注:以下總結由公眾號:珂技知識分享 整理
安全論壇和博客
★★★安全門戶網站★★★
★freebuf,有非常多的基礎文章,也有一些有深度的,
https://www.freebuf.com/
★烏云鏡像,由于年代久遠,有價值的文章不多了,
http://wooyun.2xss.cc/
★★先知,文章都比較有深度,水文較少,
https://xz.aliyun.com/
★★★安全客,幾乎沒有水文,
https://www.anquanke.com/
★★★seebug,沒有水文,
https://paper.seebug.org/
★★★360,沒有水文,
http://noahblog.360.cn/
★★★安全論壇★★★
★圈子,會員制,由于論壇比較新,活躍人數和文章質量都不高,
https://www.secquan.org/
★★吐司,上古論壇,魚龍混雜,有深度的文章較少,適合新手,不過是會員制,養個注冊賬號不容易,
https://www.t00ls.cc/
★★★看雪,偏C語言二進制系,入門門檻較高,
https://bbs.pediy.com/
★★★安全博客★★★
★★R3start,偏實戰,
http://r3start.net/
★★★afanti,偏java,
https://www.cnblogs.com/afanti/
★★★Diggid,偏java,
https://blog.diggid.top/
★★★素十八,偏java,
https://su18.org/
★★★廖新喜,偏java,
http://xxlegend.com/
★★★淺藍,偏java,
https://b1ue.cn/
★★★c0ny1,偏java,
https://gv7.me/
★★★phith0n,全堆疊,
https://www.leavesongs.com/
★★★3gstudent,偏微軟系,
https://3gstudent.github.io/
★★★LandGrey,全堆疊
https://landgrey.me/
★★★遠海,偏java和.net,
https://websecuritys.cn/
★★★LeadroyaL,偏二進制,
https://www.leadroyal.cn/
★★★whoami,偏php
https://whoamianony.top/
★★★Rmb122,偏java和php
https://rmb122.com/
★★★全堆疊,
http://scz.617.cn:8/
★★★Y4er,全堆疊,
https://y4er.com/
★★★ADog,偏java和php
http://foreversong.cn/
常見漏洞
★★★SQL注入★★★ ★關于學習Oracle注入 https://xz.aliyun.com/t/7897 ★又雙叒叕談注入 https://xz.aliyun.com/t/5980 ★與某WAF斗智斗勇的每一天 https://www.freebuf.com/articles/web/247655.html ★★利用PHP的字串決議特性Bypass https://www.freebuf.com/articles/web/213359.html ★★sqlite注入的一點總結 https://xz.aliyun.com/t/8627 ★★原理+實戰掌握SQL注入 https://xz.aliyun.com/t/6677 ★★Mssql資料庫命令執行總結 https://xz.aliyun.com/t/7534 ★★360webscan bypass https://h3art3ars.gitee.io/2020/02/17/360webscan-bypass/ ★★★MSSQL使用CLR程式集來執行命令 https://xz.aliyun.com/t/6682 ★★★WAF繞過之SQL注入(歸來) https://xz.aliyun.com/t/7767 ★★★對MYSQL注入相關內容及部分Trick的歸類小結 https://xz.aliyun.com/t/7169 ★★★XSS★★★ ★某證券集團網站一處反射型XSS繞過與利用 https://xz.aliyun.com/t/4010 ★★csp繞過姿勢 https://xz.aliyun.com/t/7372 ★★★XSS Thousand Knocks解題記錄 https://xz.aliyun.com/t/4074 ★★★檔案上傳★★★ ★★Upload與WAF的那些事 https://xz.aliyun.com/t/8084 ★★★從RFC規范看如何繞過waf上傳表單 上篇 https://www.anquanke.com/post/id/241265 ★★★從RFC規范看如何繞過waf上傳表單 下篇 https://www.anquanke.com/post/id/242583 ★★★CORS★★★ ★★淺析CORS攻擊及其挖洞思路 https://xz.aliyun.com/t/7242 ★★★CSRF★★★ ★★一次滲透測驗引發的Json格式下CSRF攻擊的探索 