README_201910.md

201910 信息源与信息类型占比

微信公众号 推荐

nickname_english	weixin_no	title	url
ChaMd5安全团队	chamd5sec	【翻译】看我如何利用PHP的0day黑掉Pornhub并获得2W美刀奖励	https://mp.weixin.qq.com/s/pvc0xrBK6wP-lJMOPONr2w
美团安全应急响应中心		大型互联网公司数据安全实践	https://mp.weixin.qq.com/s/DtGLFwcwNMCZseOKOAOC9Q
丁爸 情报分析师的工具箱	dingba2016	【美国情报】图解NSA的48个Ant监控工具	https://mp.weixin.qq.com/s/gpM1Ze2ofLXt5ernZBOudw
腾讯技术工程	Tencent_TEG	机器学习模型可解释性的详尽介绍	https://mp.weixin.qq.com/s/JEIxzuPDrbvSJjpHExaI_w
SecWiki	SecWiki	SecWiki安全招聘（第25期）	https://mp.weixin.qq.com/s/NslzE1ObdRKPLeGWV2Axyw
学术plus	caeit-e	美国国防部2019年消费账单出炉，竟频频打脸！	https://mp.weixin.qq.com/s/Hk_BfBPz0TGqFNblGb_m5A
奇安信威胁情报中心		揭密：当年奥运会背后的网络暗战和幕后网军真相	https://mp.weixin.qq.com/s/anC86mOuuaH09lnWMEVXEw
AD风险实验室		业务安全的资源层攻防时代	https://mp.weixin.qq.com/s/nkf5yRrAw-IA5_ROD6Za4g
FreeBuf	freebuf	企业安全无间道之抓内鬼	https://mp.weixin.qq.com/s/9z0eFephjLsq2zJz4rrs9A
TideSec安全团队	TideSec	应急响应实例分享	https://mp.weixin.qq.com/s/Aal5nnp9zUR6cLtoKVaJrw
jaxsec		Linux For Pentester: socat Privilege Escalation(中英对照)	https://mp.weixin.qq.com/s?__biz=MzI5OTYzMjU1OA==&mid=2247483759&idx=1&sn=13cc7388d74532d0c77e2429e5c0ea2e&chksm=ec92d3aedbe55ab8573dad78ea7f0c68c3eae83c1fb585b9ee058f7d4d9b11b062d3566c5b92&mpshare=1&scene=23&srcid=&sharer_sharetime=1571632808853&sha
凌天实验室	LT_labs	勒索解密工具整理篇	https://mp.weixin.qq.com/s/T6zSWZ-qMit-8gR4Itmknw
奇安信 CERT		BROP技术研究	https://mp.weixin.qq.com/s/Old4dKS2aDp1TETTn0WzoQ
安全客	anquanbobao	针对海最新顶会fuzz论文分享	https://mp.weixin.qq.com/s/BmuwRouYB3AGsVae3koGOQ
安全小飞侠	AvFisher	基于MITRE ATT&CK的Red Teaming行动实践	https://mp.weixin.qq.com/s/u1cPkGegyRpw3oyKaBMf1w
安全牛	aqniu-wx	ATT&CK 随笔系列之一：右脑知攻、左脑知防	https://mp.weixin.qq.com/s/sxlMUwLqLBi-CJQV41DWaA
时间之外沉浮事	tasnrh	网络空间靶场发展态势综述	https://mp.weixin.qq.com/s/McTaM1MIuLsXAmubPqr0LQ
深度传送门	deep_deliver	RecSys 2019参会总结及推荐精读论文	https://mp.weixin.qq.com/s/NrhIEcY0-76g88-GA01kww
川云安全团队	cyunsec	Kibana < 6.6.1 代码执行漏洞复现笔记	https://mp.weixin.qq.com/s/3r41HE3bnNHhWOw42uziTQ
云众可信	yunzhongkexin	原创干货	暗网知识小科普
穿过丛林		容器云安全防御机制动态评估与优化框架	https://mp.weixin.qq.com/s/-g2MLk7i0QBToxdE-RHjSw
App个人信息举报	app_grxxjb	专题研究	手机设备识别码类型分析
Viola后花园	Viola_deepblue	Signal Sciences 下一代WAF	https://mp.weixin.qq.com/s/daH3UatnuUvkFIq9BrZPyg
专注安管平台		从一份工作说明书看DHS的SOC运营内容与要求	https://mp.weixin.qq.com/s/3KPU2Ke6HsgeovQXduTU1Q
暗影安全实验室	Eversec_Lab	反间谍之旅003	https://mp.weixin.qq.com/s/ZxsyB4ELKdV84eHh6zn1iQ
电网头条	sgcctop	刚刚，国家电网公司发布《泛在电力物联网白皮书2019》	https://mp.weixin.qq.com/s/gWLm5KMfkSlhNr0ptmIYwQ
绿盟科技研究通讯	nsfocus_research	初探加密流量识别	https://mp.weixin.qq.com/s/UDvX0HiPYlF5POe1FUhpuA
青藤云安全资讯	qingtengyun	细述MITRE ATT＆CK框架的实施和使用方式	https://mp.weixin.qq.com/s/bEUGuEQDuxVVi7f6mfnuTQ
军鹰资讯	JoinInformation	浅析DARPA的运作机制（内附报告下载链接）	https://mp.weixin.qq.com/s/T5EqLfqSCU8JRp6Ez4vdpg
分类乐色桶		[CVE-2019-9535] Iterm2命令执行的不完整复现	https://mp.weixin.qq.com/s/4KcpS4eNGQ8bL6DTM4K0aQ
湛卢工作室	xuehao_studio	SRC漏洞挖掘实用技巧	https://mp.weixin.qq.com/s/g-vlNmn4uQKUnBKZ7LMJvA
看雪学院	ikanxue	ATT&CK一般性学习笔记	https://mp.weixin.qq.com/s/qfthyNQ3E_TruEbREcIJzg
汉客儿		沙箱：概述	https://mp.weixin.qq.com/s/spmYrBPK9kuEoOixl9yRRA
安全学术圈	secquan	浅析公共GitHub存储库中的秘密泄露	https://mp.weixin.qq.com/s/gcBN3slkqwkDW_I24OB_ug
贝塔安全实验室	BetaSecLab	反弹shell的学习总结 - Part 1	https://mp.weixin.qq.com/s/-citnkfwGai7KQCIp9G99w

