01-SQL Injection Vulnerability Principle and Exploitation
Prerequisites:
Understand the HTTP protocol, and understand common databases, scripting languages, and middleware. Have basic programming language foundation.
Syllabus:
Chapter 1: SQL Injection Basics
1.1 Web Application Architecture Analysis
1.2 SQLi Injection Environment Construction
1.3 SQL Injection Principle Analysis
1.4 MySQL Injection Method Logical Operations and Common Functions
1.5 SQL Injection Process
1.6 SQL Manual Injection Method
Chapter 2: SQL injection syntax types
2.1 union union query injection
2.2 update injection
2.3 insert injection
2.4 oder by injection
Chapter 3: SQL Blind
3.1 SQL Blind - Error Injection
3.2 SQL Blind - Boolean Blind
3.3 SQL Blind - Time Injection
3.4 Dnslog Blind
Chapter 4: SQL injection defense bypass
4.1 Wide byte injection
4.2 Secondary encoding injection
4.3 Secondary injection
4.4 Analysis of WAF bypass principle
4.5 SQLmap bypass WAF scripting
Chapter 5: MsSQL Database Injection
5.1 MsSQL Database Environment Construction
5.2 MsSQL Database Injection (1)
5.3 MsSQL Database Injection (2)
Chapter 6: Oracle Database Injection
6.1 Oracle Database Environment Construction
6.2 Oracle Database Injection (1)
6.3 Oracle Database Injection (2)
Chapter 7: Sqlmap practical advanced
7.1 sqlmap working principle
7.2 sqlmap advanced use skills
References:
"White Hat Talks about Web Security"
"Hacker Attack and Defense Technology Collection - Web Actual Combat"
02-File upload vulnerability principle and utilization
Preliminary knowledge:
Understand the principle of file uploading, and be proficient in using Chinese kitchen knife, BurpSuite and other tools.
Syllabus:
Chapter 1: File Upload Vulnerability Principle and Process
1.1 File Upload Vulnerability Principle
1.2 File Upload Detection Process
Chapter 2: Front-end detection bypass
2.1 Browser-side detection bypass
2.2 Submission message modification detection
Chapter 3: Server Detection Bypass
3.1 MIME Type Detection Bypass
3.2 File Content Detection Bypass
3.3 File Extension Detection Bypass
3.4 Editor Vulnerability
Chapter 4: Parsing Vulnerabilities
4.1 IIS/Nginx+PHP fastcgi value error parsing vulnerability
4.2 Nginx file name logic vulnerability (CVE-2013-4547)
4.3 Apache parsing vulnerability (misconfiguration)
4.4 IIS 5.x/6.0 parsing vulnerability
Chapter 5: Advanced Exploitation of File Upload
5.1 Image Redraw
5.2 Exploitation of PHPINFO and File Inclusion
5.3 Online Decompression Exploitation
03-XSS vulnerability principle and utilization
Chapter 1: XSS Basics
1.1 XSS Introduction and Principles
1.2 Stored XSS Practice
1.3 Reflected XSS Practice
1.4 DOM XSS Practice
1.5 XSS Auxiliary Test Tools
Chapter 2: XSS combat and defense mechanism bypass
2.1 Stored XSS multi-scene combat and Bypass details
2.2 Reflected XSS multi-scene combat and Bypass details
2.3 DOM XSS multi-scene combat and Bypass details
Chapter 3: XSS Advanced
3.1 Electron Cross-Platform XSS - Execute System Commands
3.2 possMessage XSS
3.3 localStorage XSS
3.4 Flash XSS
3.5 Variant XSS: Persistent Control
3.6 React XSS
04-Business logic and unconventional vulnerability principle and utilization
Prerequisites:
Proficient in using the browser FireFox and related development plug-ins hackbar, to understand the knowledge of XML documents.
Syllabus:
Chapter 1: Business Logic Vulnerability
1.1 Permission Bypass Vulnerability
1.2 Payment Logic Vulnerability
1.3 Password Retrieval Vulnerability
1.4 Verification Code Security
Chapter 2: Unconventional Vulnerability Principle and Exploitation
2.1 SSRF Vulnerability Principle and Exploitation
2.2 XXE Vulnerability Principle and Exploitation
05-PHP code audit
Prerequisites:
1. Knowledge of installation software and environment configuration
2. Knowledge of PHP basic syntax
3. Knowledge of PHP dangerous function auditing
4. Basic knowledge of PHP auditing methods
Syllabus:
Chapter 1: Code Audit Preparation
1.1 Code Audit Environment Preparation
Chapter 2: PHP Code Auditing Fundamentals
2.1 Auditing Methods and Steps
2.2 Common INI Configurations
2.3 Common Dangerous Functions and Special Functions (1)
2.4 Common Dangerous Functions and Special Functions (2)
2.5 Configuration and Use of XDebug
Chapter 3: PHP Dangerous Function Audit
3.1 Command Injection
3.2 Installation Issue Audit
3.3 SQL Numeric Injection
3.4 XSS Background Sensitive Operations
3.5 File Inclusion Vulnerability Audit
3.6 Arbitrary File Read
3.7 Unauthorized Operation
3.8 Login Password Blasting
3.9 Truncation Injection
06-ThinkPHP framework code audit
Prerequisites:
1. Basic knowledge of PHP syntax
2. Basic knowledge of PHP auditing methods
Syllabus:
Chapter 1: Environmental Configuration and Cognitive Framework
1.1 Environmental Configuration and Cognitive Framework
Chapter 2: ThinkPHP Controller Audit
2.1 ThinkPHP Controller Audit
Chapter 3: SQL Injection Vulnerability Audit
3.1 Thinkphp where injection
3.2 Thinkphp table injection
3.3 Thinkphp field injection
3.4 Thinkphp alias-union-join injection
3.5 Thinkphp order-group-having injection
3.6 Thinkphp commnet injection
3.7 Thinkphp index injection
3.8 Thinkphp query, execute, Aggregation methods
