渗透由浅入深学习路线和学习网站

注:以下总结由公众号:珂技知识分享  整理

安全论坛和博客



★★★安全门户网站★★★




★freebuf,有非常多的基础文章,也有一些有深度的。




https://www.freebuf.com/




★乌云镜像,由于年代久远,有价值的文章不多了。




http://wooyun.2xss.cc/




★★先知,文章都比较有深度,水文较少。




https://xz.aliyun.com/




★★★安全客,几乎没有水文。




https://www.anquanke.com/




★★★seebug,没有水文。




https://paper.seebug.org/




★★★360,没有水文。




http://noahblog.360.cn/




 




★★★安全论坛★★★




★圈子,会员制,由于论坛比较新,活跃人数和文章质量都不高。




https://www.secquan.org/




★★吐司,上古论坛,鱼龙混杂,有深度的文章较少,适合新手,不过是会员制,养个注册账号不容易。




https://www.t00ls.cc/




★★★看雪,偏C语言二进制系,入门门槛较高。




https://bbs.pediy.com/




 




★★★安全博客★★★




★★R3start,偏实战。




http://r3start.net/




★★★afanti,偏java。




https://www.cnblogs.com/afanti/




★★★Diggid,偏java。




https://blog.diggid.top/




★★★素十八,偏java。




https://su18.org/




★★★廖新喜,偏java。




http://xxlegend.com/




★★★浅蓝,偏java。




https://b1ue.cn/




★★★c0ny1,偏java。




https://gv7.me/




★★★phith0n,全栈。




https://www.leavesongs.com/




★★★3gstudent,偏微软系。




https://3gstudent.github.io/




★★★LandGrey,全栈




https://landgrey.me/




★★★远海,偏java和.net。




https://websecuritys.cn/




★★★LeadroyaL,偏二进制。




https://www.leadroyal.cn/




★★★whoami,偏php




https://whoamianony.top/




★★★Rmb122,偏java和php




https://rmb122.com/




★★★全栈。




http://scz.617.cn:8/




★★★Y4er,全栈。




https://y4er.com/




★★★ADog,偏java和php




http://foreversong.cn/




常见漏洞




★★★SQL注入★★★
★关于学习Oracle注入
https://xz.aliyun.com/t/7897
★又双叒叕谈注入
https://xz.aliyun.com/t/5980
★与某WAF斗智斗勇的每一天
https://www.freebuf.com/articles/web/247655.html
★★利用PHP的字符串解析特性Bypass
https://www.freebuf.com/articles/web/213359.html
★★sqlite注入的一点总结
https://xz.aliyun.com/t/8627
★★原理+实战掌握SQL注入
https://xz.aliyun.com/t/6677
★★Mssql数据库命令执行总结
https://xz.aliyun.com/t/7534
★★360webscan bypass
https://h3art3ars.gitee.io/2020/02/17/360webscan-bypass/
★★★MSSQL使用CLR程序集来执行命令
https://xz.aliyun.com/t/6682
★★★WAF绕过之SQL注入(归来)
https://xz.aliyun.com/t/7767
★★★对MYSQL注入相关内容及部分Trick的归类小结
https://xz.aliyun.com/t/7169

★★★XSS★★★
★某证券集团网站一处反射型XSS绕过与利用
https://xz.aliyun.com/t/4010
★★csp绕过姿势
https://xz.aliyun.com/t/7372
★★★XSS Thousand Knocks解题记录
https://xz.aliyun.com/t/4074

★★★文件上传★★★
★★Upload与WAF的那些事
https://xz.aliyun.com/t/8084
★★★从RFC规范看如何绕过waf上传表单 上篇
https://www.anquanke.com/post/id/241265
★★★从RFC规范看如何绕过waf上传表单 下篇
https://www.anquanke.com/post/id/242583

