Skip to content

Latest commit

 

History

History
198 lines (174 loc) · 28.8 KB

README_201904.md

File metadata and controls

198 lines (174 loc) · 28.8 KB

201904 信息源与信息类型占比

201904-信息源占比-secwiki

201904-信息源占比-xuanwu

201904-最喜欢语言占比

政策 推荐

title url
互联网个人信息安全保护指南 http://www.beian.gov.cn/portal/topicDetail?id=88
网络安全技术应用试点示范项目公示 http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c6794942/content.html
中央企业负责人经营业绩考核办法 http://www.sasac.gov.cn/n2588035/n2588320/n2588335/c8108632/content.html

微信公众号 推荐

nickname_english weixin_no title url
逢人斗智斗勇 xiaopigfly 深入浅出略谈威胁情报 https://mp.weixin.qq.com/s/qv3pYEzi08DMydqUj1dSRw
终结诈骗 antifraud2 东南亚30万骗子,正在毁掉中国三代人! https://mp.weixin.qq.com/s/eDq-QpEHjZieX-pjmDQFCg
云众可信 yunzhongkexin https://mp.weixin.qq.com/s/IB6sfhQCp7U94L1KtBxb9A
TideSec安全团队 TideSec 渗透测试中信息收集的那些事 https://mp.weixin.qq.com/s/EpDS21jQfckcM0C9mRk73w
CAICT5G创新研究中心 https://mp.weixin.qq.com/s/wL15_qP9iYae4J70XyncXw
APT攻击 cncg_team 从美国对APT10攻击的溯源看美国应急响应中心的追溯能力 https://mp.weixin.qq.com/s/p53Vf4Xw0Zp03SvOmGTQxg
象帕大人 shanpasama RD-10射频探测器-隐藏摄像头侦查器中文手册 https://mp.weixin.qq.com/s?__biz=MzAwODExNzk4Mw==&mid=2652259275&idx=1&sn=e4555ac45d605bb012279cc89d67e6ee&chksm=8091287bb7e6a16d330a6241a54c0be4db1fee32b0b3a2a3b0dd153de4814b64a6591fde7511&mpshare=1&scene=1&srcid=&key=8e787c7b9fab69d8f8b1b578e72312c
自主可控新鲜事 ZZKK-IT https://mp.weixin.qq.com/s/1AMEdl_YMXt0jjHl5RYP3A
科奖在线 kejijiangli 牛!清华吴子牛教授浅谈论文写作,赶紧收藏! https://mp.weixin.qq.com/s/6vLwQ7PMwn0X2zzJlnhjaA
浙大学报英文版 zdxbywb 研究生第一篇学术论文常犯问题总结 https://mp.weixin.qq.com/s/4ue0JlvJNbSTjzUM9NDejA
情报杂志 gh_a41bd02b1a24 美国高端智库的政策专家储备及其人才吸引机制研究———以兰德公司为例 https://mp.weixin.qq.com/s/0N8vOoO2B6a79XGG5I-j0w
嘶吼专业版 Pro4hou 对APT34泄露工具的分析——PoisonFrog和Glimpse https://mp.weixin.qq.com/s/gYUCTLi2GpmatGOcRODZwA
人工智能头条 AI_Thinker 什么是语义角色标注? https://mp.weixin.qq.com/s/PVzVNI7jMzHPcUbL7UaCIQ
中通安全应急响应中心 ZTO_SRC 中通同安漏洞管理系统 https://mp.weixin.qq.com/s/kWK9PL_C2IW_T9i_A1Mlsw
中国信息安全 chinainfosec 独家首发 , 《话说安全》走进“2019 西湖论剑” https://mp.weixin.qq.com/s/XO38NB5whYHxcr9RaoBFXw
银河安全实验室 Galaxy-Lab https://mp.weixin.qq.com/s/RPLGCwb6do2LbIodFGoGBQ
秘猿科技Cryptape Cryptape 隐私币应用全景观察 https://mp.weixin.qq.com/s/bhWaKtVTqOLlJ1lj362rNA
深度学习自然语言处理 zenRRan 刘知远:NLP研究入门之道(一) https://mp.weixin.qq.com/s/PVoQI85YkDSzlA46FRU1OQ
