自定义博客皮肤VIP专享

*博客头图:

格式为PNG、JPG,宽度*高度大于1920*100像素,不超过2MB,主视觉建议放在右侧,请参照线上博客头图

请上传大于1920*100像素的图片!

博客底图:

图片格式为PNG、JPG,不超过1MB,可上下左右平铺至整个背景

栏目图:

图片格式为PNG、JPG,图片宽度*高度为300*38像素,不超过0.5MB

主标题颜色:

RGB颜色,例如:#AFAFAF

Hover:

RGB颜色,例如:#AFAFAF

副标题颜色:

RGB颜色,例如:#AFAFAF

自定义博客皮肤

-+

cnbird's blog

cnbird's blog

  • 博客(47)
  • 资源 (2)
  • 收藏
  • 关注

原创 安全书籍购买

1.Web安全测试(已买)http://www.china-pub.com/50344&ref=browse#ml 2.网络安全HACKS(第二版)(已买)http://www.china-pub.com/50273&ref=browse#ml 3.网络安全技术与解决方案(修订版)(已买)http://www.china-pub.com/196267#ml 4.

2010-03-31 17:14:00 1149

转载 Cisco交换机DHCP Snooping功能

Cisco交换机DHCP Snooping功能一、采用DHCP服务的常见问题                        架设DHCP服务器可以为客户端自动分配IP地址、掩码、默认网关、DNS服务器等网络参数,简化了            网络配置,提高了管理效率。但在DHCP服务的管理上存在一些问题            常见的有:            ·DHCP Server的冒充 

2010-03-31 15:49:00 3464

转载 Medium security hole in Varnish reverse proxy

Hi,Ive identified a couple of security flaws affecting the Varnish reverse proxy which may allow privilege escalation. These issues were reported by email to the vendor but he feels that it is a conf

2010-03-30 15:27:00 1625

转载 Scanning windows Deeper with nmap Scanning Engine

http://www.sans.org/reading_room/whitepapers/testing/scanning_windows_deeper_with_the_nmap_scanning_engine_33138

2010-03-30 13:19:00 606

转载 hacking oracle笔记

###author:hiphop### ###qq:70381908###为什么要关注 Oracle ?因为Oracle 被大量企业所使用,有许多目标可以选择来渗透许多企业都没有更新且有潜在的方险!提权非常简单,容易拿到shell!!读了blackhat paper 让我开始来研究Oracle因为他只讲到一小部份 真正安全问题还有很广的只是国内好像很少挖掘 因为遇到的环境不多 但是阿 Oracle

2010-03-17 22:45:00 1421

转载 sudo protection bypass exploit

#!/bin/sh## root shell exploit for postfix + sudo# tested on debian powerpc unstable## by Charles core Stevenson core@bokeoa.com># Put your password here if youre not in the sudoers filePASSWORD=

2010-03-17 22:42:00 843

原创 CISSP学习笔记之安全管理基础

1.安全管理基础概念 1.标识组织的所有信息资产 2.分析安全风险 3.定义安全的重要性,随时有警觉的心 4.对安全管理有实施的计划2. 安全所要具备的要素 1、CIA C 机密性 避免资产被未经过授权的人存取包括授权的和非授权的 A 可用性 及时而稳定的获取资源 I 完整性 避免未经授权的人做修改和经授权的人做未经允许的修改 3.IT安全需要 1.功能面(防火墙的功能就是过滤) 2.确保功能

2010-03-17 21:40:00 1455 2

转载 薪酬体系的制定

 在我们身边经常听到以下的话题和牢骚:    “小王啊听说你的工资又涨了?你在单位干的一不定很不错。”    “这个月的奖金又没了,说不准下月就要被炒鱿鱼。”    “你看看人家小吴,刚进公司没几天,工资就比咱们高。”    “同一个部门,同一个职位,怎么小吴的薪资比我高,不是领导的偏心才怪”……    现在我们考虑难道他们真的只是因为比别人少拿几十元钱而斤斤计较吗?我想不是,

2010-03-16 20:44:00 988

转载 Joomla's RFI Summary

#######################################################################/## _______ ____ ##___///## __ ___ / _____ / / __

2010-03-16 12:49:00 1922

转载 PHP in the user agent (attacking log analysis tools?)

Lately I started to see a few web-based attacks with a php script inside the user agent. Something like this: a.b.229.82 - - [19/Jan/2010:22:43:39 -0700] "GET /index.php?page=../../../../../../../..

