Skip to content

Commit

Permalink
更新11-20
Browse files Browse the repository at this point in the history
  • Loading branch information
@olist213
olist213 committed May 3, 2021
1 parent 46de8b4 commit fd7d232
Show file tree
Hide file tree
Showing 15 changed files with 244 additions and 0 deletions.
Binary file added 011Kali Linux渗透测试技术详解/Kali Linux渗透测试技术详解 PDF电子书 带书签目录.pdf
View file
Binary file not shown.
Binary file added 012Kali Linux渗透测试的艺术/Kali Linux渗透测试的艺术.pdf
View file
Binary file not shown.
Binary file added 013inclident-response-guide/inclident-response-guide.pdf
View file
Binary file not shown.
Binary file added 014hands-red-team-tactics/hands-red-team-tactics.docx
View file
Binary file not shown.
Binary file added 014hands-red-team-tactics/hands-red-team-tactics.pdf
View file
Binary file not shown.
Binary file added 015The_Red_Team_Guide/The_Red_Team_Guide_by_Peerlyst_community_da8swa.docx
View file
Binary file not shown.
Binary file added 015The_Red_Team_Guide/The_Red_Team_Guide_by_Peerlyst_community_da8swa.pdf
View file
Binary file not shown.
Binary file added 016实战攻防演习/实战攻防演习.pdf
View file
Binary file not shown.
Binary file added 017有趣的二进制:软件安全与逆向分析/有趣的二进制:软件安全与逆向分析.pdf
View file
Binary file not shown.
Binary file added 018基于树莓派的渗透测试/基于树莓派的渗透测试.pdf
View file
Binary file not shown.
244 changes: 244 additions & 0 deletions 019白帽子讲Web安全/《白帽子讲web安全》.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
��һƪ ����۰�ȫ
��1�� �ҵİ�ȫ����� 2
1.1 web��ȫ��ʷ 2
1.1.1 �й��ڿͼ�ʷ 2
1.1.2 �ڿͼ����ķ�չ���� 3
1.1.3 web��ȫ������ 5
1.2 ��ñ�ӣ���ñ�� 6
1.3 ��豹��棬���ذ�ȫ�ı��� 7
1.4 �Ƴ����ţ�û������ 9
1.5 ��ȫ��Ҫ�� 10
1.6 ���ʵʩ��ȫ���� 11
1.6.1 �ʲ��ȼ����� 12
1.6.2 ����� 13
1.6.3 ���շ��� 14
1.6.4 ��ư�ȫ���� 15
1.7 ��ñ�ӱ��� 16
1.7.1 secure by defaultԭ�� 16
1.7.2 �������ԭ�� 18
1.7.3 ������������ԭ�� 19
.1.7.4 ����Ԥ����ԭ�� 21
1.8 �� 22
������˭��Ϊ©���򵥣� 23
�ڶ�ƪ �ͻ��˽ű���ȫ
��2�� �������ȫ 26
2.1 ͬԴ���� 26
2.2 �����ɳ�� 30
2.3 ������ַ���� 33
2.4 ���ٷ�չ���������ȫ 36
2.5 �� 39
��3�� ��վ�ű�������xss�� 40
3.1 xss��� 40
3.2 xss�������� 43
3.2.1 ��̽xss payload 43
3.2.2 ǿ���xss payload 46
3.2.3 xss ����ƽ̨ 62
3.2.4 �ռ�������xss worm 64
3.2.5 ����javascript 73
3.2.6 xss���켼�� 76
3.2.7 �������mission impossible 82
3.2.8 ���ױ����ӵĽ��䣺flash xss 85
3.2.9 ��ĸ���������javascript������� 87
3.3 xss�ķ��� 89
3.3.1 ������ǧ�httponly 89
3.3.2 ������ 93
3.3.3 ������ 95
3.3.4 ��ȷ�ط���xss 99
3.3.5 �������ı� 102
3.3.6 ����dom based xss 103