组织github账号 推荐

github_id	title	url	org_url	org_profile	org_geo	org_repositories	org_people	org_projects	repo_lang	repo_star	repo_forks

私人github账号 推荐

github_id	title	url	p_url	p_profile	p_loc	p_company	p_repositories	p_projects	p_stars	p_followers	p_following	repo_lang	repo_star	repo_forks
evilsocket	evilsocket 开源的一个利用深度学习技术辅助攻击 WiFi 的工具	https://github.com/evilsocket/pwnagotchi/releases/tag/v1.0.0RC4	https://www.evilsocket.net		Italy	Zimperium	118	0	14	4100	0	Go,Python,JavaScript,CSS	6000	573
byt3bl33d3r	利用脚本语言处理 .NET Payloads，实现 BYOI Payloads	https://github.com/byt3bl33d3r/Slides/blob/master/RT%20Level%209000%2B%2B_BsidesPR.pdf	https://byt3bl33d3r.github.io	C Y B E R	Error: Unable to resolve	BlackHills InfoSec	98	0	1100	3000	120	Python,PowerShell,HCL,Boo	3000	795
taviso	Tavis Ormandy 开源了一个用于与 CEF Debugger 交互的工具	https://github.com/taviso/cefdebug	None		None	None	12	0	16	1500	1	C	2700	225
Xyntax	污染 TensorFlow模型: XCTF 2019 Final tfboys 命题思路	https://github.com/Xyntax/XCTF-2019-tfboys//	https://www.cdxy.me	Data Mining / Threat Hunting / Blue Team / CTF🧐	Hangzhou,China	Alibaba Cloud	53	0	320	1000	93	Python,HTML,JavaScript,PowerShell	1300	647
tyranid	James Forshaw 开源了一个攻击存在 CVE-2014-1806 / CVE-2014-4149 漏洞的 .NET Remoting Services 的工具	https://github.com/tyranid/ExploitRemotingService	None		None	None	32	0	0	806	2	C#,Python,C	851	227
infosecn1nja	SharpDoor - Patch termsrv.dll 实现 RDP (Remote Desktop) Multi-Session 的支持	https://github.com/infosecn1nja/SharpDoor	None	Security Researcher/Red/Purple Teaming/Adversary Simulation/Threat Hunter. Contributors of Atomic Red Team, PS Empire, Mitre ATT&CK Framework, LOLBas, and more.	Jakarta, Indonesia	None	32	0	656	643	71	Python,C#,Shell	2600	739
vstinner	Python Security - 记录 Python 历史漏洞及补丁版本信息的 Repo	https://github.com/vstinner/python-security	https://github.com/python	I am paid by Red Hat to maintain Python upstream (python.org) and downstream (RHEL, Fedora). @python core-dev.	France	Red Hat	32	0	7	642	0	Python	299	34
danielbohannon	Revoke-Obfuscation: PowerShell Obfuscation Detection Framework	https://github.com/danielbohannon/Revoke-Obfuscation	http://danielbohannon.com	Principal Applied Security Researcher (prev IR Consultant)	Washington, D.C.	Mandiant	7	0	0	533	5	PowerShell	1300	345
LandGrey	Kibana CVE-2019-7609 RCE Exploit	https://github.com/LandGrey/CVE-2019-7609/	https://landgrey.me	I learn cyber sec	Earth	None	15	0	1100	425	44	Python,ASP	1000	285
404notf0und	2018-2020青年安全圈-活跃技术博主/博客	https://github.com/404notf0und/Security-Data-Analysis-and-Visualization	https://www.4o4notfound.org	欢迎关注公众号：404 Not F0und，专注于Cyber-Security-Data-Analysis	Hangzhou,China	Ant Financial	14	0	72	350	16	TSQL,Jupyter	520	121
Dliv3	Venom - A Multi-hop Proxy for Penetration Testers	https://github.com/Dliv3/Venom	https://twitter.com/D1iv3	BUPT	CTF	天枢(Dubhe)	Tencent Security Xuanwu Lab	China, Beijing	BUPT	59	0	1200	348	176
leebaird	基于 Metasploit 写的一款自动化渗透测试工具	https://github.com/leebaird/discover	None		None	None	3	0	49	344	2	Python,Shell,PHP	1700	515
al0ne	Suricata安装部署&丢包优化&性能调优&规则调整&Pfring设置	https://github.com/al0ne/suricata_optimize	None	Emergency response, security analysis	United States	None	13	0	613	272	225	Python,Dockerfile,Shell,Makefile	793	230
ouqiang	gocron: 定时任务管理系统	https://github.com/ouqiang/gocron	None	to be a better man	Xiamen, China	None	12	0	106	186	1	Go,PHP	1900	433
monoxgas	BlackHat USA 会议上有一个关于 C&C（命令控制）技术的议题，作者最近将相关的工具也公开了	https://github.com/monoxgas/FlyingAFalseFlag	None		Utah, United States	Silent Break Security	16	0	31	145	1	C#,Python,PowerShell,C++	488	143
theLSA	vbulletin5 rce漏洞检测工具	https://github.com/theLSA/vbulletin5-rce	http://www.lsablog.com	I like network security,penestration and programming(python,c/c++,php,java,ect),welcome to communicate with me!	China	None	33	0	19	90	19	Python	134	42
