为了提高本博客原创率,将阅读过的,具有价值的好文章收藏之!不进行转载……
智能硬件安全
安全技术精粹:
https://paper.seebug.org/
物联网安全百科:
https://iot-security.wiki/
嵌入式Linux内核安全防御技术和挑战:
https://bbs.pediy.com/thread-212983.htm
嵌入式文件系统类型:
https://elinux.org/File_Systems#SquashFS
物联网设备的固件分析技术:
https://www.anquanke.com/post/id/85036
固件是怎么存储的:
https://bbs.pediy.com/thread-221091.htm
嵌入式BOOT Loader技术内幕:
https://www.ibm.com/developerworks/cn/linux/l-btloader/index.html
渗透低性能智能设备的关键技术-固件提取:
http://blog.nsfocus.net/firmware-extraction/
智能设备固件提取技术:
http://blog.nsfocus.net/uboot/
Binwalk:后门(固件)分析利器:
http://www.freebuf.com/sectool/15266.html
firmware-mod-kit工具安装和使用说明:
https://blog.csdn.net/caofengtao1314/article/details/81252047
Andorid安全
生成APPkey和APPSecret:
http://benvim.github.io/2015/11/17/php-appSecret/
SSL Pinning(证书强绑定)
http://www.droidsec.cn/ssl-pinning-practice/
使用Frida框架绕过SSL Pinning
http://www.droidsec.cn/frida-android-practice-ssl-unpinning/
深入挖掘APP克隆实验
https://www.freebuf.com/articles/terminal/161277.html
通过 WebView 攻击 Android 应用
https://zhuanlan.zhihu.com/p/28107901?group_id=873526580289376256
Janus高危漏洞深度分析
https://www.freebuf.com/articles/paper/158133.html
MAC上安装Android反编译环境(两篇需要结合,尤其是授权的地方):
https://github.com/nettitude/scrounger
https://blog.csdn.net/yanzi1225627/article/details/48215549
APP常见的漏洞挖掘技巧:
https://xuanxuanblingbling.github.io/ctf/android/2018/02/12/Android_app_part1/
Android知识技能必备:
https://www.kancloud.cn/alex_wsc/android/401651
app通用型拒绝服务漏洞分析报告
http://www.droidsec.cn/android-app通用型拒绝服务漏洞分析报告/
关于Monkey的一切都在这里(模拟鼠标点击)
https://segmentfault.com/a/1190000008491417
Android 取证
https://mp.weixin.qq.com/s/3T4GGvTLX0ybl03vSu3C5w
Android OLLVM反混淆实战
https://mp.weixin.qq.com/s/pJwDsyn70AAB0ENZ9y3WZg
某App加固保免费版分析
https://mp.weixin.qq.com/s/2V5fYaRcmXcGzqxiR67pvQ
如何脱掉"梆梆加固"的保护壳
https://mp.weixin.qq.com/s/vjEi8Yh0A5flK4tH0iQzhg
语法树
词法树/AST抽象语法树
https://juejin.im/post/5bff941e5188254e3b31b424
何为语法树
http://huang-jerryc.com/2016/03/15/何为语法树/
AST 抽象语法树
http://jartto.wang/2018/11/17/about-ast/
一口(很长的)气了解 babel
https://juejin.im/post/5c19c5e0e51d4502a232c1c6
分析树和语法树
https://www.cnblogs.com/xiaomiao/p/3146390.html
在线解析语法树
https://esprima.org/demo/parse.html#
代码审计
Java代码审计
http://blog.orleven.com/2018/01/17/code-audit-java/
http://blog.orleven.com/2018/02/13/code-audit-summary/
PHP代码审计
http://www.lmxspace.com/2018/05/03/php-unserialize-%E5%88%9D%E8%AF%86/
漏洞介绍/问题代码/修复代码
http://find-sec-bugs.github.io/bugs.htm
奇安信代码审计
https://zhuanlan.freebuf.com/column/index/?name=奇安信代码卫士
你真的会代码审计吗
https://zhuanlan.zhihu.com/p/22417081
python安全
python打造漏洞扫描器:
https://blog.csdn.net/oxuzhenyi/
漏洞扫描器锦集:
https://github.com/We5ter/Scanners-Box/
webshell扫描:
https://github.com/emposha/Shell-Detector
黑客常用的扫描器:
https://www.7ooc.cn/05/20/148.html
Lxml下载链接:
https://pypi.org/simple/lxml/
libxml2下载:
http://xmlsoft.org/sources/win32/64bit/
