Information
## 渗透
- [Seagate Central Storage远程执行代码0天](https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/)
\`NSA固件漏洞挖掘\`
- [SKF实验室](https://github.com/blabla1337/skf-labs)
\`GraphQL错误,JWT,SSRF,SSTI漏洞环境,可以和https://github.com/D0g3-Lab/H1ve漏洞环境结合一起使用\`
- [hydra使用](https://medium.com/@watchdogg/the-noise-of-brute-force-hydra-and-log-analysis-ef70066f0f5a)
\`新用法、结合tor代理破解密码\`
- [通过滥用文件下载功能中的SQL注入来窃取NTLMv2哈希](http://www.mannulinux.org/2020/01/stealing-ntlmv2-hash-by-abusing-sqlInjection.html)
\`通过注入获取NTLMv2 hash值\`
- [持久性–图像文件执行选项注入](https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/)
- [持久性– Winlogon帮助器DLL](https://pentestlab.blog/2020/01/14/persistence-winlogon-helper-dll/)
- [.ssh利用链](https://0day.work/pwning-your-web-server-and-network-the-easy-way-or-why-exposing-ssh-is-a-bad-idea/)
- [SQL注入WAF绕过技术](https://incogbyte.github.io/sqli_waf_bypass/)
- [渗透测试备忘单的最终收集](https://medium.com/@yiukingyau/penetration-testing-ultimate-collection-of-cheat-sheets-98d827572a4f)
- [发现隐藏在Cloudflare背后的Wordpress网站的IP地址](https://blog.nem.ec/2020/01/22/discover-cloudflare-wordpress-ip/)
- [snowming CobaltStrike文章](http://blog.leanote.com/archives/snowming)
\`CobaltStrike 文章\`
- [Windows Defender绕过Meterpreter](https://hacker.house/lab/windows-defender-bypassing-for-meterpreter/)
- [渗透命令列表](https://github.com/swisskyrepo/PayloadsAllTheThings)
\`Web应用程序安全性和Pentest/CTF的有用负载和绕过列表\`
- [红队行动之鱼叉攻击-研究分享](https://payloads.online/archivers/2020-02-05/1)
- [在AWS Elastic Beanstalk中利用SSRF](https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/)
- [Bug Bounty:从SSRF到RCE](https://xz.aliyun.com/t/4398)
- [网络设备密码](https://www.a1securitycameras.com/technical-support/default-username-passwords-ip-addresses-for-surveillance-cameras/)
- [31 Tips — API Security & Pentesting](https://medium.com/bugbountywriteup/31-tips-api-security-pentesting-480b5998b765)
\`31个API测试技巧\`
- [攻击向量表](http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp)
\`各种漏洞学习类型\`
- [Application-Security-Engineer-Interview-Questions](https://github.com/security-prince/Application-Security-Engineer-Interview-Questions)
\`国外面试题目\`
- [From S3 bucket to Laravel unserialize RCE](https://blog.truesec.com/2020/02/12/from-s3-bucket-to-laravel-unserialize-rce/)
- [APT 分析及 TTPs 提取](https://paper.seebug.org/1132/)
- [破解AWS Cognito错误配置](https://www.notsosecure.com/hacking-aws-cognito-misconfigurations/)
- [红队基础架构现代路由简介-使用Traefik,Metasploit,Covenant和Docker](https://khast3x.club/posts/2020-02-14-Intro-Modern-Routing-Traefik-Metasploit-Docker/)
- [云反向外壳:Hershell,Metasploit和Docker](https://khast3x.club/posts/2018-10-02-docker-c2-hershell-metasploit/)
- [Windows Server 2016抓取明文密码](https://bacde.me/post/Windows-Server-2016-Get-Plaintext-Password/)
- [这是一篇“不一样”的真实渗透测试案例分析文章](https://mp.weixin.qq.com/s/8OueE-bEIdkvwPWu3KqrcQ)
- [通过渗透测试查找文件上传错误](https://wsp-lab.github.io/papers/lee-fuse-ndss20.pdf)
- [记一次对优学院和云班课的前端代码审计](https://blog.blankshell.com/2020/03/14/%E8%AE%B0%E4%B8%80%E6%AC%A1%E5%AF%B9%E4%BC%98%E5%AD%A6%E9%99%A2%E5%92%8C%E4%BA%91%E7%8F%AD%E8%AF%BE%E7%9A%84%E5%89%8D%E7%AB%AF%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/)
- [Cobalt Strike 4.0 手册——献给渗透测试人员的先进威胁战术](https://paper.seebug.org/1143/)
- [实用的VoIP渗透测试](https://medium.com/vartai-security/practical-voip-penetration-testing-a1791602e1b4)
- [BurpSuite 后台爆破 ](https://0entropy.blogspot.com/2020/03/using-burp-intruder-for-auth-bypass-ctf.html)
\`通过Burp Intruder尝试万能密码\`
- [AZURE中入侵域控制器。](https://www.secsignal.org/en/news/how-i-hacked-a-domain-controller-in-azure-during-a-penetration-test/)
\`Azure域渗透\`
- [从SQL注入到整站打包与本地搭建](https://mp.weixin.qq.com/s/zqFB2Frcl0SzqLmYUuDwvA)
\`mssql 安全狗 绕过\`
- [Linux黑客案例研究第1部分:Rsync](https://blog.netspi.com/linux-hacking-case-studies-part-1-rsync/)
- [Linux黑客案例研究第2部分:NFS](https://blog.netspi.com/linux-hacking-case-studies-part-2-nfs/)
- [Linux黑客案例研究第3部分:phpMyAdmin](https://blog.netspi.com/linux-hacking-case-studies-part-3-phpmyadmin/)
- [Linux Hacking Case Studies Part 5: Building a Vulnerable Linux Server](https://blog.netspi.com/linux-hacking-case-studies-part-5-building-a-vulnerable-linux-server/)
- [Linux Hacking Case Studies Part 4: Sudo Horror Stories](https://blog.netspi.com/linux-hacking-case-studies-part-4-sudo-horror-stories/)