3.3.7 �����Ƕȿ�xss�ķ��� 107
3.4 �� 107
��4�� ��վ������α�죨csrf�� 109
4.1 csrf��� 109
4.2 csrf���� 111
4.2.1 �������cookie���� 111
4.2.2 p3pͷ�ĸ����� 113
4.2.3 get? post? 116
4.2.4 flash csrf 118
4.2.5 csrf worm 119
4.3 csrf�ķ��� 120
4.3.1 ��֤�� 120
4.3.2 referer check 120
4.3.3 anti csrf token 121
4.4 �� 124
��5�� ����ٳ֣�clickjacking�� 125
5.1 ʲô�ǵ���ٳ� 125
5.2 flash����ٳ� 127
5.3 ͼƬ���ǹ��� 129
5.4 ��ק�ٳ���������ȡ 131
5.5 clickjacking 3.0�������ٳ� 134
5.6 ����clickjacking 136
5.6.1 frame busting 136
5.6.2 x-frame-options 137
5.7 �� 138
��6�� html 5 ��ȫ 139
6.1 html 5�±�ǩ 139
6.1.1 �±�ǩ��xss 139
6.1.2 iframe��sandbox 140
6.1.3 link types: noreferrer 141
6.1.4 canvas������ 141
6.2 ������ȫ���� 144
6.2.1 cross-origin resource sharing 144
6.2.2 postmessage�����細�ڴ�����Ϣ 146
6.2.3 web storage 147
6.3 �� 150
����ƪ ��������Ӧ�ð�ȫ
��7�� ע�빥�� 152
7.1 sqlע�� 152
7.1.1 äע��blind injection�� 153
7.1.2 timing attack 155
7.2 ���ݿ⹥������ 157
7.2.1 ������������ 157
7.2.2 ����ִ�� 158
7.2.3 �����洢���� 164
7.2.4 �������� 165
7.2.5 sql column truncation 167
7.3 ��ȷ�ط���sqlע�� 170
7.3.1 ʹ��Ԥ������� 171
7.3.2 ʹ�ô洢���� 172
7.3.3 ����������� 172
7.3.4 ʹ�ð�ȫ���� 172
7.4 ����ע�빥�� 173
7.4.1 xmlע�� 173
7.4.2 ����ע�� 174
7.4.3 crlfע�� 176
7.5 �� 179
��8�� �ļ��ϴ�©�� 180
8.1 �ļ��ϴ�©������ 180
8.1.1 ��fckeditor�ļ��ϴ�©��̸�� 181
8.1.2 �ƹ��ļ��ϴ���鹦�� 182
8.2 ���ܻ���©�� 183
8.2.1 apache�ļ��������� 184
8.2.2 iis�ļ��������� 185
8.2.3 php cgi·���������� 187
8.2.4 �����ϴ��ļ����� 189
8.3 ��ư�ȫ���ļ��ϴ����� 190
8.4 �� 191
��9�� ��֤��Ự���� 192
9.1 who am i? 192
9.2 �������Щ�¶� 193
9.3 ��������֤ 195
9.4 session����֤ 196
9.5 session fixation���� 198
9.6 session���ֹ��� 199
9.7 �����¼��sso�� 201
9.8 �� 203
��10�� ���ʿ��� 205
10.1 what can i do? 205
10.2 ��ֱȨ�޹��� 208
10.3 ˮƽȨ�޹��� 211
10.4 oauth��� 213
10.5 �� 219
��11�� �����㷨������� 220
11.1 ���� 220
11.2 stream cipher attack 222
11.2.1 reused key attack 222
11.2.2 bit-flipping attack 228
11.2.3 �����iv���� 230
11.3 wep�ƽ� 232
11.4 ecbģʽ��ȱ�� 236
11.5 padding oracle attack 239
11.6 ��Կ���� 251
11.7 �������� 253
11.7.1 ��α��������鷳 253
11.7.2 ʱ���������� 256
11.7.3 �ƽ�α������㷨������ 257
11.7.4 ʹ�ð�ȫ������� 265
11.8 �� 265
������understanding md5 length extension attack 267
��12�� web��ܰ�ȫ 280
12.1 mvc��ܰ�ȫ 280
12.2 ģ��������xss���� 282
12.3 web�����csrf���� 285
12.4 http headers���� 287
12.5 ���ݳ־ò���sqlע�� 288
12.6 �����뵽ʲô 289
12.7 web���������ȫ 289
12.7.1 struts 2����ִ��©�� 290
12.7.2 struts 2�����ⲹ�� 291