水滴安全实验室 EversecLab 2019年僵尸网络主动监测报告(第一期) https://mp.weixin.qq.com/s/ptimjyH9wlamO83nPZMa-Q
待字闺中 daiziguizhongren 理清弄透:加密&解密、签名&验签 https://mp.weixin.qq.com/s/aw5V95kelBslFv-ScxUVMw
安在 AnZer_SH 下一代SIEM@AI:从UEBA到SOAR https://mp.weixin.qq.com/s/OYPooeIZp8hq4JebOHDJMg
安全牛 aqniu-wx 一文洞悉DAST、SAST、IAST ——Web应用安全测试技术对比浅谈 https://mp.weixin.qq.com/s/EWn9ktce3KB4P6zi4slnTA
安全小飞侠 AvFisher Red Team从0到1的实践与思考 https://mp.weixin.qq.com/s/cyxC4Of4Ic9c_vujQayTLg
信口杂谈 gh_a0d1f3cbaefe 乱弹网络空间X检索 https://mp.weixin.qq.com/s/OvTHpWXCwCH-k0jf8cQBTg
中国保密协会科学技术分会 gh_be4f21d557c0 企业海外机构信息安全保密风险分析及对策建议 https://mp.weixin.qq.com/s/jJyq7bYuq1xxGXpfnmKP3g
InfoQ infoqchina 腾讯云鼎实验室掌门人Killer谈网络安全 https://mp.weixin.qq.com/s/MLvd1AmxE9YnkWWmB9L9VQ
DJ的札记 DJ_notes 真真假假的创新 - RSAC2019之三 https://mp.weixin.qq.com/s/pWZ3rRrRHOVMpxUc_vWgAg
我的安全视界观 CANI_Security 【SDL最初实践】安全需求 https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247484307&idx=1&sn=3758ef809f9a456d7ed83a2954487f5b&chksm=eb6c21ebdc1ba8fd8888ccf93043b0abc5107b0a96671419bbc8b3795260feded5292248338e&token=748595180&lang=zh_CN#rd
秦安战略 qinan1128 中国网络安全产业发展报告 https://mp.weixin.qq.com/s/VCG3QPP4dwcfNlZFC_nnSQ
梅子酒的书札 a960596293_book 西湖论剑2019 WriteUp https://mp.weixin.qq.com/s/rlSyABoulRKygPmwfcUuXA
数说安全 SSAQ2016 https://mp.weixin.qq.com/s/alJyvGi8FPygIe1IYYj2_A
天融信阿尔法实验室 gh_0b0b1747bf15 天融信关于ThinkPHP5.1框架结合RCE漏洞的深入分析 https://mp.weixin.qq.com/s/kwp5uxom7Amrj6S_-g8r4Q
国防科技要闻 CDSTIC https://mp.weixin.qq.com/s/LXR853Z4E5peVYq89tXKZA
京东科技集团研究院 jdkjjtyjy 编译 , Palantir中标美国军方8亿美元人工智能系统研发采购计划 https://mp.weixin.qq.com/s/2afk7pLqgzpUnXgmQgMNEw
集智俱乐部 swarma_org 使用深度神经网络对 Twitter进行威胁检测 , 网络科学论文速递16篇 https://mp.weixin.qq.com/s/vsCAE-6e0jpX8wPw6Sd9eA
网安国际 inforsec 谁劫持了我的DNS:全球域名解析路径劫持测量与分析 https://mp.weixin.qq.com/s/enasXD14SMzj1Cx5grGD3w
格友 gh_b6fbc09b1f54 在调试器里看QQLive捉迷藏 https://mp.weixin.qq.com/s/3Ft6205f8kUoCuGzB-hPtg
安全学术圈 secquan S&P 2019 论文录用列表 https://mp.weixin.qq.com/s/ZHcikLKeF9ZJg9kyrX-UrA
图灵人工智能 TuringAI01 人工智能的现状与未来 https://mp.weixin.qq.com/s/Yd0wjUQ03XINnMFLkPkBJg
半佛仙人 banfoSB 屠夫遇上路霸丨揭秘高利贷与黑产的血色战争 https://mp.weixin.qq.com/s/AK6_wP_JtMW5DxzRyWaXXg
Tide安全团队 TideSec Burp插件 – 自动标记敏感信息 https://mp.weixin.qq.com/s/v7W33rM0HF0rJl8-qBiPUw
360威胁情报中心 CoreSec360 APT战争中脚本攻击的兵法之道 https://mp.weixin.qq.com/s/r-jAWFjtOxgd-JyVStFvsg

