注:以下總結由公衆号:珂技知識分享 整理
安全論壇和部落格
★★★安全門戶網站★★★
★freebuf,有非常多的基礎文章,也有一些有深度的。
https://www.freebuf.com/
★烏雲鏡像,由于年代久遠,有價值的文章不多了。
http://wooyun.2xss.cc/
★★先知,文章都比較有深度,水文較少。
https://xz.aliyun.com/
★★★安全客,幾乎沒有水文。
https://www.anquanke.com/
★★★seebug,沒有水文。
https://paper.seebug.org/
★★★360,沒有水文。
http://noahblog.360.cn/
★★★安全論壇★★★
★圈子,會員制,由于論壇比較新,活躍人數和文章品質都不高。
https://www.secquan.org/
★★吐司,上古論壇,魚龍混雜,有深度的文章較少,适合新手,不過是會員制,養個新增賬號不容易。
https://www.t00ls.cc/
★★★看雪,偏C語言二進制系,入門門檻較高。
https://bbs.pediy.com/
★★★安全部落格★★★
★★R3start,偏實戰。
http://r3start.net/
★★★afanti,偏java。
https://www.cnblogs.com/afanti/
★★★Diggid,偏java。
https://blog.diggid.top/
★★★素十八,偏java。
https://su18.org/
★★★廖新喜,偏java。
http://xxlegend.com/
★★★淺藍,偏java。
https://b1ue.cn/
★★★c0ny1,偏java。
https://gv7.me/
★★★phith0n,全棧。
https://www.leavesongs.com/
★★★3gstudent,偏微軟系。
https://3gstudent.github.io/
★★★LandGrey,全棧
https://landgrey.me/
★★★遠海,偏java和.net。
https://websecuritys.cn/
★★★LeadroyaL,偏二進制。
https://www.leadroyal.cn/
★★★whoami,偏php
https://whoamianony.top/
★★★Rmb122,偏java和php
https://rmb122.com/
★★★全棧。
http://scz.617.cn:8/
★★★Y4er,全棧。
https://y4er.com/
★★★ADog,偏java和php
http://foreversong.cn/
常見漏洞
★★★SQL注入★★★
★關于學習Oracle注入
https://xz.aliyun.com/t/7897
★又雙叒叕談注入
https://xz.aliyun.com/t/5980
★與某WAF鬥智鬥勇的每一天
https://www.freebuf.com/articles/web/247655.html
★★利用PHP的字元串解析特性Bypass
https://www.freebuf.com/articles/web/213359.html
★★sqlite注入的一點總結
https://xz.aliyun.com/t/8627
★★原理+實戰掌握SQL注入
https://xz.aliyun.com/t/6677
★★Mssql資料庫指令執行總結
https://xz.aliyun.com/t/7534
★★360webscan bypass
https://h3art3ars.gitee.io/2020/02/17/360webscan-bypass/
★★★MSSQL使用CLR程式集來執行指令
https://xz.aliyun.com/t/6682
★★★WAF繞過之SQL注入(歸來)
https://xz.aliyun.com/t/7767
★★★對MYSQL注入相關内容及部分Trick的歸類小結
https://xz.aliyun.com/t/7169
★★★XSS★★★
★某證券集團網站一處反射型XSS繞過與利用
https://xz.aliyun.com/t/4010
★★csp繞過姿勢
https://xz.aliyun.com/t/7372
★★★XSS Thousand Knocks解題記錄
https://xz.aliyun.com/t/4074
★★★檔案上傳★★★
★★Upload與WAF的那些事
https://xz.aliyun.com/t/8084
★★★從RFC規範看如何繞過waf上傳表單 上篇
https://www.anquanke.com/post/id/241265
★★★從RFC規範看如何繞過waf上傳表單 下篇
https://www.anquanke.com/post/id/242583
★★★CORS★★★
★★淺析CORS攻擊及其挖洞思路
https://xz.aliyun.com/t/7242
★★★CSRF★★★
★★一次滲透測試引發的Json格式下CSRF攻擊的探索
