Skip to content

Latest commit

 

History

History
930 lines (904 loc) · 148 KB

README_2020.md

File metadata and controls

930 lines (904 loc) · 148 KB

2020 信息源与信息类型占比

2020-信息源占比-secwiki

2020-信息源占比-xuanwu

2020-最喜欢语言占比

政策 推荐

title url
中华人民共和国个人信息保护法(草案) http://www.npc.gov.cn/flcaw/flca/ff80808175265dd401754405c03f154c/attachment.pdf
关于运用大数据推进防范治理电信网络诈骗长效机制建设工作方案 http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c8056526/content.html
公安部关于修改《公安机关办理刑事案件程序规定》的决定 http://www.gov.cn/zhengce/zhengceku/2020-08/16/content_5535125.htm
网络信息内容生态治理规定 http://www.cac.gov.cn/2019-12/20/c_1578375159509309.htm
App违法违规收集使用个人信息行为认定方法 http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm

学习视频 推荐

title url
2020 南京大学 “操作系统:设计与实现” https://www.bilibili.com/video/BV1N741177F5
计算机系统研究的一些体会 https://www.bilibili.com/video/BV1Ap4y167w3?p=1
高质量科研论文写作 https://www.bilibili.com/video/BV1hg4y1q7Ge

微信公众号 推荐

nickname_english weixin_no title url
网安志异 KnewSec 沙虫 https://mp.weixin.qq.com/s/eBTXxLn4NFvLq-nmAAXgyg
有价值炮灰 worthy_dust 安全研究员的自我修养 https://mp.weixin.qq.com/s/BuHQSLLeJ-EMhQSqFLgDgg
字节跳动安全中心 TouTiaoSec 字节跳动安全团队开源自研HIDS——AgentSmith-HIDS https://mp.weixin.qq.com/s/sAh_VH5zTuxHRFawYMvuOw
京麒 jqanquan 数据安全建设实践系列——数据资产平台建设 https://mp.weixin.qq.com/s/oofMyBaS7EMnUMy61Y-5MQ
数学人生 gh_ea2ff522308b 复杂网络中的节点相似性 https://mp.weixin.qq.com/s/EGpjUVdjJlEjYbdbjbpR7A
网络空间安全科学与技术 gh_d54d2c7cabd7 2020年综述性论文合辑(上) https://mp.weixin.qq.com/s/e-3rSS2F7lVV9SMMnoqylQ
爱奇艺安全应急响应中心 iqiyi_71src 爱奇艺SOAR探索与实践 https://mp.weixin.qq.com/s/ovJKGWusN2kgxQ_4GkQ8QA
开源情报研究所 OSINTR 【技巧】如何查找相关人的信息 https://mp.weixin.qq.com/s/yeuMivJaizmAQAHL1poHTw
安全分析与研究 MalwareAnalysis 聊聊APT的溯源分析 https://mp.weixin.qq.com/s/hSnOYoC71z_HIU4PVf4tmw
威胁棱镜 THREAT_PRISM 发现并提取 Cobalt Strike 的配置信息 https://mp.weixin.qq.com/s/-jajjhu-6KVQvaZoh59Wuw
国网浙江信通公司 gh_12020d981693 鲸蓝计划丨溯源反制基本思路与实战 https://mp.weixin.qq.com/s/axNXFgyaD-5WSIkPwjkPrQ
b1ngz的笔记本 gh_70bda0a9ced0 自动化安全工具平台 - 架构笔记 https://mp.weixin.qq.com/s/OMhS9yFlcpI9KOQduSxq9g
360技术 qihoo_tech 用DNS进行网络度量和安全分析 https://mp.weixin.qq.com/s/L_wDNJtznQvrCyx1Kd1SlQ
公安部网安局 gh_e406f4bcdf34 公安机关网安部门打击网络黑产犯罪工作取得显著成效 https://mp.weixin.qq.com/s/h53qn-2vODsakiCxf9CvXQ
陌陌安全 MomoSecurity 陌陌数据安全探索与实践 https://mp.weixin.qq.com/s/yGLrdlpSmEe5ChiVn4b8Kg
懒人在思考 lazy-thought 简单聊聊网络空间测绘纵横之道 https://mp.weixin.qq.com/s/aBvptjz9gzxG_lPBY8ECVA
pirogue p1r06u3 越权扫描器碎碎念 https://mp.weixin.qq.com/s/yMpAiue7OT1I8E3C5Dkngw
CodeWisdom gh_2395906a410f 技术分享, 基于静态依赖分析的安卓GUI自动化探测方法 https://mp.weixin.qq.com/s/YQDxUqo_ufjt3cuDNOUfwQ
360Quake空间测绘 gh_0284fd4851e7 利用JARM指纹进行TLS服务端标记 https://mp.weixin.qq.com/s/CTBO22SuQft1dBoHv2WRQg
ATLAS Academy atlas-cyber-academy 2020网络安全大事记 - 监管判例篇 https://mp.weixin.qq.com/s/60-O9GGYPNZZW6KVvY_c8w
青藤实验室 gh_151a64925040 SharePoint Rce 系列分析(一) https://mp.weixin.qq.com/s/FfHc8TFUs_4H8JHWbYv3FQ
大超的记事本 Dachao_Dachao 数据安全怎么做——静态敏感数据治理 https://mp.weixin.qq.com/s/AejcWwJWxZWHf9dDRfVWPA
我需要的是坚持 MyPersistence2020 从FireEye的泄露看红队的差距 https://mp.weixin.qq.com/s/K2W-hgCUFOzgxrhF6U1s1A
奇安信ATEAM gh_266190cebfff 从 CVE-2020-17144 看实战环境的漏洞武器化 https://mp.weixin.qq.com/s/nVtE-OFoO076x6T0147AMw
奇安信 CERT gh_64040028303e 中间件内存马注入&冰蝎连接(附更改部分代码) https://mp.weixin.qq.com/s/eI-50-_W89eN8tsKi-5j4g
天地和兴 bjtdhxkj 针对以色列水利/水务基础设施的网络攻击回顾 https://mp.weixin.qq.com/s/XvPf_irbpZF6B0-fnn1OBA
SecOps急行军 SecOpsWithU 红蓝对抗中的溯源反制实战 https://mp.weixin.qq.com/s/Dswz7lxNpW5yLxmWKtqY6Q
安小记 AnSecNote MITRE ATT&CK基本概念 https://mp.weixin.qq.com/s/yOJNWazCeGKKMR8titj3cg
IRT工业安全红队 ICSRedTeam 基于Codesys工控软PLC环境 https://mp.weixin.qq.com/s/28BgVoIt7Naij84HEDqtFQ
代码审计 white-hat-note 有安全研究者混入了PHP 8.0开发组! https://mp.weixin.qq.com/s/0HSAPYY2PjbwEN3MhI4SkA
警笛 asirhelper 公安部最新通知!办理赌博犯罪案件新规(两高一部发布) https://mp.weixin.qq.com/s/SPl3IXcvcYe3osAjqsswlg
有赞coder youzan_coder 接口越权扫描平台初探 https://mp.weixin.qq.com/s/epVb1Y4WQ-MWeRhRPlvofg
龙渊实验室 LongYuanLab 基于Flink的网络流量实时解析 https://mp.weixin.qq.com/s/i7f7p9HBE-03YWNnl_NdPA
阿里巴巴中间件 Aliware_2018 我看技术人的成长路径 https://mp.weixin.qq.com/s/m6NbHb9UUtiSOMPnKgId3g
大数据猫 kitten-talking-data 阿里云ClickHouse海量数据分析分享 https://mp.weixin.qq.com/s/MnirNdLxyvrCAPd51SiW6w
匠心独运维妙维效 gh_54f52b20027d 浅谈中间件安全漏洞修复体系建设 https://mp.weixin.qq.com/s/6bJskpL_JLAEIXdGq5Hljw
伪架构师 fake-architect (译)云原生安全白皮书 https://mp.weixin.qq.com/s/uH7M7vR1m0CJhoVfr-DisQ
蚂蚁安全实验室 Alipay_SecurityLab 探索先进自动化漏洞挖掘技术中的不足 https://mp.weixin.qq.com/s/1q_YCJoyCREtgU3X2_0uqQ
360BugCloud bugcloud360 Python 源码混淆与加密 https://mp.weixin.qq.com/s/LmxdXRjMCOIisQzCISBoGw
数据派THU DatapiTHU 独家 , 使用Spark进行大规模图形挖掘(附链接) https://mp.weixin.qq.com/s/vytVTAgU-6_iRG-drf9eYQ
合天智汇 hee_tian 细说php反序列化字符逃逸 https://mp.weixin.qq.com/s/7jAS7R_GuBBz6M8U6lQv-w
法制天平 g_780216 帮助信息网络犯罪活动罪案例汇总 https://mp.weixin.qq.com/s/RlFD6H-_4j5g2R49IE9ghw
安全先师 gh_d61f62dd440d 蜜罐调研与内网安全 https://mp.weixin.qq.com/s/-lJT3PNsj-VvMxalHb06AA
赛博星人 cyberspace_666 红蓝对抗之内网中psexec的行为捕获 https://mp.weixin.qq.com/s/G7Gdb_gXNn5FAR78Edps-w
深信服千里目安全实验室 Further_eye 【Sniper工具箱】ThinkPHP漏洞分析与利用 https://mp.weixin.qq.com/s/OWi3G4ETrV-yBsnWgdU_Ew
微步在线研究响应中心 gh_c108d4d389bf 隔离网络攻击 专题研究报告 https://mp.weixin.qq.com/s/G4pIpHN2BLSvPWVYvN5VAQ
代码卫士 codesafe PHP 绕过禁用函数漏洞的原理与利用分析 https://mp.weixin.qq.com/s/_KCqGJnHaCBjCZ0VPo898Q
Fintech 安全之路 gh_763c23cd3870 银行业安全运营平台的建设与思考 https://mp.weixin.qq.com/s/UncU7f92p5Mlxt353Galrg
技术琐话 TheoryPractice 谷歌开源内部代码评审规范 https://mp.weixin.qq.com/s/8vPXLxzD1iZ8E_emhruSHQ
安世加 asjeiss 技术干货 , “红蓝对抗”在金融业网络安全建设中的实践与思考 https://mp.weixin.qq.com/s/AVOLACnMJIt0Sgx-hsWXYA
国际电子战 EW21cn 欧洲反无人机系统的发展 https://mp.weixin.qq.com/s/Hau6h-_HoMjFIzdi0YbLKA
360天枢智库 gh_b3c796a6a82c 揭秘全球网络安全防护最高水准:美国国防部信息网DODIN https://mp.weixin.qq.com/s/m4wvjk2w5J2ZrWcJhHdQNw
Datawhale Datawhale 机器学习中的特征工程总结! https://mp.weixin.qq.com/s/RgSejEbxwhnFUKR2POmqmg
腾讯代码安全检查Xcheck gh_177b81103e8d Xcheck之Golang安全检查引擎 https://mp.weixin.qq.com/s/VzjcXp3O8zc97aIppy4LUA
安全牛 aqniu-wx 从RSA创新沙盒决赛产品ShiftLeft浅谈DevSecOps https://mp.weixin.qq.com/s/WyxhX4tuMOSBCF1R9obLKg
潇湘信安 xxxasec Metasploit获取不到会话原因 https://mp.weixin.qq.com/s/iHfA01e2iXOgBGVwjOAjvg
Netlab 三六零 Netlab_360 HEH Botnet, 一个处于开发阶段的 IoT P2P Botnet https://mp.weixin.qq.com/s/W_13W6rMQnBtZvPQwzDk2g
ACTBIGDATA ACTBIGDATA ML CLUB , 面向图数据的异常检测综述概述 https://mp.weixin.qq.com/s/WBxmr_hCOVUbSk15ZPWsjw
枫林晚安全 galesec [更新]渗透环境标准化 https://mp.weixin.qq.com/s/A5E2VRYg7R1LrLrCpiGYAw
梦之光芒的电子梦 monyer_mp 技术人员发展四阶段 https://mp.weixin.qq.com/s/-bAFEmstpDTzI6EfYwzffA
安全界 feei_cn 基于甲方视角的漏洞发现 https://mp.weixin.qq.com/s/eBPp4eyaGs827POFTesqOA
奇安信集团 qianxin-keji 先收藏!入行必备的网络安全“黑话”词典 https://mp.weixin.qq.com/s/L-cqkaTC3lsfyWmd9jbU3A
白泽安全实验室 baizelab 解密俄罗斯情报机构 https://mp.weixin.qq.com/s/OPvkERr3Ox_OvnbimhZqnA
信息时代的犯罪侦查 infocrime 通过一封钓鱼邮件,溯源分析背后的产业链(教科书) https://mp.weixin.qq.com/s/G9qwMTBznSlMNQSCqvAyWg
逐日实验室 gh_093e54310392 CVE-2020-14364 QEMU逃逸 漏洞分析 (含完整EXP) https://mp.weixin.qq.com/s/MQyczZXRfOsIQewNf7cfXw
军事高科技在线 jsgkjzx 首发,美军红队评估体系建设现状及启示 https://mp.weixin.qq.com/s/JZef789soLqK2SdskBV5WQ
安全情报星球 littlecola__ 2020上半年出行行业黑灰产研究报告 https://mp.weixin.qq.com/s/sQJRZZonTF7bjCs1jd_H9A
信息安全老骆驼 gh_00db3382eac9 一部手机失窃而揭露的窃取个人信息实现资金盗取的黑色产业链 https://mp.weixin.qq.com/s/3UeZzw2LmPsM3cU7Rhmb8w
Godeye GodEyeTeam 红队遇蜜罐 莫慌 https://mp.weixin.qq.com/s/YBge1xjpjQjQ-NoK4kK6RQ
电驭叛客 gh_141164bf887e JavaParse(AST)获取Java Web API list https://mp.weixin.qq.com/s/ATpoEN9QI-D5vkxDimQ8FQ
广东网络空间安全专委会 gh_f5ab4f133df7 大学新生网络信息安全知识教育手册 https://mp.weixin.qq.com/s/qUuGvRiAyhJBhtj7iW5Hcw
安全研究 CH-AQYJ 国家安全微电影《危爱》 https://mp.weixin.qq.com/s/nrNfuVEx44lGTD8aLPQN2w
嘶吼专业版 Pro4hou WPA 企业模式的安全性和部署 https://mp.weixin.qq.com/s/K0QRsJBpd57jmOQBGXBh-Q
gakki的童养夫 gh_5b1084d953c3 Cobalt Strike with CloudFlare https://mp.weixin.qq.com/s/d6hu8YE-SGy-eruIWOwbXg
雷石安全实验室 leishianquan1 PDF文件密码破解 https://mp.weixin.qq.com/s/EH7Z_mJvuWxtbQdcXf3h4w
黑鸟 blackorbird 美国追踪与追回朝鲜黑客窃取的数字货币 https://mp.weixin.qq.com/s/fSVfWFKsO9yYRrB48GyNyg
百度安全 BaiduSD00 通达OA 11.5版本某处SQL注入漏洞复现分析 https://mp.weixin.qq.com/s/XKZnsdY31N1_6gB9u8Yu8Q
网空闲话 cyberspacechat 情报界在对抗社交媒体干扰活动中的作用 https://mp.weixin.qq.com/s/I6yaPOSBRJhdN7kBOEP6qg
Piz0n gh_339ee98cec1b 从乙方到甲方 , 我所亲历的信息安全建设之变迁【1】 https://mp.weixin.qq.com/s/mJNcCZfElyCAbq1aSHHTDw
OPPO安全应急响应中心 opposrc OPPO互联网DevSecOps实践 https://mp.weixin.qq.com/s/eCwXozibaABcZjUOqTn4Zg
AX科技圈 axkjq2006 【M水堇】数字化平台建设总结--技术篇 https://mp.weixin.qq.com/s/qmMRmEcSnGmD6Y4vg6zjow
Secquan圈子社区 secquan_org Jenkins的后门实现(密码窃取,命令执行) https://mp.weixin.qq.com/s/C002y-fBZVFv-dQztdC6Bg
Python遇见机器学习 Python_DL 万字长文总结机器学习的模型评估与调参,附代码下载 https://mp.weixin.qq.com/s/Uenwe66pwl4SzcW1P2B7Iw
谈数据 learning-bigdata 数据中台:基于标签体系的360°用户画像 https://mp.weixin.qq.com/s/zIbhQjP9OTIPG9uRr64xtA
米斯特安全团队 acmesec 代码审计 , PHPCMS V9 前台RCE挖掘分析 https://mp.weixin.qq.com/s/zLXJtekT9O3OuzwBLigMsA
