diff --git a/README.md b/README.md index fde1c6024..f4f586107 100644 --- a/README.md +++ b/README.md @@ -14,16 +14,18 @@ # 微信公众号 推荐 | nickname_english | weixin_no | title | url| | --- | --- | --- | ---| +| 白帽子的成长之路 | whitehat_day | 2020年开源情报(OSINT)TOP20 工具 | https://mp.weixin.qq.com/s?__biz=MzI2NDY1NDg0OA==&mid=2247484049&idx=1&sn=e6e716cfcfef01956c1acc7d684d44d1 | 1| +| 零队 | | 加载远程XSL文件的宏免杀方法 | https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247483758&idx=1&sn=1bd0006d16747389046058ea34c3b7b7&chksm=fcb783ebcbc00afd694b7a2ee10ad32aff0a534963878541ee17974ffee29c63342f4e617661&token=1823181969&lang=zh_CN#rd | 1| | AI科技评论 | aitechtalk | 如何以初学者角度写好一篇国际学术论文? | https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g | 1| -| 安全学术圈 | secquan | EuroS&P 2020 论文录用列表 | https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ | 1| -| 腾讯安全应急响应中心 | tsrc_team | 浅谈DDoS攻防对抗中的AI实践 | https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A | 1| +| PolarisLab | PolarisLab | Bypassing Crowdstrike Falcon 1:大力出奇迹 | https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ | 2| +| 安全乐观主义 | | SDL已死,应用安全路在何方? | https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw | 1| | 安全喷子 | | 威胁狩猎101文档 | https://mp.weixin.qq.com/s/0hOtnTz9QrKlLivAobjU7Q | 1| +| 安全学术圈 | secquan | EuroS&P 2020 论文录用列表 | https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ | 1| | 安恒信息安全研究院 | | 蓝牙安全之Class of device | https://mp.weixin.qq.com/s/TIYvcThrfOC40rqcy-VGCg | 1| +| 山丘安全攻防实验室 | hillsec | 一篇文章带你从XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) | https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23 | 1| +| 腾讯安全应急响应中心 | tsrc_team | 浅谈DDoS攻防对抗中的AI实践 | https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A | 1| | 腾讯御见威胁情报中心 | | 腾讯安全威胁情报中心“明炉亮灶”工程:​自动化恶意域名检测揭秘 | https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg | 1| | 赵武的自留地 | | 写在Goby新版发布前,讨论网络安全测试工具的发展 | https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA | 1| -| PolarisLab | PolarisLab | Bypassing Crowdstrike Falcon 1:大力出奇迹 | https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ | 1| -| 安全乐观主义 | | SDL已死,应用安全路在何方? | https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw | 1| -| 山丘安全攻防实验室 | hillsec | 一篇文章带你从XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) | https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23 | 1| | PeckShield | PeckShield | 硬核:解密美国司法部起诉中国OTC承兑商洗钱案件 | https://mp.weixin.qq.com/s/wWrm3gwT72Pc8Nxw-1OiSw | 1| | 七夜安全博客 | qiye_safe | 无文件执行:一切皆是shellcode (上) | https://mp.weixin.qq.com/s/Bv0xebGKaJ2GGwntKGq2NQ | 1| | 君哥的体历 | jungedetili | 终端安全运营年度笔记 | https://mp.weixin.qq.com/s/cHYu7Ayni5mkjWpn6_XrwA | 1| @@ -60,13 +62,15 @@ | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | ---| | lirantal | Awesome Node.js Security resources | https://github.com/lirantal/awesome-nodejs-security#static-code-analysis | https://github.com/snyksec | 🥑 Developer Advocate @snyksec | @nodejs Security WG | @jsheroes ambassador | Author of Essential Node.js Security | #opensource #web ❤ | Tel Aviv, Israel | @snyk | 240 | 0 | 695 | 621 | 271 | JavaScript | 2600 | 108 | 1| | unamer | 之前被用于 WizardOpium APT 攻击行动的 CVE-2019-1458 Windows LPE 漏洞的 Exploit | https://github.com/unamer/CVE-2019-1458 | http://127.0.0.1/phpMyAdmin | | C:\Windows\ | None | 39 | 0 | 35 | 499 | 4 | Python,C,C++ | 748 | 359 | 1| -| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 724 | 1| +| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 726 | 1| +| woj-ciech | LeakLooker X - 数据库/源码泄漏监控工具 | https://github.com/woj-ciech/LeakLooker-X | None | | None | None | 15 | 0 | 0 | 306 | 0 | Python,Go,JavaScript,CSS | 1100 | 227 | 1| | alphaSeclab | DBI(Dynamic Binary Instrumentation:动态二进制插桩)逆向有关的资源收集 | https://github.com/alphaSeclab/DBI-Stuff | None | | None | None | 17 | 0 | 38 | 288 | 0 | | 1600 | 264 | 1| +| dayt0n | 64-bit iOS boot image patcher written in C | https://github.com/dayt0n/kairos | http://dayt0n.com | 19. iOS and OS X tinkerer. Computer Science at UAH. | United States | None | 37 | 0 | 43 | 132 | 47 | Python,C,Shell,C++ | 23 | 7 | 1| | ChanChiChoi | 人脸识别相关的 Papers 收集 - Awesome Face Recognition | https://github.com/ChanChiChoi/awesome-Face_Recognition | http://www.cnblogs.com/shouhuxianjian/ | | China | None | 21 | 0 | 184 | 110 | 51 | Python,Jupyter | 1800 | 495 | 1| | zsdlove | Hades - 静态代码脆弱性检测系统 | https://github.com/zsdlove/Hades | None | | None | None | 126 | 0 | 193 | 62 | 16 | Python,Java,Smali | 163 | 41 | 1| | mike-goodwin | owasp-threat-dragon-desktop: 威胁建模工具 | https://github.com/mike-goodwin/owasp-threat-dragon-desktop | https://github.com/OWASP | | UK | @OWASP | 24 | 0 | 1 | 54 | 1 | Shell,JavaScript,HTML,CSS | 398 | 88 | 1| | CTF-MissFeng | bayonet: SRC资产管理系统 | https://github.com/CTF-MissFeng/bayonet | None | | None | None | 3 | 0 | 57 | 46 | 0 | Python | 443 | 87 | 1| -| ATpiu | asset-scan: 甲方企业的外网资产周期性扫描监控系统 | https://github.com/ATpiu/asset-scan | None | Penetration Test/Gopher/App Sec/ICS Sec | None | None | 100 | 0 | 287 | 28 | 99 | Go,Python | 28 | 5 | 1| +| ATpiu | asset-scan: 甲方企业的外网资产周期性扫描监控系统 | https://github.com/ATpiu/asset-scan | None | Penetration Test/Gopher/App Sec/ICS Sec | None | None | 100 | 0 | 291 | 28 | 119 | Go,Python | 36 | 6 | 1| | ody5sey | Voyager: 安全工具集合平台 | https://github.com/ody5sey/Voyager | None | | None | None | 3 | 0 | 1 | 21 | 0 | Python,HTML | 147 | 61 | 1| | GuoKerS | 基于协程的CVE-2020-0796快速检测脚本 | https://github.com/GuoKerS/aioScan_CVE-2020-0796 | https://o0o0.club | 好好学习,天天向上。 | Guang Xi | None | 43 | 0 | 281 | 15 | 41 | Python,C#,HTML,PowerShell | 10 | 5 | 1| | renzu0 | nw-tips: Win内网_域控安全 | https://github.com/renzu0/nw-tips | None | | None | None | 31 | 0 | 2 | 12 | 2 | Python,TypeScript | 3 | 2 | 1| @@ -84,6 +88,7 @@ # medium_xuanwu 推荐 | title | url| | --- | ---| +| OWASP 中提到的最严重的 API 漏洞类型 - BOLA (Broken Object Level Authorization) 是怎么回事儿 | http://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2| | 滥用 hostPath 挂载逃逸 Kubernetes Namespace | http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fkubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216| | Avast 安全浏览器可以被滥用 NTFS Hardlink 特性实现本地提权 | http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fsidechannel.tempestsi.com%2Fvulnerability-in-avast-secure-browser-enables-escalation-of-privileges-on-windows-eb770d196c45%3F| | php博客平台Typecho代码执行漏洞详细分析 | http://medium.com/@knownsec404team/analysis-of-typecho-front-end-getshell-vulnerability-4c1ce43eaeaa| diff --git a/README_20.md b/README_20.md index 313ec7883..3bd0a9e1e 100644 --- a/README_20.md +++ b/README_20.md @@ -14,6 +14,7 @@ # 微信公众号 推荐 | nickname_english | weixin_no | title | url| | --- | --- | --- | ---| +| 零队 | | 加载远程XSL文件的宏免杀方法 | https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247483758&idx=1&sn=1bd0006d16747389046058ea34c3b7b7&chksm=fcb783ebcbc00afd694b7a2ee10ad32aff0a534963878541ee17974ffee29c63342f4e617661&token=1823181969&lang=zh_CN#rd | 1| | 山丘安全攻防实验室 | hillsec | 一篇文章带你从XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) | https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23 | 1| | PeckShield | PeckShield | 硬核:解密美国司法部起诉中国OTC承兑商洗钱案件 | https://mp.weixin.qq.com/s/wWrm3gwT72Pc8Nxw-1OiSw | 1| | 星阑科技 | StarCrossCN | PHP 开源白盒审计工具初探(上) | https://mp.weixin.qq.com/s/gklKcFRR5erB2rdjr3BTUQ | 2| @@ -42,7 +43,7 @@ | Gcow安全团队 | Gcow666 | 游荡于中巴两国的魅影——响尾蛇(SideWinder) APT组织针对巴基斯坦最近的活动以及2019年该组织的活动总结 | https://mp.weixin.qq.com/s/CZrdslzEs4iwlaTzJH7Ubg | 1| | 安全祖师爷 | | PowerShell渗透–Empire | https://mp.weixin.qq.com/s/giBR-rnpm51cDE4aude2tg | 1| | 数世咨询 | | 数世咨询:2019年网络安全大事记 | https://mp.weixin.qq.com/s/APOEaYrubmWupFRPbbjfkw | 2| -| 白帽子的成长之路 | whitehat_day | 渗透测试Window平台中 Certutil的使用 | https://mp.weixin.qq.com/s/4jZBIRqbQ7UR7BXz2zdZtA | 3| +| 白帽子的成长之路 | whitehat_day | 渗透测试Window平台中 Certutil的使用 | https://mp.weixin.qq.com/s/4jZBIRqbQ7UR7BXz2zdZtA | 4| | 软件安全智能并行分析实验室 | | 学术报告|S&P2020-Savior:漏洞导向的混合模糊测试技术 | https://mp.weixin.qq.com/s/hW8ned6DIRJ7mx1657dVew | 2| | 飞虎行业观察 | flyingtiger018 | RSA和McAfee的2020年安全威胁预测 | https://mp.weixin.qq.com/s/gUOO1kDB_wuZ32nKAZjM0g | 1| | OWASP | OWASP_CHINA | 2019年度OWASP中国项目总结 | https://mp.weixin.qq.com/s/hcdA7R36RsSV40TnIu2fJg | 1| @@ -102,7 +103,7 @@ | GartnerInc | GartnerChina | 自动化在现代安全中的运用 | https://mp.weixin.qq.com/s/HMvGOiUIwjMKBNE2j5qIBQ | 1| | 国科军通科技 | gkjtkj | 揭秘:中国自主可控行业全景图 | https://mp.weixin.qq.com/s/7_osWtZV3UZ5KuaoIzt7rA | 1| | 国科漏斗社区 | Goktech_Security | 线下赛AWD训练平台搭建手册 | https://mp.weixin.qq.com/s/VPaAYUu_W3MTOmfmgVxUjA | 1| -| PolarisLab | PolarisLab | Hacking WildFly | https://mp.weixin.qq.com/s/KQ_17nJBPRcOTn-rPBRKTQ | 8| +| PolarisLab | PolarisLab | Hacking WildFly | https://mp.weixin.qq.com/s/KQ_17nJBPRcOTn-rPBRKTQ | 9| | 勾陈安全实验室 | PolarisLab | Knife:一个将有用的小功能加入Burp Suite右键菜单的插件 | https://mp.weixin.qq.com/s/Y03VVF3sD9N0_H6TQlxYuQ | 1| | 赵武的自留地 | | 网络安全这点屁事 | https://mp.weixin.qq.com/s/kVfyoD_zRnSrQjpL4HfYAQ | 5| | 继之宫 | | 威胁剑魔杂谈 | https://mp.weixin.qq.com/s/wpBeoTEC7g-wFX-DA61gmA | 2| @@ -1394,7 +1395,7 @@ | tanjiti | webshell sample for WebShell Log Analysis | https://github.com/tanjiti/webshellSample | http://tanjiti.com/ | #Network Security Monitor #threat intelligence  #waf #ids #iOS App Security #Android App Security #game security | shanghai | baidu | 16 | 0 | 4 | 470 | 166 | Python,PHP,HTML,Perl | 0 | 0 | 6| | lgandx | MS16-137 PoC: | https://github.com/lgandx/PoC/tree/master/LSASSSearch | https://g-laurent.blogspot.com | | None | None | 4 | 0 | 15 | 468 | 3 | Python | 1300 | 254 | 1| | BrambleXu | pydata-notebook: 利用Python进行数据分析 第二版 (2017) 中文翻译笔记 | https://github.com/BrambleXu/pydata-notebook | https://medium.com/@bramblexu | An NLPer interested in Relation Extraction and Knowledge Graph Twitter: BrambleXu | Tokyo | None | 24 | 0 | 258 | 465 | 52 | Jupyter | 2900 | 1100 | 1| -| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 724 | 1| +| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 726 | 1| | opsxcq | Sweet, a first PHPMailer PoC: | https://github.com/opsxcq/exploit-CVE-2016-10033 | https://strm.sh | https://keybase.io/terminator https://twitter.com/opsxcq | None | None | 75 | 0 | 168 | 463 | 23 | Python,C,PHP,Java | 0 | 0 | 1| | Billy-Ellis | Great work @ bellis1000 A collection of vulnerable ARM binaries for practicing exploit development | https://github.com/Billy-Ellis/Exploit-Challenges | https://zygosec.com | iOS/ARM, Reverse Engineering, Exploit Development | UK | ZygoSec | 20 | 0 | 10 | 458 | 32 | Logos,C,Objective-C,CSS | 618 | 133 | 1| | joxeankoret | Diaphora, a Free and Open Source program diffing tool | https://github.com/joxeankoret/diaphora | http://www.joxeankoret.com | | Basque Country | None | 30 | 0 | 87 | 458 | 2 | Python | 1300 | 207 | 5| @@ -1891,7 +1892,7 @@ | cyberheartmi9 | Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution Exploit: | https://github.com/cyberheartmi9/CVE-2017-12617 | https://intx0x80.blogspot.com/ | security Researcher ,Pwner CTFer , @intx0x80 | None | None | 63 | 0 | 757 | 157 | 24 | Python,HTML | 316 | 118 | 1| | secgroundzero | tetanus: Helper script for mangling CS payloads | https://github.com/secgroundzero/tetanus | None | | None | None | 10 | 0 | 4 | 157 | 7 | Python,C#,JavaScript,Shell | 2100 | 285 | 2| | sandrogauci | WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website | https://github.com/sandrogauci/wafw00f | https://github.com/EnableSecurity | voip/webapp/network penetration testing & information security behind @EnableSecurity ; mostly harmless > | C:\Windows\ | None | 39 | 0 | 35 | 499 | 4 | Python,C,C++ | 748 | 359 | 1| -| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 724 | 1| +| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 726 | 1| | blackorbird | 伊朗 APT 组织攻击活动 DUSTMAN 的分析报告 | https://github.com/blackorbird/APT_REPORT/blob/master/International%20Strategic/Iran/Saudi-Arabia-CNA-report.pdf | http://blackorbird.com | APT hunter threat analyst | https://twitter.com/blackorbird | https://twitter.com/blackorbird | 51 | 0 | 112 | 352 | 36 | Python,C,C++ | 702 | 239 | 1| +| woj-ciech | LeakLooker X - 数据库/源码泄漏监控工具 | https://github.com/woj-ciech/LeakLooker-X | None | | None | None | 15 | 0 | 0 | 306 | 0 | Python,Go,JavaScript,CSS | 1100 | 227 | 1| | alphaSeclab | DBI(Dynamic Binary Instrumentation:动态二进制插桩)逆向有关的资源收集 | https://github.com/alphaSeclab/DBI-Stuff | None | | None | None | 17 | 0 | 38 | 288 | 0 | | 1600 | 264 | 1| | HyperSine | QQ安全中心 - 动态口令的生成算法 | https://github.com/HyperSine/forensic-qqtoken | None | | None | None | 19 | 0 | 1 | 228 | 0 | Python,C,C++ | 251 | 97 | 1| | hahwul | Powerfull XSS Scanning and Parameter analysis tool | https://github.com/hahwul/XSpear | https://www.hahwul.com | Security engineer, Rubyist, Gopher and... H4cker | Republic of Korea | None | 47 | 0 | 64 | 222 | 10 | Python,Go,Ruby | 396 | 115 | 1| @@ -129,6 +131,7 @@ | threedr3am | Java安全相关的漏洞和技术demo | https://github.com/threedr3am/learnjavabug | https://threedr3am.github.io | | None | None | 30 | 0 | 159 | 142 | 27 | Java | 514 | 102 | 1| | WalterInSH | 风险控制笔记,适用于互联网企业 | https://github.com/WalterInSH/risk-management-note | http://walterinsh.github.io | | Po Shanghai | None | 30 | 0 | 678 | 134 | 86 | Java | 489 | 211 | 1| | theLSA | emergency-response-checklist:应急响应指南 | https://github.com/theLSA/emergency-response-checklist | http://www.lsablog.com | I like network security,penestration and programming(python,c/c++,php,java,ect),welcome to communicate with me! | China | None | 38 | 0 | 36 | 133 | 35 | Python | 281 | 77 | 1| +| dayt0n | 64-bit iOS boot image patcher written in C | https://github.com/dayt0n/kairos | http://dayt0n.com | 19. iOS and OS X tinkerer. Computer Science at UAH. | United States | None | 37 | 0 | 43 | 132 | 47 | Python,C,Shell,C++ | 23 | 7 | 1| | ChanChiChoi | 人脸识别相关的 Papers 收集 - Awesome Face Recognition | https://github.com/ChanChiChoi/awesome-Face_Recognition | http://www.cnblogs.com/shouhuxianjian/ | | China | None | 21 | 0 | 184 | 110 | 51 | Python,Jupyter | 1800 | 495 | 1| | itm4n | PrivescCheck - 用于探测 Windows 是否存在可以被用于本地提权的错误配置 | https://github.com/itm4n/PrivescCheck | https://itm4n.github.io/ | Pentester | Paris | None | 8 | 0 | 27 | 109 | 11 | VBA,PowerShell,C++ | 321 | 87 | 1| | beader | 首届中文NL2SQL挑战赛决赛第3名方案+代码 | https://github.com/beader/tianchi_nl2sql | None | | 上海 | None | 20 | 0 | 396 | 90 | 3 | Python,Shell,Jupyter | 148 | 57 | 1| @@ -146,7 +149,7 @@ | CTF-MissFeng | bayonet: SRC资产管理系统 | https://github.com/CTF-MissFeng/bayonet | None | | None | None | 3 | 0 | 57 | 46 | 0 | Python | 443 | 87 | 1| | sahilmgandhi | IotShark - Monitoring and Analyzing IoT Traffic | https://github.com/sahilmgandhi/IotShark | http://www.sahilmgandhi.com | Distributed and Big Data Systems @ UCLA | UCLA | None | 29 | 0 | 21 | 38 | 31 | C,Java,Python,JavaScript,C++,HTML | 42 | 7 | 1| | p1g3 | JSONP-Hunter: JSONP Hunter in Burpsuite | https://github.com/p1g3/JSONP-Hunter | None | | None | None | 8 | 0 | 16 | 34 | 0 | Python,Shell,HTML | 60 | 11 | 1| -| ATpiu | asset-scan: 甲方企业的外网资产周期性扫描监控系统 | https://github.com/ATpiu/asset-scan | None | Penetration Test/Gopher/App Sec/ICS Sec | None | None | 100 | 0 | 287 | 28 | 99 | Go,Python | 28 | 5 | 1| +| ATpiu | asset-scan: 甲方企业的外网资产周期性扫描监控系统 | https://github.com/ATpiu/asset-scan | None | Penetration Test/Gopher/App Sec/ICS Sec | None | None | 100 | 0 | 291 | 28 | 119 | Go,Python | 36 | 6 | 1| | Ascotbe | Medusa: 美杜莎扫描器 | https://github.com/Ascotbe/Medusa | https://www.ascotbe.com/ | 在?来个女朋友?