https://xz.aliyun.com/t/7911
★★★CRLF★★★
★★初識HTTP響應拆分攻擊(CRLF Injection)
https://whoamianony.top/2021/04/20/Web%E5%AE%89%E5%85%A8/HTTP%E5%93%8D%E5%BA%94%E6%8B%86%E5%88%86%E6%94%BB%E5%87%BB%EF%BC%88CRLF%20Injection%EF%BC%89/
★★★XXE★★★
★★通過XXE讀取本地檔案(HTTP OOB失敗後)
https://xz.aliyun.com/t/6913
★★★檔案包含★★★
★★淺談檔案包含漏洞
https://xz.aliyun.com/t/7176
★★★邏輯漏洞★★★
★★密碼重置的那些事★★
https://xz.aliyun.com/t/8136
★★★SSRF★★★
★gopher協定在SSRF 中的一些利用
https://xz.aliyun.com/t/6993
★★★請求走私★★★
★★★HTTP/2:續篇總是更糟糕
https://www.anquanke.com/post/id/253474 實戰
★★★滲透實戰★★★
★記一次運氣爆棚的滲透測試
https://xz.aliyun.com/t/8251
★記一次滲透測試
https://xz.aliyun.com/t/6729
★記一次YY出來的滲透測試
https://xz.aliyun.com/t/7203
★記一次webshell的擷取
https://xz.aliyun.com/t/6587
★從一個QQ群号到登入bilibili内網
http://wooyun.2xss.cc/bug_detail.php?wybug_id=wooyun-2016-0208105
★第一次滲透測試的分享和小結
https://xz.aliyun.com/t/6078
★★挖掘0day來入侵Apple
https://xz.aliyun.com/t/9121
★★實戰滲透之一個破站日一天
https://xz.aliyun.com/t/8375
★★實戰滲透 - 一個怎麼夠?我全都要!
https://xz.aliyun.com/t/8132
★★偶然的一次滲透從弱密碼->docker逃逸
https://xz.aliyun.com/t/8699
★★看我如何再一次駭進Facebook
https://mp.weixin.qq.com/s?__biz=MzU0ODg2MDA0NQ==&mid=2247484609&idx=1&sn=05153772770be4cfae75dbdc1dc32a10
★★記針對某機關一次相對完整的滲透測試
https://xz.aliyun.com/t/6979
★★記一次綜合靶場實戰滲透
https://xz.aliyun.com/t/7193
★★記一次有趣的指令執行
http://r3start.net/index.php/2019/03/15/458
★★記一次有趣的tp5代碼執行
https://xz.aliyun.com/t/6106
★★記一次滲透+審計實戰
https://xz.aliyun.com/t/8305
★★記一次曲折而又有趣的滲透
http://r3start.net/index.php/2020/02/17/611
★★記一次測試gitlab
https://xz.aliyun.com/t/7870
★★從報錯資訊洩露到使用ECS接口執行指令反彈shell
https://xz.aliyun.com/t/8310
★★從JS資訊洩露到Webshell
http://r3start.net/index.php/2019/07/15/546
★★shiro權限繞過實戰利用
https://xz.aliyun.com/t/8311
★★bilibili某分站從資訊洩露到ssrf再到指令執行
http://wooyun.2xss.cc/bug_detail.php?wybug_id=wooyun-2016-0213982
★★App滲透 - 從SQL注入到人臉識别登入繞過
https://xz.aliyun.com/t/8308
★★一次艱難的TP滲透測試
https://xz.aliyun.com/t/8453
★★【實戰】殺豬盤SSRF到getshell
https://mp.weixin.qq.com/s?__biz=Mzg4NDU0NzY5Mg==&mid=2247484049&idx=1&sn=97ff9212a4ffa3f73c9f5c6ab06785d3
★★讓滲透從黑盒變為“灰盒”
https://xz.aliyun.com/t/8347
★★任意檔案讀取漏洞的曲折曆程
https://www.freebuf.com/articles/web/229648.html
★★★【老文】一次艱難的滲透紀實
https://xz.aliyun.com/t/2122
★★★Python安全 - 從SSRF到指令執行慘案
