针对工程师攻击方法\n* [Kubernetes security](https://github.com/kabachook/k8s-security) This repo is a collection of kubernetes security stuff and research.\n* [serverless functions攻防初探](https://www.cdxy.me/?p=836) 介绍serverless functions攻击路径和防御检测手法\n* [RDS数据库攻防](https://xz.aliyun.com/t/8451) 通过信息泄漏的非子ACCESSKEY,配置后可外网连接RDS\n* [容器与云的碰撞——一次对 MinIO 的测试](https://mp.weixin.qq.com/s/X04IhY9Oau-kDOVbok8wEw) 主要是MinIO对象存储的SSRF漏洞,POST SSRF 307跳转构造利用\n* [Kubernetes中使用Helm2的安全风险](http://rui0.cn/archives/1573) 阐述针对Helm2获取secrets具体操作\n* [K8s 6443批量入侵调查](https://www.cdxy.me/?p=833) 鉴权配置不当,允许匿名用户以特权请求k8s api,请求pod创建docker,在docker执行创建特权docker并执行恶意命令,删除创建pod\n* [K8s渗透测试之kube-apiserver利用](https://www.cdxy.me/?p=839) 介绍了经典攻击路径,获取的pod中寻找高权限service acount\n* [K8s渗透测试etcd的利用](https://www.cdxy.me/?p=827) 介绍未授权etcd和攻击者有cert时渗透命令,读取service account token命令、接管集群命令\n* [K8s数据安全之Secrets防护方案](https://www.cdxy.me/?p=832)\n* [Fantastic Conditional Access Policies and how to bypass them](https://dirkjanm.io/assets/raw/fantastic_policies_cloud_roundup.pdf) Dirk-jan师傅的Azure议题\n* [I’m in your cloud: A year of hacking Azure AD](https://dirkjanm.io/assets/raw/Im%20in%20your%20cloud%20bluehat-v1.0.pdf) Dirk-jan师傅的Azure议题\n* [Istio访问授权再曝高危漏洞CVE-2020-8595](https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==\u0026mid=2247487481\u0026idx=1\u0026sn=02a38db691331634fe41a413beb58694\u0026chksm=e84fa926df382030ac57be9c1ee9cb8836ec37fc79e3a2cef68acb6945a51f0ed94882e39611) Istio 完全匹配模式exact匹配不当未授权访问\n\n#### VM \n##### vCenter\n* [CVE-2021-21972 vCenter 6.5-7.0 RCE 漏洞分析](http://noahblog.360.cn/vcenter-6-5-7-0-rce-lou-dong-fen-xi/)\n* [VMware vCenter RCE 漏洞踩坑实录——一个简单的RCE漏洞到底能挖出什么知识 ](https://mp.weixin.qq.com/s/eamNsLY0uKHXtUw_fiUYxQ) 介绍为什么不能在burp修改数据包来上传文件\n\n##### SLP\n* [CVE-2020-3992 \u0026 CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi ](https://www.zerodayinitiative.com/blog/2021/3/1/cve-2020-3992-amp-cve-2021-21974-pre-auth-remote-code-execution-in-vmware-esxi) 介绍两个cve,VM官方在openSLP基础上维护的SLP有UAF漏洞且可绕过补丁\n\n### AI安全\n* [AI-for-Security-Learning](https://github.com/404notf0und/AI-for-Security-Learning) AI的力量 - by 404notf0und\n* [0xMJ:AI-Security-Learning](https://github.com/0xMJ/AI-Security-Learning#webshell%E6%A3%80%E6%B5%8B)\n* [Adversarial ML Threat Matrix](https://github.com/mitre/advmlthreatmatrix) 针对Machine Learning系统的对抗\n* [AI安全的威胁风险矩阵](https://ai.tencent.com/ailab/media/AI%E5%AE%89%E5%85%A8%E7%9A%84%E5%A8%81%E8%83%81%E9%A3%8E%E9%99%A9%E7%9F%A9%E9%98%B5.pdf)\n* [基于机器学习的Web管理后台识别方法探索](https://security.tencent.com/index.php/blog/msg/176) 介绍腾讯内部流量系统后台识别模块设计概况\n\n### 新安全方案\n#### 构建下一代安全\n\n* [弹性安全网络 - 构建下一代安全的互联网](https://mp.weixin.qq.com/s/epFSC88J7LF3BGwQdoZ-Rg)\n\n#### 零信任\n\n* [张欧:数字银行可信网络实践](https://mp.weixin.qq.com/s/VRG9LEbGTxhpMmCUTUSA8w) 零信任理念\n* [零信任下代理工具](https://github.com/mandatoryprogrammer/CursedChrome/blob/master/README.md) 把chrome作为代理,可以通过chrome访问受害者可以访问web服务\n\n#### DevSecOps\n\n* [DevSecOps理念及思考](https://mp.weixin.qq.com/s/_jBmFdtyXY5D_YrrTUP1iQ) 腾讯安全应急响应中心\n* [Awesome-DevSecOps](https://github.com/devsecops/awesome-devsecops)\n\n### 威胁检测\n* [安全智能应用的一些迷思](https://zhuanlan.zhihu.com/p/88042567)\n\n#### RASP\n\n* [浅谈RASP](https://lucifaer.com/2019/09/25/%E6%B5%85%E8%B0%88RASP/)\n* [以OpenRASP为基础-展开来港港RASP的类加载](https://xz.aliyun.com/t/8148)\n\n#### HIDS\n\n* [分布式HIDS集群架构设计](https://www.cnxct.com/distributed-hids-cluster-architecture-design/) 美团技术团队\n\n#### WAF\n##### WAF建设指南\n\n* [WAF建设运营及AI应用实践](https://mp.weixin.qq.com/s?__biz=MjM5NzE1NjA0MQ==\u0026mid=2651199346\u0026idx=1\u0026sn=99f470d46554149beebb8f89fbcb1578\u0026chksm=bd2cf2d48a5b7bc2b3aecb501855cc2efedc60f6f01026543ac2df5fa138ab2bf424fc5ab2b0\u0026scene=21#wechat_redirect)\n\n##### BypassWAF\n\n* [门神WAF众测总结](https://mp.weixin.qq.com/s/w5TwFl4Ac1jCTX0A1H_VbQ)\n* [个人总结的waf绕过注入思路(附带6种常见waf的绕过方法)](https://www.t00ls.net/viewthread.php?tid=43687\u0026extra=\u0026page=1)\n* [老司机带你过常规WAF](https://www.secpulse.com/archives/69983.html)\n* [SQL注入ByPass的一些小技巧](https://mp.weixin.qq.com/s/fSBZPkO0-HNYfLgmYWJKCg)\n* [在HTTP协议层面绕过WAF](https://www.freebuf.com/news/193659.html)\n* [利用分块传输吊打所有WAF](https://www.anquanke.com/post/id/169738)\n* [WAF绕过的捷径与方法](https://www.qiaoyue.net/2019/WAF%E7%BB%95%E8%BF%87%E7%9A%84%E6%8D%B7%E5%BE%84%E4%B8%8E%E6%96%B9%E6%B3%95/)\n* [对过WAF的一些认知](http://static.anquanke.com/download/b/security-geek-2019-q2/article-18.html)\n* [WAF Bypass之webshell上传jsp与tomcat](https://www.anquanke.com/post/id/210630#)\n* [各种姿势jsp webshell](https://xz.aliyun.com/t/7798)\n\n#### Webshell检测\n\n* [查杀Java web filter型内存马](http://gv7.me/articles/2020/kill-java-web-filter-memshell/)\n* [Filter/Servlet型内存马的扫描抓捕与查杀](https://gv7.me/articles/2020/filter-servlet-type-memshell-scan-capture-and-kill/)\n* [杂谈Java内存Webshell的攻与防](https://mp.weixin.qq.com/s/DRbGeVOcJ8m9xo7Gin45kQ) \n* [JSP Webshell那些事 -- 攻击篇](https://mp.weixin.qq.com/s/YhiOHWnqXVqvLNH7XSxC9w)\n* [Webshell攻与防PHP](https://github.com/qiyeboy/kill_webshell_detect/blob/master/%E7%9F%A5%E8%AF%86%E6%98%9F%E7%90%83-webshell%E6%94%BB%E4%B8%8E%E9%98%B2.pdf) \n* [污点传递理论在Webshell检测中的应用 - PHP篇](https://mp.weixin.qq.com/s/MFmSliCQaaVEQ0E66vN5Xg)\n* [新开始:webshell的检测](https://iami.xyz/New-Begin-For-Nothing/)\n* [利用 intercetor 注入 spring 内存 webshell](https://github.com/LandGrey/webshell-detect-bypass/blob/master/docs/inject-interceptor-hide-webshell/inject-interceptor-hide-webshell.md) 文章是攻击利用角度\n\n#### 反弹Shell检测\n\n* [反弹Shell原理及检测技术研究](https://www.cnblogs.com/LittleHann/p/12038070.html) -by LittleHann\n* [反弹Shell剖析](https://cloud.tencent.com/developer/article/1645464)\n* [详解反弹shell多维检测技术](https://www.freebuf.com/articles/network/263684.html)\n\n#### EDR\n\n* [Lets-create-an-edr-and-bypass](https://ethicalchaos.dev/2020/06/14/lets-create-an-edr-and-bypass-it-part-2/)\n* [openedr](https://github.com/ComodoSecurity/openedr) 开源产品edr\n\n#### AV\n\n* [exploiting-almost-every-antivirus-software](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/) 反制av,使用链接方式借av高权限达到任意文件删除\n* [Bypassing Windows Defender Runtime Scanning](https://labs.f-secure.com/blog/bypassing-windows-defender-runtime-scanning/) 枚举测试调用哪些api会触发Defender检测,发现创建CreateProcess和CreateRemoteThread时触发Defender,提出三种解决方案,重写api调用、添加修改指令动态解密加载、使Defender不扫描该区域,作者针对Defender扫描机制(虚拟内存比较大,只扫描MEM_PRIVATE或RWX页权限),当可疑的API被调用时动态设置PAGE_NOACCESS内存权限Defender不会对其安全扫描\n* [Engineering antivirus evasion](https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/)\n* [Bypass Windows DefenderAttack Surface Reduction](https://data.hackinn.com/ppt/OffensiveCon2019/Bypass%20Windows%20Exploit%20Guard%20ASR.pdf)\n* [Defender 扫描文件名问题](http://2016.eicar.org/85-0-Download.html)\n* [herpaderping](https://github.com/jxy-s/herpaderping) 一种新型 bypass defender \n* [实现一款 shellcodeLoader](https://paper.seebug.org/1413/) 介绍一些shellcode执行方法,bypass sandbox方法\n* [Malware_development_part](https://0xpat.github.io/Malware_development_part_5/) 恶意软件系列教程\n* [杀软检测及其Hook点list](https://github.com/D3VI5H4/Antivirus-Artifacts/blob/main/ANTIVURUS_ARTIFACTS.pdf)\n\n#### 横向移动检测-蜜罐思路\n\n* [Honeypots](https://github.com/paralax/awesome-honeypots) - Honeypots, tools, components, and more.