安全技術
[Web安全] AZScanner:自動漏洞掃描器https://github.com/az0ne/AZScanner
[會議] ArchSummit北京2016 PPT下載合集http://ppt.geekbang.org/archsummit?amp;isappinstalled=0&;from=timeline&from=timeline&from=timeline&from=timeline
[移動安全] BadKernel----一個筆誤引發的漏洞https://github.com/secmob/BadKernel
[Web安全] 玩轉CSRF之挖洞實例分享http://bbs.ichunqiu.com/thread-16169-1-1.html
[漏洞分析] IE瀏覽器UAF漏洞CVE-2014-0282的分析與利用http://www.mottoin.com/92909.html
[檔案] 高能慎入--科技乾貨PPT之微店安全沙龍第1期北京http://mp.weixin.qq.com/s?__biz=MzIzMjY3NzYwNA==&mid=2247483676&idx=1&sn=b38b3e9870717b13fdee9f8e96b4aca6&chksm= e8900897dfe7818143c1936256109262fdd7c4a0759a8d18527a38514c5ad3e5969fd791115c&mpshare=1&scene=1&srcid=1130nvZsugQ5Uu0q8Mm7DJod#rd
[其它] 暗網解讀:什麼事暗網以及如何工作的https://www.weforum.org/agenda/2016/10/the-dark-web-what-it-is-and-how-it-works
[Web安全] 內網滲透定位技術總結http://www.mottoin.com/92978.html
[Web安全] 企業常見服務漏洞檢測&修復整理http://www.mottoin.com/92742.html
[Web安全] Fofa:三分鐘完成全網漏洞報告https://v.qq.com/x/page/q03509j9ak1.html
[Web安全] hitcon2016 web writeuphttp://lorexxar.cn/2016/10/10/hitcon2016/
[Web安全] Layer子功能變數名稱怪手4.2紀念版http://www.cnseay.com/4482/
[Web安全] Bypassing CSP using polyglot JPEGshttp://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
[其它] hduisa/HCTF2016: HCTF 2016 CHALLENGEShttps://github.com/hduisa/HCTF2016
[Web安全] Burp Suite security automation with Selenium and Jenkinshttps://www.securify.nl/blog/SFY20160901/burp_suite_security_automation_with_selenium_and_jenkins.html
[運維安全] Mozilla SSL Configuration Generator HTTPS設定檔生成工具https://mozilla.github.io/server-side-tls/ssl-config-generator/
[Web安全] 使用nmap暴力猜解網站子功能變數名稱http://blog.x1622.com/2016/11/subdomain-discovery-with-nmap-and.html
[惡意分析] Quick TR069 Botnet Writeup + Triage. https://morris.guru/quick-tr069-botnet-writeup-triage/
[惡意分析] 【漏洞預警】Apache Tomcat遠程程式碼執行漏洞(CVE-2016-8735)http://www.mottoin.com/93100.html
[程式設計技術] 最便捷的免費SSL證書解決方案http://www.jianshu.com/p/4d1a795837d0?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io
[工具] 英國情報機GCHQ發佈一款開源資料分析工具:CyberChefhttp://www.mottoin.com/92941.html
[漏洞分析] 2016 HCTF Crypto出題總結http://0x48.pw/2016/11/28/0x28/
[Web安全] 拉勾網的安全平臺設計、規則化http://www.jianshu.com/p/a56d3753c296?from=timeline&isappinstalled=0
[惡意分析] 德國電信斷網:mirai僵屍網路的新變種和舊主控http://blog.netlab.360.com/a-mirai-botnet-evolvement-new-variant-and-old-c2/
[程式設計技術] Anti-Anti-Spider:反爬蟲的技術攻關https://github.com/luyishisi/Anti-Anti-Spider
[Web安全] Bypassing SAML 2.0 SSO with XML Signature Attackshttp://research.aurainfosec.io/bypassing-saml20-SSO/
[工具] SharpMeter:Meterpreter反彈shell生成工具(繞過白名單限制)http://www.mottoin.com/93059.html
[資料挖掘] 專欄|中文分詞工具測評http://www.jiqizhixin.com/article/1916
[移動安全] BitUnmap: Attacking Android Ashmemhttps://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
[漏洞分析] Three roads lead to Romehttp://blogs.360.cn/ 360safe /2016/11/29/three-roads-lead-to-rome/
[程式設計技術] 單點登錄原理與簡單實現http://www.cnblogs.com/ywlaker/p/6113927.htm
[漏洞分析] Google: Announcing OSS-Fuzz: Continuous Fuzzing for Open Source Softwarehttps://security.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
[移動安全] Android木馬分析流程及實戰http://www.mottoin.com/93078.html