喵喵喵? | 一切都是命运石之门的选择 | None | 12 | 0 | 75 | 26 | 1 | Python,HTML,C++ | 125 | 24 | 1| | linhaow | TextClassify: 基于预训练模型的文本分类模板 | https://github.com/linhaow/TextClassify | http://公众号:纸鱼AI | USTC | 上海-徐汇 | 南七技校&字节跳动intern | 3 | 0 | 5 | 26 | 359 | Python | 66 | 25 | 1| | yoava333 | Bug on the Windshield - Fuzzing the Windows kernel,来自 OffensiveCon 2020 会议 | https://github.com/yoava333/presentations/blob/master/Fuzzing%20the%20Windows%20Kernel%20-%20OffensiveCon%202020.pdf | None | | None | None | 15 | 0 | 16 | 22 | 0 | Go,Java,Rust | 17 | 1 | 1| @@ -181,6 +184,7 @@ # medium_xuanwu 推荐 | title | url| | --- | ---| +| OWASP 中提到的最严重的 API 漏洞类型 - BOLA (Broken Object Level Authorization) 是怎么回事儿 | http://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2| | 滥用 hostPath 挂载逃逸 Kubernetes Namespace | http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fkubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216| | Avast 安全浏览器可以被滥用 NTFS Hardlink 特性实现本地提权 | http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fsidechannel.tempestsi.com%2Fvulnerability-in-avast-secure-browser-enables-escalation-of-privileges-on-windows-eb770d196c45%3F| | php博客平台Typecho代码执行漏洞详细分析 | http://medium.com/@knownsec404team/analysis-of-typecho-front-end-getshell-vulnerability-4c1ce43eaeaa| diff --git a/README_202003.md b/README_202003.md index fde1c6024..f4f586107 100644 --- a/README_202003.md +++ b/README_202003.md @@ -14,16 +14,18 @@ # 微信公众号 推荐 | nickname_english | weixin_no | title | url| | --- | --- | --- | ---| +| 白帽子的成长之路 | whitehat_day | 2020年开源情报(OSINT)TOP20 工具 | https://mp.weixin.qq.com/s?__biz=MzI2NDY1NDg0OA==&mid=2247484049&idx=1&sn=e6e716cfcfef01956c1acc7d684d44d1 | 1| +| 零队 | | 加载远程XSL文件的宏免杀方法 | https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247483758&idx=1&sn=1bd0006d16747389046058ea34c3b7b7&chksm=fcb783ebcbc00afd694b7a2ee10ad32aff0a534963878541ee17974ffee29c63342f4e617661&token=1823181969&lang=zh_CN#rd | 1| | AI科技评论 | aitechtalk | 如何以初学者角度写好一篇国际学术论文? | https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g | 1| -| 安全学术圈 | secquan | EuroS&P 2020 论文录用列表 | https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ | 1| -| 腾讯安全应急响应中心 | tsrc_team | 浅谈DDoS攻防对抗中的AI实践 | https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A | 1| +| PolarisLab | PolarisLab | Bypassing Crowdstrike Falcon 1:大力出奇迹 | https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ | 2| +| 安全乐观主义 | | SDL已死,应用安全路在何方? | https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw | 1| | 安全喷子 | | 威胁狩猎101文档 | https://mp.weixin.qq.com/s/0hOtnTz9QrKlLivAobjU7Q | 1| +| 安全学术圈 | secquan | EuroS&P 2020 论文录用列表 | https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ | 1| | 安恒信息安全研究院 | | 蓝牙安全之Class of device | https://mp.weixin.qq.com/s/TIYvcThrfOC40rqcy-VGCg | 1| +| 山丘安全攻防实验室 | hillsec | 一篇文章带你从XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) | https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23 | 1| +| 腾讯安全应急响应中心 | tsrc_team | 浅谈DDoS攻防对抗中的AI实践 | https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A | 1| | 腾讯御见威胁情报中心 | | 腾讯安全威胁情报中心“明炉亮灶”工程:​自动化恶意域名检测揭秘 | https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg | 1| | 赵武的自留地 | | 写在Goby新版发布前,讨论网络安全测试工具的发展 | https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA | 1| -| PolarisLab | PolarisLab | Bypassing Crowdstrike Falcon 1:大力出奇迹 | https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ | 1| -| 安全乐观主义 | | SDL已死,应用安全路在何方? | https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw | 1| -| 山丘安全攻防实验室 | hillsec | 一篇文章带你从XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) | https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23 | 1| | PeckShield | PeckShield | 硬核:解密美国司法部起诉中国OTC承兑商洗钱案件 | https://mp.weixin.qq.com/s/wWrm3gwT72Pc8Nxw-1OiSw | 1| | 七夜安全博客 | qiye_safe | 无文件执行:一切皆是shellcode (上) | https://mp.weixin.qq.com/s/Bv0xebGKaJ2GGwntKGq2NQ | 1| | 君哥的体历 | jungedetili | 终端安全运营年度笔记 | https://mp.weixin.qq.com/s/cHYu7Ayni5mkjWpn6_XrwA | 1| @@ -60,13 +62,15 @@ | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | ---| | lirantal | Awesome Node.js Security resources | https://github.com/lirantal/awesome-nodejs-security#static-code-analysis | https://github.com/snyksec | 🥑 Developer Advocate @snyksec | @nodejs Security WG | @jsheroes ambassador | Author of Essential Node.js Security | #opensource #web ❤ | Tel Aviv, Israel | @snyk | 240 | 0 | 695 | 621 | 271 | JavaScript | 2600 | 108 | 1| | unamer | 之前被用于 WizardOpium APT 攻击行动的 CVE-2019-1458 Windows LPE 漏洞的 Exploit | https://github.com/unamer/CVE-2019-1458 | http://127.0.0.1/phpMyAdmin | | C:\Windows\ | None | 39 | 0 | 35 | 499 | 4 | Python,C,C++ | 748 | 359 | 1| -| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 724 | 1| +| moonbingbing | OpenResty 最佳实践 | https://github.com/moonbingbing/openresty-best-practices | None | | None | 360 | 30 | 0 | 49 | 465 | 5 | Python,Lua,C,Perl | 2900 | 726 | 1| +| woj-ciech | LeakLooker X - 数据库/源码泄漏监控工具 | https://github.com/woj-ciech/LeakLooker-X | None | | None | None | 15 | 0 | 0 | 306 | 0 | Python,Go,JavaScript,CSS | 1100 | 227 | 1| | alphaSeclab | DBI(Dynamic Binary Instrumentation:动态二进制插桩)逆向有关的资源收集 | https://github.com/alphaSeclab/DBI-Stuff | None | | None | None | 17 | 0 | 38 | 288 | 0 | | 1600 | 264 | 1| +| dayt0n | 64-bit iOS boot image patcher written in C | https://github.com/dayt0n/kairos | http://dayt0n.com | 19. iOS and OS X tinkerer. Computer Science at UAH. | United States | None | 37 | 0 | 43 | 132 | 47 | Python,C,Shell,C++ | 23 | 7 | 1| | ChanChiChoi | 人脸识别相关的 Papers 收集 - Awesome Face Recognition | https://github.com/ChanChiChoi/awesome-Face_Recognition | http://www.cnblogs.com/shouhuxianjian/ | | China | None | 21 | 0 | 184 | 110 | 51 | Python,Jupyter | 1800 | 495 | 1| | zsdlove | Hades - 静态代码脆弱性检测系统 | https://github.com/zsdlove/Hades | None | | None | None | 126 | 0 | 193 | 62 | 16 | Python,Java,Smali | 163 | 41 | 1| | mike-goodwin | owasp-threat-dragon-desktop: 威胁建模工具 | https://github.com/mike-goodwin/owasp-threat-dragon-desktop | https://github.com/OWASP | | UK | @OWASP | 24 | 0 | 1 | 54 | 1 | Shell,JavaScript,HTML,CSS | 398 | 88 | 1| | CTF-MissFeng | bayonet: SRC资产管理系统 | https://github.com/CTF-MissFeng/bayonet | None | | None | None | 3 | 0 | 57 | 46 | 0 | Python | 443 | 87 | 1| -| ATpiu | asset-scan: 甲方企业的外网资产周期性扫描监控系统 | https://github.com/ATpiu/asset-scan | None | Penetration Test/Gopher/App Sec/ICS Sec | None | None | 100 | 0 | 287 | 28 | 99 | Go,Python | 28 | 5 | 1| +| ATpiu | asset-scan: 甲方企业的外网资产周期性扫描监控系统 | https://github.com/ATpiu/asset-scan | None | Penetration Test/Gopher/App Sec/ICS Sec | None | None | 100 | 0 | 291 | 28 | 119 | Go,Python | 36 | 6 | 1| | ody5sey | Voyager: 安全工具集合平台 | https://github.com/ody5sey/Voyager | None | | None | None | 3 | 0 | 1 | 21 | 0 | Python,HTML | 147 | 61 | 1| | GuoKerS | 基于协程的CVE-2020-0796快速检测脚本 | https://github.com/GuoKerS/aioScan_CVE-2020-0796 | https://o0o0.club | 好好学习,天天向上。 | Guang Xi | None | 43 | 0 | 281 | 15 | 41 | Python,C#,HTML,PowerShell | 10 | 5 | 1| | renzu0 | nw-tips: Win内网_域控安全 | https://github.com/renzu0/nw-tips | None | | None | None | 31 | 0 | 2 | 12 | 2 | Python,TypeScript | 3 | 2 | 1| @@ -84,6 +88,7 @@ # medium_xuanwu 推荐 | title | url| | --- | ---| +| OWASP 中提到的最严重的 API 漏洞类型 - BOLA (Broken Object Level Authorization) 是怎么回事儿 | http://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2| | 滥用 hostPath 挂载逃逸 Kubernetes Namespace | http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fkubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216| | Avast 安全浏览器可以被滥用 NTFS Hardlink 特性实现本地提权 | http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fsidechannel.tempestsi.com%2Fvulnerability-in-avast-secure-browser-enables-escalation-of-privileges-on-windows-eb770d196c45%3F| | php博客平台Typecho代码执行漏洞详细分析 | http://medium.com/@knownsec404team/analysis-of-typecho-front-end-getshell-vulnerability-4c1ce43eaeaa| diff --git a/data/202003_github_lang.txt b/data/202003_github_lang.txt index 1f08cfeb4..97cf3946d 100644 --- a/data/202003_github_lang.txt +++ b/data/202003_github_lang.txt @@ -1,16 +1,17 @@ -Python 14 -JavaScript 8 -C 7 +Python 16 +JavaScript 9 +C 8 +C++ 7 +Go 7 TypeScript 6 Java 6 -HTML 6 -C++ 6 -Go 6 -Shell 5 +Shell 6 +HTML 5 +CSS 3 C# 3 Rust 2 Jupyter 2 -CSS 2 +Kotlin 2 CMake 2 PowerShell 2 Perl 1 @@ -21,10 +22,7 @@ Assembly 1 Dockerfile 1 Nix 1 Swift 1 -SystemVerilog 1 Zeek 1 -Kotlin 1 -Objective-C 1 Smali 1 Roff 1 Smarty 1 diff --git a/data/2020_github_lang.txt b/data/2020_github_lang.txt index 97f8ea731..f08bb6a40 100644 --- a/data/2020_github_lang.txt +++ b/data/2020_github_lang.txt @@ -1,16 +1,16 @@ -Python 39 -C++ 22 -HTML 21 -C 21 -JavaScript 20 +Python 41 +C++ 23 +C 22 +JavaScript 21 +HTML 20 Java 19 -Shell 17 -Go 17 +Shell 18 +Go 18 C# 13 PowerShell 11 TypeScript 10 Ruby 8 -CSS 7 +CSS 8 Jupyter 5 PHP 5 Rust 4 @@ -21,7 +21,7 @@ CMake 3 YARA 2 Nix 2 Visual 2 -Objective-C 2 +Kotlin 2 Haskell 2 VBA 1 HCL 1 @@ -30,9 +30,8 @@ Rich 1 Assembly 1 Dockerfile 1 CoffeeScript 1 -SystemVerilog 1 Zeek 1 -Kotlin 1 +Objective-C 1 Smali 1 Roff 1 Swift 1 diff --git a/data/20_github_lang.txt b/data/20_github_lang.txt index 472897e3c..99b10b60b 100644 --- a/data/20_github_lang.txt +++ b/data/20_github_lang.txt @@ -1,17 +1,17 @@ -Python 963 +Python 964 C 608 -JavaScript 603 +JavaScript 604 C++ 495 -HTML 435 +HTML 434 Shell 418 Java 411 -Go 338 +Go 339 Ruby 242 C# 241 PHP 217 PowerShell 214 -CSS 206 -Objective-C 128 +CSS 207 +Objective-C 127 TypeScript 121 Rust 97 Jupyter 89 @@ -25,7 +25,7 @@ TeX 51 Batchfile 48 Scala 41 CMake 40 -Kotlin 33 +Kotlin 34 Visual 31 HCL 28 Vim 28 @@ -95,7 +95,6 @@ Mathematica 2 PostScript 2 Nim 2 Solidity 2 -SystemVerilog 2 VCL 2 Mercury 1 DTrace 1 @@ -135,6 +134,7 @@ QMake 1 ABAP 1 Scheme 1 Forth 1 +SystemVerilog 1 MoonScript 1 PureScript 1 HyPhy 1 diff --git "a/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" "b/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" index 7bc1818e5..1da3192f2 100644 Binary files "a/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" and "b/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" differ diff --git "a/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" "b/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" index 976d33472..f26c758f0 100644 Binary files "a/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" and "b/data/img/domain/20-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" differ diff --git "a/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" "b/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" index 8120ec835..e23d840c4 100644 Binary files "a/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" and "b/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" differ diff --git "a/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" "b/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" index 9441e2eef..dcfaa79c7 100644 Binary files "a/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" and "b/data/img/domain/2020-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" differ diff --git "a/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" "b/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" index 7bd90e3ef..1a4fea978 100644 Binary files "a/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" and "b/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-secwiki.png" differ diff --git "a/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" "b/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" index b9c931a78..5ab847cde 