读原著笔记
文章平均质量分 80
花纵酒
这个作者很懒,什么都没留下…
展开
-
资源链接的备忘录
Win 镜像下载网站:TechBench by WZT (v4.1.1)IT eBooks - Free Download - New ReleasesFree Computer, Programming, Mathematics, Technical Books, Lecture Notes and TutorialsO'Reilly Media - Technology and Business TrainingFree Computer books Download | Online computer原创 2023-10-31 09:31:26 · 177 阅读 · 0 评论 -
常去的免费英文图书网站汇总(欢迎留言更新)
O'Reilly Media - Technology and Business TrainingGain technology and business knowledge and hone your skills with learning resources created and curated by O'Reilly's experts: live online training, video, books, our platform has content from 200+ of the wo原创 2022-03-15 11:36:51 · 793 阅读 · 0 评论 -
Data.Analysis.with.Python.and.PySpark:4 Analyzing tabular data with pyspark.sql
创建SparkSession对象以开始使用PySparkfrom pyspark.sql import SparkSessionimport pyspark.sql.functions as Fspark = SparkSession.builder.getOrCreate()PySpark如何表示表格数据?my_grocery_list = [["Banana", 2, 1.74],["Apple", 4, 2.04],["Carrot", 1, 1.09],["Cake",原创 2022-03-11 09:40:52 · 2775 阅读 · 0 评论 -
Data.Analysis.with.Python.and.PySpark:PySpark的第一个程序(2):Submitting andscaling your firstPySpark prog
Grouping records: Counting word frequenciesCounting word frequencies using groupby() and count()groups = words_nonull.groupby(col("word"))print(groups)# <pyspark.sql.group.GroupedData at 0x10ed23da0>results = words_nonull.groupby(col("word"原创 2022-03-10 12:16:49 · 2473 阅读 · 0 评论 -
Data.Analysis.with.Python.and.PySpark:PySpark的第一个程序
命令行输入:pyspark设置pyspark 启动时所使用的python版本参考:Data.Analysis.with.Python.and.PySpark:准备_lm19770429的专栏-CSDN博客The book focuses on Spark version 3.2How PySpark worksUnder the hood, it looks more like what’s on the right: you have some workbenches that some worker原创 2022-03-09 11:30:46 · 2720 阅读 · 0 评论 -
Data.Analysis.with.Python.and.PySpark:准备
The book focuses on Spark version 3.2How PySpark worksUnder the hood, it looks more like what’s on the right: you have some workbenches that some workers are assigned to. The workbenches are like the computers in our Spark cluster: there is a fixed a原创 2022-03-08 16:50:36 · 717 阅读 · 0 评论 -
Bug.Bounty.Bootcamp:Chapter 13: Server-Side Request Forgery
SSRF vulnerabilities occur when an attacker finds a way to send requests as atrusted server in the target’s network.By forging requests from trusted servers, an attacker can pivot into anorganization’s internal network and conduct all kinds of malicio.原创 2022-03-02 09:05:00 · 4269 阅读 · 0 评论 -
Bug.Bounty.Bootcamp:Chapter 9: Cross-Site Request Forgery
前提是可以获取到cookie,建议FIREFOX中添加cookie edit、hackbar等插件。通常找到有状态改变的web应用入口点,通过伪造请求,改变目标网站内容。一般浏览器通过设置SameSite=Strict或者SameSite=laxWhen the SameSite flag on a cookie is set to Strict, the client’s browser won’t send the cookie during cross-site requests...原创 2022-03-01 17:02:08 · 219 阅读 · 0 评论 -
Black.Hat.Python.2nd.Edition.2021.4:Chapter 2: Basic Networking Tools
Replacing Netcat:绝对可以运行,还发现了原著2处代码错误,已经改正,目前仅实现了-e参数其他参数类似import socketimport threadingimport argparseimport subprocessimport sysimport textwrapimport shlexdef execute(cmd): cmd = cmd.strip() if not cmd: return output = sub原创 2022-02-27 18:03:42 · 741 阅读 · 0 评论 -
Bug.Bounty.Bootcamp:Chapter 6: Cross-Site Scripting
For instance, a script that sets the location of a web page will make thebrowser redirect to the location specified:<script>location="http://attacker.com";</script>原创 2022-02-23 16:25:48 · 3225 阅读 · 0 评论 -
Bug.Bounty.Bootcamp:(2)值得看的一本书
Chapter 5: Web Hacking Reconnaissance在Google Dorking,有关于google搜索方法的详细介绍。(有机会研究)Scope Discovery$ whois facebook.com$ nslookup facebook.comCertificate Parsing推荐地址crt.sh,在线查询https://crt.sh/?q=facebook.com&output=json....原创 2022-02-21 12:19:48 · 429 阅读 · 0 评论 -
