collection document

Collection of quality safety articles(To be rebuilt)

 Some are inconvenient to release.  
Some forget update,can see me star.  
collection-document awesome
以前的链接中大多不是优质的  
渗透测试部分不再更新  
因精力有限，缓慢更新  
Author: [tom0li]  
Blog: https://tom0li.github.io

• Project Description
  • Github-list
    • Awesome-list
    • develop
    • other
  • Safety
    • security list
    • Security Market Insights
    • Cloud security
      • Cloud basics
      • Cloud native security
      • Offense and defense on the cloud
      • VM
        • vCenter
        • SLP
    • AI safety
    • New security plan
      • Building the next generation of security
      • Zero trust
      • DevSecOps
    • Threat detection
      • RASP
      • HIDS
      • WAF
        • WAF Construction Guide
        • BypassWAF
      • Webshell detection
      • Bounce Shell Detection
      • EDR
      • AV
      • Lateral movement detection-honeypot idea
      • Malicious traffic detection
      • IDS
      • Text detection
    • Safe operation
    • Data security
      • Network mapping
    • Communication security
      • End-to-end communication (first edition)
      • SNI
    • personal security
    • APT research
      • Advanced threats-list
      • Threat intelligence
      • fishing
      • C2-RAT
  • Early Warning & Research
    • ImageMagick
    • Exchange
    • Privilege-Escalation
    • VPN
      • Sangfor
      • Pulse
      • Palo
      • Fortigate
      • Citrix Gateway/ADC
    • Tomcat
    • FUZZING
  • Code Audit-JAVA
    • Deserialization-Other
    • RMI
    • Shiro
    • Fastjson
    • Dubbo
    • CAS
    • Solr template injection
    • Apache Skywalking
    • Spring
      • Spring-boot
      • Spring-cloud
      • Spring-data
  • Blockchain
  • penetration
    • border penetration
      • Penetration records and summaries
      • Information collection
      • range
      • penetration techniques
    • Intranet penetration
      • Exchange utilization (old)
      • hash ticket Credential
      • Proxy forwarding and port reuse
      • Intranet platform
      • Intranet skills
      • Rights raising rights
  • Bug_Bounty
  • Web
    • XXE
    • XSS
    • Jsonp
    • CORS
    • CSRF
    • SSRF
    • SQL
    • File contains
    • upload
    • Read any file
    • Web cache spoofing
    • Web cache poisoning
    • SSI
    • SSTI
    • JS
    • DNS
  • other
    • Git
    • QR code
    • reptile
    • efficiency
    • Popular science
  • Contribute
  • Acknowledgments
  • Star

• awesome-web-security
• Awesome-Hacking - 10,000-star list
• awesome-malware-analysis
• Android Security - Collection of Android security related resources.
• Security - Software, libraries, documents, and other resources.
• An Information Security Reference That Doesn't Suck
• Security Talks - Curated list of security conferences.
• OSINT - Awesome OSINT list containing great resources.
• The toolbox of open source scanners - The toolbox of open source scanners
• blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
• awesome-iot-hacks
• awesome-awesome
• Curated list of awesome lists
• Awesome Awesomness - The List of the Lists.
• PENTESTING-BIBLE - security-related content
• Web-Security-Learning - by CHYbeta
• Software-Security-Learning - by CHYbeta
• MiscSecNotes - by JnuSimba notes
• AndroidSecNotes - notes
• LinuxSecNotes - notes
• resource collection of python security and code review
• Pentest_Interview
• tanjiti information source - a security information source crawled every day by Baidu tanjiti
• CVE-Flow - by 404notfound monitors CVE incremental updates, deep learning-based CVE EXP prediction and automated push
• security_w1k1 Master euphrat1ca updates security-related warehouses all the time

• Internet Java Engineer Advanced Knowledge Complete Literacy
• Java learning + interview guide covers the core knowledge that most Java programmers need to master
• Python Cheat Sheet
• A collection of full-stack resources for programmers.
• web, front-end, javascript, nodejs, electron, babel, webpack, rollup, react, vue...
• Interview questions about Python
• Python-100-Days
• python3-source-code-analysis
• Coding Interview University
• tech-interview-handbook-good
• Essential basic knowledge for interviews
• CS basics
• Algorithm/Deep Learning/NLP Interview Notes
• Algorithm Notes
• 50 code implementations that you must know about data structures and algorithms
• interview_internal_reference
• reverse-interview - What to ask the interviewer at the end of the technical interview

• Recommended books for information security practitioners
• English learning guide v1.2 specially written for programmers
• Words Chinese programmers tend to mispronounce
• Useful laws, theories, principles and patterns for developers
• SecLists - Collection of multiple types of lists used during security assessments.
• A collection of web attack payloads payloads set
• Collection of safety-related mind maps - by pniu
• Security mind map collection-by SecWiki
• Android-Reports-and-Resources - HackerOne Reports
• AppSec - Resources for learning about application security.
• Infosec - Information security resources for pentesting, forensics, and more.
• YARA - YARA rules, tools, and people.
• macOS-Security-and-Privacy-Guide
• awesome-security-weixin-official-accounts
• 2018-2020 Youth Safety Circle - Active Technology Blogger/Blogger - by 404notf0und
• 996.Leave
• Key points for renting a house, applicable to Beijing, Shanghai, Guangzhou, Shenzhen and Hangzhou
• Buying a house in Beijing
• Guide to buying a house in Beijing
• Buying a house in Shanghai
• Buying a house in Hangzhou
• awesome-macOS - mac software
• awesome-mac - mac software
• ruanyf - Technology Enthusiast Weekly

• arxiv.org paper library
• 404notf0und learning records focus on the security detection part
• Intrusion detection related content collected by Master Donot
• Zheng Han-Blog View through
• cdxy-Blog is so handsome
• zuozuovera-Blog dexterity
• Security Academic Circle 2018 Annual Summary-WeChat ID Security Academic Circle
• security-hardening security hardening encyclopedia

Introduce the security market overview, trends, and laws. Domestic and foreign security business manufacturers

• XDef Security Summit 2021

• Introduction to virtualization
• kvm yifengyou master kvm notes

• Google:BeyondProd model
• Meituan Cloud Native Container Security Practice
• Cloud Native Intrusion Detection Trend Observation
• Cloud security opportunities brought by cloud native Cloud native security market overview (non-technical)
• Alibaba Cloud Security White Paper