- [XXE注入通过HTTP请求走私绕过防火墙](https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/)
- [思科密码破解和解密指南](https://www.infosecmatter.com/cisco-password-cracking-and-decrypting-guide/)
- [从默认打印机凭据到域管理员](https://abdihakx.wordpress.com/2020/03/14/from-default-printer-credentials-to-domain-admin/)
- [什么是LDAP注入及其预防方法](https://www.netsparker.com/blog/web-security/ldap-injection-how-to-prevent/)
- [内网渗透-免杀抓取windows hash](https://mp.weixin.qq.com/s/WLP1soWz-_BEouMxTHLbzg)
- [CS 253 Web Security](https://web.stanford.edu/class/cs253/)
\`斯担复大学Web安全\`
- [Firebird Database Exploitation](https://www.infosecmatter.com/firebird-database-exploitation/)
\`Firebird数据库利用\`
- [CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection)
- [一次“SSRF--\>RCE”的艰难利用](https://mp.weixin.qq.com/s/kfYF157ux_VAOymU5l5RFA)
- [Attacking Secondary Contexts in Web Applications](https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit#slide=id.g71f4f9d057_1_102)
\`API安全\`
- [如何通过将JavaScript隐藏在PNG图像中来绕过CSP](https://www.secjuice.com/hiding-javascript-in-png-csp-bypass/)
- [Wechat&Alipay小程序源码反编译](https://www.ohlinge.cn/web/mini_app_decompile.html)
- [蓝队与红队:如何在内存中运行加密的ELF二进制文件并且不被发现](https://medium.com/@redtimmy/blue-team-vs-red-team-how-to-run-your-encrypted-elf-binary-in-memory-and-go-undetected-f3dc89ffc1d6)
- [关于Network Discovery的一些思考](https://www.freebuf.com/sectool/226489.html)
\`masscan扫描速度思路\`
- [HTML5攻击-第1集](https://www.secjuice.com/html5-attacks-ep-01/)
\`Websocksets\`
- [渗透测试和src信息收集手册](https://github.com/Qftm/Information_Collection_Handbook)
\`参照修改我的虚拟机\`
- [PostgreSQL渗透测试](https://medium.com/@lordhorcrux_/ultimate-guide-postgresql-pentesting-989055d5551e)
\`写的一般,不够全面。\`
- [Ngrok用于本地基础架构](https://fortynorthsecurity.com/blog/ngrok-for-local-infrastructure/)
\`使用Ngrok配置CobaltStrike上线\`
- [RCE可能导致特权升级](https://medium.com/@th3m7J0/rce-can-lead-to-privilege-escalation-9a47805d3ba0)
- [一次有趣的钓鱼测试](https://mp.weixin.qq.com/s/JZs26mle8diovfPpAggP7A)
\`塔建教程和基础\`
- [大话:API的前世今生](https://zine.la/article/19cf75fecd08469c9a2576954528b936/)
- [漫谈:现代API安全简史](https://zine.la/article/537b5f3f01474927aef2d71dfc2ca3b6/)
- [短兵:API安全典型漏洞剖析](https://zine.la/article/1eaf51e700924b3290218f0d6c7b7247/?from=timeline)
- [WebShell "干掉" RASP](https://mp.weixin.qq.com/s/yykliM-b4_rStX5ucPWO2w)
\`而webshell中通过设置LD_PRELOAD引入,由于webshell的恶意代码运行于glibc层面,自然避过了RASP监控。\`
- [浅析接口安全之WebService](https://xz.aliyun.com/t/7541)
- [一些提取api key的正则表达式](https://bacde.me/post/Extract-API-Keys-From-Regex/)
- [利用Cloudflare Worker来隐藏C2基础设施](https://www.freebuf.com/sectool/232555.html)
\`CloudFlare + cobaltstrike\`
- [源代码漏洞の审计](https://github.com/wooyunwang/Fortify)
\`包含很多案例\`
- [VoIP Asterisk服务器上的渗透测试(第2部分)](https://www.hackingarticles.in/penetration-testing-on-voip-asterisk-server-part-2/)
- [入侵胖客户端简介:第1部分-GUI](https://blog.netspi.com/introduction-to-hacking-thick-clients-part-1-the-gui/)
- [SSRF](https://medium.com/@d0nut/piercing-the-veal-short-stories-to-read-with-friends-4aa86d606fc5)
\`国外漏洞平台提交的SSRF\`
- [iOS渗透测试清单](https://mobexler.com/checklist.htm)
- [进攻性安全备忘单](https://cheatsheet.haax.fr/)
- [空指针-Base on windows Writeup -- 最新版DZ3.4实战渗透](https://paper.seebug.org/1197/)
\`关于authkey的利用\`
- [linux后渗透之收集登录凭证](https://xz.aliyun.com/t/7698)
\`只是有这样的思路,但是所有操作都基于root权限\`
- [从AST到100个某知名OA前台注入](https://blog.riskivy.com/%E4%BB%8East%E5%88%B0100%E4%B8%AA%E6%9F%90%E7%9F%A5%E5%90%8Doa%E5%89%8D%E5%8F%B0%E6%B3%A8%E5%85%A5/#i)
- [SpringBoot 相关漏洞学习资料](https://github.com/LandGrey/SpringBootVulExploit)
\`SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist\`
- [对 Redis 在 Windows 下的利用方式思考](https://mp.weixin.qq.com/s/wDpMlDDJMskXLkgcA3x7RQ)
- [闲谈Webshell实战应用](https://www.anquanke.com/post/id/206664)
\`流量绕过和WebShell免杀\`
- [微信小程序的渗透五脉](https://www.hackinn.com/index.php/archives/672/)
\`提取微信小程序中的URL\`
- [主机安全——洋葱Webshell检测实践与思考](https://mp.weixin.qq.com/s/ol70aVdvybzMJmtfxaAAZQ)
- [红蓝对抗——「CobaltStrike」应用攻击手段实例分析](https://mp.weixin.qq.com/s/9_0pLbmWqUbJ6aGEPjxvYA)
\`cs默认信息分析\`
- [401爆破](https://www.cnblogs.com/Kat-sec/p/12056635.html)
\`401爆破、Tomcat爆破\`
- [使用 MAT 查找 spring heapdump 中的密码明文](https://landgrey.me/blog/16/)
- [记一次信息泄漏到RCE](https://mp.weixin.qq.com/s/YirHAXg3VZXA3Znj4L6xSw)
\`spring利用\`
- [Jsonp漏洞简析及自动化漏洞挖掘脚本编写](https://mp.weixin.qq.com/s/SuEpF3RIZIv2CcIUok8SoQ)
\`JSONP跨域获取信息,可利用于渗透后的信息收集;\`
