Skip to content

Latest commit

 

History

History
125 lines (104 loc) · 16.1 KB

README_201909.md

File metadata and controls

125 lines (104 loc) · 16.1 KB
Raw

201909 信息源与信息类型占比

201909-信息源占比-secwiki

201909-信息源占比-xuanwu

201909-信息类型占比-xuanwu

201909-最喜欢语言占比

微信公众号 推荐

nickname_english weixin_no title url
安天 Antiylab 震网事件的九年再复盘与思考 https://mp.weixin.qq.com/s/0s1SuWPqAReuRjdp2OsAXw
90Sec Team hk90sec 域渗透总结 https://mp.weixin.qq.com/s?__biz=Mzg3NzE5OTA5NQ==&mid=2247483807&idx=1&sn=59be50aa5cc735f055db596269a857ce&chksm=cf27ea07f8506311d1c421e48d17deeebc19d569b037e0eb6c83656fee30fd9d59cc8228e372&token=2130309421&lang=zh_CN#rd
奇安信威胁情报中心 PhpStudyGhost后门供应链攻击事件及相关IOC https://mp.weixin.qq.com/s/9kqvLPTwVktGmxrgyvUZZA
360智库 网络战的战术实践与战略思考 https://mp.weixin.qq.com/s/NcpsTiVKaMj_NTzRydaSag
信息安全最新论文技术交流 NIST SP800-207:零信任架构草案 https://mp.weixin.qq.com/s/F0tes4QbhQyv14PFokFYuQ
嘶吼专业版 Pro4hou 俄罗斯APT图谱 https://mp.weixin.qq.com/s/kLjX6pMpA-v8Wh2LZK6dJw
安全学术圈 secquan 基于HIN传导分类的恶意域名识别系统 https://mp.weixin.qq.com/s/H6X-BfR7AqTz9xYWBx_Usg
我的安全视界观 CANI_Security 【SDL最初实践】安全开发 https://mp.weixin.qq.com/s/ObEF5r5xQNrv53DV2Cm_sQ
等级保护测评 zgdjbh 江苏网警发布第六批网络安全行政执法典型案例 https://mp.weixin.qq.com/s/zD-jjZLrAWyE4NPjpguRwg
ChaMd5安全团队 chamd5sec SUCTF-WriteUp(上) https://mp.weixin.qq.com/s/bgWwPPjFsiviFxMgNxjUIg
APT攻击 cncg_team Google的安全机制 https://mp.weixin.qq.com/s/PlrPBMRejmaROkR0oLvtuw
FreeBuf企业安全 freebuf_ent 全程带阻:记一次授权网络攻防演练 https://mp.weixin.qq.com/s/BJlXOsBtPGVVU2cVs72TqQ
人民公安报 rmgabs 新中国成立70年来公安科技信息化工作回眸 https://mp.weixin.qq.com/s/B64olNuiuu1HQUkdD3u0fg
安全乐观主义 使用方舟编译器检查Fastjson OOM问题 https://mp.weixin.qq.com/s/ornyzKd3uqjgUHEmdHGIJQ
水滴安全实验室 EversecLab 物联网漏洞挖掘入门--DLINK-DIR-645路由器栈溢出漏洞分析复现 https://mp.weixin.qq.com/s/gpVMcPjfP2HDZisZhy0fig
网络空间安全军民融合创新中心 jmrh1226 美国网络威胁归因的能力与影响探析 https://mp.weixin.qq.com/s/9yRAitNrgN4I6iDaxbNvTA
银河安全实验室 Galaxy-Lab D-Link DIR-816 A2路由器安全研究分享 https://mp.weixin.qq.com/s/rT53P9EW4xLFV9JLbnLroQ
贝塔安全实验室 BetaSecLab 网络空间搜索引擎的魅力 https://mp.weixin.qq.com/s/AdrOhuA0mpjCtdpWjPC1jg
PaperWeekly paperweekly 百度实体链接比赛后记:行为建模和实体链接(含代码分享) https://mp.weixin.qq.com/s/hIGmW_J5xEvLUXa4hFHzsA
PolarisLab PolarisLab Linux环境下无文件执行elf https://mp.weixin.qq.com/s/gz77Yy3yKPM10JsDg1oyiw
中通安全应急响应中心 ZTO_SRC 中通安全开源项目之越权漏洞自动化检测 https://mp.weixin.qq.com/s/vwF7aTvk-U-SnJqO3f80gA
君哥的体历 jungedetili 企业如何构建有效的安全运营体系 https://mp.weixin.qq.com/s/JJkQ8S4qw0RigOoA9Xzhyw
数说安全 SSAQ2016 2019年上半年上市网络安全公司经营简报 https://mp.weixin.qq.com/s/huQKnnsQtLn0uVZj-wz0Uw
新智元 AI_era Nature封面重磅:社交网络影响集体决策,或改变选举结果! https://mp.weixin.qq.com/s/KqyF7epXWRhaT4spGWHXSw
青藤云安全资讯 qingtengyun 一种基于欺骗防御的入侵检测技术研究 https://mp.weixin.qq.com/s/6BEY9qpi0rfk1_T1k1lWmg