• Awesome-serverless
• Cloud Native Penetration Master Neargle’s record of cloud native penetration introduces the services that cloud native penetration may encounter and the corresponding testing ideas. It is currently the most comprehensive introduction to the introduction of cloud native penetration in China.
• Red Teaming for Cloud clearly explains what red team is and some typical cloud pentest paths
• tom0li: Docker escape summary introduces three types of docker escape methods from an attack perspective, introduces some actual escape scenarios and attack methods for engineers
• Kubernetes security This repo is a collection of kubernetes security stuff and research.
• A preliminary study on the attack and defense of serverless functions introduces the attack paths and defense detection methods of serverless functions
• RDS database attack and defense uses non-child ACCESSKEY to leak information. After configuration, RDS can be connected to the external network.
• Collision between containers and the cloud - a test of MinIO mainly focused on the SSRF vulnerability of MinIO object storage, and the POST SSRF 307 jump construct was exploited
• The security risks of using Helm2 in Kubernetes explain the specific operations for obtaining secrets from Helm2
• K8s 6443 batch intrusion investigation improper authentication configuration allows anonymous users to request k8s api with privileges, request pod to create docker, create privileged docker in docker and execute malicious commands, delete the created pod
• The use of kube-apiserver in K8s penetration testing introduces the classic attack path and looks for high-privilege service account in the obtained pod.
• K8s penetration test etcd usage introduction: Penetration commands when unauthorized etcd and attacker have cert, read service account token command, take over cluster command
• K8s data security Secrets protection solution
• Fantastic Conditional Access Policies and how to bypass them Master Dirk-jan’s Azure issues
• I'm in your cloud: A year of hacking Azure AD Master Dirk-jan's Azure issues
• Istio access authorization exposes high-risk vulnerability CVE-2020-8595 Istio exact match mode exact match improper unauthorized access

• CVE-2021-21972 vCenter 6.5-7.0 RCE Vulnerability Analysis
• VMware vCenter RCE Vulnerability Tracing Record - What knowledge can a simple RCE vulnerability dig out? Introduction to why the data package cannot be modified in burp to upload files

• CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi introduces two CVEs. The SLP officially maintained by VM based on openSLP has a UAF vulnerability and can bypass the patch.

• AI-for-Security-Learning The power of AI - by 404notf0und
• 0xMJ:AI-Security-Learning
• Adversarial ML Threat Matrix against Machine Learning systems
• AI security threat risk matrix
• An exploration of the Web management background identification method based on machine learning and an introduction to the design overview of the background identification module of Tencent’s internal traffic system

• Resilient Security Network - Building the Next Generation of Secure Internet

• Zhang Ou: Trusted network of digital banks implements zero trust concept
• Under zero trust, the proxy tool uses chrome as a proxy, and the victim can access web services through chrome.

• DevSecOps Concepts and Thoughts Tencent Security Emergency Response Center
• Awesome-DevSecOps

• Some myths about security intelligence applications

• A brief discussion on RASP
• Based on OpenRASP - Expand the class loading of RASP in Hong Kong

• Distributed HIDS cluster architecture design Meituan technical team

• WAF construction operation and AI application practice

• Summary of the public test of the goalkeeper WAF
• Personal summary of waf bypass injection ideas (with 6 common waf bypass methods)
• An experienced driver will take you through regular WAF
• Some tips for SQL injection ByPass
• Bypassing WAF at the HTTP protocol level
• Use chunked transfer to defeat all WAFs
• Shortcuts and methods to bypass WAF
• Some knowledge about WAF
• WAF Bypass webshell uploads jsp and tomcat
• Various postures jsp webshell

• Detect and kill Java web filter type memory horse
• Scanning, capturing and killing of Filter/Servlet memory horses
• Discussing the Attack and Defense of Java Memory Webshell
• Things about JSP Webshell--attacks
• Webshell attack and defense against PHP
• Application of Taint Delivery Theory in Webshell Detection-PHP
• A new beginning: detection of webshell
• Using intercetor to inject spring memory webshell article is an attack and exploitation angle

• Research on the principle and detection technology of rebound shell-by LittleHann
• Analysis of Bounce Shell
• Detailed explanation of rebound shell multi-dimensional detection technology

• Lets-create-an-edr-and-bypass
• openedr open source product edr

• exploiting-almost-every-antivirus-software Counter AV, use link method to use AV high authority to delete arbitrary files
• Bypassing Windows Defender Runtime Scanning Enumeration test calls which APIs will trigger Defender detection. It is found that Defender is triggered when CreateProcess and CreateRemoteThread are created. Three solutions are proposed: rewriting API calls, adding modification instructions to dynamically decrypt and load, and preventing Defender from scanning this area. The author focuses on the Defender scanning mechanism. (The virtual memory is relatively large, and only MEM_PRIVATE or RWX page permissions are scanned). When a suspicious API is called, the PAGE_NOACCESS memory permission is dynamically set and Defender will not scan it for security.
• Engineering antivirus evasion
• Bypass Windows DefenderAttack Surface Reduction
• Defender scan file name problem
• herpaderping a new type of bypass defender
• Implement a shellcodeLoader and introduce some shellcode execution methods and bypass sandbox methods
• Malware_development_part Malware tutorial series
• Antivirus detection and hook list

• Honeypots - Honeypots, tools, components, and more.
• Hunting for Skeleton Key Implants Detecting Skeleton Key persistence
• Create a honeypot account to detect Kerberoast

• DataCon2020 question solution: Tracking Botnet through honeypots and DNS traffic
• DNS Tunnel covert communication experiment&& attempts to reproduce feature vectorization thinking mode detection
• maltrail open source traffic detection product
• cobalt-strike-default-modules-via-named-pipe detection detects the memory pipe of the default module executed after CS goes online
• Introduction to using DNS data for threat discovery 360DNSMON Use DNS monitoring to discover skidmap backdoors, some analysis techniques
• DNSMon: Use DNS data for threat discovery. Monitor events through DNSMON and correlate and analyze events.
• evading-sysmon-dns-monitoring
• use-dns-data-produce-threat-intelligence

• Let’s talk about IDS signatures
• TCP packets coming out of order
• Some explorations of bypassing IDS/IPS at the network layer

• Application of machine learning in binary code similarity analysis

• How to evaluate the quality of safety work? Some sharing of upward management of Tencent's "career debt"

• Internet enterprise data security system construction
• A brief discussion on data security

• Briefly talk about cyberspace surveying and mapping
• Let cyberspace surveying and mapping technology no longer be so erratic by Zhao Wu Network Surveying and Mapping Focus
• Record some cyberspace mapping/search engine related information

• The most comprehensive introduction to zoom vulnerabilities and repair solutions in history
• Traffic analysis attacks on secure instant messaging software
• Analysis of the data confidentiality principle of Shadowsocks based on secondary confusion encryption transmission

• ESNI what-is-encrypted-sni
• encrypted-client-hello-the-future-of-esni-in-firefox
• encrypted-client-hello

• Tor-0day-Finding-IP-Addresses
• lcamtuf: disaster plan
• tom0li: Personal privacy protection ideas for ordinary people’s privacy protection
• Protecting privacy: list of digital privacy collection methods
• Supercookie browser access fingerprintingSupercookie uses favicons to assign a unique identifier to website visitors. Use multiple access URLs to distinguish users

Most of the content listed in the early stage is attack content, including apt tracking reports, etc.