- [Docker逃逸小结 第一版](https://xz.aliyun.com/t/7881#toc-0)
- [菜刀连接PHP WebShell返回200错误](https://blog.csdn.net/bloodzer0/article/details/106812282)
- [记一次对某企业的渗透测试实战](https://gh0st.cn/archives/2018-06-20/1)
\`Fuzz每个参数\`
- [Attack Detection Fundamentals: Initial Access - Lab #1](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-1/)
- [Attack Detection Fundamentals: Initial Access - Lab #2](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-2/)
- [Attack Detection Fundamentals: Initial Access - Lab #3](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-3/)
- [Attack Detection Fundamentals: Initial Access - Lab #4](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-4/)
- [使用SQL注入执行SSRF/XSPA攻击](https://ibreak.software/2020/06/using-sql-injection-to-perform-ssrf-xspa-attacks/)
\`各类数据库注入的利用\`
- [攻击检测基础知识:发现和横向移动-实验1](https://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-1/)
- [攻击检测基础知识:发现和横向移动-实验2](https://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-2/)
- [Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #3](https://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-3/)
- [Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #4](https://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-4/)
- [Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #5](https://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-5/)
- [针对宝塔的RASP及其disable_functions的绕过](https://mp.weixin.qq.com/s?__biz=MzIzOTE1ODczMg==&mid=2247484822&idx=1&sn=71b04c0a08fee2cb239ff78a5e7a6165)
- [蚁剑实现动态秘钥编码器解码器](https://yzddmr6.tk/posts/antsword-xor-encoder/)
- [主机安全——洋葱Webshell检测实践与思考](https://mp.weixin.qq.com/s/ol70aVdvybzMJmtfxaAAZQ)
- [红蓝对抗——「CobaltStrike」应用攻击手段实例分析](https://mp.weixin.qq.com/s/9_0pLbmWqUbJ6aGEPjxvYA)
\`cs默认信息分析\`
- [401爆破](https://www.cnblogs.com/Kat-sec/p/12056635.html)
\`401爆破、Tomcat爆破\`
- [使用 MAT 查找 spring heapdump 中的密码明文](https://landgrey.me/blog/16/)
- [记一次信息泄漏到RCE](https://mp.weixin.qq.com/s/YirHAXg3VZXA3Znj4L6xSw)
\`spring利用\`
- [Jsonp漏洞简析及自动化漏洞挖掘脚本编写](https://mp.weixin.qq.com/s/SuEpF3RIZIv2CcIUok8SoQ)
\`JSONP跨域获取信息,可利用于渗透后的信息收集;\`
- [Docker逃逸小结 第一版](https://xz.aliyun.com/t/7881#toc-0)
- [菜刀连接PHP WebShell返回200错误](https://blog.csdn.net/bloodzer0/article/details/106812282)
- [记一次对某企业的渗透测试实战](https://gh0st.cn/archives/2018-06-20/1)
\`Fuzz每个参数\`
- [Attack Detection Fundamentals: Initial Access - Lab #1](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-1/)
- [Attack Detection Fundamentals: Initial Access - Lab #2](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-2/)
- [Attack Detection Fundamentals: Initial Access - Lab #3](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-3/)
- [Attack Detection Fundamentals: Initial Access - Lab #4](https://labs.f-secure.com/blog/attack-detection-fundamentals-initial-access-lab-4/)
\`初始访问检测\`
- [使用SQL注入执行SSRF/XSPA攻击](https://ibreak.software/2020/06/using-sql-injection-to-perform-ssrf-xspa-attacks/)
\`各类数据库注入的利用\`
- [2020热门漏洞复现](http://dream0x01.com/spear-framework/)
\`Shiro、weblogic、fastjson\`
- [Azure AD攻防](https://www.synacktiv.com/posts/pentest/azure-ad-introduction-for-red-teamers.html)
\`云环境,内网渗透。\`
- [我们要WebShell过人!](https://www.freebuf.com/articles/web/241454.html)
- [WAF Bypass之wesbhell上传jsp与tomcat](https://mp.weixin.qq.com/s/kHCPhaZHNpCIzAtnYK6jPg)
- [凭据收集总结](https://mp.weixin.qq.com/s/30xOtFsstX4wemiRKoMMwQ)
- [Apache Kylin 远程命令执行](https://www.secpulse.com/archives/135424.html)
- [Attack Detection Fundamentals: C2 and Exfiltration - Lab #1](https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-1/)
- [Attack Detection Fundamentals: C2 and Exfiltration - Lab #2](https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-2/)
- [Attack Detection Fundamentals: C2 and Exfiltration - Lab #3](https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-3/)
\`以上三篇是教你如何检测C2\`
- [红队攻防实践:不出网主机搭建内网隧道新思路](https://mp.weixin.qq.com/s/WzXztQoiqBec-y23dRj0ww)
- [内网存活自动化探测](https://mp.weixin.qq.com/s/AUgBlRjH_USaZXgmMDYzSg)
\`批处理脚本\`
- [无需密码 直连目标内网Mssql](https://mp.weixin.qq.com/s/hXUjPXsh85nd8OL_IlYjZg)
- [Pentest_Note](https://github.com/xiaoy-sec/Pentest_Note)
\`渗透知识点,trips\`
- [唯快不破的分块传输绕WAF](https://mp.weixin.qq.com/s/pM1ULCqNdQwSB7hcltrbtw)
\`分块传输配合sqlmap注入\`
- [【红队技巧】目标资产收集(上)](https://mp.weixin.qq.com/s/HoFxiHMJfhx6Rr0QyHXeMg)
