漏洞相关

安全配置检测

cis_centos

https://learn.cisecurity.org/benchmarks

shodan

https://www.shodan.io/

csvv3评分标准

https://www.first.org/cvss/calculator/3.0

redhat cve database

https://access.redhat.com/security/security-updates/

suse cve

https://www.suse.com/security/cve/

exploits database

https://www.exploit-db.com/

Google Hacking Database (GHDB)

ghdb是指使用包含了google的搜索技巧的一个数据库

https://www.exploit-db.com/google-hacking-database/

securityfocus

SecurityFocus was acquired by Symantec in August 2002.

http://www.securityfocus.com/

http://www.securityfocus.com/bid/

rapid7

nexpose和metasploit可都是他家的

https://www.rapid7.com/

nvd

https://nvd.nist.gov/vuln/search

the difference between cve and cwe

Software weaknesses are errors that can lead to software vulnerabilities.

cve更加的具体化,什么系统什么漏洞,cwe就是更冲向,例如潜在漏洞也会也会算到cwe

https://cwe.mitre.org/about/faq.html#A.1

学无止境

sec博主

https://danielmiessler.com/study/#gs.K9at9ug

other

https://www.fireeye.com/current-threats/recent-zero-day-attacks.html

http://www.cvedetails.com/cve-help.php

关于web漏洞

owasp项目

https://www.owasp.org/index.php/Main_Page

练习你的hack技术

https://www.checkmarx.com/2015/04/16/15-vulnerable-sites-to-legally-practice-your-hacking-skills/

演练工具

https://www.sans.org/reading-room/whitepapers/application/introduction-owasp-mutillidae-ii-web-pen-test-training-environment-34380

漏洞与几个概念密切相关Package,Port,kernel

内核的漏洞可能会特别一点。

安装包出现了可以被利用的漏洞,所以要升级安装包

与网络相关的可能会涉及端口。

堆栈溢出 overflow

任意代码执行