一、学习资料

1.一个文件上传靶场知识总结记录

https://xz.aliyun.com/t/8435

2.测试css的检查清单

3.hackerone的研究报告

https://www.hackerone.com/blog/organizations-paid-hackers-235-million-these-10-vulnerabilities-one-year-1

https://www.hackerone.com/blog/snaps-security-team-nearly-6-years-collaborating-hackers

4.恶意软件分析资源

https://github.com/ShilpeshTrivedi/Malware-IR-Tools-Resources

5.链接预览漏洞学习

https://www.mysk.blog/2020/10/25/link-previews/

6.漏洞挖掘中的侦查

https://speakerdeck.com/harshbothra/application-testing-methodology-and-scope-based-recon

二、漏洞挖掘工具

1.NetblockTool – 用于自动化分析归属于某公司及子公司的 IP 列表

https://blog.netspi.com/netblocktool/

2.Web扫描器

https://github.com/ElSicarius/SuperTruder

3.Google Maps API扫描器

https://github.com/ozguralp/gmapsapiscanner

4.无人机攻击工具

https://github.com/dhondta/dronesploit

5.一个脚本，使用grep查找源代码的缺陷

https://github.com/wireghoul/graudit

6.静态代码分析工具可帮助“消除整个漏洞类别”

https://portswigger.net/daily-swig/semgrep-static-code-analysis-tool-helps-eliminate-entire-classes-of-vulnerabilities

7.Payloads聚合项目

https://github.com/swisskyrepo/PayloadsAllTheThings

三、漏洞报告

1.facebook Reveal the page admin who create shop for the page

https://bugreader.com/kbazzoun@reveal-the-page-admin-who-create-shop-for-the-page-229

四、AI安全

1.机器学习的图像缩放攻击

https://www.usenix.org/system/files/sec20-quiring.pdf

https://embracethered.com/blog/posts/2020/husky-ai-image-rescaling-attacks/

2.微软开发的应对机器学习的对抗攻击的框架

https://thehackernews.com/2020/10/adversarial-ml-threat-matrix.html