★★★CORS★★★
★★浅析CORS攻击及其挖洞思路
https://xz.aliyun.com/t/7242

★★★CSRF★★★
★★一次渗透测试引发的Json格式下CSRF攻击的探索
https://xz.aliyun.com/t/7911

★★★CRLF★★★
★★初识HTTP响应拆分攻击(CRLF Injection)
https://whoamianony.top/2021/04/20/Web%E5%AE%89%E5%85%A8/HTTP%E5%93%8D%E5%BA%94%E6%8B%86%E5%88%86%E6%94%BB%E5%87%BB%EF%BC%88CRLF%20Injection%EF%BC%89/

★★★XXE★★★
★★通过XXE读取本地文件(HTTP OOB失败后)
https://xz.aliyun.com/t/6913

★★★文件包含★★★
★★浅谈文件包含漏洞
https://xz.aliyun.com/t/7176

★★★逻辑漏洞★★★
★★密码重置的那些事★★
https://xz.aliyun.com/t/8136

★★★SSRF★★★
★gopher协议在SSRF 中的一些利用
https://xz.aliyun.com/t/6993

★★★请求走私★★★
★★★HTTP/2:续篇总是更糟糕
https://www.anquanke.com/post/id/253474




实战




★★★渗透实战★★★
★记一次运气爆棚的渗透测试
https://xz.aliyun.com/t/8251
★记一次渗透测试
https://xz.aliyun.com/t/6729
★记一次YY出来的渗透测试
https://xz.aliyun.com/t/7203
★记一次webshell的获取
https://xz.aliyun.com/t/6587
★从一个QQ群号到登入bilibili内网
http://wooyun.2xss.cc/bug_detail.php?wybug_id=wooyun-2016-0208105
★第一次渗透测试的分享和小结
https://xz.aliyun.com/t/6078
★★挖掘0day来入侵Apple
https://xz.aliyun.com/t/9121
★★实战渗透之一个破站日一天
https://xz.aliyun.com/t/8375
★★实战渗透 - 一个怎么够?我全都要!
https://xz.aliyun.com/t/8132
★★偶然的一次渗透从弱口令->docker逃逸
https://xz.aliyun.com/t/8699
★★看我如何再一次骇进Facebook
https://mp.weixin.qq.com/s?__biz=MzU0ODg2MDA0NQ==&mid=2247484609&idx=1&sn=05153772770be4cfae75dbdc1dc32a10
★★记针对某单位一次相对完整的渗透测试
https://xz.aliyun.com/t/6979
★★记一次综合靶场实战渗透
https://xz.aliyun.com/t/7193
★★记一次有趣的命令执行
http://r3start.net/index.php/2019/03/15/458
★★记一次有趣的tp5代码执行
https://xz.aliyun.com/t/6106
★★记一次渗透+审计实战
https://xz.aliyun.com/t/8305
★★记一次曲折而又有趣的渗透
http://r3start.net/index.php/2020/02/17/611
★★记一次测试gitlab
https://xz.aliyun.com/t/7870
★★从报错信息泄露到使用ECS接口执行命令反弹shell
https://xz.aliyun.com/t/8310
★★从JS信息泄露到Webshell
http://r3start.net/index.php/2019/07/15/546
★★shiro权限绕过实战利用
https://xz.aliyun.com/t/8311
★★bilibili某分站从信息泄露到ssrf再到命令执行
http://wooyun.2xss.cc/bug_detail.php?wybug_id=wooyun-2016-0213982
★★App渗透 - 从SQL注入到人脸识别登录绕过
https://xz.aliyun.com/t/8308
★★一次艰难的TP渗透测试
https://xz.aliyun.com/t/8453
★★【实战】杀猪盘SSRF到getshell
https://mp.weixin.qq.com/s?__biz=Mzg4NDU0NzY5Mg==&mid=2247484049&idx=1&sn=97ff9212a4ffa3f73c9f5c6ab06785d3
★★让渗透从黑盒变为“灰盒”
https://xz.aliyun.com/t/8347
★★任意文件读取漏洞的曲折历程
https://www.freebuf.com/articles/web/229648.html
★★★【老文】一次艰难的渗透纪实
https://xz.aliyun.com/t/2122
★★★Python安全 - 从SSRF到命令执行惨案
https://www.leavesongs.com/PENETRATION/getshell-via-ssrf-and-redis.html
★★★红色行动之从绝望到重见光明
https://www.anquanke.com/post/id/225829
★★★记一次docker逃逸学习
https://xz.aliyun.com/t/9966
★★★最新版DZ3.4实战渗透
https://paper.seebug.org/1197/
★★★全程带阻:记一次授权网络攻防演练(上)
https://www.freebuf.com/vuls/211842.html
★★★全程带阻:记一次授权网络攻防演练(下)
https://www.freebuf.com/vuls/211847.html
★★★一步步成为你的全网管理员(上)
https://www.anquanke.com/post/id/223557
★★★一步步成为你的全网管理员(下)
https://www.anquanke.com/post/id/223729
★★★一次“SSRF-->RCE”的艰难利用
https://xz.aliyun.com/t/7594
★★★这是一篇“不一样”的真实渗透测试案例分析文章
https://blog.ateam.qianxin.com/post/zhe-shi-yi-pian-bu-yi-yang-de-zhen-shi-shen-tou-ce-shi-an-li-fen-xi-wen-zhang/