- [手把手教你用python3打造一个内网资产扫描器](https://mp.weixin.qq.com/s/L5a_kabzBqmF788DPC3otw)
- [某企业授权渗透报告](https://www.freebuf.com/articles/network/243831.html)
\`实战渗透,apk信息收集,内网渗透部分收集到Excel资产文件表格,修改网络设备,xray、goby的使用\`
- [红队测试之邮箱打点](https://www.secpulse.com/archives/135748.html)
\`邮箱信息收集基础\`
- [H5页面漏洞挖掘之路-加密篇](https://mp.weixin.qq.com/s/QRxMQFgAPlJsUwuw8Sv0JQ"%3Ehttps://mp.weixin.qq.com/s/QRxMQFgAPlJsUwuw8Sv0JQ)
- [免杀WEBSHELL方法论](https://github.com/qiyeboy/kill_webshell_detect)
- [常见未授权访问漏洞总结](https://mp.weixin.qq.com/s/nLH58xnHwDkrmvYCdne03Q)
- [如何基于 "点" 位快速搜集](https://mp.weixin.qq.com/s/fYaqtotkEfzLhlLN3qRaXw)
- [红队攻防实践:unicode进行webshell免杀的思考](https://mp.weixin.qq.com/s/It_TxaorAKu_nwcCpyglCA)
- [冰蝎改造之不改动客户端=>内存马](https://mp.weixin.qq.com/s/r4cU84fASjflHrp-pE-ybg)
- [Exchange Web Interfaces攻击](https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/)
\`Exchange攻击技巧\`
- [Remote Code Execution in Citrix ADC](https://swarm.ptsecurity.com/remote-code-execution-in-citrix-adc/)
\`Citrix利用\`
- [冰蝎改造之不改动客户端=>内存马](https://mp.weixin.qq.com/s/r4cU84fASjflHrp-pE-ybg)
\`冰蝎改动\`
- [「Burpsuite练兵场」Portswigger Web Security Academy介绍](https://mp.weixin.qq.com/s/G0OMpeZOPa-CJZhhVWD7nQ)
\`BurpSuite练习平台\`
- [技术分享 | 内网渗透手动学习实践](https://mp.weixin.qq.com/s/Gw1K_iTx2nsKwWu_XNTKUQ)
\`内网渗透基础\`
- [WAF绕过拍了拍你](https://mp.weixin.qq.com/s/Jbq_v8HW4f5H7irvwVlvNQ)
\`各种WAF绕过实用技巧\`
- [冰蝎,从入门到魔改](https://mp.weixin.qq.com/s/hbBKQRaMg-b68lJ9k8Rh4A)
\`魔改冰蝎绕WAF\`
- [冰蝎,从入门到魔改(续)](https://mp.weixin.qq.com/s/s_DcLdhEtIZkC2_z0Zz4FQ)
\`魔改冰蝎绕WAF\`
- [抛砖引玉之CobaltStrike4.1的BOF](https://mp.weixin.qq.com/s/-jU4HrPtB8rD4cmqAKZOZw)
\`修改CS\`
- [Mysql Client 任意文件读取攻击链拓展](https://blog.knownsec.com/2020/07/css-t-mysql-client-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%94%BB%E5%87%BB%E9%93%BE%E6%8B%93%E5%B1%95/)
- [只为给你讲清楚CVE-2020-5902](https://mp.weixin.qq.com/s/bOhjLxysPH9iULarWDG2Mg)
\`F5漏洞分析\`
- [CitrixSystems产品安全漏洞](https://mp.weixin.qq.com/s/R9BnOxxK-VWHM7gtsk-LzA)
\`CVE-2020-8193 & CVE-2020-8195 & CVE-2020-8196 poc\`
- [PHP Webshell那些事-攻击篇](https://mp.weixin.qq.com/s/FgzIm-IK02rjEf3JvxOxrw)
- [从DNSBeacon到域控](https://mp.weixin.qq.com/s/5SRscii8xxTYMfd25eXRyA)
- [技术干货 | Docker 容器逃逸案例汇集](https://mp.weixin.qq.com/s/zfCcbDKc-ncYBOGXI5j4Vw)
- [Shiro 回显Burp插件(支持burp被动扫描功能](https://mp.weixin.qq.com/s/zYL1TADYChRrPqdz81BOdA)
- [Shiro RememberMe 漏洞检测的探索之路](https://mp.weixin.qq.com/s/EsTLOtKHgH2CLxny7i9SMQ)
- [Openfire Admin Console SSRF&任意文件读取漏洞 poc](https://mp.weixin.qq.com/s/loU6Le6BzmaSnRL6WMBbJQ)
- [F5-BIG-IP未授权RCE(CVE-2020-5902)](https://xz.aliyun.com/t/8014)
- [利用 ZoomEye 追踪多种 Redteam C&C 后渗透攻击框架](https://paper.seebug.org/1301/)
- [护网自动化脚本](https://mp.weixin.qq.com/s/uHNx28XFZ5M6KwykMC4Jsg)
- [云安全环境下恶意脚本检测的最佳实践](http://yundunpr.oss-cn-hangzhou.aliyuncs.com/2020/xcon2020.pdf)
- [安装包钓鱼与反钓鱼](https://mp.weixin.qq.com/s/3NTj9NNo2pEIPtfxKckRGw)
\`通过劫持DLL,重新打包,诱导让人安装,思路还行。\`
- [N1QL Injection: Kind of SQL Injection in a NoSQL Database](https://labs.f-secure.com/blog/n1ql-injection-kind-of-sql-injection-in-a-nosql-database/)
\`N1QL注入\`
- [Penetration Testing on CouchDB \(5984\)](https://www.hackingarticles.in/penetration-testing-on-couchdb-5984/)
\`CouchDB 渗透\`
- [基于甲方视角的漏洞发现](https://mp.weixin.qq.com/s/eBPp4eyaGs827POFTesqOA)
\`透明盒子\`
- [CVE-2020-1472\(域内提权\)漏洞复现](https://sherlocz.github.io/2020/09/16/CVE-2020-1472/)
- [ExchangeServer 远程代码执行\[CVE-2020-16875\]](https://www.cnblogs.com/Yang34/p/13672834.html)
\`利用条件需要一个邮箱帐号\`
- [Cobalt Strike 绕过流量审计](https://paper.seebug.org/1349/)
- [红队遇蜜罐](https://mp.weixin.qq.com/s/YBge1xjpjQjQ-NoK4kK6RQ)
\`蜜罐的反制\`
- [bugbounty之我是如何侵入电信网络的](https://xz.aliyun.com/t/8255#toc-0)
- [物联网安全之MQTT渗透实战](https://bacde.me/post/mqtt-security-part-two/#0x00-%E8%8E%B7%E5%8F%96mqtt%E8%AE%A4%E8%AF%81%E4%BF%A1%E6%81%AF)
\`MQTT渗透\`
- [ZeroLogon(CVE-2020-1472)-攻击与防御](https://blog.zsec.uk/zerologon-attacking-defending/)
- [Metasploit获取不到会话原因](https://mp.weixin.qq.com/s/iHfA01e2iXOgBGVwjOAjvg)
- [记一次因“打码”不严的渗透测试](https://mp.weixin.qq.com/s/M_E1OkEdTiMAkawxprwI3A)
- [渗透测试指南-OWASP](https://github.com/Voorivex/pentest-guide)
- [IOT、RedTeam、产品安全性、AI安全评估培训](https://payatu.com/)
\`参考培训目录,大概知道学习方向。\`
- [ATT&CK 威胁情报真实检测逻辑](https://labs.f-secure.com/blog/catching-lazarus-threat-intelligence-to-real-detection-logic-part-two/)
- [谈谈AMF网站的渗透测试](https://xz.aliyun.com/t/8399)