\n* [Hunting for Skeleton Key Implants](https://riccardoancarani.github.io/2020-08-08-hunting-for-skeleton-keys/) 检测Skeleton Key 持久化\n* [创建蜜罐账户检测Kerberoast](https://www.pentestpartners.com/security-blog/honeyroasting-how-to-detect-kerberoast-breaches-with-honeypots/)\n\n#### 恶意流量检测\n\n* [DataCon2020题解:通过蜜罐与DNS流量追踪Botnet](https://www.cdxy.me/?p=829)\n* [DNS Tunnel隧道隐蔽通信实验 \u0026\u0026 尝试复现特征向量化思维方式检测](https://www.cnblogs.com/LittleHann/p/8656621.html#_label0)\n* [maltrail](https://github.com/stamparm/maltrail#introduction) 开源流量检测产品\n* [cobalt-strike-default-modules-via-named-pipe检测](https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis/) 检测CS上线后执行默认模块的内存pipe\n* [用DNS数据进行威胁发现](https://mp.weixin.qq.com/s/6CtRd7o4IjreLaU-hFt9vQ) 介绍360DNSMON 使用DNS监控发现skidmap后门,一些分析手法\n* [DNSMon: 用DNS数据进行威胁发现](https://blog.netlab.360.com/use-dns-data-produce-threat-intelligence-2/) 通过DNSMON监控到事件,关联分析事件\n* [evading-sysmon-dns-monitoring](https://blog.xpnsec.com/evading-sysmon-dns-monitoring/)\n* [use-dns-data-produce-threat-intelligence](https://blog.netlab.360.com/use-dns-data-produce-threat-intelligence/)\n\n\n\n#### IDS\n\n* [我们来谈一谈IDS签名](https://www.anquanke.com/post/id/102948#h2-0)\n* [不按顺序来的 TCP 包](https://strcpy.me/index.php/archives/789/)\n* [网络层绕过 IDS/IPS 的一些探索](https://paper.seebug.org/1173/)\n\n#### 文本检测\n\n* [机器学习在二进制代码相似性分析中的应用](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==\u0026mid=2458303210\u0026idx=1\u0026sn=345f8cec156ada8fa9bf6a6d6de83906\u0026chksm=b1818a6086f60376e766baf472171d8e2c780b2913568b46b683e3112fcc5f86c9bf4c19e38b\u0026mpshare=1\u0026scene=1\u0026srcid=\u0026sharer_sharetime=1580984631757\u0026sharer_shareid=5dc01f49f38fd64ff3e64844bc7d2ea7\u0026exportkey=A0qHBeUryuXO6zhGWt5OJNw%3D\u0026pass_ticket=gjTFXl4hPMTBWzlKpWZWqK8HivXQ8q7ChNndmw4I8JrdAK0jWWFvKIq7OMnO3BhL#rd)\n\n\n\n### 安全运营\n\n* [如何评价安全工作的好坏](https://zhuanlan.zhihu.com/p/226493047) 腾讯'职业欠钱'的向上管理的一些分享\n\n### 数据安全\n\n* [互联网企业数据安全体系建设](https://tech.meituan.com/2018/05/24/data-security-system-construction.html)\n* [浅谈数据安全](https://iami.xyz/Talk-about-data-security/)\n\n#### 网络测绘\n* [简单聊聊网络空间测绘纵横之道](https://www.anquanke.com/post/id/226007)\n* [让网络空间测绘技术不再那么飘忽不定](https://mp.weixin.qq.com/s/lr39F9kNOfHlMimgymzVwg) by 赵武 网络测绘关注点\n* [记录一些网络空间测绘/搜索引擎相关的资料](https://github.com/EXHades/CyberSpaceSearchEngine-Research)\n\n### 通信安全\n#### 端对端通信(初版)\n* [史上最全的zoom漏洞和修复方案介绍](https://mp.weixin.qq.com/s/a7mN0lTeXxA3YmZZxIGNRg)\n* [对安全即时通讯软件的流量分析攻击](https://www.anquanke.com/post/id/208678#)\n* [Shadowsocks基于二次混淆加密传输的数据保密性原理分析](https://www.secrss.com/articles/18469)\n\n#### SNI\n* [ESNI](https://www.cloudflare.com/zh-cn/learning/ssl/what-is-encrypted-sni/) what-is-encrypted-sni\n* [encrypted-client-hello-the-future-of-esni-in-firefox](https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/)\n* [encrypted-client-hello](https://blog.cloudflare.com/encrypted-client-hello/)\n\n### 个人安全\n\n* [Tor-0day-Finding-IP-Addresses](https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-IP-Addresses.html)\n* [lcamtuf:灾难计划](https://lcamtuf.coredump.cx/prep/)\n* [tom0li:个人隐私保护](https://tom0li.github.io/%E4%B8%AA%E4%BA%BA%E9%9A%90%E7%A7%81%E4%BF%9D%E6%8A%A4/) 普通人隐私保护思路\n* [保护隐私](https://github.com/No-Github/Digital-Privacy) 关于数字隐私搜集方法list\n* [Supercookie浏览器访问指纹识别](https://supercookie.me/workwise) Supercookie uses favicons to assign a unique identifier to website visitors. 使用多个访问url区别用户\n\n### APT研究\n前期列出的大部分是攻击的内容,包含apt跟踪报告等。\n\n#### 高级威胁-list\n\n* [Red-Team-Infrastructure-Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki)\n* [分析APT报告集合](https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections) 强推\n* [论高级威胁的本质和攻击力量化研究](http://www.vxjump.net/files/aptr/aptr.txt)\n* [OffensiveCon会议](https://www.offensivecon.org/) 不再一一展示\n* [ATT\u0026CK](https://attack.mitre.org/matrices/enterprise/)\n* [Red Team从0到1的实践与思考](https://mp.weixin.qq.com/s/cyxC4Of4Ic9c_vujQayTLg) 介绍Red Team是什么,适合团队内部red建设\n* [MITRE | ATT\u0026CK 中文站](https://huntingday.github.io) 知识导图,已不再更新\n* [fireeye 威胁研究](https://www.fireeye.com/blog/threat-research.html) 知名威胁分析公司\n* [red-team-and-the-next](https://devco.re/blog/2019/10/24/evolution-of-DEVCORE-red-team-and-the-next/) -by DEVCORE\n\nredrain及其团队的Anti Threat文章\n* [Noah blog](http://noahblog.360.cn/) Anti Threat and Threat Actors through Noah Lab Analysts\n* [烽火实验室 blog](https://blogs.360.cn/)\n* [APT 分析及 TTPs 提取](https://paper.seebug.org/1132/)\n* [关于ATT&CK/APT/归因的讨论](https://weibo.com/ttarticle/p/show?id=2309404450471736639616)\n* [Legends Always Die -- FireEye Summit中英雄联盟供应链攻击简述](https://card.weibo.com/article/m/show/id/2309404426957856047151) 对一起供应链攻击溯源,基础信息比如域名/ip/email,联系历史apt活动\n* [XShellGhost事件技术回顾报告](https://cert.360.cn/static/files/XShellGhost%E4%BA%8B%E4%BB%B6%E6%8A%80%E6%9C%AF%E5%9B%9E%E9%A1%BE%E6%8A%A5%E5%91%8A.pdf)\n* [Kingslayer A supply chain attack](http://www.hackdog.me/article/Kingslayer-A_supply_chain_attack--Part_1.html)\n\nSolarwinds供应链分析\n* [从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战](https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q) 代表qianxin分析Solarwinds攻击行为\n* [Solarwinds分析](https://go.recordedfuture.com/hubfs/reports/pov-2020-1230.pdf) \n* [Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor](https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html)\n* [SUNBURST分析其他细节](https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html)\n\n#### 威胁情报\n* [对朝鲜指控书](https://www.justice.gov/opa/press-release/file/1092091/download) 花费十年时间的归类过程\n* [浅谈网络攻击的“归因”](https://www.secrss.com/articles/14864) 介绍一些APT归类的指标、方法(参考Cyber Attribution文档) 以及一些归类文档\n* [什么是威胁情报](https://www.secrss.com/articles/16577) 介绍什么是威胁情报定义、分类、有哪些指标,通过一些案例介绍溯源归类过程\n\n\n#### 钓鱼\n* [SMTP用户枚举原理简介及相关工具](http://www.freebuf.com/articles/web/182746.html) - 用于获取用户字典\n* [鱼叉攻击](https://payloads.online/archivers/2020-02-05/1)\n* [论如何反击用AWVS的黑客](http://www.freebuf.com/news/136476.html)\n* [从MySQL出发的反击之路](https://xz.aliyun.com/t/3277)\n* [Mysql Client 任意文件读取攻击链拓展](https://paper.seebug.org/1112/)\n* [恶意MySQL Server读取MySQL Client端文件](http://scz.617.cn/network/202001101612.txt)\n* [https://github.com/BloodHoundAD/BloodHound/issues/267](https://github.com/BloodHoundAD/BloodHound/issues/267) -xss\n* [Ghidra从XXE到RCE](https://xlab.tencent.com/cn/2019/03/18/ghidra-from-xxe-to-rce/) 针对工程师\n* [来自微信外挂的安全风险](https://xlab.tencent.com/cn/2018/10/23/weixin-cheater-risks/) 针对个人\n* [nodejs仓库钓鱼](https://www.cnblogs.com/index-html/p/npm_package_phishing.html) 针对工程师\n* [制作Visual Stuio Code的恶意插件](https://d0n9.github.io/2018/01/17/vscode%20extension%20%E9%92%93%E9%B1%BC/#) 针对工程师\n* [VS CODE钓鱼](https://blog.doyensec.com/2020/03/16/vscode_codeexec.html) 针对工程师\n* [Python package 钓鱼](https://paper.seebug.org/326/) 针对工程师\n* [docker客户端钓鱼](https://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence.pdf) 针对工程师\n* [利用恶意页面攻击本地Xdebug](https://xlab.tencent.com/cn/2018/03/) 针对工程师\n* [华为HG532路由器钓鱼RCE](https://xlab.tencent.com/cn/2018/01/05/a-new-way-to-exploit-cve-2017-17215/) 针对个人\n* [内网钓鱼]()\n```\nRMI反序列化\nWIN远程连接漏洞CVE-2019-1333\nMysql读文件\u0026反序列化\nDubbo反序列化\nIDE反序列化\n恶意vpn\n恶意控件\n笔记软件rce\n社交软件rce\nNodeJS库rce\nPython package 钓鱼\nVSCODE EXTENSION 钓鱼\nVS Studio钓鱼\nTwitter钓鱼\n红包插件钓鱼防撤回插件\n解压rce\n破解软件钓鱼\ndocker客户端钓鱼\ndocker镜像钓鱼\nXdebug\nGhidra钓鱼\nbloodhound钓鱼\nAWVS钓鱼\n蚁剑\n浏览器插件\n云盘污染\n```\n* [..etc]()\n\n\n邮件伪造\n* [一封伪造邮件引发的“探索”(涉及钓鱼邮件、SPF和DKIM等)](http://www.freebuf.com/articles/web/138764.html)\n* [SPF 记录:原理、语法及配置方法简介](https://www.renfei.org/blog/introduction-to-spf.html)\n* [邮件伪造技术与检测](https://www.secpulse.com/archives/78738.html)\n* [伪造电子邮件以及制造电子邮件炸弹的攻防探讨](https://www.freebuf.com/sectool/184555.html)\n* [绕过DKIM验证,伪造钓鱼邮件](http://www.4hou.com/web/7857.html)\n* [Best Practices on Email Protection: SPF, DKIM and DMARC](https://wiki.zimbra.com/wiki/Best_Practices_on_Email_Protection:_SPF,_DKIM_and_DMARC)\n* [Cobalt Strike Spear Phish](https://evi1cg.me/archives/spear_phish.html)\n* [Gsuite SMTP inject](https://www.ehpus.com/post/smtp-injection-in-gsuite)\n\n#### C2-RAT\n\n目前只是简单列一下\n* [Koadic C3 COM Command \u0026 Control - JScript RAT](https://github.com/zerosum0x0/koadic)\n* [QuasarRAT](https://github.com/quasar/QuasarRAT)\n* [CS]()\n\n## 预警\u0026研究\n* [Top 10 Web Hacking Techniques of 2017](https://portswigger.net/blog/top-10-web-hacking-techniques-of-2017) - 一个nb的网站\n* [Top-10-web-hacking-techniques-of-2018](https://portswigger.net/research/top-10-web-hacking-techniques-of-2018)\n* [安全PPT大全](http://www.vipread.com/)\n* [us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA](https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf) -Orange pwn vpn\n* [bypass沙箱](https://yuange1975.blogspot.com/2019/08/bypass.html) -yuange\n* [编译原理在安全领域的应用](https://mp.weixin.qq.com/s/6SqdcbyABfBxSaNfDlFKog)\n* [软件无线电和开源基站在漏洞挖掘中的应用 PART 4:基带安全的一些探索和学习资源整合](https://cn0xroot.com/2020/11/21/part-4/) by 雪碧 0xroot\n* [recovering-passwords-from-pixelized-screenshots-sipke-mellema](https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema) 