推荐资源 ================================ 书单 -------------------------------- 前端 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Web之困 - 白帽子讲Web安全 - 白帽子讲浏览器安全(钱文祥) - Web前端黑客技术揭秘 - XSS跨站脚本攻击剖析与防御 - SQL注入攻击与防御 网络 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Understanding linux network internals - TCP/IP Architecture, Design, and Implementation in Linux - Linux Kernel Networking: Implementation and Theory - Bulletproof SSL and TLS - UNIX Network Programming - TCP / IP 协议详解 SEO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - SEO艺术 无线攻防 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - 无线网络安全攻防实战 - 无线网络安全攻防实战进阶 - 黑客大揭秘——近源渗透测试(柴坤哲等) Hacking Programming ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Gray Hat Python 社会工程学 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - 社会工程:安全体系中的人性漏洞 - 反欺骗的艺术 - 反入侵的艺术 数据安全 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - 大数据治理与安全 从理论到开源实践(刘驰等) - 企业大数据处理 Spark、Druid、Flume与Kafka应用实践(肖冠宇) - 数据安全 架构设计与实战(郑云文) 机器学习与网络安全 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Web安全深度学习实战(刘焱) - Web安全机器学习入门(刘焱) - Web安全之强化学习与GAN(刘焱) - AI安全之对抗样本入门(兜哥) 安全建设 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - 企业安全建设入门——基于开源软件打造企业网络安全 (刘焱) - 企业安全建设指南——金融行业安全架构与技术实践 (聂君等) - 大型互联网企业安全架构(石祖文) - CISSP官方学习指南 - CISSP认证考试指南 - Linux系统安全 纵深防御、安全扫描与入侵检测(胥峰) 综合 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Web安全深度剖析 - 黑客秘笈——渗透测试实用指南 - 黑客攻防技术宝典——web实战篇 法律 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - 信息安全标准和法律法规(第二版)(注:武汉大学出版社) WebSite -------------------------------- - https://adsecurity.org/ Blog -------------------------------- - https://www.leavesongs.com/ - https://paper.seebug.org/ - https://xz.aliyun.com/ - https://portswigger.net/blog - https://www.hackerone.com/blog Bug Bounty -------------------------------- - https://www.hackerone.com/ - https://bugcrowd.com - https://www.synack.com/ - https://cobalt.io/ 实验环境 -------------------------------- Web安全相关CTF题目 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - https://github.com/orangetw/My-CTF-Web-Challenges - https://www.ripstech.com/php-security-calendar-2017/ - https://github.com/wonderkun/CTF_web - https://github.com/CHYbeta/Code-Audit-Challenges - https://github.com/l4wio/CTF-challenges-by-me - https://github.com/tsug0d/MyAwesomeWebChallenge - https://github.com/a0xnirudh/kurukshetra - http://www.xssed.com/ 域实验环境 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `Adaz `_: Active Directory Hunting Lab in Azure - `Detection `_ Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices 知识库 -------------------------------- Awesome 系列 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `Awesome CobaltStrike `_ - `Awesome Cybersecurity Blue Team `_ - `Awesome Hacking `_ - `awesome sec talks `_ - `Awesome Security `_ - `awesome web security `_ - `Awesome-Android-Security `_ Bug Hunting ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `HowToHunt `_ Tutorials and Things to Do while Hunting Vulnerability Java ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `learnjavabug `_ Java安全相关的漏洞和技术demo 红蓝对抗 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `atomic red team `_ Small and highly portable detection tests based on MITRE's ATT&CK 后渗透 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `Powershell攻击指南 黑客后渗透之道 `_ - `Active Directory Exploitation Cheat Sheet `_