madcoding’s blog
If you want to succeed, just do it.
首页 时间轴 标签 类别 读书 电影 相册 资源 友链 留言板 关于
优秀文章整理
|安全服务渗透测试
字数总计: 1k|阅读时长≈: 5 分钟|℃:

0x00 前言

在学习的过程中,会经常浏览一些优质的公众号和论坛文章,但是可能看看以后就过去了,下次在想找的时候就找不到了,为了解决这个问题,我决定自己将一些自己决定还不错的问题记录下来。方便下次查看,同时也能方便他人查看。

0x01 信息收集

1.1 Bypass CDN

https://www.secshi.com/gongju/%E6%9C%80%E5%90%8E%E7%9A%84bypass-cdn-%E6%9F%A5%E6%89%BE%E7%BD%91%E7%AB%99%E7%9C%9F%E5%AE%9Eip.html

https://mp.weixin.qq.com/s/JoE4Y0amhsznx10OtmuCxg

1.1 记一次另类突破CDN的完全渗透

http://www.recorday.cn/index.php/2018/10/17/pentest_bypass_cdn/

1.2 Android APK脱壳–腾讯乐固、360加固一键脱壳

https://www.jianshu.com/p/138c9de2c987

1.3 反弹shell的学习总结-01

https://mp.weixin.qq.com/s/-citnkfwGai7KQCIp9G99w

1.4 反弹shell的学习总结-02

https://mp.weixin.qq.com/s/S9Luvf2Drj4aDqKWUJjTwg

1.5 使用BurpSuite宏获取CSRF TOKEN

https://ryaninf.github.io/2019/07/15/%E4%BD%BF%E7%94%A8BurpSuite%E5%AE%8F%E8%8E%B7%E5%8F%96CSRF-TOKEN/

1.6 谈谈php一句话木马的免杀

https://saucer-man.com/information_security/248.html

1.7 Web安全攻防:01

https://blog.csdn.net/qq_41453285/article/details/94888750

1.8 安全大会资料

https://www.hackinn.com/index.php/archives/492/

1.9 个人年度总结及AWD线下赛复盘

https://mp.weixin.qq.com/s?__biz=MzU2NzkxMDUyNg==&mid=2247484891&idx=1&sn=c767bb774c3817ebfccdbb9bdcec4255&chksm=fc974ccacbe0c5dc7018a58ab7cad811b1c0fd8b5b63cf8d448eb1848d8ad307cc11f6b52d50&mpshare=1&scene=1&srcid=&sharer_sharetime=1568818208564&sharer_shareid=2fb4b0da16cbda243011c5424b7ee1d8&key=5b405373aa09951d5175a541d875b688d014322753c6ad9ceabfaeaa4f0917e3589dbfe9abc1d6134cdcf069c7210c1e316d1237cd15e0ea8b793e2bf4086b7374f664c2de0b79e40f274869759b7679&ascene=1&uin=NjA3MTQ5MDY2&devicetype=Windows+10&version=62060841&lang=zh_CN&pass_ticket=tmZFm2SQBQxsTJpizTvPQ6G11qxs5HdnP9XAuBoHvQgVZOE6cowZMw47%2B2TG3bKU

1.10 burpsuite使用技巧

https://www.cnblogs.com/wanghaihong200/p/8727450.html

1.11 如何成为一个漏洞赏金猎人

https://xz.aliyun.com/t/2701

1.12 绕过360进行Word文档钓鱼

https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247487417&idx=1&sn=3c6723d503e868ad45441141208cbf53&chksm=ec1f5a86db68d390e23cee1bd44fa6b27838eb345d13b6b7a1337fa02e0c14cb0f9e98a5aa3d&scene=0&xtrack=1&key=f81bb8c63413c3b3c095879c3ba17c47b1cdd53509ba07ad47b8024c505b3a7d5d2b1625aa10948316860ec42b1a14df6f900f281488992ce8558d2424ca32505471a06da548c52f3636af57c14b63a6&ascene=1&uin=NjA3MTQ5MDY2&devicetype=Windows+10&version=62070141&lang=zh_CN&pass_ticket=lJPluFlihnV9GNIv7W8JKUpyiS%2BngHSS38iX%2FETeKCjli9D5DI%2FHj7sAHPrti3Ae

1.13 利用DOCX文档远程模板注入执行宏

https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247487401&idx=1&sn=55821cd34f91e44b5b95934878f8430b&chksm=ec1f5a96db68d3807e3dc359870e30ef68cdca47ba206b3d7788d91ec57b98576586e99f5bea&scene=0&xtrack=1&key=8d3f7565c056ebe6148ab33bf8049f7ac27373f5482b6af07747a3291d4a6ac3923d4d5ed2486cae5a0a7a4ad81c97ae0a011d877b3ce747e9372a29dea6ce2d6f6bf92da5887da6cb45c931ccb46608&ascene=1&uin=NjA3MTQ5MDY2&devicetype=Windows+10&version=62070141&lang=zh_CN&pass_ticket=lJPluFlihnV9GNIv7W8JKUpyiS%2BngHSS38iX%2FETeKCjli9D5DI%2FHj7sAHPrti3Ae