Bug.Bounty.Bootcamp:(1)
Writing a Good Report Step 1: Craft a Descriptive Title Step 2: Provide a Clear Summary Step 3: Include a Severity Assessment Step 4: Give Clear Steps to Reproduce Step 5: Provide a Proof of Concept (it’s helpful to include a vi..原创 2022-02-20 15:08:43 · 416 阅读 · 0 评论 -
Practical.Linux.Forensics:EVIDENCE FROM STORAGE DEVICES AND FILESYSTEMS
存储布局和卷管理分析Common partition schemes include:DOS/MBR (original PC partition scheme) GPT BSD Sun (vtoc) APM (Apple Partition Map) None (the absence of a partition scheme where filesystems start at sector zero)原创 2022-02-20 00:06:24 · 598 阅读 · 0 评论 -
GO H*CK YOURSELF:新知识点的记录(3)
WEB HACKING练习靶场地址:https://nostarch.com/go-hck-yourself/https://nostarch.com/go-hck-yourself/原创 2022-02-17 19:40:45 · 394 阅读 · 0 评论 -
GO H*CK YOURSELF:新知识点的记录(2)
STEALING AND CRACKING PASSWORDS首先批量创建一些用户:C:\WINDOWS\system32> net user ana Password1 /addC:\WINDOWS\system32> net user ben P@$$w0rd! /addC:\WINDOWS\system32> net user carol CaptainMarvel /addC:\WINDOWS\system32> net user clark superman原创 2022-02-16 16:17:28 · 492 阅读 · 0 评论 -
GO H*CK YOURSELF:新知识点的记录(1)截至第6章
高级搜索技巧:For example, the operator ext: searches for specific file extensions, or the filename endings for different types of files. Examples include docx for Microsoft Word documents, txt for plaintext, pdf for PDF files, xlsx for Microsoft Excel spreadsh原创 2022-02-13 15:34:47 · 1665 阅读 · 0 评论 -
Ethical.Hacking.2021.10:PHISHING AND DEEPFAKES(2)
接:Ethical.Hacking.2021.10:PHISHING AND DEEPFAKES_lm19770429的专栏-CSDN博客Performing a DNS Lookup of a Mail Serverexam:dig mx gmail.coman SMTP server that accepts a connection on port 25.Use netcat on the Kali Linux virtual machine to connect to port 25 on th原创 2022-01-24 16:41:22 · 1286 阅读 · 0 评论 -
Ethical.Hacking.2021.10:BUILDING AND INSTALLING LINUX ROOTKITS
备份Kali写kernel module codeThat’s because the Linux kernel iswritten in C, so kernel modules must also be written in C. Secondly,we won’t be able to use the standard C libraries (such as unistd, stdio,and stdlib), because user space libraries are not.原创 2021-12-26 12:27:42 · 381 阅读 · 0 评论 -
Ethical.Hacking.2021.10:BUILDING TROJANS(2)
Creating a Windows TrojanWe’ll cover two methodsof hiding your implant: in a fun, open source implementation of the game Minesweeperby Humaeed Ahmed, and in a document using the Social Engineering Toolkit (more onthis in a moment).I’ve forked Ahme...原创 2021-12-26 11:07:39 · 3037 阅读 · 0 评论 -
Ethical.Hacking.2021.10:BUILDING TROJANS
回顾:metasploitframe 反射过程msfvenom生成代码命令Hiding an Implant in a Legitimate File原创 2021-12-24 12:13:41 · 2174 阅读 · 0 评论 -
Black.Hat.Python.2nd.Edition.2021.4:Setting Up Python 3
sudo apt-get upgrade python3sudo apt-get install python3-venvmkdir bhpcd bhppython3 -m venv venv3source venv3/bin/activate原创 2021-12-21 10:02:44 · 552 阅读 · 0 评论 -
Ethical.Hacking.2021.10:STEALING AND CRACKING PASSWORDS
Understanding HTTP RequestsUsing SQLMap与书中不一致,--sqlmap-shell已经不用了,改为--shell了,如下:sudo sqlmap -u "http://192.168.1.102/mutillidae/index.php?page=user-info.php&username=&password=&" --shell注意-u 后面的url要用“”括起来...原创 2021-12-20 15:16:41 · 439 阅读 · 0 评论 -
Ethical.Hacking.2021.10:FUZZING FOR ZERO-DAY VULNERABILITIES
This type of attack iscalled a buffer over-read, as we can read beyond the bounds of thedesignated memory buffer. Similarly, in a buffer overflow attack, ahacker uses a bug to write beyond the bounds of a designatedbuffer. Hackers often use buffer o...原创 2021-12-14 17:19:26 · 349 阅读 · 0 评论 -
Ethical.Hacking.2021.10:SCANNING TARGETS
