- 博客(41)
- 资源 (2)
- 收藏
- 关注
原创 测谎招数
(来源该剧 仅供娱乐) 1.撒谎者不像惯常理解的那样会回避对方的眼神,反而更需要用眼神交流来判断对方是否相信他说的话。 2.“你去过她家吗?”“不,我没有去过她家。”对问题的生硬重复是典型的撒谎。 3.男性摸鼻子代表想要掩饰某些真相。 4.手放在眉骨附近表示说话者很羞愧。 5.如果一个人按顺序描述了今晚他所做的事,让他倒叙一下,能否顺利地倒叙是判断对方是否说谎的标准之
2009-03-27 18:49:00 762
转载 Javascript的调试利器:Firebug使用详解
http://blog.csdn.net/tianxiaode/archive/2007/09/02/1769152.aspxFirebug入门指南http://www.ruanyifeng.com/blog/2008/06/firebug_tutorial.html
2009-03-24 12:58:00 760
原创 xss工具
http://huaidan.org/archives/769.htmlhttp://www.anqn.com/article/b/kuazhan/2008-04-10/a0994591.shtmlhttp://xss-proxy.sourceforge.net/Advanced_XSS_Control.txt
2009-03-24 12:28:00 1122
原创 Defcon Media Archives
http://www.defcon.org/html/links/defcon-media-archives.html
2009-03-23 22:36:00 597
原创 sqlinjectionfinder
http://www.codeplex.com/WSUS/Release/ProjectReleases.aspx?ReleaseId=13436
2009-03-23 22:18:00 612
原创 bill Ajax Security
http://www.youtube.com/watch?v=hKrvY42dw1A&eurl=http%3A%2F%2Fhuaidan%2Eorg%2Farchives%2F2259%2Ehtml&feature=player_embedded
2009-03-23 18:01:00 553
原创 javascript 变形工具集
http://ftp.andrew.cmu.edu/pub/mpack/http://www.cha88.cn/http://www.malwareguru.org/mediawiki/index.php/Collection_of_tools_for_javascript_encryption_%28javascript_packers%29http://www.yellowpipe
2009-03-23 17:54:00 614
原创 Browser Security Handbook
http://code.google.com/p/browsersec/wiki/Part1
2009-03-22 22:37:00 4790 2
原创 Using a hacked Wordpress site to pwn the web server
http://blog.banditdefense.com/2009/03/09/using-a-hacked-wordpress-site-to-pwn-the-web-server/
2009-03-22 18:52:00 608
原创 Video: Making money on the Web the black hat way
http://www.youtube.com/watch?v=SIMF8bp5-qg&eurl=http%3A%2F%2Fwww%2Enet%2Dsecurity%2Eorg%2Fsecworld%2Ephp%3Fid%3D7177&feature=player_embedded
2009-03-22 18:46:00 640
原创 epicwebhoneypot
http://sourceforge.net/projects/epicwebhoneypotThe Epic Web Honeypot Project aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have f
2009-03-22 16:12:00 561
原创 Video: The 15-Minute Network Pen Test
http://www.ethicalhacker.net/content/view/227/24/
2009-03-22 13:50:00 539
原创 MySpace worm explanation
Technical explanation of The MySpace WormAlso called the "Samy worm" or "JS.Spacehero worm" Click here to read the entertaining story of the development, release, and ensued hilarity of The MySpace
2009-03-21 22:48:00 1150
原创 Reverse proxy pen testing
http://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_ContentsThe following resources may be of interest:http://www.owasp.org/index.php/Testing_for_infrastructure_configuration_managemen
2009-03-21 22:32:00 810
原创 UCSniff
http://ucsniff.sourceforge.net/UCSniff is a VoIP/UC Sniffer / Assessment / Pentest tool with some useful new features, such as IP Video Sniffing. UCSniff is a Proof of Concept tool to demonstrate th
2009-03-21 22:31:00 942
原创 New Version of dnsmap out
http://www.gnucitizen.org/static/blog/2009/03/dnsmap-0222tar.gzOriginally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infr
2009-03-21 22:27:00 999
转载 MySpace Exploit found By Smokey & MX
Ok basically what this exploit does, it uses an active XSS vuln to automaticly post a buddy bulletin from whomever views your site. ExampleUser A visits our siteUser A has now sent out a Buddy Bulleti
2009-03-15 23:03:00 634
