SELECT * FROM NOW-UC-ME WHERE MAGIC = xss
3 | hackinn://2016owasp/1/AppSecEU2016-Andreas-Falk-Building-Native-Cloud-Apps.pdf | AppSecEU2016-Andreas-Falk-Building-Native-Cloud-Apps | ve apps with spring boot security
Andreas Falk
|
5 | hackinn://2016owasp/1/AppSecEU2016-Achim-Brucker-Using-Third-Party-Components.pdf | AppSecEU2016-Achim-Brucker-Using-Third-Party-Components | nts for Building an Application Might be More
Dang |
8 | hackinn://2016owasp/1/AppSecEU2016-Ajin-Abraham-Automated-Mobile-Assessment.pdf | AppSecEU2016-Ajin-Abraham-Automated-Mobile-Assessment | ecurity Engineering
Next Gen Runtime Application |
12 | hackinn://2016owasp/1/AppSecEU2016-Adam-Muntner-Open-Source-Approaches-to-Security.pdf | AppSecEU2016-Adam-Muntner-Open-Source-Approaches-to-Security | Security for Applications and Services at Mozilla |
15 | hackinn://2016owasp/1/AppSecEU2016-Dan-Cornell-Source-Assisted-PenTesting.pdf | AppSecEU2016-Dan-Cornell-Source-Assisted-PenTesting | b Application Penetration Testing with OWASP ZAP
D |
16 | hackinn://2016owasp/1/AppSecEU2016-Scott-Davis-Scanning-with-Swagger.pdf | AppSecEU2016-Scott-Davis-Scanning-with-Swagger | ication to find first and second order vulnerabili |
17 | hackinn://2016owasp/1/AppSecEU2016-Simone-Onofri-Security-Project-Management.pdf | AppSecEU2016-Simone-Onofri-Security-Project-Management | ty Testing Projects
Security Project Management
|
21 | hackinn://2016owasp/2/2016-06-OWASP-Crypto-Attacks.pdf | 2016-06-OWASP-Crypto-Attacks | World Crypto Implementations
Juraj Somorovsky Ruh |
32 | hackinn://2016owasp/2/AppSecEU2016-Matthias-Rohr-Practical-Threat-Modelling.pdf | AppSecEU2016-Matthias-Rohr-Practical-Threat-Modelling | with Microsofts Threat Modeling Tool 2016
Matthia |
33 | hackinn://2016owasp/2/AppSecEU2016-Wojtek-Dworakowski-Internet-Banking-Safeguards-Vulnerabilities.pdf | AppSecEU2016-Wojtek-Dworakowski-Internet-Banking-Safeguards-Vulnerabilities | ds vulnerabilities
Wojtek Dworakowski wojdwo SecuR |
36 | hackinn://2016owasp/2/AppSecEU2016-Grant-McCracken-Running-a-Bug-Bounty.pdf | AppSecEU2016-Grant-McCracken-Running-a-Bug-Bounty | in ‘Em
Practical Tips For Running a Successful Bug |
38 | hackinn://2016owasp/2/AppSecEU2016-Ben-Stock-From-Facepalm-To-Brain-Bender.pdf | AppSecEU2016-Ben-Stock-From-Facepalm-To-Brain-Bender | nder – Exploring ClientSide CrossSite Scripting
Be |
43 | hackinn://2019看雪杯AFSRC沙龙/安卓应用漏洞挖掘分享.pdf | 安卓应用漏洞挖掘分享 |
逆向
•JADX • 隐藏资源
脱壳
•mumu •xposed •dumpDex
改进版
工 |
59 | hackinn://2019臺灣資安大會/當軟體安全遇上敏捷.pdf | 當軟體安全遇上敏捷 | ecurity Meet Agile
曾義峰 Ant
yftzenggmail.com 201903 |
83 | hackinn://2019臺灣資安大會/數位轉型安全防護藍圖:雲服務,物聯網及關鍵基礎設施.pdf | 數位轉型安全防護藍圖:雲服務,物聯網及關鍵基礎設施 | e Technologies Ltd.
