- 博客(47)
- 资源 (2)
- 收藏
- 关注
原创 安全书籍购买
1.Web安全测试(已买)http://www.china-pub.com/50344&ref=browse#ml 2.网络安全HACKS(第二版)(已买)http://www.china-pub.com/50273&ref=browse#ml 3.网络安全技术与解决方案(修订版)(已买)http://www.china-pub.com/196267#ml 4.
2010-03-31 17:14:00 1149
转载 Cisco交换机DHCP Snooping功能
Cisco交换机DHCP Snooping功能一、采用DHCP服务的常见问题 架设DHCP服务器可以为客户端自动分配IP地址、掩码、默认网关、DNS服务器等网络参数,简化了 网络配置,提高了管理效率。但在DHCP服务的管理上存在一些问题 常见的有: ·DHCP Server的冒充
2010-03-31 15:49:00 3467
转载 Medium security hole in Varnish reverse proxy
Hi,Ive identified a couple of security flaws affecting the Varnish reverse proxy which may allow privilege escalation. These issues were reported by email to the vendor but he feels that it is a conf
2010-03-30 15:27:00 1626
转载 Scanning windows Deeper with nmap Scanning Engine
http://www.sans.org/reading_room/whitepapers/testing/scanning_windows_deeper_with_the_nmap_scanning_engine_33138
2010-03-30 13:19:00 607
转载 hacking oracle笔记
###author:hiphop### ###qq:70381908###为什么要关注 Oracle ?因为Oracle 被大量企业所使用,有许多目标可以选择来渗透许多企业都没有更新且有潜在的方险!提权非常简单,容易拿到shell!!读了blackhat paper 让我开始来研究Oracle因为他只讲到一小部份 真正安全问题还有很广的只是国内好像很少挖掘 因为遇到的环境不多 但是阿 Oracle
2010-03-17 22:45:00 1421
转载 sudo protection bypass exploit
#!/bin/sh## root shell exploit for postfix + sudo# tested on debian powerpc unstable## by Charles core Stevenson core@bokeoa.com># Put your password here if youre not in the sudoers filePASSWORD=
2010-03-17 22:42:00 843
原创 CISSP学习笔记之安全管理基础
1.安全管理基础概念 1.标识组织的所有信息资产 2.分析安全风险 3.定义安全的重要性,随时有警觉的心 4.对安全管理有实施的计划2. 安全所要具备的要素 1、CIA C 机密性 避免资产被未经过授权的人存取包括授权的和非授权的 A 可用性 及时而稳定的获取资源 I 完整性 避免未经授权的人做修改和经授权的人做未经允许的修改 3.IT安全需要 1.功能面(防火墙的功能就是过滤) 2.确保功能
2010-03-17 21:40:00 1455 2
转载 薪酬体系的制定
在我们身边经常听到以下的话题和牢骚: “小王啊听说你的工资又涨了?你在单位干的一不定很不错。” “这个月的奖金又没了,说不准下月就要被炒鱿鱼。” “你看看人家小吴,刚进公司没几天,工资就比咱们高。” “同一个部门,同一个职位,怎么小吴的薪资比我高,不是领导的偏心才怪”…… 现在我们考虑难道他们真的只是因为比别人少拿几十元钱而斤斤计较吗?我想不是,
2010-03-16 20:44:00 988
转载 Joomla's RFI Summary
#######################################################################/## _______ ____ ##___///## __ ___ / _____ / / __
2010-03-16 12:49:00 1925
转载 PHP in the user agent (attacking log analysis tools?)
Lately I started to see a few web-based attacks with a php script inside the user agent. Something like this: a.b.229.82 - - [19/Jan/2010:22:43:39 -0700] "GET /index.php?page=../../../../../../../..