组织github账号 推荐

github_id title url org_url org_profile org_geo org_repositories org_people org_projects repo_lang repo_star repo_forks

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
jas502n CVE-2019-8451 JIRA未授权SSRF漏洞POC。 https://github.com/jas502n/CVE-2019-8451 https://twitter.com/jas502n 1.misc 2.crypto 3. web 4. reverse 5. android 6. pwn 7. elf Hong Kong jas502n 194 0 250 1200 149 C,Shell,Java,Objective-C++,Python,C#,PHP 301 114
ChiChou RealWorldCTF 2019 Dezhou Insrumentz macOS 比赛题的源码 https://github.com/ChiChou/DezhouInstrumenz https://github.com/alipay 我要卖掉我的代码 浪迹天涯 Beijing, China @alipay 57 0 1500 665 252 Objective-C,Vue,JavaScript,C 1200 170
mame82 Logitech Unifying Vulnerabilities https://github.com/mame82/UnifyingVulnsDisclosureRepo/tree/master/vulnerability_reports https://www.twitter.com/mame82 None None 69 0 44 509 17 Python,Go,C,JavaScript 2500 517
RUB-SysSec Fuzz中一个常见问题是Checksum或者Magic Value,以前的方法大多是通过符号执行的方法去求解约束,但这样的方法比较复杂。Red­queen这篇文章提出了一种更为简单的思路,即基于VMI来获取比较指令或者函数调用指令的参数,用这个参数来指导变异。具体实现依赖Intel PT。 https://github.com/RUB-SysSec/redqueen https://syssec.rub.de Bochum, Germany Ruhr-University Bochum 25 0 0 254 0 Python,C,Rust 390 105
wonderkun CTFENV: 为应对CTF比赛而搭建的各种环境 https://github.com/wonderkun/CTFENV None None None 70 0 410 199 152 Python,C,PHP,Dockerfile 454 150
matteyeux 用于加载 Apple SecureROM 的 IDA 插件 https://github.com/matteyeux/srom64helper https://github.com/alterway Sysadmin. Sometimes I write code Paris @alterway 107 0 115 184 136 Python,C 10 4
4B5F5F4B 研究员 4B5F5F4B 为 Hyper-V RCE(CVE-2017-007) 漏洞写的 PoC https://github.com/4B5F5F4B/HyperV None None None 20 0 508 114 80 Shell,C,HTML,C++ 125 51
uknowsec 域渗透学习笔记 https://github.com/uknowsec/Active-Directory-Pentest-Notes http://uknowsec.cn 不忘初心,方得始终 Nanjing None 90 0 415 77 150 Python,PHP 95 15
Ch1ngg JWTPyCrack-JWT攻击脚本 https://github.com/Ch1ngg/JWTPyCrack https://www.ch1ng.com/ no no 14 0 121 76 18 Python,C#,ASP,Java 40 10
d0c-s4vage gramfuzz - 通过定义语法规则生成 Fuzz 测试样本数据的工具 https://github.com/d0c-s4vage/gramfuzz None None None 56 0 37 75 1 Python,JavaScript,Vim 149 29
theLSA PC客户端(C-S架构)渗透测试checklist https://github.com/theLSA/CS-checklist http://www.lsablog.com I like network security,penestration and programming(python,c/c++,php,java,ect),welcome to communicate with me! China None 29 0 18 67 18 Python,Ruby 80 40
jakkdu fuzzilli的quickjs patch, Happy hacking :) https://github.com/jakkdu/fuzzilli-for-quickjs http://jakkdu.github.io Atlanta Georgia Institute of Technology 13 0 49 65 6 Python,TeX,Ruby 11 3
Geluchat 研究员Geluchat公开了若干针对Chrome V8引擎的1day漏洞和比赛题目的exploit。 https://github.com/Geluchat/chrome_v8_exploit https://www.dailysecurity.fr France None 7 0 49 59 11 Python,C,JavaScript,PHP 31 5
lucasg 基于 IDA 脚本实现的枚举系统 RPC 接口的工具 https://github.com/lucasg/findrpc None None None 24 0 33 54 3 C#,Python,C,TeX,CSS 1600 128
0x7ff PoC for setting nonce without triggering KPP/KTRR/PAC https://github.com/0x7ff/dimentio None Monero: 42XMRm2cADx8tN3FxA9i2n852PNUTS1JSaDrqdBnxKkiW44WTQMvawFHXmYwxJmhhoKruQHE8bFNjH9BsWH35BjeETyG8fE None None 10 0 0 49 6 C 28 9
0xDezzy 攻击 Pulse Secure Connect VPN 服务的 Exploit 代码 https://github.com/0xDezzy/CVE-2019-11539 None Houston based Security Researcher and Red Teamer Houston, Texas EY 93 0 124 41 52 Python,KiCad,JavaScript,C++ 68 15
allpaca V8Harvest - V8 代码库近期回归测试样本的分析,方便分析 v8 的漏洞 https://github.com/allpaca/V8Harvest None None None 46 0 37 40 4 JavaScript,C++ 96 20
rohanpadhye 针对 Java 语言的基于覆盖率的 Fuzz 框架 https://github.com/rohanpadhye/jqf https://cs.berkeley.edu/~rohanpadhye PhD student Berkeley, CA UC Berkeley 29 0 50 39 6 C,Java 121 24
c0d3p1ut0s Java反序列化漏洞自动挖掘方法 https://github.com/c0d3p1ut0s/Conference https://c0d3p1ut0s.github.io/ Hangzhou China None 6 0 2 37 0 Python,HTML,Java 92 17