组织github账号 推荐

github_id title url org_url org_profile org_geo org_repositories org_people org_projects repo_lang repo_star repo_forks
Microsoft hcsshim - 微软开源的利用 Windows Host Compute Service (HCS) 管理 Windows 容器的软件包 https://github.com/Microsoft/hcsshim https://opensource.microsoft.com Open source, from Microsoft with love Redmond, WA 2392 4273 0 C,TypeScript,Java,Vue,C#,JavaScript,C++,Python,Objective-C,HTML,F#,Jupyter,Ruby,PowerShell,HCL 74300 10100
mwrlabs SharpGPOAbuse - MWR Labs 开发的基于 C# 的工具,用于滥用 GPO 编辑权限攻击该 GPO 控制的对象 https://github.com/mwrlabs/SharpGPOAbuse http://labs.mwrinfosecurity.com/ Basingstoke, Johannesburg, London, Manchester, Singapore, New York 43 0 0 C,Java,Python,JavaScript,C++,C#,Objective-C,Assembly,Ruby,PowerShell,CSS 1700 501
REhints 从 UEFI 固件攻击硬件可信任架构(HROT) ,来自 offensive 2019 大会 https://github.com/REhints/Publications/blob/master/Conferences/Bypassing%20Hardware%20Root%20of%20Trust/offcon2019_final.pdf http://REhints.com http://REhints.com 10 2 0 Python,C,Assembly,CSS,C++ 1200 249
google go-containerregistry - Google 开源了一个 Go 语言版本的 Docker Registry 交互工具 https://github.com/google/go-containerregistry https://opensource.google.com/ Google ❤️ Open Source https://opensource.google.com/ 1460 2510 0 C,TypeScript,Java,HTML,Python,JavaScript,C++,Dart,Haskell,Go,PHP,CSS 0 0
rapid7 Metasploit 框架新增了一个 LibreOffice CVE-2018-16858 漏洞的利用代码,该漏洞通过 Document 事件触发脚本代码执行 https://github.com/rapid7/metasploit-framework/commit/22085113ad67c0716b7b0aa6adfdaf9f7c8b48f0 http://www.rapid7.com/ Boston, MA 232 0 0 C,Shell,Java,Python,JavaScript,HTML,Go,Ruby 0 0
facebook osquery - Facebook 开源的基于 SQL 实现的操作系统插桩、监控、分析框架 https://github.com/facebook/osquery https://opensource.fb.com We are working to build community through open source technology. NB: members must have two-factor auth. Menlo Park, California 158 185 0 C,Java,Python,JavaScript,OCaml,C++,Objective-C,Haskell,Swift 0 0