100644 Binary files "a/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" and "b/data/img/domain/202003-\344\277\241\346\201\257\346\272\220\345\215\240\346\257\224-xuanwu.png" differ diff --git "a/data/img/language/20-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" "b/data/img/language/20-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" index 102a87b0b..df1d7f295 100644 Binary files "a/data/img/language/20-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" and "b/data/img/language/20-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" differ diff --git "a/data/img/language/2020-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" "b/data/img/language/2020-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" index 77b8c800b..04b27884d 100644 Binary files "a/data/img/language/2020-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" and "b/data/img/language/2020-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" differ diff --git "a/data/img/language/202003-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" "b/data/img/language/202003-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" index 10f76a2b0..1e63728f4 100644 Binary files "a/data/img/language/202003-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" and "b/data/img/language/202003-\346\234\200\345\226\234\346\254\242\350\257\255\350\250\200\345\215\240\346\257\224.png" differ diff --git "a/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" "b/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" index 9ca48a370..fe1b3de9f 100644 Binary files "a/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" and "b/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" differ diff --git "a/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" "b/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" index b6f356f85..536aeb1c9 100644 Binary files "a/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" and "b/data/img/tag/20-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" differ diff --git "a/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" "b/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" index f341ecd44..86e4a453b 100644 Binary files "a/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" and "b/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" differ diff --git "a/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" "b/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" index 3c6ea1516..1ebad623e 100644 Binary files "a/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" and "b/data/img/tag/2020-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" differ diff --git "a/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" "b/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" index 2a5467968..88007de4a 100644 Binary files "a/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" and "b/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-secwiki.png" differ diff --git "a/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" "b/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" index deedc8ef4..ac8626b53 100644 Binary files "a/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" and "b/data/img/tag/202003-\344\277\241\346\201\257\347\261\273\345\236\213\345\215\240\346\257\224-xuanwu.png" differ diff --git a/data/scrap.db b/data/scrap.db index c15559073..ec6b4858e 100644 Binary files a/data/scrap.db and b/data/scrap.db differ diff --git a/data/secwiki/316_week.html b/data/secwiki/316_week.html new file mode 100644 index 000000000..8ad2641ea --- /dev/null +++ b/data/secwiki/316_week.html @@ -0,0 +1,147 @@ + + + + + + + SecWiki周刊(第316期) + + + + + + + + + +
+
+ + +
+
+
+ + +
SecWiki周刊(第316期)
+
2020/03/16-2020/03/22
+
+
+ 安全技术 +
[Web安全]  XSS入门到进阶(附Fuzzing+BypassWAF+Payloads)
https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23
[Web安全]  讨论网络安全测试工具的发展
https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA
[工具]  SMBGhost 蓝屏代码(已测可用)
https://bacde.me/post/smbghost-crash-poc/
[工具]  AWVS 13 Docker版本(破解后)
https://bacde.me/post/awvs-13-docker-cracked/
[Web安全]  OSCP经验
https://xiaix.me/oscpjing-yan/
[设备安全]  后门技巧之使用网站关键字进行反连
https://mp.weixin.qq.com/s/ZPBRs-bYHTzkfDpQMOYXng
[Web安全]  Cobalt Strike折腾踩坑填坑记录
https://xz.aliyun.com/t/7375
[Web安全]  Linux下利用SUID提权
https://mp.weixin.qq.com/s/UfPLm53gAlc_z28kH4OYHQ
[漏洞分析]  漫谈WebLogic CVE-2020-2551
https://www.anquanke.com/post/id/201005
[运维安全]  asset-scan: 甲方企业的外网资产周期性扫描监控系统
https://github.com/ATpiu/asset-scan
[数据挖掘]  浅谈DDoS攻防对抗中的AI实践
https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A
[Web安全]  日志分析系列(三):分析实战篇
https://mp.weixin.qq.com/s/h2pHi3PVn_92aEIOvB1Yjg
[运维安全]  OpenResty 最佳实践
https://github.com/moonbingbing/openresty-best-practices
[Web安全]  基于tomcat的内存 Webshell 无文件攻击技术
https://xz.aliyun.com/t/7388
[其它]  DCSA船舶网络安全实施指南
https://dcsa.org/wp-content/uploads/2020/03/DCSA-Implementation-Guideline-for-BIMCO-Compliant-Cyber-Security-on-Vessels-v1.0.pdf
[论文]  Euro S&P 2020 论文录用列表
https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ
[其它]  国内在线水利水文系统安全威胁分析报告
https://blog.zhifeng.io/security-threat-analysis-report-of-water-conservancy-system/
[Web安全]  文件包含 or 代码执行
https://mp.weixin.qq.com/s/IkK2Gn_7ghlxMvksZB2HcA
[Web安全]  开发简单的PHP混淆器与解混淆器
https://blog.zsxsoft.com/post/42
[Web安全]  windows hash 抓取总结
https://mp.weixin.qq.com/s/jaJi2hXoKKrDbEm1kcY16g
[观点]  SDL已死,应用安全路在何方?