|
108 | hackinn://2016kcon/[KCon 2016]0827_7_dragonltx_quhe_Attack Android App's Third Library.pdf | [KCon 2016]0827_7_dragonltx_quhe_Attack Android App's Third Library | 多国
内外知名公司漏洞 • 擅长windows安全,
andrdoid安全,漏洞挖掘
Alipay |
115 | hackinn://2016kcon/[KCon 2016]0827_1_Demon_Hacking Cloud Product.pdf | [KCon 2016]0827_1_Demon_Hacking Cloud Product | monn0tr00t
探索⼀一切、攻破⼀一切
HackerKCon
About me |
116 | hackinn://2016kcon/[KCon 2016]0828_1_朱利军_剑走偏锋之 Hacking 无处不在.pdf | [KCon 2016]0828_1_朱利军_剑走偏锋之 Hacking 无处不在 | ec whoami ID: Rabit2013,Real name: 朱利军 Rabit2013Cl |
117 | hackinn://2016kcon/[KCon 2016]0828_2_Kevin2600_无线 Fuzzing 之旅.pdf | [KCon 2016]0828_2_Kevin2600_无线 Fuzzing 之旅 |
翠花的⽇日常
翠花是位在报社⼯工作的⼥女编辑. 她跟很多⼈人⼀一样享受着科技带来的便捷. |
119 | hackinn://2016kcon/[KCon 2016]0828_9_b1t_与僵尸网络攻防对抗的激情岁月.pdf | [KCon 2016]0828_9_b1t_与僵尸网络攻防对抗的激情岁月 | rg GitHubTwitter zom3y3
TO BE A MALWARE HUNTER
Pen |
124 | hackinn://2019企业安全新技术峰会/专为 API 风险而设计.pdf | 专为 API 风险而设计 | 会世界巡展 北京
专为 API 风险而设计
Fernando Serto
阿卡迈(Akama |
131 | hackinn://2018顺丰信息安全峰会/论坛一网络空间安全-6-白帽子-马晨.pdf | 论坛一网络空间安全-6-白帽子-马晨 | k 一个正在修炼气宗的剑宗白帽子
企业信息安全事件: 有害程序事件、网络攻击事件、信息泄露事件、 |
183 | hackinn://2016唯品会/06_探寻业务安全的极(基)点(江南天安_张洪骏).pdf | 06_探寻业务安全的极(基)点(江南天安_张洪骏) | 骏
初探电商 电商安全现状 业务安全漏洞分析
如何应对业务安全漏洞
电子商务是基于计算机技术 |
185 | hackinn://2016唯品会/03_轻松玩转“互联网+”漏洞(四叶草安全_朱利军).pdf | 03_轻松玩转“互联网+”漏洞(四叶草安全_朱利军) | Sec Labs
Rabit2013
About Me
Rabit2013CloverSec w |
202 | hackinn://EISS2019SZ/自动化漏洞扫描系统.pdf | 自动化漏洞扫描系统 | 背景
Ø 互联网应用系统大量使用开源软件和应用组件,且系统迭代快,可能 存在各种安全漏洞,依靠手工检 |
217 | hackinn://2016京·聚沙龙/钓鱼产业探索之路_cnsolu.pdf | 钓鱼产业探索之路_cnsolu | 2016
whoami
小鲜肉
cnsolu
Whitecellclub成员
白帽子
|
222 | hackinn://2016京·聚沙龙/移动时代我怎么保证个人的金融安全_安全小飞侠.pdf | 移动时代我怎么保证个人的金融安全_安全小飞侠 | 侠
About Me
ID 安全小飞侠 安全工程师,目前就职于某国外电商企业的信息安全部 |
225 | hackinn://2016携程信息安全沙龙/云WAF与大数据实时分析实践.pdf | 云WAF与大数据实时分析实践 | 安全工程师 张亮
关于我
个人 • 张亮 • 携程信息安全部
方向 • WEB安全、网络安全、安 |
226 | hackinn://2016携程信息安全沙龙/点融网的一些安全实践.pdf | 点融网的一些安全实践 | 一些安全实践
点融网高级安全工程师 李文吉
点融网 www.dianrong.com
正在遭遇哪 |
246 | hackinn://2018腾讯安全国际技术峰会/Life as an iOS Attacker.pdf | Life as an iOS Attacker | wertyoruioptensec2018
whoami
• Luca Todesco aka |
278 | hackinn://2016ISC分论坛/16/云计算与大数据安全论坛/栗蔚-如何防范云计算服务商的上帝之手-云平台的审计与监管.pdf | 栗蔚-如何防范云计算服务商的上帝之手-云平台的审计与监管 |
栗蔚
中国信息通信研究院 主任工程师 云计算开源产业联盟 秘书长 数据中心联盟可信云服务工作组 |
286 | hackinn://2016ISC分论坛/17/数据安全治理论坛/DeanCoclin-Industry Update:Movement toward https.pdf | DeanCoclin-Industry Update:Movement toward https | toward https
Dean Coclin
Senior Director of Busi |
327 | hackinn://武汉OWASP2018/从软件开发角度解密OWASP TOP 10.pdf | 从软件开发角度解密OWASP TOP 10 | 全与安全的开发
日程
OWASP TOP 10浅 析
安全开发演化
企业所面临的安全挑战
|
332 | hackinn://2016蒙特利尔深度学习课程/larochelle_neural_networks.pdf | larochelle_neural_networks | chelle hugolarochelle Twitter Université de She |
352 | hackinn://2018VSRC城市沙龙北京站/模板注入.pdf | 模板注入 | I WITH FLASK
⼩小 ⽶米 安 全 中 ⼼心
Xiaomi Security Center |
361 | hackinn://2016乌云峰会/白帽场/Find Blue Oceans.pdf | Find Blue Oceans | the Competitive World of Bug Bounty
Muneaki Nish |
362 | hackinn://2016乌云峰会/白帽场/对方不想说话并扔了个 message.pdf | 对方不想说话并扔了个 message | ge
By 微博网友呆子不开口
我
乌云白帽子 多家互联网公司多年安全工作经验
新浪、腾讯、go |
369 | hackinn://2016乌云峰会/分论坛/智能运维安全监控引擎实践.pdf | 智能运维安全监控引擎实践 | oooom
从Spring Boot的0day漏洞说起
Spring Boot
Spring 是 |
407 | hackinn://ZeroNights2019/Trusted Types & the end of DOM XSS.pdf | Trusted Types & the end of DOM XSS | of DOM XSS
Google Vulnerability Reward Program |
416 | hackinn://2019京麒国际安全峰会/白帽子论坛/漫谈JSRC安全应急响应.pdf | 漫谈JSRC安全应急响应 | 自我介绍
京东应急响应团队 安全工程师
陈靖远
l 自我介绍
但是你们更熟悉的id可能是
|
417 | hackinn://2019京麒国际安全峰会/技术峰会/移动生态安全探索与实践.pdf | 移动生态安全探索与实践 | 讯安全移动安全实验室
韩紫东 高级安全研究员
研究移动安全与IoT安全领域,专注安全生态相关研究 G |
422 | hackinn://2019京麒国际安全峰会/OWASP企业安全论坛/OWASP ProActive Controls软件开发主动控制项目.pdf | OWASP ProActive Controls软件开发主动控制项目 | OWASP:核心使命
• OWASP个开源的、非盈利的全球性安全组织,致力于应用软是一件的安全研究。 |
423 | hackinn://2019京麒国际安全峰会/OWASP企业安全论坛/车好多安全运营实践.pdf | 车好多安全运营实践 | 立业务团队安全接口人,了 解业务,融入业务,更好的为 业务提供安全服务能力。
3.赋能 业务团队
|
452 | hackinn://RSA USA 2020/SCADAICS Inherited Insecurity From Nuclear Power Plants to Oil Rigs.pdf | SCADAICS Inherited Insecurity From Nuclear Power Plants to Oil Rigs | S Inherited Insecurity From Nuclear Power Plants t |
511 | hackinn://RSA USA 2020/IoT Bug Hunting From Shells to Responsible Disclosure.pdf | IoT Bug Hunting From Shells to Responsible Disclosure | Hunting From Shells to Responsible Disclosure
Ia |
541 | hackinn://RSA USA 2020/Securing the Software Development Life Cycle with Machine Learning.pdf | Securing the Software Development Life Cycle with Machine Learning | the Software Development Life Cycle with Machine |
672 | hackinn://RSA USA 2020/Serverless Attack Vectors.pdf | Serverless Attack Vectors | ess Attack Vectors
Teri Radichel
CEO 2nd Sight La |
700 | hackinn://RSA USA 2020/DevSecOps State of the Union.pdf | DevSecOps State of the Union | ps State of the Union
Clint Gibler
Research Direc |
728 | hackinn://RSA USA 2020/JavaScript Skimmers Formjacking and Magecart All You Need to Know.pdf | JavaScript Skimmers Formjacking and Magecart All You Need to Know | pt Skimmers Formjacking and Magecart All You Need |
775 | hackinn://BlackHat-USA-2018/us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies.pdf | us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies | curely Exposing Security Flaws in Trading Technolo |
785 | hackinn://BlackHat-USA-2018/us-18-Crowley-Outsmarting-The-Smart-City-wp.pdf | us-18-Crowley-Outsmarting-The-Smart-City-wp | y
Daniel Crowley Mauro Paredes Jennifer Savage Aug |
786 | hackinn://BlackHat-USA-2018/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains-wp.pdf | us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains-wp | serialization Gadget Chains
Ian Haken Senior Secur |
797 | hackinn://BlackHat-USA-2018/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat-wp.pdf | us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat-wp | s Oracle Threat ROBOT
httpsrobotattack.org
Hanno B |
813 | hackinn://BlackHat-USA-2018/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims.pdf | us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims | eb intelligence company made up of an elite group |
826 | hackinn://BlackHat-USA-2018/us-18-Mueller-Dresen-EFAIL-Breaking-SMIME-And-OpenPGP-Email-Encryption-Using-Exfiltration-Channels.pdf | us-18-Mueller-Dresen-EFAIL-Breaking-SMIME-And-OpenPGP-Email-Encryption-Using-Exfiltration-Channels | OpenPGP Email Encryption using Exfiltration Channe |
831 | hackinn://BlackHat-USA-2018/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable.pdf | us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable | NING
REDEFINING UNEXPLOITABLE
James Kettle
Param |
832 | hackinn://BlackHat-USA-2018/us-18-Lipner-SDL-For-The-Rest-Of-Us.pdf | us-18-Lipner-SDL-For-The-Rest-Of-Us | Bank
Steve Lipner Executive Director
SAFECode Lip |
835 | hackinn://BlackHat-USA-2018/us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking.pdf | us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking | on
Abusing Caching Servers into SSRF and Transpare |
840 | hackinn://BlackHat-USA-2018/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web-wp.pdf | us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web-wp | rity Chasms of WASM
August 3 2018 – Version 1.0
Pr |
856 | hackinn://BlackHat-USA-2018/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat.pdf | us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat | achers Oracle Threat
1
Lets look at the TLS hand |
873 | hackinn://BlackHat-USA-2018/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims-wp.pdf | us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims-wp | telligence to predict the next payment card victim |
878 | hackinn://BlackHat-USA-2018/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web.pdf | us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web | f Native Exploits On The Web
Agenda
• Introducti |
886 | hackinn://BlueHatIL2019/Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape.pdf | Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape | informational purposes only. MICROSOFT MAKES NO WA |
901 | hackinn://2020阿里白帽大会/XSS猎人的捕猎日记.pdf | XSS猎人的捕猎日记 | 介绍
• ID:gainover • PKAV团队成员 • 乌云核心白帽子 • 无糖信息CTO
|
922 | hackinn://POC2019/Bug Hunting in Synology NAS.pdf | Bug Hunting in Synology NAS | AS
Qian Chen November 2019
Before we start …
All |
947 | hackinn://2018臺灣資安大會/IoT補夢網.pdf | IoT補夢網 | 什麼叫IoT就是Internet of Things物聯網
可以連上internet的設備及系統
|
948 | hackinn://2018臺灣資安大會/從設計的思維出發 - 建立與開發安全的 Web 應用程式系統.pdf | 從設計的思維出發 - 建立與開發安全的 Web 應用程式系統 | 式系統
陳偉雄 Wilson Chen
Who am I
• Works at Trend M |
973 | hackinn://2018臺灣資安大會/應用系統安全把關,從流程考量做起.pdf | 應用系統安全把關,從流程考量做起 | 事業處
資安經理 郭俐佳
國家產業創新獎 卓越中堅企業
.
大綱
AGENDA
• 應用系統的 |
1024 | hackinn://2019資安101/防禦措施/數位新時代 – 智慧型資安防護策略.pdf | 數位新時代 – 智慧型資安防護策略 | h 石崇檉 高級產品工程師
議程
1. 常見的網路威脅型態 2. 如何選擇有效的威脅防護軟體 3 |
1042 | hackinn://2018先知白帽大会/11_WEB2.0启发式爬虫实战_猪猪侠.pdf | 11_WEB2 | 8年06月16日
关于我
• 阿⾥里里云⾼高级安全专家 • ⼗十⼀一年年安全从业经历 • 信息安 |
1051 | hackinn://2018先知白帽大会/7_攻击GraphQL_phithon.pdf | 7_攻击GraphQL_phithon | raphQL
进化
REST
GraphQL
一个为API通信设计的查询语言
描述 |
1057 | hackinn://GITC2018网络安全专场/渗透中的权限维持.pdf | 渗透中的权限维持 | dteam杨晓成
关于我
360redteam成员 物理理渗透相关 多年年从事⽹网络安全⽅方⾯面 |
1063 | hackinn://2018斗鱼白帽沙龙/XSS漏洞挖掘与安全防护.pdf | XSS漏洞挖掘与安全防护 |
1
XSS3 .
01 ID 4"2
|
1065 | hackinn://2018斗鱼白帽沙龙/补天&斗鱼-跨域资源那些事.pdf | 补天&斗鱼-跨域资源那些事 |
1
Sevck • "
• • javasec. |
1080 | hackinn://BlackHat Europe 2016/eu-16-Argyros-Another-Brick-Off-The-Wall-Deconstructing-Web-Application-Firewalls-Using-Automata-Learning.pdf | eu-16-Argyros-Another-Brick-Off-The-Wall-Deconstructing-Web-Application-Firewalls-Using-Automata-Learning | l Deconstructing Web Application Firewalls Using A |
1099 | hackinn://BlackHat Europe 2016/eu-16-Argyros-Another-Brick-Off-The-Wall-Deconstructing-Web-Application-Firewalls-Using-Automata-Learning-wp.pdf | eu-16-Argyros-Another-Brick-Off-The-Wall-Deconstructing-Web-Application-Firewalls-Using-Automata-Learning-wp | Deconstructing Web Application Firewalls Using Au |
1104 | hackinn://BlackHat Europe 2016/eu-16-Kettle-Backslash-Powered Scanning-Hunting-Unknown-Vulnerability-Classes.pdf | eu-16-Kettle-Backslash-Powered Scanning-Hunting-Unknown-Vulnerability-Classes | SCANNING
Hunting
Unknown
Vulnerability
Cl |
1107 | hackinn://BlackHat Europe 2016/eu-16-Tenaglia-Breaking-Bhad-Abusing-Belkin-Home-Automation-Devices.pdf | eu-16-Tenaglia-Breaking-Bhad-Abusing-Belkin-Home-Automation-Devices | kin Home Automation Devices
Scott Tenaglia
Joe T |
1110 | hackinn://BlackHat Europe 2016/eu-16-Kettle-Backslash-Powered Scanning-Hunting-Unknown-Vulnerability-Classes-wp.pdf | eu-16-Kettle-Backslash-Powered Scanning-Hunting-Unknown-Vulnerability-Classes-wp | g Hunting Unknown Vulnerability Classes
James Kett |
1153 | hackinn://2018京东HITB安全峰会/D2 COMMSEC - Solving The Last Mile Problem Between Machine Learning and Security Operations - Xiangyu Liu and Xinyue Shen.pdf | D2 COMMSEC - Solving The Last Mile Problem Between Machine Learning and Security Operations - Xiangyu Liu and Xinyue Shen | Liu Xinyue Shen
Whoami
• Xiangyu Liu
• Senior A |
1159 | hackinn://2018京东HITB安全峰会/D1 COMMSEC - Unconventional Vulnerabilities in Google Cloud Platform - Venkatesh Sivakumar.pdf | D1 COMMSEC - Unconventional Vulnerabilities in Google Cloud Platform - Venkatesh Sivakumar | ities in Google Cloud Platform
1st November 2018
|
1161 | hackinn://2018京东HITB安全峰会/D1 COMMSEC - Who Hijacked My Smart Home - Han Zi Dong.pdf | D1 COMMSEC - Who Hijacked My Smart Home - Han Zi Dong | e
A url hacked all IOT devices
Han Zidongtencent
|
1168 | hackinn://2018看雪开发者峰会/潜伏在PHP Manual背后的特性及漏洞.pdf | 潜伏在PHP Manual背后的特性及漏洞 | 凯绿盟科技
自我介绍
邓永凯
ID xfkxfk 绿盟科技工业物联网安全实验室 SSC20 |
1233 | hackinn://SansSummit2019/Cloud Security Summit/Keep it Flexible:How Cloud Makes it Easier and Harder to Detect Bad Stuff.pdf | Keep it Flexible:How Cloud Makes it Easier and Harder to Detect Bad Stuff | d Makes it Easier and Harder to Detect Bad Stuff
|
1240 | hackinn://SansSummit2019/Cloud Security Summit/Cloud Security Automation:From Infrastructure to App.pdf | Cloud Security Automation:From Infrastructure to App |
From Infrastructure to App
Introduction
Frank K |
1250 | hackinn://SansSummit2019/Security Operations Summit/Managing Security Operations int he Cloud.pdf | Managing Security Operations int he Cloud | E CLOUD
Marc Baker
Goals Agenda
• Learn about t |
1339 | hackinn://2019中国网络安全大会/箱内持久化:行之有效的沙箱攻击新思路.pdf | 箱内持久化:行之有效的沙箱攻击新思路 | 腾讯安全玄武实验室
关于我们
• Tencent
• Largest social media |
1350 | hackinn://2018韩国POC安全大会/denis.pdf | denis | h
Denis Kolegov dnkolegov Oleg Broslavsky yalegk |
1358 | hackinn://2018韩国POC安全大会/lidong.pdf | lidong | ng LI Naijie XU I CyberPeaceADLAB
About us
Lido |
1385 | hackinn://2019HACKINGDAY广州站/安全江湖之侠客行.pdf | 安全江湖之侠客行 | ion,1980年出生于广东梅州。
1996年2000年 空军长沙航空职业技术学院 计算机应用。
|
1402 | hackinn://2019奇智威胁情报峰会/金融企业威胁情报建设历程与运营实践.pdf | 金融企业威胁情报建设历程与运营实践 | 证券信息安全中心
目录
CONTENTS
01 华泰威胁情报体系 02 威胁情报应用场景实践 |
1409 | hackinn://PasstheSALT2019/Workshops/Threat Hunting with OSSEC.pdf | Threat Hunting with OSSEC | 9 Xavier Mertens PassTheSalt Edition
1
profile
|
1440 | hackinn://PasstheSALT2019/Be API and Secured/Get your APIs Secured with Otoroshi !.pdf | Get your APIs Secured with Otoroshi ! | h Otoroshi
Pass The SALT 2019
Mathieu Ancelin T |
1443 | hackinn://2018复旦大学安全沙龙/从BSRC看互联网企业安全漏洞及威胁趋势.pdf | 从BSRC看互联网企业安全漏洞及威胁趋势 | 全应急响应中心
Baidu Security Response Center
目录
‣ 互联网企 |
1463 | hackinn://HITCONPacific2018/Day1/区块链亡灵军团.pdf | 区块链亡灵军团 | 亡灵军团 Undead Armies of Blockchain
慢雾科技 2018.12
关 |
1467 | hackinn://EISS2019BJ/基于Kcore的PHP代码自动审计.pdf | 基于Kcore的PHP代码自动审计 |
个人介绍
为什么要自动化代码审计?