• Red-Team-Infrastructure-Wiki
• Analyze APT report collection and recommend
• On the nature of advanced threats and quantitative research on attack power
• OffensiveCon conferences are no longer shown one by one
• ATT&CK
• The practice and thinking of Red Team from 0 to 1 introduces what Red Team is and is suitable for the internal red construction of the team.
• MITER | ATT&CK Chinese website knowledge map, no longer updated
• fireeye Threat Research Well-known threat analysis company
• red-team-and-the-next -by DEVCORE

Anti Threat article by redrain and his team

• Noah blog Anti Threat and Threat Actors through Noah Lab Analysts
• FiberHome Lab blog
• APT analysis and TTPs extraction
• Discussion on ATT&CK/APT/Attribution
• Legends Always Die -- A brief introduction to League of Legends supply chain attacks in FireEye Summit Traces the source of a supply chain attack, basic information such as domain name/ip/email, contact history apt activities
• XShellGhost event technical review report
• Kingslayer A supply chain attack

Solarwinds supply chain analysis

• Looking at the covert operations in APT operations from Solarwinds supply chain attack (Golden Link Bear), representative qianxin analyzes Solarwinds attack behavior
• Solarwinds Analysis
• Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
• SUNBURST analyzes other details

• The decade-long process of classifying North Korea indictments
• A brief discussion on the "attribution" of cyber attacks. Introducing some indicators and methods of APT classification (refer to the Cyber ​​Attribution document) and some classification documents
• What is threat intelligence? An introduction to what is threat intelligence? Definition, classification, and indicators. The source tracing and classification process is introduced through some cases.

• Introduction to SMTP user enumeration principles and related tools - used to obtain user dictionary
• Harpoon attack
• How to fight back against hackers using AWVS
• The road to counterattack starting from MySQL
• Mysql Client arbitrary file reading attack chain expansion
• Malicious MySQL Server reads MySQL Client files
• BloodHoundAD/BloodHound#267 -xss
• Ghidra from XXE to RCE for engineers
• Security risks from WeChat cheats target individuals
• Nodejs warehouse phishing targets engineers
• Making a malicious plug-in for Visual Stuio Code targets engineers
• VS CODE phishing targets engineers
• Python package phishing targets engineers
• Docker client phishing targets engineers
• Using malicious pages to attack local Xdebug for engineers
• Huawei HG532 router phishing RCE for individuals
• Intranet phishing

 RMI反序列化
WIN远程连接漏洞CVE-2019-1333
Mysql读文件&反序列化
Dubbo反序列化
IDE反序列化
恶意vpn
恶意控件
笔记软件rce
社交软件rce
NodeJS库rce
Python package 钓鱼
VSCODE EXTENSION 钓鱼
VS Studio钓鱼
Twitter钓鱼
红包插件钓鱼防撤回插件
解压rce
破解软件钓鱼
docker客户端钓鱼
docker镜像钓鱼
Xdebug
Ghidra钓鱼
bloodhound钓鱼
AWVS钓鱼
蚁剑
浏览器插件
云盘污染

• ..etc

Email forgery

• "Exploration" caused by a fake email (involving phishing emails, SPF, DKIM, etc.)
• SPF records: Introduction to principles, syntax and configuration methods
• Email Forgery Technology and Detection
• Discussion on the attack and defense of forging emails and creating email bombs
• Bypass DKIM verification and forge phishing emails
• Best Practices on Email Protection: SPF, DKIM and DMARC
• Cobalt Strike Spear Phish
• Gsuite SMTP inject

For now, it’s just a brief list

• Koadic C3 COM Command & Control - JScript RAT
• QuasarRAT
• CS

• Top 10 Web Hacking Techniques of 2017 - An nb website
• Top-10-web-hacking-techniques-of-2018
• Safety PPT collection
• us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA -Orange pwn vpn
• bypass sandbox-yuange
• Application of compilation principles in the security field
• Application of software radio and open source base stations in vulnerability mining PART 4: Some exploration and learning resource integration of baseband security by Sprite 0xroot
• recovering-passwords-from-pixelized-screenshots-sipke-mellema removes text mosaics. The test has too many restrictions and requires the same screenshot software, xy coordinates, fonts, and colors.

• ImageMagick vulnerability handbook
• How to use Fuzzing to mine ImageMagick vulnerabilities
• ImageMagick-CVE-2016-3714 command execution analysis
• Imagemagick encounters getimagesize

• Microsoft Exchange vulnerability record (directed to domain control) - CVE-2018-8581
• Using Exchange SSRF vulnerability and NTLM relay to compromise domain control
• Microsoft Exchange Vulnerability Analysis CVE-2018-8581
• Analysis of Microsoft Exchange Arbitrary User Forgery Vulnerability (CVE-2018-8581)
• .Net deserialization ViewState utilization
• proxylogon
• Program implementation to generate ViewState

• Ubuntu-gdm3-accountsservice-LPE

• Sangfor backend RCE
• Sangfor front desk RCE does not include a link because it has not been made public.

• Pulse-secure-read-passwd-to-rce -by orange
• Pulse Connect Secure RCE CVE-2020-8218
• Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)

• Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!

• Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN

• Citrix Gateway/ADC Remote Code Execution Vulnerability Analysis

• Apache Tomcat 8.x vulnerabilities

• Awesome-Fuzzing
• Research and design of Fuzzing platform construction by Quan Ge
• Exploring the insufficient coverage problem in advanced automated vulnerability mining techniques
• Fuzzing War: From swords, bows and axes to Star Wars Flanker explains the historical trend of fuzzing
• Fuzzing War Series Two: Not Afraid of Floating Clouds Covering Our Vision Coverage-Guided Fuzzing solves closed-source ideas Static or Dynamic & Dynamic Tracing

• javasec.org -by principal
• Some Tips for JAVA code auditing (with scripts)
• Minxin Java code audit-promoting step by step
• Java vulnerability code
• Code audit knowledge planet selection

• Java-Deserialization-Cheat-Sheet
• Tomcat does not go out of the network, echo
• Various postures of Java deserialization echo
• Semi-automated mining request implements multiple middleware echoes
• Java post-deserialization vulnerability exploitation ideas
• URL ECCENTRICITIES IN JAVA java url class request causes ssrf lfi leak java version
• HSQLDB Security Testing Guide HSQLDB (HyperSQL DataBase) is a small embedded database written entirely in Java

• Getting Started with Java RMI
• attacking-java-rmi-services-after-jep-290
• Nine attacks against RMI services - Part 1
• Nine attacks against RMI services - Part 2
• Thoughtful solution to an attack on intranet rmi service REJECTED error reporting

• The exploration of Shiro RememberMe vulnerability detection ranges from using empty SimplePrincipalCollection to detect keys to Tomcat universal echo to various difficulties encountered in the detection process.
• See the correct use of shiro from a development vulnerability
• Command execution vulnerability caused by deserialization in Shiro RememberMe 1.2.4
• Qiangwang Cup "Easter Egg" - Divergent thinking on Shiro 1.2.4 (SHIRO-550) vulnerability
• Shiro 721 Padding Oracle Attack Vulnerability Analysis
• Shiro permission bypass vulnerability analysis
• Applications with dynamically loaded classes in Java code execution vulnerability cannot register filter reGeorg agent online

• fastjson deserialization utilization
• FastJson =< 1.2.47 Brief analysis of deserialization vulnerabilities
• FASTJSON deserialization based on JNDI utilization method
• Fastjson deserialization vulnerability debugging analysis
• FastJson deserialization learning
• A brief discussion on the bypass history of Fastjson RCE vulnerability
• Several methods to detect fastjson through dnslog
• A mining idea for fastjson 1.2.68 autotype bypass gadget

• Dubbo2.7.7 Deserialization Vulnerability Bypass Analysis Yunding Lab
• Multiple remote code execution vulnerabilities in Dubbo 2.7.8
• How to bypass the restrictions of higher versions of JDK for JNDI injection. Bypassing the restrictions of higher versions of JDK: Use LDAP to return serialized data and trigger local gadgets. Why put it under Dubbo because of the problems encountered in Dubbo.