去除文本马赛克,测试限制条件过多,需要同一截图软件、xy坐标、字体、颜色\n\n### ImageMagick\n\n* [ImageMagick漏洞凑热闹手札](https://d0n9.github.io/2018/08/22/ImageMagick%20%E6%BC%8F%E6%B4%9E%E5%87%91%E7%83%AD%E9%97%B9%E6%89%8B%E6%9C%AD/#)\n* [如何使用Fuzzing挖掘ImageMagick的漏洞](https://github.com/lcatro/Fuzzing-ImageMagick/blob/master/%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8Fuzzing%E6%8C%96%E6%8E%98ImageMagick%E7%9A%84%E6%BC%8F%E6%B4%9E.md)\n* [ImageMagick-CVE-2016-3714 命令执行分析](http://www.zerokeeper.com/vul-analysis/ImageMagick-CVE-2016-3714.html)\n* [Imagemagick 邂逅 getimagesize 的那点事儿](https://paper.seebug.org/969/)\n\n### Exchange\n\n* [Microsoft Exchange漏洞记录(撸向域控) - CVE-2018-8581](https://www.cnblogs.com/iamstudy/articles/Microsoft_Exchange_CVE-2018-8581.html)\n* [利用 Exchange SSRF 漏洞和 NTLM 中继沦陷域控](https://xax007.github.io/2019-01-26-pwn-domain-admin-via-exchange-ssrf/)\n* [Microsoft Exchange漏洞分析 CVE-2018-8581](http://www.cnblogs.com/iamstudy/articles/Microsoft_Exchange_CVE-2018-8581_2.html)\n* [Microsoft Exchange 任意用户伪造漏洞(CVE-2018-8581)分析](https://paper.seebug.org/804/)\n* [.Net 反序列化之 ViewState 利用](https://paper.seebug.org/1386/)\n* [proxylogon](https://www.praetorian.com/blog/reproducing-proxylogon-exploit/)\n* [生成ViewState的程序实现](https://mp.weixin.qq.com/s/n5UNEc_1-nqMROQg31W_WA)\n\n### Privilege-Escalation\n* [Ubuntu-gdm3-accountsservice-LPE](https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE)\n\n### VPN\n\n#### Sangfor\n* [深信服后台RCE](https://www.cnblogs.com/potatsoSec/p/12326356.html)\n* [深信服前台RCE由于没公开不附链接]()\n\n#### Pulse\n* [Pulse-secure-read-passwd-to-rce](https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html) -by orange\n* [Pulse Connect Secure RCE CVE-2020-8218](https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/) \n* [Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)](https://research.nccgroup.com/2020/10/06/technical-advisory-pulse-connect-secure-rce-via-template-injection-cve-2020-8243/)\n\n#### Palo\n* [Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!](https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html)\n\n#### Fortigate\n* [Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN](https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html)\n \n#### Citrix Gateway/ADC\n* [Citrix Gateway/ADC 远程代码执行漏洞分析](https://blog.riskivy.com/citrix-gateway-adc-%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/)\n\n### Tomcat\n\n* [Apache Tomcat 8.x vulnerabilities](https://tomcat.apache.org/security-8.html)\n\n### FUZZING\n* [Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing)\n* [Fuzzing平台建设的研究与设计](http://riusksk.me/2020/01/21/Fuzzing%E5%B9%B3%E5%8F%B0%E5%BB%BA%E8%AE%BE%E7%9A%84%E7%A0%94%E7%A9%B6%E4%B8%8E%E8%AE%BE%E8%AE%A1-paper/) by 泉哥\n* [探索先进自动化漏洞挖掘技术中的不足](https://mp.weixin.qq.com/s/1q_YCJoyCREtgU3X2_0uqQ) 覆盖度问题\n* [Fuzzing战争: 从刀剑弓斧到星球大战](https://mp.weixin.qq.com/s?__biz=MzI3ODI4NDM2MA==\u0026mid=2247483742\u0026idx=1\u0026sn=55414da793fdf882cd6a0e396857678a\u0026scene=21#wechat_redirect) Flanker 讲解Fuzzing历史趋势\n* [Fuzzing战争系列之二:不畏浮云遮望眼](https://mp.weixin.qq.com/s/G26MJOH4VPene1Sd_zjEQw) Coverage-Guided Fuzzing 解决闭源思路 Static or Dynamic \u0026 Dynamic Tracing\n* []()\n\n## 代码审计-JAVA\n\n* [javasec.org](https://javasec.org/) -by 园长\n* [JAVA代码审计的一些Tips(附脚本)](https://xz.aliyun.com/t/1633)\n* [敏信Java代码审计-层层推进](https://xz.aliyun.com/t/2074)\n* [Java漏洞代码](https://github.com/JoyChou93/java-sec-code)\n* [代码审计知识星球精选](https://tricking.io)\n\n### 反序列化-其他\n\n* [Java-Deserialization-Cheat-Sheet](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet#java-native-serialization-binary)\n* [tomcat不出网回显](https://xz.aliyun.com/t/7535)\n* [Java 反序列化回显的多种姿势](https://xz.aliyun.com/t/7740)\n* [半自动化挖掘request实现多种中间件回显](http://gv7.me/articles/2020/semi-automatic-mining-request-implements-multiple-middleware-echo/)\n* [Java 后反序列化漏洞利用思路](http://rui0.cn/archives/1338)\n* [URL ECCENTRICITIES IN JAVA](https://blog.pwnl0rd.me/post/lfi-netdoc-file-java/) java url类请求导致的ssrf lfi 泄漏java版本\n* [HSQLDB 安全测试指南](https://xz.aliyun.com/t/9162#) HSQLDB(HyperSQL DataBase) 是一个完全由Java编写的小型嵌入式数据库\n\n### RMI\n\n* [Java RMI入门](http://scz.617.cn/network/202003121717.txt)\n* [attacking-java-rmi-services-after-jep-290](https://mogwailabs.de/blog/2019/03/attacking-java-rmi-services-after-jep-290/)\n* [针对RMI服务的九重攻击 - 上](https://xz.aliyun.com/t/7930)\n* [针对RMI服务的九重攻击 - 下](https://xz.aliyun.com/t/7932)\n* [一次攻击内网rmi服务的深思](https://forum.90sec.com/t/topic/388/1) 解决REJECTED 报错\n\n### Shiro\n\n* [Shiro RememberMe 漏洞检测的探索之路](https://blog.xray.cool/post/how-to-find-shiro-rememberme-deserialization-vulnerability/) 从使用空SimplePrincipalCollection检测key到Tomcat通用回显到检测过程会碰到的种种困难\n* [从一次开发漏洞看shiro的正确使用](https://xz.aliyun.com/t/5287)\n* [Shiro RememberMe 1.2.4 反序列化导致的命令执行漏洞](https://paper.seebug.org/shiro-rememberme-1-2-4/)\n* [强网杯“彩蛋”——Shiro 1.2.4(SHIRO-550)漏洞之发散性思考](https://blog.zsxsoft.com/post/35)\n* [Shiro 721 Padding Oracle攻击漏洞分析](https://www.anquanke.com/post/id/193165#h2-14)\n* [Shiro权限绕过漏洞分析](https://www.freebuf.com/vuls/231909.html)\n* [Java代码执行漏洞中类动态加载的应用](https://mp.weixin.qq.com/s?__biz=MzAwNzk0NTkxNw==\u0026mid=2247484622\u0026idx=1\u0026sn=8ec625711dcf87f0b6abe67483f0534d) 不出网注册filter reGeorg代理\n\n### Fastjson\n\n* [fastjson反序列化利用](https://lazydog.me/post/fastjson-JdbcRowSetImpl-rce-exploit.html)\n* [FastJson =\u003c 1.2.47 反序列化漏洞浅析](https://bithack.io/forum/393)\n* [FASTJSON反序列化之基于JNDI利用方式](https://manning23.github.io/2018/03/01/Fastjson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96jndi%E5%88%A9%E7%94%A8%E8%BF%87%E7%A8%8B%E5%88%86%E6%9E%90/)\n* [Fastjson反序列化漏洞调试分析](https://www.angelwhu.com/blog/?p=552)\n* [FastJson 反序列化学习](http://www.lmxspace.com/2019/06/29/FastJson-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%A6%E4%B9%A0/)\n* [浅谈Fastjson RCE漏洞的绕过史](https://www.freebuf.com/vuls/208339.html)\n* [通过dnslog探测fastjson的几种方法](http://gv7.me/articles/2020/several-ways-to-detect-fastjson-through-dnslog/)\n* [fastjson 1.2.68 autotype bypass gadget 的一种挖掘思路](https://hackcrowd.com/forum_detail/828)\n\n### Dubbo\n\n* [Dubbo2.7.7反序列化漏洞绕过分析](https://mp.weixin.qq.com/s/jKM-Z2BTFfk_Ro1rJAxg5w) 云鼎实验室\n* [Dubbo 2.7.8多个远程代码执行漏洞](https://xz.aliyun.com/t/8917)\n* [如何绕过高版本JDK的限制进行JNDI注入利用](https://kingx.me/Restrictions-and-Bypass-of-JNDI-Manipulations-RCE.html) 绕过高版本JDK限制:利用LDAP返回序列化数据,触发本地Gadget。为什么放到Dubbo下面,因为在Dubbo碰到的问题。\n\n### CAS\n\n* [Apereo CAS 4.X execution参数反序列化漏洞分析](https://xz.aliyun.com/t/7032)\n* [Apereo CAS 反序列化漏洞分析及回显利用](https://www.anquanke.com/post/id/197086)\n\n### Solr模版注入\n\n* [Apache Solr Injection Research](https://github.com/veracode-research/solr-injection#introduction)\n* [Apache Solr Velocity 模板注入漏洞深度分析](https://paper.seebug.org/1107/)\n* [Apache solr Velocity模版远程命令执行漏洞分析](http://gv7.me/articles/2019/apache-solr-velocity-rce-20191031/)\n* [solr-injection](https://github.com/artsploit/solr-injection#introduction)\n\n### Apache Skywalking\n* [Apache Skywalking远程代码执行漏洞分析](https://nosec.org/home/detail/4682.html)\n\n### Spring\n#### Spring-boot\n* [Spring Boot Vulnerability Exploit CheckList](https://github.com/LandGrey/SpringBootVulExploit)\n* [java 安全开发之 spring boot Thymeleaf 模板注入](https://paper.seebug.org/1332/)\n\n#### Spring-cloud\n* [Spring Cloud Config Server 路径穿越与任意文件读取漏洞分 CVE-2019-3799](https://xz.aliyun.com/t/4844)\n\n#### Spring-data\n* [Spring Data Redis \u003c=2.1.0反序列化漏洞](https://xz.aliyun.com/t/2339)\n\n## 区块链\n* [Knowledge Base 慢雾安全团队知识库](https://github.com/slowmist/Knowledge-Base)\n* [慢雾安全团队github](https://github.com/slowmist/)\n\n## 渗透\n### 边界渗透\n#### 渗透记录和总结\n\n* [hacked-Facebook](https://devco.re/blog/2020/09/12/how-I-hacked-Facebook-again-unauthenticated-RCE-on-MobileIron-MDM/) -by Orange\n* [Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out](https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf) -Orange 打开的潘多拉魔盒\n* [渗透标准](https://www.processon.com/view/583e8834e4b08e31357bb727)\n* [pentest-bookmarks](https://github.com/riskawarrior/pentest-bookmarks)\n* [awesome-pentest](https://github.com/enaqx/awesome-pentest) - A collection of awesome penetration testing resources.\n* [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets.\n* [Pentesting checklists for various engagements](https://github.com/netbiosX/Checklists)\n* [pentest-wiki](https://github.com/nixawk/pentest-wiki/)\n* [Micropoor](https://github.com/Micropoor/Micro8)\n* [渗透测试实战第三版](https://github.com/tom0li/collection-document/blob/master/%5B%E8%AF%91%5D%20%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E5%AE%9E%E6%88%98%E7%AC%AC%E4%B8%89%E7%89%88(%E7%BA%A2%E9%98%9F%E7%89%88).pdf)\n* [Web Service 渗透测试从入门到精通](https://www.anquanke.com/post/id/85910)\n* [老文一次艰难的渗透纪实](https://xz.aliyun.com/t/2122)\n* [渗透Hacking Team过程](https://xz.aliyun.com/t/2146)\n* [ssrf内网漫游](https://github.com/r35tart/Penetration_Testing_Case/blob/master/%E4%BD%8E%E5%8D%B1SSRF%E6%8F%90%E6%9D%83%E8%BF%9B%E5%86%85%E7%BD%91.pdf)\n* [渗透记录1](https://www.freebuf.com/vuls/211842.html)\n* [渗透记录2](https://www.freebuf.com/vuls/211847.html)\n* [tom0li: 逻辑漏洞小结](https://tom0li.github.io/%E9%80%BB%E8%BE%91%E6%BC%8F%E6%B4%9E%E5%B0%8F%E7%BB%93/)\n* [Web中间件常见漏洞总结](https://www.t00ls.net/viewthread.php?tid=51654\u0026highlight=%E4%B8%AD%E9%97%B4%E4%BB%B6)\n* [Mysql数据库渗透及漏洞利用总结simeon](https://xianzhi.aliyun.com/forum/topic/1491)\n* [林林总总的Host Header Attack](https://mp.weixin.qq.com/s?__biz=MzI2NjUwNjU4OA==\u0026mid=2247483858\u0026idx=1\u0026sn=2170052e99a41de3f98a6f1729dba764\u0026chksm=ea8c59e1ddfbd0f7267095ae6da027661993b9d98b06a7d3d1f4c5e11a42cfa741ed7b21826b\u0026scene=0#rd)\n* [Redis主从利用ppt](https://github.com/tom0li/collection-document/blob/master/15-redis-post-exploitation.pdf)\n* [Web攻防之暴力破解 何足道版](https://mp.weixin.qq.com/s/_zzHPAeWvSp4ckDz0_PltQ)\n* [浅谈中间件漏洞与防护](https://thief.one/2017/05/25/1/)\n* [NFS的攻击与防御](http://www.4hou.com/system/8069.html)\n* [利用Web应用中隐藏的文件夹和文件获取敏感信息](https://xz.aliyun.com/t/3677)\n* [Whitepaper: Security Cookies](https://www.netsparker.com/security-cookies-whitepaper/)\n* [服务器开放debug安全内容](https://security.tencent.com/index.php/blog/msg/137)\n* [Kubernetes安全入门](https://xz.aliyun.com/t/4276)\n* [OOB](https://www.freebuf.com/articles/web/201013.html)\n* [H2 database渗透总结](https://www.sec-in.com/article/827)\n* [Atlassian产品漏洞整理](https://www.anquanke.com/post/id/197665)\n#### 信息收集\n\n* [Red Team 视角的信息收集技术](http://blkstone.github.io/2017/04/28/pentest-recon/)\n* [渗透神器系列 搜索引擎](https://thief.one/2017/05/19/1/)\n* [Google Hacking Database](https://github.com/K0rz3n/GoogleHacking-Page/blob/master/Google%20Hacking%20Database.md)\n* [Google Hacking](https://github.com/K0rz3n/GoogleHacking-Page/blob/master/Basic%20knowledge.md)\n* [Shodan自动化利用](https://xz.aliyun.com/t/2070)\n* [Shodan在渗透测试及漏洞挖掘中的一些用法](https://www.cnblogs.com/miaodaren/p/7904484.html)\n* [Shodan的http.favicon.hash语法详解与使用技巧](https://www.cnblogs.com/miaodaren/p/9177379.html)\n* [Shodan手册](https://b404.gitbooks.io/shodan-manual/) - 中文\n* [Shodan手册](https://community.turgensec.com/shodan-pentesting-guide) dorks\n* [Web应用安全测试前期情报收集方法与工具的介绍](http://www.freebuf.com/sectool/174417.html)\n\n\n#### 靶场\n\n* [vulhub](https://github.com/vulhub/vulhub)\n* [vulfocus](https://github.com/fofapro/vulfocus)\n\n#### 渗透技巧\n\n* [BurpSuite多重代理](https://www.anquanke.com/post/id/85925)\n* [Frida.Android.Practice (ssl unpinning)](https://github.com/WooyunDota/DroidDrops/blob/master/2018/Frida.Android.Practice.md)\n* [IIS7以上突破无脚本执行权限限制](https://forum.90sec.org/forum.php?mod=viewthread\u0026tid=10562\u0026extra=page%3D2) \n* [sql二次注入和截断联合使用](https://forum.90sec.org/forum.php?mod=viewthread\u0026tid=10377\u0026extra=page%3D3)\n* [sql二次注入和截断补充说明](https://forum.90sec.org/forum.php?mod=viewthread\u0026tid=10383\u0026extra=page%3D3)\n* [phpMyAdmin新姿势getshell](http://www.91ri.org/17525.html) -需用ROOT权限设置参数开启\n* [phpmyadmin4.8.1后台getshell](https://www.secpulse.com/archives/72817.html)\n* [无效HTTP请求绕过Lighttpd重写规则](https://www.anquanke.com/post/id/148328)\n* [RFI 绕过 URL 包含限制 getshell](https://paper.seebug.org/923/) win服务器 php文件包含 绕过allow_url_fopen allow_url_include = off\n* [2个思路](https://xz.aliyun.com/t/6587) - 读取连接mysql客户端系统信息,上传\n* [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) - Payloads 大全\n* [JNI技术绕过rasp防护实现jsp webshell](https://mp.weixin.qq.com/s?__biz=MzA5Mzg3NTUwNQ==\u0026mid=2447804425\u0026idx=1\u0026sn=91515259ee4d8a204d40e0aee8177f58)\n* [代理不当日进内网](https://mp.weixin.qq.com/s/EtUmfMxxJjYNl7nIOKkRmA)\n* [浅析反向代理](https://www.anquanke.com/post/id/150436)\n* [iptable介绍](https://github.com/tom0li/security_circle/blob/master/15552854825122.md)\n* [结合直接系统调用和sRDI来绕过AV / EDR](https://bbs.pediy.com/thread-253564.htm)\n* [FB Django Debug Stacktrace RCE](https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/)\n* [Redis on Windows 出网利用探索](https://xz.aliyun.com/t/8153) 太帅了\n* [工具| sqlmap payload修改之路](http://www.freebuf.com/column/161535.html)\n* [工具| sqlmap payload修改之路(下)](https://mp.weixin.qq.com/s/ZBJ2ZvXv1n4BcvhZFPRqRA)\n* [sqlmap源码分析](https://www.t00ls.net/viewthread.php?tid=41863\u0026extra=page%3D1%26amp%3Borderby%3Drecommends%26amp%3Bfilter%3Drecommend)\n* [sqlmap源码分析一](https://lorexxar.cn/2016/08/09/sqlmap-source1/)\n* [sqlmap源码分析二](https://lorexxar.cn/2016/08/11/sqlmap-source2/)\n* [sqlmap源码分析三](https://lorexxar.cn/2016/08/16/sqlmap-source3/)\n* [sqlmap源码分析四](https://lorexxar.cn/2016/08/18/sqlmap-source4/)\n* [诸神之眼nmap定制化之初识NSE](http://www.freebuf.com/column/164388.html)\n* [诸神之眼nmap定制化之NSE进阶](http://www.freebuf.com/column/165252.html)\n* [Burpsuite你可能不知道的技巧](http://www.freebuf.com/articles/rookie/156928.html)\n* [awesome-burp-extensions](https://github.com/snoopysecurity/awesome-burp-extensions)\n* [对AWVS一次简单分析](http://blog.wils0n.cn/archives/145/)\n* [擦除AWVS一些标志](http://0cx.cc/replace_wvs_by_wyproxy.jspx)\n* [nmap谈谈端口探测的经验与原理](http://www.freebuf.com/articles/network/146087.html)\n* [我的Web应用安全模糊测试之路](https://gh0st.cn/archives/2018-07-25/1)\n* [Wfuzz初上手](https://www.secpulse.com/archives/78638.html)\n* [Wfuzz基本功](https://www.secpulse.com/archives/81560.html)\n* [Wfuzz高阶功法1](https://gh0st.cn/archives/2018-10-28/3)\n* [Wfuzz高阶功法2](https://www.secpulse.com/archives/83173.html)\n* [xray高级版破解](https://lgf.im/posts/security/reverse/xray-cracker/)\n\n\n### 内网渗透\n\n之前给出的文章有些内容有错误,需要实践检查\n* [AD-Attack-Defense](https://github.com/infosecn1nja/AD-Attack-Defense)\n* [l3m0n:从零开始内网渗透学习](https://github.com/l3m0n/pentest_study)\n* [uknowsec / Active-Directory-Pentest-Notes](https://github.com/uknowsec/Active-Directory-Pentest-Notes)\n* [Intranet_Penetration_Tips](https://github.com/Ridter/Intranet_Penetration_Tips)\n* [对国外某内网渗透的一次小结](https://forum.90sec.org/forum.php?mod=viewthread\u0026tid=9264\u0026highlight=%C4%DA%CD%F8) - 老文新手练手入门\n* [针对国内一大厂的后渗透 – 持续](https://wsygoogol.github.io/2018/01/11/%E9%92%88%E5%AF%B9%E5%9B%BD%E5%86%85%E4%B8%80%E5%A4%A7%E5%8E%82%E7%9A%84%E5%90%8E%E6%B8%97%E9%80%8F-%E2%80%93-%E6%8C%81%E7%BB%AD/) - 入门实战\n* [记一次横向渗透](https://www.lz1y.cn/2018/12/26/%E8%AE%B0%E4%B8%80%E6%AC%A1%E6%A8%AA%E5%90%91%E6%B8%97%E9%80%8F/)\n* [内网渗透记录](https://paper.seebug.org/1144) 关键词:委派、relay、bypassAV、webdev XXE -by A-TEAM\n* [Windows内网渗透入门](https://mp.weixin.qq.com/s/OGiDm3IHBP3_g0AOIHGCKA) -by 腾讯安平部\n* [NTLM-Relay](https://mp.weixin.qq.com/s/aemG5XwVdyzNbOBXztDUbA)\n\n#### Exchange利用(旧)\n\n* [深入 Exchange Server 在网络渗透下的利用方法](https://paper.seebug.org/775/)\n* [Exchange在渗透测试中的利用](https://evi1cg.me/archives/Exchange_Hack.html)\n* [Microsoft Exchange漏洞记录(撸向域控) - CVE-2018-8581](https://www.cnblogs.com/iamstudy/articles/Microsoft_Exchange_CVE-2018-8581.html)\n* [利用 Exchange SSRF 漏洞和 NTLM 中继沦陷域控](https://xax007.github.io/2019-01-26-pwn-domain-admin-via-exchange-ssrf/)\n* [Microsoft Exchange漏洞分析](http://www.cnblogs.com/iamstudy/articles/Microsoft_Exchange_CVE-2018-8581_2.html)\n* [Microsoft Exchange 任意用户伪造漏洞(CVE-2018-8581)分析](https://paper.seebug.org/804/)\n* [Exchange服务器远程代码执行漏洞复现分析](https://xz.aliyun.com/t/7299)\n\n#### hash ticket Credential\n\n* [花式窃取NetNTLM哈希的方法](https://paper.seebug.org/474/)\n* [敞开的地狱之门:Kerberos协议的滥用](http://www.freebuf.com/articles/system/45631.html)\n* [NTLM-Relay](https://mp.weixin.qq.com/s/1LpgGx3-YA5aR0Mx9iryCQ)\n* [Practical guide to NTLM Relaying in 2017](https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html)\n* [The worst of both worlds: Combining NTLM Relaying and Kerberos delegation](https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/)\n* [红队与理论:Credential Relay 与 