★★★内网渗透★★★
★域信息枚举
https://xz.aliyun.com/t/7724
★一次真实内网渗透
https://xz.aliyun.com/t/9257
★谭谈哈希传递那些世人皆知的事
https://xz.aliyun.com/t/9842
★内网穿透及端口转发大合集
https://xz.aliyun.com/t/6966
★传闻某团员工钓鱼攻击某多?莫哥带你了解钓鱼邮件攻击!
https://mp.weixin.qq.com/s?__biz=Mzg2NzYyODQwMQ==&mid=2247483801&idx=1&sn=60150ce5a4a349666fdb0af9efc89ace
★内网渗透之应用层隧道技术
https://xz.aliyun.com/t/7956
★内网渗透之ICMP隐藏隧道
https://xz.aliyun.com/t/7875
★踩坑记录-DNS Beacon
https://xz.aliyun.com/t/7938
★windows/Linux文件下载方式汇总
https://xz.aliyun.com/t/7937
★DNS隧道搭建及反弹shell之脱坑
https://xz.aliyun.com/t/7817
★Powershell免杀的探索
https://xz.aliyun.com/t/7903
★★自主搭建的三层网络域渗透靶场打靶记录
https://xz.aliyun.com/t/9281
★★照弹不误:出站端口受限环境下反弹Shell的思考
https://www.freebuf.com/vuls/232544.html
★★域渗透之黄金票据维持权限
https://xz.aliyun.com/t/9855
★★一个域内特权提升技巧
https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247489414&idx=1&sn=f9addeb81e8a2ea160e043ee2b19a4cf
★★内网渗透测试:内网横向移动基础总结
https://www.freebuf.com/articles/network/251364.html
★★红蓝对抗之Windows内网渗透
https://mp.weixin.qq.com/s?__biz=MjM5NzE1NjA0MQ==&mid=2651202058&idx=1&sn=d3d57af49cea5f15d2c58b83bac35b7d
★★关于钓鱼邮件的学习笔记
https://www.freebuf.com/articles/web/227694.html
★★从外围打点到内网渗透拿下域控
https://xz.aliyun.com/t/9477
★★从外网代码审计到三层内网各种漏洞拿到域控
https://mp.weixin.qq.com/s?__biz=MzkxNDEwMDA4Mw==&mid=2247486982&idx=2&sn=7bd2c716c41531b7a6b0ca98d4802c81
★★从DNSBeacon到域控
https://mp.weixin.qq.com/s?__biz=MzAwMzYxNzc1OA==&mid=2247485914&idx=1&sn=95a424874d8bbc656bb5a067198e4227
★★CVE到内网然后拿下4个域控
https://mp.weixin.qq.com/s?__biz=MzU4NTY4MDEzMw==&mid=2247485592&idx=1&sn=9d1678d5198f36d7ebb6660b27a882a6
★★cobaltstrike dns beacon知多少
https://xz.aliyun.com/t/7488
★★Vlunstack ATT&CK实战系列——红队实战(三)Writeup
https://xz.aliyun.com/t/6988
★★记一次进修从外到内的打法
https://xz.aliyun.com/t/10204
★★记一次域渗透2
https://xz.aliyun.com/t/8597
★★记一次内网渗透
https://xz.aliyun.com/t/8639
★★Bypass趋势杀毒一步步打穿内网拿下域控
https://mp.weixin.qq.com/s?__biz=MzkxNDEwMDA4Mw==&mid=2247485563&idx=1&sn=8663f3fd0dbd0396b958968bba15f310
★★★Linux下的权限维持
https://xz.aliyun.com/t/7338
★★★Kerberos相关攻击技巧(较全)
https://xz.aliyun.com/t/8690
★★★Kerberos域渗透的那些事
https://xz.aliyun.com/t/10189
★★★[域渗透] SQLSERVER 结合中继与委派
https://mp.weixin.qq.com/s?__biz=MzUzNTEyMTE0Mw==&mid=2247484864&idx=1&sn=94260cb4a4e643764f4cfd3565ae799b
★★★记一次大型且细小的域渗透实战
https://www.anquanke.com/post/id/230612
★★★全补丁域森林5秒沦陷?加密升级之信任雪崩
https://mp.weixin.qq.com/s?__biz=MzU0MDcyMTMxOQ==&mid=2247483735&idx=1&sn=e0ddc385b58caab50a431e49755b051e
★★★渗透测试中的Exchange
https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649736957&idx=1&sn=ccbf22ab5e3576c28bf65b549e96801a
★★★域控提权合集
https://xz.aliyun.com/t/7726
★★★结合CVE-2019-1040漏洞的两种域提权深度利用分析
https://www.freebuf.com/vuls/207399.html