https://xz.aliyun.com/t/7911 ★★★CRLF★★★ ★★初識HTTP回應拆分攻擊(CRLF Injection) https://whoamianony.top/2021/04/20/Web%E5%AE%89%E5%85%A8/HTTP%E5%93%8D%E5%BA%94%E6%8B%86%E5%88%86%E6%94%BB%E5%87%BB%EF%BC%88CRLF%20Injection%EF%BC%89/ ★★★XXE★★★ ★★通過XXE讀取本地檔案(HTTP OOB失敗后) https://xz.aliyun.com/t/6913 ★★★檔案包含★★★ ★★淺談檔案包含漏洞 https://xz.aliyun.com/t/7176 ★★★邏輯漏洞★★★ ★★密碼重置的那些事★★ https://xz.aliyun.com/t/8136 ★★★SSRF★★★ ★gopher協議在SSRF 中的一些利用 https://xz.aliyun.com/t/6993 ★★★請求走私★★★ ★★★HTTP/2:續篇總是更糟糕 https://www.anquanke.com/post/id/253474
實戰
★★★滲透實戰★★★ ★記一次運氣爆棚的滲透測驗 https://xz.aliyun.com/t/8251 ★記一次滲透測驗 https://xz.aliyun.com/t/6729 ★記一次YY出來的滲透測驗 https://xz.aliyun.com/t/7203 ★記一次webshell的獲取 https://xz.aliyun.com/t/6587 ★從一個QQ群號到登入bilibili內網 http://wooyun.2xss.cc/bug_detail.php?wybug_id=wooyun-2016-0208105 ★第一次滲透測驗的分享和小結 https://xz.aliyun.com/t/6078 ★★挖掘0day來入侵Apple https://xz.aliyun.com/t/9121 ★★實戰滲透之一個破站日一天 https://xz.aliyun.com/t/8375 ★★實戰滲透 - 一個怎么夠?我全都要! https://xz.aliyun.com/t/8132 ★★偶然的一次滲透從弱口令->docker逃逸 https://xz.aliyun.com/t/8699 ★★看我如何再一次駭進Facebook https://mp.weixin.qq.com/s?__biz=MzU0ODg2MDA0NQ==&mid=2247484609&idx=1&sn=05153772770be4cfae75dbdc1dc32a10 ★★記針對某單位一次相對完整的滲透測驗 https://xz.aliyun.com/t/6979 ★★記一次綜合靶場實戰滲透 https://xz.aliyun.com/t/7193 ★★記一次有趣的命令執行 http://r3start.net/index.php/2019/03/15/458 ★★記一次有趣的tp5代碼執行 https://xz.aliyun.com/t/6106 ★★記一次滲透+審計實戰 https://xz.aliyun.com/t/8305 ★★記一次曲折而又有趣的滲透 http://r3start.net/index.php/2020/02/17/611 ★★記一次測驗gitlab https://xz.aliyun.com/t/7870 ★★從報錯資訊泄露到使用ECS介面執行命令反彈shell https://xz.aliyun.com/t/8310 ★★從JS資訊泄露到Webshell http://r3start.net/index.php/2019/07/15/546 ★★shiro權限繞過實戰利用 https://xz.aliyun.com/t/8311 ★★bilibili某分站從資訊泄露到ssrf再到命令執行 http://wooyun.2xss.cc/bug_detail.php?wybug_id=wooyun-2016-0213982 ★★App滲透 - 從SQL注入到人臉識別登錄繞過 https://xz.aliyun.com/t/8308 ★★一次艱難的TP滲透測驗 https://xz.aliyun.com/t/8453 ★★【實戰】殺豬盤SSRF到getshell https://mp.weixin.qq.com/s?