国家网络威胁情报共享开放平台 CNTIC2017 DataCon2020 恶意代码分析冠军writeup https://mp.weixin.qq.com/s/e69Fg9UBX3B2BFiGvsg4Gg
唯品会安全应急响应中心 VIP_SRC 【技术分享】大规模数据安全分类系统架构实践 https://mp.weixin.qq.com/s/mRmDEuDKJSJ_xrYyBMn4Dw
丁爸 情报分析师的工具箱 dingba2016 【图文资料】基于开源情报网络分析与网页分析 https://mp.weixin.qq.com/s/UIKHaQzXWc6p6Mjonrk8cg
vivo千镜安全实验室 gh_54ff3f871510 软件源码安全攻防之道(上) https://mp.weixin.qq.com/s/jb3VQyK3U6BQS0-0ad0K_w
ZoomEye ZoomEye_Team 利用 ZoomEye 追踪多种 Redteam C&C 后渗透攻击框架 https://mp.weixin.qq.com/s/H66J0ab8UAyVrxRb1RLO4g
Pai Sec Team huahuaSec 半自动化冰蝎流量分析的实践 https://mp.weixin.qq.com/s/w40qI2iPNLx9GjgkYRyhpg
DeadEye安全团队 gh_fcf5d3d1e57d 关于Cobalt Strike检测方法与去特征的思考 https://mp.weixin.qq.com/s/5MWDXN3eCaw9m-XHDGaXcQ
DataFunTalk datafuntalk Fraudar算法在京东关系网络反欺诈中的应用 https://mp.weixin.qq.com/s/Qp1Yrlu92LwZ-n4kipq0sw
Coggle数据科学 gh_8df601c10cb4 2020腾讯广告算法大赛方案分享及代码(冠军) https://mp.weixin.qq.com/s/-lizDyP2y357plcG1M64TA
ChaBug ChaBugSec 护网礼盒:哥斯拉Godzilla shell管理工具 https://mp.weixin.qq.com/s/_4ACLzaImDMQbZWfhSHnwg
明不可欺 gh_1405d616adc7 网络赌博的管辖权、代理、赌资、四方的法律规定 https://mp.weixin.qq.com/s/XAp40kxf-I0nmOjDBAD7Dg
Gorgias的一己之见 GorgiasInsight 固件提取系列(一)-固件载体 https://mp.weixin.qq.com/s/xWUoAwilc6v_0BMZXpbZqA
公务员与事业单位 gwy-sydw 警惕!2020年多名公务员因微信办公违规被处理,案例鲜活,教训惨痛 https://mp.weixin.qq.com/s/QOUFyVa4c4xGO1v4FroLXw
跨越鸿沟 gh_0bae97403201 信息安全:研究体系(220页) https://mp.weixin.qq.com/s/WeBXUyP3-gbzrRrHmPyY9w
纸鱼AI gh_5cb3929923da 智源&计算所-互联网虚假新闻检测挑战赛(冠军)方案分享,代码已开源 https://mp.weixin.qq.com/s/c8f0wDHigNQUlmxtFVG0aA
极光无限 AuroraInfinity 2020数据泄露调查报告 https://mp.weixin.qq.com/s/agMbnkeE39LlgfcivfCexA
图谱学苑 gh_eb1997a4e380 神秘Palantir-平台介绍 https://mp.weixin.qq.com/s/JgLkd4_J5s93FDuS31F-Cg
NEO攻防队 gh_5afc80b9df33 浅谈蓝队反制手段 https://mp.weixin.qq.com/s/qjM7Fh0u0Edsz5C7L_ErGQ
安全鸭 yliang53 横向渗透的常见方法 https://mp.weixin.qq.com/s/eMXWYV-5sKR0HfcqMJOBWg
SCUCTF scuctf WMCTF2020 WP by 0x401 https://mp.weixin.qq.com/s/Ll-f25pLOPbkjlo9zGFbFA
阿里安全响应中心 alisrc PHP Webshell那些事-攻击篇 https://mp.weixin.qq.com/s/FgzIm-IK02rjEf3JvxOxrw
鸿鹄实验室 gh_a2210090ba3f 抛砖引玉之CobaltStrike4.1的BOF https://mp.weixin.qq.com/s/-jU4HrPtB8rD4cmqAKZOZw
中国科学院院刊 CASbulletin 实现网络空间的“挂图作战”:网络空间地理学+可视化技术 https://mp.weixin.qq.com/s/53wDSOuSrvybTtHrh10i-Q
红队攻防揭秘 klionsec 内外网资产对应关系定位 [ 补 ] https://mp.weixin.qq.com/s/zrJ2yP6B64A-iFnBdea9PQ
威努特工控安全 winicssec_bj 工控防火墙测试之功能篇_Fuzzing测试 https://mp.weixin.qq.com/s/Qn7-bl5Qvw6_Qtg9QYKZ7w
三六零CERT CERT-360 现代化SOAR的产品化落地(一) https://mp.weixin.qq.com/s/E72-K43f-TkLv2WIHqKyKA
AINLP nlpjob ​【特征工程】时序特征挖掘的奇技淫巧 https://mp.weixin.qq.com/s/AennHGMpuoZTRo_4ud5m3w
天御攻防实验室 TianyuLab 从APT29看网络威胁归因(上) https://mp.weixin.qq.com/s/RFxS0xigAF-bMh59KR44cA
这里是河马 gh_d110440c4890 管理员朋友,请警惕最新出现的nginx后门 https://mp.weixin.qq.com/s/Vyfto0qn4L16s9dNfVOEqQ
360威胁情报中心 CoreSec360 被低估的混乱军团 -WellMess(APT-C-42)组织网络渗透和供应链攻击行动揭秘 https://mp.weixin.qq.com/s/WmzryWNNJVV7mXABQ1Yu8g
虚拟框架 gh_39c8fb2fc8b4 一个依赖库更新引发的血案:QQ 号被冻结技术分析 https://mp.weixin.qq.com/s/ZaPQx8aWxUWqDMsjAEDgGA
网易易盾 yidun_163yun 企业等保2.0的那些事儿 https://mp.weixin.qq.com/s/LNIWi26YWjmp2mh9jO23iA
Seebug漏洞平台 seebug_org 溯源黑帽利用 Web 编辑器漏洞非法植入 SEO 页面事件 https://mp.weixin.qq.com/s/SqPu88RALGMOPeAJ34uNeQ
夜暗心明 yeanxinmingi 嵌入式浏览器安全杂谈-electron框架 https://mp.weixin.qq.com/s/J6eqcPPRp7wn06YQhue_Ug
GobySec gobysec 插件分享 , 如何半天玩转一个“ES未授权利用”插件 https://mp.weixin.qq.com/s/XZA37Cen9PexyPxuuEx1CQ
美团技术团队 meituantech BERT在美团搜索核心排序的探索和实践 https://mp.weixin.qq.com/s/mFRhp9pJRa9yHwqc98FMbg
携程技术 ctriptech 干货 , DevSecOps在携程的最佳实践 https://mp.weixin.qq.com/s/yOykOPU9wn77doz95s5LeA
nmask nmask-article 我所认知的甲方信息安全建设经验 https://mp.weixin.qq.com/s/0Uu_os9MB5ZHnowlWkYbEA
边界无限 BoundaryX Java代码执行漏洞中类动态加载的应用 https://mp.weixin.qq.com/s/5iYyRGnlOEEIJmW1DqAeXw
网安寻路人 DataProtection101 对《数据安全法》的理解和认识 , 数据分级分类 https://mp.weixin.qq.com/s/iZGNGKG1Q36XaFVu0g_lHw
长亭科技 Chaitin_Tech Docker安全性与攻击面分析 https://mp.weixin.qq.com/s/BaeIGrBimww8SUtePDQ0jA
AI公园 AI_Paradise 标签传播算法解读 https://mp.weixin.qq.com/s/dX6CouK7LGNbXsRxRnS26w
猎户攻防实验室 TassLiehu 自动化测试工具APPium初探 https://mp.weixin.qq.com/s/wwlqd_kO7vfpP6vTPrW_6Q
99所 gh_4b0bd9f08b03 【视频】利用Twitter如何挖掘有价值的开源信息?——工具篇 https://mp.weixin.qq.com/s/ukP2ASwXA8HDuDNYGHC-Sw
信息安全与通信保密杂志社 cismag2013 全国23省市“新基建”网安任务重点梳理 https://mp.weixin.qq.com/s/Isv3mrwIIEHZi6_gn7u-9g
安全威胁情报 Threatbook 钓鱼、投递木马……一文扒尽“白象三代”APT组织攻击活动! https://mp.weixin.qq.com/s/ve2L6_v0EvJZwLSyWijvUw
大兵说安全 dabingshuoanquan 也来聊聊态势感知(上) https://mp.weixin.qq.com/s/dCGMfKsFzYaZiffjkBBYpg
全频带阻塞干扰 RFJamming 一线执法必备的自我隐私保护能力 https://mp.weixin.qq.com/s/h6jE7RD6pzaPINxiRoG0BQ
SecIN技术平台 sec-in 一种新型shellcode仿真框架分析 https://mp.weixin.qq.com/s/9XHNMwIhmZLtOI385_4iaQ
MS509 CSRC-MS509 内网渗透之内网穿透 https://mp.weixin.qq.com/s/L3rVjrz3pLncFmVrS5S0dQ
EnjoyHacking zom3y3 基于ClickHouse + Redash + Python去做安全数据分析 https://mp.weixin.qq.com/s/O7IuAZV1XuogKwsoLhx4Qw
老马玩工控安全 gh_e41f6c29c07a 工控安全事件汇总与分析 https://mp.weixin.qq.com/s/rG1oG8nz07DtRKTRaJjM7A
长亭安全课堂 chaitintech_release Python代码保护 , pyc 混淆从入门到工具实现 https://mp.weixin.qq.com/s/qvbwTAmDOvpHrAoNdQ7RRA
安恒信息 DBAPP2013 红蓝对抗——「CobaltStrike」应用攻击手段实例分析 https://mp.weixin.qq.com/s/9_0pLbmWqUbJ6aGEPjxvYA
腾讯安全 TXAQ2019 腾讯安全发布《零信任解决方案白皮书》 https://mp.weixin.qq.com/s/ZkuR5bDGYpXySUcuROcb7Q
正阳能量场 Sun-Energy-Field 全面了解风控数据体系 https://mp.weixin.qq.com/s/PCRzPGGBXG7cJAInylkCRg
全球技术地图 drc_iite 美国国防高级研究计划局未来网络安全研发趋势分析 https://mp.weixin.qq.com/s/gWrMODC3Rkznk-swglI0Qw
腾讯安全威胁情报中心 gh_05a6c5ec3f78 腾讯安全威胁情报中心“明厨亮灶”工程:基于域名图谱嵌入的恶意域名挖掘 https://mp.weixin.qq.com/s/LeK6QYHwd3k3UlyAuSkcZA
宽字节安全 gh_2de2b9f7d076 weblogic t3协议回显穿透nat以及获取内网地址 https://mp.weixin.qq.com/s/cwkZXWCOKYpLDK9o_J_G1w
SecPulse安全脉搏 SecPulse 一次曲折的渗透测试之旅 https://mp.weixin.qq.com/s/4bFC1GdiRZe9ygazXb1pnA
Flanker论安全 ShowMeShell Fuzzing战争: 从刀剑弓斧到星球大战 https://mp.weixin.qq.com/s/nREiT1Uj25igCMWu1kta9g
酒仙桥六号部队 anfu-360 当frida来敲门 https://mp.weixin.qq.com/s/McipoCTgtY02_6dJvRe44g
论文收割机 paper_reader 深度长文:图神经网络欺诈检测方法总结 https://mp.weixin.qq.com/s/ewzsURiU7bfG3gObzIP2Mw
全知科技 gh_0bd30f1b0430 再谈作为生产要素的数据安全 https://mp.weixin.qq.com/s/hkv4y7pQRBjLCgm3StKVSQ
CNCERT风险评估 cncertfengxianpinggu 2019年开源软件风险研究报告 https://mp.weixin.qq.com/s/VgoS1EftRFcYv9n2PJHoRg
情报分析师 qingbaofenxishi 大数据环境下安全情报融合体系构建 https://mp.weixin.qq.com/s/bjqv8zlSEl7waKHxBNIwyA
小强说 xiaoqiangcall 从STIX2.1看安全智能归来 https://mp.weixin.qq.com/s/nYV3S2oYNNnKcpvNAG751w
漏洞推送 浏览器中隐蔽数据传输通道-DNS隧道 https://mp.weixin.qq.com/s/u5HV7umrZABcgVpZ5pn6WQ
天融信阿尔法实验室 JAVA RMI反序列化知识详解 https://mp.weixin.qq.com/s/bC71HoEtDAKKbHJvStu9qA
lymmmx 已知邮箱,求手机号码? https://mp.weixin.qq.com/s/XvMruURNVWBkEwxvnPSW1g
电子商务电子支付国家工程实验室 gjgcsys 物联网场景下的白盒加密技术 https://mp.weixin.qq.com/s/y8FNDtuJIIiYmZDLTxuL_g
ipasslab 学术报告,协议模糊测试相关技术梳理 https://mp.weixin.qq.com/s/RCpAUpFEzbSewEnWpHrsqw
IMKP TrustMatrix_KP 用SASE加速零信任网络交付 https://mp.weixin.qq.com/s/OjHgQGrJWfueu4AfxES9Hg
网信中国 cacweixin 网络安全审查办法 https://mp.weixin.qq.com/s/nAjbLxdDnflhc_89y0e01Q
安全狗 safedog2013 在网络安全领域应用机器学习的困难和对策 https://mp.weixin.qq.com/s/j7vuiAWz6kY4ePsjb5EtDw
人工智能架构 基于大数据的Uber数据实时监控(Part 1:Spark机器学习) https://mp.weixin.qq.com/s/mr-007pdIzOXPDaAUha1Ww
caoz的梦呓 caozsay 谈谈工作和学习中,所谓的主动性 https://mp.weixin.qq.com/s/qB9phQwF8NulwSGINQz3yA
谛听ditecting 2019年工业控制网络安全态势白皮书 https://mp.weixin.qq.com/s/phcpafQnNBnyQ10FOcSriQ
百度安全应急响应中心 baidu_sec 构建企业级研发安全编码规范 https://mp.weixin.qq.com/s/PNvCvV4gYJkfIsKJ1ccneA
雷神众测 thorsrc 近源渗透测试之USBninja实战 https://mp.weixin.qq.com/s/qCA-6zXbwpj8nyn5791zfg
白帽汇 baimaohui888 打“怪”升级的靶场——Vulfocus https://mp.weixin.qq.com/s/ArDDWYuc1A64qUzeyPRzZA
安全研究与实践 secsky001 体系化的WAF安全运营实践 https://mp.weixin.qq.com/s/BiH23k7xAeuwb5wwaOEKVw
qz安全情报分析 lookvul 关于防守方封IP的一些想法 https://mp.weixin.qq.com/s/pgaTlc8LoUvH7RtgeKCBrg
VIPKID安全响应中心 vk_src 【技术分享】基于数据流的越权检测 https://mp.weixin.qq.com/s/FC6ROeMAdGUxkjVjFd914A
中国警察网 zgjcwcpd 公安部公布十起侵犯公民个人信息违法犯罪典型案件 https://mp.weixin.qq.com/s/3P4zEOepOxBETOcvBYhpDA
中国白客联盟 China_Baiker 渗透中的后门利用 https://mp.weixin.qq.com/s/EfzSC979qQqXxXLZsV9LpA
vessial的安全Trash Can vx_security 移动基带安全研究系列文章之概念与系统篇 https://mp.weixin.qq.com/s/YYicKHHZuI4Hgyw25AvFsQ
VMware中国研发中心 vmwarechinard 使用FATE进行图片识别的深度神经网络联邦学习 https://mp.weixin.qq.com/s/wlB8Hz4nTgz9zEP3OEQDAQ
美团安全应急响应中心 复杂风控场景下,如何打造一款高效的规则引擎 https://mp.weixin.qq.com/s/m4jFHUP3JYF9Z8TUxi9UIg
中睿天下 zorelworld 干货,一次对钓鱼邮件攻击者的溯源分析 https://mp.weixin.qq.com/s/-v7-M05Qyob5Rpzm_9lPQQ
信息通信技术与政策 caict_dsc APT供应链攻击防护应对分析及意义 https://mp.weixin.qq.com/s/qGMRjCeIyHSHk_aXI8Fxbg
中国信息安全 chinainfosec 专题·原创 , 国际网络安全应急响应体系介绍 https://mp.weixin.qq.com/s/1_cJGTpH4dU780K6qngkjQ
404 Not F0und 我对安全与NLP的实践和思考 https://mp.weixin.qq.com/s/_q5s1fHc0DB3feSd4gQZyw
锦行信息安全 jeeseensec 浅析HTTP走私攻击 https://mp.weixin.qq.com/s/IMZrvJGQjcLBZS74kMWRnA
网安国际 inforsec 【InForSec通讯】安全漏洞报告的差异性测量 , Usenix Security2019 https://mp.weixin.qq.com/s/h6xLJyqybGASORugqsvmgg
