- https://wizardforcel.gitbooks.io/web-hacking-101/content/ Web Hacking 101 中文版
- https://wizardforcel.gitbooks.io/asani/content/ 浅入浅出Android安全 中文版
- https://wizardforcel.gitbooks.io/lpad/content/ Android 渗透测试学习手册 中文版
- https://wizardforcel.gitbooks.io/kali-linux-web-pentest-cookbook/content/ Kali Linux Web渗透测试秘籍 中文版
- https://github.com/hardenedlinux/linux-exploit-development-tutorial Linux exploit 开发入门
- https://www.gitbook.com/book/t0data/burpsuite/details burpsuite实战指南
- http://www.kanxue.com/?article-read-1108.htm=&winzoom=1 渗透测试Node.js应用
- https://github.com/qazbnm456/awesome-web-security Web安全资料和资源列表
AVGirl
AVGirl
/ 0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
Created
February 25, 2021 03:18
— forked from 0xtornado/0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
CyberChef recipe to extract and decode Shellcode from a Cobalt Strike beacon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [{"op":"Conditional Jump","args":["bxor",false,"Decode_Shellcode",10]},{"op":"Label","args":["Decode_beacon"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Decode text","args":["UTF-16LE (1200)"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Gunzip","args":[]},{"op":"Label","args":["Decode_Shellcode"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"Conditional Jump","args":["",false,"",10]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"XOR","args":[{"option":"Decimal","string":"35"},"Standard",false]}] |
AVGirl
/ 开源扫描仪的工具箱.md
Created
December 31, 2020 01:36
— forked from ckeyer/开源扫描仪的工具箱.md
AVGirl
/ README.md
Created
December 2, 2020 02:25
— forked from eliquious/README.md
Virus Total Clone
AVGirl
/ Wannacrypt0r-FACTSHEET.md
Created
May 20, 2017 07:48
— forked from rain-1/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru