- 博客(28)
- 资源 (2)
- 收藏
- 关注
转载 基于SAML的单点登录介绍
一、背景知识: SAML即安全断言标记语言,英文全称是Security Assertion Markup Language。它是一个基于XML的标准,用于在不同的安全域(security domain)之间交换认证和授权数据。在SAML标准定义了身份提供者(identity provider)和服务提供者(service provider),这两者构成了前面所说的不同的安全域。 SA
2013-12-29 08:31:10 3951
转载 amazon iam
http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html
2013-12-23 15:59:04 1029
原创 SAP Penetration Testing Using Metasploit Final
http://information.rapid7.com/rs/rapid7/images/SAP%20Penetration%20Testing%20Using%20Metasploit%20Final.pdf
2013-12-19 09:58:13 1164
转载 Integrated Penetration-Test Environment
http://www.faradaysec.com/buy.html#prettyPhoto
2013-12-18 11:30:55 773
转载 基于语法分析的PHP webshell扫描工具–Pecker Scanner
前段时间,在一位大牛的BLOG上看到其resume上撰写的开源项目列表琳琅满目,数不胜数。再跟自己对比一下,从来没有一个开源项目,没有成功的参加过一个开源项目,只是零星的贡献过几个所谓工具,脚本。顿时无地自容,同时也是羡慕不已,再暗自勉励鼓励自己,向这位大牛学习。也是在前段时间,遇到了一个正则的问题《为什么不能在字符组中使用反向引用》,使得我又跟着自己的思路,翻阅之前的博客,面包屑导航一般,跟着链
2013-12-18 10:59:49 3475
原创 PunkSCAN 1.2.x Deployment Guide
https://hyperiongray.atlassian.net/wiki/display/PUB/PunkSCAN+1.2.x+Deployment+Guide
2013-12-17 15:19:31 880
转载 bitsadmin 下载文件命令示例
1、bitsadmin /rawreturn /transfer getfile http://download.sysinternals.com/files/PSTools.zip c:\p.zip2、bitsadmin /rawreturn /transfer getpayload http://download.sysinternals.com/files/PSTools.zip c:\
2013-12-17 13:53:39 5682
原创 google maps api
https://developers.google.com/maps/documentation/javascript/tutorial#api_key
2013-12-17 10:55:39 996
转载 域渗透命令
RSoP(Result Strategy of Policy)----策略结果集 策略结果集有什么功能Gpresult 显示用户或计算机的组策略设置和策略的结果集 (RSOP)。gpupdate /force 强制刷新组策略 使用 “nltest /dsgetdc:域名”可以查看到所连接的域控的IP,名称以及所在站点信息。非常实用。但此命令有个致命的确定,必须要装有Suppor
2013-12-13 15:58:00 3017
转载 ASLR/DEP绕过技术概览
http://bbs.pediy.com/showthread.php?t=101217by WinsOn@Cybersword 在经典的栈溢出模型中,通过覆盖函数的返回地址来达到控制程序执行流程(EIP寄存器),通常将返回地址覆盖为0x7FFA4512,这个地址是一条JMP ESP指令,在函数返回时就会跳转到这个地址去执行,也就是执行JMP ESP,而此时ESP刚好指向我们在栈
2013-12-13 10:21:30 1510
转载 Bypassing Microsoft Windows ASLR with a little help by MS-Help
Exploiting vulnerabilities on Windows 7 is not as easy as it used to be on Windows XP. Writing an exploit to bypass ASLR and DEP on Windows 7 was still relatively easy if Java 6 was installed as it go
2013-12-13 09:59:31 1258
转载 exchange导出所有联系人
http://nodexl.codeplex.com/http://exchangespigot.codeplex.com/documentation
2013-12-12 15:58:14 6864
原创 waf度量标准
1. 有多少真实的攻击被阻断(TP)2. 有多少有效的请求允许通过(TN)3. 有多少有效的流量被不恰当的阻断(FP)4. 有多少攻击被允许通过(FN) 度量算法:tp/tp+fp(实际攻击阻断的请求百分比)tp/tp+fn(实际阻断攻击的百分比)tp+tn/tp+tn+fp+fn(选择是正确百分比)(WAF的选择和请求实际性之间的关联性)
2013-12-12 10:49:49 3072 1
转载 VIdeos: AppSecUSA 2013
http://www.youtube.com/playlist?list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU
2013-12-12 09:40:53 1486
转载 Tools: NOSQLMap - SQLMap for nosql database
What is NoSQLMap?NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web
2013-12-12 09:39:54 1310
原创 近期要购买的图书
线上幽灵http://product.china-pub.com/3768955#ml hadoop 2.0技术内幕http://product.china-pub.com/3768911
2013-12-11 10:08:19 858
转载 Zend-Framework - Full Info Disclosure
# Exploit Title : Zend-Framework Full Info Disclosure# Google Dork : inurl:/application/configs/application.ini# Date : 26/11/2013# Exploit Author : Ariel Orellana# Vendor Homepage : h
2013-12-07 13:45:25 762
转载 Zimbra 0day exploit / Privilegie escalation via LFI
# Exploit Title: Zimbra 0day exploit / Privilegie escalation via LFI# Date: 06 Dec 2013# Exploit Author: rubina119# Contact Email : rubina119[at]gmail.com# Vendor Homepage: http://www.
2013-12-07 13:41:54 1959
原创 Packetpig - Open Source Big Data Security Analytics
https://github.com/packetloop/packetpig
2013-12-04 10:41:28 998
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人