1。 https://www.browserstack.com/guide/test-websites-from-different-countries 2. https://www.webpagetest.org/ 3。 https://public.testgrid.io/scriptless?id=374928&platform=3&script_type=3&am...
Docker 手动copy_image国内的无法用_pull
refer to: https://stackoverflow.com/questions/23935141/how-to-copy-docker-images-from-one-host-to-another-without-using-a-repository https://stackoverflow.com/a/23938978/445908 docker save -o c:/...
Linux 向日葵 解决无法鼠标滚动下拉画面的问题
refer to: 自己想出来的。 在远程机器上 设置 -> 常规 -> 虚拟屏, 勾选即可。
Blockchain Solidity Ignitiondeploy部署ethcontract地址的产生
refer to: https://hardhat.org/ignition/docs/guides/modifications 首次部署贼简单 不过我失败了。准备使用foundry 第二次部署(修改了contract之后) const { buildModule } = require("@nomicfoundation/hardhat-ignition/modules"); modu...
Security 未来web2_web3的混合人才是趋势
只懂web2的:特别特别多 只懂web3的:有一些 又懂web2 又懂web3的:特别少见, 有竞争力。 进可做安全,退可做solidity开发。 关键的是:web3领域特别特别特别需要安全人才,需求度比传统的web2要高很多 传统的web领域:库丢了就丢了,root被拿了就拿了,无所谓,资产都在银行。 web3领域:权限没了 = 资产没了  所有资产都在链上,一点后悔的机会都没有...
Blockchain Solidity顶部永远要放一行废代码
refer to: https://stackoverflow.com/questions/65234522/warning-spdx-license-identifier-not-provided-in-source-file // SPDX-License-Identifier: MIT 挺无语的,这个跟java的package有啥区别?没任何区别啊。根本没作用啊。跟<xml ?...
Blockchain区块链编程的本质
构成:blockchain -> contracts -> methods ... contract :  源代码在本地编写,本地编译,部署到远程(链上) 一旦contract部署到了链上,无法更改,只能调用。
Blockchain Solidity 根据某个contract获得bytecode再获得abi
refer to: https://ethereum.stackexchange.com/a/156128/30431 例如,给定某个网络,获得某个contract的abi: 1. 先获得对应contract的bytecode: curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","meth...
Cissp书籍下载
refer to: 目前是第九版,有中文实体书 第九版中文PDF找到了: https://files.sweetysoft.com/image_after_2024_03_24/5304/2_CISSP官方学习指南9th中文(1).pdf 第八版只有英文文字版pdf 第七版有中文 文字版pdf  https://files.sweetysoft.com/image_afte...
Blockchain 区块链攻击事件汇总
refer to: 2022: https://www.panewslab.com/zh/articledetails/l9hj2ngug39u.html 2023: https://www.fx168news.com/article/433280
Blockchain 不同网络的对于智能合约contract的编程语言
eth:  solidity trx:  solidity, javascript eos: c++ solana: rust ,c avalanche: solidity, bnb: bsc:  solidity polygon: solidity
Security Fingerprint的实现和检测
refer to: https://fingerprint.com/blog/browser-fingerprinting-techniques/ https://seon.io/resources/browser-fingerprinting/ fingerprint: 指纹。 browser fingerprint通常包含: ip geo location ( 跟ip 差不多) ...
Security 春秋云镜cve 2021 24750_wordpress_statistic
refer to: https://yunjing.ichunqiu.com/cve/detail/788?pay=1 https://nvd.nist.gov/vuln/detail/CVE-2021-24750 https://github.com/fimtow/CVE-2021-24750/blob/master/exploit.py 从介绍上看,这是一个authentica...
Security 春秋云镜cve 2021 24340 Wordpress
refer to: https://yunjing.ichunqiu.com/cve/detail/808?pay=1 https://sploitus.com/exploit?id=WPEX-ID:D2970CFB-0AA9-4516-9A4B-32971F41A19C 总结: 1. sqlmap 工具真的好用,对于sleep 这样time based sqli 不需要 --strin...
Linux Sudo的同时保持http_proxy Https_proxy
refer to: https://gist.github.com/hindol/4483374 1.  使用命令:sudo visudo   修改文件: /etc/sudoers 2. 保证添加这一句: Defaults env_keep+="http_proxy ftp_proxy all_proxy https_proxy no_proxy" 就可以了。 3. 验...
Security Xss史上最强xss攻击姿势
refer to: https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html https://stackoverflow.com/questions/1798633/xss-attack-with-javascript-in-img-src-attribute 好多好长啊。。。
Security Burpsuite不能跟vpn一起使用当vpn是udp服务时
refer to: 1. 手机端有个VPN 2. 手机端设置跟host一样的网络, 3. PC host 打开 burpsuite 4. 手机端需要关闭VPN,然后设置 proxy, 然后PC端才能看到手机端的抓包。 原因是,手机端的VPN走的是UDP,这个跟TCP不一样,无法抓包。所以burpsuite上看不到任何东西。
Security Blockchain Audit自动化的代码审查工具securify2别用了仅支持到6
refer to: https://github.com/eth-sri/securify2 注意:目前仅仅支持单文件的contract, 不支持import那种格式 安装 略 使用
Security 记录一次应急响应kinsing挖矿病毒kdevtmpfsi
refer to: https://groups.google.com/g/linux.debian.bugs.dist/c/A1GAuTs-9I4?pli=1 https://cloud.tencent.com/developer/article/1370854 各种排查,发现: crontab -e 中有一条可疑记录 删除后问题依旧 /tmp 下不断地创建挖矿病毒,删除 /tmp后...
Security Reverseshell反弹shell很好的网站revshells Com
refer to: https://www.revshells.com/