Books

By XEI7

Update date:

类型 传播性 可控性 窃密性 害级别
============ ============ ========== ============ ============
僵尸(Bot) 具备 高度可控 全部控制:高
蠕虫(Worm) 主动传播 一般没有 一般没有 网络流量:高
木马(Trojan) 不具备 可控 账户密码:高
后门(Backdoor) 不具备 可控 完全控制:高
病毒(Virus) 用户干预 一般没有 一般没有 感染文件:中
间谍(Spyware) 一般没有 一般没有 信息泄露:中
============ ============ ========== ============ ============

![Alt text](/pic/img.jpg "Optional title")
** 是粗体 ** , * 斜体 * , A , __A__
如果你的 * 和 _ 两边都有空白的话,它们就只会被当成普通的符号。

# 一级标题

## 二级标题

### 三级标题

>  引用

https://default-password.info/ [默认密码]
http://drops.wiki/
https://blog.flanker017.me/
http://blog.wils0n.cn/
http://www.cnbraid.com/
http://blog.pangu.io/
http://blog.csdn.net/yatere
https://blog.leoc.io/blog/20141029/hacklu2014/
http://blogs.360.cn/blog/dump-to-poc-to-win32k-kernel-privilege-escalation-vulnerability/
http://www.s3cur1ty.de/node?page=27
http://www.open-open.com/github/
https://hackucf.org/blog/hack-all-the-things-exfiltrating-data-via-dns-requests/

http://www.ncar.cc/bbs/forum.php?mod=viewthread&tid=24792&page=9&extra=#pid344006
权力游戏

https://isc.sans.edu/tools/
TOOLS
文件类型识别 http://www.garykessler.net/library/file_sigs.html Trailer:
统计词频 http://web.chacuo.net/charsetuuencode
词频解码 http://cryptoclub.org/tools/cracksub_topframe.php
格式转换 http://www.office-converter.com/TTF-to-PNG
站长工具 http://tool.chinaz.com/js.aspx
hash解密 http://www.hashkiller.co.uk
cryptool http://www.cryptool-online.org
http://crypo.in.ua/tools/eng_caesar.php
IMSI反查 http://ultra.chinasnow.net/OPCode
http://www.shodanhq.com/
http://www.zoomeye.org

下载小工具
http://securityxploded.com/tools.php
http://www.nirsoft.net/
http://www.shentou.org/

http://www.hackingarticles.in/ BEST-msf script

https://quequero.org/
BLOG

http://sebug.net/
http://pan.baidu.com/share/home?uk=2298682912#category/type=0 思科
http://zone.wooyun.org/content/14440
http://packetstormsecurity.com/files/68554/
http://blog.csdn.net/hitwhylz/article/details/37825177
http://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcat-kali-linux/
http://www.woodmann.com/forum/activity.php
https://isc.sans.edu/forums/diary/
http://www.cnblogs.com/qq78292959/archive/2012/05/08/2490443.html
http://26836659.blogcn.com/articles/破解苹果appleid和iphone手机刷机.html
http://www.linuxeden.com/
http://blog.sina.com.cn/s/blog_8c0251900100xozn.html
http://secauo.com/Android安全/2015移动安全挑战赛-第3题.html

fcon babyfirst-Heap程序分析
http://www.91ri.org/9198.html#

http://blogread.cn/it/article/5766?f=wb
http://itindex.net/

http://blog.ztrix.me/
http://www.leavesongs.com/ phothon
http://le4f.net/links.md
http://www.icylife.net/blog/ 云舒
http://icylife.net/yunshu/ 云舒

http://www.purpleroc.com/
http://5alt.me/
http://blog.dm4.tw/blog/archives/
http://overthewire.org/wargames/

http://0cx.cc/
https://www.wd0g.com/
http://erevus.me/
http://xisigr.com/
http://92ez.com/
http://www.darksn0w.com/
http://0day5.com/
http://8mans.com/
http://www.reedchao.com/
http://ctf.paxmac.org/
http://www.studysec.com/

http://smilejay.com/ 运维
https://www.idontplaydarts.com/

http://blog.lse.epita.fr/articles/
http://tool.p1ng.pw/jstool.html

http://www.lengmo.net/read.php?1127
http://www.yellownote.nl/blog/
http://www.lijiejie.com/
https://www.nigesb.com/about
http://maskray.me/
http://rsghost.org/
http://cyrils.org/index.php

http://riusksk.blogbus.com/
http://hackdog.me/dog/index.php/2014/11/17/3.html redrain
http://ctf.idf.cn/index.php?g=portal&m=article&a=index&id=11
http://blog.sina.com.cn/s/blog_e8e60bc00102velj.html
http://www.repoog.com/2014/02/yara-the-pattern-matching-swiss-knife-of-malware/

http://www.huiyini.com/

https://blog.fqj.me/
http://ppwwyyxx.com/2014/Student-Festival-Puzzle-2014/
https://blog.blahgeek.com/
https://www.byvoid.com/blog/tag/%E7%AB%B6%E8%B3%BD%E9%A1%8C%E8%A7%A3

https://github.com/evilcos/心碎sprobe

http://hj-h.co生命m/

最佳企业安全博客提名:
Juniper(网络厂商,不用多介绍):http://forums.juniper.net/t5/Security-Mobility-Now/bg-p/networkingnow
Norse(提供前摄性的安全解决方案,基于dark intelligence平台防御当局高级威胁:http://norse-corp.com/blog-index.html
RedSeal Networks(安全管理解决方案): http://blog.redsealnetworks.com/
Solutionary Minds: http://www.solutionary.com/resource-center/blog/
VioPoint(提供MSS服务): http://www.viopoint.com/blog/
WhiteHat Security: https://blog.whitehatsec.com
TripWire: The State of Security: http://www.tripwire.com/state-of-security/
Veracode Blog(基于云的软件安全供应商): http://www.veracode.com/blog/
Mandiant M-unition: https://www.mandiant.com/blog/
Fortinet Blog(UTM,NGFW…): http://blog.fortinet.com/
F-Secure Blog: http://www.f-secure.com/weblog/
Trend Micro Security Intelligence Blog(趋势科技): http://blog.trendmicro.com/trendlabs-security-intelligence/
Kaspersky Lab Securelist(卡巴斯基): http://www.securelist.com/en/blog
Akamai Blog(云平台,CDN…): https://blogs.akamai.com/security/
Bit9(白名单软件机制管理厂商): https://blog.bit9.com/
IOActive(安全评估公司): http://blog.ioactive.com/

最佳安全播客提名:
SANS 的ISC每日播报 Stormcast: https://isc.sans.edu/podcast.html
MiSec, OWASP Detroit, BSides Detroit的播客: http://podcast.michsec.org/
Security Slice: http://www.tripwire.com/state-of-security/topics/security-slice-podcast/
Threat Post: https://www.threatpost.com
Security Ledger: https://securityledger.com/category/podcasts/
The Risk Science Podcast: http://riskscience.net/
SecurityWeekly: http://pauldotcom.com/
Securosis, Firestarter: https://securosis.com/blog/firestarter-the-nsa-and-rsa

最佳教育安全博客提名:
RedSeal Networks: http://blog.redsealnetworks.com/
Terebrate: http://terebrate.blogspot.com/
EFF’s Deep Links: https://www.eff.org/deeplinks
Security Bistro: http://www.securitybistro.com/
Graham Cluley: http://grahamcluley.com/
Krebs on security: http://krebsonsecurity.com/ 可参考近期freebuf上的人物专访《人物:他是互联网世界的私家侦探》

Identropy Blog: http://blog.identropy.com/
Dell SecureWorks Security and Compliance Blog: http://www.secureworks.com/resources/blog/
Securosis: https://securosis.com/blog
Solutionary Minds Blog: http://www.solutionary.com/resource-center/blog/
Rapid7 SecurityStreet: https://community.rapid7.com/content#filterID=all~objecttype~objecttype[blogpost]