For example, the National Telecommunicationsand Information Administration (NTIA) requires all .us domains topublish their contact information.kali@kali:~$ whois zoom.usMaltegoMaltego allows hackers and security researchers to discoverconnection...原创 2021-12-14 14:58:54 · 2975 阅读 · 0 评论 -
Ethical.Hacking.2021.10:PIVOTING AND PRIVILEGE ESCALATION(2)Extracting Password Hashes on Linux
Linux doesn’t store plaintextpasswords. Instead, it stores an HMAC-SHA256 hash of thepasswords in the file /etc/shadow.The permissions on the /etc/shadow/ file indicate that only theowner (root) and the group (shadow) can read the file, and that only...原创 2021-12-12 11:52:50 · 656 阅读 · 0 评论 -
Ethical.Hacking.2021.10:PIVOTING AND PRIVILEGE ESCALATION(1)
Pivoting(枢轴点;枢轴控件;轴门;锚点;转点) from a Dual-Homed Device术语:Because the firewall is connected to boththe public and private networks, we refer to the machine running thefirewall as a dual-homed device.Configuring a Dual-Homed DeviceWe will convert the M..原创 2021-12-12 10:31:29 · 240 阅读 · 0 评论 -
Ethical.Hacking.2021.10:PHISHING AND DEEPFAKES
Performing a DNS Lookup of a Mail Serverexam:dig mx gmail.coman SMTP server that accepts a connection on port 25.Use netcat on the Kali Linux virtual machine to connect to port 25 on that IP address by running the following command:原创 2021-12-09 19:42:06 · 2470 阅读 · 0 评论 -
Ethical.Hacking.2021.10:CRAFTING TCP SHELLS AND BOTNETS(2)
Botnets僵尸网络举例:The Mirai botnet was composed of a collection of Internet of Things (Io T) devices like cameras and home routers.Mirai僵尸网络由一系列物联网(Io T)设备组成,如照相机和家庭路由器。The Mirai botnet code is available on Git Hub athttps://github.com/jgamblin/Mirai-原创 2021-12-09 19:11:15 · 3453 阅读 · 0 评论 -
Ethical.Hacking.2021.10:CRAFTING TCP SHELLS AND BOTNETS(1)
How a file is converted into packets with sequence numbersBefore a file can be transmitted, it must be encapsulated into a packet. However, TCP packets have a maximum size of 64KB, so files larger than this are divided and placed into several TCP packe原创 2021-12-09 17:55:58 · 1308 阅读 · 0 评论 -
Ethical.Hacking.2021.10:ANALYZING CAPTURED TRAFFIC
Wireshark and TCPDump原创 2021-12-07 14:36:38 · 233 阅读 · 0 评论 -
Ethical.Hacking.2021.10:Performing an ARP Spoofing Attack
Start by running sudo -i to become a root user.升级一下包管理器:apt-get update安装:apt-get install dsniffThe dsniff tool contains several useful tools for intercepting network traffic, such as arpspoof, a tool that executes an ARP spoofing attack....原创 2021-12-06 17:58:20 · 1605 阅读 · 0 评论 -
Ethical.Hacking.2021.10:Virtual Lab Setup
网络拓扑结构Setting Up pf Sensehttps://www.pfsense.org/download/Choose the AMD64(64-bit) architecture, the DVD image (ISO) installer原创 2021-12-06 14:01:32 · 1341 阅读 · 0 评论 -
Practical.Linux.Forensics.2021.10系列:EVIDENCE FROM STORAGE DEVICES AND FILESYSTEMS
a list of known partition typesPartition types: List of partition identifiers for PCshttps://www.win.tue.nl/~aeb/partitions/partition_types-1.html原创 2021-12-05 15:39:31 · 276 阅读 · 0 评论 -
专家观点
张钹:人工智能技术已进入第三代三个原因:一个大数据、一个是计算能力、一个是算法。从目前的情况来看效果最好的事情还是这两件:图像识别、语音识别。人工智能能做的那三件事(语音识别、图像识别、围棋)是因为它满足了五个条件,就是说只要满足了这五个条件,计算机就能做好,只要有任何一个或者多个条件不满足,计算机做起来就困难了。第一个是必须具备充足的数据,充足不仅仅是说数量大,还要多样性,不能残缺等。第二个是确定性。第三个是最重要的,需要完全的信息,围棋就是完全信息博弈,牌类是不完全信息博弈,围棋原创 2020-11-30 10:22:55 · 85 阅读 · 0 评论 -
The Hundred-Page Machine Learning Book
Let’s start by telling the truth: machines don’t learn. What a typical “learning machine” does,is finding a mathematical formula, which, when applied to a collection of inputs (called“training data”), produces the desired outputs. This mathematical formu原创 2020-10-20 11:37:54 · 469 阅读 · 0 评论