• Apereo CAS 4.X execution parameter deserialization vulnerability analysis
• Apereo CAS deserialization vulnerability analysis and echo exploitation

• Apache Solr Injection Research
• In-depth analysis of Apache Solr Velocity template injection vulnerability
• Apache solr Velocity template remote command execution vulnerability analysis
• solr-injection

• Apache Skywalking Remote Code Execution Vulnerability Analysis

• Spring Boot Vulnerability Exploit CheckList
• Spring boot Thymeleaf template injection for java security development

• Spring Cloud Config Server path traversal and arbitrary file reading vulnerability CVE-2019-3799

• Spring Data Redis <=2.1.0 Deserialization Vulnerability

• Knowledge Base SlowMist Security Team Knowledge Base
• Slow Mist Security Team github

• hacked-Facebook -by Orange
• Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out -Orange Pandora's Box Opened
• penetration criteria
• pentest-bookmarks
• awesome-pentest - A collection of awesome penetration testing resources.
• Pentest Cheat Sheets - Awesome Pentest Cheat Sheets.
• Pentesting checklists for various engagements
• pentest-wiki
• Micropoor
• Penetration Testing Practice Third Edition
• Web Service Penetration Testing from Beginner to Master
• Lao Wen’s record of a difficult penetration
• Infiltrating the Hacking Team Process
• ssrf intranet roaming
• Penetration Log 1
• Penetration Log 2
• tom0li: Summary of logical loopholes
• Summary of common vulnerabilities in web middleware
• Mysql database penetration and vulnerability exploitation summary simeon
• Various Host Header Attacks
• Redis master-slave utilization ppt
• Web attack and defense brute force cracking He Zudao version
• A brief discussion on middleware vulnerabilities and protection
• NFS attack and defense
• Exploiting hidden folders and files in web applications to obtain sensitive information
• Whitepaper: Security Cookies
• Server open debug security content
• Getting started with Kubernetes security
• OOB
• H2 database penetration summary
• Atlassian product vulnerability compilation

• Information gathering technology from a Red Team perspective
• Penetration Artifact Series Search Engine
• Google Hacking Database
• Google Hacking
• Shodan automated utilization
• Some uses of Shodan in penetration testing and vulnerability mining
• Shodan’s http.favicon.hash syntax detailed explanation and usage tips
• Shodan Manual – Chinese
• Shodan manual dorks
• Introduction to early stage intelligence collection methods and tools for web application security testing

• vulhub
• vulfocus

• BurpSuite multi-agent
• Frida.Android.Practice (ssl unpinning)
• IIS7 and above break through the restriction of no script execution permissions
• Combined use of SQL secondary injection and truncation
• Supplementary instructions for SQL secondary injection and truncation
• phpMyAdmin new posture getshell - need to set parameters with ROOT permission to open
• phpmyadmin4.8.1 background getshell
• Invalid HTTP request bypasses Lighttpd rewrite rules
• RFI bypass URL inclusion restrictions getshell win server php file inclusion bypass allow_url_fopen allow_url_include = off
• 2 ideas - read connection mysql client system information and upload
• PayloadsAllTheThings - Payloads Encyclopedia
• JNI technology bypasses rasp protection to implement jsp webshell
• The agent cannot enter the intranet on the wrong day
• A brief analysis of reverse proxy
• Introduction to iptables
• Combine direct system calls and sRDI to bypass AV/EDR
• FB Django Debug Stacktrace RCE
• Redis on Windows is so cool to use and explore outside the network
• Tools | How to modify sqlmap payload
• Tools | How to modify sqlmap payload (Part 2)
• sqlmap source code analysis
• sqlmap source code analysis one
• sqlmap source code analysis 2
• sqlmap source code analysis three
• sqlmap source code analysis four
• Eyes of the Gods nmap customization - first introduction to NSE
• Eye of the Gods nmap customization NSE advancement
• Burpsuite tips you may not know
• awesome-burp-extensions
• A simple analysis of AWVS
• Erase some AWVS flags
• nmap talks about the experience and principles of port detection
• My road to web application security fuzz testing
• Getting started with Wfuzz
• Wfuzz basic skills
• Wfuzz advanced skills 1
• Wfuzz advanced skills 2
• xray advanced version crack

Some of the contents of the article given before are wrong and need to be checked in practice.

• AD-Attack-Defense
• l3m0n: Intranet penetration learning from scratch
• uknowsec/Active-Directory-Pentest-Notes
• Intranet_Penetration_Tips
• A summary of the penetration of a foreign intranet - a beginner's introduction to practicing with old writers
• Post-penetration for a major domestic factory – continuous – entry-level practice
• Record a lateral penetration
• Intranet penetration record keywords: delegation, relay, bypassAV, webdev XXE - by A-TEAM
• Introduction to Windows Intranet Penetration-by Tencent Anping Department
• NTLM-Relay

• In-depth understanding of how Exchange Server is exploited under network penetration
• The use of Exchange in penetration testing
• Microsoft Exchange vulnerability record (directed to domain control) - CVE-2018-8581
• Using Exchange SSRF vulnerability and NTLM relay to compromise domain control
• Microsoft Exchange Vulnerability Analysis
• Analysis of Microsoft Exchange Arbitrary User Forgery Vulnerability (CVE-2018-8581)
• Exchange Server Remote Code Execution Vulnerability Reproduction Analysis

• Fancy ways to steal NetNTLM hashes
• The Open Door to Hell: Abuse of the Kerberos Protocol
• NTLM-Relay
• Practical guide to NTLM Relaying in 2017
• The worst of both worlds: Combining NTLM Relaying and Kerberos delegation
• Red Teaming and Theory: Credential Relay and EPA
• Advanced Domain Penetration Technique Pass the Hash Is Dead - Long Live LocalAccountTokenFilterPolicy
• Overview of vulnerabilities in Windows intranet protocol learning NTLM
• Introduction to kerberos

• Penetration testing skills: Summary of intranet penetration methods and ideas
• Intranet Roaming SOCKS Proxy Finale
• iptables port reuse
• Driver level port multiplexing
• Web service middleware port reuse
• win IIS port reuse

It is recommended to read the official manual

• Three sworn brothers among intranet swordsmen
• Penetration weapon Cobalt Strike - Part 2 APT-level comprehensive anti-killing and confrontation with corporate defense-in-depth system
• CobaltStrike Modification Guide
• Metasploit gallops through the intranet to directly access the domain administrator's head
• One article to master PowerShell Empire 2.3 (Part 1)
• One article to master PowerShell Empire 2.3 (Part 2)
• Powershell Attack Guide Post-hacker Penetration Series - Basics
• Powershell Attack Guide Post-hacker Penetration Series - Advanced Utilization
• Powershell Attack Guide Post-hacker Penetration Series - Practical Combat
• nishang-ps
• Empire actual combat domain penetration