EPA](https://paper.seebug.org/844/)\n* [高级域渗透技术之传递哈希已死-LocalAccountTokenFilterPolicy万岁](https://www.4hou.com/technology/17668.html)\n* [Windows内网协议学习NTLM篇之漏洞概述](https://www.anquanke.com/post/id/194514)\n* [kerberos介绍](https://shenaniganslabs.io/media/Constructing%20Kerberos%20Attacks%20with%20Delegation%20Primitives.pdf)\n\n#### 代理转发与端口复用\n\n* [渗透测试技巧之内网穿透方式与思路总结](https://xz.aliyun.com/t/1623)\n* [内网漫游之SOCKS代理大结局](https://paper.tuisec.win/detail/fc04d85ab57c8bf)\n* [iptables端口复用](https://threathunter.org/topic/594545184ea5b2f5516e2033)\n* [驱动级端口复用]()\n* [Web服务中间件端口复用]()\n* [win IIS端口复用](https://www.secrss.com/articles/12696)\n\n#### 内网平台\n\n推荐看官方手册\n* [内网剑客三结义](https://paper.tuisec.win/detail/4f04eff9c0f5b82)\n* [渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗](https://xz.aliyun.com/t/4191)\n* [CobaltStrike修改指南]()\n* [Metasploit驰骋内网直取域管首级](https://www.anquanke.com/post/id/85518)\n* [一篇文章精通PowerShell Empire 2.3(上)](http://bobao.360.cn/learning/detail/4760.html)\n* [一篇文章精通PowerShell Empire 2.3(下)](http://bobao.360.cn/learning/detail/4761.html)\n* [Powershell攻击指南黑客后渗透之道系列——基础篇](https://www.anquanke.com/post/id/87976)\n* [Powershell攻击指南黑客后渗透之道系列——进阶利用](https://www.anquanke.com/post/id/88851)\n* [Powershell攻击指南黑客后渗透之道系列——实战篇](https://www.anquanke.com/post/id/89362)\n* [nishang-ps](http://www.4hou.com/technology/5962.html)\n* [Empire实战域渗透](http://www.4hou.com/technology/4704.html)\n\n#### 内网技巧\n\n* [渗透技巧——Windows系统远程桌面的多用户登录](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Windows%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E6%A1%8C%E9%9D%A2%E7%9A%84%E5%A4%9A%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95/)\n* [渗透技巧之隐藏自己的工具](https://github.com/tom0li/security_circle/blob/master/51122255581554.md)\n* [白名单下载恶意代码的一个技巧](https://github.com/tom0li/security_circle/blob/master/28511224554581.md)\n* [白名单下载恶意代码](https://github.com/tom0li/security_circle/blob/master/51288554228124.md)\n* [一条命令实现无文件兼容性强的反弹后门,收集自强大的前乌云](https://github.com/tom0li/security_circle/blob/master/15288418585142.md)\n* [渗透技巧——从github下载文件的多种方法](https://xianzhi.aliyun.com/forum/topic/1649/)\n* [渗透技巧——从Admin权限切换到System权限](http://www.4hou.com/technology/8814.html)\n* [渗透技巧——程序的降权启动](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E7%A8%8B%E5%BA%8F%E7%9A%84%E9%99%8D%E6%9D%83%E5%90%AF%E5%8A%A8/)\n* [强制通过VPN上网,VPN断线就断网](https://www.t00ls.net/articles-38739.html)\n* [ip代理工具shadowProxy-代理池](https://mp.weixin.qq.com/s/ENjRuI5FZArtzV5H4LbJng)\n* [渗透技巧——Windows系统的帐户隐藏](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Windows%E7%B3%BB%E7%BB%9F%E7%9A%84%E5%B8%90%E6%88%B7%E9%9A%90%E8%97%8F/)\n* [渗透技巧——”隐藏”注册表的更多测试](http://www.4hou.com/penetration/9132.html)\n* [渗透技巧——Windows日志的删除与绕过](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Windows%E6%97%A5%E5%BF%97%E7%9A%84%E5%88%A0%E9%99%A4%E4%B8%8E%E7%BB%95%E8%BF%87/)\n* [渗透技巧——Token窃取与利用](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Token%E7%AA%83%E5%8F%96%E4%B8%8E%E5%88%A9%E7%94%A8/)\n* [域渗透——获得域控服务器的NTDS.dit文件](https://3gstudent.github.io/3gstudent.github.io/%E5%9F%9F%E6%B8%97%E9%80%8F-%E8%8E%B7%E5%BE%97%E5%9F%9F%E6%8E%A7%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84NTDS.dit%E6%96%87%E4%BB%B6/)\n* [渗透技巧——获得Windows系统的远程桌面连接历史记录](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E8%8E%B7%E5%BE%97Windows%E7%B3%BB%E7%BB%9F%E7%9A%84%E8%BF%9C%E7%A8%8B%E6%A1%8C%E9%9D%A2%E8%BF%9E%E6%8E%A5%E5%8E%86%E5%8F%B2%E8%AE%B0%E5%BD%95/)\n* [域渗透——利用SYSVOL还原组策略中保存的密码](https://xianzhi.aliyun.com/forum/topic/1653/)\n* [Windows 日志攻防之攻击篇](https://threathunter.org/topic/593eb1bbb33ad233198afcfa)\n* [针对 win 的入侵日志简单处理](https://klionsec.github.io/2017/05/19/wevtutil/)\n* [从活动目录中获取域管理员权限的6种方法](http://www.4hou.com/technology/4256.html)\n* [3gstudent/Pentest-and-Development-Tips](https://github.com/3gstudent/Pentest-and-Development-Tips)\n* [渗透测试中常见的小TIPS总结和整理](http://avfisher.win/archives/100)\n* [60字节 - 无文件渗透测试实验](https://www.n0tr00t.com/2017/03/09/penetration-test-without-file.html)\n* [3389user无法添加](http://www.91ri.org/5866.html)\n* [丢掉PSEXEC使用wmi来横向渗透](https://threathunter.org/topic/5940a6e59c58e020408a79ea)\n* [ms14-068域提权系列总结](https://www.t00ls.net/thread-43786-1-1.html)\n* [动手打造Bypass UAC自动化测试小工具,可绕过最新版Win10](http://www.freebuf.com/sectool/114592.html)\n* [DoubleAgent](https://github.com/Cybellum/DoubleAgent) -后渗透对杀软进行注入\n* [Extracting NTLM Hashes from keytab files](https://paper.tuisec.win/detail/ceac9f167bf27de)\n* [离线导出Chrome浏览器中保存的密码](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E7%A6%BB%E7%BA%BF%E5%AF%BC%E5%87%BAChrome%E6%B5%8F%E8%A7%88%E5%99%A8%E4%B8%AD%E4%BF%9D%E5%AD%98%E7%9A%84%E5%AF%86%E7%A0%81/)\n* [渗透技巧——利用Masterkey离线导出Chrome浏览器中保存的密码](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E5%88%A9%E7%94%A8Masterkey%E7%A6%BB%E7%BA%BF%E5%AF%BC%E5%87%BAChrome%E6%B5%8F%E8%A7%88%E5%99%A8%E4%B8%AD%E4%BF%9D%E5%AD%98%E7%9A%84%E5%AF%86%E7%A0%81/)\n* [域渗透——Kerberoasting](https://3gstudent.github.io/3gstudent.github.io/%E5%9F%9F%E6%B8%97%E9%80%8F-Kerberoasting/)\n* [老牌工具 PsExec 一个琐碎的细节](https://paper.seebug.org/503/)\n* [域渗透之使用CrackMapExec拿到我们想要的东西](https://www.anquanke.com/post/id/84980)\n* [Kerberos协议探索系列之委派篇](https://www.anquanke.com/post/id/173477)\n* [通过RDP反向攻击mstsc](https://paper.seebug.org/1074/) 监控剪切板\n* [远程提取凭证](https://beta.hackndo.com/remote-lsass-dump-passwords/)\n* [重新思考凭证盗窃](https://labs.f-secure.com/blog/rethinking-credential-theft)\n* [Ghost potato实际利用](https://www.lz1y.cn/2019/11/19/Ghost-potato%E5%AE%9E%E9%99%85%E5%88%A9%E7%94%A8/)\n* [PowerView](http://www.freebuf.com/sectool/173366.html)\n* [WMI在渗透测试中的重要性](https://www.secpulse.com/archives/72493.html)\n* [BloodHound](https://github.com/BloodHoundAD/BloodHound)\n* [BloodHound官方使用指南](https://www.cnblogs.com/backlion/p/10643132.html)\n* [Antimalware Scan Interface Provider for Persistence](https://b4rtik.github.io/posts/antimalware-scan-interface-provider-for-persistence/) 通过AMSI Provider Persistence \n* [Task Scheduler Lateral Movement](https://riccardoancarani.github.io/2021-01-25-random-notes-on-task-scheduler-lateral-movement/) 介绍以更小的动作利用计划任务\n\n#### 提权利用\n* [linux-kernel-exploitation](https://github.com/xairy/linux-kernel-exploitation) linux kernel exploitation 必看\n* [win提权辅助tool](https://github.com/GDSSecurity/Windows-Exploit-Suggester/)\n* [windows-kernel-exploits Windows平台提权漏洞集合](https://github.com/SecWiki/windows-kernel-exploits)\n* [linux-kernel-exploits Linux平台提权漏洞集合](https://github.com/SecWiki/linux-kernel-exploits)\n* [详解Linux权限提升的攻击与防护](https://www.anquanke.com/post/id/98628) 利用入门\n\n\n## Bug_Bounty\n\n* [bug bounty writeups](https://pentester.land/list-of-bug-bounty-writeups.html) - 类似乌云漏洞库。\n* [hackone-hacktivity](https://hackerone.com/hacktivity?sort_type=popular\u0026filter=type%3Aall\u0026querystring=\u0026page=1) 如果看完就不用看下面的Bug_Bounty\n* [awesome-bug-bounty](https://github.com/djadmin/awesome-bug-bounty) - A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters\n* [Recon](https://www.youtube.com/watch?v=p4JgIu1mceI\u0026feature=youtu.be)\n* [bugbounty-cheatsheet](https://github.com/EdOverflow/bugbounty-cheatsheet) \n* [bug-bounty-reference](https://github.com/ngalongc/bug-bounty-reference) \n* [Web Hacking 101 中文版](https://wizardforcel.gitbooks.io/web-hacking-101/content/)\n* [Webmin \u003c=1.920 远程命令执行漏洞 -CVE-2019-15107](https://xz.aliyun.com/t/6040) - 精炼\n* [Webmin CVE-2019-15642](https://twitter.com/chybeta/status/1167617571287289856)\n* [从 0 开始入门 Chrome Ext 安全(一) -- 了解一个 Chrome Ext](https://paper.seebug.org/1082/)\n* [从 0 开始入门 Chrome Ext 安全(二) -- 安全的 Chrome Ext](https://paper.seebug.org/1092/)\n* [从 CVE-2018-8495 看 PC 端 url scheme 的安全问题](https://paper.seebug.org/719/)\n* [短网址安全浅谈](https://mp.weixin.qq.com/s/4hGUZWXN6qzjMcbtZsYCSA)\n\n## Web\n### XXE\n* [XXE (XML External Entity Injection) 漏洞实践](http://www.mottoin.com/101806.html)\n* [如何挖掘Uber网站的XXE注入漏洞](http://www.mottoin.com/86853.html)\n* [XXE被提起时我们会想到什么](http://www.mottoin.com/88085.html)\n* [XXE漏洞的简单理解和测试](http://www.mottoin.com/92794.html)\n* [xxe漏洞检测及代码执行过程](http://www.cnblogs.com/wfzWebSecuity/p/6681114.html)\n* [浅谈XXE漏洞攻击与防御](http://thief.one/2017/06/20/1/)\n* [XXE漏洞分析](http://www.4o4notfound.org/index.php/archives/29/)\n* [XML实体注入漏洞攻与防](http://www.hackersb.cn/hacker/211.html)\n* [XML实体注入漏洞的利用与学习](http://uknowsec.cn/posts/notes/XML%E5%AE%9E%E4%BD%93%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E5%AD%A6%E4%B9%A0.html)\n* [XXE注入:攻击与防御 - XXE Injection: Attack and Prevent](http://le4f.net/post/xxe-injection-attack_and_prevent)\n* [黑夜的猎杀-盲打XXE](https://xianzhi.aliyun.com/forum/topic/122/)\n* [Hunting in the Dark - Blind XXE](https://blog.zsec.uk/blind-xxe-learning/)\n* [XMLExternal Entity漏洞培训模块](https://www.sans.org/freading-room/whitepapers/application/hands-on-xml-external-entity-vulnerability-training-module-34397)\n* [XXE漏洞攻防之我见](http://bobao.360.cn/learning/detail/3841.html)\n* [XXE漏洞利用的一些技巧](http://www.91ri.org/17052.html)\n* [神奇的Content-Type——在JSON中玩转XXE攻击](http://bobao.360.cn/learning/detail/360.html)\n* [XXE-DTD Cheat Sheet](https://web-in-security.blogspot.jp/2016/03/xxe-cheat-sheet.html)\n* [通过编码绕过一些cms对于xxe的检测](https://forum.90sec.org/forum.php?mod=viewthread\u0026tid=10334\u0026extra=page%3D3)\n* [利用EXCEL进行XXE攻击](https://xz.aliyun.com/t/3741)\n* [利用 EXCEL 文件进行 XXE 攻击的漏洞分析](https://www.jishuwen.com/d/2inW)\n* [EXCEL依赖库](https://www.cnblogs.com/iyiyang/articles/10055824.html)\n* [上传DOC文件XXE](https://www.03sec.com/2916.shtml)\n* [一篇文章带你深入理解漏洞之 XXE 漏洞](https://xz.aliyun.com/t/3357)\n\n### XSS\n* [AwesomeXSS](https://github.com/s0md3v/AwesomeXSS)\n* [浅谈XSS—字符编码和浏览器解析原理](https://security.yirendai.com/news/share/26)\n* [深入理解XSS编码--浏览器解析原理](https://xianzhi.aliyun.com/forum/topic/1556)\n* [XSS常见利用代码及原理](http://wps2015.org/2016/12/12/usually-used-xss-code/)\n* [前端防御从入门到弃坑--CSP变迁](https://paper.seebug.org/423/)\n* [XSS测试备忘录](http://momomoxiaoxi.com/2017/10/10/XSS/)\n* [浅谈跨站脚本攻击与防御](https://thief.one/2017/05/31/1/)\n* [跨站的艺术:XSS Fuzzing 的技巧](https://cloud.tencent.com/developer/article/1004753)\n* [从瑞士军刀到变形金刚--XSS攻击面扩展](https://xianzhi.aliyun.com/forum/topic/96)\n* [渗透测试技巧之一个XSS引发的漏洞利用与思考](https://xianzhi.aliyun.com/forum/topic/1967)\n* [xss_bypass_Uppercase](http://idoge.cc/index.php/archives/27/)\n* [XSSpayload交流以及研究](https://bbs.ichunqiu.com/forum.php?mod=viewthread\u0026tid=31886\u0026highlight=xss)\n* [记一次挖掘存储型XSS漏洞过程](http://www.secist.com/archives/5388.html)\n* [一次XSS突破的探险](https://mp.weixin.qq.com/s/bqhaRk5Fg1xIGTjbxxZvNw)\n* [香香的xss小记录(一)](https://mp.weixin.qq.com/s/S3KDp-XVzF-9pxTD2p9Cmw)\n* [Black-Hole专辑](http://www.freebuf.com/author/Black-Hole?page=1) -细读\n* [内网xss蠕虫](https://woj.app/2173.html)\n* [攻破黑市之拿下吃鸡DNF等游戏钓鱼站群](http://www.freebuf.com/articles/web/172330.html)\n* [前端安全系列(一):如何防止XSS攻击?](https://segmentfault.com/a/1190000016551188)\n* [上传Word文件形成存储型XSS路径](http://www.freebuf.com/articles/web/173250.html)\n* [XSS without parentheses and semi-colons](https://portswigger.net/blog/xss-without-parentheses-and-semi-colons)\n\n### Jsonp\n\n* [JSONP注入解析](http://www.freebuf.com/articles/web/126347.html)\n* [利用JSONP跨域获取信息](https://xianzhi.aliyun.com/forum/topic/176)\n* [漫谈同源策略攻防](https://www.anquanke.com/post/id/86078)\n* [浅谈跨域11](https://tom0li.github.io/%E6%B5%85%E8%B0%88%E8%B7%A8%E5%9F%9F/)\n* [使用request merging bypass referer(jsonp) 检测](http://blog.neargle.com/2017/09/01/use-request-merging-to-bypass-referer-check/)\n\n### CORS\n* [JSONP与CORS漏洞挖掘](https://www.anquanke.com/post/id/97671)\n* [浅谈CORS可能产生的漏洞](https://pediy.com/thread-225058.htm)\n* [cors安全完全指南](https://xz.aliyun.com/t/2745#toc-4)\n\n### CSRF\n\n* [关于JSON CSRF的一些思考](https://mp.weixin.qq.com/s/kLRxHfzikhmV7NjpRJH6SA)\n* [谈谈Json格式下的CSRF攻击](https://www.freebuf.com/articles/web/206407.html)\n### SSRF\n\n* [关于一些SSRF的技巧](https://mp.weixin.qq.com/s/3r_oBX8dfpDcEwLkAz26Ug)\n* [关于SSRF漏洞挖掘思路](https://mp.weixin.qq.com/s/HPNKYL4EvTOchVM1MvIIbw)\n* [SSRF in Java](https://xianzhi.aliyun.com/forum/topic/206)\n* [Dns Auto Rebinding](http://www.thinkings.org/2017/06/25/dns-auto-rebinding.html)\n* [通过DNS rebinding绕过同源策略攻击Transmission分析](https://www.anquanke.com/post/id/97366)\n* [SSRF漏洞的挖掘经验](https://sobug.com/article/detail/11)\n* [了解SSRF](https://xz.aliyun.com/t/2115)\n* [SSRF\u0026redis](https://xz.aliyun.com/t/5665)\n* [gopher-attack-surfaces](https://blog.chaitin.cn/gopher-attack-surfaces/)\n* [Use DNS Rebinding to Bypass SSRF in Java](https://paper.seebug.org/390)\n\n### SQL\n* [MySql注入备忘录](https://chybeta.github.io/2017/07/21/MySql%E6%B3%A8%E5%85%A5%E5%A4%87%E5%BF%98%E5%BD%95/)\n* [浅析白盒审计中的字符编码及SQL注入](https://www.leavesongs.com/PENETRATION/mutibyte-sql-inject.html)\n* [宽字节注入深度讲解](http://www.freebuf.com/column/165567.html)\n* [基于mysql下的几种写shell方法](http://sh1yan.top/?p=190)\n* [MSSQL 注入攻击与防御](https://www.anquanke.com/post/id/86011)\n* [MSSQL DBA权限获取WEBSHELL的过程](http://liehu.tass.com.cn/archives/608)\n* [SQLite手工注入Getshell技巧](http://liehu.tass.com.cn/archives/762)\n\n\n### 文件包含\n* [php文件包含漏洞](https://chybeta.github.io/2017/10/08/php%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E/)\n\n### 上传\n* [上传漏洞的靶场](https://github.com/c0ny1/upload-labs)\n\n### 任意文件读取\n\n* [新型任意文件读取漏洞的研究](https://www.leavesongs.com/PENETRATION/arbitrary-files-read-via-static-requests.html)\n* [一个任意文件读取漏洞记录](http://xdxd.love/2016/05/23/%E4%B8%80%E4%B8%AA%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/)\n* [任意文件读取的常用字典](http://blkstone.github.io/2017/12/18/arbitary-file-read-exploit/)\n\n### Web缓存欺骗\n* [Web Cache欺骗攻击](https://websec.readthedocs.io/zh/latest/vuln/webcache.html)\n* [Web缓存欺骗测试](https://www.freebuf.com/articles/web/161670.html)\n\n### Web缓存投毒\n* [Practical Web Cache Poisoning](https://portswigger.net/blog/practical-web-cache-poisoning)\n\n### SSI\n\n* [服务器端包含注入SSI分析总结](https://www.secpulse.com/archives/66934.html)\n\n### SSTI\n\n* [Flask Jinja2开发中遇到的的服务端注入问题研究](http://www.freebuf.com/articles/web/136118.html)\n* [FlaskJinja2 开发中遇到的的服务端注入问题研究 II](http://www.freebuf.com/articles/web/136180.html)\n\n### JS\n\n* [关于网站强奸剪切板那点事](https://www.v2ex.com/t/426432)\n* [引用外部脚本的隐患及防御](https://paper.seebug.org/527/)\n* [两次前端绕过渗透小结](https://www.freebuf.com/articles/web/158508.html)\n* [如何对经前端加密后的数据进行爆破](https://www.freebuf.com/articles/web/184455.html)\n* [对登录中账号密码进行加密之后再传输的爆破的思路和方式](https://www.freebuf.com/articles/web/127888.html)\n\n### DNS\n* [DNS域传送漏洞学习总结](https://larry.ngrep.me/2015/09/02/DNS-zone-transfer-studying/)\n* [利用Python实现DGA域名检测](http://www.freebuf.com/articles/web/145981.html)\n* [DNS-Persist: 利用 DNS 协议进行远程控制通信](https://github.com/0x09AL/DNS-Persist)\n* [本地DNS攻击原理与实例](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==\u0026mid=2247485308\u0026idx=1\u0026sn=35ef757470ec4057babfb898c5ec5c19\u0026chksm=ec1e3754db69be42b44976d6841842c7a42afc227d7dcd6c50bdbf4edcda028ae7cf90ada9a9#rd)\n* [error dns response](https://ripe75.ripe.net/presentations/20-A-curious-case-of-broken-DNS-responses-RIPE-75.pdf)\n* [DNS隧道检测平民解决方案](http://www.freebuf.com/articles/network/149328.html)\n* [DNS泛解析是怎么被黑客玩坏的](http://www.freebuf.com/news/133873.html)\n* [DNS Tunneling及相关实现](http://www.freebuf.com/sectool/112076.html)\n* [DNS 域传送tools](http://www.freebuf.com/sectool/79315.html)\n* [Dnslog在SQL注入中的实战](https://www.anquanke.com/post/id/98096)\n\n## 其他\n#### Git\n\n* [Git各种错误操作撤销的方法](http://www.bugcode.cn/git_undo.html)\n* [Git的tip](https://github.com/521xueweihan/git-tips)\n\n#### 二维码\n\n* [微信Netting-QRLJacking分析利用-扫我二维码获取你的账号权限](https://bbs.ichunqiu.com/forum.php?mod=viewthread\u0026tid=25923\u0026highlight=%E4%BA%8C%E7%BB%B4%E7%A0%81)\n* [Android平台下二维码漏洞攻击杂谈](https://wooyun.js.org/drops/Android%E5%B9%B3%E5%8F%B0%E4%B8%8B%E4%BA%8C%E7%BB%B4%E7%A0%81%E6%BC%8F%E6%B4%9E%E6%94%BB%E5%87%BB%E6%9D%82%E8%B0%88.html)\n* [二维码登陆的常见缺陷剖析](https://www.t00ls.net/thread-45152-1-1.html)\n* [二维码安全-淘宝例子](https://www.t00ls.net/thread-45618-1-1.html)\n\n#### 爬虫\n\n* [浅谈动态爬虫与去重](https://www.anquanke.com/post/id/85298)\n* [浅谈动态爬虫与去重(续)](https://www.anquanke.com/post/id/95294#h2-1)\n* [爬虫基础篇[Web 漏洞扫描器]](http://blog.fatezero.org/2018/03/05/web-scanner-crawler-01/)\n\n#### 效率\n之前的想起来补上\n\n* [chrome-is-bad](https://chromeisbad.com/) chrome带慢mac原因\n* [zsh 和 oh my zsh冷启动速度优化](https://blog.skk.moe/post/make-oh-my-zsh-fly/)\n\n#### 科普\n* [10大深网搜索引擎](http://www.freebuf.com/news/137844.html)\n* [在百度网盘上看到上万条车主个人信息,企业、政府高官信息、各种数据](https://bbs.ichunqiu.com/article-798-1.html)\n* [一道 