From dee01dc4d8808ffe3d269114ff6fcbf39f185684 Mon Sep 17 00:00:00 2001 From: euphrat1ca Date: Fri, 14 Aug 2020 22:12:44 +0800 Subject: [PATCH] 1 --- README.md | 3 --- wiki_Fuzzer.md | 4 +++- wiki_GeekStudy.md | 2 +- wiki_IoT&ICS.md | 2 ++ wiki_SecReverse.md | 5 ++++- 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4bbeea8..ccd1cbb 100644 --- a/README.md +++ b/README.md @@ -107,14 +107,11 @@ - https://github.com/juliocesarfort/public-pentesting-reports //由几家咨询公司和学术安全组织发布的公共渗透测试报告的列表。 - http://pentestmonkey.net/category/cheat-sheet //渗透测试常见条目 - https://github.com/0xRadi/OWASP-Web-Checklist //owasp网站检查条目 -- https://github.com/arunmagesh/hw_hacking_cheatsheet 硬件hardware测试条目 - https://mp.weixin.qq.com/s/O36e0gl4cs0ErQPsb5L68Q //公众号:区块链、以太坊智能合约审计 CheckList - https://github.com/slowmist/eos-bp-nodes-security-checklist //区块链,EOS bp nodes security checklist(EOS超级节点安全执行指南) - https://github.com/GitGuardian/APISecurityBestPractices //api接口测试checklist - https://github.com/shieldfy/API-Security-Checklist //api开发核对清单。12k。 -- https://github.com/theLSA/hack-cs-tools //C/S客户端测试工具检查条目checklist。G:/theLSA/CS-checklist;-- - https://xz.aliyun.com/t/2089 //金融科技SDL安全设计checklist -- 汽车安全测试Checklist //水滴安全实验室 - https://blog.csdn.net/qq_39541626/article/details/104891590 //小程序、公众号安全测试list - https://www.butian.net/School/content?id=307/ //移动通信网络渗透测试科普 ## IPv6安全相关 diff --git a/wiki_Fuzzer.md b/wiki_Fuzzer.md index 2f5d90b..d09d4bd 100644 --- a/wiki_Fuzzer.md +++ b/wiki_Fuzzer.md @@ -39,4 +39,6 @@ - https://github.com/google/honggfuzz //C。具有反馈驱动(Feedback-Driven)的持续性软件代码测试。2k。 - https://github.com/bunzen/pySSDeep //Py。一个基于模糊哈希(Fuzzy Hashing)算法的工具。G:/glaslos/ssdeep;G:/ssdeep-project/ssdeep;-- - http://blog.topsec.com.cn/alphafuzzer/ //启明星辰阿尔法实验室以文件格式为主的漏洞挖掘工具 -- https://github.com/Cisco-Talos/mutiny-fuzzer //Py。MikroTik基于pcap包解析的网络协议模糊测试。 \ No newline at end of file +- https://github.com/Cisco-Talos/mutiny-fuzzer //Py。MikroTik基于pcap包解析的网络协议模糊测试。 +### 客户端模糊测试 +- https://github.com/dzzie/COMRaider //客户端溢出风险测试 \ No newline at end of file diff --git a/wiki_GeekStudy.md b/wiki_GeekStudy.md index 968a896..4a83d55 100644 --- a/wiki_GeekStudy.md +++ b/wiki_GeekStudy.md @@ -189,7 +189,7 @@ - https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/ //一个虚拟机文件用于linux提权练习 - https://kernel.ubuntu.com/~kernel-ppa/mainline/ //Ubuntu历史kernel - http://old-releases.ubuntu.com/releases/ //Ubuntu历史镜像 -- https://github.com/secvulture/dvta //CS客户端靶场 +- https://github.com/secvulture/dvta //客户端C/S架构靶场 - https://github.com/OWASP/igoat //适用于ios应用程序测试和安全性的学习工具 - https://github.com/prateek147/DVIA-v2 //适用于ios应用程序测试和安全性的学习工具 - https://github.com/abhi-r3v0/EVABS //C++。Android靶场 diff --git a/wiki_IoT&ICS.md b/wiki_IoT&ICS.md index 5029fe4..b7e6cad 100644 --- a/wiki_IoT&ICS.md +++ b/wiki_IoT&ICS.md @@ -18,6 +18,7 @@ ## 硬件设备固件分析 - https://github.com/scriptingxss/owasp-fstm/ //OWASP固件安全测试条例 - https://github.com/unprovable/PentestHardware //硬件渗透测试实用手册 +- https://github.com/arunmagesh/hw_hacking_cheatsheet //硬件hardware测试条目 - https://mp.weixin.qq.com/s/KFm870IFHGEHRnsek9d3lg //Chamd5公众号: 硬件分析的常用工具与基础方法。GZUT,RT809F,ProMan等仪器设备。 - https://www.pentestpartners.com/security-blog/how-to-do-firmware-analysis-tools-tips-and-tricks/ //固件硬件逆向分析方法技巧 - https://www.jianshu.com/p/3b3df82500b6 //绿盟马良:智能设备漏洞挖掘中几个突破点 @@ -39,6 +40,7 @@ - https://github.com/PX4/Firmware //px4无人机飞控。 - https://www.freebuf.com/geek/96399.html //极客DIY:使用树莓派制作一架四轴无人机。 ## 车联网安全 +- 汽车安全测试Checklist //水滴安全实验室 - https://github.com/jaredthecoder/awesome-vehicle-security //一个用于了解车辆安全和汽车黑客的资源清单 - https://www.freebuf.com/articles/terminal/241930.html //车机的渗透思路与实例分析 - https://github.com/pasta-auto //智能汽车测试 diff --git a/wiki_SecReverse.md b/wiki_SecReverse.md index fbe0ce9..434fa87 100644 --- a/wiki_SecReverse.md +++ b/wiki_SecReverse.md @@ -1,4 +1,4 @@ -## 逆向破解分析 +# 逆向破解分析 - https://www.pelock.com/articles/reverse-engineering-tools-review //Reverse engineering tools review 逆向工具测评 - https://down.52pojie.cn/ //吾爱破解爱盘工具包。W:tool.pediy.com/;-- - https://www.peerlyst.com/posts/resource-learning-how-to-reverse-malware-a-guide //恶意软件逆向指南和工具的集合 @@ -11,6 +11,9 @@ - https://github.com/euphrat1ca/PeDoll //C++。基于inlineHook技术的软件分析工具,C/S架构(PeDollc/PeDolls)。 - https://bbs.ichunqiu.com/thread-16846-1-1.html //intro。PeDoll 调戏木马病毒的正确姿势-正式篇 - https://github.com/everdox/InfinityHook //C++。挂钩系统调用,上下文切换,页面错误等。 +## 客户端安全 +- http://www.rohitab.com/apimonitor //客户端C/S架构API监控工具 +- https://github.com/theLSA/hack-cs-tools //客户端测试工具检查条目checklist。G:/theLSA/CS-checklist;-- ### PC端逆向分析 - https://www.hex-rays.com //IDA pro反汇编工具。商业版。W:youtu.be/qCQRKLaz2nQ; - https://github.com/xrkk/awesome-ida //IDA Pro有关的资源收集