Personal growth | original article summary

At the beginning of 2018, I had an idea to do some technological precipitation and create a personal ID. In March, I re-registered an ID named Bypass in T00ls, and then created a self-media public account with the same name: Bypass to share original articles.

A few days ago when logging in T00ls, suddenly found that the user group has become a pink honorary member, a little excited.

The individual original article that had written before now undertakes sorting out.

【 WAF Bypass 】

BypassD Shield IIS Firewall SQL Injection Defense (Multi-pose)

A Bypass D shield firewall (new) SQL injection defense idea

Bypass X-WAf SQL injection Defense

Bypass NGx_LUA_waf SQL Injection Defense

Bypass 360 Host Guard SQL Injection Defense

SQL Injection Defense Bypass Oracle SQL Injection defense

Breaking OpenResty-based WEB Security (CVE-2018-9230)

[Code audit]

Easysns_v1.6 Remote image localization causes Getshell

Cltphp_v5.5.3 Arbitrary file upload vulnerability

MIPCMS remotely writes the configuration file Getshell

Phpyun_v4.3 CMS is reinstalled to Getshell

ThinkSNS_V4 Arbitrary file download results in Getshell

Cltphp_v5.5.3 Foreground XML external entity Injection vulnerability

QYKCMS Arbitrary file upload, arbitrary file read vulnerability

[Penetration test]

Asset detection and information collection

SQL secondary encoding Injection vulnerability

XSS triple URL encoding bypass example

Analysis of Web violence guess solution

Summary of common vulnerabilities of mobile verification code

Idea of Intranet penetration

Port – based weak password detection tool — ISCAN

[Emergency response]

Window combat:

Troubleshooting for Windows intrusion

Window Emergency Response (1) : FTP brute force cracking

Window Emergency Response (2) : Worm

Window Emergency Response (3) : Ransomware

Window emergency Response (4) : Mining virus

Linux:

Troubleshooting for Linux intrusion

Linux Emergency Response (1) : SSH brute force cracking

Linux Emergency Response (2) : Catch short connections

Linux Emergency Response (iii) : Mining viruses

Linux Emergency Response (iv) : Gates Trojan horse

The last

Welcome to pay attention to personal wechat public number: Bypass–, an original technical dry goods every week.

Personal growth | original article summary

【 WAF Bypass 】

[Code audit]

[Penetration test]

[Emergency response]

Related Posts

Confessed by readers!

Introduction to Data Structures (Introduction)

Using OpenCV Halcon algorithm (2) shape matching, shape_based_matching