2010-03-16 11:05:00 727
转载 The Importance of logging for web applications - Security talk
If you think that your logs are only useful when something crashes or when you need to troubleshoot errors on your web application, think again!At our Sucuri Labs, we have multiple online tools and we
2010-03-16 11:03:00 588
转载 Apache.org defaced - Security archive case study
May 5th, 2000. It was almost ten years ago that news came out. The web site for the most popular web server got defaced. Yes, Apache.org was hacked. The funny part is that the attackers were "nice" an
2010-03-16 10:54:00 784
原创 WEBLOGIC 10 server hardending
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/sitemap.html
2010-03-14 20:51:00 678
转载 Bypassing CSRF protections wich clickjacking and http parameter Pollution
This idea occurred to me a few weeks back when discussing the potential impact of ClickJacking attacks with Luca. Submitting forms using ClickJacking is hard work and is only successful in very rare s
2010-03-14 11:21:00 773
转载 CITRIX: Owning the Legitimate Backdoor
The other day I was performing some CITRIX poking, so I had a lot of fun with breaking GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well,
2010-03-14 11:16:00 1324
转载 ncpfs, Multiple Vulnerabilities
============================================ ncpfs, Multiple Vulnerabilities March 5, 2010 CVE-2010-0788, CVE-2010-0790, CVE-2010-0791==============================================Descript
2010-03-14 11:00:00 749
转载 Top 10 Hacks of 2009 and WAF Mitigations
Jeremiah Grossman gave his “2010: A Web Hacking Odyssey – The Top Ten Hacks of the Year” talk here at RSA this morning where he presented on the Top 10 Hacks list gathered from readers of his blog. In
2010-03-12 19:34:00 956
转载 WordPress Exploit Scanner
http://wordpress.org/extend/plugins/exploit-scanner/
2010-03-12 19:27:00 613
转载 IIS Web Server Security
With the sharp increase of hacking attacks over the last couple of years, and the introduction of a number of regulatory compliance guidelines to follow, web application security has become a key conc
2010-03-12 19:23:00 1081
转载 Java编译错误“No enclosing instance of type AA is accessible. Must qualify the allocation with an enclosing instance of type SimpleTh
这是因为AA是一个动态的内部类,创建这样的对象必须有实例与之对应,程序是在静态方法中直接调用动态内部类会报这样错误。 这样的错误好比类中的静态方法不能直接调用动态方法。可以把该内部类声明为static。或者不要在静态方法中调用。那么为啥非静态方法不能调用动态方法呢,从面向对象的角度来说,动态方法与对象是联系密切的,比如发动是一个方法,它与汽车这个对象是关联的,所以只有new了汽车这个对象才
2010-03-11 23:24:00 3585 1
原创 securitytube video update
http://www.securitytube.net/SSH-Gymnastics-using-ProxyChains-video.aspxhttp://www.securitytube.net/DNS-Tool-Showdown-(DNSMap,-Fierce-and-Dns_enum)-video.aspxhttp://www.securitytube.net/Open-Source
2010-03-10 20:06:00 1530
原创 IBM WebSphere解决方案
http://tech.it168.com/wec.shtmlhttp://baike.baidu.com/view/15038.htmhttp://www.ibm.com/developerworks/cn/websphere/
2010-03-09 23:04:00 571
转载 Apache Spamassassin Milter Plugin Remote Root Command Execution
Description: The Spamassassin Milter plugin suffers from a remote root command execution vulnerability. Full exploit details provided. Author: Kingcope
2010-03-09 21:38:00 562
原创 娱乐一刻
天天学习太累了放松下吧 1.楼主:我喜欢上了一个比我小6岁的女孩,还在上初中,真是造孽啊。暴强回复:把喜欢两字去掉才真是造孽。2:楼主:我把我家的狗给揍了!地震它也不告诉我,平时叫得那么欢,刚才地震时竟像没事似的在窝里睡觉!MOPPER们给评评理!回复:唉,杯具的狗狗~毕竟不是亲生的……3:楼主:老婆生了个女娃,非常可爱,求MOPPER帮爱女起个有气势的名字,鄙人姓成。回复:成鸡思
2010-03-09 19:18:00 658
原创 websphere 视频教程列表
http://www.webspherechina.net/club/tag-WebSphere%E8%A7%86%E9%A2%91.htmlhttp://so.youku.com/search_video/q_webspherehttp://webmeet.it168.com/20080321IBMWEBSPHERE/http://www.56.com/w15/album-aid-72496
2010-03-09 14:04:00 5868
转载 再探偏移注射
转自t00ls关于Union偏移注射这个东西,最早貌似是lake2大黑客提出来的,以前一直当他是鸡肋,没去关注过,直到昨天遇到一个mysql 4.1的点。表,列都猜出来了,就差数据。因为他的参数是按“,”分割的,所以在注射的时候必须避开逗号,这样一来普通的union就用不成了,想暴力猜解也不行,因为substring也得用到逗号。无奈中想起join语句,偏移注射里面有一个很重要的技巧就是用jo
2010-03-08 21:56:00 918
转载 单点登录和企业目录
http://www.56cto.com/html/Safe/4/34302.htmlhttp://www.56cto.com/html/Safe/4/34312.html
2010-03-08 17:54:00 649
转载 mysql的比较运算
在menzhi007的blog里看到非常有意思的东西:http://hi.baidu.com/menzhi007/blog/item/c2e98551a18754848c54301c.html在mysql手册里:http://www.phpchina.com/manual/mysql/functions.html#comparison-operatorsMySQL按照以下规则进行数值比
2010-03-07 22:20:00 539
转载 Security Ressources Sites
Security Ressources SitesOperating systems architecturehttp://www.argus-systems.com/product/white_paper/pitbull/oss/ PitBull Foundation OS-Level Security http://www.argus-systems.com/product/white
2010-03-07 21:08:00 1118
转载 OpenLDAP学习笔记
http://www.ringkee.com/note/opensource/openldap.htmhttp://www.openldap.org/doc/admin24/
2010-03-06 14:58:00 465
转载 Using OpenLDAP with Microsoft SQL Server and Oracle Backend Databases
http://www.easysoft.com/applications/openldap/back-sql-odbc.html
2010-03-05 14:38:00 901
转载 点评Ubuntu下的文件安全删除工具
http://security.ctocio.com.cn/securitycomment/105/8706605.shtml【IT专家网独家】删除文件或者重新格式化磁盘并不会破坏敏感数据,即使被删除这些数据也可以恢复。彻底删除某些无用数据是好事,但是如果删除的是财务数据、银行帐号密码或者分类公司信息而无法彻底删除就很危险,本文将介绍一些能够在Linux Ubuntu操作系统中安全删除文件的工
2010-03-05 13:23:00 624
转载 ORA-00257: archiver error. Connect internal only, until freed 错误的处理方法
archive log 日志已满ORA-00257: archiver error. Connect internal only, until freed 错误的处理方法1. 用sys用户登录 sqlplus sys/pass@tt as sysdba2. 看看archiv log所在位置SQL> show parameter log_archive_dest;NAME
2010-03-05 02:28:00 742
转载 Deploying an Application to Weblogic using WLST
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/config_scripting/reference.html#wp1024285http://www.tek-tips.com/viewthread.cfm?qid=1455558&page=2 I am just posting this here as hand
2010-03-04 22:22:00 1191
转载 渗透测试工具
http://blog.sina.com.cn/s/blog_5c13b78f0100ax09.html~type=v5_one&label=rela_prevarticle
2010-03-04 21:51:00 650
转载 Bacula® - The Open Source Network Backup Solution
http://www.bacula.org/en/
2010-03-04 17:45:00 533
转载 Implementing a Web Application Firewall using ModSecurity
http://www.securitytube.net/Implementing-a-Web-Application-Firewall-using-ModSecurity-video.aspx
2010-03-04 17:09:00 555
原创 weblogic 配置文件说明
weblogic.xmlhttp://download.oracle.com/docs/cd/E13222_01/wls/docs90/webapp/weblogic_xml.html web.xml http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs61/webapp/web_xml.html
2010-03-04 03:09:00 837
转载 linux install 命令
install 1.作用 install命令的作用是安装或升级软件或备份数据,它的使用权限是所有用户。 2.格式 (1)install [选项]... 来源 目的地 (2)install [选项]... 来源... 目录 (3)install -d [选项]... 目录... 在前两种格式中,会将复制至或将多个文件复制至已存在的,同时设定权限模式及所有者/所属组。在第三种格式中,会创建所有指定的目
2010-03-03 00:36:00 22267 1
原创 Solaris cluster和系统管理学习资料
http://docs.sun.com/app/docs/coll/1584.1?l=zh http://docs.sun.com/app/docs/coll/1180.4?l=zh&q=cluster
2010-03-02 14:40:00 516
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人