https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw
[其它]  带你入坑CTF-MISC(编码篇)
https://mp.weixin.qq.com/s/PdMuaK2yVhP4VxTpcjR37g
[其它]  BigIP Cookie 解码获取真实IP
https://bacde.me/post/bigip-cookie-decode-get-real-ip/
[Web安全]  巧用匿名函数绕过D盾
https://www.freebuf.com/articles/web/229649.html
[设备安全]  大工PLC-远程启停攻击实验
https://mp.weixin.qq.com/s/k9tSpQaaeJ7QKSa9cb_bWg
[数据挖掘]  Boss of the SOC v3 Dataset Released
https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.html
[设备安全]  路由器固件后门添加
https://mp.weixin.qq.com/s/7tPFO-sqgah_4fbL9t1e5Q
[恶意分析]  威胁狩猎101文档
https://mp.weixin.qq.com/s/0hOtnTz9QrKlLivAobjU7Q
[移动安全]  细品新政策法规下的APP个人信息收集检测
https://mp.weixin.qq.com/s/BF6vNewF3JK-EHr7KWT8HA
[杂志]  SecWiki周刊(第315期)
https://www.sec-wiki.com/weekly/315
[恶意分析]  自动化恶意域名检测揭秘
https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg
[漏洞分析]  Bug Bounty:绕过Google域检测
https://xz.aliyun.com/t/7384
[Web安全]  Bypassing Crowdstrike Falcon 1:大力出奇迹
https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ
[Web安全]  内网渗透-net-NTLM hash的攻击
https://www.anquanke.com/post/id/200649
[取证分析]  Real-time file monitoring on Windows with osquery
https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/
[漏洞分析]  LILIN DVR 在野0-day 漏洞分析报告
https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/
[论文]  如何以初学者角度写好一篇国际学术论文
https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g
[无线安全]  蓝牙安全之Class of device
https://mp.weixin.qq.com/s/TIYvcThrfOC40rqcy-VGCg
[Web安全]  加载远程XSL文件的宏免杀方法
https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247483758&idx=1&sn=1bd0006d16747389046058ea34c3b7b7&chksm=fcb783ebcbc00afd694b7a2ee10ad32aff0a534963878541ee17974ffee29c63342f4e617661&token=1823181969&lang=zh_CN#rd
[编程技术]  bashtricks :无空格执行命令
https://bacde.me/post/bashtricks-execute-commands-without-space/
[移动安全]  追踪与新冠状病毒相关的安卓恶意软件
https://mp.weixin.qq.com/s/fLDNLJIWwvrUUwt6Pi6T4A
[漏洞分析]  基于AppleScript的利用技术
http://noahblog.360.cn/applescript_attack/
+
+ 
-----微信ID:SecWiki-----
+SecWiki,8年来一直专注安全技术资讯分析!
+SecWiki:https://www.sec-wiki.com
+

本期原文地址: SecWiki周刊(第316期)

+
+
+
+
+
+ + +
+ +
+ + + + + diff --git a/data/secwiki_316_316.txt b/data/secwiki_316_316.txt new file mode 100644 index 000000000..1fd177494 --- /dev/null +++ b/data/secwiki_316_316.txt @@ -0,0 +1,42 @@ +20200316 Web安全 https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23 XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) qq.com mp.weixin.qq.com /s +20200316 Web安全 https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA 讨论网络安全测试工具的发展 qq.com mp.weixin.qq.com /s/hW0A1jwq-pm4M-4LGUZIrA +20200316 工具 https://bacde.me/post/smbghost-crash-poc/ SMBGhost 蓝屏代码(已测可用) bacde.me bacde.me /post/smbghost-crash-poc/ +20200316 工具 https://bacde.me/post/awvs-13-docker-cracked/ AWVS 13 Docker版本(破解后) bacde.me bacde.me /post/awvs-13-docker-cracked/ +20200316 Web安全 https://xiaix.me/oscpjing-yan/ OSCP经验 xiaix.me xiaix.me /oscpjing-yan/ +20200316 设备安全 https://mp.weixin.qq.com/s/ZPBRs-bYHTzkfDpQMOYXng 后门技巧之使用网站关键字进行反连 qq.com mp.weixin.qq.com /s/ZPBRs-bYHTzkfDpQMOYXng +20200316 Web安全 https://xz.aliyun.com/t/7375 Cobalt Strike折腾踩坑填坑记录 aliyun.com xz.aliyun.com /t/7375 +20200316 Web安全 https://mp.weixin.qq.com/s/UfPLm53gAlc_z28kH4OYHQ Linux下利用SUID提权 qq.com mp.weixin.qq.com /s/UfPLm53gAlc_z28kH4OYHQ +20200316 漏洞分析 https://www.anquanke.com/post/id/201005 漫谈WebLogic CVE-2020-2551 anquanke.com www.anquanke.com /post/id/201005 +20200316 运维安全 https://github.com/ATpiu/asset-scan asset-scan: 甲方企业的外网资产周期性扫描监控系统 github.com github.com /ATpiu/asset-scan +20200316 数据挖掘 https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A 浅谈DDoS攻防对抗中的AI实践 qq.com mp.weixin.qq.com /s/5v38BBewMVXZbbN2oMYg0A +20200316 Web安全 https://mp.weixin.qq.com/s/h2pHi3PVn_92aEIOvB1Yjg 日志分析系列(三):分析实战篇 qq.com mp.weixin.qq.com /s/h2pHi3PVn_92aEIOvB1Yjg +20200316 运维安全 https://github.com/moonbingbing/openresty-best-practices OpenResty 最佳实践 github.com github.com /moonbingbing/openresty-best-practices +20200316 Web安全 https://xz.aliyun.com/t/7388 基于tomcat的内存 Webshell 无文件攻击技术 aliyun.com xz.aliyun.com /t/7388 +20200316 其它 https://dcsa.org/wp-content/uploads/2020/03/DCSA-Implementation-Guideline-for-BIMCO-Compliant-Cyber-Security-on-Vessels-v1.0.pdf