漏洞报告

【Judge.me 】The response shows the nginx version
https://hackerone.com/reports/1395068

【Slack 250刀】Cross-site leak allows attacker to de-anonymize members of his team from another origin
https://hackerone.com/reports/1068153

挖洞技巧

Container Breakouts – Part 1: Access to root directory of the Host
https://blog.nody.cc/posts/container-breakouts-part1/

Container Breakouts – Part 2: Privileged Container
https://blog.nody.cc/posts/container-breakouts-part2/

Container Breakouts – Part 3: Docker Socket
https://blog.nody.cc/posts/container-breakouts-part3/

挖洞工具

CaA - BurpSuite流量收集和分析插件
https://github.com/gh0stkey/CaA

    说点什么吧...