• Penetration skills - multi-user login for Windows system remote desktop
• Infiltration Techniques: Tools to Hide Yourself
• A trick to whitelist downloading malicious code
• Whitelist download malicious code
• One command to implement a file-less and highly compatible rebound backdoor, collected from the powerful former dark clouds
• Penetration Techniques - Various Methods to Download Files from Github
• Penetration Tips—Switching from Admin Permissions to System Permissions
• Penetration Techniques - Program Delegation and Startup
• Forcibly access the Internet through VPN, and the Internet will be disconnected when the VPN is disconnected
• ip proxy tool shadowProxy-proxy pool
• Penetration Techniques - Account Hiding in Windows Systems
• Penetration Tips – More Tests for “Hidden” Registries
• Penetration Techniques—Deleting and Bypassing Windows Logs
• Penetration Techniques—Token Stealing and Utilization
• Domain Penetration - Obtain the NTDS.dit file of the domain control server
• Penetration Tips - Obtain Remote Desktop Connection History of Windows Systems
• Domain Penetration - Using SYSVOL to restore passwords saved in Group Policy
• Windows Log Attack and Defense
• Simple processing of intrusion logs for win
• 6 Ways to Get Domain Admin Rights from Active Directory
• 3gstudent/Pentest-and-Development-Tips
• Summary and arrangement of common small TIPS in penetration testing
• 60 Bytes - Fileless Penetration Testing Experiment
• 3389user cannot be added
• Discard PSEXEC and use wmi for lateral penetration
• ms14-068 domain privilege escalation series summary
• Create a Bypass UAC automated testing gadget to bypass the latest version of Win10
• DoubleAgent - post-exploitation injection of anti-virus software
• Extracting NTLM Hashes from keytab files
• Export saved passwords in Chrome offline
• Penetration Tips—Use Masterkey to Offline Export Passwords Saved in Chrome Browser
• Domain Penetration - Kerberoasting
• A trivial detail of the old tool PsExec
• Domain penetration: using CrackMapExec to get what we want
• Delegation in the Kerberos Protocol Exploration Series
• Reverse attack mstsc through RDP to monitor the clipboard
• Remotely extract credentials
• Rethinking credential theft
• Ghost potato actual use
• PowerView
• The Importance of WMI in Penetration Testing
• BloodHound
• BloodHound Official User Guide
• Antimalware Scan Interface Provider for Persistence via AMSI Provider Persistence
• Task Scheduler Lateral Movement introduces the use of scheduled tasks in smaller movements

• linux-kernel-exploitation linux kernel exploitation must read
• Win privilege escalation auxiliary tool
• windows-kernel-exploits Collection of Windows platform privilege escalation vulnerabilities
• linux-kernel-exploits Linux platform privilege escalation vulnerability collection
• A detailed introduction to Linux privilege escalation attacks and defensive exploits

• bug bounty writeups - similar to Wuyun vulnerability library.
• hackone-hacktivity If you finish reading this, you don’t need to read the following Bug_Bounty
• awesome-bug-bounty - A comprehensive curated list of Bug Bounty Programs and write-ups from the Bug Bounty hunters
• Recon
• bugbounty-cheatsheet
• bug-bounty-reference
• Web Hacking 101 Chinese version
• Webmin <=1.920 Remote Command Execution Vulnerability-CVE-2019-15107 - Refined
• Webmin CVE-2019-15642
• Getting Started with Chrome Ext Security from 0 (1) -- Understanding a Chrome Ext
• Getting Started with Chrome Ext Security from 0 (2) -- Safe Chrome Ext
• Looking at the security issues of PC-side url scheme from CVE-2018-8495
• A brief discussion on the security of short URLs

• XXE (XML External Entity Injection) vulnerability practice
• How to exploit the XXE injection vulnerability in Uber’s website
• What do we think of when XXE is mentioned?
• Simple understanding and testing of XXE vulnerabilities
• xxe vulnerability detection and code execution process
• A brief discussion on XXE vulnerability attacks and defenses
• XXE vulnerability analysis
• XML entity injection vulnerability attack and defense
• Exploitation and learning of XML entity injection vulnerabilities
• XXE Injection: Attack and Prevent- XXE Injection: Attack and Prevent
• Hunting in the Night-Blind Typing XXE
• Hunting in the Dark - Blind XXE
• XMLExternal Entity vulnerability training module
• My opinion on XXE vulnerability attack and defense
• Some tips for exploiting XXE vulnerabilities
• Magical Content-Type - XXE attacks in JSON
• XXE-DTD Cheat Sheet
• Bypassing the detection of xxe by some cms through encoding
• Using EXCEL to carry out XXE attacks
• Vulnerability analysis of XXE attacks using EXCEL files
• EXCEL dependent libraries
• Upload DOC file XXE
• An article to give you an in-depth understanding of vulnerabilities: XXE vulnerabilities

• AwesomeXSS
• A brief discussion on XSS—Character encoding and browser parsing principles
• In-depth understanding of XSS encoding-browser parsing principles
• Common XSS exploit codes and principles
• Front-end defense from entry to abandonment--CSP changes
• XSS testing memo
• A brief discussion on cross-site scripting attacks and defenses
• The art of cross-site: XSS Fuzzing techniques
• From Swiss Army Knife to Transformers--XSS attack surface expansion
• Penetration testing skills: Exploitation and thinking of vulnerabilities caused by XSS
• xss_bypass_Uppercase
• XSSpayload communication and research
• Remember the process of discovering stored XSS vulnerabilities
• An adventure of XSS breakthrough
• Xiangxiang’s xss record (1)
• Black-Hole Album - Close Reading
• Intranet xss worm
• Break through the black market and win the fishing station group for games such as chicken DNF
• Front-end security series (1): How to prevent XSS attacks?
• Upload a Word file to form a stored XSS path
• XSS without parentheses and semi-colons

• JSONP injection parsing
• Use JSONP to obtain information across domains
• Discussing the same origin strategy attack and defense
• A brief discussion on cross-domain 11
• Use request merging bypass referer(jsonp) detection

• JSONP and CORS vulnerability mining
• A brief discussion on possible vulnerabilities caused by CORS
• The Complete Guide to Cors Security

• Some thoughts on JSON CSRF
• Talk about CSRF attacks in Json format

• Some tips on SSRF
• About SSRF vulnerability mining ideas
• SSRF in Java
• Dns Auto Rebinding
• Transmission analysis of bypassing same-origin policy attacks through DNS rebinding
• SSRF vulnerability mining experience
• Learn about SSRF
• SSRF&redis
• gopher-attack-surfaces
• Use DNS Rebinding to Bypass SSRF in Java

• MySql injection memo
• A brief analysis of character encoding and SQL injection in white box auditing
• In-depth explanation of wide byte injection
• Several methods of writing shell based on mysql
• MSSQL injection attacks and defenses
• The process of obtaining WEBSHELL with MSSQL DBA authority
• SQLite manual injection Getshell skills

• php file contains vulnerability

• Upload vulnerability range

• Research on new arbitrary file reading vulnerabilities
• An arbitrary file reading vulnerability record
• Common dictionaries for arbitrary file reading

• Web Cache spoofing attack
• Web cache spoofing test

• Practical Web Cache Poisoning

• Server-side inclusion injection SSI analysis summary

• Research on server-side injection problems encountered in Flask Jinja2 development
• Research on server-side injection problems encountered in FlaskJinja2 development II