__biz=Mzg4NDU0NzY5Mg==&mid=2247484049&idx=1&sn=97ff9212a4ffa3f73c9f5c6ab06785d3 ★★讓滲透從黑盒變為“灰盒” https://xz.aliyun.com/t/8347 ★★任意檔案讀取漏洞的曲折歷程 https://www.freebuf.com/articles/web/229648.html ★★★【老文】一次艱難的滲透紀實 https://xz.aliyun.com/t/2122 ★★★Python安全 - 從SSRF到命令執行慘案 https://www.leavesongs.com/PENETRATION/getshell-via-ssrf-and-redis.html ★★★紅色行動之從絕望到重見光明 https://www.anquanke.com/post/id/225829 ★★★記一次docker逃逸學習 https://xz.aliyun.com/t/9966 ★★★最新版DZ3.4實戰滲透 https://paper.seebug.org/1197/ ★★★全程帶阻:記一次授權網路攻防演練(上) https://www.freebuf.com/vuls/211842.html ★★★全程帶阻:記一次授權網路攻防演練(下) https://www.freebuf.com/vuls/211847.html ★★★一步步成為你的全網管理員(上) https://www.anquanke.com/post/id/223557 ★★★一步步成為你的全網管理員(下) https://www.anquanke.com/post/id/223729 ★★★一次“SSRF-->RCE”的艱難利用 https://xz.aliyun.com/t/7594 ★★★這是一篇“不一樣”的真實滲透測驗案例分析文章 https://blog.ateam.qianxin.com/post/zhe-shi-yi-pian-bu-yi-yang-de-zhen-shi-shen-tou-ce-shi-an-li-fen-xi-wen-zhang/ ★★★內網滲透★★★ ★域資訊列舉 https://xz.aliyun.com/t/7724 ★一次真實內網滲透 https://xz.aliyun.com/t/9257 ★譚談哈希傳遞那些世人皆知的事 https://xz.aliyun.com/t/9842 ★內網穿透及埠轉發大合集 https://xz.aliyun.com/t/6966 ★傳聞某團員工釣魚攻擊某多?莫哥帶你了解釣魚郵件攻擊! https://mp.weixin.qq.com/s?__biz=Mzg2NzYyODQwMQ==&mid=2247483801&idx=1&sn=60150ce5a4a349666fdb0af9efc89ace ★內網滲透之應用層隧道技術 https://xz.aliyun.com/t/7956 ★內網滲透之ICMP隱藏隧道 https://xz.aliyun.com/t/7875 ★踩坑記錄-DNS Beacon https://xz.aliyun.com/t/7938 ★windows/Linux檔案下載方式匯總 https://xz.aliyun.com/t/7937 ★DNS隧道搭建及反彈shell之脫坑 https://xz.aliyun.com/t/7817 ★Powershell免殺的探索 https://xz.aliyun.com/t/7903 ★★自主搭建的三層網路域滲透靶場打靶記錄 https://xz.aliyun.com/t/9281 ★★照彈不誤:出站埠受限環境下反彈Shell的思考 https://www.freebuf.com/vuls/232544.html ★★域滲透之黃金票據維持權限 https://xz.aliyun.com/t/9855 ★★一個域內特權提升技巧 https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247489414&idx=1&sn=f9addeb81e8a2ea160e043ee2b19a4cf ★★內網滲透測驗:內網橫向移動基礎總結 https://www.freebuf.com/articles/network/251364.html ★★紅藍對抗之Windows內網滲透 https://mp.weixin.qq.com/s?__biz=MjM5NzE1NjA0MQ==&mid=2651202058&idx=1&sn=d3d57af49cea5f15d2c58b83bac35b7d ★★關于釣魚郵件的學習筆記 https://www.freebuf.com/articles/web/227694.html ★★從外圍打點到內網滲透拿下域控 https://xz.aliyun.com/t/9477 ★★從外網代碼審計到三層內網各種漏洞拿到域控 https://mp.weixin.qq.com/s?__biz=MzkxNDEwMDA4Mw==&mid=2247486982&idx=2&sn=7bd2c716c41531b7a6b0ca98d4802c81 ★★從DNSBeacon到域控 https://mp.weixin.qq.com/s?__biz=MzAwMzYxNzc1OA==&mid=2247485914&idx=1&sn=95a424874d8bbc656bb5a067198e4227 ★★CVE到內網然后拿下4個域控 https://mp.weixin.qq.com/s?