今日重点：

1.新的hackerone厂商

https://hackerone.com/impresscms

漏洞挖掘资料

1.Advanced MSSQL Injection Tricks

https://swarm.ptsecurity.com/advanced-mssql-injection-tricks/

2.一些工具

https://github.com/0x25/useful

3.Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them

https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/

4.AWS User Data Secrets Finder

https://github.com/akhil-reni/ud-peep

5.DumpsterDiver 私钥寻找工具

https://github.com/securing/DumpsterDiver

6. OSINT for Finding People

https://docs.google.com/spreadsheets/d/1JxBbMt4JvGr–G0Pkl3jP9VDTBunR2uD3_faZXDvhxc/edit#gid=1978517898

7.XFFenum

A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header

https://github.com/vavkamil/XFFenum/

8.CLICKJACKING TO OBTAIN LOGIN CREDENTIALS

https://medium.com/bugbountywriteup/clickjacking-to-obtain-login-credentials-abee3ae9825e

漏洞工具研发

Account Takeover工具准备：

Weak Cryptography to Account Takeover’s

https://medium.com/@vasuyadav0786/weak-cryptography-to-account-takeovers-87782224ed0d

Theoretically Possible To Practical Account Takeover

https://ironfisto.medium.com/theoretically-possible-to-practical-account-takeover-c9383ab03f76

https://link.medium.com/BW8diFKwqbb

link.medium.com/z0bWTpaxqbb

https://link.medium.com/9JVAX0pxqbb https://link.medium.com/t3hcpaDxqbb https://link.medium.com/wGxeg0Xxqbb

link.medium.com/ArDYz7Fwqbb https://link.medium.com/Ruljn8Gwqbb https://link.medium.com/Ip3cNlIwqbb https://link.medium.com/ENvKeiCzqbb https://link.medium.com/uDgTcrBzqbb

AI安全

1.awesome-ml-for-cybersecurity

https://github.com/jivoi/awesome-ml-for-cybersecurity