Ch1ngg	Cobalt Strike - 使用其他方式抓取密码/dump hash	https://github.com/Ch1ngg/AggressorScript-RunDumpHash	https://www.ch1ng.com/		no	no	15	0	145	84	18	Python,C#,ASP,Java,PowerShell	44	11
DavidXanatos	一个细粒度管理 Windows 软件更新包的工具	https://github.com/DavidXanatos/wumgr	None		None	None	30	0	7	60	0	C#,C,PowerShell,C++	405	57
0xcpu	Windows 10 20H1 18999 新加了一个特性 AltSystemCallHandlers，可以实现 KiSystemCall 的 HOOK 回调	https://github.com/0xcpu/WinAltSyscallHandler	None	nothing interesting	None	None	16	0	1300	52	112	Python,C,C++,Rust	48	11
yyhsong	iDataV: 大屏数据可视化示例	https://github.com/yyhsong/iDataV	None	Just coding for fun.	None	None	13	0	31	42	0	JavaScript	875	368
therealsaumil	ARM-X - 基于 Qemu 模拟执行 IoT 设备 ARM 固件的框架	https://github.com/therealsaumil/armx	https://twitter.com/therealsaumil		None	None	8	0	0	36	2	Shell,C,JavaScript,Assembly,Arduino	170	32
open-cmdb	cmdb: CMDB 配置管理系统 资产管理系统	https://github.com/open-cmdb/cmdb	None		Shanghai	None	2	0	2	35	0	Python,JavaScript	413	166
daddycocoaman	Bypass Python 3.8 版本新增的 Runtime Audit Hooks 安全审计特性	https://github.com/daddycocoaman/SlidePresentations/blob/master/2019/BypassingPython38AuditHooks.pptx	None		None	None	10	0	11	25	1	Python,PowerShell,Boo	43	9
JonGates	jon: LINUX系统攻防工具箱	https://github.com/JonGates/jon	http://blog.jongates.cn	birl	None	597.com	10	0	118	21	7	Go,C,JavaScript	104	28
GuidoPaul	CAIL2019: 中国法研杯司法人工智能挑战赛之相似案例匹配第一名...	https://github.com/GuidoPaul/CAIL2019	http://www.baosl.com/		None	None	20	0	124	19	12	Python,Jupyter,Java,Vim	68	24
blaCCkHatHacEEkr	PENTESTING-BIBLE	https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE	https://twitter.com/cry__pto	MalwareHacker		OSPentester		NetworkBreaker		ForensicsExpert		SocialEngineeringPro		WebProtector
bsauce	Fuzz 方向的几篇 Paper 的解读	https://github.com/bsauce/Some-Papers-About-Fuzzing	https://www.jianshu.com/u/a12c5b882be2		None	None	18	0	48	16	17	Python,C,CSS,C++	25	6
0Kee-Team	CatchMail: 收集邮箱的工具	https://github.com/0Kee-Team/CatchMail	None	None	None	None	0	0	0	0	0	Python,Java	0	0
MicrosoftDocs	微软公开 Windows Driver Kit 相关的文档	https://github.com/MicrosoftDocs/windows-driver-docs	None	None	None	None	0	0	0	0	0	TypeScript,HTML,C#,JavaScript,Python,Shell,PowerShell	3100	8200
advanced-threat-research	Repository of YARA rules made by McAfee ATR Team	https://github.com/advanced-threat-research/Yara-Rules	None	None	None	None	0	0	0	0	0	Python,YARA,HTML	0	0
ernw	ERNW GmbH 公开了几篇关于 Windows WDAC 与 Code integrity 的研究 Paper	https://github.com/ernw/Windows-Insight/tree/master/articles/Device%20Guard/WDAC	None	None	None	None	0	0	0	0	0	C,Shell,Java,XSLT,Python,Erlang	488	134
fuzzitdev	Jsfuzz: coverage-guided fuzz testing for Javascript	https://github.com/fuzzitdev/jsfuzz	None	None	None	None	0	0	0	0	0	C,TypeScript,CMake,Dockerfile,C++,Swift,HCL,Go,Java,Ruby,Rust	234	11
guardicore	labs_campaigns 攻击团队IOC信息	https://github.com/guardicore/labs_campaigns	None	None	None	None	0	0	0	0	0	C,TypeScript,Java,Python,JavaScript,C++,CoffeeScript,C#	0	0
intel	Intel 开源了一个 VBH（Virtualization Based Hardening）项目，通过 API 可以为 Client 提供基于虚拟化的安全防护特性支持	https://github.com/intel/vbh	None	None	None	None	0	0	0	0	0	C,Shell,Assembly,Python,JavaScript,BitBake,C++,Go,Java,Rust	0	0
nccgroup	acCOMplice - 用于发现和利用 COM 劫持的工具，作者 9 月份在 DerbyCON 会议有过一次关于这个工具的演讲	https://github.com/nccgroup/acCOMplice	None	None	None	None	0	0	0	0	0	C,TypeScript,Java,Python,JavaScript,C++,C#,HTML,Shell,Elixir,Go,PowerShell,Rust	874	157
palantir	Windows Exploit Guard 相关的资料整理	https://github.com/palantir/exploitguard	None	None	None	None	0	0	0	0	0	Groovy,TypeScript,Java,Scala,Python,JavaScript,Shell,Go,Rust	0	0
zaproxy	zaproxy - OWASP Zed Attack Proxy (ZAP)，一个用于辅助 Web 应用安全性测试的工具	https://github.com/zaproxy/zaproxy	None	None	None	None	0	0	0	0	0	Java,C#,JavaScript,Python,HTML,Go,PHP,Rust	6300	1200