关注安全技术 heresecurity 常见的web容器后门笔记 https://mp.weixin.qq.com/s/-cmM1k3--H6p1ditfQHPEw
360CERT CERT-360 “震网”三代和二代漏洞技术分析报告 https://mp.weixin.qq.com/s/qc25c_nuUax6UoknAVLrAw
大路咨询 daluzixun 中国工业网络安全厂商综合能力概览(2020年第1期) https://mp.weixin.qq.com/s/6i17MV8T3rou8j0rY-ZbIQ
国防科技要闻 CDSTIC 2021财年DARPA预算概况及发展动向解析 https://mp.weixin.qq.com/s/yEsrMmI0BpvllXaf3TBWkw
网络安全观 SecurityInsights 网络安全架构 , 建立安全架构方法的指导框架 https://mp.weixin.qq.com/s/_s3eOdO2AufZtTQdyVK6NA
深澜深蓝 漏洞分析视角下的CVE-2020-0796漏洞 https://mp.weixin.qq.com/s/Cn0bF7xG6ESCP2iVYiaW2g
中国保密协会科学技术分会 2020 Unit 42 IoT威胁报告(汉译版) https://mp.weixin.qq.com/s/40fgfbuwa2c5jp6e5vbnxQ
黑金笔谈 heijinbitan 网络威胁检测技术NTA https://mp.weixin.qq.com/s/DYqFKBIj1BKwDzTpnO_tHg
落水轩 基于开源情报解密美国雷神山火神山 https://mp.weixin.qq.com/s/OCAK5byqIvXttqxxSQmDkQ
盘古实验室 PanguLab 微信远程攻击面简单的研究与分析 https://mp.weixin.qq.com/s/yMQN3MciI-0f3mzz_saiwQ
小米安全中心 misrc_team IoT上SSL安全开发小结 https://mp.weixin.qq.com/s/rSXqBCFmawLg_oYYVKecLQ
冷渗透 黑产研究之秒拨IP https://mp.weixin.qq.com/s/XL6XO-FBHq37H1h-iMwV4w
JohnDoe爱学习 俄罗斯情报部门代号一览(Top Secret) https://mp.weixin.qq.com/s/2FnrR5qsm9BTlAS_SeKrzw
GoCN golangchina 「开源发布」 滴滴内部监控系统 Nightingale 开源啦 https://mp.weixin.qq.com/s/Wo_em4yB5dRPvFecma4bkw
零队 加载远程XSL文件的宏免杀方法 https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247483758&idx=1&sn=1bd0006d16747389046058ea34c3b7b7&chksm=fcb783ebcbc00afd694b7a2ee10ad32aff0a534963878541ee17974ffee29c63342f4e617661&token=1823181969&lang=zh_CN#rd
AI科技评论 aitechtalk 如何以初学者角度写好一篇国际学术论文? https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g
赵武的自留地 写在Goby新版发布前,讨论网络安全测试工具的发展 https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA
山丘安全攻防实验室 hillsec 一篇文章带你从XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23
安全乐观主义 SDL已死,应用安全路在何方? https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw
PolarisLab PolarisLab Bypassing Crowdstrike Falcon 1:大力出奇迹 https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ
PeckShield PeckShield 硬核:解密美国司法部起诉中国OTC承兑商洗钱案件 https://mp.weixin.qq.com/s/wWrm3gwT72Pc8Nxw-1OiSw
星阑科技 StarCrossCN PHP 开源白盒审计工具初探(上) https://mp.weixin.qq.com/s/gklKcFRR5erB2rdjr3BTUQ
君哥的体历 jungedetili 终端安全运营年度笔记 https://mp.weixin.qq.com/s/cHYu7Ayni5mkjWpn6_XrwA
PaperWeekly paperweekly 文本分类和序列标注“深度”实践 https://mp.weixin.qq.com/s/afO58DDDZGb5w_EEG8oW6Q
爱奇艺技术产品团队 iQIYI-TP 爱奇艺在日志实时数据监控的探索与实践 https://mp.weixin.qq.com/s/wal_BVdp8yunXXPFpUy-gw
工业菜园 gycy-2019 菜农观点 , 陆宝华:关于智慧城市安全的讨论 https://mp.weixin.qq.com/s/1-xpgttndYIXGkyspTIp1w
哈工大SCIR HIT_SCIR 赛尔笔记 , 机器阅读理解简述 https://mp.weixin.qq.com/s/Rm1uFunX9IRQaL_rUAZxfQ
银河安全实验室 Galaxy-Lab 尝试利用Cython将Python项目转化为单个.so https://mp.weixin.qq.com/s/YRKY7FgLFw-w4QIlrNd-FA
云众可信 yunzhongkexin 原创干货 , Java代码审计之跨站脚本攻击 https://mp.weixin.qq.com/s/lQNixguOJahjM-AXvPoHqQ
青衣十三楼飞花堂 burp pro 2020.2 https://mp.weixin.qq.com/s/WXdEvc0p04KjyOlmb4qtRg
永安在线反欺诈 YongAnOnline 业务安全蓝军测评标准白皮书 https://mp.weixin.qq.com/s/23fcilR_XhrGLWSaKv21zA
小议安全 xiaoyianquan 零信任架构远程办公实战 https://mp.weixin.qq.com/s/Kgm0wuPeQHX7fJoUondz4Q
安天 Antiylab 安天对“超高能力网空威胁行为体”系列分析回顾 https://mp.weixin.qq.com/s/N0LxStDpc6GyzpyszYnguQ
Tide安全团队 TideSec 远控免杀专题(30)-Python加载shellcode免杀-8种方式(VT免杀率10-69) https://mp.weixin.qq.com/s/HyBSqrF_kl2ARaCYAMefgA
物联网IOT安全 IOTsafety Cobalt Strike|从入门到入狱 https://mp.weixin.qq.com/s/WAqgHn0DrXerEeow131w4Q
大潘点点 dapandiandian 网安产业结构和动力分析——从合规型向能力型 https://mp.weixin.qq.com/s/V6P-6X_fnw_kvHWMxtqwLg
Bypass Bypass-- 常见的Web源码泄漏漏洞及其利用 https://mp.weixin.qq.com/s/2sjGHIiLICxHl91xIqdXfg
道法术 利用CodeQL寻找Java Deserialization Vulnerabilities https://mp.weixin.qq.com/s/wlDWTxXHjbZJqmzLCM-z_w
安恒信息安全研究院 入侵分析钻石模型学习笔记 https://mp.weixin.qq.com/s/akb1SLiXj8ts3-RxiXks2w
字节跳动技术团队 toutiaotechblog 字节跳动自研万亿级图数据库 & 图计算实践 https://mp.weixin.qq.com/s/uYP8Eyz36JyTWska0hvtuA
七夜安全博客 qiye_safe linux无文件执行— fexecve 揭秘 https://mp.weixin.qq.com/s/Hywbb1ZnRo6n4gFFp5rbcQ
奇安信安全服务 红队实战攻防技术分享:Linux后门总结-各类隐藏技能 https://mp.weixin.qq.com/s/B5cam9QN8eDHFuaFjBD34Q
数说安全 SSAQ2016 谈谈2020年RSA创新沙盒10强及其对中国创业者的价值 https://mp.weixin.qq.com/s/z0xsJGSMWbQy60_QmArmQA
悬剑武器库 WebShell免杀之JSP https://mp.weixin.qq.com/s/YJtfQTvowVr2azqBWGla1Q
DJ的札记 DJ_notes 创新沙盒,罕见领域分布的背后 - RSAC 2020 (1) https://mp.weixin.qq.com/s/ExGnLLzd1wBDksGFfimULw
腾讯御见威胁情报中心 2019勒索病毒专题报告 https://mp.weixin.qq.com/s/DzfUlKXkkMuBJS0UrdboSw
网络空间安全军民融合创新中心 jmrh1226 从美国防部“2021财年预算提案” 看美军网络空间建设趋势特点 https://mp.weixin.qq.com/s/ysG4z8UrfEZTlBovGTWcZw
360企业安全集团 “美女与野兽”,Transparent Tribe启用新资产对印度空军发起特定攻击 https://mp.weixin.qq.com/s/YY2h73A6KiFjnfjsJtWGNQ
互联网安全内参 anquanneican RSAC 2020创新沙盒十强分析:应用安全、云安全为技术热点方向 https://mp.weixin.qq.com/s/UFlsR8NBFYpHUUWuJG-nPQ
网信防务 CyberDefense 从APTX系列报告解读看攻防能力建设路径 https://mp.weixin.qq.com/s/EtgeZJj6EHid_qb2QMSHSw
网信军民融合 wxjmrh 研究探讨 , 军工领域建设网络安全攻防靶场平台的思路 https://mp.weixin.qq.com/s/UmW3WCtDIOWw1bXfJnLnhg
安全客 anquanbobao GitHub敏感数据泄露报告 https://mp.weixin.qq.com/s/6RELktZJF2pn4rL-0-Y7Jw
ChaMd5安全团队 chamd5sec CTF学习交流群 第五期writeup大放送 https://mp.weixin.qq.com/s/Gw-H40A06y5CzpSJkQ4DfQ
绿盟科技研究通讯 nsfocus_research 零信任原生安全:超越云原生安全 https://mp.weixin.qq.com/s/hOcMlzQJ4jPlROc4Rvvk5Q
白日放歌须纵9 从产品视角重新定义“检测”和“分析” https://mp.weixin.qq.com/s/oq3T1fSKAHeDfWZNpciXSw
湛卢工作室 xuehao_studio 除夕 , ATT&CK红队评估实战靶场vulnstack https://mp.weixin.qq.com/s/vmUqdSbZXh6698R8IHoOyw
中国计算机学会 ccfvoice CCCF译文 , 工业级知识图谱:经验与挑战 https://mp.weixin.qq.com/s/4Fdpik3EtEng-ri_7tGM0A
APT攻击 cncg_team 对zimbra邮服认证机制的一些探索 https://mp.weixin.qq.com/s/u-p6_srzby1bbejqClmf-A
SecWiki SecWiki SecWiki安全周刊-2019年卷 https://mp.weixin.qq.com/s/SMP8oljiNkABclpVfKux3w
漏洞战争 vulwar 从研究者的视角看Fuzzing技术发展30年 https://mp.weixin.qq.com/s/rSoQvFhuv8R2kA3efbpJxA
贝塔安全实验室 BetaSecLab 某大学渗透测试实战靶场报告-Part2 https://mp.weixin.qq.com/s/L9LsSwRWDuZedAZQjz0YvA
知识工场 fudankw 肖仰华: 知识图谱下半场-机遇与挑战 https://mp.weixin.qq.com/s/IW4rBc7Z9f2ByKjQR2MTjw
电科防务 CETC-ETDR 世界网络战领域2019年发展回顾与2020年展望 https://mp.weixin.qq.com/s/Mx3H2Za7hI9ZZIaZedmXBQ
我的安全视界观 CANI_Security 【SDL最初实践】安全测试 https://mp.weixin.qq.com/s/WO089RBiLuaHMzQ4yTMnUg
Ms08067安全实验室 Ms08067_com 内网漫游之SOCKS代理大结局 https://mp.weixin.qq.com/s/uKLjW-6Y39wAvLn7bENb7A
虎符智库 情报内生:高级威胁检测的必要条件 https://mp.weixin.qq.com/s/U3XKIh0ffdzuCJihnJL7Lw
FreeBuf freebuf Go语言代码安全审计分享 https://mp.weixin.qq.com/s/8Ju05hYCYk6bOgkvjtP11A
ADLab v_adlab ThinkPHP6任意文件操作漏洞分析 https://mp.weixin.qq.com/s/UPu6cE20l24T6fkYOlSUJw
数世咨询 数世咨询:中国网络安全能力图谱(2020年1月) https://mp.weixin.qq.com/s/Qwhr6SlzFDqHB2b6Q6awdw
鱼塘领路人 KingofSaltedFish 威胁情报系列(一):什么是威胁情报 https://mp.weixin.qq.com/s/f9G818SGijdfS13KjLnFoA
编程技术宇宙 ProgramUniverse DDoS攻击:无限战争 https://mp.weixin.qq.com/s/JTr1-5nPtseAYXfvJdamVg
平凡路上 科恩面试与实习感想 https://mp.weixin.qq.com/s/GiIIUZbzq2IOp5-arkUCfg
heysec bloodzer007 日志分析系列(外传三):平台安全性 https://mp.weixin.qq.com/s/T2ejCKe8G1E8Ims1AKoi7Q
软件安全智能并行分析实验室 学术报告,针对物联网设备的模糊测试概述 https://mp.weixin.qq.com/s/pbOOkxrV0HJFzQicJ0m6Cg
腾讯安全智能 TX_Security_AI 大数据安全分析平台搭建&相关经验分享 https://mp.weixin.qq.com/s/hvLN83rPiNLw6cmrYDRPpA
腾讯安全应急响应中心 tsrc_team 物联网安全系列之远程破解Google Home https://mp.weixin.qq.com/s/4kO3pU_tCDZmgj2CkROzMg
绿盟科技 NSFOCUS-weixin 基于ATT&CK+SOAR的运营实践 https://mp.weixin.qq.com/s/Z1sAbpSYZXYBO5qpgvjXlQ
看雪学院 ikanxue CVE-2017-11882理论以及实战样本分析 https://mp.weixin.qq.com/s/d3owzqQFhHNVoPFIyxWZsQ
水滴安全实验室 EversecLab 2019僵尸网络DDoS攻击监测总结 https://mp.weixin.qq.com/s/FGt-y3KxGPRP-FT2ubDOZA
时间之外沉浮事 tasnrh 商业网络培训靶场的发展态势综述 https://mp.weixin.qq.com/s/Cjd7CCR0kZESP2GHX1oOvQ
新一代信息科技战略研究中心 casitclic DARPA发布战略框架文件《保障国家安全的突破性技术和新能力》 https://mp.weixin.qq.com/s/D23I3qEpMs8eOFKy8w2RJg
安全引擎 SecEngine Java动态类加载,当FastJson遇上内网 https://mp.weixin.qq.com/s/ou3L-IU1CNr9EGkpjH2u0w
安全学术圈 secquan 恶意域名检测中的流量特征分析 https://mp.weixin.qq.com/s/rvPo_ufBwvdAUoVIv__xCg
奇安信威胁情报中心 2019年移动安全总结 https://mp.weixin.qq.com/s/p41sAdGJzHx-CuulwycMJw
关键基础设施安全应急响应中心 CII-SRC 原创 , IPv6地址扫描方法研究综述 https://mp.weixin.qq.com/s/N87PZ783qY1JBe5Xm_tDsg
中通安全应急响应中心 ZTO_SRC 中通安全开源项目之分布式被动安全扫描 https://mp.weixin.qq.com/s/VwhALBXqIPOh87Ll3ISVHQ
专注安管平台 谈谈情报引领的安全体系建设落地 https://mp.weixin.qq.com/s/uLP2DzH5W2PcLCKZl7Cpsw
SudoNLP 2019年NLP领域总结回顾 https://mp.weixin.qq.com/s/7ROSm_wQNMAKLWUR0djVLQ
FEEI 一个安全工程师的2019 https://mp.weixin.qq.com/s/rr2f1RxFTjLSGlqxaG-aog
白帽子的成长之路 whitehat_day CTF比赛中Linux环境中绕过受限的shell或bash环境的多种方式 https://mp.weixin.qq.com/s/O7n93QpLwuCCQySpZe-CkA
腾讯科恩实验室 KeenSecurityLab 在Tesla Model S上实现Wi-Fi协议栈漏洞的利用 https://mp.weixin.qq.com/s/rULdN3wVKyR3GlGBhunpoQ
穿过丛林 优秀博士系统能力培养(PPT) https://mp.weixin.qq.com/s/9zKM6hQZOYRjr5IeawgsKA
安全喷子 云安全的未来 https://mp.weixin.qq.com/s/MfjRfJ04fnRY8gI5s6BA8g
Gcow安全团队 Gcow666 游荡于中巴两国的魅影——响尾蛇(SideWinder) APT组织针对巴基斯坦最近的活动以及2019年该组织的活动总结 https://mp.weixin.qq.com/s/CZrdslzEs4iwlaTzJH7Ubg
维他命安全 VitaminSecurity 维他命2019大盘点之安全事件/漏洞篇 https://mp.weixin.qq.com/s/AsVZawBtipQzSdgJHt7eiw