• That thing about website rape clipboards
• Hidden dangers and defenses of referencing external scripts
• Two front-end bypass penetration summary
• How to blast data encrypted by the front end
• The idea and method of blasting by encrypting the login account password and then transmitting it

• DNS domain transfer vulnerability learning summary
• Using Python to implement DGA domain name detection
• DNS-Persist: Using DNS protocol for remote control communication
• Principles and examples of local DNS attacks
• error dns response
• DNS Tunnel Detection Civilian Solution
• How DNS Pan-Analysis Was Broken by Hackers
• DNS Tunneling and related implementations
• DNS domain transfer tools
• Dnslog’s practical use in SQL injection

• How to undo various error operations in Git
• Git tips

• WeChat Netting-QRLJacking Analysis and Utilization-Scan my QR code to obtain your account permissions
• Discussion on QR code vulnerability attack under Android platform
• Analysis of common defects of QR code login
• QR code security-Taobao example

• A brief discussion on dynamic crawlers and deduplication
• A brief discussion on dynamic crawlers and deduplication (continued)
• Crawler Basics [Web Vulnerability Scanner]

I'll make up for it when I think of it before.

• chrome-is-bad chrome causes slow mac
• zsh and oh my zsh cold start speed optimization

• Top 10 Deep Web Search Engines
• I saw tens of thousands of car owners’ personal information, corporate and government officials’ information, and various data on Baidu Netdisk.
• A new posture obtained from a CTF question
• The iPhone locks the screen but cannot lock personal information. Is iOS really very secure?
• Brother Xian imported the black magic commands from the HITB hacker conference in Singapore.
• The importance of programming - sqlmap source code
• More than 400 popular websites record user keystrokes or leak sensitive personal information
• https hijack understanding
• TCP common troubleshooting
• Bank card quickpass chip reads private information through EVM/PBOC
• txt text file deduplication and import into database for processing
• Analysis of File Spoofing in U Disk Virus Propagation
• In-Depth Analysis: The Maginot Line of Defense of Mobile Phone Fingerprints
• A collection of Internet slang + tips | How to share in a low-key manner
• 1.4 billion foreign data
• After the Word file is encrypted
• Tencent’s 2017 Internet Black Threat Source Research Report
• Money laundering tool "mobile phone recharge card" card number and card secret gray industry cash laundering chain
• Request method problem
• Python tools to analyze risk data
• Technical discussion | Building a small caller ID obfuscation tool
• google.com/machine-learning/crash-course/
• Remote positioning and tracking of connected vehicles and analysis of utilization ideas
• A preliminary study on the attack and defense series of smart locks
• my world view
• An artifact to steal U disk files
• Intranet security inspection/penetration summary
• Linux intranet penetration
• Exploration and verification of new ideas for intranet penetration ideas
• Primary domain penetration series- 01. Basic introduction & information acquisition
• Primary domain penetration series- 02. Common attack methods- 1
• Primary domain penetration series 03. Common attack methods
• Intranet penetration knowledge base and process
• RemTeam Attack Tips and Security Defenses
• Web-Security-Note
• Better articles on web security - mainly for newcomers to get started
• Fuzz Automation Bypass Soft WAF Posture
• Gray Robe 2017
• Getting Started with a Red Team Journey
• Unofficial hard drive decryption method
• linux-suid-privilege-escalation
• Hard_winGuide.md
• Enterprise-Registration-Data-of-Chinese-Mainland
• Brother Dao's blackboard newspaper - a young man who thinks deeply and is a real expert
• Why ping uses UDP port 1025 exists just socket/connect/getsockname/close, the purpose is to get the source ip

old

 ### 建设

* [Enterprise_Security_Build--Open_Source](https://bloodzer0.github.io)
* [一个人的安全部](http://www.freebuf.com/articles/security-management/126254.html)
* [没有钱的安全部之资产安全](http://www.jianshu.com/p/572431447613?from=timeline)
* [一个人的企业安全建设实践](https://xianzhi.aliyun.com/forum/topic/1568/)
* [单枪匹马搞企业安全建设](https://xianzhi.aliyun.com/forum/topic/1916)
* [“一个人”的互金企业安全建设总结](http://www.freebuf.com/articles/neopoints/158724.html)
* [低成本企业安全建设部分实践](https://xianzhi.aliyun.com/forum/topic/1996)
* [饿了么运维基础设施进化史](https://mp.weixin.qq.com/s?__biz=MzA4Nzg5Nzc5OA==&mid=2651668800&idx=1&sn=615af5f120d1298475aaf4825009cb30&chksm=8bcb82e9bcbc0bff6309d9bbaf69cfc591624206b846e00d5004a68182c934dab921b7c25794&scene=38#wechat_redirect)
* [B站日志系统的前世今生](https://mp.weixin.qq.com/s/onrBwQ0vyLJYWD_FRnNjEg)
* [爱奇艺业务安全风控体系的建设实践](https://mp.weixin.qq.com/s/2gcNY0LmgxpYT1K6uDaWtg)
* [美团外卖自动化业务运维系统建设](https://tech.meituan.com/digger_share.html)
* [携程安全自动化测试之路](http://techshow.ctrip.com/archives/2315.html)
* [企业安全中DevSecOps的一些思考](http://www.freebuf.com/articles/es/145567.html)
* [企业安全经验 应急响应的战争](http://www.freebuf.com/articles/web/155314.html)
* [企业安全项目架构实践分享](https://xianzhi.aliyun.com/forum/topic/1718)
* [以溯源为目的蜜罐系统建设](http://www.4hou.com/technology/9687.html)
* [蜜罐与内网安全从0到1（一）](https://xianzhi.aliyun.com/forum/topic/998)
* [蜜罐与内网安全从0到1（二）](https://xianzhi.aliyun.com/forum/topic/997)
* [蜜罐与内网安全从0到1（三）](https://xianzhi.aliyun.com/forum/topic/996)
* [蜜罐与内网安全从0到1（四）](https://xianzhi.aliyun.com/forum/topic/1730)
* [蜜罐与内网安全从0到1（五）](https://xianzhi.aliyun.com/forum/topic/1955)
* [企业安全建设—模块化蜜罐平台的设计思路与想法](https://xianzhi.aliyun.com/forum/topic/1885)
* [蜜罐调研与内网安全](https://xz.aliyun.com/t/7294)
* [Real-timeDetectionAD](https://github.com/sisoc-tokyo/Real-timeDetectionAD_ver2) - https://bithack.io/forum/505 - 域内蜜罐
* [HFish](https://bithack.io/forum/505) - 蜜罐框架
* [opencanary_web](https://github.com/p1r06u3/opencanary_web)
* [tpotce](https://github.com/dtag-dev-sec/tpotce/)
* [ElastAlert监控日志告警Web攻击行为](http://www.freebuf.com/articles/web/160254.html)
* [OSSIM分布式安装实践](https://www.secpulse.com/archives/67514.html)
* [企业信息安全团队建设](https://xianzhi.aliyun.com/forum/topic/1965)
* [一个人的安全部之ELK接收Paloalto日志并用钉钉告警](http://www.freebuf.com/articles/others-articles/161905.html)
* [账号安全的异常检测](https://mp.weixin.qq.com/s/qMjNURydlhzby9Qhs6RZhQ)
* [一般型网站日志接入大数据日志系统的实现](http://www.freebuf.com/column/166112.html)
* [基础设施的攻击日志 – 第1部分：日志服务器的设置](https://www.secpulse.com/archives/70001.html)
* [基础设施的攻击日志记录 – 第2部分：日志聚合](https://www.secpulse.com/archives/70016.html)
* [基础设施攻击日志记录 – 第3部分：Graylog仪表板](https://www.secpulse.com/archives/70149.html)
* [基础设施的攻击日志记录 – 第4部分：日志事件警报](https://www.secpulse.com/archives/70207.html)
* [宜信防火墙自动化运维之路](http://www.freebuf.com/articles/security-management/166895.html)
* [证书锁定](https://www.secpulse.com/archives/75212.html)
* [中通内部安全通讯实践](https://xz.aliyun.com/t/3759)
* [那些年我们堵住的洞 – OpenRASP纪实](https://anquan.baidu.com/article/855)
* [源头之战，不断升级的攻防对抗技术 —— 软件供应链攻击防御探索](https://security.tencent.com/index.php/blog/msg/140)
* [网络空间安全时代的红蓝对抗建设](https://security.tencent.com/index.php/blog/msg/139)