• 域名、接口、项目多 • 人手有限,审计成本高 • |
1712 | hackinn://2016杭州云栖大会/教育专场/阿里云在线教育解决方案.pdf | 阿里云在线教育解决方案 | 行业首席架构师
在线教育演进趋势
目前国内在线教育行业主流已经演化到移动互联时代,部分业务已经步 |
1816 | hackinn://2016杭州云栖大会/开源无线和前端专场/企业级 Node 基础框架——EGG.pdf | 企业级 Node 基础框架——EGG | an25 阿里游戏 前端组
Node.js in Alibaba Group
• Java |
1846 | hackinn://FIT2019/企业安全俱乐部/业务流量数据安全应用实践.pdf | 业务流量数据安全应用实践 |
目录
1. 流量镜像介绍 2. 流量数据的采集 3. 流量数据的处理 4. 应用场景
0 |
1893 | hackinn://RAS2018/dev-f03-devops-and-the-future-of-enterprise-security.pdf | dev-f03-devops-and-the-future-of-enterprise-security | VOPS AND THE FUTURE OF ENTERPRISE SECURITY
Frank K |
2006 | hackinn://HackingDay2020online/百举百捷:红队视角下又一个突破口,再看大国独有小程序.pdf | 百举百捷:红队视角下又一个突破口,再看大国独有小程序 | 小程序
2020.6.16Poc Sir
www.dbappsecurity.com.cn
关于 |
2067 | hackinn://2020红日安全星火线上沙龙/分布式资产发现与漏洞扫描原理及实现.pdf | 分布式资产发现与漏洞扫描原理及实现 | 现
Silence
1 个人介绍
目
2 项目介绍
录
3 架构原理介绍
4 代码演示 |
2088 | hackinn://BlackHatAsia2019/Preloading Insecurity In Your Electron WP.pdf | Preloading Insecurity In Your Electron WP | nual Ver 1.2.0
Electronegativity © 20172019 Doye |
2089 | hackinn://BlackHatAsia2019/Attacking Browser Sandbox.pdf | Attacking Browser Sandbox |
Live Persistently and Prosperously
Yongke Wang Bi |
2091 | hackinn://BlackHatAsia2019/How to Survive the Hardware Assisted Control Flow Integrity Enforcement.pdf | How to Survive the Hardware Assisted Control Flow Integrity Enforcement | reassisted Controlflow Integrity Enforcement
Bing |
2094 | hackinn://BlackHatAsia2019/Make Redirection Evil Again WP.pdf | Make Redirection Evil Again WP | in URL Parser Issues in OAuth
Xianbo Wang1 Wing Ch |
2095 | hackinn://BlackHatAsia2019/Make Redirection Evil Again.pdf | Make Redirection Evil Again | in
URL Parser Issues in OAuth
Xianbo Wang1 Wing Ch |
2098 | hackinn://BlackHatAsia2019/Preloading Insecurity In Your Electron.pdf | Preloading Insecurity In Your Electron | n Your Electron
Luca Carettoni lucadoyensec.com
|
2127 | hackinn://2016ASC移动物联网安全高峰论坛/换个视角攻击 Android App.pdf | 换个视角攻击 Android App | ndroid App
Copyright © by SecZone All rights reser |
2128 | hackinn://2016ASC移动物联网安全高峰论坛/新形势下如何做好网际安全防范.pdf | 新形势下如何做好网际安全防范 | 网际安全防范
孙政豪
Copyright © by SecZone All rights reser |
2153 | hackinn://2020默安科技安全开发大讲堂/金融行业SDL建设之威胁建模这个”坎”.pdf | 金融行业SDL建设之威胁建模这个”坎” | 日
课程内容
威胁建模
知识域
软件安全开发背景 常见的软件安全开发方法
微软威胁建模模型 威 |
2160 | hackinn://Zero Nights 2018/3 ZN2018 WV - CSP bypass.pdf | 3 ZN2018 WV - CSP bypass | меньше платить за XSS
Ivan Chalykin
CONTENT SECU |
2161 | hackinn://Zero Nights 2018/11 ZN2018 WV - Defence, change my mind.pdf | 11 ZN2018 WV - Defence, change my mind | or Karbutov ShikariSenpai Sergey Belov SergeyBelov |