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
thelinuxchoice 恶意Android apk生成器GetDroid v1.3发布(反向Shell),请注意分析和防范。 https://github.com/thelinuxchoice/getdroid http://twitter.com/linux_choice Twitter: @linux_choice None None 112 0 38 4200 5 Python,Shell,HTML 1600 626
Neo23x0 开源日志数据分析工具sigma更新了现有的ATT&CK技术参考 SigmaHQ/sigma#845 https://github.com/NextronSystems #DFIR #Python #YARA #Golang #SIEM #SOC #Sigma #Malware None @NextronSystems 83 0 121 1800 15 Python,Batchfile,Java 2600 687
jas502n CVE-2020-2551 Weblogic RCE with IIOP https://github.com/jas502n/CVE-2020-2551 https://twitter.com/jas502n 1.misc 2.crypto 3. web 4. reverse 5. android 6. pwn 7. elf Hong Kong jas502n 235 0 379 1600 343 Python,C,Shell,Java 302 129
3gstudent 利用 Python3 快速枚举 Active Directory 用户 https://github.com/3gstudent/pyKerbrute// https://3gstudent.github.io/ good in study,attitude and health None None 79 0 170 1600 14 Python,Batchfile,PowerShell,C++ 640 214
CHYbeta Web安全学习的一个github库 https://github.com/CHYbeta/Web-Security-Learning https://twitter.com/chybeta China XMU 27 0 1600 1400 122 Python,HTML 2700 807
CHEF-KOCH KMS-activator - 关于 Windows 激活机制研究的一个项目 https://github.com/CHEF-KOCH/KMS-activator https://github.com/microsoft Former @microsoft and @NVIDIA employee. Since 2018 NTT-Security. Interested in privacy/security, gaming & demoscene related topics. Lausanne CKs Technology News 125 0 4100 1400 127 Python,C,Batchfile,JavaScript,Pascal 590 145
mattifestation 用于辅助构建、审计、部署 Windows Defender Application Control (WDAC) 策略的工具 https://github.com/mattifestation/WDACTools http://www.exploit-monday.com/ None None 26 0 9 1100 1 PowerShell 653 167
ionescu007 TpmTool - TPM NV Space Access Tool https://github.com/ionescu007/tpmtool// https://github.com/aionescu VP of EDR Strategy at CrowdStrike President of Winsider Seminars & Solutions, Inc. Follow me at @aionescu on Twitter and http://www.alex-ionescu.com None Winsider Seminars & Solutions Inc. 22 0 0 1100 1 C,C++ 1100 193
FuzzySecurity 基于 Electron 为 Frida 编写一个 UI 界面 https://github.com/FuzzySecurity/Fermion/blob/master/CHANGELOG.txt http://www.fuzzysecurity.com/ None None 16 0 0 1100 0 C#,JavaScript,PowerShell 1800 595
vanhauser-thc 如何在 AFL++ 的 QEMU 模式下使用 persistent 运行模式 https://github.com/vanhauser-thc/AFLplusplus/blob/master/qemu_mode/README.persistent.md https://www.mh-sec.de/ Security researcher since 1994 https://www.mh-sec.de/ https://www.thc.org/ https://twitter.com/hackerschoice Berlin The Hackers Choice , mh-sec , me , myself 26 0 54 851 21 Batchfile,C,HTML,C++ 3500 963
random-robbie 一款用于检查SSRF漏洞的fuzz工具。 https://github.com/random-robbie/ssrf-finder https://www.what-security.co.uk Bug Bounty Hunter that appears in your searches! Soz not Soz! Raise an Issue if you wish to contact me do not email me! Wirral UK None 232 0 295 696 113 Python 554 212
tandasat 在 Hyper-V 环境中测试 UEFI https://github.com/tandasat/MiniVisorPkg/blob/master/Docs/Testing_UEFI_on_Hyper-V.md http://standa-note.blogspot.ca/ Engineer @standa_t Vancouver, Canada None 58 0 19 668 3 C,C++ 777 245
klionsec RedTeamer: 红方人员作战执行手册 https://github.com/klionsec/RedTeamer https://huntingday.github.io MITRE , ATT&CK 中文站 [email protected] 6 0 91 629 14 Shell,HTML 352 85
lirantal Awesome Node.js Security resources https://github.com/lirantal/awesome-nodejs-security#static-code-analysis https://github.com/snyksec 🥑 Developer Advocate @snyksec , @nodejs Security WG , @jsheroes ambassador , Author of Essential Node.js Security , #opensource #web ❤ Tel Aviv, Israel @snyk 240 0 695 621 271 JavaScript 2600 108
grayddq ScanCVE: 监控Github上CVE增量 https://github.com/grayddq/ScanCVE None 一位喜欢原创的安全工作者! None None 17 0 0 587 0 Python 844 265
404notf0und AISec 17~19 届会议的 Papers https://github.com/404notf0und/AI-for-Security-Paper https://www.4o4notfound.org 欢迎关注公众号:404 Not F0und,专注于Cyber-Security and Data-Analysis Hangzhou,China Ant Financial 17 0 96 575 17 Python,Jupyter,TSQL 703 160
tanjiti 2019安全技术资讯年报 https://github.com/tanjiti/sec_profile/blob/master/README_YEAR_2019.md http://tanjiti.com/ #Network Security Monitor #threat intelligence  #waf #ids #iOS App Security #Android App Security #game security shanghai baidu 17 0 6 552 171 Python,PHP,HTML,Perl 385 174
0x09AL A native backdoor module for Microsoft IIS https://github.com/0x09AL/IIS-Raid https://twitter.com/0x09AL None MDSec 126 0 150 552 26 Go,C#,Ruby,C++ 679 149
qazbnm456 awesome-web-security: List of Web Security materials and resources https://github.com/qazbnm456/awesome-web-security https://www.patreon.com/boik https://www.boik.com.tw/ Taiwan None 109 0 1100 550 20 Python,JavaScript 4700 907
TheKingOfDuck ApkAnalyser: 一键提取安卓应用中可能存在的敏感信息 https://github.com/TheKingOfDuck/ApkAnalyser https://blog.gzsec.org/ 一个废物 V1g6VGhlS2luZ09mR2FHYUdh None 36 0 190 515 26 Shell,Python,JavaScript,HTML,Go,PowerShell 1600 653
pyn3rd Apache Tomcat + MongoDB 远程代码执行Poc公布 https://github.com/pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution https://twitter.com/pyn3rd Hangzhou None 10 0 0 505 3 Python,Batchfile,Java 172 60
unamer 之前被用于 WizardOpium APT 攻击行动的 CVE-2019-1458 Windows LPE 漏洞的 Exploit https://github.com/unamer/CVE-2019-1458 http://127.0.0.1/phpMyAdmin <script>alert(Hello world)</script> C:\Windows\ None 39 0 35 499 4 Python,C,C++ 748 359
moonbingbing OpenResty 最佳实践 https://github.com/moonbingbing/openresty-best-practices None None 360 30 0 49 465 5 Python,Lua,C,Perl 2900 726
blackorbird 伊朗 APT 组织攻击活动 DUSTMAN 的分析报告 https://github.com/blackorbird/APT_REPORT/blob/master/International%20Strategic/Iran/Saudi-Arabia-CNA-report.pdf http://blackorbird.com APT hunter threat analyst https://twitter.com/blackorbird https://twitter.com/blackorbird 51 0 112 352 36 Python,C,C++ 702 239
woj-ciech LeakLooker X - 数据库/源码泄漏监控工具 https://github.com/woj-ciech/LeakLooker-X None None None 15 0 0 306 0 Python,Go,JavaScript,CSS 1100 227
alephsecurity QEMU 的 Aleph Research fork 版本,用于运行 iOS 系统 https://github.com/alephsecurity/xnu-qemu-arm64 https://alephsecurity.com/ Security Research None HCL Technologies 14 0 0 292 0 Python,C,Shell,Java 419 49
mhaskar Python 编写的 C&C Server,可以通过 HTTP/S 控制 PowerShell Agent https://github.com/mhaskar/Octopus https://shells.systems Hacker and Python developer , OSCP and OSCE certified. Amman iSecur1ty 46 0 40 290 12 Python,C 269 61
djhohnstein SharpChromium - 用于从 Chromium 系列浏览器中获取 Cookie、访问历史、网站登录凭据等敏感信息的工具 https://github.com/djhohnstein/SharpChromium https://github.com/specterops Operator at SpecterOps. Kali Contributor. Seattle, WA @specterops 123 0 10 288 6 C#,VBScript,C++ 104 23
alphaSeclab DBI(Dynamic Binary Instrumentation:动态二进制插桩)逆向有关的资源收集 https://github.com/alphaSeclab/DBI-Stuff None None None 17 0 38 288 0 1600 264
irsdl 历年Web hacking技巧大全 https://github.com/irsdl/top10webseclist https://soroush.me/ @irsdl (Twitter), UK, The Contrived World of InfoSec >abcd @MDSecLabs (Twitter) 27 0 43 269 0 Python,C#,Java 430 120
0xZ0F Windows x64 平台逆向分析教程 https://github.com/0xZ0F/Z0FCourse_ReverseEngineering https://0xz0f.github.io/ Security Researcher & Exploit Dev. United States of America Z0F 19 0 4 235 0 C++ 3500 244
HyperSine QQ安全中心 - 动态口令的生成算法 https://github.com/HyperSine/forensic-qqtoken None None None 19 0 1 228 0 Python,C,C++ 251 97
haidragon haidragon/KiwiVM-1: virtualization encryption software for mobile applications https://github.com/haidragon/KiwiVM-1 http://weibo.com/haidragon QQ交流群 : 826038086 中国 北京 None 1200 0 57 227 532 C,JavaScript,C++ 87 31
jvoisin php-malware-finder – Detect Potentially Malicious PHP https://github.com/jvoisin/php-malware-finder https://dustri.org None None 19 0 158 226 8 C,PHP,C++ 12600 2200
guhe120 guhe 对 Windows RPC Marshalling 溢出漏洞(CVE-2020-1281)的分析 https://github.com/guhe120/Windows-EoP/blob/master/CVE-2020-1281/CVE-2020-1281.pdf None None None 8 0 0 225 0 Python,HTML,Java 80 11
hahwul Powerfull XSS Scanning and Parameter analysis tool https://github.com/hahwul/XSpear https://www.hahwul.com Security engineer, Rubyist, Gopher and... H4cker Republic of Korea None 47 0 64 222 10 Python,Go,Ruby 396 115
ioncodes 在 VS Code 中调试 IDA idapython 脚本的插件 https://github.com/ioncodes/idacode https://twitter.com/layle_ctf Hacker in the streets, reverse engineer in the sheets. Thats how it works, right? Here None 264 0 1800 203 33 C#,Python,Ruby 209 29
sailay1996 AMD User Experience Program Launcher 本地提权漏洞分析(CVE-2020-8950) https://github.com/sailay1996/amd_eop_poc https://heynowyouseeme.blogspot.com/ Twitter: @404death , https://www.hackthebox.eu/profile/1467 Myanmar None 177 0 4 197 0 Python,C,Shell,Batchfile 432 69
Wenzel awesome-virtualization: Collection of resources about Virtualization https://github.com/Wenzel/awesome-virtualization None Security Researcher , VMI hypervisor-level debugger Paris, France None 110 0 363 192 104 Python,Ruby,Rust 517 103
Leezj9671 渗透测试和安全面试的经验之谈 https://github.com/Leezj9671/Pentest_Interview http://neversec.top 2018 newly graduated student. Web pentester/Python coder. 公众号: NeverSec Shenzhen,CN None 45 0 95 178 0 Python,JavaScript,Dockerfile 891 207
Kelvinhack ThreadSpy - 基于硬件实现的 Thread Hijacker https://github.com/Kelvinhack/ThreadSpy https://github.com/Tencent @Tencent Ex Anti-Cheat Researcher @microsoft Security Researcher II Vancouver Microsoft 40 0 18 176 1 C,C++ 229 85
LeadroyaL shadowsocks redirect attack exploit https://github.com/LeadroyaL/ss-redirect-vuln-exp https://www.leadroyal.cn Android & Pwn. ZJU ZJU 29 0 44 162 7 Python,Java,C++ 178 28
citronneur rdp-rs: Remote Desktop Protocol in RUST https://github.com/citronneur/rdp-rs https://github.com/airbus-cert Toulouse, France @airbus-cert 24 0 284 159 102 Python,C#,JavaScript,Rust 1200 305
nshalabi SysmonTools - 用于为 Sysmon 提供可视化 UI 和配置的工具套件 https://github.com/nshalabi/SysmonTools http://nosecurecode.com #InfoSec Manager, #Programmer. Following the digital [chaos] and threats landscape. My opinions are my own. Follow me @nader_shalabi and http://nosecurecode.com Australia nosecurecode.com 5 0 162 143 16 C#,HTML,Java,C++ 694 145