最佳娱乐安全博客提名
Krypt3ia: http://krypt3ia.wordpress.com/
Kevin Townsend: Security centric issues, news, rants – and other things: http://kevtownsend.wordpress.com/
Matt Blaze’s Exhaustive Search: http://www.crypto.com/blog
The New School of Information Security Blog: http://newschoolsecurity.com/
Uncommon Sense Security: http://blog.uncommonsensesecurity.com/
Errata Security Blog: http://blog.erratasec.com/
Securosis Blog: https://securosis.com/blog
Tripwire’s State of Security: http://www.tripwire.com/state-of-security/

安全产业最佳代表博客提名
RedSeal Networks: http://blog.redsealnetworks.com/
Securosis: https://securosis.com/blog
Schneier on Security: https://www.schneier.com/
Naked Security: http://nakedsecurity.sophos.com/
SANS Internet Storm Center Diary: https://isc.sans.edu/diary.html
Liquidmatrix Security Digest: http://www.liquidmatrix.org/blog/
Emergent Chaos: http://emergentchaos.com/
Infosecisland: http://infosecisland.com/

年度单篇最佳博/播客提名
网络安全管理实用指南 https://event.on24.com/eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=720707&sessionid=1& key=12AADDB88B4B10EFA1829537392F1722&sourcepage=register
Parmy Olson的关于Anonymous的一个书评: http://terebrate.blogspot.com/2013/05/book-review-we-are-anonymous-inside.html
Krebs的Adobe源代码泄露和用户数据泄露事件: http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
Bruce Schneier的公布NSA计划的重要性讨论: https://www.schneier.com/blog/archives/2013/10/why_its_importa.html
竞赛与技能(有关安全教育方面的文章): https://www.cerias.purdue.edu/site/blog/post/on_competitions_and_competence/
ISC2关于CISSP报考地点(2014-2017年期间)的选举事宜(Nov 16-30): http://securityuncorked.com/2013/11/cissp-call-to-action-isc2-elections/
关于Defcon禁止美国当局feds参加会议的讨论: http://policeledintelligence.com/2013/07/11/banning-feds-from-defcon-is-self-defeating-heres-why/
看过《国土安全》这美剧没?没有,那你知道心脏起搏器可以被黑吗?不知道,那你就不要看这篇文章了: http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html

安全博客主名人堂提名
The hackers post: www.thehackerspost.com
J4VV4D: http://www.j4vv4d.com/
Dan Kaminsky (Or: The Blog Formerly Known As DoxPara Resarch) – http://dankaminsky.com/category/security/
Martin McKeay Network Security Blog: http://www.mckeay.net/author/martin/
Andy Greenberg, Forbes: http://www.forbes.com/sites/andygreenberg/
Lori MacVittie, F5 DevCentral: https://devcentral.f5.com/users/38/my-contributions/typeid/9
Emergent Chaos: http://emergentchaos.com/
Tracy Kitten: The Fraud Blog: http://www.bankinfosecurity.com/blogs/fraud-blog-b-18
Eric Chabrow: The Public Eye: http://www.govinfosecurity.com/blogs/public-eye-b-13

最佳安全新闻博客提名
Gunter Ollmann, Dark Reading, Attacks and Breaches: http://www.darkreading.com/attacks-breaches
Jitender's Perspective: http://jitenderarora.co.uk/blog/
OMENS Blog: http://musectech.com/OMENSPortal/omens-blog.aspx
Cyb3r Assassins: https://cyb3rassassin.wordpress.com/
Security Management HQ: http://www.securitymanagementhq.com/
Exploring Possibility Space: http://exploringpossibilityspace.blogspot.com/
USA TODAY, CyberTruth: http://www.usatoday.com/blog/cybertruth/
http://retme.net/

http://sdr-x.github.io/cat-gps/