1.14 从 SQL Server 注入到 getshell

https://mp.weixin.qq.com/s?__biz=MzU2MjM4NDYxOQ==&mid=2247484520&idx=1&sn=c7de3e567ba28a1e2c4553a4cfc4dbc1&chksm=fc6b1feccb1c96fa0780dff20c8ea1599067f02df6e9daa4694a76cb54834525e56e64877577&mpshare=1&scene=23&srcid=&sharer_sharetime=1569823777394&sharer_shareid=498525f2ce1126969b23a1b6297670ed#rd

1.15 某CMS最新版本测试全过程(前台Getshell)

https://xz.aliyun.com/t/3767#toc-4

1.16 CTF 学习笔记 04

https://www.codetd.com/article/1625703

1.17 SRC漏洞挖掘实用技巧

https://mp.weixin.qq.com/s/g-vlNmn4uQKUnBKZ7LMJvA

1.18 SRC漏洞挖掘经验+技巧篇

https://www.secshi.com/gongju/2150.html

1.19 CTF入门宝典|CTF五大题型之杂项那些事儿

https://mp.weixin.qq.com/s?__biz=MzI4NTE4NDAyNA==&mid=2650381966&idx=1&sn=4f0f31cb1ae72ee121bad54fa987ef9f&chksm=f3fd27f9c48aaeefeaacfbe0e603edf43b8ba104fb8b94e9d0c88e7525c7d0419525a6c62c95&scene=0&xtrack=1&key=414f02a75cddb369686f6a66bb3266c429d9c75fa933

1.20 经过一场面试,我发现我还存在这些不足

http://teamssix.com/year/191014-090745.html

1.21 基于AWD比赛的蠕虫webshell

https://mp.weixin.qq.com/s?__biz=MjM5MTYxNjQxOA==&mid=2652852251&idx=1&sn=13c0e0b7e538ac9ebb43bdd9fe5a3bf4&chksm=bd592cd68a2ea5c0658e1883e9e49abe90013b820bbfa0322c65a81ffee44ec89a6a0daaf737&scene=0&xtrack=1&key=5b405373aa09951dc5f3f4c4aa046f264a10686e80568229a65b875895fe24653c58ed5f8a2c5d8766fa5890837ea79cc1b4909cc7e71fc902e3f5f20af5d75a3228551d87201bae6a9d018cf9c5629a&ascene=1&uin=NjA3MTQ5MDY2&devicetype=Windows+10&version=6207014a&lang=zh_CN&pass_ticket=72AWbUacIhSrbPgUEQHLHVBY1OluXkWbxHb1HmZjsuDwVov9X1ZSTEuMhgtcK3jA

1.22 基于AWD比赛的蠕虫webshell(二)

https://mp.weixin.qq.com/s?__biz=MjM5MTYxNjQxOA==&mid=2652852308&idx=1&sn=dbc6ed5539e9eacbf74b75667f51dd7f&chksm=bd592c998a2ea58f34eb926c0d5fe9f5a561eeb67fa06b4593669513ddd480292439fb0be8d5&scene=0&xtrack=1&key=56629d78eb0c25e490a8b72a7cc6688351eefe7d2b278177d7ecd371371e37bfae2a4efa2e7f88ff4518eb5c0f8a092695c9e96412b23bec296b95416d64fa9925d5e1f7f17a071c738efa52c0b54648&ascene=1&uin=NjA3MTQ5MDY2&devicetype=Windows+10&version=6207014a&lang=zh_CN&pass_ticket=72AWbUacIhSrbPgUEQHLHVBY1OluXkWbxHb1HmZjsuDwVov9X1ZSTEuMhgtcK3jA

1.23 社会工程学-钓鱼攻击

https://www.secshi.com/jiaocheng/%E7%A4%BE%E4%BC%9A%E5%B7%A5%E7%A8%8B%E5%AD%A6-%E9%92%93%E9%B1%BC%E6%94%BB%E5%87%BB.html

1.24 从锐捷某系统鸡肋XSS到通用WAF绕过

https://xz.aliyun.com/t/6733

0x02 移动安全

安卓应用安全学习

系列文章

Drozer 安装和使用

https://www.jianshu.com/p/168cdd3daa1d

Metasploit 安装和使用

https://www.jianshu.com/p/e63006a24603

Frida 安装和使用

https://www.jianshu.com/p/bab4f4714d98

Xposed

http://www.520monkey.com/archives/895

Cydia

http://www.520monkey.com/archives/1028

移动安全入门指南

https://shuwoom.com/?p=893

权限维持工具

https://mp.weixin.qq.com/s/KdIoPRR8XQPNuRIW3HKoQg

XML外部实体注入

https://xz.aliyun.com/t/6754

0x03 优秀好文

3.1 公众号运营

https://www.zhihu.com/question/40636150/answer/826537735

文章作者: madcoding
文章链接: https://www.mad-coding.cn/2019/09/03/优秀文章整理/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 madcoding’s blog
优秀文章
打赏
  • 微信
  • 支付宝
评论