- [Fofa工程师](https://mp.weixin.qq.com/s/vXJ7Tmr1-xlgE0AwB8RxAA)
- [实战讲解TP3框架下的渗透思路](https://xz.aliyun.com/t/8417)
- [杭州站/你好,捕鱼人](https://data.hackinn.com/ppt/2020HACKINGDAY%E6%9D%AD%E5%B7%9E%E7%AB%99/%E4%BD%A0%E5%A5%BD%EF%BC%8C%E6%8D%95%E9%B1%BC%E4%BA%BA.pdf)
\`比较保守\`
- [Linux透明代理在红队渗透中的应用](https://payloads.online/archivers/2020-11-13/1#0x00-%E5%89%8D%E8%A8%80)
\`Linux Iptables来代理透明流量\`
- [漏洞武器化评估小技巧](https://mp.weixin.qq.com/s?__biz=MzU3NDY1NTYyOQ==&mid=2247484908&idx=1&sn=8f514c66b633fa59abeffdb7f58739e0)
\`特定入侵、批量找脆弱目标,RCE,无需交互,无需特权不需要组合攻击,影响广度\`
- [学习Splunk 配置](https://blog.zsec.uk/ltr-d101-splunk/)
\`攻击日志收集分析\`
- [【Youtube视频】Linux提权视频](https://www.youtube.com/playlist?list=PLk6GyAyNDZmBmVacGhQgMPlXLEzqtyjti)
\`Cron、Suid、特权进程、错误配置、通配符、SUDO提权\`
- [HITB CyberWeek 2020 PPT](https://cyberweek.ae/materials/2020/)
\`涉及:渗透、Fuzz、机器学习、IOS、自动驾驶汽车、逆向、工控等\`
- [Potatoes - Windows Privilege Escalation](https://jlajara.gitlab.io/others/2020/11/22/Potatoes_Windows_Privesc.html)
- [Cobaltstrike去除特征](https://www.secpulse.com/archives/148377.html)
- [机器学习攻击系列](https://embracethered.com/blog/posts/2020/machine-learning-attack-series-overview/)
\`以红团队安全测试角度机器学习攻击系列\`
- [红队中易被攻击的一些重点系统漏洞整理](https://github.com/r0eXpeR/redteam_vul)
- [SO-CON2020 PPT](https://specterops.io/so-con2020)
- [针对小程序的漏洞挖掘](https://www.sec-in.com/article/648)
- [Android安全资料](https://github.com/saeidshirazi/awesome-android-security)
- [新西兰渗透测试入门指南2020](https://www.linkedin.com/pulse/getting-started-penetration-tester-nz-2020-edition-simon-howard/)
- [国外网络安全学习指南](https://github.com/harisqazi1/Cybersecurity)
- [中小型银行实战攻防演练经验分享](https://mp.weixin.qq.com/s/sGoGelUKd8ehYlghOgg7gw)
- [基于冷门协议sctp反弹shell](https://mp.weixin.qq.com/s/E1klj8opnzbuoEVweBjHjg)
- [域控制器后门:万能钥匙](https://www.hackingarticles.in/domain-controller-backdoor-skeleton-key/)
- [Kerberos蛮力攻击](https://www.hackingarticles.in/kerberos-brute-force-attack/)
- [Domain Persistence: Golden Ticket Attack](https://www.hackingarticles.in/domain-persistence-golden-ticket-attack/)
## Tools
- [迪迪埃·史蒂文斯(Didier Stevens)2019脚本](https://blog.didierstevens.com/2020/01/02/overview-of-content-published-in-2019/)
- [深入研究Pass-the-Hash攻击与防御](https://xz.aliyun.com/t/7051#toc-13)
- [使用Magisk和Burp从Android 7+上的应用拦截HTTPS流量](https://blog.nviso.eu/2017/12/22/intercepting-https-traffic-from-apps-on-android-7-using-magisk-burp/comment-page-1/#comment-32952)
- [Web攻击实验室](https://github.com/weev3/LKWA)
\`反序列化等\`
- [论高级威胁的本质和攻击力量化研究](http://vxjump.net/files/aptr/aptr.txt)
- [Mysql Client 任意文件读取攻击链拓展](https://paper.seebug.org/1112/#load-data-infile)
- [阿里白帽大会-红队的踩"坑"之路总结-Wing](https://mp.weixin.qq.com/s/nSYfekeeN0ShSS9C8prr1w)
- [xpasn](https://github.com/x1sec/xpasn/)
\`自治系统(AS)编号扩展为前缀或单个主机IP地址\`
- [https://github.com/charles2gan/GDA-android-reversing-Tool](GDA是完全用c ++编写的新反编译器)
\`android反编译\`
- [socialscan](https://github.com/iojw/socialscan)
\`检查邮箱注册了哪些公司\`
- [红色团队工具包集合](https://0xsp.com/offensive/red-teaming-toolkit-collection)
- [多云安全审核工具](https://github.com/nccgroup/ScoutSuite)
- [HomePWN](https://github.com/ElevenPaths/HomePWN)
\`用于物联网设备渗透测试工具\`
- [PlaystoreDownloader](https://github.com/ClaudiuGeorgiu/PlaystoreDownloader)
\`下载google商城apk软件\`
- [使用Kon-Boot绕过Windows身份验证](使用Kon-Boot绕过Windows身份验证https://www.youtube.com/watch?v=iBBPErhyqzw)
- [PowerShell脚本免杀/bypass/绕过杀毒软件](https://www.uedbox.com/post/65220/)
- [Voyager](https://github.com/ody5sey/Voyager)
\`一个安全工具集合平台,用来提高乙方安全人员的工作效率\`
- [Http异步反向Shell](https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell)
- [红队PowerShell脚本:RedRabbit](https://www.uedbox.com/post/65289/)
- [蓝队Powershell脚本:Bluechecker](https://www.uedbox.com/post/65291/)
- [AVWS 13 Docker版本](https://bacde.me/post/avws-13-docker-cracked/)
- [MSSQL的SQL注入脚本](https://github.com/Keramas/mssqli-duet)
- [mssqlproxy](https://github.com/blackarrowsec/mssqlproxy)
\`sqlserver代理、执行工具\`
- [Weblogic环境搭建工具](https://github.com/QAX-A-Team/WeblogicEnvironment)
- [默认密码在线查询网站](https://mp.weixin.qq.com/s/diCsSpVCW8SbmKzZFXD6BQ)
- [assetnote子域名监控](https://github.com/tdr130/assetnote)
\`国外挖Hackone工具\`
- [AJE-Windows渗透环境](https://www.secpulse.com/archives/128323.html)
\`Windows虚拟机,需要提取\`
- [jsEncrypter](https://github.com/c0ny1/jsEncrypter)
\`Burpsuite爆破后台存在密码加密\`
- [sshprank](https://github.com/noptrix/sshprank)