CTF 题 get 到的新姿势](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==\u0026mid=2247485297\u0026idx=1\u0026sn=b9d5f80bcd37d1ce0596e1a2c251d9fb\u0026chksm=ec1e3759db69be4f84913826e4b4e5d79461061e0f61a4eb8889aa65909e2ab314391d94f87c#rd)\n* [iPhone锁屏却锁不住个人信息,iOS安全性真的很高吗?](http://www.freebuf.com/vuls/153848.html)\n* [弦哥从新加坡HITB黑客大会进口过来的黑魔法命令](https://github.com/tom0li/security_circle/blob/master/51115142241184.md)\n* [编程的重要性之 sqlmap 源码](https://github.com/tom0li/security_circle/blob/master/88511152424522.md)\n* [资讯400多个流行站点记录用户键击 或导致个人敏感信息泄露](http://bobao.360.cn/news/detail/4389.html)\n* [https劫持理解](https://forum.90sec.org/forum.php?mod=viewthread\u0026tid=10378\u0026extra=page%3D3)\n* [TCP 常见故障排查](https://ms2008.github.io/2018/06/01/tcp-troubleshooting/)\n* [银行卡quickpass闪付芯片通过EVM/PBOC读取隐私信息](https://bbs.ichunqiu.com/forum.php?mod=viewthread\u0026tid=25955\u0026ctid=48)\n* [txt文本文件去重及导入数据库处理](https://bbs.ichunqiu.com/forum.php?mod=viewthread\u0026tid=25725\u0026ctid=48)\n* [解析U盘病毒传播之文件欺骗](http://www.freebuf.com/articles/terminal/155063.html)\n* [深度剖析:手机指纹的马奇诺防线](https://paper.seebug.org/471/)\n* [网撸黑话+技巧大全 | 岂安低调分享](https://www.secpulse.com/archives/66549.html)\n* [国外14亿数据](http://www.03sec.com/3190.shtml)\n* [Word文件加密之后](https://www.secpulse.com/archives/67398.html)\n* [腾讯2017年度网络黑产威胁源研究报告](https://book.yunzhan365.com/odqt/yzzl/mobile/index.html)\n* [洗钱工具“手机充值卡”卡号卡密灰色行业套现洗白链](http://www.freebuf.com/column/163232.html)\n* [请求方法问题](http://www.freebuf.com/articles/web/172695.html)\n* [Python工具分析风险数据](https://www.secpulse.com/archives/66377.html)\n* [技术讨论 | 构建一个小巧的来电显示迷惑工具](http://www.freebuf.com/sectool/173730.html)\n* [google.com/machine-learning/crash-course/](https://developers.google.com/machine-learning/crash-course/?hl=zh-cn)\n* [远程定位追踪联网车辆以及利用思路分析](http://www.freebuf.com/vuls/178604.html)\n* [智能锁具攻防系列一初探](https://future-sec.com/intelligent-lock-attack-and-defense-1.html)\n* [我的世界观](https://mp.weixin.qq.com/s?__biz=MzA3NTEzMTUwNA==\u0026mid=200044901\u0026idx=1\u0026sn=2a40b65874b54f7d2c80303ee6558d9b#rd)\n* [偷U盘文件的神器](https://github.com/kenvix/USBCopyer)\n* [内网安全检查/渗透总结](https://xz.aliyun.com/t/2354)\n* [Linux内网渗透](https://thief.one/2017/08/09/2/)\n* [内网渗透思路探索 之新思路的探索与验证](https://paper.tuisec.win/detail/521f97451904b16)\n* [初级域渗透系列 - 01. 基本介绍\u0026信息获取](https://paper.tuisec.win/detail/2a7446285e7d085)\n* [初级域渗透系列 - 02. 常见攻击方法 - 1](https://paper.tuisec.win/detail/fc1086dabbc9002)\n* [初级域渗透系列 03. 常见攻击方法](https://paper.tuisec.win/detail/cd49c17ca23cece)\n* [内网渗透知识基础及流程](https://www.anquanke.com/post/id/170471)\n* [RemTeam攻击技巧和安全防御](https://xz.aliyun.com/t/4602)\n* [Web-Security-Note](https://github.com/Smi1eSEC/Web-Security-Note)\n* [Web安全中比较好的文章](https://github.com/spoock1024/web-security) - 主要是新人入门方向\n* [Fuzz自动化Bypass软WAF姿势](https://4hou.win/wordpress/?p=15613)\n* [灰袍2017](https://github.com/ChrisLinn/greyhame-2017)\n* [一次红队之旅](https://xz.aliyun.com/t/2389) 入门\n* [非正经硬盘脱密方式](https://mp.weixin.qq.com/s/yaWCeemFXA3DkJNR22Nbig)\n* [linux-suid-privilege-escalation](https://www.leavesongs.com/PENETRATION/linux-suid-privilege-escalation.html)\n* [Hard_winGuide.md](https://github.com/CHEF-KOCH/HWAB/blob/master/Guide.md)\n* [Enterprise-Registration-Data-of-Chinese-Mainland](https://github.com/imhuster/Enterprise-Registration-Data-of-Chinese-Mainland)\n* [道哥的黑板报](https://zhuanlan.zhihu.com/taosay) - 思考很深的年轻人 真正的大牛 \n* [Why ping uses UDP port 1025](http://terenceli.github.io/%E6%8A%80%E6%9C%AF/2021/02/19/ping-1025) exists just socket/connect/getsockname/close,目的是获取source ip\n\n\n旧\n```\n### 建设\n\n* [Enterprise_Security_Build--Open_Source](https://bloodzer0.github.io)\n* [一个人的安全部](http://www.freebuf.com/articles/security-management/126254.html)\n* [没有钱的安全部之资产安全](http://www.jianshu.com/p/572431447613?from=timeline)\n* [一个人的企业安全建设实践](https://xianzhi.aliyun.com/forum/topic/1568/)\n* [单枪匹马搞企业安全建设](https://xianzhi.aliyun.com/forum/topic/1916)\n* [“一个人”的互金企业安全建设总结](http://www.freebuf.com/articles/neopoints/158724.html)\n* [低成本企业安全建设部分实践](https://xianzhi.aliyun.com/forum/topic/1996)\n* [饿了么运维基础设施进化史](https://mp.weixin.qq.com/s?__biz=MzA4Nzg5Nzc5OA==\u0026mid=2651668800\u0026idx=1\u0026sn=615af5f120d1298475aaf4825009cb30\u0026chksm=8bcb82e9bcbc0bff6309d9bbaf69cfc591624206b846e00d5004a68182c934dab921b7c25794\u0026scene=38#wechat_redirect)\n* [B站日志系统的前世今生](https://mp.weixin.qq.com/s/onrBwQ0vyLJYWD_FRnNjEg)\n* [爱奇艺业务安全风控体系的建设实践](https://mp.weixin.qq.com/s/2gcNY0LmgxpYT1K6uDaWtg)\n* [美团外卖自动化业务运维系统建设](https://tech.meituan.com/digger_share.html)\n* [携程安全自动化测试之路](http://techshow.ctrip.com/archives/2315.html)\n* [企业安全中DevSecOps的一些思考](http://www.freebuf.com/articles/es/145567.html)\n* [企业安全经验 应急响应的战争](http://www.freebuf.com/articles/web/155314.html)\n* [企业安全项目架构实践分享](https://xianzhi.aliyun.com/forum/topic/1718)\n* [以溯源为目的蜜罐系统建设](http://www.4hou.com/technology/9687.html)\n* [蜜罐与内网安全从0到1(一)](https://xianzhi.aliyun.com/forum/topic/998)\n* [蜜罐与内网安全从0到1(二)](https://xianzhi.aliyun.com/forum/topic/997)\n* [蜜罐与内网安全从0到1(三)](https://xianzhi.aliyun.com/forum/topic/996)\n* [蜜罐与内网安全从0到1(四)](https://xianzhi.aliyun.com/forum/topic/1730)\n* [蜜罐与内网安全从0到1(五)](https://xianzhi.aliyun.com/forum/topic/1955)\n* [企业安全建设—模块化蜜罐平台的设计思路与想法](https://xianzhi.aliyun.com/forum/topic/1885)\n* [蜜罐调研与内网安全](https://xz.aliyun.com/t/7294)\n* [Real-timeDetectionAD](https://github.com/sisoc-tokyo/Real-timeDetectionAD_ver2) - https://bithack.io/forum/505 - 域内蜜罐\n* [HFish](https://bithack.io/forum/505) - 蜜罐框架\n* [opencanary_web](https://github.com/p1r06u3/opencanary_web)\n* [tpotce](https://github.com/dtag-dev-sec/tpotce/)\n* [ElastAlert监控日志告警Web攻击行为](http://www.freebuf.com/articles/web/160254.html)\n* [OSSIM分布式安装实践](https://www.secpulse.com/archives/67514.html)\n* [企业信息安全团队建设](https://xianzhi.aliyun.com/forum/topic/1965)\n* [一个人的安全部之ELK接收Paloalto日志并用钉钉告警](http://www.freebuf.com/articles/others-articles/161905.html)\n* [账号安全的异常检测](https://mp.weixin.qq.com/s/qMjNURydlhzby9Qhs6RZhQ)\n* [一般型网站日志接入大数据日志系统的实现](http://www.freebuf.com/column/166112.html)\n* [基础设施的攻击日志 – 第1部分:日志服务器的设置](https://www.secpulse.com/archives/70001.html)\n* [基础设施的攻击日志记录 – 第2部分:日志聚合](https://www.secpulse.com/archives/70016.html)\n* [基础设施攻击日志记录 – 第3部分:Graylog仪表板](https://www.secpulse.com/archives/70149.html)\n* [基础设施的攻击日志记录 – 第4部分:日志事件警报](https://www.secpulse.com/archives/70207.html)\n* [宜信防火墙自动化运维之路](http://www.freebuf.com/articles/security-management/166895.html)\n* [证书锁定](https://www.secpulse.com/archives/75212.html)\n* [中通内部安全通讯实践](https://xz.aliyun.com/t/3759)\n* [那些年我们堵住的洞 – OpenRASP纪实](https://anquan.baidu.com/article/855)\n* [源头之战,不断升级的攻防对抗技术 —— 软件供应链攻击防御探索](https://security.tencent.com/index.php/blog/msg/140)\n* [网络空间安全时代的红蓝对抗建设](https://security.tencent.com/index.php/blog/msg/139)\n\n#### 加固\n\n* [Linux基线加固](https://mp.weixin.qq.com/s/0nxiZw1NUoQTjxcd3zl6Zg)\n* [基线检查表\u0026安全加固规范](https://xianzhi.aliyun.com/forum/topic/1127/)\n* [浅谈linux安全加固](https://mp.weixin.qq.com/s/y8np-sFzik15x09536QA5w)\n* [CentOS 7 主机加固](http://www.cnblogs.com/xiaoxiaoleo/p/6678727.html)\n* [APACHE 常见加固](http://cncc.bingj.com/cache.aspx?q=APACHE+%E5%B8%B8%E8%A7%81%E5%8A%A0%E5%9B%BA++0xmh\u0026d=4797622048333774\u0026mkt=zh-CN\u0026setlang=zh-CN\u0026w=WrFf2nH3PRyFtNxa6T7D-zazauskMnwg)\n* [Apache服务器安全配置](http://webcache.googleusercontent.com/search?q=cache:GZSS-N0OXY8J:foreversong.cn/archives/789+\u0026cd=1\u0026hl=zh-CN\u0026ct=clnk\u0026gl=sg\u0026lr=lang_en%7Clang_zh-CN)\n* [GNU/Linux安全基线与加固](http://cb.drops.wiki/drops/tips-2621.html)\n* [windows服务器安全配置策略](https://www.yesck.com/post/528/)\n* [15步打造一个安全的Linux服务器](https://www.freebuf.com/articles/system/121540.html)\n* [Tomcat7 加固清单](https://threathunter.org/topic/59911277ec721b1f1966e7eb)\n* [Tomcat安全设置和版本屏蔽](http://www.freebuf.com/column/163296.html)\n* [IIS服务器安全配置](http://foreversong.cn/archives/803)\n* [企业常见服务漏洞检测\u0026修复整理](http://www.mottoin.com/92742.html)\n* [运维安全概述](http://cb.drops.wiki/drops/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8-8169.html)\n* [浅谈Linux系统MySQL安全配置](https://mp.weixin.qq.com/s/0KrfdrjbcRdvSTKxoNHOcA)\n* [Hardening Ubuntu](https://github.com/konstruktoid/hardening)\n* [Tomcat Config Security](https://joychou.org/operations/tomcat-config-security.html)\n* [安全运维中基线检查的自动化之ansible工具巧用](https://bbs.ichunqiu.com/thread-46896-1-1.html?from=snew)\n* [https://github.com/netxfly/sec_check](https://github.com/netxfly/sec_check)\n\n#### 响应 溯源\n\n* [awesome-incident-response](https://github.com/meirwah/awesome-incident-response) - A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.