2162 | hackinn://Zero Nights 2018/6 ZN2018 WV - Misconfiguration in development infrastructure.pdf | 6 ZN2018 WV - Misconfiguration in development infrastructure | EVELOPER INFRASTRUCTURE
MOROZOV ALEXEY Security my |
2164 | hackinn://Zero Nights 2018/1 ZN2018 WV - I __3 XSS.pdf | 1 ZN2018 WV - I __3 XSS | her and your mother
Step 1 Create XSS payload
|
2165 | hackinn://Zero Nights 2018/4 ZN2018 WV - BugBounty automation.pdf | 4 ZN2018 WV - BugBounty automation | gey Bobrov Black2Fan
Bug Bounty programs with si |
2166 | hackinn://Zero Nights 2018/2 ZN2018 WV - Blind Xss (femida plugin).pdf | 2 ZN2018 WV - Blind Xss (femida plugin) | ukavishnikov hd
whoami
Pavel Rukavishnikov • Ct |
2167 | hackinn://Zero Nights 2018/7 ZN2018 WV - Atypical vulnerabilities.pdf | 7 ZN2018 WV - Atypical vulnerabilities | Aleksei "GreenDog" Tiurin
Secure standards Sec |
2168 | hackinn://Zero Nights 2018/5 ZN2018 WV - Introduction into browser hacking.pdf | 5 ZN2018 WV - Introduction into browser hacking | r hacking
Andrey Kovalev L1kvID
Who am I
› Secur |
2180 | hackinn://HITCON2019/Day1/Duplicate Paths Attack - Get Elevated Privilege from Forged Identities.pdf | Duplicate Paths Attack - Get Elevated Privilege from Forged Identities | t⾏t本ac地動k萬越提⽤級权劫注持入 ePxSSty.sCEtnGecmeo.tdCionnEgv |
2181 | hackinn://HITCON2019/Day1/The cookie monster in your browsers.pdf | The cookie monster in your browsers | r browsers
filedescriptor
HITCON 2019
filedescrip |
2186 | hackinn://HITCON2019/Day1/nfiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs.pdf | nfiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs | tranet Like NSA
Preauth RCE on Leading SSL VPNs
Or |
2191 | hackinn://ISC2018/Day 2/中国网络安全人才培养体系建设论坛/SEED Labs:为计算机安全教育开发的动手实验.pdf | SEED Labs:为计算机安全教育开发的动手实验 |
杜文亮 教授,雪城大学(Syracuse University
动机
安全教育的状况(200 |
2200 | hackinn://ISC2018/Day 2/InForSec论坛/基于深度学习的SSL:TLS证书验证程序的自动化测试.pdf | 基于深度学习的SSL:TLS证书验证程序的自动化测试 |
Deep Learningbased Automated Testing of Certifica |
2217 | hackinn://ISC2018/Day 2/云安全高峰论坛/消失的边界.pdf | 消失的边界 | ombating Security challenges with cloud security
A |
2274 | hackinn://ISC2018/Day 3/漏洞挖掘与源代码安全论坛/DOM-XSS挖掘与攻击面延伸.pdf | DOM-XSS挖掘与攻击面延伸 | 北京长亭科技有限公司深圳分公司Web安全研究员
目录
DOMXSS 挖掘与利用
DOMXSS |
2303 | hackinn://ISC2018/Day 1/金融科技安全论坛/金融科技助力支付安全.pdf | 金融科技助力支付安全 | 支付国家工程实验室首席安全技术专家
目录
电子支付安全研究背景 电子支付安全研究体系 电子支付 |
2324 | hackinn://2019北京网络安全大会/中国网络安全产业白皮书(2018).pdf | 中国网络安全产业白皮书(2018) | 通信研究院 2018年9月
版权声明
本白皮书版权属于中国信息通信研究院,并受法律保护。转 载、 |
2362 | hackinn://HITB2018DUBAI/day1/Crouching Tiger Sudden Keynote.pdf | Crouching Tiger Sudden Keynote | YNOTE
IN DATA WE TRUST