\`SSH爆破+masscan\`
- [mobexler.com](https://mobexler.com/)
\`移动安全-渗透虚拟机\`
- [Neo-reGeorg](https://github.com/L-codes/Neo-reGeorg)
\`重构了reGeorg的项目\`
- [被动式web扫描器](https://github.com/guimaizi/testing_wave)
- [axiom](https://github.com/pry0cc/axiom)
\`云上黑客工具包\`
- [QuasarRAT](https://github.com/quasar/QuasarRAT/)
\`C#远控\`
- [ligolo](https://github.com/sysdream/ligolo)
\`代理工具,Reverse Tunneling\`
- [CVE-2020-0688](https://github.com/zcgonvh/CVE-2020-0688)
\`Microsoft Exchange默认的MachineKeySection反序列化漏洞\`
- [站点批量截图](https://github.com/TheKingOfDuck/domain_screen)
\`将所有子域名进行截图。\`
- [frsocks+protoplex](https://mp.weixin.qq.com/s/3dvBMyRyjnmS_ITc6a6ABw)
\`流量重定向实现端口复用\`
- [LangNetworkTopologys](https://github.com/LangziFun/LangNetworkTopologys)
\`内网扫描-python\`
- [谷歌海啸漏洞扫描器](https://github.com/google/tsunami-security-scanner)
- [xray](https://github.com/chaitin/xray/releases)
- [taoman](https://github.com/LandGrey/taoman)
\`基于网络查询的快速子域名收集工具\`
- [pystinger](https://github.com/FunnyWolf/pystinger)
\`bypass firewall by webshell 一款使用webshell进行流量转发的出网工具\`
- [Weblogic 漏洞批量扫描工具](https://github.com/tangxiaofeng7/Weblogic-scan/releases)
- [Pwdb-Public](https://github.com/FlameOfIgnis/Pwdb-Public)
- [SharpHose –异步密码喷涂工具](https://www.darknet.org.uk/2020/07/sharphose-asynchronous-password-spraying-tool/)
- [shiroPoc 不需要dnslog gadget的探测方式](https://github.com/potats0/shiroPoc)
- [ShiroExploit](https://github.com/feihong-cs/ShiroExploit)
- [ksubdomain 无状态域名爆破工具](https://paper.seebug.org/1325/)
- [AoiAWD](https://github.com/DasSecurity-Labs/AoiAWD)
\`AoiAWD-专为比赛设计,便携性好,低权限运行的EDR系统。\`
- [CVE-2020-1472: Zerologon](https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472)
\`获取域控权限\`
- [IoT-vulhub](https://github.com/firmianay/IoT-vulhub)
\`IoT漏洞环境\`
- [RDP、Web截图工具](https://github.com/hackvertor/hackvertor)
- [获取APK中的URL](https://github.com/ndelphit/apkurlgrep)
- [蜜罐综合指南](http://blog.csdn.net/cnbird2008/)
\`大概蜜罐类型,算是一个简介\`
- [gping](https://github.com/orf/gping)
\`带有图形的ping\`
- [渗透Webpack等站点,从此更加优雅](https://data.hackinn.com/ppt/2020HACKINGDAY%E6%9D%AD%E5%B7%9E%E7%AB%99/%E6%B8%97%E9%80%8FWebpack%E7%AD%89%E7%AB%99%E7%82%B9%EF%BC%8C%E4%BB%8E%E6%AD%A4%E6%9B%B4%E5%8A%A0%E4%BC%98%E9%9B%85.pdf)
- [Packer-Fuzzer](https://github.com/rtcatc/Packer-Fuzzer)
\`提取JS信息\`
- [SSH密码表 2020](http://home.daviel.org/sshpwd/ssh-failed-passwd.20201108.html)
- [JSON Fuzzer](https://gitlab.com/michenriksen/jdam)
\`用于JSON Fuzz,目前支持检测SQL流入、命令、LDAP、NoSQL、格式字符串汷,文件包含整数、整数益出\`
- [Burpsuite-JQ](https://github.com/synacktiv/burp-jq)
\`BurpSuite插件\`
- [randomua](https://blog.raw.pm/en/randomua/)
\`随机User-Agent,浏览器、手机、邮件、云客户端,可配合多个安全工具使用\`
- [EHole](https://github.com/ShiHuang-ESec/EHole)
\`红队重点攻击系统指纹探测工具\`
## 企业安全
- [【SDL最初实践】开篇](https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247484219&idx=1&sn=6ff469339838922b9010463eca27dce1&scene=21#wechat_redirect)
\`关于SDL知识\`
- [应急检查列表](https://github.com/theLSA/emergency-response-checklist)
- [2019安全工作之总结实践](https://www.jgeek.cn/archive/id/34.html)
\`讲述自己从0到1的学习过程,与遇到的问题,关注的点。\`
- [Python RASP 工程化:一次入侵的思考](https://mp.weixin.qq.com/s/icWaHsC6dzlclxfLhvQjYA)
- [我所认知的甲方信息安全建设经验](https://mp.weixin.qq.com/s/0Uu_os9MB5ZHnowlWkYbEA)
- [红蓝对抗中的溯源反制实战](https://mp.weixin.qq.com/s/Dswz7lxNpW5yLxmWKtqY6Q)
- [浅谈华为SDL软件安全工程能力](https://mp.weixin.qq.com/s/i1N80qN14hGslRnrIV8mjg)
## 云安全
- [云原生之容器安全实践](https://www.freebuf.com/articles/others-articles/228615.html)
- [牧云(CloudWalker)](https://www.aqniu.com/vendor/64930.html)
- [通过API密钥获得AWS控制台访问权限](https://blog.netspi.com/gaining-aws-console-access-via-api-keys/)
- [使用不安全的主机路径卷的Kubernetes命名空间突破-第1部分](https://blog.appsecco.com/kubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216)
- [远程黑客Docker](https://hackarandas.com/blog/2020/03/17/hacking-docker-remotely/)
\`docker漏洞环境\`
- [Kubernetes攻击矩阵](https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/)
- [Appsecco有关攻击和审核Dockers容器和Kubernetes集群的培训课程内容](https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes-clusters)
- [AWS云渗透测试用例](https://syhack.wordpress.com/2020/04/10/aws-cloud-penetration-testing-test-cases/)
\`AWS渗透技巧\`
- [由Google Cloud Shell容器逃逸 开启的漏洞挖掘之旅](http://blog.nsfocus.net/google-cloud-shell-0427/)
- [【云安全】安全告警检测项](https://help.aliyun.com/document_detail/191144.html#title-jiw-7i0-0mu)