\n* [黑客入侵应急分析手工排查](https://xianzhi.aliyun.com/forum/topic/1140/)\n* [应急tools](https://github.com/meirwah/awesome-incident-response/blob/master/README_ch.md)\n* [Linux服务器应急事件溯源报告](http://wooyun.jozxing.cc/static/drops/tips-12972.html)\n* [应急响应小记链接已挂](https://threathunter.org/topic/5943a99c1e3732874e23f996)\n* [大型互联网企业入侵检测实战总结](https://xz.aliyun.com/t/1626/)\n* [Linux应急响应姿势浅谈](http://bobao.360.cn/learning/detail/4481.html)\n* [安全应急姿势](http://rinige.com/index.php/archives/824/)\n* [Web日志安全分析浅谈](https://xianzhi.aliyun.com/forum/topic/1121/)\n* [域名劫持事件发生后的应急响应策略](http://www.freebuf.com/articles/security-management/118425.html)\n* [我的日志分析之道:简单的Web日志分析脚本 ](http://www.freebuf.com/sectool/126698.html)\n* [攻击检测和防范方法之日志分析](http://www.freebuf.com/articles/web/109001.html)\n* [Tomcat日志如何记录POST数据](https://secvul.com/topics/1087.html)\n* [邮件钓鱼攻击与溯源](https://4hou.win/wordpress/?p=28874)\n* [应急响应实战笔记](https://github.com/Bypass007/Emergency-Response-Notes) - Bypass007\n* [某云用户网站入侵应急响应](http://www.freebuf.com/articles/network/134372.html)\n* [IP 定位逆向追踪溯源访客真实身份调查取证](https://lcx.cc/post/4595/)\n* [域名背后的真相,一个黑产团伙的沦陷](https://www.freebuf.com/articles/terminal/127228.html)\n* [看我如何从54G日志中溯源web应用攻击路径](https://paper.tuisec.win/detail/a56f79f0d7126f5)\n\n#### 综合\n\n* [企业安全实践(基础建设)之部分资产收集](http://www.freebuf.com/column/157085.html)\n* [企业安全实践(基础建设)之IP资产监控](http://www.freebuf.com/column/157496.html)\n* [企业安全实践(基础建设)之主动分布式WEB资产扫描](http://www.freebuf.com/column/157546.html)\n* [企业安全实践(基础建设)之被动扫描自动化(上)](http://www.freebuf.com/column/157635.html)\n* [企业安全实践(基础建设)之被动扫描自动化(中)](http://www.freebuf.com/column/157947.html)\n* [企业安全实践(基础建设)之被动扫描自动化(下)](http://www.freebuf.com/column/157996.html)\n* [企业安全实践(基础建设)之WEB安全检查](http://www.freebuf.com/column/158358.html)\n* [企业安全实践(基础建设)之HIDS(上)](http://www.freebuf.com/column/158449.html)\n* [企业安全实践(基础建设)之HIDS(下)](http://www.freebuf.com/column/158677.html)\n* [0xA1: 新官上任三把火](https://zhuanlan.zhihu.com/p/26485293)\n* [0xA2 应急响应、防御模型与SDL](https://zhuanlan.zhihu.com/p/26542790)\n* [0xA3 安全域划分和系统基本加固](https://zhuanlan.zhihu.com/p/26603906)\n* [0xB1 微观安全——一台服务器做安全](https://zhuanlan.zhihu.com/p/27363168)\n* [0xB2 事件应急——企业内网安全监控概览](https://zhuanlan.zhihu.com/p/29816766)\n* [0xB3 再谈应急响应Pt.1 unix主机应急响应\n elknot](https://zhuanlan.zhihu.com/p/29958172)\n* [0xB4 企业安全建设中评估业务潜在风险的思路](https://zhuanlan.zhihu.com/p/31263844?group_id=916355317818970112)\n* [企业安全体系建设之路之系统安全篇](https://xianzhi.aliyun.com/forum/topic/1949)\n* [企业安全体系建设之路之网络安全篇](https://xianzhi.aliyun.com/forum/topic/1950)\n* [企业安全体系建设之路之产品安全篇](https://xianzhi.aliyun.com/forum/topic/1951)\n* [SOC异闻录](https://www.anquanke.com/post/id/95231)\n* [开源软件创建SOC的一份清单](http://www.freebuf.com/articles/network/169632.html)\n* [开源SOC的设计与实践](http://www.freebuf.com/articles/network/173282.html)\n* [F5 BIG-IP Security Cheatsheet](https://github.com/dnkolegov/bigipsecurity)\n\n#### 原bug bounty\n* [SRC漏洞挖掘小见解](http://www.mottoin.com/95043.html)\n* [面向SRC的漏洞挖掘总结](http://blkstone.github.io/2017/05/28/finding-src-vuls/)\n* [漏洞挖掘经验分享Saviour](https://xianzhi.aliyun.com/forum/topic/1214/)\n* [我的SRC之旅](https://mp.weixin.qq.com/s/2ORHnywrxXPexviUYk7Ccg)\n* [浅析通过\"监控\"来辅助进行漏洞挖掘](https://bbs.ichunqiu.com/thread-28591-1-1.html)\n* [威胁情报-生存在SRC平台中的刷钱秘籍](https://bbs.ichunqiu.com/article-921-1.html)\n* [威胁情报](https://mp.weixin.qq.com/s/v2MRx7qs70lpnW9n-mJ7_Q)\n* [YSRC众测之我的漏洞挖掘姿势](https://bbs.ichunqiu.com/article-655-1.html)\n* [SRC的漏洞分析](https://bbs.ichunqiu.com/thread-19745-1-1.html)\n* [众测备忘手册](https://mp.weixin.qq.com/s/4XPG37_lTZDzf60o3W_onA)\n* [挖洞技巧:如何绕过URL限制](https://www.secpulse.com/archives/67064.html)\n* [挖洞技巧:APP手势密码绕过思路总结](https://www.secpulse.com/archives/67070.html)\n* [挖洞技巧:支付漏洞之总结](https://www.secpulse.com/archives/67080.html)\n* [挖洞技巧:绕过短信\u0026邮箱轰炸限制以及后续](http://mp.weixin.qq.com/s/5OSLC2GOeYere9_lT2RwHw)\n* [挖洞技巧:信息泄露之总结](https://www.secpulse.com/archives/67123.html)\n* [阿里云oss key利用](https://www.t00ls.net/viewthread.php?tid=52875\u0026highlight=oss)\n* [任意文件下载引发的思考](https://www.secpulse.com/archives/68522.html)\n* [任意文件Getshell](https://xz.aliyun.com/t/6958)\n* [通用性业务逻辑组合拳劫持你的权限](https://www.anquanke.com/post/id/106961)\n* [组合漏洞导致的账号劫持](https://xz.aliyun.com/t/3514)\n* [我的通行你的证](https://lvwei.me/passport.html#toc_0)\n* [那些年我们刷过的SRC之企业邮箱暴破](https://www.secquan.org/Discuss/262)\n* [各大SRC中的CSRF技巧](https://bbs.ichunqiu.com/forum.php?mod=viewthread\u0026tid=28448\u0026highlight=src)\n* [一些逻辑](https://secvul.com/topics/924.html)\n* [一个登陆框引起的血案](http://www.freebuf.com/articles/web/174408.html)\n* [OAuth回调参数漏洞案例解析](https://03i0.com/2018/04/01/OAuth%E5%9B%9E%E8%B0%83%E5%8F%82%E6%95%B0%E6%BC%8F%E6%B4%9E%E6%A1%88%E4%BE%8B%E8%A7%A3%E6%9E%90/)\n* [子域名接管指南](https://www.secpulse.com/archives/95304.html)\n* [Subdomain Takeover](https://www.secpulse.com/archives/94973.html)\n* [Subdomain Takeover/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)\n* [Subdomain-takeover](https://echocipher.github.io/2019/08/14/Subdomain-takeover/)\n* [过期链接劫持的利用方法探讨](http://www.freebuf.com/articles/web/151836.html)\n* [国外赏金之路](https://blog.securitybreached.org/2017/11/25/guide-to-basic-recon-for-bugbounty/) - 老司机赏金见解,历史赏金文章 list\n* [记一次失败的0元单的挖掘历程与一处成功的XSS案例](https://bbs.ichunqiu.com/article-636-1.html)\n* [看我如何发现谷歌漏洞跟踪管理平台漏洞获得$15600赏金](http://www.freebuf.com/articles/web/152893.html)\n* [看我如何利用简单的配置错误“渗透”BBC新闻网](http://www.freebuf.com/news/155558.html)\n* [分享一个近期遇到的逻辑漏洞案例](http://www.freebuf.com/vuls/151196.html)\n* [我是如何挖掘热门“约P软件”漏洞的](http://www.freebuf.com/articles/web/157391.html)\n* [新手上路 | 德国电信网站从LFI到命令执行漏洞](http://www.freebuf.com/articles/web/156950.html)\n* [Taking over Facebook accounts using Free Basics partner portal](https://www.josipfranjkovic.com/blog/facebook-partners-portal-account-takeover)\n* [The bug bounty program that changed my life](http://10degres.net/the-bugbounty-program-that-changed-my-life/)\n* [挖洞经验 | 看我如何免费获取价值€120的会员资格](http://www.freebuf.com/articles/web/172438.html)\n* [Scrutiny on the bug bounty](https://xz.aliyun.com/t/3935)\n* [1hack0/Facebook-Bug-Bounty-Write-ups](https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups)\n\n* [Java反序列化漏洞-金蛇剑之hibernate(上)](https://xianzhi.aliyun.com/forum/topic/2030)\n* [Java反序列化漏洞-金蛇剑之hibernate(下)](https://xianzhi.aliyun.com/forum/topic/2031)\n* [Java反序列化漏洞-玄铁重剑之CommonsCollection(上)](https://xianzhi.aliyun.com/forum/topic/2028)\n* [Java反序列化漏洞-玄铁重剑之CommonsCollection(下)](https://xianzhi.aliyun.com/forum/topic/2029)\n* [Java反序列化漏洞从入门到深入](https://xianzhi.aliyun.com/forum/topic/2041)\n* [Java反序列化备忘录](https://xianzhi.aliyun.com/forum/topic/2042)\n* [Java反序列化漏洞之殇](https://xianzhi.aliyun.com/forum/topic/2043)\n* [Java反序列化漏洞学习实践一:从Serializbale接口开始,先弹个计算器](http://www.polaris-lab.com/index.php/archives/447/)\n* [Java反序列化漏洞学习实践二:Java的反射机制(Java Reflection)](http://www.polaris-lab.com/index.php/archives/450/)\n* [Java反序列化漏洞学习实践三:理解Java的动态代理机制](http://www.polaris-lab.com/index.php/archives/453/)\n```\n\n## Contribute\nWe welcome everyone to contribute,you can open an issue for this if you have some new idea about this project or you have found some quality safety articles,and then I will add your name to Acknowledgments.\n\n\n## Acknowledgments\n* @[tom0li](https://github.com/tom0li)\n* @[neargle](https://github.com/neargle)\n* @[r4v3zn](https://github.com/0nise)\n\n## Star\n感谢Star\n\n[![Stargazers over time](https://starchart.cc/tom0li/collection-document.svg)](https://starchart.cc/tom0li/collection-document)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftom0li%2Fcollection-document","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftom0li%2Fcollection-document","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftom0li%2Fcollection-document/lists"}