https://www.leavesongs.com/PENETRATION/getshell-via-ssrf-and-redis.html
★★★紅色行動之從絕望到重見光明
https://www.anquanke.com/post/id/225829
★★★記一次docker逃逸學習
https://xz.aliyun.com/t/9966
★★★最新版DZ3.4實戰滲透
https://paper.seebug.org/1197/
★★★全程帶阻:記一次授權網絡攻防演練(上)
https://www.freebuf.com/vuls/211842.html
★★★全程帶阻:記一次授權網絡攻防演練(下)
https://www.freebuf.com/vuls/211847.html
★★★一步步成為你的全網管理者(上)
https://www.anquanke.com/post/id/223557
★★★一步步成為你的全網管理者(下)
https://www.anquanke.com/post/id/223729
★★★一次“SSRF-->RCE”的艱難利用
https://xz.aliyun.com/t/7594
★★★這是一篇“不一樣”的真實滲透測試案例分析文章
https://blog.ateam.qianxin.com/post/zhe-shi-yi-pian-bu-yi-yang-de-zhen-shi-shen-tou-ce-shi-an-li-fen-xi-wen-zhang/
★★★内網滲透★★★
★域資訊枚舉
https://xz.aliyun.com/t/7724
★一次真實内網滲透
https://xz.aliyun.com/t/9257
★譚談哈希傳遞那些世人皆知的事
https://xz.aliyun.com/t/9842
★内網穿透及端口轉發大合集
https://xz.aliyun.com/t/6966
★傳聞某團員工釣魚攻擊某多?莫哥帶你了解釣魚郵件攻擊!
https://mp.weixin.qq.com/s?__biz=Mzg2NzYyODQwMQ==&mid=2247483801&idx=1&sn=60150ce5a4a349666fdb0af9efc89ace
★内網滲透之應用層隧道技術
https://xz.aliyun.com/t/7956
★内網滲透之ICMP隐藏隧道
https://xz.aliyun.com/t/7875
★踩坑記錄-DNS Beacon
https://xz.aliyun.com/t/7938
★windows/Linux檔案下載下傳方式彙總
https://xz.aliyun.com/t/7937
★DNS隧道搭建及反彈shell之脫坑
https://xz.aliyun.com/t/7817
★Powershell免殺的探索
https://xz.aliyun.com/t/7903
★★自主搭建的三層網絡域滲透靶場打靶記錄
https://xz.aliyun.com/t/9281
★★照彈不誤:出站端口受限環境下反彈Shell的思考
https://www.freebuf.com/vuls/232544.html
★★域滲透之黃金票據維持權限
https://xz.aliyun.com/t/9855
★★一個域内特權提升技巧
https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247489414&idx=1&sn=f9addeb81e8a2ea160e043ee2b19a4cf
★★内網滲透測試:内網橫向移動基礎總結
https://www.freebuf.com/articles/network/251364.html
★★紅藍對抗之Windows内網滲透
https://mp.weixin.qq.com/s?__biz=MjM5NzE1NjA0MQ==&mid=2651202058&idx=1&sn=d3d57af49cea5f15d2c58b83bac35b7d
★★關于釣魚郵件的學習筆記
https://www.freebuf.com/articles/web/227694.html
★★從外圍打點到内網滲透拿下域控
https://xz.aliyun.com/t/9477
★★從外網代碼審計到三層内網各種漏洞拿到域控
https://mp.weixin.qq.com/s?__biz=MzkxNDEwMDA4Mw==&mid=2247486982&idx=2&sn=7bd2c716c41531b7a6b0ca98d4802c81
★★從DNSBeacon到域控
https://mp.weixin.qq.com/s?__biz=MzAwMzYxNzc1OA==&mid=2247485914&idx=1&sn=95a424874d8bbc656bb5a067198e4227
★★CVE到内網然後拿下4個域控
https://mp.weixin.qq.com/s?__biz=MzU4NTY4MDEzMw==&mid=2247485592&idx=1&sn=9d1678d5198f36d7ebb6660b27a882a6