2010-03-16 11:05:00 726

转载 The Importance of logging for web applications - Security talk

If you think that your logs are only useful when something crashes or when you need to troubleshoot errors on your web application, think again!At our Sucuri Labs, we have multiple online tools and we

2010-03-16 11:03:00 588

转载 Apache.org defaced - Security archive case study

May 5th, 2000. It was almost ten years ago that news came out. The web site for the most popular web server got defaced. Yes, Apache.org was hacked. The funny part is that the attackers were "nice" an

2010-03-16 10:54:00 783

原创 WEBLOGIC 10 server hardending

http://download.oracle.com/docs/cd/E12840_01/wls/docs103/sitemap.html

2010-03-14 20:51:00 677

转载 Bypassing CSRF protections wich clickjacking and http parameter Pollution

This idea occurred to me a few weeks back when discussing the potential impact of ClickJacking attacks with Luca. Submitting forms using ClickJacking is hard work and is only successful in very rare s

2010-03-14 11:21:00 772

转载 CITRIX: Owning the Legitimate Backdoor

The other day I was performing some CITRIX poking, so I had a lot of fun with breaking GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well,

2010-03-14 11:16:00 1324

转载 ncpfs, Multiple Vulnerabilities

============================================ ncpfs, Multiple Vulnerabilities March 5, 2010 CVE-2010-0788, CVE-2010-0790, CVE-2010-0791==============================================Descript

2010-03-14 11:00:00 749

转载 Top 10 Hacks of 2009 and WAF Mitigations

Jeremiah Grossman gave his “2010: A Web Hacking Odyssey – The Top Ten Hacks of the Year” talk here at RSA this morning where he presented on the Top 10 Hacks list gathered from readers of his blog. In

2010-03-12 19:34:00 955

转载 WordPress Exploit Scanner

http://wordpress.org/extend/plugins/exploit-scanner/

2010-03-12 19:27:00 613

转载 IIS Web Server Security

With the sharp increase of hacking attacks over the last couple of years, and the introduction of a number of regulatory compliance guidelines to follow, web application security has become a key conc

2010-03-12 19:23:00 1080

转载 Java编译错误“No enclosing instance of type AA is accessible. Must qualify the allocation with an enclosing instance of type SimpleTh

这是因为AA是一个动态的内部类,创建这样的对象必须有实例与之对应,程序是在静态方法中直接调用动态内部类会报这样错误。   这样的错误好比类中的静态方法不能直接调用动态方法。可以把该内部类声明为static。或者不要在静态方法中调用。那么为啥非静态方法不能调用动态方法呢,从面向对象的角度来说,动态方法与对象是联系密切的,比如发动是一个方法,它与汽车这个对象是关联的,所以只有new了汽车这个对象才

2010-03-11 23:24:00 3583 1

原创 securitytube video update

http://www.securitytube.net/SSH-Gymnastics-using-ProxyChains-video.aspxhttp://www.securitytube.net/DNS-Tool-Showdown-(DNSMap,-Fierce-and-Dns_enum)-video.aspxhttp://www.securitytube.net/Open-Source

2010-03-10 20:06:00 1529

原创 IBM WebSphere解决方案

http://tech.it168.com/wec.shtmlhttp://baike.baidu.com/view/15038.htmhttp://www.ibm.com/developerworks/cn/websphere/ 

2010-03-09 23:04:00 571

转载 Apache Spamassassin Milter Plugin Remote Root Command Execution

Description: The Spamassassin Milter plugin suffers from a remote root command execution vulnerability. Full exploit details provided. Author: Kingcope   

2010-03-09 21:38:00 562

原创 娱乐一刻

天天学习太累了放松下吧 1.楼主:我喜欢上了一个比我小6岁的女孩,还在上初中,真是造孽啊。暴强回复:把喜欢两字去掉才真是造孽。2:楼主:我把我家的狗给揍了!地震它也不告诉我,平时叫得那么欢,刚才地震时竟像没事似的在窝里睡觉!MOPPER们给评评理!回复:唉,杯具的狗狗~毕竟不是亲生的……3:楼主:老婆生了个女娃,非常可爱,求MOPPER帮爱女起个有气势的名字,鄙人姓成。回复:成鸡思

2010-03-09 19:18:00 658

原创 websphere 视频教程列表

http://www.webspherechina.net/club/tag-WebSphere%E8%A7%86%E9%A2%91.htmlhttp://so.youku.com/search_video/q_webspherehttp://webmeet.it168.com/20080321IBMWEBSPHERE/http://www.56.com/w15/album-aid-72496

2010-03-09 14:04:00 5868

转载 再探偏移注射

转自t00ls关于Union偏移注射这个东西,最早貌似是lake2大黑客提出来的,以前一直当他是鸡肋,没去关注过,直到昨天遇到一个mysql 4.1的点。表,列都猜出来了,就差数据。因为他的参数是按“,”分割的,所以在注射的时候必须避开逗号,这样一来普通的union就用不成了,想暴力猜解也不行,因为substring也得用到逗号。无奈中想起join语句,偏移注射里面有一个很重要的技巧就是用jo