OWASP QRLJacking - 扫描恶意二维码劫持用户登录回话的社工技术分享 https://github.com/OWASP/QRLJacking/tree/master/QRLJacker http://www.owasp.org The OWASP Foundation http://www.owasp.org 145 26 0 C,Shell,Java,Python,Dockerfile,JavaScript,Perl,HTML,Go,Ruby,CSS 0 0
fox-it adconnectdump - 从 Azure AD Connect 服务器中导出凭证的工具 https://github.com/fox-it/adconnectdump https://www.fox-it.com/ https://www.fox-it.com/ 31 1 0 C,Shell,Python,Bro,HTML,Ruby,PowerShell 0 0
comaeio OPCDE 2019 会议的资料公开了 https://github.com/comaeio/OPCDE/blob/master/README.md http://www.comae.io Dubai, UAE 24 0 0 C,Java,JavaScript,C++,Nginx,Smarty,PowerShell 0 0
Coalfire-Research DeathMetal - 针对 Intel AMT 的攻击工具集 https://github.com/Coalfire-Research/DeathMetal http://www.coalfirelabs.com Advancing the state of the Infosec industry by providing cutting-edge research, open-source tools and tradecraft http://www.coalfirelabs.com 14 0 0 C,Python,JavaScript,Lua,PowerShell,HCL 0 0
RhinoSecurityLabs Apache Axis 由于代码中加载过期域名托管的资源导致的远程代码执行漏洞详情披露(CVE-2019-0227) https://github.com/RhinoSecurityLabs/CVEs/blob/master/CVE-2019-0227/README.md https://rhinosecuritylabs.com A boutique penetration testing and security assessment firm in Seattle, WA. Seattle, WA 10 0 0 Python,JavaScript,PowerShell,HCL 0 0
DigitalSecurity nrf5x芯片固件反编译工具 https://github.com/DigitalSecurity/nrf5x-tools http://www.digitalsecurity.fr Paris, France 9 2 0 Python,C,JavaScript,C++ 0 0
NLua NLua - Bridge between Lua and the .NET https://github.com/NLua/NLua http://nlua.org http://nlua.org 9 1 0 C#,Lua,C,Shell,Perl 0 0
Nothing2Hide pcap_ioc: Python library to extract potential IOCs from a pcap file https://github.com/Nothing2Hide/pcap_ioc https://nothing2hide.org/ Des outils pour protéger linformation Internet 9 0 0 Python,Shell,PHP,CSS 0 0
sophoslabs While parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use. https://github.com/sophoslabs/CVE-2018-18500/ https://www.sophos.com/en-us/labs.aspx https://www.sophos.com/en-us/labs.aspx 4 0 0 Python,HTML 0 0
opensec-cn VTest - 漏洞测试辅助系统 https://github.com/opensec-cn/vtest https://opensec-cn.github.io https://opensec-cn.github.io 3 5 0 Python,Go,HTML 0 0