★★cobaltstrike dns beacon知多少
https://xz.aliyun.com/t/7488
★★Vlunstack ATT&CK實戰系列——紅隊實戰(三)Writeup
https://xz.aliyun.com/t/6988
★★記一次進修從外到内的打法
https://xz.aliyun.com/t/10204
★★記一次域滲透2
https://xz.aliyun.com/t/8597
★★記一次内網滲透
https://xz.aliyun.com/t/8639
★★Bypass趨勢殺毒一步步打穿内網拿下域控
https://mp.weixin.qq.com/s?__biz=MzkxNDEwMDA4Mw==&mid=2247485563&idx=1&sn=8663f3fd0dbd0396b958968bba15f310
★★★Linux下的權限維持
https://xz.aliyun.com/t/7338
★★★Kerberos相關攻擊技巧(較全)
https://xz.aliyun.com/t/8690
★★★Kerberos域滲透的那些事
https://xz.aliyun.com/t/10189
★★★[域滲透] SQLSERVER 結合中繼與委派
https://mp.weixin.qq.com/s?__biz=MzUzNTEyMTE0Mw==&mid=2247484864&idx=1&sn=94260cb4a4e643764f4cfd3565ae799b
★★★記一次大型且細小的域滲透實戰
https://www.anquanke.com/post/id/230612
★★★全更新檔域森林5秒淪陷?加密更新之信任雪崩
https://mp.weixin.qq.com/s?__biz=MzU0MDcyMTMxOQ==&mid=2247483735&idx=1&sn=e0ddc385b58caab50a431e49755b051e
★★★滲透測試中的Exchange
https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649736957&idx=1&sn=ccbf22ab5e3576c28bf65b549e96801a
★★★域控提權合集
https://xz.aliyun.com/t/7726
★★★結合CVE-2019-1040漏洞的兩種域提權深度利用分析
https://www.freebuf.com/vuls/207399.html
★★★提權★★★
★Windows 權限提升指南
https://xz.aliyun.com/t/2200
★利用MS17-10提權Win2016測試環境搭建
https://xz.aliyun.com/t/1516
★權限提升備忘錄
https://xz.aliyun.com/t/7573
★★實戰遇見到最多的第三方提權
https://xz.aliyun.com/t/6544
★★★微軟不認的“0day”之域内本地提權-爛番茄(Rotten Tomato)
https://mp.weixin.qq.com/s?__biz=MzI2NDk0MTM5MQ==&mid=2247483689&idx=1&sn=1d83538cebbe2197c44b9e5cc9a7997f 代碼審計和漏洞分析
★★★php代碼審計/漏洞分析★★★
★百家cms代碼審計
https://xz.aliyun.com/t/7542
★zzzcms php 1.7.5版本代碼審計初探
https://xz.aliyun.com/t/7239
★usual*** CMS 8.0代碼審計
https://xz.aliyun.com/t/8100
★MKCMS代碼審計小結
https://xz.aliyun.com/t/7580
★★一次基于白盒的滲透測試
https://www.cnblogs.com/afanti/p/12663758.html
★★通讀審計之HYBBS
https://www.freebuf.com/vuls/243833.html
★★某shop API接口前台注入
https://xz.aliyun.com/t/5095
★★極緻cms v1.7的一次審計
https://xz.aliyun.com/t/7872
★★記一次對Tp二開的源碼審計
https://xz.aliyun.com/t/9440
★★從某cmsV9.9四個漏洞看程式開發安全
https://xz.aliyun.com/t/5919
★★巧用可變函數 繞過 CVE-2020-15148 限制
https://xz.aliyun.com/t/8352
★★淺析php-fpm的攻擊方式
https://xz.aliyun.com/t/5598
★★CVE-2016-5734 phpmyadmin背景代碼執行漏洞複現
https://xz.aliyun.com/t/7836
★★fastadmin 背景注入分析
https://xz.aliyun.com/t/8360
★★maccms v8 80w 字元的 RCE 分析