2010-03-08 21:56:00 917

转载 单点登录和企业目录

http://www.56cto.com/html/Safe/4/34302.htmlhttp://www.56cto.com/html/Safe/4/34312.html

2010-03-08 17:54:00 649

转载 mysql的比较运算

在menzhi007的blog里看到非常有意思的东西:http://hi.baidu.com/menzhi007/blog/item/c2e98551a18754848c54301c.html在mysql手册里:http://www.phpchina.com/manual/mysql/functions.html#comparison-operatorsMySQL按照以下规则进行数值比

2010-03-07 22:20:00 539

转载 Security Ressources Sites

Security Ressources SitesOperating systems architecturehttp://www.argus-systems.com/product/white_paper/pitbull/oss/ PitBull Foundation OS-Level Security http://www.argus-systems.com/product/white

2010-03-07 21:08:00 1118

转载 OpenLDAP学习笔记

http://www.ringkee.com/note/opensource/openldap.htmhttp://www.openldap.org/doc/admin24/

2010-03-06 14:58:00 464

转载 Using OpenLDAP with Microsoft SQL Server and Oracle Backend Databases

http://www.easysoft.com/applications/openldap/back-sql-odbc.html

2010-03-05 14:38:00 901

转载 点评Ubuntu下的文件安全删除工具

http://security.ctocio.com.cn/securitycomment/105/8706605.shtml【IT专家网独家】删除文件或者重新格式化磁盘并不会破坏敏感数据,即使被删除这些数据也可以恢复。彻底删除某些无用数据是好事,但是如果删除的是财务数据、银行帐号密码或者分类公司信息而无法彻底删除就很危险,本文将介绍一些能够在Linux Ubuntu操作系统中安全删除文件的工

2010-03-05 13:23:00 624

转载 ORA-00257: archiver error. Connect internal only, until freed 错误的处理方法

archive log 日志已满ORA-00257: archiver error. Connect internal only, until freed 错误的处理方法1. 用sys用户登录  sqlplus sys/pass@tt as sysdba2. 看看archiv log所在位置SQL> show parameter log_archive_dest;NAME         

2010-03-05 02:28:00 742

转载 Deploying an Application to Weblogic using WLST

http://download.oracle.com/docs/cd/E12840_01/wls/docs103/config_scripting/reference.html#wp1024285http://www.tek-tips.com/viewthread.cfm?qid=1455558&page=2  I am just posting this here as hand

2010-03-04 22:22:00 1190

转载 渗透测试工具

http://blog.sina.com.cn/s/blog_5c13b78f0100ax09.html~type=v5_one&label=rela_prevarticle

2010-03-04 21:51:00 650

转载 Bacula® - The Open Source Network Backup Solution

http://www.bacula.org/en/

2010-03-04 17:45:00 533

转载 Implementing a Web Application Firewall using ModSecurity

http://www.securitytube.net/Implementing-a-Web-Application-Firewall-using-ModSecurity-video.aspx

2010-03-04 17:09:00 554

原创 weblogic 配置文件说明

weblogic.xmlhttp://download.oracle.com/docs/cd/E13222_01/wls/docs90/webapp/weblogic_xml.html  web.xml http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs61/webapp/web_xml.html

2010-03-04 03:09:00 836

转载 linux install 命令

install 1.作用 install命令的作用是安装或升级软件或备份数据,它的使用权限是所有用户。 2.格式 (1)install [选项]... 来源 目的地 (2)install [选项]... 来源... 目录 (3)install -d [选项]... 目录... 在前两种格式中,会将复制至或将多个文件复制至已存在的,同时设定权限模式及所有者/所属组。在第三种格式中,会创建所有指定的目

2010-03-03 00:36:00 22264 1

原创 Solaris cluster和系统管理学习资料

http://docs.sun.com/app/docs/coll/1584.1?l=zh http://docs.sun.com/app/docs/coll/1180.4?l=zh&q=cluster

2010-03-02 14:40:00 515

附件2 金融行业信息系统信息安全等级保护测评指南(报批稿)

附件2 金融行业信息系统信息安全等级保护测评指南(报批稿)

2013-06-21

ISO 27000中文系列

ISO 27000中文系列主要是包括iso 27001 ISO 27002实施指南 iso 27003风险评估指南

2010-07-04

空空如也

TA创建的收藏夹 TA关注的收藏夹

TA关注的人

提示
确定要删除当前文章?
取消 删除