12.7.3 spring mvc����ִ��©�� 292
12.7.4 django����ִ��©�� 293
12.8 �� 294
��13�� Ӧ�ò�ܾ����񹥻� 295
13.1 ddos��� 295
13.2 Ӧ�ò�ddos 297
13.2.1 cc���� 297
13.2.2 ��������Ƶ�� 298
13.2.3 ����һ�ߣ�ħ��һ�� 300
13.3 ��֤�����Щ�¶� 301
13.4 ����Ӧ�ò�ddos 304
13.5 ��Դ�ľ����� 306
13.5.1 slowloris���� 306
13.5.2 http post dos 309
13.5.3 server limit dos 310
13.6 һ������������Ѫ����redos 311
13.7 �� 315
��14�� php��ȫ 317
14.1 �ļ�����©�� 317
14.1.1 �����ļ����� 319
14.1.2 Զ���ļ����� 323
14.1.3 �����ļ����������ü��� 323
14.2 ��������©�� 331
14.2.1 ȫ�ֱ������� 331
14.2.2 extract()�������� 334
14.2.3 ������ʼ������ 334
14.2.4 import_request_variables�������� 335
14.2.5 parse_str()�������� 335
14.3 ����ִ��©�� 336
14.3.1 ��Σ�պ�����ִ�д��� 336
14.3.2 ���ļ�д�롱ִ�д��� 343
14.3.3 ����ִ�д��뷽ʽ 344
14.4 ���ư�ȫ��php���� 348
14.5 �� 352
��15�� web server���ð�ȫ 353
15.1 apache��ȫ 353
15.2 nginx��ȫ 354
15.3 jbossԶ������ִ�� 356
15.4 tomcatԶ������ִ�� 360
15.5 http parameter pollution 363
15.6 �� 364
����ƪ ��������˾��ȫ��Ӫ
��16�� ������ҵ��ȫ 366
16.1 ��Ʒ��Ҫʲô���İ�ȫ 366
16.1.1 ��������Ʒ�԰�ȫ������ 367
16.1.2 ʲô�Ǻõİ�ȫ���� 368
16.2 ҵ���߼���ȫ 370
16.2.1 ��Զ�IJ��������� 370
16.2.2 ˭�Ǵ�Ӯ�� 371
16.2.3 ������� 372
16.2.4 ��������ȡ������ 373
16.3 �˻�����α����� 374
16.3.1 �˻�������;�� 374
16.3.2 �����˻�������ԭ�� 376
16.4 ������������ 377
16.4.1 �������� 377
16.4.2 �������� 379
16.5 ����������� 380
16.5.1 ������վ��� 381
16.5.2 �ʼ����� 383
16.5.3 ������վ�ķ��� 385
16.5.4 �������̵��� 388
16.6 �û���˽���� 393
16.6.1 ���������û���˽��ս 393
16.6.2 ��α����û���˽ 394
16.6.3 do-not-track 396
16.7 �� 397
�������鷳���ս��� 398
��17�� ��ȫ�������̣�sdl�� 402
17.1 sdl��� 402
17.2 ����sdl 406
17.3 sdlʵս���� 407
17.4 �����������ƽ׶� 409
17.5 �����׶� 415
17.5.1 �ṩ��ȫ�ĺ��� 415
17.5.2 ���밲ȫ��ƹ��� 417
17.6 ���Խ׶� 418
17.7 �� 420
��18�� ��ȫ��Ӫ 422
18.1 �Ѱ�ȫ��Ӫ���� 422
18.2 ©���޲����� 423
18.3 ��ȫ��� 424
18.4 ���ּ�� 425
18.5 ������Ӧ���� 428
18.6 �� 430
������̸̸��������ҵ��ȫ�ķ�չ���� 431
Binary file added 019白帽子讲Web安全/白帽子讲Web安全_-_吴翰清.mobi
View file
Binary file not shown.
Binary file added 019白帽子讲Web安全/白帽子讲Web安全_.pdf
View file
Binary file not shown.
Binary file added ...indows/D2T3 - James Forshaw - Introduction to Logical Privilege Escalation on Windows.pdf
View file
Binary file not shown.
Binary file added ...Windows/Introduction to Logical Privilege Escalation on Windows-D2T3 - James Forshaw .pdf
View file
Binary file not shown.

0 comments on commit fd7d232

Please sign in to comment.