CentOS-7编译安装python3:
https://www.cnblogs.com/xiujin/p/11477419.html
Python开发
MAC下的python复杂环境搭建
MAC下卸载了Xcode之后安装python模块时报错
https://www.cnblogs.com/duanxingxing/p/8806523.html
CentOS下安装python3:
https://blog.csdn.net/qq659851998/article/details/80321315
https://blog.csdn.net/qq_41882072/article/details/81271819
没有发现pip模块:
https://blog.csdn.net/wwangfabei1989/article/details/80107147
pip版本的坑爹问题:
https://stackoverflow.com/questions/51283708/python-pip-package-requestsdependencywarning-when-installing-elastic-search-cura
python flask & celery
Flask详细教程
https://www.yiibai.com/flask/flask_application.html
requests教程:
http://docs.python-requests.org/zh_CN/latest/user/quickstart.html
flask的request属性:
https://blog.csdn.net/yannanxiu/article/details/53116652
flask的SQLALchemy教程:
https://www.jianshu.com/p/eea1c12c8d71
flask扩展系列教程:
http://www.bjhee.com/flask-ext1.html
在 Flask 中使用 Celery:
http://www.pythondoc.com/flask-celery/first.html
分布式任务队列 Celery 的使用:
https://juejin.im/entry/59104e2544d904007bf1798a
Celery 分布式任务队列:
一:https://www.jusene.me/2018/08/05/celery/
二:https://www.jusene.me/2018/08/17/celery-1/
Celery任务状态:
http://docs.celeryproject.org/en/latest/reference/celery.states.html
https://juejin.im/entry/586c918cac502e12d632ac09
https://www.jianshu.com/p/354979fd8638
Flask启动命令配置IP和端口:
https://www.cnblogs.com/qmfsun/p/6322128.html
其他开发技能
python 控制台输出的内容保存到txt 文件:
https://blog.csdn.net/u010158659/article/details/81671901
python将控制台输出保存至文件(方法3):
https://blog.csdn.net/u010158659/article/details/81671901
python字符串和列表的互相转换:
https://blog.csdn.net/roytao2/article/details/53433373
正则表达式匹配两个特殊字符中间的内容:
https://blog.csdn.net/QUAN_A/article/details/70861123
解决坑爹的json格式"u":
https://www.jianshu.com/p/90ecc5987a18
正则回溯灾难
https://cloud.tencent.com/developer/news/290396
https://blog.csdn.net/baidu_27487573/article/details/73065240
pocsuite3 写poc
https://blog.csdn.net/qq1124794084/article/details/89146819
pocsuite3 开发文档 及 PoC 编写规范及要求说明
https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md
在线应用
网站安全检测
https://myssl.com/
在线JSON解析(可判断json格式正确与否):
http://json.parser.online.fr/
googlePlay应用链接下载
https://www.moerats.com/archives/112/
在线代码比较
http://www.newjson.com/Static/Tools/Diff.html
Docker安全
Dockerescan使用:
http://blackwolfsec.cc/2017/05/27/docker-security/
Anchore的使用:
https://blog.csdn.net/liumiaocn/article/details/76732894
https://github.com/anchore/anchore
https://anchore.com/opensource/wiki/anchore/
Docker之镜像安全:
https://xdays.me/docker%E5%9F%BA%E7%A1%80%E6%95%99%E7%A8%8B%E4%B9%8B%E9%95%9C%E5%83%8F%E5%AE%89%E5%85%A8.html
删除Docker镜像:
https://yeasy.gitbooks.io/docker_practice/image/rm.html
http://yaxin-cn.github.io/Docker/how-to-delete-a-docker-image.html
Cannot connect to the Docker daemon at tcp://localhost:2375. Is the docker daemon running?
