漏洞报告
【U.S. Dept Of Defense】重定向+反射型XSS
https://hackerone.com/reports/1406598【Mail.ru 】#1257091 Угон домена photo-test.gb.ru (возможно)
https://hackerone.com/reports/1257091【 Rockstar Games】缓存投毒
https://hackerone.com/reports/1219038【 GitLab 】缓存投毒造成拒绝服务
https://hackerone.com/reports/1160407
挖洞技巧
实用的 Web 缓存中毒
https://portswigger.net/research/practical-web-cache-poisoningShopify 插件绕过使用通过 API 实现漏洞的客户端注入
https://xkurtph.medium.com/shopify-plugin-bypass-using-client-side-injection-thru-api-implementation-vulnerability-710d25105c8f破解你自己的 JWT 实现过程
https://thexssrat.medium.com/hack-your-own-jwt-implementation-1d9dd4315de5
挖洞工具
Rogue Assembly Hunter 是一个实用程序,用于在正在运行的进程中发现“有趣的”.NET CLR 模块。
https://github.com/bohops/RogueAssemblyHunterCatalyst 是一个事件响应平台或 SOAR(安全编排、自动化和响应)系统。它可以帮助您自动化警报处理和事件响应程序。
https://github.com/SecurityBrewery/catalyst