★★★提权★★★
★Windows 权限提升指南
https://xz.aliyun.com/t/2200
★利用MS17-10提权Win2016测试环境搭建
https://xz.aliyun.com/t/1516
★权限提升备忘录
https://xz.aliyun.com/t/7573
★★实战遇见到最多的第三方提权
https://xz.aliyun.com/t/6544
★★★微软不认的“0day”之域内本地提权-烂番茄(Rotten Tomato)
https://mp.weixin.qq.com/s?__biz=MzI2NDk0MTM5MQ==&mid=2247483689&idx=1&sn=1d83538cebbe2197c44b9e5cc9a7997f




代码审计和漏洞分析




★★★php代码审计/漏洞分析★★★
★百家cms代码审计
https://xz.aliyun.com/t/7542
★zzzcms php 1.7.5版本代码审计初探
https://xz.aliyun.com/t/7239
★usual*** CMS 8.0代码审计
https://xz.aliyun.com/t/8100
★MKCMS代码审计小结
https://xz.aliyun.com/t/7580
★★一次基于白盒的渗透测试
https://www.cnblogs.com/afanti/p/12663758.html
★★通读审计之HYBBS
https://www.freebuf.com/vuls/243833.html
★★某shop API接口前台注入
https://xz.aliyun.com/t/5095
★★极致cms v1.7的一次审计
https://xz.aliyun.com/t/7872
★★记一次对Tp二开的源码审计
https://xz.aliyun.com/t/9440
★★从某cmsV9.9四个漏洞看程序开发安全
https://xz.aliyun.com/t/5919
★★巧用可变函数 绕过 CVE-2020-15148 限制
https://xz.aliyun.com/t/8352
★★浅析php-fpm的攻击方式
https://xz.aliyun.com/t/5598
★★CVE-2016-5734 phpmyadmin后台代码执行漏洞复现
https://xz.aliyun.com/t/7836
★★fastadmin 后台注入分析
https://xz.aliyun.com/t/8360
★★maccms v8 80w 字符的 RCE 分析
https://xz.aliyun.com/t/7037
★★phpBB Phar反序列化远程代码漏洞分析(CVE-2018-19274)
https://xz.aliyun.com/t/8239
★★ThinkPHP5.0.x反序列化利用链
https://xz.aliyun.com/t/7082
★★禅道项目管理系统(ZenTaoPMS)高危漏洞分析与利用
https://xz.aliyun.com/t/8692
★★★Laravel8反序列化POP链分析挖掘
https://www.anquanke.com/post/id/231079
★★★Laravel Debug mode RCE(CVE-2021-3129)分析复现
https://xz.aliyun.com/t/9030
★★★TinkPHP5.0.X RCE-PHP7 新利用方式挖掘
https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247484802&idx=1&sn=7db0b7acc809bc312f4ad89a718cd2d7