#### 加固

* [Linux基线加固](https://mp.weixin.qq.com/s/0nxiZw1NUoQTjxcd3zl6Zg)
* [基线检查表&安全加固规范](https://xianzhi.aliyun.com/forum/topic/1127/)
* [浅谈linux安全加固](https://mp.weixin.qq.com/s/y8np-sFzik15x09536QA5w)
* [CentOS 7 主机加固](http://www.cnblogs.com/xiaoxiaoleo/p/6678727.html)
* [APACHE 常见加固](http://cncc.bingj.com/cache.aspx?q=APACHE+%E5%B8%B8%E8%A7%81%E5%8A%A0%E5%9B%BA++0xmh&d=4797622048333774&mkt=zh-CN&setlang=zh-CN&w=WrFf2nH3PRyFtNxa6T7D-zazauskMnwg)
* [Apache服务器安全配置](http://webcache.googleusercontent.com/search?q=cache:GZSS-N0OXY8J:foreversong.cn/archives/789+&cd=1&hl=zh-CN&ct=clnk&gl=sg&lr=lang_en%7Clang_zh-CN)
* [GNU/Linux安全基线与加固](http://cb.drops.wiki/drops/tips-2621.html)
* [windows服务器安全配置策略](https://www.yesck.com/post/528/)
* [15步打造一个安全的Linux服务器](https://www.freebuf.com/articles/system/121540.html)
* [Tomcat7 加固清单](https://threathunter.org/topic/59911277ec721b1f1966e7eb)
* [Tomcat安全设置和版本屏蔽](http://www.freebuf.com/column/163296.html)
* [IIS服务器安全配置](http://foreversong.cn/archives/803)
* [企业常见服务漏洞检测&修复整理](http://www.mottoin.com/92742.html)
* [运维安全概述](http://cb.drops.wiki/drops/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8-8169.html)
* [浅谈Linux系统MySQL安全配置](https://mp.weixin.qq.com/s/0KrfdrjbcRdvSTKxoNHOcA)
* [Hardening Ubuntu](https://github.com/konstruktoid/hardening)
* [Tomcat Config Security](https://joychou.org/operations/tomcat-config-security.html)
* [安全运维中基线检查的自动化之ansible工具巧用](https://bbs.ichunqiu.com/thread-46896-1-1.html?from=snew)
* [https://github.com/netxfly/sec_check](https://github.com/netxfly/sec_check)

#### 响应 溯源

* [awesome-incident-response](https://github.com/meirwah/awesome-incident-response) - A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.
* [黑客入侵应急分析手工排查](https://xianzhi.aliyun.com/forum/topic/1140/)
* [应急tools](https://github.com/meirwah/awesome-incident-response/blob/master/README_ch.md)
* [Linux服务器应急事件溯源报告](http://wooyun.jozxing.cc/static/drops/tips-12972.html)
* [应急响应小记链接已挂](https://threathunter.org/topic/5943a99c1e3732874e23f996)
* [大型互联网企业入侵检测实战总结](https://xz.aliyun.com/t/1626/)
* [Linux应急响应姿势浅谈](http://bobao.360.cn/learning/detail/4481.html)
* [安全应急姿势](http://rinige.com/index.php/archives/824/)
* [Web日志安全分析浅谈](https://xianzhi.aliyun.com/forum/topic/1121/)
* [域名劫持事件发生后的应急响应策略](http://www.freebuf.com/articles/security-management/118425.html)
* [我的日志分析之道：简单的Web日志分析脚本 ](http://www.freebuf.com/sectool/126698.html)
* [攻击检测和防范方法之日志分析](http://www.freebuf.com/articles/web/109001.html)
* [Tomcat日志如何记录POST数据](https://secvul.com/topics/1087.html)
* [邮件钓鱼攻击与溯源](https://4hou.win/wordpress/?p=28874)
* [应急响应实战笔记](https://github.com/Bypass007/Emergency-Response-Notes) - Bypass007
* [某云用户网站入侵应急响应](http://www.freebuf.com/articles/network/134372.html)
* [IP 定位逆向追踪溯源访客真实身份调查取证](https://lcx.cc/post/4595/)
* [域名背后的真相，一个黑产团伙的沦陷](https://www.freebuf.com/articles/terminal/127228.html)
* [看我如何从54G日志中溯源web应用攻击路径](https://paper.tuisec.win/detail/a56f79f0d7126f5)

#### 综合

* [企业安全实践(基础建设)之部分资产收集](http://www.freebuf.com/column/157085.html)
* [企业安全实践(基础建设)之IP资产监控](http://www.freebuf.com/column/157496.html)
* [企业安全实践(基础建设)之主动分布式WEB资产扫描](http://www.freebuf.com/column/157546.html)
* [企业安全实践(基础建设)之被动扫描自动化(上)](http://www.freebuf.com/column/157635.html)
* [企业安全实践(基础建设)之被动扫描自动化(中)](http://www.freebuf.com/column/157947.html)
* [企业安全实践(基础建设)之被动扫描自动化(下)](http://www.freebuf.com/column/157996.html)
* [企业安全实践(基础建设)之WEB安全检查](http://www.freebuf.com/column/158358.html)
* [企业安全实践(基础建设)之HIDS（上）](http://www.freebuf.com/column/158449.html)
* [企业安全实践(基础建设)之HIDS（下）](http://www.freebuf.com/column/158677.html)
* [0xA1: 新官上任三把火](https://zhuanlan.zhihu.com/p/26485293)
* [0xA2 应急响应、防御模型与SDL](https://zhuanlan.zhihu.com/p/26542790)
* [0xA3 安全域划分和系统基本加固](https://zhuanlan.zhihu.com/p/26603906)
* [0xB1 微观安全——一台服务器做安全](https://zhuanlan.zhihu.com/p/27363168)
* [0xB2 事件应急——企业内网安全监控概览](https://zhuanlan.zhihu.com/p/29816766)
* [0xB3 再谈应急响应Pt.1 unix主机应急响应
  elknot](https://zhuanlan.zhihu.com/p/29958172)
* [0xB4 企业安全建设中评估业务潜在风险的思路](https://zhuanlan.zhihu.com/p/31263844?group_id=916355317818970112)
* [企业安全体系建设之路之系统安全篇](https://xianzhi.aliyun.com/forum/topic/1949)
* [企业安全体系建设之路之网络安全篇](https://xianzhi.aliyun.com/forum/topic/1950)
* [企业安全体系建设之路之产品安全篇](https://xianzhi.aliyun.com/forum/topic/1951)
* [SOC异闻录](https://www.anquanke.com/post/id/95231)
* [开源软件创建SOC的一份清单](http://www.freebuf.com/articles/network/169632.html)
* [开源SOC的设计与实践](http://www.freebuf.com/articles/network/173282.html)
* [F5 BIG-IP Security Cheatsheet](https://github.com/dnkolegov/bigipsecurity)