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
ruanyf document-style-guide: 中文技术文档的写作规范 https://github.com/ruanyf/document-style-guide https://twitter.com/ruanyf Shanghai, China None 56 0 234 52000 0 JavaScript 0 0
openbilibili 哔哩哔哩(bilibili)站的源码疑似泄漏 https://github.com/openbilibili/go-common None None None 0 0 0 2200 0 0 0
taviso swisstable - 访问 Abseil Swiss Tables 的小型 C 封装库 https://github.com/taviso/swisstable None None None 11 0 9 1100 1 C 2600 193
clone95 Virgilio: Your new Mentor for Data Science E-Learning https://github.com/clone95/Virgilio None I graduated in Italy in IT Engineering, and im currently having my internship in a shiny AI startup. Bologna, Italy None 22 0 35 685 29 Python,Jupyter,PowerShell 0 0
jas502n Weblogic 任意文件上传漏洞(CVE-2019-2618)的 Exploit https://github.com/jas502n/cve-2019-2618/ None 1.misc 2.crypto 3. web 4. reverse 5. android 6. pwn 7. elf None None 129 0 103 661 109 Python,C,Shell,JavaScript,PHP 294 106
k8gege K8tools: K8工具合集 https://github.com/k8gege/K8tools http://www.cnblogs.com/k8gege USA FBI 10 0 9 594 1 Python,C#,Ruby,PowerShell 1200 500
travisgoodspeed 利用 GHIDRA 逆向 Tytera MD380 的固件 https://github.com/travisgoodspeed/md380tools/wiki/GHIDRA None None None 31 0 35 593 24 Python,C,C++ 593 190
ChiChou 前两周 ChiChou 公开了多个 macOS 平台的多个应用的漏洞利用代码,包括微软 Microsoft AutoUpdate、Adobe Creative Cloud Desktop 以及 Feedback Assistant https://github.com/ChiChou/sploits https://github.com/alipay 我要卖掉我的代码 浪迹天涯 Beijing, China @alipay 53 0 1500 551 242 Logos,C,Shell,JavaScript,C++,Objective-C,Vue 1100 152
xerub voucher_swap - Exploit for P0 issue 1731 on iOS 12.1.2 https://github.com/xerub/voucher_swap None None None 29 0 0 447 0 Python,C 191 86
Lucifer1993 cmsprint: CMS和中间件指纹库 https://github.com/Lucifer1993/cmsprint None 安全圈职业炮灰 None None 25 0 315 444 25 Python,Ruby 897 403
We5ter 开源powershell CMD bash命令混淆检测工具 https://github.com/We5ter/Flerken https://lightrains.org You are being watched. Anywhere. Anytime. Chengdu,China None 11 0 1200 426 108 Python,CSS 0 0
sebastienros Jint - Javascript interpreter for .NET,在 Javascript 中运行 .NET 平台的代码 https://github.com/sebastienros/jint http://about.me/sebastienros Bellevue, WA Microsoft 61 0 10 378 0 C# 2600 902
mjg59 mjg59 为 Linux 内核提交了一个 Patch,支持用户态请求内核清空引用计数为 0 的内存页,防止重要密钥信息在进程崩溃、内存换页等场景下被泄漏。 https://github.com/mjg59/linux/commit/cd2bb1eb23ededafc2f301f8bc5561523daa96e6 https://github.com/google Oakland @google 73 0 2 356 0 Python,C 632 250
7kbstorm 7kbscan-WebPathBrute Web路径暴力探测工具 https://github.com/7kbstorm/7kbscan-WebPathBrute https://www.7kb.org Red Team None None 27 0 2 261 0 C++,XSLT 220 67
Viralmaniar I-See-You: Bash and Javascript tool to find the exact location of user https://github.com/Viralmaniar/I-See-You https://twitter.com/maniarviral Melbourne, Victoria, Australia None 36 0 221 219 93 Python,Shell 725 110
zer0yu 网络空间安全的RSS订阅 https://github.com/zer0yu/CyberSecurityRSS http://zeroyu.xyz/ Every light needs a shadow. You just have to learn how to control it,use it when you need it. None None 29 0 2100 214 1100 Python,C,CSS 0 0