A2nkF 研究员 A2nkF 公开了一个 macOS 内核 0Day Exploit https://github.com/A2nkF/macOS-Kernel-Exploit/ https://twitter.com/A2nkF_ None None 14 0 21 32 15 Python,C,C++ 106 18
ION28 BLUESPAWN - 用于辅助蓝队实现 Windows 系统主动防御的监控工具 https://github.com/ION28/BLUESPAWN/blob/master/README.md https://metactf.com None MetaCTF 8 0 165 28 29 JavaScript,C++ 60 16
gnebbia pdlist: A passive subdomain finder https://github.com/gnebbia/pdlist None Italy None 231 0 225 20 5 C,XSLT,Python,JavaScript,Makefile,Perl,HTML,Go,PowerShell 104 14
Areizen 一款基于 Android 模拟器和 Frida 实现的 Android 恶意软件分析的沙盒 https://github.com/Areizen/Android-Malware-Sandbox None None None 16 0 2 19 2 Python,Shell,JavaScript 86 23
StrangerealIntel 针对以色列某未知 APT 恶意样本的分析报告 https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Israel/APT/Unknown/26-08-19/Malware%20analysis%2026-08-19.md None None None 1 0 0 19 0 Visual 67 14
SVF-tools SVF - 针对 C/C++ 程序的指针和过程依赖静态分析工具 https://github.com/SVF-tools/SVF None None None 4 0 0 12 0 C,C++ 284 93
dogangcr vulnerable-sso: vulnerable single sign on https://github.com/dogangcr/vulnerable-sso None None None 2 0 9 3 1 Java 80 11
MoonLight-SteinsGate LearnAFL--knowledge-learn evolutionary fuzzer https://github.com/MoonLight-SteinsGate/LearnAFL None None None 2 0 1 1 0 C,C++ 8 3
dplusec 端对端加密的微信聊天插件 https://github.com/dplusec/tgwechat None None None 2 0 0 1 0 HTML 15 4
0Kee-Team JavaProbe: 一款Java应用运行时信息收集工具 https://github.com/0Kee-Team/JavaProbe?from=timeline&isappinstalled=0 None None None None 0 0 0 0 0 Java 0 0
FederatedAI FATE: 联邦学习开源项目 https://github.com/FederatedAI/FATE None None None None 0 0 0 0 0 Python,Java,CSS 703 203
Netis packet-agent: 云环境网络流量镜像项目 https://github.com/Netis/packet-agent/blob/master/README-zh-Hans.md None None None None 0 0 0 0 0 C,C++ 0 0
QAX-A-Team LuWu: 红队基础设施自动化部署工具 https://github.com/QAX-A-Team/LuWu None None None None 0 0 0 0 0 C,Shell,Java,Python,C++,Go,PowerShell 0 0
Tencent TencentOS tiny - 腾讯开源的面向物联网领域的实时操作系统 https://github.com/Tencent/TencentOS-tiny None None None None 0 0 0 0 0 C,Java,Python,Kotlin,JavaScript,C++,Lua,Go,PHP,CSS,C# 23200 5900
defenxor dsiem: Security event correlation engine for ELK stack https://github.com/defenxor/dsiem?from=timeline None None None None 0 0 0 0 0 Go,HTML 0 0
eth-sri 利用机器学习的方法还原(推测)被 strip 过的二进制程序的调试符号信息 https://github.com/eth-sri/debin None None None None 0 0 0 0 0 C,TypeScript,Java,D,Python,Mathematica,C++,C#,HTML,SMT,JavaScript 0 0
fireeye fireeye/SharPersist https://github.com/fireeye/SharPersist None None None None 0 0 0 0 0 C,Vue,Python,JavaScript,C++,C#,Go,PowerShell 0 0
google Google 开源了一个实现差分隐私算法的 C++ 库 https://github.com/google/differential-privacy/tree/master/differential_privacy None None None None 0 0 0 0 0 C,Java,Python,JavaScript,C++,Dart,HTML,Go 0 0
googleprojectzero DrSancov - j00ru 开源的一款 DynamoRIO 插件,用于在动态插桩中输出 ASAN/ SanitizerCoverage 框架支持的格式方便进一步做分析 https://github.com/googleprojectzero/DrSancov None None None None 0 0 0 0 0 C,C#,C++,Python,HTML,Swift 0 0
microsoft 微软开源了 MSVC 的 C++ 标准库 STL https://github.com/microsoft/STL None None None None 0 0 0 0 0 TypeScript,Jupyter,C#,JavaScript,SQLPL,C++,Python,HTML,Go,PHP,Dockerfile,PowerShell 83100 12000
seecode-audit seecode-audit: SeeCode Audit 代码审计管理系统 https://github.com/seecode-audit/seecode-audit None None None None 0 0 0 0 0 Python 0 0
ucsb-seclab 自动固件仿真工具,相关论文在:http://subwire.net/publication/pretender/ https://github.com/ucsb-seclab/pretender None None None None 0 0 0 0 0 Python,C,Java,C++ 0 0
zeek Zeek - 一款开源的网络协议分析工具 https://github.com/zeek/zeek None None None None 0 0 0 0 0 Bro,C,Zeek,CMake,Python,JavaScript,C++,Vim,Yacc,PHP,Dockerfile 2800 728