- [防御和检测Azure中的攻击](https://posts.specterops.io/detecting-attacks-within-azure-bdc40f8c0766)
- [所以您想学习Azure安全性?](https://michaelhowardsecure.blog/2020/02/14/so-you-want-to-learn-azure-security/)
- [breaking-and-pwning-apps-and-servers-aws-azure-training](https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training/blob/master/documentation/aws-services-and-concepts-for-security/requirements-for-pentesting-aws-cloud-infra.md)
\`AWS、Azure入侵方式,了解云安全\`
- [CloudPentestCheatsheets](https://github.com/dafthack/CloudPentestCheatsheets)
\`云渗透备忘录\`
- [云安全评估学习路线](https://payatu.com/explore/cloud-security-service)
- [云上攻防:RED TEAMING FOR CLOUD](http://avfisher.win/archives/1175)
\`关于云安全渗透,但不够全面。\`
- [云安全工具](https://cloudberry.engineering/tool/)
- [云安全](https://cloudsecdocs.com/)
## WAF
- [随笔分类 - WAF\(Web Application Firewall\)](https://www.cnblogs.com/LittleHann/category/745292.html)
- [SQLChop、SQLWall\(Druid\)、PHP Syntax Parser Analysis](https://www.cnblogs.com/LittleHann/p/4788143.html)
- [Awesome-WAF readme - 绕过waf 手法指南](https://xz.aliyun.com/t/6422)
- [通过基于时间的侧信道攻击识别WAF规则](https://xz.aliyun.com/t/6175#toc-0)
- [sql注入fuzz bypass waf](https://xz.aliyun.com/t/2418)
- [绕过云WAF防护获取网站真实IP](https://xz.aliyun.com/t/1761)
- [WAF攻防研究之四个层次Bypass WAF](https://xz.aliyun.com/t/15#toc-0)
- [IPS BYPASS姿势](http://drops.leesec.com/#!/drops/425.IPS%20BYPASS%E5%A7%BF%E5%8A%BF)
- [全方位绕过软WAF攻略](https://www.freebuf.com/articles/network/150646.html)
- [Bypass WAF Cookbook](http://drops.leesec.com/#!/drops/699.Bypass%20WAF%20Cookbook)
- [我的WafBypass之道(SQL注入篇)](https://paper.seebug.org/218/)
- [SQL注入攻击语义引擎分析](https://www.zhihu.com/lives/1049024907098361856?deal_id=1226077692715896832)
- [SQL注入关联分析](http://drops.xmd5.com/static/drops/web-16972.html)
- [WAF建设运营及AI应用实践](https://mp.weixin.qq.com/s/fTm1hUfRmm6ujmjvSHRLUA)
- [如何编写Sqlmap的Tamper脚本?](https://payloads.online/archivers/2017-06-08/1)
\`看完就能直接写脚本,非常简单\`
- [sqlmap源码-请求参数的检验和解析\(一\)](https://www.t00ls.net/viewthread.php?tid=50336&highlight=sqlmap)
- [sqlmap源码分析](https://www.t00ls.net/viewthread.php?tid=41863&highlight=sqlmap)
- [sqlmap 源码分析(一)开始、参数解析](https://lorexxar.cn/2016/08/09/sqlmap-source1/)
- [SQLMAP源码分析Part1:流程篇](http://drops.xmd5.com/static/drops/tips-7301.html)
- [从sqlmap源码看如何自定义payload](https://www.anquanke.com/post/id/188173#h2-0)
- [Awesome-WAF readme - 绕过waf 手法指南](https://xz.aliyun.com/t/6422#toc-0)
- [sql注入fuzz bypass waf](https://xz.aliyun.com/t/2418)
- [Sqlmap Tamper 编写](https://y4er.com/post/sqlmap-tamper/)
## Linux
- [nftables 简明教程](https://www.hi-linux.com/posts/29206.html)
- [分享几个让 Linux 非 Root 用户运行的程序使用特权端口的技巧](https://www.hi-linux.com/posts/26613.html)
- [推荐一款无需安装,仅需 1 条指令,秒实现内网穿透的神器 Serveo](https://www.hi-linux.com/posts/56863.html)
- [shellcheck](https://github.com/koalaman/shellcheck)
\`检查Shell语法错误\`
- [解释你看不懂的命令](https://www.explainshell.com/)
- [巧用 SSLH 实现 HTTPS 和 SSH 共享同一端口](https://www.hi-linux.com/posts/26290.html)
- [终端程序轻松支持 SOCKS5 代理的神器 graftcp](https://www.hi-linux.com/posts/13318.html)
- [高性能代理服务器 Envoy 中文实战教程](https://www.hi-linux.com/posts/57326.html)
- [内网穿透神器 ZeroTier 使用教程](https://www.hi-linux.com/posts/33914.html)
- [远控免杀系列文章及配套工具](https://github.com/TideSec/BypassAntiVirus)
## 二进制
- [PWN学习指南](https://mp.weixin.qq.com/s/JovqFitTQj4M37su_lH--g)
- [Linux下对抗逆向分析的手段和方法](Linux下对抗逆向分析的手段和方法http://index-of.es/Miscellanous/LIVRES/anti-reverse-engineering-linux.pdf)
- [远控免杀专题\(70\)-终结篇](https://mp.weixin.qq.com/s/4shT8tP-Gu3XX7fnWKQHAA)
\`免杀所有手法和工具\`
- [深入浅出 ELF](https://paper.seebug.org/1289/)
- [逆向学习网站](https://malwareunicorn.org/#/workshops)
## Other
- [如何超过大多数人](https://coolshell.cn/articles/19464.html)
- [Android资源](https://blog.deesee.xyz/android/security/2020/01/13/android-resources.html)
- [基于挑战的hack-a-thons的集合](https://github.com/microsoft/WhatTheHack)
\`云安全、等计算机黑客挑战、黑客马拉松\`
- [信息安全技能表](https://infosecskillsmatrix.com/rolesskills)
- [信息安全行业的门槛有多高?安全行业个人职业发展规划建议(一)](https://mp.weixin.qq.com/s/C_28WKMMl55oFKlKUMsSSw)
- [信息安全行业的门槛有多高?安全行业个人职业发展规划建议(二)](https://mp.weixin.qq.com/s/s1AWKD4tM4IL8uBJrs-9BQ)
- [信息安全行业的门槛有多高?安全行业个人职业发展规划建议(三)](https://mp.weixin.qq.com/s/rLI4wOfzybUrSFh6U7d5ng)
- [AppSec 2020年加州](https://www.youtube.com/playlist?list=PLhaoFbw_ejdo-4nSeRKNH1pRhdfsn3CI7)
\`主题范围从Web安全到云,Kubernetes,凭据填充,DevSecOps,汽车黑客等等。\`