[漏洞分析] Analysis of multiple vulnerabilities in AirDroidhttps://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
[運維安全] 黑產揭秘:“打碼平臺”那點事兒https://jaq.alibaba.com/community/art/show?articleid=628
[惡意分析] One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wildhttp://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
[運維安全] How WeChat uses one censorship policy in China and another internationallyhttps://citizenlab.org/2016/11/wechat-china-censorship-one-app-two-systems/
[資料挖掘] XSExtractor:選取新聞、部落格等長文字網頁的正文工具https://github.com/qingyu1229/XSExtractor
[無線安全] WIFI安全之包結構解析http://sccsec.com/2016/11/23/WIFI%E5%AE%89%E5%85%A8%E4%B9%8B%E5%8C%85%E7%BB%93%E6%9E%84%E8%A7%A3%E6%9E%90/
[惡意分析] 一個目錄穿越引發的注入及後續——XG SDK漏洞回顧與思考http://www.ms509.com/?p=474
[Web安全] Google XSS Game Writeuphttps://b1ngz.github.io/google-xss-game-writeup/
[其它] 新人指導心得體會http://zhenhua-lee.github.io/manmage/mentor.html
[惡意分析] 美東部斷網元兇MIRAI之現場還原與檢測http://mp.weixin.qq.com/s?__biz=MzI4ODA4MTcxMA==&mid=2649550113&idx=1&sn=bba4b0a196580bf1410f424984ba3b81&chksm= f3db9f60c4ac16761261d2f95ce7980b84e318d24db5fac348a24b09b9b6768f58f575f79712&mpshare=1&scene=2&srcid=1128n2PYLPIiWT0aIccMYsJS&from=timeline#rd
[其它] HOW I BYPASSED APPLE'S MOST SECURE ICLOUD ACTIVATION LOCKhttp://www.hemanthjoseph.com/2016/11/how-i-bypassed-apples-most-secure-find.html?m=1
[Web安全] Firefox 0day in the wild is being used to attack Tor usershttp://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
[其它] 寫在阿裡一周年http://www.zoomfeng.com/blog/alibaba-one-year.html
[Web安全] 滲透Oracle 11g(續)https://www.t00ls.net/articles-23609.html
[Web安全] JSON-handle DomXSS Vulnerability(Ver 1.4.11)漏洞分析http://linux.im/2016/11/29/firefox-addon-JSON-handle-DomXSS.html
[工具] DPAT:滲透測試者的域密碼稽核工具https://github.com/clr2of8/DPAT
[程式設計技術] I wrote a password cracking manualhttp://www.netmux.com/blog/hash-crack
[Web安全] 在Empire中配寘使用Torhttp://www.mottoin.com/92761.html
[Web安全] Code Execution and Privilege Escalation–Databaseshttp://resources.infosecinstitute.com/code-execution-and-privilege-escalation-databases/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+infosecResources+%28InfoSec+Resources% 29
[Web安全] DNS-Shell: DNS-Shell is an interactive Shell over DNS channelhttps://github.com/sensepost/DNS-Shell
[其它] 重新來看變數注入,利用命令執行/提升許可權,繞過UAChttps://breakingmalware.com/vulnerabilities/command-injection-and-elevation-environment-variables-revisited/
[雜誌] SecWiki週刊(第143期)https://www.sec-wiki.com/weekly/143
[惡意分析] cosa-nostra:基於家族和圖表顯示的惡意程式分析工具https://github.com/joxeankoret/cosa-nostra
[移動安全] More Than 1 Million Google Accounts Breached by Gooligan http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/?from=timeline
[Web安全] assert免殺一句話http://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649712881&idx=1&sn=8a980de7df522f6fa019fbb063381cef&chksm=888c589ebffbd188503d1ecb31b8c96bc62143e09feef2b2fb0d9654c159018a5fa1c45a0fe6&scene=0#rd
[Web安全] FreePBX 13: From Cross-Site Scripting to Remote Command Executionhttps://blog.ripstech.com/2016/freepbx-from-cross-site-scripting-to-remote-command-execution/