You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
LastRome f04302e4c5
Create 123
6 years ago
123 Create 123 6 years ago
20190220112709.png Add files via upload 6 years ago
Asp代码审计--项目实战2(第四课).pdf Add files via upload 6 years ago
Delphi代码审计--项目实战1(第三课).pdf Add files via upload 6 years ago
Linux提权-依赖exp篇 (第二课).pdf Add files via upload 6 years ago
Presenting-Tunna-v1.1a.pdf Add files via upload 6 years ago
README.md Update README.md 6 years ago
README_EN.md Update README_EN.md 6 years ago
SensePost_Eye_of_a_Needle.pdf Add files via upload 6 years ago
bitsadmin一句话下载payload(第四十一课).pdf Add files via upload 6 years ago
certutil一句话下载payload(第三十八课).pdf Add files via upload 6 years ago
ertutil一句话下载payload补充(第四十四课).pdf Add files via upload 6 years ago
ftp一句话下载payload(第四十课).pdf Add files via upload 6 years ago
js一句话下载payload(第四十三课).pdf Add files via upload 6 years ago
msfvenom常用生成payload命令(第十课).pdf Add files via upload 6 years ago
msf的前生今世(第三十一课).pdf Add files via upload 6 years ago
payload分离免杀思路第二季(第四十八课).pdf Add files via upload 6 years ago
payload分离免杀思路(第四十七课).pdf Add files via upload 6 years ago
powershell一句话下载payload(第四十六课).pdf Add files via upload 6 years ago
sql server 常用操作远程桌面语句(第七课).pdf Add files via upload 6 years ago
vbs一句话下载payload补充(第三十九课).pdf Add files via upload 6 years ago
vbs一句话下载payload(第三十七课).pdf Add files via upload 6 years ago
windows提权-快速查找exp(第一课).pdf Add files via upload 6 years ago
与Smbmap结合攻击(第五十五课).pdf Add files via upload 6 years ago
与Sqlmap结合攻击(第三十五课).pdf Add files via upload 6 years ago
关于Powershell对抗安全软件(第四十九课).pdf Add files via upload 6 years ago
内网渗透中的文件传输(第五十三课).pdf Add files via upload 6 years ago
反攻的一次溯源--项目实战3(第六课).pdf Add files via upload 6 years ago
基于ARP发现内网存活主机(第十三课).pdf Add files via upload 6 years ago
基于Powershell做Socks 4-5代理(第五十四课).pdf Add files via upload 6 years ago
基于SqlDataSourceEnumerator发现内网存活主机(第五十课)).pdf Add files via upload 6 years ago
基于UDP发现内网存活主机(第十二课).pdf Add files via upload 6 years ago
基于netbios发现内网存活主机(第十九课).pdf Add files via upload 6 years ago
基于snmp发现内网存活主机(第二十课).pdf Add files via upload 6 years ago
基于第十课补充payload1(第十四课).pdf Add files via upload 6 years ago
基于第十课补充payload2(第十五课).pdf Add files via upload 6 years ago
工具介绍-Sqlmap(第五课).pdf Add files via upload 6 years ago
工具介绍-the-backdoor-factory(第九课).pdf Add files via upload 6 years ago
工具介绍Veil-Evasion(第十一课).pdf Add files via upload 6 years ago
攻击FTP 服务(第四十二课).pdf Add files via upload 6 years ago
攻击Mysql服务(第三十三课).pdf Add files via upload 6 years ago
攻击Sql server 服务(第三十四课).pdf Add files via upload 6 years ago
模拟诉求任务攻击(第八课).pdf Add files via upload 6 years ago
渗透的本质是信息搜集(第五十二课)).pdf Add files via upload 6 years ago
离线提取目标机hash(第五十六课).pdf Add files via upload 6 years ago
第一百一十一课:内网mssql完整利用流程 [ 基础篇 ].pdf Add files via upload 6 years ago
第一百一十三课:COM Hijacking.pdf Add files via upload 6 years ago
第一百一十九课:全平台高性能加密隧道 ssf.pdf Add files via upload 6 years ago
第一百一十二课:利用Dropbox中转C2流量.pdf Add files via upload 6 years ago
第一百一十四课:渗透沉思录.pdf Add files via upload 6 years ago
第一百一十课:窃取,伪造模拟各种windows访问令牌[token利用].pdf Add files via upload 6 years ago
第一百二十一课:http加密代理深度应用 [ abptts ].pdf Add files via upload 6 years ago
第一百二十三课:利用ssh隧道将公网meterpreter弹至本地的msf中.pdf Add files via upload 6 years ago
第一百二十二课:利用 ssh隧道实现内网断网机meterpreter反向上线.pdf Add files via upload 6 years ago
第一百二十五课:利用WinRAR跨目录获取Net-NTLM Hash和DLL劫持.pdf Add files via upload 6 years ago
第一百二十四课:解决无meterpreter shell添加虚拟路由映射第一季.pdf Add files via upload 6 years ago
第一百二十课:win自带的高级网络配置管理工具深度应用 [ netsh ].pdf Add files via upload 6 years ago
第一百课:HTTP隧道reDuh第四季.pdf Add files via upload 6 years ago
第一百零一课:基于SCF做目标内网信息搜集第二季.pdf Add files via upload 6 years ago
第一百零七课:跨平台横向移动 [ windows计划任务利用 ].pdf Add files via upload 6 years ago
第一百零三课:Http加密隧道下的横向渗透尝试.pdf Add files via upload 6 years ago
第一百零九课:依托 metasploit 尽可能多的发现目标内网下的各类高价值存活主机.pdf Add files via upload 6 years ago
第一百零二课:对抗权限长期把控-伪造无效签名第一季.pdf Add files via upload 6 years ago
第一百零五课:windows 单机免杀抓明文或hash [通过dump lsass进程数据].pdf Add files via upload 6 years ago