medium_xuanwu 推荐

title url
逃逸基于机器学习技术的恶意软件检测,这是作者今年参加 DEFCON AI Village 的 Writeup http://medium.com/@william.fleshman/evading-machine-learning-malware-classifiers-ce52dabdb713
从 Windows 客户端漏洞利用到获取 Kubernetes Cluster 管理员权限 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Ffrom-thick-client-exploitation-to-becoming-kubernetes-cluster-admin-the-story-of-a-fun-bug-we-fe92a7e70aa2
Qualcomm driver on the Dell XPS 本地提权漏洞披露 http://medium.com/tenable-techblog/kernel-write-what-where-in-qualcomm-driver-lpe-f08389f6fce9
Process Reimaging 杀软逃逸行为的检测 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fyou-can-run-but-you-cant-hide-detecting-process-reimaging-behavior-e6bb9a10c40b
作者介绍了用自己的工具 Shhmon 卸载 Sysmon 的相关技术分析 http://medium.com/p/shhmon-silencing-sysmon-via-driver-unload-682b5be57650
利用 FireEye 开源的 SilkETW 工具实现基于 ETW Events 的威胁检测 http://medium.com/threat-hunters-forge/threat-hunting-with-etw-events-and-helk-part-1-installing-silketw-6eb74815e4a0
利用上传文件到服务器和服务器上传文件到Amazon S3的时间空隙,通过本地文件包含实现了RCE。 http://medium.com/@YoKoKho/race-condition-that-could-result-to-rce-a-story-with-an-app-that-temporary-stored-an-uploaded-9a4065368ba3
一个 DLL 注入导致的本地提权漏洞 http://medium.com/@bazyli.michal/more-than-a-penetration-test-cve-2019-1082-647ba2e59034

medium_secwiki 推荐

title url

zhihu_xuanwu 推荐

title url

zhihu_secwiki 推荐

title url
再谈安全运营 https://zhuanlan.zhihu.com/p/84591095

日更新程序

python update_daily.py