3.9 Thinkphp EXP expression injection-1
3.10 Thinkphp EXP expression injection-2
3.11 Thinkphp parameter passing injection
3.12 Thinkphp combined injection
Chapter 4: Other Types of
Vulnerability
Audit
07- Privilege Escalation and Intranet Penetration
Prerequisites:
Understand the basic knowledge of operating system permissions, basic knowledge of
operating system permission groups and basic commands , basic knowledge of
database, basic knowledge of
kali, basic knowledge of
penetration process, basic knowledge
of intranet information collection
Syllabus:
Chapter 1: Privilege Escalation Basics
1.1 Overview of
Privilege Escalation 1.2 Privilege Escalation Based on Password Cracking
Chapter 2: Privilege Escalation of Operating System
2.1 Privilege Escalation Basics of
Windows Operating System 2.2 Privilege Escalation Practice of Windows Operating System
2.3 Privilege Escalation Basics of
Linux Operating System 2.4 Privilege Escalation Practice of Linux Operating System
Chapter 3: Database Privilege Escalation
3.1 SQL Server Database Vulnerability and Privilege Escalation
3.2 MySQL Database Vulnerability and Privilege Escalation
Chapter 4: Metasploit Exploitation and
Privilege Escalation 4.1 Metasploit Basics
4.2 Privilege Escalation Using Metasploit
Chapter 5: Intranet Information Collection
5.1 Intranet Information Collection Concerns
5.2 Common Methods of Intranet Information Collection
Chapter 6: Intranet Environment Penetration
6.1 Intranet Penetration Ideas and Methods
References
Chen Xiaobing "Vulnerability Exploitation and Privilege Escalation"
Hua Wuya "Network Black and White"
08-Python Safe Programming
Prerequisites:
You need to be familiar with the basic syntax of python (strings, lists and tuples, conditions and loops, input and output of files, etc.), understand web basics (front-end, database, etc.) and web security (vulnerability scanning, port blasting, etc.).
Syllabus:
Chapter 1: The Application of Python in Network Security
1.1 The Status of Python Hacking
1.2 What Can We Do with Python
1.3 Chapter 1 Summary of Course Content
Chapter 2: Introduction
to Python Security Application Programming 2.1 Python Regular Expressions
2.2 Python Web Programming
2.3 Python Multithreading
2.4 Python Network Programming
2.5 Python Database Programming
2.6 Chapter 2 Course Content Summary
Chapter 3: Implementation of Python crawler technology
3.1 Introduction of Python crawler BeautifulSoup module
3.2 Python crawler hackhttp module introduction
3.3 Crawler example combining BeautifulSoup and hackhttp
3.4 Crawler multithreading
3.5 Crawler regular expression
3.6 seebug crawler combat (1)
3.7 seebug crawler combat (2)
3.8 Baidu URL collection (1)
3.9 Baidu URL collection (2)
3.10 Proxy IP address collection
3.11 zoomeye collection
3.12 Chapter 3 course content summary
Chapter 4: Writing Python Information Collection Tools
4.1 High-precision dictionary generation (1)
4.2 High-precision dictionary generation (2)
4.3 WEB directory scanning program (1)
4.4 WEB directory scanning program (2)
4.5 C-section WEB service scanning (1)
4.6 Section C WEB service scanning (2)
4.7 Subdomain scanning program (1)
4.8 Subdomain scanning program (2)
4.9 Subdomain scanning program (3)
4.10 Subdomain scanning program (4)
4.11 Fingerprint identification (1)
4.12 Fingerprint identification (2)
4.13 Chapter 4 Course Content Summary
Chapter 5: Writing Burpsuite Plugins in
Python 5.1 Writing Burpsuite Plugins in Python (1)
5.2 Writing Burpsuite Plugins in Python (2)
References
Python grey hat
Python network data collection
09-Internet enterprise security construction
Prerequisites:
Operating system basics
Oriented programming development knowledge
Familiar with scanner principles
Understand honeypot basics
Syllabus:
Chapter 1: Building a security platform for enterprise security construction
1.1 Basic security construction
1.2 Building an open source SIEM platform
1.3 Building a large-scale WAF cluster
1.4 Self-built access system
Chapter 2: Data security of enterprise security construction
2.1 Data leakage prevention
2.2 Host-side database audit
2.3 Network layer database audit
Chapter 3: Vulnerability Scanners and Honeypots for Enterprise Security Construction
3.1 Vulnerability Scanners
3.2 Honeypots and Attack Deception
Chapter 4: Case Sharing Course - Internet Enterprise Security Work Promotion and Implementation From 0 to 1
The "Internet Enterprise Security Construction" course introduces typical security solutions, and this case sharing course is about how to analyze the actual needs of the business and provide Appropriate solutions and drive implementation. Starting from the real case of NetEase's internal security work promotion, it involves how to correct the posture in dealing with security and business, how to cut in security work, how to understand the security requirements of the business, introduce appropriate solutions, and finally implement and achieve curative effects.
References
"Advanced Guide to Internet Enterprise Security"
"Open Source Security Operation and Maintenance Platform: OSSIM Best Practices"
Zhao Yan's official account