第一百零八课:跨平台横向移动 [wmi利用].pdf Add files via upload 6 years ago
第一百零六课:windows 单机免杀抓明文或hash [通过简单混淆编码绕过常规静态检测].pdf Add files via upload 6 years ago
第一百零四课:Windows Smb 欺骗重放攻击利用.pdf Add files via upload 6 years ago
第七十一课:基于白名单Msbuild.exe执行payload第一季.pdf Add files via upload 6 years ago
第七十七课:基于白名单Csc.exe执行payload第七季.pdf Add files via upload 6 years ago
第七十三课:基于白名单Regasm.exe执行payload第三季.pdf Add files via upload 6 years ago
第七十九课:基于白名单Regsvr32执行payload第九季.pdf Add files via upload 6 years ago
第七十二课:基于白名单Installutil.exe执行payload第二季.pdf Add files via upload 6 years ago
第七十五课:基于白名单Mshta.exe执行payload第五季.pdf Add files via upload 6 years ago
第七十八课:基于白名单Msiexec执行payload第八季.pdf Add files via upload 6 years ago
第七十六课:基于白名单Compiler.exe执行payload第六季.pdf Add files via upload 6 years ago
第七十四课:基于白名单regsvcs.exe执行payload第四季.pdf Add files via upload 6 years ago
第七十课:ftp一句话下载payload补充.pdf Add files via upload 6 years ago
第三十课:解决msfvenom命令自动补全.pdf Add files via upload 6 years ago
第九十一课:从目标文件中做信息搜集第一季.pdf Add files via upload 6 years ago
第九十七课:msf配置自定义payload控制目标主机权限.pdf Add files via upload 6 years ago
第九十三课:与CrackMapExec结合攻击.pdf Add files via upload 6 years ago
第九十九课:HTTP隧道Tunna第三季.pdf Add files via upload 6 years ago
第九十二课:实战中的Payload应用.pdf Add files via upload 6 years ago
第九十五课:基于portfwd端口转发.pdf Add files via upload 6 years ago
第九十八课:HTTP隧道reGeorg第二季.pdf Add files via upload 6 years ago
第九十六课:HTTP隧道abptts第一季.pdf Add files via upload 6 years ago
第九十四课:基于实战中的small payload.pdf Add files via upload 6 years ago
第九十课:基于白名单zipfldr.dll执行payload第十八季.pdf Add files via upload 6 years ago
第二十一课:基于ICMP发现内网存活主机.pdf Add files via upload 6 years ago
第二十七课:基于MSF发现内网存活主机第五季.pdf Add files via upload 6 years ago
第二十三课:基于MSF发现内网存活主机第一季.pdf Add files via upload 6 years ago
第二十九课:发现目标WEB程序敏感目录第一季.pdf Add files via upload 6 years ago
第二十二课:基于SMB发现内网存活主机.pdf Add files via upload 6 years ago
第二十五课:基于MSF发现内网存活主机第三季.pdf Add files via upload 6 years ago
第二十八课:基于MSF发现内网存活主机第六季.pdf Add files via upload 6 years ago
第二十六课:基于MSF发现内网存活主机第四季.pdf Add files via upload 6 years ago
第二十四课:基于MSF发现内网存活主机第二季.pdf Add files via upload 6 years ago
第八十一课:基于白名单Rundll32.exe执行payload第十一季.pdf Add files via upload 6 years ago
第八十七课:基于白名单Cmstp.exe执行payload第十六季.pdf Add files via upload 6 years ago
第八十三课:基于白名单PsExec执行payload第十三季.pdf Add files via upload 6 years ago
第八十九课:基于白名单Url.dll执行payload第十七季.pdf Add files via upload 6 years ago
第八十二课:基于白名单Odbcconf执行payload第十二季.pdf Add files via upload 6 years ago
第八十五课:基于白名单Pcalua执行payload第十五季.pdf Add files via upload 6 years ago
第八十八课:基于白名单Ftp.exe执行payload第十九季.pdf Add files via upload 6 years ago
第八十六课:基于白名单Msiexec执行payload第八季补充.pdf Add files via upload 6 years ago
第八十四课:基于白名单Forfiles执行payload第十四季.pdf Add files via upload 6 years ago
第八十课:基于白名单Wmic执行payload第十季.pdf Add files via upload 6 years ago
第六十一课:高级持续渗透-第五季关于后门.pdf Add files via upload 6 years ago
第六十七课:meterpreter下的irb操作第一季.pdf Add files via upload 6 years ago
第六十三课:高级持续渗透-第七季demo的成长.pdf Add files via upload 6 years ago
第六十九课:渗透,持续渗透,后渗透的本质.pdf Add files via upload 6 years ago
第六十二课:高级持续渗透-第六季关于后门.pdf Add files via upload 6 years ago
第六十五课:离线提取目标机hash补充.pdf Add files via upload 6 years ago
第六十八课:基于Ruby内存加载shellcode第一季.pdf Add files via upload 6 years ago
第六十六课:借助aspx对payload进行分离免杀.pdf Add files via upload 6 years ago
第六十四课:高级持续渗透-第八季demo便是远控.pdf Add files via upload 6 years ago
第十八课:红蓝对抗渗透测试3.pdf Add files via upload 6 years ago
红蓝对抗渗透测试1(第十六课).pdf Add files via upload 6 years ago
红蓝对抗渗透测试2(第十七课).pdf Add files via upload 6 years ago
解决bat一句话下载payload黑窗(第四十五课).pdf Add files via upload 6 years ago
解决vps上ssh掉线(第三十六课).pdf Add files via upload 6 years ago
配置vps上的msf(第三十二课).pdf Add files via upload 6 years ago
项目回忆:体系的本质是知识点串联(第五十一课).pdf Add files via upload 6 years ago
高级持续渗透-第一季关于后门(第五十七课).pdf Add files via upload 6 years ago
高级持续渗透-第三季关于后门补充二(第五十九课).pdf Add files via upload 6 years ago
高级持续渗透-第二季关于后门补充一(第五十八课).pdf Add files via upload 6 years ago
高级持续渗透-第四季关于后门(第六十课).pdf Add files via upload 6 years ago

