十一月，开始专题的学习了，先来信息收集

0.文章列表

1.信息收集自动化

2.https://six2dez.gitbook.io/pentest-book/others/web-checklist 中文版

1.漏洞研究

https://medium.com/bugbountywriteup/bypassing-waf-to-do-error-based-sql-injection-dd52773a66d3

https://medium.com/bugbountywriteup/my-first-bug-on-google-observation-wins-1a13d0ea54b0

https://medium.com/bugbountywriteup/leveraging-lfi-to-rce-in-a-website-with-20000-users-129050f9982b

https://medium.com/bugbountywriteup/server-side-request-forgery-ssrf-exploitation-technique-9bc4b4045fbd

https://medium.com/bugbountywriteup/breaking-down-command-injections-97d1029576

2.学习资料

1.攻击新技术 NAT Slipstreaming

https://samy.pl/slipstream/

2.如何寻找PHP代码中的错误

https://www.anvilventures.com/blog/oswe-prep-finding-and-exploiting-bugs-in-php-source-code.html

3.自动子域名接管（写自动工具）

https://cyberweek.ae/2020/anatomy-of-automated-account-takeovers/

4.子域名工具

https://github.com/Rozendantz/subforce

5.新的攻击介绍：密码喷雾攻击综合指南

Comprehensive Guide on Password Spraying Attack

6.暴力破解

https://serverguy.com/security/brute-force-attack/?ref=quuu

7.渗透测试工具箱

https://securityonline.info/red-team-browser-extension/

3.AI安全

1.AI解决基于物联网的DDos攻击研究

https://portswigger.net/daily-swig/artificial-intelligence-can-stop-iot-based-ddos-attacks-in-their-tracks-research