更多详情请查看原文

【小白扫盲板块】

小白扫盲之CSRF

https://infosecwriteups.com/csrf-for-begginers-673d00efa770

小白扫盲之XXE

https://infosecwriteups.com/exploiting-xml-external-entity-xxe-injection-vulnerability-f8c4094fef83

小白进阶之ROP的艺术

https://infosecwriteups.com/into-the-art-of-binary-exploitation-0x000002-sorcery-of-rop-b4658238ee62

小白进阶之整数溢出

https://infosecwriteups.com/into-the-art-of-binary-exploitation-0x000003-prominence-of-integer-overflow-cea6abd2cce4

TCP/IP 网络模型

https://3xabyt3.medium.com/tcp-ip-networking-model-69686f893569

TCP/IP 网络模型（part 2）

https://infosecwriteups.com/tcp-ip-networking-model-part-2-efcc9de9ad40

【漏洞研究】

CVE-2021-40438 Apache Mod_Proxy SSRF

https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-40438.yaml

【红队技术文章】

Windows 提权整理

https://www.hackingarticles.in/windows-privilege-escalation-weak-services-permission/

分而治之：一种绕过NextGen AV的技术

https://www.freebuf.com/articles/system/261402.html

Websocket 劫持窃取用户session

https://infosecwriteups.com/websocket-hijacking-to-steal-session-id-of-victim-users-bca84243830

【红队工具】

EXOCET-AV-Evasion：AV bypass，无法检测的有效载荷传递工具

https://securityonline.info/exocet-av-evasion-av-evading-undetectable-payload-delivery-tool/

DorkScout：Google Dork 扫描工具

https://www.kitploit.com/2021/10/dorkscout-golang-tool-to-automate.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+(PenTest+Tools)

Azur3Alph4：Powershell 红队集成工具

https://www.kitploit.com/2021/10/azur3alph4-powershell-module-that.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+(PenTest+Tools)