ddz Decrypt WhatsApp encrypted media files https://github.com/ddz/whatsapp-media-decrypt https://github.com/cashapp Securing @cashapp at @square. Prev: Co-founder/CTO @capsule8, @trailofbits. Co-author “The Mac Hacker’s Handbook,” “iOS Hacker’s Handbook,” etc. Brooklyn, NY @cashapp 4 0 0 143 0 Go,Nix,Shell 423 44
threedr3am Java安全相关的漏洞和技术demo https://github.com/threedr3am/learnjavabug https://threedr3am.github.io None None 30 0 159 142 27 Java 514 102
wcventure MemLock: Memory Usage Guided Fuzzing https://github.com/wcventure/MemLock-Fuzz https://wcventure.github.io/ Computer Software and Theory, Software Engineering, Machine Learning, Formal Method, Program Analysis, Software Verification, Cyber Security. Shenzhen, Guangdong Province, China, 518060 Shenzhen University 15 0 98 138 14 Python,C,Batchfile 244 36
jacobsoo 研究员 Jacob Soo 分享的关于恶意软件分析的几篇笔记 https://github.com/jacobsoo/Shared// None None None 63 0 0 136 23 Python,HTML,Jupyter 131 47
WalterInSH 风险控制笔记,适用于互联网企业 https://github.com/WalterInSH/risk-management-note http://walterinsh.github.io Po Shanghai None 30 0 678 134 86 Java 489 211
theLSA emergency-response-checklist:应急响应指南 https://github.com/theLSA/emergency-response-checklist http://www.lsablog.com I like network security,penestration and programming(python,c/c++,php,java,ect),welcome to communicate with me! China None 38 0 36 133 35 Python 281 77
dayt0n 64-bit iOS boot image patcher written in C https://github.com/dayt0n/kairos http://dayt0n.com 19. iOS and OS X tinkerer. Computer Science at UAH. United States None 37 0 43 132 47 Python,C,Shell,C++ 23 7
gobysec Goby新一代安全测试工具 https://github.com/gobysec/Goby http://gobies.org Goby - Make Cybersecurity More Effective The new generation of network security technology None Goby 7 0 1 128 0 Python,Go 73 9
guimaizi testing_wave: 被动式web扫描器 https://github.com/guimaizi/testing_wave http://www.guimaizi.com/ None None 5 0 31 125 2 Python,HTML 313 81
euphrat1ca security_w1k1: 安全相关资源列表 https://github.com/euphrat1ca/security_w1k1 None Thousands Times polar None 79 0 498 120 40 Python,Go,Ruby 343 119
dwisiswant0 一款可以用于检查IP地址是否属于Cloudflare https://github.com/dwisiswant0/cf-check// https://github.com/kitabisa Security Engineer id_ID @kitabisa 165 0 473 119 12 Go,Python,Shell,PHP 105 26
ChanChiChoi 人脸识别相关的 Papers 收集 - Awesome Face Recognition https://github.com/ChanChiChoi/awesome-Face_Recognition http://www.cnblogs.com/shouhuxianjian/ China None 21 0 184 110 51 Python,Jupyter 1800 495
itm4n PrivescCheck - 用于探测 Windows 是否存在可以被用于本地提权的错误配置 https://github.com/itm4n/PrivescCheck https://itm4n.github.io/ Pentester Paris None 8 0 27 109 11 VBA,PowerShell,C++ 321 87
brompwnie A HTTP PoC Endpoint for cve-2020-5260 https://github.com/brompwnie/cve-2020-5260/ https://twitter.com/brompwnie Keyboard wrangler ⌨️ None None 29 0 16 91 169 Go,Shell 269 25
beader 首届中文NL2SQL挑战赛决赛第3名方案+代码 https://github.com/beader/tianchi_nl2sql None 上海 None 20 0 396 90 3 Python,Shell,Jupyter 148 57
angelwhu 基于JVM-Sandbox实现RASP安全监控防护 https://github.com/angelwhu/jvm-rasp http://www.angelwhu.com/ wuhan whu 71 0 307 89 33 Python,C,PHP,Java 21 8
insightglacier Apache Shiro 反序列化漏洞扫描与利用工具 https://github.com/insightglacier/Shiro_exploit http:/www.shellpub.com Security Research Beijing Shellpub 65 0 352 87 220 Python,C,PHP,CSS,C++ 44 26
JavierOlmedo Joplin markdown 笔记软件被发现 XSS 任意文件读漏洞(CVE-2020-9038) https://github.com/JavierOlmedo/CVE-2020-9038// https://hackpuntes.com 👨‍💻 Security Researcher & Ethical Hacker Toledo, Spain None 117 0 753 86 230 Python,JavaScript,Visual,HTML,Go,CSS 186 38
omergunal Predict attacker groups from the techniques and software used https://github.com/omergunal/Attacker-Group-Predictor https://ogunal.com Turkey None 18 0 52 85 17 Python 2000 229
StrangerealIntel DailyIOC: IOC from articles, tweets for archives https://github.com/StrangerealIntel/DailyIOC None None None 2 0 2 83 0 YARA,JavaScript 280 44
Flangvik BetterSafetyKatz: SafetyKatz dynamically fetches the lates... https://github.com/Flangvik/BetterSafetyKatz https://twitter.com/Flangvik Nerd that spend way to much time at this stuff Norway None 23 0 38 82 1 C#,Python 234 50
NoorQureshi Kali Linux 渗透测试手册 https://github.com/NoorQureshi/kali-linux-cheatsheet https://github.com/RocketChat #Hackers Are Real, Monsters are real too. They live inside us, and sometimes, They Win. None @RocketChat 187 0 106 81 37 Python,Shell 288 116
BatchDrake SigDigger - 基于 QT 编写的数字信号分析工具 https://github.com/BatchDrake/SigDigger http://actinid.org I code for fun. Interested in reverse engineering, astronomy, microkernel design, radio and digital signal processing. EA1IYR Madrid, Spain None 25 0 5 81 4 C,CSS,C++ 95 13
Captainarash X86架构圣经指南手册。 https://github.com/Captainarash/The_Holy_Book_of_X86 https://twitter.com/H4UL4 Computing Offsets \x00 Helsinki, Finland None 6 0 19 80 6 JavaScript,C++ 492 101
DimitriFourny macOS/iOS CVE-2019-6207 内核信息泄漏的 PoC 代码 https://github.com/DimitriFourny/cve-2019-6207 https://dimitrifourny.github.io French security researcher. None None 17 0 70 69 6 Python,C,C++ 62 13
ReddyyZ GhostShell - 一款开源恶意软件,具有 Bypass AVs、VMs、以及 Sandboxes 的实现 https://github.com/ReddyyZ/GhostShell https://www.youtube.com/c/fantasmanosistema Im a young programmer, 13 years old, and Im always looking for knowledge. Brazil None 32 0 138 68 13 Python,C,Shell 160 58
zsdlove Hades - 静态代码脆弱性检测系统 https://github.com/zsdlove/Hades None None None 126 0 193 62 16 Python,Java,Smali 163 41
wooyunwang Fortify: 源代码漏洞の审计 https://github.com/wooyunwang/Fortify http://www.52pwn.club/ A strange guy who will make the world a better place! California Google Inc. 27 0 15 60 14 Python,C#,Java,PowerShell 322 104
insanitybit grapl: Graph platform for Detection and Response https://github.com/insanitybit/grapl http://insanitybit.com New York None 69 0 27 60 0 Rust 275 21
SoftwareGift CVPR2019 面部识别欺骗检测比赛的代码 https://github.com/SoftwareGift/FeatherNets_Face-Anti-spoofing-Attack-Detection-Challenge-CVPR2019 None I am a graduate student at Huazhong University of Science and Technology, focusing on mobile network design and face anti-spoofing. None None 64 0 738 60 12 Python,C++ 563 194
bohops GhostBuild - MSBuild launchers for various GhostPack/.NET projects https://github.com/bohops/GhostBuild http://bohops.com None None 9 0 31 59 2 Python,PowerShell 105 17
smodnix This challenge is Inon Shkedys 31 days API Security Tips. https://github.com/smodnix/31-days-of-API-Security-Tips https://smodnix.codes Experienced in Web related technologies and interested in security aspects as well. None None 30 0 450 58 582 801 106
BeetleChunks ManageEngine OpManger 任意文件读漏洞 PoC(CVE-2020-12116) https://github.com/BeetleChunks/CVE-2020-12116 None OSCP, Red Teamer, Pentester, Developer, Hacker None None 11 0 62 58 3 Python,C,PowerShell 277 73
ph4ntonn Impost3r -- 悄悄偷走sudo密码的小偷 https://github.com/ph4ntonn/Impost3r None The wheel turns,nothing is ever new 0x7F000001 Unknown 35 0 38 57 21 C,Shell,Python,JavaScript,HTML,Go 226 40
mai-lang-chai CMS、中间件漏洞检测利用合集 https://github.com/mai-lang-chai/Middleware-Vulnerability-detection https://mai-lang-chai.github.io 🗝 under Control😎 None None 19 0 15 57 8 Python 93 32
FoxHex0ne 作者开源了博客中提到的监控 Hyper Call 的工具 https://github.com/FoxHex0ne/BlogHyperV None None None 8 0 0 57 0 Python,Java,C++ 98 25
maxpl0it IE 浏览器 JS 脚本引擎 CVE-2020-0674 漏洞的 Exploit https://github.com/maxpl0it/CVE-2020-0674-Exploit https://twitter.com/maxpl0it Security researcher from the South East of England. South East, England None 10 0 0 55 0 Python,C,HTML 84 24
mike-goodwin owasp-threat-dragon-desktop: 威胁建模工具 https://github.com/mike-goodwin/owasp-threat-dragon-desktop https://github.com/OWASP UK @OWASP 24 0 1 54 1 Shell,JavaScript,HTML,CSS 398 88
pventuzelo WARF - WebAssembly Runtimes Fuzzing project https://github.com/pventuzelo/wasm_runtimes_fuzzing https://webassembly-security.com/ Independent Security Researcher, Trainer of WebAssembly & Rust Security, mainly focused on Fuzzing, Vulnerability Research, Reversing & Binary analysis Paris, France Independent Security Researcher 40 0 254 53 55 Python,WebAssembly,JavaScript,HTML,Rust 230 38
vavkamil Damn Vulnerable WordPress - 用于研究 Wordpress 漏洞的一个项目 https://github.com/vavkamil/dvwp https://vavkamil.cz Czechia None 13 0 1100 51 22 Python,PHP,TSQL 56 9
EddieIvan01 iox: 端口转发 & 内网代理工具 https://github.com/EddieIvan01/iox/blob/master/docs/README_CN.md http://iv4n.cc/ 127.0.0.1 None 36 0 55 51 16 Go,Python,Scheme 115 23
ollypwn GitHub 出现疑似昨天微软修复的 CVE-2020-0601 证书验证欺骗漏洞的 PoC https://github.com/ollypwn/cve-2020-0601 None https://twitter.com/ollypwn Copenhagen, Denmark None 2 0 0 49 0 C,Ruby 574 149
zrax Decompyle++ - Python 字节码反编译工具 https://github.com/zrax/pycdc None None None 45 0 24 48 7 C++ 736 164
lightswitch05 php-version-audit - 根据 PHP 版本检测已知漏洞 https://github.com/lightswitch05/php-version-audit None None None 42 0 32 47 22 Python,PHP 82 13
CTF-MissFeng bayonet: SRC资产管理系统 https://github.com/CTF-MissFeng/bayonet None None None 3 0 57 46 0 Python 443 87
gerhart01 Hyper-V internals researches (2006-2019) https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md https://hvinternals.blogspot.com/ None None 6 0 124 45 0 Python,C,HTML,C++ 80 17
nafod nafod 公开了自己 VMware UHCI ZDI-19-421 漏洞的 Exploit https://github.com/nafod/advent-vmpwn// None None None 15 0 117 44 24 C,JavaScript 5 1
0xricksanchez HITB 2020 Lockdown 会议 《Fuzz 文件系统的实现》议题的代码与 PPT https://github.com/0xricksanchez/fs-fuzzer http://0x434b.dev Trying to advance in the areas of IT-Sec, reversing and hacking. Also doing administrative jobs @ www.0x00sec.org @0xricksanchez None 14 0 395 44 46 Python,Shell,CSS 10 4
