Useful Link
[TOC]
Knowledge
| Knowledge | Comment |
|---|---|
| CRLF VS LF | |
| magic method | |
| HttpOnly | |
| Encrypt VS Hash | |
| LFI VS RFI | LFI(Local File Inclusion)</br>產生的原因是程式設計師未對用戶參數未進行輸入檢查,導致駭客可以讀取server上的敏感文件。開發人員可能貪圖方便,將GET或POST參數直接設定為檔案名稱,直接include該檔案進網頁裡,結果就造成了引入其他檔案,造成資訊洩漏</br></br>RFI(Remote File Include)</br>基本上與LFI概念一樣,只是include的file來源變成從外部引入,觸發條件必須要把php設定參數allow_url_include 訂為ON” |
| FTP | |
| WebDAV | |
| BitTorrent | |
| TrueNAS Setup | |
| API VS Method VS Library | |
| WebSocket | |
| JVM | Briefly Introduction |
| Thread VS Process | |
| APT | |
| Arrow VS Dot VS Colon in C++ | |
| payload VS formData | |
| RAID 0, 1, 0+1, 1+0, 5, 6 | |
| How to use multiprocess in python & map VS pool VS apply_async | |
| Python asyncio 從不會到上路 | |
| JDK、JRE 和 JVM | |
Tool-Page
|Tool| Comment| |:-:|:- | |XSS-CheatSheet|| | All-Injection: || |SQLMAP1</br>SQLMAP2 || |ViruTotal| 幫忙分析檔案是否有病毒的網站| |JS 混淆器| 把JS的程式變成可讀性很差的東西 | |JS 反混淆器| 可以反混淆或解密JS的檔案 | |JS 壓縮+加密+混淆+美化|| |Everything About Net Scanning|| |How to fetch SHA1 or MD5 in Win.|| |How to split windows in WSL?|| |Docker基本命令|| ||| |||
Vocabulary
| Vocabulary | Def. | Comment |
|---|---|---|
| Parse | 解析 | |
| query | 詢問、請求 | |
| dump | Also called a crash dump or memory dump, a dump is raw data from a computer’s memory. It is written to the file system if software crashes” (terminates unexpectedly). This information is a snapshot of what was going on in the computer at the moment the error occurred. The dump can be analyzed by developers to help track down the error, understand it better, and fix it. | Refer |
| intruder | 入侵者 | |
| vulnerability | 漏洞、脆弱 | |
| exploit | An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept threat or by malicious actors for use in their operations. When used, exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network. | Refer |
| wrapper | 偽協議 | |
| Cipher | 密碼 | |
| nerf | cause to be weak or ineffective削弱、減弱 | Refer |
| Miscellaneous | 混雜的、各種各樣的 | |
| PoC | Proof of Concept:在 Binary Exploitation 通常指可以使程式發⽣ Crash 觸發異常的程式碼,⽤來證明程式存在漏洞 | |
| PWN | 1.具漏洞的服務</br>2.目標在是服務中找到該服務的漏洞並注入自己的程式碼,拿到 server 的控制權 | Refer1</br>Refer2 |
| DHCP | 主要功能是自動分配IP(192.168.xxx.xxx),有時效限制(可能是一天),當新設備加入區網時,會由DHCP自動分配一個IP給該設備,過了一天後如果設備再次訪問DHCP,則會在給予新的IP,否則該IP會直接回收 | |
| 秒懂Confusion Matrix |  |
|