原创 Unlimited Rapidshare Downloads
Its very easy to fool Rapid Share server if your IP address is assigned by your ISP. Just follow these simple steps:clean up Firefox or IE cookie( In this case the one that belong to rapidshare websit
2009-03-15 23:01:00 621
原创 xss poc
Ajax Worm - Proof of Concept http://myappsecurity.blogspot.com/2006/12/ajax-worm-proof-of-concept.html Ajax Sniffer - Prrof of concept http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-pr
2009-03-15 19:51:00 778 1
原创 Advanced XSS exploitation with AJAX
http://forum.darkc0de.com/index.php?action=vthread&forum=19&topic=5178
2009-03-15 12:36:00 480
原创 XSS相关
https://developer.mozilla.org/En/HTTP_access_controlhttps://forum.eviloctal.com/thread-31011-1-13.htmlhttp://ha.ckers.org/xss.html
2009-03-12 21:03:00 507
转载 基于Sphinx+MySQL的千万级数据全文检索(搜索引擎)架构设计
http://blog.s135.com/post/360/http://www.sphinxsearch.com/wiki/doku.php?id=sphinx_chinese_tutorial官方wiki
2009-03-10 08:04:00 849
转载 将Firefox变成黑客工具的七个插件(已经更新)
1. Add N Edit Cookies 查看和修改本地的Cookie,Cookie欺骗必备。 下载:http://code.google.com/p/editcookie/downloads/list 2. User Agent Switcher 修改浏览器的User Agent,可以用来XSS。 下载:https://addons.mozilla.org/zh-CN/firefox/addo
2009-03-07 23:03:00 2635
原创 burp proxy
Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user t
2009-03-07 20:41:00 1259
原创 JavaScript语言参考手册
http://www.itlearner.com/code/js_ref/contents.htmDOM组件http://www.w3school.com.cn/htmldom/htmldom_reference.asphttp://www.tudou.com/playlist/id/1786477/javascripthttp://you.video.sina.com.cn/
2009-03-07 10:36:00 713
原创 ext2hide
ext2hide allows users and administrators to utilize the reserved space of the ext2/3 superblocks to store hidden data on their filesystems, rendering it inaccessible to any normal viewing, yet still r
2009-03-06 18:14:00 463
原创 PHP cURL 'safe mode' Security Bypass Vulnerability
The following proof-of-concept PHP code is available:var_dump(curl_exec(curl_init("file://safe_mode_bypass/x00".__FILE__)));
2009-03-06 11:54:00 614
转载 php5 特性漏洞
利用是PHP5,是因为_SERVER的变量不受引号的限制,即便是开启了转义漏洞出在User-Agent第二:insert into的多个数据插入文中构造的地方就是insert INTO {$db_prefix}sessions (hash,uid,groupid,ipaddress,agent,lastactivity) VALUES ($hash, ".$user[userid]
2009-03-05 22:18:00 828
转载 关于preg_replace函数的问题讲解
http://www.jb51.net/article/8676.htm请问下那此句语句的作用。给我解释一下其中的“?”,“e","i","s"符号分别是什么意思,和它们起到了什么作用。还有就是除了"/eis”外还有其他什么模式了吗? 如果有相关的学习资料可以给我吗?谢谢,各位的帮助!谢谢。 $post=preg_replace("//[html/](.+?)/[//html/]/eis","
2009-03-05 22:02:00 7716 2
原创 ajax视频教程
http://v.youku.com/v_show/id_XNzUxMTk0OTY=.htmlhttp://www.youku.com/playlist_show/id_1724562.htmlhttp://so.youku.com/search_playlist/q_ajax http://learning.artech.cn/20080621.mastering-javascrip
2009-03-05 12:12:00 1445
转载 WEB暴力破解--我用wvs fuzzer
http://huaidan.org/archives/1897.htmlhttp://www.governmentsecurity.org/SecurityHackingNews/Tutorial_on_how_to_test_for_Broken_Authentication_using_Acunetix_WVS_toolshttp://www.darknet.org.uk/2007/
2009-03-01 17:19:00 1803
转载 Dshield Web Honeypot
http://netsecurity.51cto.com/art/200902/111734.htm1) Dshield Web Honeypot:SQL注入、XSS、密码拆解等攻击手段是互联网网站经常面临的威胁,然而因为传统的IDS和防火墙并不能检查来自Web上的攻击数据,网站管理员很难及时发现攻击行动的存在,往往在黑客攻击成功乃至很长时间之后,才发现已经遭受攻击。Dshield是一个开源的
2009-03-01 17:14:00 768
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人