cedowens macOS 平台一款类似 Seatbelt 的工具,可以用于渗透阶段提取系统的各类信息 https://github.com/cedowens/SwiftBelt https://medium.com/red-teaming-with-a-blue-team-mentaility offensive security engineer None None 27 0 0 39 3 Python,Swift 52 12
sahilmgandhi IotShark - Monitoring and Analyzing IoT Traffic https://github.com/sahilmgandhi/IotShark http://www.sahilmgandhi.com Distributed and Big Data Systems @ UCLA UCLA None 29 0 21 38 31 C,Java,Python,JavaScript,C++,HTML 42 7
assafmo joincap: Merge multiple pcap files together, gracefully. https://github.com/assafmo/joincap https://github.com/enigmampc Israel @enigmampc 25 0 270 35 18 Go,JavaScript 140 12
Qftm Handbook of information collection for penetration testing and src https://github.com/Qftm/Information_Collection_Handbook https://qftm.github.io/ CTFer,Pentester,BugBountyHunter,Security Researcher,Mobile Security and Development Internet None 7 0 53 35 35 Python,HTML,JavaScript,PHP,C++ 254 56
p1g3 JSONP-Hunter: JSONP Hunter in Burpsuite https://github.com/p1g3/JSONP-Hunter None None None 8 0 16 34 0 Python,Shell,HTML 60 11
lilang-wu p-joker - 用于分析 iOS/macOS 内核 Kernelcache 与扩展的工具 https://github.com/lilang-wu/p-joker None None None 32 0 11 29 13 Python,C 40 19
Wangpeiyi9979 IE-Bert-CNN: 百度2019语言与智能技术竞赛信息抽取模型 https://github.com/Wangpeiyi9979/IE-Bert-CNN None 我可以做到,我必须做到,我做的最好。 ChengDu,SiChuan,China TianJin University 22 0 27 29 18 Python,Jupyter 101 28
ATpiu asset-scan: 甲方企业的外网资产周期性扫描监控系统 https://github.com/ATpiu/asset-scan None Penetration Test/Gopher/App Sec/ICS Sec None None 100 0 292 28 119 Go,Python 40 6
kabeor 有研究员总结的 Unicorn CPU 模拟器的非官方 API 文档 https://github.com/kabeor/Micro-Unicorn-Engine-API-Documentation https://kabeor.cn Hello,Computers ! SiChuan,China SWUST 11 0 79 27 0 HTML,C++ 41 16
yusufqk SystemToken: Steal privileged token to obtain SYSTEM shell https://github.com/yusufqk/SystemToken None Twitter: @ZupOctopus None None 5 0 6 26 37 Python,C,JavaScript 112 24
linhaow TextClassify: 基于预训练模型的文本分类模板 https://github.com/linhaow/TextClassify http://公众号:纸鱼AI USTC 上海-徐汇 南七技校&字节跳动intern 3 0 5 26 359 Python 66 25
Ascotbe Medusa: 美杜莎扫描器 https://github.com/Ascotbe/Medusa https://www.ascotbe.com/ 在?来个女朋友?喵喵喵? 一切都是命运石之门的选择 None 12 0 75 26 1 Python,HTML,C++ 125 24
threat-hunting Awesome Threat Detection and Hunting library https://github.com/threat-hunting/awesome_Threat-Hunting None Sweden None 42 0 5 25 16 JavaScript,Java 228 46
NomadCN112 ATT&CK 框架图中文翻译版 https://github.com/NomadCN112/Chinese-translation-ATT-CK-framework None 憨批独眼小子 (如果可以的话,谁愿意拿命去战斗呢) None None 15 0 10 25 2 Python,C# 131 37
cbwang505 Windows CardSpace 服务符号链接导致任意文件替换漏洞 Exploit https://github.com/cbwang505/CVE-2020-1066-EXP https://blog.csdn.net/oShuangYue12 始于C#,精于C&C++,醉心于Windows内核与Com组件安全研究 China ZheJiang Ningbo ZheJiang Guoli Security Technology 30 0 17 24 5 C,C++ 43 9
S1lkys XAMPP 本地提权漏洞分析(CVE-2020-11107) https://github.com/S1lkys/CVE-2020-11107/ None None None 27 0 1 23 0 Python,Shell 12 3
yoava333 Bug on the Windshield - Fuzzing the Windows kernel,来自 OffensiveCon 2020 会议 https://github.com/yoava333/presentations/blob/master/Fuzzing%20the%20Windows%20Kernel%20-%20OffensiveCon%202020.pdf None None None 15 0 16 22 0 Go,Java,Rust 17 1
yardenshafir KernelDataStructureFinder - 在内核 lookaside 链表中搜索数据结构的工具 https://github.com/yardenshafir/KernelDataStructureFinder None None None 5 0 2 22 0 C,C++ 40 20
ody5sey Voyager: 安全工具集合平台 https://github.com/ody5sey/Voyager None None None 3 0 1 21 0 Python,HTML 147 61
Cl0udG0d 碎遮SZhe_Scan Web漏洞扫描器 https://github.com/Cl0udG0d/SZhe_Scan None 愿你在冷铁卷刃前,得以窥见天光 重庆 CQUT 10 0 5 21 2 Python 141 39
sisoc-tokyo Real-time detection of high-risk attacks leveraging Kerber... https://github.com/sisoc-tokyo/Real-timeDetectionAD_jornal None None None 23 0 2 20 0 Python,HTML 71 9
m4yfly 基于正则的VSCode代码审计插件 https://github.com/m4yfly/vscode-maudit https://aiyo.xyz None None 29 0 398 20 39 Python,Dockerfile,TypeScript,JavaScript 43 14
guibacellar DNCI - 将 .NET 代码远程注入到非托管进程中 https://github.com/guibacellar/DNCI https://theobservator.net Security Researcher and Machine Learning Specialist, researching in fraud detection, cyber espionage and artificial intelligence areas. Brazil None 11 0 10 20 0 C#,Python,CSS 74 30
mrlnc 禁用LTE网络安全性-商业网络中的配置错误安全研究分享。 https://github.com/mrlnc/LTE-ciphercheck None Research Assistant & PhD student. Mobile Network Security at Ruhr-Universität Bochum. Bochum, Germany Ruhr-Universität Bochum 15 0 26 18 30 C++ 36 13
MisakiKata Python 代码审计 https://github.com/MisakiKata/python_code_audit https://misakikata.github.io 企业安全,Python,红队,渗透等 Shanghai None 16 0 30 18 31 Python,C,Shell,Java,HTML 19 6
3xp0rt Sorano恶意软件加载器源代码泄漏 https://github.com/3xp0rt/SoranoBot https://twitter.com/3xp0rtblog Ukraine None 10 0 10 18 3 C#,C,HTML 10 10
rootsecdev ChromeOS Security Notes,包含一份 MIT 对 ChromeOS 的分析报告 https://github.com/rootsecdev/ChromeOS None None None 16 0 1 16 0 Batchfile,Ruby 75 8
GuoKerS 基于协程的CVE-2020-0796快速检测脚本 https://github.com/GuoKerS/aioScan_CVE-2020-0796 https://o0o0.club 好好学习,天天向上。 Guang Xi None 43 0 281 15 41 Python,C#,HTML,PowerShell 10 5
LakeVilladom goSkylar: 基于Golang开发的企业级外网端口资产扫描 https://github.com/LakeVilladom/goSkylar None None None 107 0 140 14 2 Go,Shell,JavaScript 38 21
xscorp pingfisher: A ping detection tool for linux https://github.com/xscorp/pingfisher None I am a computer science noob who loves programming and cyber security stuff. I believe in self learning and hard work rather than miracles :-) None None 10 0 3 13 0 Python,PHP,Hack 18 2
qianxiao996 CTF-Tools: 一款Python+Pyqt写的CTF编解码工具 https://github.com/qianxiao996/CTF-Tools http://blog.qianxiao996.cn 博客:blog.qianxiao996.cn None None 35 0 193 13 4 Python,C#,HTML 15 8
open-source-rs The-Cyber-Intelligence-Analyst-Cookbook https://github.com/open-source-rs/The-Cyber-Intelligence-Analyst-Cookbook None None None 8 0 0 13 2 Python,PHP 34 7
chrivers 三星SSD固件文件解密工具Samsung Firmware Magic发布 https://github.com/chrivers/samsung-firmware-magic http://christianiversenit.dk Denmark Iversen IT 23 0 15 13 6 Python,HTML,Smarty 135 20
renzu0 nw-tips: Win内网_域控安全 https://github.com/renzu0/nw-tips None None None 31 0 2 12 2 Python,TypeScript 3 2
onSec-fr 基于 HTTP 协议的异步反弹 Shell https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell None Cybersecurity Enthusiast. None None 4 0 7 12 1 C#,Shell,PowerShell 78 20
whitehatnote BlueShell: 红蓝对抗跨平台远控工具 https://github.com/whitehatnote/BlueShell?from=timeline None None None 1 0 4 9 0 Go 71 10
aforensics HiddenVM — Use any desktop OS without leaving a trace. https://github.com/aforensics/HiddenVM None None None 1 0 0 9 0 Shell 836 31
chompie1337 有研究员公开了一个三星 S8 手机利用 CVE-2019-2215 漏洞 Bypass DAC + SELinux + Knox/RKP 保护机制的完整 Exploit https://github.com/chompie1337/s8_2019_2215_poc None None None 1 0 1 7 0 C 28 10
afilipovich 用于 Google Safe Browsing API 交互的 Python 库 https://github.com/afilipovich/gglsbl None Olomouc None 10 0 31 7 4 Python,JavaScript 66 30
HE-Wenjian CVE-2019-14615 - Intel iGPU 信息泄露漏洞的分析文档和 Demo 代码 https://github.com/HE-Wenjian/iGPU-Leak None PhD Candidate Hong Kong HKUST: Hong Kong Univ. of Science and Technology 4 0 40 7 7 C,HTML 8 2
karkason PyWinSandbox - Python 实现的将进程放到 Sandbox 环境运行的工具 https://github.com/karkason/pywinsandbox None None None 3 0 19 6 7 Python,C++ 61 3
Tera0017 APT组织TA505所使用的SDBbot RAT解包工具发布,支持x86和x64 https://github.com/Tera0017/SDBbot-Unpacker None I dont get it. None None 3 0 0 6 0 Python 38 4
AlanChou unofficial PyTorch implementation of the paper Adversarial Training for Free! https://github.com/AlanChou/Adversarial-Training-for-Free None My research interests lie in weakly supervised learning and adversarial attack/defense. Im also interested in optimization with imbalanced or noisy data. Hsinchu City None 5 0 199 6 9 Python 13 9
A2kaid Get-WeChat-DB: 获取目标机器的微信数据库和密钥 https://github.com/A2kaid/Get-WeChat-DB https://www.dongzt.cn/ 二进制萌新 北京 None 33 0 134 6 14 Python,C,C++ 44 7
chip-red-pill 有研究员利用 Intel Atom CPU 的 Local Direct Access Test (LDAT) DFT 特性 Dump Microcode Sequencer ROM https://github.com/chip-red-pill/glm-ucode https://github.com/h0t Research Team Members: Dmitry Sklyarov (@Dmit), Mark Ermolov (@markel_), Maxim Goryachy (@h0t) Moscow None 2 0 0 5 0 Python 12 1
Martyx00 Assistant plugin for vulnerability research https://github.com/Martyx00/VulnFanatic None None None 4 0 2 5 0 Python,Objective-C,Shell 26 4
weizman WhatsApp Desktop 0.3.9309 之前版本 XSS 漏洞分析 https://github.com/weizman/CVE-2019-18426 http://www.weizmangal.com javascript expert and web security enthusiastic :) Israel https://www.perimeterx.com 8 0 3 4 1 JavaScript 5 1
reddelexc Top disclosed reports from HackerOne https://github.com/reddelexc/hackerone-reports None Russia Kontur 2 0 30 4 0 Python 89 21
Equationliu ImageNet 图像分类对抗攻击 No.3 solution https://github.com/Equationliu/Attack-ImageNet None None None 9 0 19 4 1 Python 2 1
zj1244 beholder:一款监控端口变化的系统 https://github.com/zj1244/beholder_scanner None None 10 0 60 3 3 Python,C,HTML,Java 6 5
ztosec Hunter 中通DevSecOps闭环方案 https://github.com/ztosec/hunter None None None None 0 0 0 0 0 Python,Go,Java 0 0
zodiacon 基于 Event Tracing for Windows (ETW) 而不再依赖驱动实现的 Process Monitor https://github.com/zodiacon/ProcMonXv2 http://scorpiosoftware.net Israel None 68 0 0 0 0 C#,C,C++ 1100 296
zhutougg 内网渗透测试常用工具收集 https://github.com/zhutougg/Awesome-Intranet_pentest_tool None None None 69 0 0 0 0 Python,C#,Java 39 9
zer0yu Awesome CobaltStrike https://github.com/zer0yu/Awesome-CobaltStrike http://zeroyu.xyz/ RedTeam@PolarisLab / CTFer@kn0ck None None 40 0 0 0 0 Python,HTML 626 111
ze0r Windows Win32k CVE-2020-17057 漏洞 PoC https://github.com/ze0r/cve-2020-17057// None None None 49 0 0 0 0 PowerShell,C++ 127 60
zbnio zbn: 安全编排与自动化响应平台 https://github.com/zbnio/zbn None None None None 0 0 0 0 0 Python 0 0
yifengyou QEMU KVM学习笔记. https://github.com/yifengyou/learn-kvm https://github.com/yifengyou 一天不科研,浑身都难受~ ShenZhen Tencent 262 0 0 0 0 C 328 97