https://www.jianshu.com/p/7c0084fd9003
成功安装了docker-compose,但是一直提示command not found…
https://blog.csdn.net/u014229742/article/details/103314774
数据库
mysql数据库字符集和整理列表:
http://blog.sina.com.cn/s/blog_54eeb5d9010153ms.html
更新:sqlite3中的数据
http://www.runoob.com/sqlite/sqlite-update.html
mongo常用命令(这一篇比较好):
https://www.cnblogs.com/edgarli/p/3312824.html
redis和mySQL的区别:
Redis和MySQL的区别与使用
https://blog.csdn.net/D_R_L_T/article/details/81676999
Mysql,Mongodb,Redis对比
https://www.jianshu.com/p/ed055b73a527
MySQL、MongoDB、Redis 数据库之间的区别
https://yq.aliyun.com/articles/620297
Groovy和Grails
Grails命令简解:
http://www.voidcn.com/article/p-xeppldtn-beg.html
Groovy教程:
https://www.w3cschool.cn/groovy/
Groovy和Grails简介:
http://www.voidcn.com/article/p-wujerqle-mv.html
CentOS操作相关
使用Supervisor管理任务:
https://www.jianshu.com/p/c28f3914fa2d
https://blog.csdn.net/orangleliu/article/details/41317887
http://liyangliang.me/posts/2015/06/using-supervisor/
https://blog.csdn.net/qq_27754983/article/details/78782866
本地文件上传到Linux服务器的几种方法:
http://blog.51cto.com/superw/1943250
centos关闭防火墙和selinux
https://www.jianshu.com/p/d6414b5295b8
https://www.huangzz.xyz/centos-7-closes-iptables-and-selinux.html
centos安装mvn:
https://my.oschina.net/ghw/blog/1926141
解决CentOS7最小安装完成后没有网络:
https://blog.csdn.net/See_Star/article/details/123814221
Mac M1/M2 VMware Fusion 安装 Centos 7.9(ARM 64 版本)
https://blog.csdn.net/baidu_40468340/article/details/129066070
Centos7搭建samba服务:
https://blog.csdn.net/Xeon_CC/article/details/134618317
Yum无法安装的超全解决办法
(我在这里解决了yum修改源的问题)
https://blog.csdn.net/weixin_46059351/article/details/140649426
Git实践
Git 版本管理工具
Git 常用命令详解
Git 常用命令速查表
Git 操作实战示例
Git安装 + 多站点SSH Key配置
使用HTTP/HTTPS,记住用户名和密码
本地创建一个 git 仓库,并推送到远程仓库
删除git中缓存的用户名和密码
中间件
8分钟带你深入浅出搞懂Nginx
https://zhuanlan.zhihu.com/p/34943332
给小白的 Nginx 30分钟入门指南
https://zhuanlan.zhihu.com/p/33418520
网络编程(一):演进——从Apache到Nginx
https://zhuanlan.zhihu.com/p/20204159
Tomcat教程
http://www.yiidian.com/tomcat/
Tomcat 8 权威指南
http://www.phperz.com/article/15/0924/159323.html
Apache教程
https://www.yiibai.com/apache_http
Xpath漏洞
XML相关的安全漏洞-XXE,XPATH小结:https://www.cnblogs.com/sijidou/p/10497663.html
xpath注入详解:https://www.cnblogs.com/backlion/p/8554749.html
XPATH注入:https://www.cnblogs.com/wangtanzhi/p/13018953.html#autoid-0-7-0
XPath注入跟SQL注入差不多,只不过这里的数据库走的xml格式:http://www.bubuko.com/infodetail-1885111.html
其他
使用curl 命令模拟POST/GET请求:
https://blog.csdn.net/u012340794/article/details/71440604
主机不能访问虚拟机中的web服务【解决方案】
https://blog.csdn.net/sudazf/article/details/50551822
RSA原理:
一:http://www.ruanyifeng.com/blog/2013/06/rsa_algorithm_part_one.html
二:http://www.ruanyifeng.com/blog/2013/07/rsa_algorithm_part_two.html
ubuntu16.04网易云源
https://blog.csdn.net/sharpwg/article/details/54406283
go语言的安装与卸载
https://blog.csdn.net/zxs9999/article/details/78874807
.po文件与.mo文件的转换
https://blog.csdn.net/zhensoft163/article/details/6027700
https://www.cnblogs.com/linux-wang/p/9001368.html
彻底弄懂session,cookie,token:
https://segmentfault.com/a/1190000017831088
详解 Cookie,Session,Token:
https://juejin.im/post/5d01f82cf265da1b67210869
ESAPI学习笔记
https://www.cnblogs.com/fishou/p/4177491.html
安全服务之安全基线及加固(二)Linux篇
https://mp.weixin.qq.com/s/JFfqMY9kP7THhPdxT-U09Q
合规文档
https://www.waitalone.cn/category/corpsecurity/
ElasticSearch集群搭建:
https://blog.csdn.net/xtss999/article/details/106645457
https://www.cnblogs.com/tianyiliang/p/10291305.html
ELK搭建:
https://blog.csdn.net/yehongzhi1994/article/details/109459225
https://zhuanlan.zhihu.com/p/64742715