README_EN.md

Micro8

Other Languages: 简体中文

Infiltration attack for more than ten years, due to age, physical reasons, I feel that I am about to exit the first-line penetration attack. I plan to write out the textbooks I have learned in my life. Because the article involves sensitive attack behavior, so many need to mosaic, or local manifestation in the form of demo. When the industry has been around for a long time, you will one day discover that the essence of the original things is so important. For example, the essence of intranet penetration is information gathering. At that time, a big man passed this experience to me. Similarly, I am an old guy today, and I hope to pass on this experience.

There must be a clerical error or something wrong in the text. Please bear with me and say sorry to everyone in advance. All courses start from the basics (including the introduction of tools, applications, etc., since it is the foundation, some of the content may involve primary knowledge points, Please forgive me, so that new colleagues or colleagues who want to learn from scratch can avoid some detours. In the process of writing, I deeply understand that the sharer is the biggest beneficiary in learning. Article, so you need to consult a lot of information. Throughout the process, I learned a lot of knowledge points. Serialization includes notes on projects that are interspersed at work, including but not limited to code auditing, web penetration, intranet penetration, domain penetration, tunnel introduction, log traceability, and violent traceability. If you have a course specifying a colleague who needs to introduce the relevant technology (within my technical ability), please send me an email: micropoor@gmail.com. I have been writing <PHP Security News 8:00 am between 2010 and 2012, but I was not writing because of the work at the time. All the courses in this time are copyright-free, and I only hope that I can still make some technical documents output in the technical atmosphere that is already closed. So this tutorial I still want to call <PHP security news 8 o'clock>, I believe that one day, you will find that the original essence of things is so interesting.

If you need to specify a technical appeal, please leave a message below to facilitate the addition of the class in the future update. Thanks again to all readers.


Directory structure, see wiki


Penetration test/APT simulation attack is a double-edged sword. The Micro8 series is suitable for junior and intermediate security practitioners, Party B security testing, Party A security self-test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source. Do not break the law, such as the offense is not related to the author. When downloading/transmitting/learning, etc., it is deemed to be in agreement with the regulations. I hope that the readers will learn something, ask for income, think quietly, and be private.


Since open submissions are supported (supporting everyone to contribute to the series), third-party submissions such as advertising/hidden advertising/small circles/all other charges are not allowed.