https://xz.aliyun.com/t/7037
★★phpBB Phar反序列化遠端代碼漏洞分析(CVE-2018-19274)
https://xz.aliyun.com/t/8239
★★ThinkPHP5.0.x反序列化利用鍊
https://xz.aliyun.com/t/7082
★★禅道項目管理系統(ZenTaoPMS)高危漏洞分析與利用
https://xz.aliyun.com/t/8692
★★★Laravel8反序列化POP鍊分析挖掘
https://www.anquanke.com/post/id/231079
★★★Laravel Debug mode RCE(CVE-2021-3129)分析複現
https://xz.aliyun.com/t/9030
★★★TinkPHP5.0.X RCE-PHP7 新利用方式挖掘
https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247484802&idx=1&sn=7db0b7acc809bc312f4ad89a718cd2d7
★★★TP諸多限制條件下如何getshell
https://www.anquanke.com/post/id/225794
★★★ThinkPHP v3.2.* (SQL注入&檔案讀取)反序列化POP鍊
https://mp.weixin.qq.com/s?__biz=MzU2NDc2NDYwMA==&mid=2247484711&idx=1&sn=0dd0f72b376b4922e4ae5b8bd614ae89
★★★thinkphp5.0.*反序列化鍊分析
https://www.anquanke.com/post/id/251318
★★★從一個Laravel SQL注入漏洞開始的Bug Bounty之旅
http://mp.weixin.qq.com/s?__biz=MzA4MDU0NzY4Ng==&mid=2459419911&idx=1&sn=981f7d7c68e09898a6fc95a9a2c61aa1
★★★一道CTF來審計學習PHP對象注入
https://xz.aliyun.com/t/7849
★★★java代碼審計/漏洞分析★★★
★S2-016漏洞整理
https://www.freebuf.com/articles/web/258410.html
★某json 繞牆的Tips
https://xz.aliyun.com/t/7568
★★fastjson v1.2.68 RCE利用鍊複現
https://mp.weixin.qq.com/s?__biz=MzI3MzUwMTQwNg==&mid=2247485312&idx=1&sn=22dddceccf679f34705d987181a328db
★★某json <= 1.2.68 遠端代碼執行漏洞分析
https://xz.aliyun.com/t/7878
★★Shiro-1.2.4-RememberMe 反序列化踩坑深入分析
https://xz.aliyun.com/t/7950
★★★JavaWeb 記憶體馬一周目通關攻略
https://su18.org/post/memory-shell/
★★★Apache Axis1 與 Axis2 WebService 的漏洞利用總結
https://paper.seebug.org/1489/
★★★CVE-2019-11580: Atlassian Crowd RCE漏洞分析
https://xz.aliyun.com/t/5737
★★★Fastjson 反序列化漏洞史
https://paper.seebug.org/1192/
★★★Fastjson 1.2.68 反序列化漏洞 Commons IO 2.x 寫檔案利用鍊挖掘分析
http://mp.weixin.qq.com/s?__biz=MzIwMDk1MjMyMg==&mid=2247486627&idx=1&sn=b768bebbd40c7d5b39071c711d9a19aa
★★★Java記憶體攻擊技術漫談
https://mp.weixin.qq.com/s?__biz=MzU1NzcxNjAyMQ==&mid=2247484636&idx=1&sn=c49e90b3ff68b7811e4151ba54317190
★★★一次意外的代碼審計----JfinalCMS審計
https://xz.aliyun.com/t/8695 
作者: 随風kali
本文連結: https://www.cnblogs.com/sfsec/p/15749327.html
版權聲明:
本部落格所有文章除特别聲明外,均采用 BY-NC-SA 許可協定。轉載請注明出處!
聲援部落客: 如果您覺得文章對您有幫助,可以點選文章右下角【
推薦】一下。您的鼓勵是部落客的最大動力!
![vulnhub DC-4靶機實戰0X01 環境部署[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)