medium_xuanwu 推荐

title	url
作者介绍了一种绕过 Microsoft-Windows-Threat-Intelligence 机制向线程注入 APC 的方法——借助 kenel APC 向线程注入 user APC	http://medium.com/@philiptsukerman/bypassing-the-microsoft-windows-threat-intelligence-kernel-apc-injection-sensor-92266433e0b0
对基于物联网的出勤设备进行渗透测试	http://medium.com/bugbountywriteup/pentesting-an-iot-based-biometric-attendance-device-10c0efd69392
XSS 高级技巧之 Bypass Uppercase filters	http://medium.com/@Master_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce
入门教程-如何探索网络摄像的漏洞（固件）	http://medium.com/@knownsec404team/getting-started-tutorial-how-to-explore-the-camera-vulnerability-firmware-c405e25ed177
如何用使用burp套件扩展插件（taborator）利用exploit远程文件包含/带外资源加载(HTTP)测试	http://link.medium.com/RKQJyWPJSZ
Proftpd 被发现缓冲区溢出漏洞（CVE-2019–18217），影响 1.3.6b 之前版本	http://medium.com/@social_62682/proftpd-buffer-overflow-cve-2019-18217-281503c527e6
Online WebAssembly Terminal - 一款在浏览器中直接执行 WebAssembly 模块的网站	http://medium.com/wasmer/webassembly-sh-408b010c14db
Understanding usbmux and the iOS lockdown service，了解 iTunes、Xcode 是如何与 iOS 设备交互的	http://medium.com/@jon.gabilondo.angulo_7635/understanding-usbmux-and-the-ios-lockdown-service-7f2a1dfd07ae

medium_secwiki 推荐

title	url
Malicious document targets Vietnamese officials	https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a

zhihu_xuanwu 推荐

title	url

zhihu_secwiki 推荐

title	url

日更新程序

python update_daily.py