关闭

一些信息安全网站

1071人阅读 评论(0) 收藏 举报
Programming/Coding 
  [Bash] Advanced Bash-Scripting Guide – http://tldp.org/LDP/abs/html/ 
  [Bash] Bash shell scripting tutorial – http://steve-parker.org/sh/sh.shtml 
  [Bash] Bourne Shell Reference – http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/ 
  [CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby – http://hyperpolyglot.org/scripting 
  
Offensive Security’s Pentesting With BackTrack (PWB) Course 
  [Pre-course] Corelan Team – http://www.corelan.be 
  [Pre-course] The Penetration Testing Execution Standard – http://www.pentest-standard.org/index.php/Main_Page 
  [Hash] NTLM Decrypter – http://www.md5decrypter.co.uk/ntlm-decrypt.aspx 
  [Hash] reverse hash search and calculator – http://goog.li 
  
http://security.crudtastic.com/?p=213 
  
Tunnelling / Pivoting 
  [Linux] SSH gymnastics with proxychains – http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html 
  [Windows] Nessus Through SOCKS Through Meterpreter – http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php 
  
WarGames / Online Challenges 
  [WarGames] Title – http://securityoverride.com 
  [WarGames] Title – http://intruded.net 
  [Challenge] The Ksplice Pointer Challenge – http://blogs.oracle.com/ksplice/ 
  [WarGames] Title – http://spotthevuln.com 
  [WarGames] Title – http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html 
  [WarGames] Title – http://ftp.hackerdom.ru/ctf-images/ 
  
Exploit Development (Programs) 
  [Download] Title – http://www.oldapps.com/ 
  [Download] Title – http://www.oldversion.com/ 
  [Download] Title – http://www.exploit-db.com/webapps/ 
  
Misc 
  [RSS] Open Penetration Testing Bookmarks Collection – https://code.google.com/p/pentest-bookmarks/downloads/list 
  [ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses – http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html 
  [DIY] Repair a Broken Ethernet Plug – http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/ 
  [Desktop] Ubuntu Security – http://ubuntuforums.org/showthread.php?t=510812 
  [TechHumor] Title – https://www.xkcd.com 
  [TechHumor] Title – http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf  
  
Exploit Development 
  [Guides] Corelan Team – http://www.corelan.be 
  [Guide] From 0×90 to 0x4c454554, a journey into exploitation. – http://myne-us.blogspot.com/2010/08/from-0×90-to-0x4c454554-journey-into.html 
  [Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities –http://resources.infosecinstitute.com/intro-to-fuzzing/ 
  [Video] TiGa’s Video Tutorial Series on IDA Pro – http://www.woodmann.com/TiGa/idaseries.html 
  [Guide] Advanced Windows Buffer Overflows – http://labs.snort.org/awbo/ 
  [Guide] Stack Based Windows Buffer Overflow Tutorial – http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt 
  [Guide] SEH Stack Based Windows Buffer Overflow Tutorial – http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html 
  [Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation – http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html 
  [Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< – http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html 
  [Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump – http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html 
  [Linux] Linux exploit development part 1 – Stack overflow. – http://sickness.tor.hu/?p=363 
  [Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg – http://sickness.tor.hu/?p=365 
  [Linux] Linux exploit development part 3 – ret2libc – http://sickness.tor.hu/?p=368 
  [Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt – http://sickness.tor.hu/?p=378 
  [TechHumor] Title – https://www.youtube.com/watch?v=klXFqtYR5Mg 
  [TechHumor] Title – http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html 
  
Exploit Development (Case Studies/Walkthroughs) 
  [Web] Finding 0days in Web Applications – http://www.exploit-db.com/finding-0days-in-web-applications/ 
  [Windows] Offensive Security Exploit Weekend – http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/ 
  [Windows] From vulnerability to exploit under 5 min – http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html 
  
Exploit Development (Patch Analysis) 
  [Windows] A deeper look at ms11-058 – http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058 
  [Windows] Patch Analysis for MS11-058 – https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058 
  [Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability – http://j00ru.vexillium.org/?p=893 
  [Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities – https://www.net-security.org/article.php?id=1613 
  
Exploit Development (Metasploit Wishlist) 
  [ExplotDev] Metasploit Exploits Wishlist ! – http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html 
  [Guide] Porting Exploits To Metasploit Part 1 – http://www.securitytube.net/video/2118 
  
Passwords & Rainbow Tables (WPA) 
  [RSS] Title – http://ob-security.info/?p=475 
  [RSS] Title – http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/ 
  [RSS] Title – http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html 
  [WPA] Offensive Security: WPA Rainbow Tables – http://www.offensive-security.com/wpa-tables/ 
  [Tool] Ultra High Security Password Generator – https://www.grc.com/passwords.htm 
  [Guide] Creating effective dictionaries for password attacks – http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html 
  [Leaked] Diccionarios con Passwords de Sitios Expuestos – http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml 
  [Download] Index of / – http://svn.isdpodcast.com/wordlists/ 
  [Guide] Using Wikipedia as brute forcing dictionary – http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary 
  [Tool] CeWL – Custom Word List generator – http://www.digininja.org/projects/cewl.php 
  [Download] Title – http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists 
  [Leaked] Passwords – http://www.skullsecurity.org/wiki/index.php/Passwords 
  
Cheat-Sheets 
  [OS] A Sysadmin’s Unixersal Translator – http://bhami.com/rosetta.html 
  [WiFi] WirelessDefence.org’s Wireless Penetration Testing Framework –http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html 
  
Anti-Virus 
  [Metasploit] Facts and myths about antivirus evasion with Metasploit – http://schierlm.users.sourceforge.net/avevasion.html 
  [Terms] Methods of bypassing Anti-Virus (AV) Detection – NetCat – http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html 
  
Privilege Escalation 
  [Linux] Hacking Linux Part I: Privilege Escalation – http://www.dankalia.com/tutor/01005/0100501004.htm 
  [Windows] Windows 7 UAC whitelist – http://www.pretentiousname.com/misc/win7_uac_whitelist2.html 
  [Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges –http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/  
  
Metasploit 
  [Guide] fxsst.dll persistence: the evil fax machine – http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html 
  [Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec – http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/ 
  [Guides] Metasploit Unleashed – http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training 
  [Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 – http://www.securitytube.net/video/1175
  
Default Generators 
  [WEP] mac2wepkey – Huawei default WEP generator – http://websec.ca/blog/view/mac2wepkey_huawei 
  [WEP] Generator: Attacking SKY default router password –http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password 
  
Statistics 
  [Defacements] Zone-H – http://www.zone-h.org 
  [ExploitKits] CVE Exploit Kit list – http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm 
  
Cross Site Scripting (XSS) 
  [Guide] vbSEO – From XSS to Reverse PHP Shell – http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ 
  [RSS] Title – http://www.thespanner.co.uk/2009/03/25/xss-rays/  
  
Podcasts 
  [Weekly] PaulDotCom – http://pauldotcom.com/podcast/psw.xml 
  [Monthly] Social-Engineer – http://socialengineer.podbean.com/feed/ 
  
Blogs & RSS 
  [RSS] SecManiac – http://www.secmaniac.com 
  [Guides] Carnal0wnage & Attack Research – http://carnal0wnage.attackresearch.com 
  [RSS] Contagio – http://contagiodump.blogspot.com 
  [News] THN : The Hacker News – http://thehackernews.com 
  [News] Packet Storm: Full Disclosure Information Security – http://packetstormsecurity.org 
  [Guides] pentestmonkey | Taking the monkey work out of pentesting – http://pentestmonkey.net 
  [RSS] Darknet – The Darkside | Ethical Hacking, Penetration Testing & Computer Security – http://www.darknet.org.uk 
  [RSS] Irongeek – http://www.irongeek.com 
  [Metasploit] Room 363 – http://www.room362.com 
  [Guides] Question Defense: Technology Answers For Technology Questions – http://www.question-defense.com/ 
  [Guides] stratmofo’s blog – http://securityjuggernaut.blogspot.com 
  [Guides] TheInterW3bs – http://theinterw3bs.com 
  
[Guides] consolecowboys – http://console-cowboys.blogspot.com 
  [Guides] A day with Tape – http://adaywithtape.blogspot.com 
  [Guides] Cybexin’s Blog – Network Security Blog – http://cybexin.blogspot.com 
  
[RSS] BackTrack Linux – Penetration Testing Distribution – http://www.backtrack-linux.org/feed/ 
  [RSS] Offensive Security – http://www.offensive-security.com/blog/feed/ 
  
[RSS] Title – http://www.pentestit.com 
  [RSS] Title – http://michael-coates.blogspot.com 
  [RSS] Title – http://blog.0x0e.org 
  [RSS] Title – http://0×80.org/blog 
  [RSS] Title – http://archangelamael.shell.tor.hu 
  [RSS] Title – http://archangelamael.blogspot.com 
  [RSS] Title – http://www.coresec.org 
  [RSS] Title – http://noobys-journey.blogspot.com 
  [RSS] Title – http://www.get-root.com 
  [RSS] Title – http://www.kislaybhardwaj.com 
  [RSS] Title – https://community.rapid7.com/community/metasploit/blog 
  [RSS] Title – http://mimetus.blogspot.com 
  [RSS] Title – http://hashcrack.blogspot.com 
  [RSS] Title – https://rephraseit.wordpress.com 
  [RSS] Title – http://www.exploit-db.com 
  [RSS] Title – http:/skidspot.blogspot.com 
  [RSS] Title – http://grey-corner.blogspot.com 
  [RSS] Title – http://vishnuvalentino.com 
  [RSS] Title – http://ob-security.info 
  
…. Not enough? Try twitter and/or IRC! 
0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:64934次
    • 积分:808
    • 等级:
    • 排名:千里之外
    • 原创:12篇
    • 转载:15篇
    • 译文:0篇
    • 评论:2条
    最新评论