hlldz APC-PPID - 通过 APC 注入创建进程并伪造父进程的项目 https://github.com/hlldz/APC-PPID https://artofpwn.com Pwner, Red Teamer İstanbul, Türkiye None 5 0 179 214 22 Python,PowerShell,C++ 691 159
pyn3rd Apache Tomcat 远程代码执行漏洞(CVE-2019-0232),可以通过 Windows enableCmdLineArguments 触发 https://github.com/pyn3rd/CVE-2019-0232/ https://twitter.com/pyn3rd Hangzhou Alibaba Group 7 0 0 210 0 Python,Batchfile,Java 118 46
ustayready fireprox - AWS API Gateway 管理工具,用于动态创建 HTTP 传递代理以实现唯一的 IP 轮换 https://github.com/ustayready/fireprox None divergent thinker/breaker and researcher of stuff None None 39 0 7 194 7 Python,C#,HTML 702 147
bkerler OPPO和一加手机的.ozip固件解密工具 https://github.com/bkerler/oppo_ozip_decrypt https://twitter.com/viperbjk Reverse Engineer and Data/Crypto Analyst Germany RevSkills 313 0 2 193 13 Python,C,Shell,CSS,C++ 526 94
al0ne LinuxCheck: linux信息收集脚本 https://github.com/al0ne/LinuxCheck None 入侵检测/流量分析/应急溯源 china None 6 0 511 132 173 Shell,Vim 146 27
djhohnstein CSharpSetThreadContext - 由 C# 开发的通过 CreateRemoteThread 和 SetThreadContext 执行shellcode 以逃避 Get-InjectedThread 检测的工具 https://github.com/djhohnstein/CSharpSetThreadContext https://popeax.io Operator at SpecterOps. Kali Contributor. Seattle, WA None 48 0 5 130 2 C# 154 35
ChaitanyaHaritash 生成畸形debian安装包的工具 https://github.com/ChaitanyaHaritash/kimi None Im just someone, to whom it might take you time to understand :) lost None 63 0 356 116 105 Python,C,C++ 46 27
eoftedal Istio/Envoy 目录穿越漏洞详情披露(CVE-2019-9901) https://github.com/eoftedal/writings/blob/master/published/CVE-2019-9901-path-traversal.md http://erlend.oftedal.no/blog Oslo, Norway None 73 0 384 103 67 C#,JavaScript,Java 172 11
iSafeBlue 一张渗透测试思维导图 https://github.com/iSafeBlue/Mind-Map/ https://b1ue.cn Security Researcher , Java Development Engineer None None 9 0 281 92 40 Java,HTML,JavaScript 375 101
Mattiwatti EfiGuard - x64 UEFI bootkit,在启动时修补 Windows 启动管理器以禁用 PatchGuard 和驱动程序签名验证(DSE) https://github.com/Mattiwatti/EfiGuard None The Netherlands None 19 0 13 87 3 C,Assembly,C++ 227 61
0x36 iOS上的沙箱逃逸漏洞(A11平台,版本<12.2) https://github.com/0x36/powend None . Morocco None 6 0 23 79 0 C,Makefile 138 36
aleenzz MYSQL SQL 注入 Bypass 技巧总结 https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI None 发现问题,解决问题 None 404 11 0 24 78 31 Python 288 74
cfreal Apache 本地提权漏洞 CVE-2019-0211 Exploit https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache https://github.com/ambionics None @ambionics 2 0 3 65 0 PHP,HTML 423 71
jthuraisamy Synaptics 音频 Windows 内核驱动 CxUtilSvc 本地提权漏洞(CVE-2019-9730) https://github.com/jthuraisamy/CVE-2019-9730/ http://jackson.thuraisamy.me None None 22 0 37 50 8 C#,Python,C,JavaScript,Java 40 9
lis912 Evaluation_tools: 等级保护测评工具 https://github.com/lis912/Evaluation_tools None 时不时拧巴的菜鸡一只。 None None 9 0 16 45 0 Go,Shell,HTML,CSS 161 54
chris408 ct-exposer: discovers sub-domains by searching Certificate Transparency logs https://github.com/chris408/ct-exposer https://linkedin.com/in/chris408 chris408.com None None 9 0 6 44 6 Python,C 0 0