xiaoweiChen 《Professional CMake - A Practical Guide》的中文翻译版资源。 https://github.com/xiaoweiChen/Professional-CMake None Coder China, Zhejiang, Hangzhou None 32 0 0 0 0 JavaScript,C++ 1300 447
x1tan 用Rust编写的具有串行日志记录和调试支持的UEFI运行时驱动程序项目。 https://github.com/x1tan/rust-uefi-runtime-driver https://xitan.me hypervisors, reverse engineering None None 22 0 0 0 0 Python,Rust 29 6
withdk Pulse Secure VPN 中间人劫持漏洞分析(CVE-2020-8241、CVE-2020-8239) https://github.com/withdk/pulse-secure-vpn-mitm-research None Quant/technical enthusiast, infosec analyst, red teamer, researcher and search security award winner. @withdk on Twitter. London None 17 0 0 0 0 Python,C,PowerShell 247 62
wireapp 桌面版本 Wire 应用因使用 Electron 不当导致 RCE 漏洞 https://github.com/wireapp/wire-desktop/security/advisories/GHSA-5gpx-9976-ggpm None None None None 0 0 0 0 0 Groovy,C,TypeScript,Java,HTML,Scala,JavaScript,Shell,Objective-C,Haskell,Swift,HCL 2900 516
vxunderground vxunderground 按照不同语言收集的恶意软件源码 https://github.com/vxunderground/MalwareSourceCode https://vx-underground.org The largest collection of malware source code, samples, and papers on the internet. International None 2 0 0 0 0 Go,Assembly 2800 276
uknowsec SharpSQLDump:内网渗透中快速获取数据库所有库名,表名,列名功能。 https://github.com/uknowsec/SharpSQLDump http://uknowsec.cn 不忘初心,方得始终 Nanjing None 38 0 0 0 0 C# 936 211
ttonys 获取每日最新的CVE和CNVD漏洞 https://github.com/ttonys/Scrapy-CVE-CNVD https://www.sys71m.top/ 只见树木,不见森林 None None 5 0 0 0 0 Python,PHP,HTML,CSS 15 1
trailofbits Sienna Locomotive - 为缺乏安全经验的 Windows 开发者写的 Fuzzer https://github.com/trailofbits/sienna-locomotive None None None None 0 0 0 0 0 C,Shell,CMake,Python,Ruby,JavaScript,C++,Go,Swift,Rust 18300 1600
tothi 如何利用DLL代理进行DLL劫持 https://github.com/tothi/dll-hijack-by-proxying https://twitter.com/an0n_r0 None None 0 0 0 0 0 Python,C#,C,HTML 207 67
tomer8007 Chromium IPC Sniffer - 有研究员开发了一个监控 Chromium 浏览器命名管道通信消息的工具 https://github.com/tomer8007/chromium-ipc-sniffer None None None 6 0 0 0 0 Python,Lua,Objective-C,JavaScript,C# 81 44
tenable 用于从 IDL 接口文件中提取 RPC 接口定义的 IDA 插件 https://github.com/tenable/mIDA None None None None 0 0 0 0 0 Java,Scala,Python,C++,Vim,HTML 311 116
tech-srl Neural Reverse Engineering of Stripped Binaries using Augmented Control Flow Graphs(Paper) https://github.com/tech-srl/Nero None None None None 0 0 0 0 0 C,Assembly,Python,JavaScript,C#,Java,Jupyter 0 0
target halogen: Automatically create YARA rules from malicious do... https://github.com/target/halogen None None None None 0 0 0 0 0 Shell,FreeMarker,Scala,Python,JavaScript,C++,Haskell,CSS,Go,Ruby,Rust 1100 101
taomujian linbing: 临兵漏洞扫描系统 https://github.com/taomujian/linbing None 以色列 None 14 0 0 0 0 Python,C#,Java,HTML,Dockerfile 139 48
talos-systems Talos - 为 Kubernetes 环境准备的操作系统 https://github.com/talos-systems/talos None None None None 0 0 0 0 0 Go,Dockerfile,Vue,Makefile 1900 108
tacnetsol IOT Exploitation Ghidra Scripts https://github.com/tacnetsol/ghidra_scripts None None None None 0 0 0 0 0 Python 0 0
synacktiv 如何利用Windows内核堆栈溢出漏洞进行特权提升(Poc) https://github.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion None None None None 0 0 0 0 0 Python,C,PHP,Rust 0 0
susam UNIX命令语言(1976)资源。 https://github.com/susam/tucl https://susam.in/ None None 29 0 0 0 0 Python,C,JavaScript,Makefile,CSS 1500 66
spyre-project 基于Yara的简单IOC扫描器Spyre https://github.com/spyre-project/spyre None None None None 0 0 0 0 0 Go 0 0
sophos-ai SOREL-20M: Sophos-ReversingLabs 20 million sample dataset https://github.com/sophos-ai/SOREL-20M None None None None 0 0 0 0 0 YARA,Jupyter,Scala,Python,C++,CSS 0 0
sleirsgoevy PS4 6.72 版本固件的越狱利用代码 https://github.com/sleirsgoevy/ps4jb None None None 38 0 0 0 0 Python,C,JavaScript 379 107
sibears 用于修改 IDA HexRays AST 的工具 https://github.com/sibears/HRAST None None None None 0 0 0 0 0 Python,JavaScript,HTML,CSS 0 0
shellphish Shellphish 最近更新了 how2heap Repo,包含最新的各类堆利用技巧 https://github.com/shellphish/how2heap None None None None 0 0 0 0 0 Python,C,CSS 4100 855
seemoo-lab Frankenstein - 用于为无线设备固件提供模拟执行和 Fuzz 环境的框架 https://github.com/seemoo-lab/frankenstein/ None None None None 0 0 0 0 0 C,Shell,Jupyter,Python,JavaScript,TeX,Objective-C,HTML,MATLAB,Java 4100 296
securesystemslab Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints https://github.com/securesystemslab/agamotto None None None None 0 0 0 0 0 C,Shell,Java,Objective-C++,Python,C++,CMake,Rust 0 0
sbousseaden Windows 系统各类攻击和渗透行为的 Events 样本收集 https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES http://@SBousseaden Threat Hunting & DFIR None None 63 0 0 0 0 Python,YARA,PowerShell 974 195
samsonpianofingers RTTIDumper - 注入目标进程 Dump 虚函数表的工具 https://github.com/samsonpianofingers/RTTIDumper None A Man-Geek Interested in reverse engineering, software and web development, computer architecture and computer security. None None 15 0 0 0 0 Python,Java,C++ 3 1
saferwall saferwall: 下一代开源恶意软件分析平台 https://github.com/saferwall/saferwall None None None None 0 0 0 0 0 Go 0 0
saeidshirazi Awesome Android Security GitHub Repo https://github.com/saeidshirazi/awesome-android-security None Cyber Security Researcher canada None 22 0 0 0 0 Python,CSS 194 19
saaramar Google Quals CTF 2020 Echo PWN Challenge Writeup https://github.com/saaramar/echo_googlequals2020 https://twitter.com/AmarSaar @AmarSaar in twitter, known as amarsa None None 9 0 0 0 0 Python,C,Rust,C++ 203 41
rtcatc 一款针对Webpack等前端打包工具所构造的网站进行快速、高效安全检测的扫描工具 https://github.com/rtcatc/Packer-Fuzzer https://www.hackinn.com 嗷呜 NJI123%2MR% ç(-é$ùé&ù$$$éùù =$m$=$ None None 16 0 0 0 0 Python 535 60
rootclay NTLM-SSP: NTLM中高级进阶进阶 https://github.com/rootclay/NTLM-SSP None A man who wants to be a ... beijing Syclover 40 0 0 0 0 VBScript,HTML 460 135
ray-cp JSC JS 引擎 CVE-2020-9802 漏洞的 Exploit 代码 https://github.com/ray-cp/browser_pwn/tree/master/jsc_pwn/cve-2020-9802 https://ray-cp.github.io DONT STOP UNTIL YOURE PROUD None None 18 0 0 0 0 Python,C,C++ 263 73
rapid7 hackazon: A modern vulnerable web app https://github.com/rapid7/hackazon None None None None 0 0 0 0 0 C,Java,Python,TSQL,JavaScript,C#,Puppet,Ruby 0 0
radareorg 二进制逆向分析工具 radare2 更新 4.5.0 版本 https://github.com/radareorg/radare2/releases/tag/4.5.0 None None None None 0 0 0 0 0 C,Shell,C#,JavaScript,Makefile,C++,TeX,Python,Rust,V,Go,PowerShell,CSS 12800 2200
rabobank-cdc DeTTECT: Detect Tactics, Techniques & Combat Threats https://github.com/rabobank-cdc/DeTTECT None None None None 0 0 0 0 0 Python,CSS 0 0
r4j0x00 为 v8 FixedArray 85bc1b0cab31cc064efc65e05adb81fee814261b 编写的 Exploit https://github.com/r4j0x00/exploits/blob/master/chrome-exploit/exploit.js https://github.com/r4j0x00 I make exploits None None 14 0 0 0 0 Python,C,JavaScript,Ruby,C++ 86 39
r3nhat GRAT2 C2 - 支持 DNS Listener,HTTPS Listener https://github.com/r3nhat/GRAT2 https://medium.com/@r3n_hat Cyber Security Addicted. OSCE, OSCP, OSWP, eCPTX, eWPTX, CRTE, PACES, CEH Certified. None None 7 0 0 0 0 C#,Shell 211 52
r0eXpeR 红队中易被攻击的一些重点系统漏洞整理 https://github.com/r0eXpeR/redteam_vul None Unomi@棱角 China,ShangHai None 4 0 0 0 0 657 96
r00tSe7en Mail-Probe: 邮箱探针后台管理系统 https://github.com/r00tSe7en/Mail-Probe https://www.se7ensec.cn/ One China China NULL 27 0 0 0 0 Shell,HTML,PowerShell 5 3
qq4108863 hihttps: 一款完整源码的高性能Web应用防火墙 https://github.com/qq4108863/hihttps None None None 0 0 0 0 0 C 92 31
pyppeteer pyppeteer2 - 用于控制 Headless Chrome 的 puppeteer 的 Python 移植版 https://github.com/pyppeteer/pyppeteer2 None None None None 0 0 0 0 0 Python 0 0
pikvm 基于Raspberry Pi的开源性廉价DIY IP-KVM系统。 https://github.com/pikvm/pikvm None None None None 0 0 0 0 0 Python,C,Shell,Makefile,Batchfile 538 21
pedrib Netgear R6700v3 LAN RCE write-up and exploit https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/tokyo_drift/tokyo_drift.md https://www.agileinfosec.co.uk 1337 London, United Kingdom Agile Information Security 0 0 0 0 0 HTML,Ruby,CSS,C++ 260 79
pacman128 PC汇编语言书籍资源包。 https://github.com/pacman128/pcasm None None None 4 0 0 0 0 TeX,Python,C++,CSS 90 20
osixia 运行 OpenLDAP 的 Docker 镜像环境 https://github.com/osixia/docker-openldap None None None None 0 0 0 0 0 Shell,Dockerfile,JavaScript,Smarty,HTML,Go,PHP,Ruby,CSS 2500 692
openitsystem anonymousmail: 临时邮箱搭建解决方案 https://github.com/openitsystem/anonymousmail None None None None 0 0 0 0 0 Python,Shell,JavaScript,HTML,Vue 0 0
opencve opencve: CVE Alerting Platform https://github.com/opencve/opencve None None None None 0 0 0 0 0 Python 0 0
odedshimon BruteShark: Network Analysis Tool https://github.com/odedshimon/BruteShark http://www.linkedin.com/in/oded-shimon-6ba6721a8 Software & Cyber Engineer None None 3 0 0 0 0 C#,Python 992 126
nowsecure NowSecure 开源的基于 Frida 的 API Trace 工具 https://github.com/nowsecure/frida-trace None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,Smarty,Dockerfile,CSS 541 112
nomi-sec PoC auto collect from GitHub https://github.com/nomi-sec/PoC-in-GitHub None None None None 0 0 0 0 0 0 0
nghiadt1098 Windows 内核 CVE-2020-16889 漏洞的 PoC https://github.com/nghiadt1098/MyResearch/tree/main/CVE-2020-16889 https://www.facebook.com/nghiadt1098 Viettel Cyber Security Ha Noi, Viet Nam None 31 0 0 0 0 Java,Python,JavaScript,C++,Pascal,HTML 0 2
netzob Netzob:用于协议逆向工程,建模与模糊测试项目脚本工具。 https://github.com/netzob/netzob None None None None 0 0 0 0 0 Python 0 0
nccgroup NCC Group 为 Zerologon CVE-2020-1472 漏洞编写的 .NET 版本的 Exploit https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,C++,C#,Haskell,Shell,HCL,Elixir,Ruby,PowerShell,Rust 2200 336
nautilus-fuzz 基于 NDSS 2019 一篇 Paper 实现的一个基于 Grammar、Coverage Guided 的 Fuzzer https://github.com/nautilus-fuzz/nautilus None None None None 0 0 0 0 0 Python 0 0
napocahv Napoca - Bitdefender 开源的 Hypervisor,提供多个安全相关的功能 https://github.com/napocahv/napoca None None None None 0 0 0 0 0 C 87 22