★★★TP诸多限制条件下如何getshell
https://www.anquanke.com/post/id/225794
★★★ThinkPHP v3.2.* (SQL注入&文件读取)反序列化POP链
https://mp.weixin.qq.com/s?__biz=MzU2NDc2NDYwMA==&mid=2247484711&idx=1&sn=0dd0f72b376b4922e4ae5b8bd614ae89
★★★thinkphp5.0.*反序列化链分析
https://www.anquanke.com/post/id/251318
★★★从一个Laravel SQL注入漏洞开始的Bug Bounty之旅
http://mp.weixin.qq.com/s?__biz=MzA4MDU0NzY4Ng==&mid=2459419911&idx=1&sn=981f7d7c68e09898a6fc95a9a2c61aa1
★★★一道CTF来审计学习PHP对象注入
https://xz.aliyun.com/t/7849


★★★java代码审计/漏洞分析★★★
★S2-016漏洞整理
https://www.freebuf.com/articles/web/258410.html
★某json 绕墙的Tips
https://xz.aliyun.com/t/7568
★★fastjson v1.2.68 RCE利用链复现
https://mp.weixin.qq.com/s?__biz=MzI3MzUwMTQwNg==&mid=2247485312&idx=1&sn=22dddceccf679f34705d987181a328db
★★某json <= 1.2.68 远程代码执行漏洞分析
https://xz.aliyun.com/t/7878
★★Shiro-1.2.4-RememberMe 反序列化踩坑深入分析
https://xz.aliyun.com/t/7950
★★★JavaWeb 内存马一周目通关攻略
https://su18.org/post/memory-shell/
★★★Apache Axis1 与 Axis2 WebService 的漏洞利用总结
https://paper.seebug.org/1489/
★★★CVE-2019-11580: Atlassian Crowd RCE漏洞分析
https://xz.aliyun.com/t/5737
★★★Fastjson 反序列化漏洞史
https://paper.seebug.org/1192/
★★★Fastjson 1.2.68 反序列化漏洞 Commons IO 2.x 写文件利用链挖掘分析
http://mp.weixin.qq.com/s?__biz=MzIwMDk1MjMyMg==&mid=2247486627&idx=1&sn=b768bebbd40c7d5b39071c711d9a19aa
★★★Java内存攻击技术漫谈
https://mp.weixin.qq.com/s?__biz=MzU1NzcxNjAyMQ==&mid=2247484636&idx=1&sn=c49e90b3ff68b7811e4151ba54317190
★★★一次意外的代码审计----JfinalCMS审计
https://xz.aliyun.com/t/8695









            

            
posted @ 
2021-12-30 16:09 
随风kali 
阅读(1775) 
评论(0编辑 
收藏 
举报