unknownv2 CoreHook - 基于 .NET Core 运行时实现的 Windows HOOK 库 https://github.com/unknownv2/CoreHook https://thierrybiz.page Software Engineer interested in data engineering and cloud computing. None None 32 0 888 36 30 C#,Java,C++,Scala 75 11
leeberg BlueHive - 基于 PowerShell 实现的活动目录密罐用户管理项目,并且带仪表盘以可视化展示结果 https://github.com/leeberg/BlueHive http://www.leealanberg.com Product Manager, Automation Engineer, Content Producer, EX Microsoft MVP, Nerd Madison, Wisconsin, United States None 35 0 85 26 64 C# 4 0
locoz666 手把手教你写爬虫 https://github.com/locoz666/spider-article None ShenZhen Midu(www.midu.com) 3 0 42 23 2 JavaScript 0 0
streaak Keyhacks - 逐个请求各公司 API 服务接口,用于检查泄漏的 API Keys 是否是主流公司的有效 API Key https://github.com/streaak/keyhacks None None None 31 0 13 20 1 Python,Shell,Ruby 98 20
crypto-cypher 《Privacy for Identities: The Art of Pseudonymity》发布,主要探讨信息安全,隐私权和大规模监控 https://github.com/crypto-cypher/privacy-for-identities/blob/master/PrivacyForIdentities%20-%20Prerelease.pdf https://twitter.com/CryptoCypher Networking. OpSec. Privacy. Coding. Just another paranoid cypherpunk whos terrible at calculus. Dreaming big. None None 7 0 7 20 7 Shell 32 5
batteryshark 商用硬件Token设备软件实现中安全问题 https://github.com/batteryshark/writeups/tree/master/20190417 None New York, NY Stonefish Systems 46 0 2 17 0 Python,C 24 2
DimopoulosElias alpc-mmc-uac-bypass - 通过 ALPC 绕过 UAC 的项目 https://github.com/DimopoulosElias/alpc-mmc-uac-bypass https://www.linkedin.com/in/dimopouloselias None None 5 0 11 15 2 Python,C,C++ 43 10
sumas OSCP-Cheatsheet-God - OSCP 考试备忘清单 https://github.com/sumas/OSCP-Cheatsheet-God None None None 18 0 1 14 1 Python,JavaScript,Java,PHP 124 31
hongphipham95 研究员 hongphipham95 公开 KMPlayer 和 VirualBox 的很多漏洞分析文章,昨天新增一篇 VirtualBox Intel PRO 1000 设备模拟整数溢出漏洞的分析 https://github.com/hongphipham95/Vulnerabilities None Viet Nam None 6 0 79 12 9 Python,Java,C++ 13 3
PokemonGoTeam CRYPTOPOKEMON: Simple C++ cryptolocker Blowfish CBC https://github.com/PokemonGoTeam/CRYPTOPOKEMON http://pokemongo.icu Kiev, Ukraine PokemonGo 1 0 0 7 0 C++ 12 3
attakercyebr DVR 摄像头漏洞攻击脚本(CVE-2018-2019) https://github.com/attakercyebr/hack4lx_CVE-2018-2019 https://t.me/hack4lx The black hat hacker team leader just came out for destruction M4nifest0 Cyber security team™ Romania @os20ir 18 0 21 4 17 Python,Visual,Shell 6 3
mykter aws-security-cert-service-notes - AWS 服务安全认证学习笔记 https://github.com/mykter/aws-security-cert-service-notes http://mykter.com UK None 20 0 29 2 0 Python,C,TypeScript 272 52
chipik SAP Gateway ACL 错误配置漏洞的 Exploit https://github.com/chipik/SAP_GW_RCE_exploit None https://twitter.com/_chipik None None 5 0 2 2 1 Python 4 2
llt4l 从思科 Ciscos CUCM (Call Manager,呼叫管理软件)的 TFTP 服务器中提取手机配置文件并搜索密钥信息 https://github.com/llt4l/iCULeak.py https://twitter.com/llt4l Infosec person.. None None 5 0 0 1 0 Python,HTML,CSS 5 2
tea-deliverers PlaidCTF 2019 比赛的 Writeup https://github.com/tea-deliverers/ctf-writeups/blob/master/pctf2019/PlaidCTF2019_Writeup_Tea_Deliverers.pdf None None None None 0 0 0 0 0 0 0
AngelCtulhu Wordpress Support Candy 插件的文件上传漏洞 https://github.com/AngelCtulhu/CVE-2019-11223/ http://cert.kalasag.com.ph Pasig 8Layer Technologies Inc. 2 0 0 0 0 Python 0 0

