10. Tools and ResourcesΒΆ
- 10.1. Recommended Resources
- 10.2. Related papers
- 10.3. Information Collection
- 10.3.1. Whois
- 10.3.2. Website filing
- 10.3.3. CDN query
- 10.3.4. Subdomain Blasting
- 10.3.5. Domain Name Acquisition
- 10.3.6. Weak Password Blasting
- 10.3.7. Git information leakage
- 10.3.8. Github Monitoring
- 10.3.9. Path and file scanning
- 10.3.10. Path Crawlers
- 10.3.11. Fingerprint recognition
- 10.3.12. Waf Fingerprint
- 10.3.13. Port Scanning
- 10.3.14. DNS data query
- 10.3.15. DNS Association
- 10.3.16. Cloud Services
- 10.3.17. Data query
- 10.3.18. Password
- 10.3.19. CI Information Disclosur
- 10.3.20. Profile of personal data
- 10.3.21. Mailbox Collection
- 10.3.22. Others
- 10.4. Social Engineering
- 10.5. Fuzzing
- 10.6. Exploitation/Detection
- 10.6.1. Database Injection
- 10.6.2. Unstructured database injection
- 10.6.3. Database exploits
- 10.6.4. XSS
- 10.6.5. SSRF
- 10.6.6. Template Injection
- 10.6.7. HTTP Request Smuggling
- 10.6.8. Command Injection
- 10.6.9. PHP
- 10.6.10. LFI
- 10.6.11. struts
- 10.6.12. CMS
- 10.6.13. Java Frameworks
- 10.6.14. DNS related vulnerabilities
- 10.6.15. DNS Data Extraction
- 10.6.16. DNS Tunneling
- 10.6.17. DNS Shell
- 10.6.18. XXE
- 10.6.19. Deserialization
- 10.6.20. JNDI
- 10.6.21. Port Hack
- 10.6.22. JWT
- 10.6.23. Wireless
- 10.6.24. Man-in-the-middle attacks
- 10.6.25. DHCP
- 10.6.26. DDoS
- 10.6.27. Regular expressions
- 10.6.28. Shellcode
- 10.6.29. Ultraviolet
- 10.6.30. Utilizing the Platform
- 10.6.31. Exploit Libraries
- 10.6.32. Exploit Frameworks
- 10.6.33. Windows
- 10.7. Near source penetration
- 10.8. Web Persistence
- 10.9. Lateral movement
- 10.10. Cloud Security
- 10.11. Operating System Persistence
- 10.12. Audit Tools
- 10.13. Defense
- 10.13.1. Log Inspection
- 10.13.2. Terminal Monitoring
- 10.13.3. XSS Protection
- 10.13.4. Configuration Checks
- 10.13.5. Security Check
- 10.13.6. IDS
- 10.13.7. RASP
- 10.13.8. SIEM
- 10.13.9. Threat Intelligence
- 10.13.10. APT
- 10.13.11. Intrusion Check
- 10.13.12. Process check
- 10.13.13. Waf
- 10.13.14. Online virus detection
- 10.13.15. WebShell killing
- 10.13.16. Rules/ IoC
- 10.13.17. Threat detection
- 10.13.18. Security Advisories
- 10.13.19. Security Tracker
- 10.13.20. Match Tool
- 10.13.21. DoS Protection
- 10.13.22. Adversary Simulation
- 10.13.23. Intrusion Prevention
- 10.14. Secure Development
- 10.15. Operation and Maintenance
- 10.15.1. Traffic
- 10.15.2. Bastion Machine
- 10.15.3. Honeypots
- 10.15.4. VPN Install
- 10.15.5. Tunnels/Proxy
- 10.15.6. Proxy chain
- 10.15.7. Asset Management
- 10.15.8. Compliance
- 10.15.9. Risk Control
- 10.15.10. SIEM
- 10.15.11. Security Operation
- 10.15.12. System Monitoring
- 10.15.13. Windows
- 10.15.14. Network Test
- 10.15.15. Red Team Simulation
- 10.15.16. Network Simulation
- 10.16. Forensics
- 10.17. Others