__biz=MzU4NTY4MDEzMw==&mid=2247485592&idx=1&sn=9d1678d5198f36d7ebb6660b27a882a6 ★★cobaltstrike dns beacon知多少 https://xz.aliyun.com/t/7488 ★★Vlunstack ATT&CK實戰系列——紅隊實戰(三)Writeup https://xz.aliyun.com/t/6988 ★★記一次進修從外到內的打法 https://xz.aliyun.com/t/10204 ★★記一次域滲透2 https://xz.aliyun.com/t/8597 ★★記一次內網滲透 https://xz.aliyun.com/t/8639 ★★Bypass趨勢殺毒一步步打穿內網拿下域控 https://mp.weixin.qq.com/s?__biz=MzkxNDEwMDA4Mw==&mid=2247485563&idx=1&sn=8663f3fd0dbd0396b958968bba15f310 ★★★Linux下的權限維持 https://xz.aliyun.com/t/7338 ★★★Kerberos相關攻擊技巧(較全) https://xz.aliyun.com/t/8690 ★★★Kerberos域滲透的那些事 https://xz.aliyun.com/t/10189 ★★★[域滲透] SQLSERVER 結合中繼與委派 https://mp.weixin.qq.com/s?__biz=MzUzNTEyMTE0Mw==&mid=2247484864&idx=1&sn=94260cb4a4e643764f4cfd3565ae799b ★★★記一次大型且細小的域滲透實戰 https://www.anquanke.com/post/id/230612 ★★★全補丁域森林5秒淪陷?加密升級之信任雪崩 https://mp.weixin.qq.com/s?__biz=MzU0MDcyMTMxOQ==&mid=2247483735&idx=1&sn=e0ddc385b58caab50a431e49755b051e ★★★滲透測驗中的Exchange https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649736957&idx=1&sn=ccbf22ab5e3576c28bf65b549e96801a ★★★域控提權合集 https://xz.aliyun.com/t/7726 ★★★結合CVE-2019-1040漏洞的兩種域提權深度利用分析 https://www.freebuf.com/vuls/207399.html ★★★提權★★★ ★Windows 權限提升指南 https://xz.aliyun.com/t/2200 ★利用MS17-10提權Win2016測驗環境搭建 https://xz.aliyun.com/t/1516 ★權限提升備忘錄 https://xz.aliyun.com/t/7573 ★★實戰遇見到最多的第三方提權 https://xz.aliyun.com/t/6544 ★★★微軟不認的“0day”之域內本地提權-爛番茄(Rotten Tomato) https://mp.weixin.qq.com/s?__biz=MzI2NDk0MTM5MQ==&mid=2247483689&idx=1&sn=1d83538cebbe2197c44b9e5cc9a7997f
代碼審計和漏洞分析
★★★php代碼審計/漏洞分析★★★ ★百家cms代碼審計 https://xz.aliyun.com/t/7542 ★zzzcms php 1.7.5版本代碼審計初探 https://xz.aliyun.com/t/7239 ★usual*** CMS 8.0代碼審計 https://xz.aliyun.com/t/8100 ★MKCMS代碼審計小結 https://xz.aliyun.com/t/7580 ★★一次基于白盒的滲透測驗 https://www.cnblogs.com/afanti/p/12663758.html ★★通讀審計之HYBBS https://www.freebuf.com/vuls/243833.html ★★某shop API介面前臺注入 https://xz.aliyun.com/t/5095 ★★極致cms v1.7的一次審計 https://xz.aliyun.com/t/7872 ★★記一次對Tp二開的原始碼審計 https://xz.aliyun.com/t/9440 ★★從某cmsV9.9四個漏洞看程式開發安全 https://xz.aliyun.com/t/5919 ★★巧用可變函式 繞過 CVE-2020-15148 限制 https://xz.aliyun.com/t/8352 ★★淺析php-fpm的攻擊方式 https://xz.aliyun.com/t/5598 ★★CVE-2016-5734 phpmyadmin后臺代碼執行漏洞復現 https://xz.aliyun.com/t/7836 ★★fastadmin 后臺注入分析 https://xz.aliyun.com/t/8360 ★★maccms v8 80w 字符的 RCE 分析 https://xz.aliyun.com/t/7037 ★★phpBB Phar反序列化遠程代碼漏洞分析(CVE-2018-19274) https://xz.aliyun.com/t/8239 ★★ThinkPHP5.0.x反序列化利用鏈 https://xz.aliyun.com/t/7082 ★★禪道專案管理系統(ZenTaoPMS)高危漏洞分析與利用 https://xz.aliyun.com/t/8692 ★★★Laravel8反序列化POP鏈分析挖掘 https://www.anquanke.com/post/id/231079 ★★★Laravel Debug mode RCE(CVE-2021-3129)分析復現 https://xz.aliyun.com/t/9030 ★★★TinkPHP5.0.X RCE-PHP7 新利用方式挖掘 https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247484802&idx=1&sn=7db0b7acc809bc312f4ad89a718cd2d7 ★★★TP諸多限制條件下如何getshell https://www.anquanke.com/post/id/225794 ★★★ThinkPHP v3.2.* (SQL注入&檔案讀取)反序列化POP鏈 https://mp.weixin.qq.com/s?__biz=MzU2NDc2NDYwMA==&mid=2247484711&idx=1&sn=0dd0f72b376b4922e4ae5b8bd614ae89 ★★★thinkphp5.0.*反序列化鏈分析 https://www.anquanke.com/post/id/251318 ★★★從一個Laravel SQL注入漏洞開始的Bug Bounty之旅 http://mp.weixin.qq.com/s?__biz=MzA4MDU0NzY4Ng==&mid=2459419911&idx=1&sn=981f7d7c68e09898a6fc95a9a2c61aa1 ★★★一道CTF來審計學習PHP物件注入 https://xz.aliyun.com/t/7849 ★★★java代碼審計/漏洞分析★★★ ★S2-016漏洞整理 https://www.freebuf.com/articles/web/258410.html ★某json 繞墻的Tips https://xz.aliyun.com/t/7568 ★★fastjson v1.2.68 RCE利用鏈復現 https://mp.weixin.qq.com/s?__biz=MzI3MzUwMTQwNg==&mid=2247485312&idx=1&sn=22dddceccf679f34705d987181a328db ★★某json <= 1.2.68 遠程代碼執行漏洞分析 https://xz.aliyun.com/t/7878 ★★Shiro-1.2.4-RememberMe 反序列化踩坑深入分析 https://xz.aliyun.com/t/7950 ★★★JavaWeb 記憶體馬一周目通關攻略 https://su18.org/post/memory-shell/ ★★★Apache Axis1 與 Axis2 WebService 的漏洞利用總結 https://paper.seebug.org/1489/ ★★★CVE-2019-11580: Atlassian Crowd RCE漏洞分析 https://xz.aliyun.com/t/5737 ★★★Fastjson 反序列化漏洞史 https://paper.seebug.org/1192/ ★★★Fastjson 1.2.68 反序列化漏洞 Commons IO 2.x 寫檔案利用鏈挖掘分析 http://mp.weixin.qq.com/s?__biz=MzIwMDk1MjMyMg==&mid=2247486627&idx=1&sn=b768bebbd40c7d5b39071c711d9a19aa ★★★Java記憶體攻擊技術漫談 https://mp.weixin.qq.com/s?__biz=MzU1NzcxNjAyMQ==&mid=2247484636&idx=1&sn=c49e90b3ff68b7811e4151ba54317190 ★★★一次意外的代碼審計----JfinalCMS審計 https://xz.aliyun.com/t/8695
__EOF__
作者: 隨風kali 本文鏈接: https://www.cnblogs.com/sfsec/p/15749327.html
著作權宣告: 本博客所有文章除特別宣告外,均采用 BY-NC-SA 許可協議,轉載請注明出處!
聲援博主: 如果您覺得文章對您有幫助,可以點擊文章右下角【推薦】一下,您的鼓勵是博主的最大動力!
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/398429.html
標籤:其他