medium 推荐

title url
如何利用 Confluence 未授权 RCE 漏洞(CVE-2019-3396)在6小时内黑掉 50+ 公司 http://link.medium.com/l0IpOUJXeW
Venator - SpecterOps 开发的一款用于 macOS 平台恶意软件行为检测的工具,这个工具会搜集可能会暴露恶意软件行为痕迹的信息,包括:launch_agents、browser extensions、bash_history 等等 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fintroducing-venator-a-macos-tool-for-proactive-detection-34055a017e56%3Fsource%3Drss----f05f8696e3cc---4
我是如何在 OWASP ModSecurity Core Rule Set (CRS) 中发现 5 个正则表达式拒绝服务漏洞的 http://medium.com/@somdevsangwan/how-i-found-5-redos-vulnerabilities-in-mod-security-crs-ce8474877e6e?sk=c64852245215d6fead387acbd394b7db
法国政府推出了一款通讯工具 Tchap,宣称比 Telegram 更加安全。研究员 Elliot Alderson 通过分析发了一个邮箱验证的漏洞,成功以 Tchap 雇员的身份登录了软件。 http://medium.com/@fs0c131y/tchap-the-super-not-secure-app-of-the-french-government-84b31517d144?source=friends_link&sk=59e15e44ba75dd78d7248262a4c8f0b7
基于P4wnP1镜像将Raspberry Pi Zero W变成badUSB设备,最终实现逃脱杀毒软件检测的安全研究 http://medium.com/@fbotes2/advance-av-evasion-symantec-and-p4wnp1-usb-c7899bcbc6af
作者发现阿里巴巴多个站点加载了 alipay 某个域名,该域名中返回的内容是可以通过 cookie 控制的,于是作者在 alipay 其他的子域名上找到了一处反射型 XSS(曲折的绕过了 WAF,cookie 设置的限制),通过此 XSS 设置上恶意的 cookie 后来完成账号的窃取。 http://link.medium.com/jNotfTcVSV
Rootpipe Reborn - macOS TimeMachine diagnose 扩展 Root 命令注入漏洞分析 http://medium.com/@CodeColorist/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43?source=friends_link&sk=3970823f97714fac1d04d75325e3cbac
使用 SSH Tunnel 进行端口转发和搭建 Socks5 代理 http://medium.com/tarkalabs/power-of-ssh-tunneling-cf82bc56da67
绕过域账户认证失败锁定次数限制的技巧 http://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
利用 HTML 注入漏洞泄漏用户数据 http://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
使用 ATT&CK Datamap 可视化展示潜在威胁 http://medium.com/@olafhartong/assess-your-data-potential-with-att-ck-datamap-f44884cfed11
滥用 macOS 的 Folder Actions 功能实现持久化控制 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Ffolder-actions-for-persistence-on-macos-8923f222343d
深入理解 Apple 的二进制属性列表 plist 格式 http://medium.com/@karaiskc/understanding-apples-binary-property-list-format-281e6da00dbd

medium 推荐

title url
How to start learning Digital Forensics https://medium.com/@a.alwashli/how-to-start-learning-digital-forensics-8038bcc9af6a
Android Cloak and Dagger Attack https://medium.com/@targetpractice/cloak-and-dagger-malware-techniques-demystified-c4d8a035b94e
Multiple Vulnerabilities + WAF bypass to Account Takeover https://medium.com/@y.shahinzadeh/chaining-multiple-vulnerabilities-waf-bypass-to-account-takeover-in-almost-all-alibabas-websites-f8643eaa2855

知乎 推荐

title url
风控对抗中的常规特征及处置选择 https://zhuanlan.zhihu.com/p/62525083
.NET CLR注入方法探讨 https://zhuanlan.zhihu.com/p/61464591
kaggle 首战拿金牌总结 https://zhuanlan.zhihu.com/p/60953933

论坛 推荐

title url
Google搜索中的突变XSS https://xz.aliyun.com/t/4865
HiSilicon DVR 黑客笔记 https://xz.aliyun.com/t/4840
Windows常见backdoor、权限维持方法及排查技术 https://xz.aliyun.com/t/4842
2019-DDCTF-WEB-WriteUp https://xz.aliyun.com/t/4862
Spring Cloud Config Server 路径穿越与任意文件读取漏洞分析 https://xz.aliyun.com/t/4844
2019掘安杯web writeup https://xz.aliyun.com/t/4741
Ethereal 靶机渗透 https://xz.aliyun.com/t/4672
Java 反序列化过程深究 https://xz.aliyun.com/t/4761
MongoShake—基于MongoDB的跨数据中心的数据复制平台 https://yq.aliyun.com/articles/603329
对某网的一次渗透测试纪实 https://xz.aliyun.com/t/4694
AFL源码分析笔记(一) https://xz.aliyun.com/t/4628
OSINT Primer:组织(第3部分) https://xz.aliyun.com/t/4600
OSINT Primer:人员(第2部分) https://xz.aliyun.com/t/4599
RemTeam攻击技巧和安全防御 https://xz.aliyun.com/t/4602

日更新程序

python update_daily.py