- [【应急响应】一文了解应急响应中常用的日志收集方法](https://mp.weixin.qq.com/s/ZY3gqly-z-L8XFW9ML5aow)
- [如何提高写作技能](https://zh.wikihow.com/%E6%8F%90%E9%AB%98%E5%86%99%E4%BD%9C%E6%8A%80%E8%83%BD)
- [技术人如何更好地把控发展趋势?](https://cloud.tencent.com/developer/article/1596054)
- [讨论网络安全测试工具的发展](https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA)
- [如何以初学者角度写好一篇国际学术论文?](https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g)
\`写文章可以参考的格式\`
- [黑产研究之秒拨IP](https://mp.weixin.qq.com/s/XL6XO-FBHq37H1h-iMwV4w)
- [零信任架构实战系列:如何选择零信任架构](https://mp.weixin.qq.com/s/JkzkCaIjT-jWyQEp-I5muw)
- [精选的CTF挑战设计资源列表](https://github.com/kareniel/awesome-ctf-challenge-design)
- [体系化的WAF安全运营实践](https://mp.weixin.qq.com/s/BiH23k7xAeuwb5wwaOEKVw)
- [流量分析在安全攻防上的探索实践](https://mp.weixin.qq.com/s/xz9v7cxQiGdsCUWbl5Lp1A)
- [已知邮箱,求手机号码?](https://mp.weixin.qq.com/s/XvMruURNVWBkEwxvnPSW1g)
- [技术人的修炼之道:从业余到专业](https://mp.weixin.qq.com/s/gBgFyy4MMrF5vn-8NGEVQw)
- [谈谈技术人的发展生存之道](https://www.hi-linux.com/posts/1788.html)
- [Google 技术文档写作课](https://developers.google.com/tech-writing/one)
- [初学者漏洞赏金猎人资源](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters)
\`Web安全教程\`
- [所有APT组织报告](https://www.watcherlab.com/index/apt)
\`整理好了非常全面APT组织报告\`
- [攻防演习 | 红军的反击](https://mp.weixin.qq.com/s/WrQa0XoBSak3HM1l650HEg)
- [DLL劫持+重新制作安装包在钓鱼与反钓鱼的利用](https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247484016&idx=1&sn=c4cd2db916f27a91fd179dbad78dd675&scene=21#wechat_redirect)
\`利用深信服VPN客户端来做木马\`
- [HW防守|溯源反制攻击方的服务器](https://mp.weixin.qq.com/s?__biz=MzA4NzUwMzc3NQ==&mid=2247485074&idx=1&sn=d333e5dbeeafdfdf46aa074f2b9cec3b&scene=21#wechat_redirect)
- [信息安全从业者书单推荐](https://mp.weixin.qq.com/s/pYburZsmJsALbXIVr1bOJQ)
- [2020年中国网络安全产业统计报告](http://www.dwcon.cn/upload/2020%E5%B9%B4%E4%B8%AD%E5%9B%BD%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E4%BA%A7%E4%B8%9A%E7%BB%9F%E8%AE%A1%E6%8A%A5%E5%91%8A.pdf)
- [信息安全之路入坑指南](https://security.tencent.com/index.php/blog/msg/155)
- [假CVE-2020-1350](https://blog.zsec.uk/cve-2020-1350-research/)
\`外国佬制作了一个假的POC在传播,很多人没看代码就中招了,好在不是恶意病毒,用于威胁情报收集\`
\`这种事情应该反思一下,包括国外的Twitter各部门的应急负责人也转载了POC,这就是在当下跟风,转载了后好像自己关注了前沿技术???\`
- [谷歌学术指标2020年(计算机安全及加密)](https://mp.weixin.qq.com/s/hfUCDdMz2yAfR6NM7oqG-Q)
- [网络靶场能力指南](https://mp.weixin.qq.com/s/7HAorX_VurhxXI9OT6sILA)
\`目前网络网络靶场现状\`
- [加密网络流量测量和分析](https://www.inforsec.org/wp/wp-content/uploads/2020/07/cg-2.pdf)
- [构建基于攻防实效的安全体系,有效解决通报问题](https://mp.weixin.qq.com/s/75qiSkXkzP5CJ2pA_8tTyQ)
- [使用 ZoomEye 寻找 APT 攻击的蛛丝马迹](https://blog.knownsec.com/2020/07/%E4%BD%BF%E7%94%A8-zoomeye-%E5%AF%BB%E6%89%BE-apt-%E6%94%BB%E5%87%BB%E7%9A%84%E8%9B%9B%E4%B8%9D%E9%A9%AC%E8%BF%B9/)
- [APT GROUP系列——DARKHOTEL之诱饵投递篇](http://blog.nsfocus.net/darkhotel-1-0729/)
- [关于检测web蜜罐利用jsonp获取信息的一些想法](https://xz.aliyun.com/t/8111)
\`通过chrome插件来防止,其实用虚拟机不没有这么多问题了\`
- [信息安全研究体系](https://mp.weixin.qq.com/s/WeBXUyP3-gbzrRrHmPyY9w)
- [技术人员发展四阶段](https://mp.weixin.qq.com/s/-bAFEmstpDTzI6EfYwzffA)
\`技术输出、经验输出、思路输出、决策输出\`
- [网络安全职业道路](https://www.cyberseek.org/pathway.html)
\`美国网络安全人才职业路线\`
- [蓝队培训BT3](https://www.bt3.no/)
- [知名网络空间普查与网络测绘组织研究报告 第一期-组织名录篇](http://plcscan.org/blog/2020/04/research-report-of-renowned-internet-census-organization-1/)
- [HTTPS 详解一:附带最精美详尽的 HTTPS 原理图](https://segmentfault.com/a/1190000021494676)
- [QQ群关系可视化3D查询搭建](https://www.cnblogs.com/backlion/)
- [Adversary Simulation and Red Team Tactics](https://www.mdsec.co.uk/training/adversary-simulation-red-team-tactics/)
- [美国网络安全 | 将风险评估结果映射到ATT&CK框架](https://mp.weixin.qq.com/s/DZF4HwX4xuedpqoAFyhw5w)
- [资料库-包含各种漏洞信息](https://wiki.bylibrary.cn/)
- [软件源码安全攻防之道(上)](https://mp.weixin.qq.com/s/jb3VQyK3U6BQS0-0ad0K_w)
- [软件源码安全攻防之道(中)](https://mp.weixin.qq.com/s/8L7c6WOtF5nmcmPnuFubfA)
- [软件源码安全攻防之道(下)](https://mp.weixin.qq.com/s/7HAVA0DgtxlCnD21aiq_mQ)
- [认识 WebAuthn](http://rui0.cn/archives/1543)
- [Hacking All The Cars - Tesla 远程API分析与利用(上)](https://www.anquanke.com/post/id/218396)
- [Hacking All The Cars - Tesla 远程API分析与利用(下)](https://www.anquanke.com/post/id/220907)
- [安全学术研究趋势分析](https://mp.weixin.qq.com/s/UKBhg_tnYIPI6uzuPYn59A)
- [职业疲倦](https://www.youtube.com/watch?v=5H2-wvn0UbA)
- [职业倦怠的教训:如何保护自己和团队](https://blog.cobalt.io/lessons-on-burnout-how-to-protect-yourself-your-team-44f7f95526e1)
- [我看技术人的成长路径](https://mp.weixin.qq.com/s/m6NbHb9UUtiSOMPnKgId3g)