DCSA船舶网络安全实施指南 dcsa.org dcsa.org /wp-content/uploads/2020/03/DCSA-Implementation-Guideline-for-BIMCO-Compliant-Cyber-Security-on-Vessels-v1.0.pdf +20200316 论文 https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ Euro S&P 2020 论文录用列表 qq.com mp.weixin.qq.com /s/tIUS121s3JPOg7yC0j2rNQ +20200316 其它 https://blog.zhifeng.io/security-threat-analysis-report-of-water-conservancy-system/ 国内在线水利水文系统安全威胁分析报告 zhifeng.io blog.zhifeng.io /security-threat-analysis-report-of-water-conservancy-system/ +20200316 Web安全 https://mp.weixin.qq.com/s/IkK2Gn_7ghlxMvksZB2HcA 文件包含 or 代码执行 qq.com mp.weixin.qq.com /s/IkK2Gn_7ghlxMvksZB2HcA +20200316 Web安全 https://blog.zsxsoft.com/post/42 开发简单的PHP混淆器与解混淆器 zsxsoft.com blog.zsxsoft.com /post/42 +20200316 Web安全 https://mp.weixin.qq.com/s/jaJi2hXoKKrDbEm1kcY16g windows hash 抓取总结 qq.com mp.weixin.qq.com /s/jaJi2hXoKKrDbEm1kcY16g +20200316 观点 https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw SDL已死,应用安全路在何方? qq.com mp.weixin.qq.com /s/tYRiKiI7bjgyzQguMA1mrw +20200316 其它 https://mp.weixin.qq.com/s/PdMuaK2yVhP4VxTpcjR37g 带你入坑CTF-MISC(编码篇) qq.com mp.weixin.qq.com /s/PdMuaK2yVhP4VxTpcjR37g +20200316 其它 https://bacde.me/post/bigip-cookie-decode-get-real-ip/ BigIP Cookie 解码获取真实IP bacde.me bacde.me /post/bigip-cookie-decode-get-real-ip/ +20200316 Web安全 https://www.freebuf.com/articles/web/229649.html 巧用匿名函数绕过D盾 freebuf.com www.freebuf.com /articles/web/229649.html +20200316 设备安全 https://mp.weixin.qq.com/s/k9tSpQaaeJ7QKSa9cb_bWg 大工PLC-远程启停攻击实验 qq.com mp.weixin.qq.com /s/k9tSpQaaeJ7QKSa9cb_bWg +20200316 数据挖掘 https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.html Boss of the SOC v3 Dataset Released splunk.com www.splunk.com /en_us/blog/security/botsv3-dataset-released.html +20200316 设备安全 https://mp.weixin.qq.com/s/7tPFO-sqgah_4fbL9t1e5Q 路由器固件后门添加 qq.com mp.weixin.qq.com /s/7tPFO-sqgah_4fbL9t1e5Q +20200316 恶意分析 https://mp.weixin.qq.com/s/0hOtnTz9QrKlLivAobjU7Q 威胁狩猎101文档 qq.com mp.weixin.qq.com /s/0hOtnTz9QrKlLivAobjU7Q +20200316 移动安全 https://mp.weixin.qq.com/s/BF6vNewF3JK-EHr7KWT8HA 细品新政策法规下的APP个人信息收集检测 qq.com mp.weixin.qq.com /s/BF6vNewF3JK-EHr7KWT8HA +20200316 杂志 https://www.sec-wiki.com/weekly/315 SecWiki周刊(第315期) sec-wiki.com www.sec-wiki.com /weekly/315 +20200316 恶意分析 https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg 自动化恶意域名检测揭秘 qq.com mp.weixin.qq.com /s/QV8ErKHow3b-AMp6HMzKQg +20200316 漏洞分析 https://xz.aliyun.com/t/7384 Bug Bounty:绕过Google域检测 aliyun.com xz.aliyun.com /t/7384 +20200316 Web安全 https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ Bypassing Crowdstrike Falcon 1:大力出奇迹 qq.com mp.weixin.qq.com /s/x0uGrnMXbzAAV9Q9bxR7SQ +20200316 Web安全 https://www.anquanke.com/post/id/200649 内网渗透-net-NTLM hash的攻击 anquanke.com www.anquanke.com /post/id/200649 +20200316 取证分析 https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/ Real-time file monitoring on Windows with osquery trailofbits.com blog.trailofbits.com /2020/03/16/real-time-file-monitoring-on-windows-with-osquery/ +20200316 漏洞分析 https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/ LILIN DVR 在野0-day 漏洞分析报告 360.com blog.netlab.360.com /multiple-botnets-are-spreading-using-lilin-dvr-0-day/ +20200316 论文 https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g 如何以初学者角度写好一篇国际学术论文 qq.com mp.weixin.qq.com /s/zwTlXBrZiC88y9F5DDU0_g +20200316 无线安全 https://mp.weixin.qq.com/s/TIYvcThrfOC40rqcy-VGCg 蓝牙安全之Class of device qq.com mp.weixin.qq.com /s/TIYvcThrfOC40rqcy-VGCg +20200316 Web安全 https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247483758&idx=1&sn=1bd0006d16747389046058ea34c3b7b7&chksm=fcb783ebcbc00afd694b7a2ee10ad32aff0a534963878541ee17974ffee29c63342f4e617661&token=1823181969&lang=zh_CN#rd 加载远程XSL文件的宏免杀方法 qq.com mp.weixin.qq.com /s +20200316 编程技术 https://bacde.me/post/bashtricks-execute-commands-without-space/ bashtricks :无空格执行命令 bacde.me bacde.me /post/bashtricks-execute-commands-without-space/ +20200316 移动安全 https://mp.weixin.qq.com/s/fLDNLJIWwvrUUwt6Pi6T4A 追踪与新冠状病毒相关的安卓恶意软件 qq.com mp.weixin.qq.com /s/fLDNLJIWwvrUUwt6Pi6T4A +20200316 漏洞分析 http://noahblog.360.cn/applescript_attack/ 基于AppleScript的利用技术 360.cn noahblog.360.cn /applescript_attack/