#### 原bug bounty
* [SRC漏洞挖掘小见解](http://www.mottoin.com/95043.html)
* [面向SRC的漏洞挖掘总结](http://blkstone.github.io/2017/05/28/finding-src-vuls/)
* [漏洞挖掘经验分享Saviour](https://xianzhi.aliyun.com/forum/topic/1214/)
* [我的SRC之旅](https://mp.weixin.qq.com/s/2ORHnywrxXPexviUYk7Ccg)
* [浅析通过"监控"来辅助进行漏洞挖掘](https://bbs.ichunqiu.com/thread-28591-1-1.html)
* [威胁情报-生存在SRC平台中的刷钱秘籍](https://bbs.ichunqiu.com/article-921-1.html)
* [威胁情报](https://mp.weixin.qq.com/s/v2MRx7qs70lpnW9n-mJ7_Q)
* [YSRC众测之我的漏洞挖掘姿势](https://bbs.ichunqiu.com/article-655-1.html)
* [SRC的漏洞分析](https://bbs.ichunqiu.com/thread-19745-1-1.html)
* [众测备忘手册](https://mp.weixin.qq.com/s/4XPG37_lTZDzf60o3W_onA)
* [挖洞技巧：如何绕过URL限制](https://www.secpulse.com/archives/67064.html)
* [挖洞技巧：APP手势密码绕过思路总结](https://www.secpulse.com/archives/67070.html)
* [挖洞技巧：支付漏洞之总结](https://www.secpulse.com/archives/67080.html)
* [挖洞技巧：绕过短信&邮箱轰炸限制以及后续](http://mp.weixin.qq.com/s/5OSLC2GOeYere9_lT2RwHw)
* [挖洞技巧：信息泄露之总结](https://www.secpulse.com/archives/67123.html)
* [阿里云oss key利用](https://www.t00ls.net/viewthread.php?tid=52875&highlight=oss)
* [任意文件下载引发的思考](https://www.secpulse.com/archives/68522.html)
* [任意文件Getshell](https://xz.aliyun.com/t/6958)
* [通用性业务逻辑组合拳劫持你的权限](https://www.anquanke.com/post/id/106961)
* [组合漏洞导致的账号劫持](https://xz.aliyun.com/t/3514)
* [我的通行你的证](https://lvwei.me/passport.html#toc_0)
* [那些年我们刷过的SRC之企业邮箱暴破](https://www.secquan.org/Discuss/262)
* [各大SRC中的CSRF技巧](https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=28448&highlight=src)
* [一些逻辑](https://secvul.com/topics/924.html)
* [一个登陆框引起的血案](http://www.freebuf.com/articles/web/174408.html)
* [OAuth回调参数漏洞案例解析](https://03i0.com/2018/04/01/OAuth%E5%9B%9E%E8%B0%83%E5%8F%82%E6%95%B0%E6%BC%8F%E6%B4%9E%E6%A1%88%E4%BE%8B%E8%A7%A3%E6%9E%90/)
* [子域名接管指南](https://www.secpulse.com/archives/95304.html)
* [Subdomain Takeover](https://www.secpulse.com/archives/94973.html)
* [Subdomain Takeover/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)
* [Subdomain-takeover](https://echocipher.github.io/2019/08/14/Subdomain-takeover/)
* [过期链接劫持的利用方法探讨](http://www.freebuf.com/articles/web/151836.html)
* [国外赏金之路](https://blog.securitybreached.org/2017/11/25/guide-to-basic-recon-for-bugbounty/) - 老司机赏金见解,历史赏金文章 list
* [记一次失败的0元单的挖掘历程与一处成功的XSS案例](https://bbs.ichunqiu.com/article-636-1.html)
* [看我如何发现谷歌漏洞跟踪管理平台漏洞获得$15600赏金](http://www.freebuf.com/articles/web/152893.html)
* [看我如何利用简单的配置错误“渗透”BBC新闻网](http://www.freebuf.com/news/155558.html)
* [分享一个近期遇到的逻辑漏洞案例](http://www.freebuf.com/vuls/151196.html)
* [我是如何挖掘热门“约P软件”漏洞的](http://www.freebuf.com/articles/web/157391.html)
* [新手上路 | 德国电信网站从LFI到命令执行漏洞](http://www.freebuf.com/articles/web/156950.html)
* [Taking over Facebook accounts using Free Basics partner portal](https://www.josipfranjkovic.com/blog/facebook-partners-portal-account-takeover)
* [The bug bounty program that changed my life](http://10degres.net/the-bugbounty-program-that-changed-my-life/)
* [挖洞经验 | 看我如何免费获取价值€120的会员资格](http://www.freebuf.com/articles/web/172438.html)
* [Scrutiny on the bug bounty](https://xz.aliyun.com/t/3935)
* [1hack0/Facebook-Bug-Bounty-Write-ups](https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups)

* [Java反序列化漏洞-金蛇剑之hibernate(上)](https://xianzhi.aliyun.com/forum/topic/2030)
* [Java反序列化漏洞-金蛇剑之hibernate(下)](https://xianzhi.aliyun.com/forum/topic/2031)
* [Java反序列化漏洞-玄铁重剑之CommonsCollection(上)](https://xianzhi.aliyun.com/forum/topic/2028)
* [Java反序列化漏洞-玄铁重剑之CommonsCollection(下)](https://xianzhi.aliyun.com/forum/topic/2029)
* [Java反序列化漏洞从入门到深入](https://xianzhi.aliyun.com/forum/topic/2041)
* [Java反序列化备忘录](https://xianzhi.aliyun.com/forum/topic/2042)
* [Java反序列化漏洞之殇](https://xianzhi.aliyun.com/forum/topic/2043)
* [Java反序列化漏洞学习实践一：从Serializbale接口开始，先弹个计算器](http://www.polaris-lab.com/index.php/archives/447/)
* [Java反序列化漏洞学习实践二：Java的反射机制（Java Reflection）](http://www.polaris-lab.com/index.php/archives/450/)
* [Java反序列化漏洞学习实践三：理解Java的动态代理机制](http://www.polaris-lab.com/index.php/archives/453/)

We welcome everyone to contribute, you can open an issue for this if you have some new ideas about this project or you have found some quality safety articles, and then I will add your name to Acknowledgments.

• @tom0li
• @neargle
• @r4v3zn

Thank Star