Day013

一、漏洞报告

1.k8s漏洞

https://hackerone.com/reports/774896

https://hackerone.com/reports/776017

https://hackerone.com/reports/863979

https://hackerone.com/reports/778803

2. Top25 XXE 报告

https://corneacristian.medium.com/top-25-xxe-bug-bounty-reports-ab4ca662afad

3. 一个IDOR漏洞详情

https://sushantdhopat1905.medium.com/all-about-my-finding-last-week-idor-insecure-direct-object-reference-2ff221c9a329

4.CSRF on launchpad.37signals.com OAuth2 authorization endpoint

https://hackerone.com/reports/850022

二、学习资料

1.在邮件钓鱼中的JS混淆

https://www.darkreading.com/threat-intelligence/javascript-obfuscation-moves-to-phishing-emails/d/d-id/1339332

2.分享:解密服务端

ppt: https://docs.google.com/presentation/d/1dYmdqZh-8JJ-FV20dtAz4VTLshDNBIhpGvfr4xv0OiA/edit#slide=id.g915c44e977_0_7

视频:https://www.youtube.com/watch?v=gluSEBZpplQ&ab_channel=ekopartysecurityconference

3. hackerone黑客MRTUXRACER访谈

https://www.hackerone.com/blog/hacker-spotlight-interview-mrtuxracer

4.识别和升级HTTP头攻击

https://medium.com/bugbountywriteup/identifying-escalating-http-host-header-injection-attacks-7586d0ff2c67

5.最好的开源情报工具

https://www.hackread.com/best-osint-tools-for-2020/

6.PPT分享:应用测试方法和范围侦查

https://speakerdeck.com/harshbothra/application-testing-methodology-and-scope-based-recon?slide=2

7.GraphQL Cheat Sheet

https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html

三、AD攻击

1.https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/

2.https://blog.stealthbits.com/local-admin-mapping-bloodhound

3.https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/

4.https://blog.stealthbits.com/passing-the-hash-with-mimikatz

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 登出 /  更改 )

Google photo

您正在使用您的 Google 账号评论。 登出 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 登出 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 登出 /  更改 )

Connecting to %s