KATIE MOUSSOURIS
1
WHAT I |
2419 | hackinn://2019臺灣雲端大會/End-to-End hand-on experience on Micro:Serverless Architecture with AWS.pdf | End-to-End hand-on experience on Micro:Serverless Architecture with AWS | NCE ON
MICROSERVERLESS ARCHITECTURE WITH AWS
Liam |
2456 | hackinn://RSA2019/Protecting the Cloud with the Power of Cloud.pdf | Protecting the Cloud with the Power of Cloud | ing the Cloud with the Power of Cloud
Jay Kelath |
2499 | hackinn://RSA2019/Data Breach or Disclosure:A Quantitative Risk Analysis.pdf | Data Breach or Disclosure:A Quantitative Risk Analysis | each or Disclosure A Quantitative Risk Analysis
Ev |
2520 | hackinn://RSA2019/Cheaper by the dozen:application security on a limited budget.pdf | Cheaper by the dozen:application security on a limited budget | by the dozen application security on a limited bu |
2607 | hackinn://RSA2019/Yet Another IoT Hack.pdf | Yet Another IoT Hack | ther IoT Hack
Joshua Meyer
Associate Security Anal |
2636 | hackinn://Kcon2018/26/Hacking You Without Password.pdf | Hacking You Without Password | 1
Whoami
• ғ်RQJ6KDR • ർܔਞقૡᑕ • ᗑᕶڏ໐ஞ |
2639 | hackinn://Kcon2018/25/短网址的攻击与防御.pdf | 短网址的攻击与防御 | About Me
• 腾讯安全工程师 • 微博彦修 • 喜美食、好读书,不求甚解 • Tencen |
2645 | hackinn://2018第一届爱奇艺安全沙龙/爱奇艺安全攻防实践-爱奇艺-李劼杰.pdf | 爱奇艺安全攻防实践-爱奇艺-李劼杰 |
李劼杰
httpwww.lijiejie.com
• 爱奇艺 安全云 SRC 负责人 • Woo |
2646 | hackinn://2018第一届爱奇艺安全沙龙/攻击检测实践-唯品会-姜朋序.pdf | 攻击检测实践-唯品会-姜朋序 | 击检测
2
攻击检测
3
传统攻击检测
请求
请求
正则
请求
正则
4
传 |
2656 | hackinn://CIS2019/车联网论坛/CNCERT车联网众测平台与漏洞库介绍.pdf | CNCERT车联网众测平台与漏洞库介绍 |
一 CNCERT简介 二 车联网安全现状 三 车联网应急体系 四 IOVCERT车联网漏洞库 五 |
2661 | hackinn://CIS2019/白帽Live论坛/安全众测下的漏洞发展新趋势.pdf | 安全众测下的漏洞发展新趋势 | 服务工程师
目录
不同行业漏洞现状分析 安全众测与漏洞变迁 当前安全环境下漏洞挖掘小技巧
不 |
2667 | hackinn://CIS2019/Hack Lab论坛/Web漏洞挖掘速成特训营.pdf | Web漏洞挖掘速成特训营 | 营
姓名 Snow狼 CEO
Web漏洞挖掘速成特训营
注入
• SQL注入漏洞 • HTML |
2668 | hackinn://CIS2019/Hack Lab论坛/打造CTF+X透测试X奋混合剂-存在敏感词.pdf | 打造CTF+X透测试X奋混合剂-存在敏感词 | 攻城狮兴奋混合剂 孔韬循(K0r4dji) 赛宁网安攻防实验室总监
自我介绍
姓名:孔韬循 I |
2674 | hackinn://CIS2019/金融科技安全专场论坛/金融科技应用安全风险监测实践分享.pdf | 金融科技应用安全风险监测实践分享 | 测实践分享
姓名 钱伟峰
个人介绍
钱伟峰
• 安言咨询副总经理,10年以上IT风险管理咨询经验 |
2748 | hackinn://2019嘶吼白帽子技术沙龙/漏洞攻防:自动化与智能化.pdf | 漏洞攻防:自动化与智能化 | 云涛博士
• 漏洞攻防形势 • 自动化攻防 • 智能化攻防
1漏洞攻防形势
网络安全攻击 |
2785 | hackinn://ISC2019/网络攻防与响应论坛/安全运营体系进化——实锤告警体系.pdf | 安全运营体系进化——实锤告警体系 | 张鑫
About Me
张鑫(ID:Manning) 资深安全工程师、安全产品经理 负责360 |
2790 | hackinn://ISC2019/安全大数据论坛/机器学习在云安全中的实践.pdf | 机器学习在云安全中的实践 | 起
敏感数据发现 恶意软件发现 入侵行为发现
源起
• 安全由代码驱动走向数据驱动 |
2863 | hackinn://2019西湖论剑网络安全大会/智慧医疗安全高峰论坛/AiLPHA大数据安全分析应用于医疗网络安全闭环的实践.pdf | AiLPHA大数据安全分析应用于医疗网络安全闭环的实践 | Confidentiality
完整性 Integrity
可用性 Availability
|