nahamsec 为 Bug Bounty Hunters 入门整理的资料 https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters http://nahamsec.com None None 16 0 0 0 0 Python,Shell 3500 645
mytechnotalent Reverse Engineering For Everyone! https://github.com/mytechnotalent/Reverse-Engineering-Tutorial http://mytechnotalent.com Senior Software Engineer in Test Washington, DC BluVector, A Comcast Company 67 0 0 0 0 Python,C,Zeek,C++ 2500 181
mq1n 一个可以借助有物理内存读写权限的驱动实现调用任意内核函数的库。 https://github.com/mq1n/VDM// None Turkey None 1200 0 0 0 0 C++ 178 100
moonD4rk HackBrowserData: 全平台运行的浏览器数据导出解密工具 https://github.com/moonD4rk/HackBrowserData None There is no dark side in the moon. really, matter of fact its all dark. Pyongyang None 5 0 0 0 0 Go,Python 8400 1200
momosecurity bombus: 合规审计平台 https://github.com/momosecurity/bombus None None None None 0 0 0 0 0 Python,TypeScript,Vue,Java,PHP 0 0
mitre-attack Joystick :transform the ATT&CK Evaluations data into concise views https://github.com/mitre-attack/joystick None None None None 0 0 0 0 0 TypeScript,HTML,Python,JavaScript,Zeek,PowerShell 0 0
microsoft Memory Tagging 技术的安全性分析,来自 MSRC https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20memory%20tagging.pdf None None None None 0 0 0 0 0 C,TypeScript,Jupyter,C#,JavaScript,C++,Python,Go,CMake,Swift 0 0
mdsecresearch Post-Exploitation 工具如何躲避终端安全产品的检测 https://github.com/mdsecresearch/Publications/blob/master/presentations/Offensive%20Development%20-%20Post-Exploitation%20Tradecraft%20in%20an%20EDR%20World%20-%20x33fcon%202020.pdf https://www.mdsec.co.uk Public research and tools from MDSec Consulting UK MDSec 10 0 0 0 0 Python,C,Objective-C,PowerShell,Arduino 262 53
maubot 适用于maubot的GitLab客户端和Webhook接收器。 https://github.com/maubot/gitlab None None None None 0 0 0 0 0 Python,HTML 129 27
marcinguy Chrome 浏览器 Freetype 字体处理溢出漏洞 PoC(CVE-2020-15999) https://github.com/marcinguy/CVE-2020-15999// https://twitter.com/marcinguy IT Berlin, Germany None 58 0 0 0 0 Python,C 310 97
m-y-mo 利用 libprotobuf-mutator Fuzz Android 设备的 NFC 模块 https://github.com/m-y-mo/android_nfc_fuzzer None None None 20 0 0 0 0 JavaScript,Java,HTML,C++ 28 4
lpereira HardInfos是Linux操作系统检测到大多数软件与硬件的开源项目。 https://github.com/lpereira/hardinfo https://github.com/microsoft Seattle, WA @microsoft 74 0 0 0 0 Go,C 5300 2300
lostindark Driver Store Explorer - 从 Driver Store 中枚举、安装、删除 Driver Package 的工具 https://github.com/lostindark/DriverStoreExplorer None None None None 3 0 0 0 0 C# 2000 173
light8lee 2019 BDCI互联网金融新实体发现 https://github.com/light8lee/2019-BDCI-FinancialEntityDiscovery None HITSZ None 16 0 0 0 0 Python,QML,Vim 15 1
lgandx LLMNR/NBT-NS/mDNS 协议攻击工具 Responder 更新 3.0.2.0 版本 https://github.com/lgandx/Responder/releases/tag/v3.0.2.0 https://g-laurent.blogspot.com None None 5 0 0 0 0 Python 2300 382
latentgod OpenSA: 运维自动化平台 https://github.com/latentgod/OpenSA None None None 38 0 0 0 0 Python,PHP,JavaScript,Vim 6 10
kwart jd-cli:是对Java Decompiler反编译器项目命令软件包,可在win与Linux运行使用。 https://github.com/kwart/jd-cli http://javlog.cacek.cz/ Czech Republic Contractor 73 0 0 0 0 Shell,Java 318 80
kov4l3nko MEDUZA - 基于 Frida,针对越狱 iOS 系统编写的 SSL unpinning 工具 https://github.com/kov4l3nko/MEDUZA https://kov4l3nko.github.io/about/ iOS/Android reverse engineer and security researcher The country where cyberpunk won None 7 0 0 0 0 Python,JavaScript,Java,HTML 99 14
knownsec ksubdomain: 无状态子域名爆破工具 https://github.com/knownsec/ksubdomain None None None None 0 0 0 0 0 Go,Python,JavaScript 0 0
kisec Kibana CVE-2019-7609 RCE Exploit 代码 https://github.com/kisec/CVE-2019-7609?fbclid=IwAR02m1XrcGDleYn8KzrjBRuIFNXzwJumhrYi2n7zSFeq9fvPk39FxPyAyWY http://www.kisec.com Korea Information Security Education Center None 한국정보보호교육센터 25 0 0 0 0 Python,Go,Shell 13 2
kevoreilly CAPEv2: Malware Configuration And Payload Extraction https://github.com/kevoreilly/CAPEv2 https://twitter.com/CapeSandbox CAPE developer None None 8 0 0 0 0 Python,C 318 90
joinsec BadDNS: 使用公共 DNS 服务器进行多层子域名探测的极速工具 https://github.com/joinsec/BadDNS None None None None 0 0 0 0 0 Go,Python,Rust 0 0
jfmaes SharpZipRunner - 利用 D/Invokes 在内存中解密 ZIP 加密压缩的 bin 并提取 Shellcode 执行 https://github.com/jfmaes/SharpZipRunner None None None 27 0 0 0 0 C#,Python,C++ 118 17
hslatman 一些恶意软件分析会用到的工具和资源集合 https://github.com/hslatman/awesome-malware-analysis https://hermanslatman.nl None DistributIT 116 0 0 0 0 Python,Go,HTML,JavaScript 46100 11600
hi-KK ICS-Protocol-identify: 使用nmap的nse脚本对常见工控协议进行... https://github.com/hi-KK/ICS-Protocol-identify https://www.key1.top Are you OK? :D US None 0 0 0 0 0 Python,Lua,Shell 26 10
hayasec 一键辅助抓取 360 安全浏览器密码的 CobaltStrike 脚本 https://github.com/hayasec/360SafeBrowsergetpass http://hayasec.me Network Security Engineer None None 72 0 0 0 0 Python,C#,Java,C++ 110 13
hardenedlinux srcinv: source code audit tool 代码审计工具 https://github.com/hardenedlinux/srcinv None None None None 0 0 0 0 0 HTML,C,Shell,Assembly,Roff,C++,Nix,Zeek,Go 243 56
grimm-co 为 Ghidra 二进制分析工具编写脚本,辅助还原 stripped 二进制内的结构体 https://github.com/grimm-co/GEARSHIFT None None None None 0 0 0 0 0 C,Shell,Java,Python,C++,Go 0 0
googleprojectzero ProjectZero 开源的一款动态插桩库,支持对进程内的指定模块进行插桩 https://github.com/googleprojectzero/TinyInst None None None None 0 0 0 0 0 C,C#,C++,Python,HTML,Swift 0 0
google FuzzBench - Fuzzer benchmarking as a service https://github.com/google/FuzzBench None None None None 0 0 0 0 0 C,Shell,Java,Python,Kotlin,JavaScript,C++,TypeScript,HTML,Go,Rust 0 0
gloxec CrossC2 framework - 生成 CobaltStrike 的跨平台 beacon https://github.com/gloxec/CrossC2 None None None 46 0 0 0 0 Python,C,PLpgSQL 586 127
github Github Security Lab 关于 CodeQL 的分享《Bug hunting with CodeQL》 https://github.com/github/security-lab/blob/master/Meetup/2019-11/presentations/Bug%20hunting%20with%20CodeQL.pdf None None None None 0 0 0 0 0 C,TypeScript,Python,JavaScript,C++,Haskell,CoffeeScript,HTML,Shell,Go,Ruby,C# 23100 3500
ggerganov Keytap2 - 通过机器学习训练键盘击键声音,通过侧信道的方式实现 Keylogger ggerganov/kbd-audio#31 https://github.com/viewray-inc Sofia, Bulgaria @viewray-inc 34 0 0 0 0 HTML,C++ 3100 277
forest0 微信聊天记录导出工具 https://github.com/forest0/wechat_history_export None None None 5 0 0 0 0 Python,C,HTML,Jupyter,Vim 28 7
fofapro 基于 Docker 镜像的漏洞靶场平台 https://github.com/fofapro/vulfocus None None None None 0 0 0 0 0 C,Vue,Java,Python,Go,CSS 169 19
firmianay IoT-vulhub: IoT 固件漏洞复现环境 https://github.com/firmianay/IoT-vulhub https://firmianay.github.io Information Security Student & CTF Player & member of @XDSEC, @xdlinux China Xidian University 16 0 0 0 0 Python,C,Shell 2000 414
fireeye FireEye FLARE VM 开源的面向恶意软件分析和应急响应的 Windows 虚拟机 https://github.com/fireeye/flare-vm None None None None 0 0 0 0 0 C,Vue,Python,JavaScript,C++,C#,Shell,Go,Swift,PowerShell,CSS 0 0
ffffffff0x Dork-Admin: 盘点近年来的数据泄露、供应链污染事件 https://github.com/ffffffff0x/Dork-Admin None None None None 0 0 0 0 0 HTML,Java 0 0
fanglingsu Vimb- 一款Vim的web浏览器项目 https://github.com/fanglingsu/vimb https://fanglingsu.github.io/ Jena, Germany None 9 0 0 0 0 C,Shell 911 82
fabacab 蓝队最好的学习资源项目。 https://github.com/fabacab/awesome-cybersecurity-blueteam None ⚑ Ⓐnti-capitalist Free Software developer, Black Lives Matter, abolish all prisons, 0xACAB ⚑ None Code signing GPG key: 0x15FC01926CB6D75614790893B0303BF6BA36A560 197 0 0 0 0 Shell,HTML,PHP 1100 248
eugeneyan 面向产品的机器学习/数据科学相关资源 https://github.com/eugeneyan/applied-ml#anomaly-detection http://eugeneyan.com Applied Machine Learning Seattle x Singapore None 39 0 0 0 0 Python,Jupyter 819 85
eronnen 用于解析 Procmon 内部文件格式(日志文件、配置文件)的 Python 库 https://github.com/eronnen/procmon-parser None None None 0 0 0 0 0 Python,JavaScript,C++ 31 4
dushixiang Next Terminal:由Golang与React语言开发的一款HTML5的远程桌面网关终端项目,支持RDP、SSH、VNC和Telnet协议的连接和管理。 https://github.com/dushixiang/next-terminal https://www.typesafe.cn beijing None 3 0 0 0 0 Go,JavaScript 490 43
duffelhq Elixir Ecto Paginator 刚刚修复了一个 RCE 漏洞 https://github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvj None None None None 0 0 0 0 0 Shell,Python,JavaScript,HTML,Elixir,Go,Erlang 0 0
doyensec Electron.js Hacking 相关的资料收集整理 https://github.com/doyensec/awesome-electronjs-hacking None None None None 0 0 0 0 0 Python,C,JavaScript,Java,C++ 0 0
dirkjanm Zerologon - Netlogon 被发现高危漏洞,成功利用可以攻破 Windows 域控服务器。PoC 代码已被公开 https://github.com/dirkjanm/CVE-2020-1472 http://dirkjanm.io The Netherlands None 24 0 0 0 0 Python 804 144
didi Sharingan是一个基于go语言编写的流量录制回放工具,合项目重构、回归测试等。 https://github.com/didi/sharingan None None None None 0 0 0 0 0 C,Vue,Java,Python,Kotlin,JavaScript,C++,TypeScript,Objective-C,HTML,Go,CSS 15800 2200
ddzy 前端开发者学习资源。 https://github.com/ddzy/fe-necessary-book https://yyge.top Working Neusoft FE 87 0 0 0 0 TypeScript,JavaScript 1200 176
darvincisec 无需 root 和重打包,将 App 安装到克隆 App 内实现动态分析 https://github.com/darvincisec/VirtualDynamicAnalysis https://darvincitech.wordpress.com Security Researcher Singapore None 10 0 0 0 0 C,Java,Smali 93 25
danieleperera 用于在网络上收集,抓取和监视洋葱站点的扩展工具 https://github.com/danieleperera/OnionIngestor None None None 0 0 0 0 0 Python,JavaScript 25 5
dafthack CloudPentestCheatsheets: 云渗透的一些参考命令 https://github.com/dafthack/CloudPentestCheatsheets http://www.twitter.com/dafthack None None 30 0 0 0 0 Python,Go,PowerShell 1500 333
d4rk-d4nph3 勒索软件相关的报告收集 https://github.com/d4rk-d4nph3/Ransomware-Reports https://twitter.com/bh4b3sh Turing Complete CVE-2020-9000+ NT AUTHORITY\SYSTEM 25 0 0 0 0 C#,Python,Shell 31 6
cyber-research 5个国家的APT恶意软件数据集。 https://github.com/cyber-research/APTMalware None None None 2 0 0 0 0 Python 52 10
crowdsecurity Crowdsec - 一款开源的、轻量级的异常行为检测 Agent,适用于容器和虚拟机环境 https://github.com/crowdsecurity/crowdsec/ None None None None 0 0 0 0 0 Go,Lua,Shell,PHP 153 14
cpandya2909 OpenSSH 8.3p1 CVE-2020-15778 eval 注入漏洞分析 https://github.com/cpandya2909/CVE-2020-15778 None None None 4 0 0 0 0 Python,Shell,HTML 15 0
coreruleset OWASP ModSecurity核心规则集(CRS)资源合集。 https://github.com/coreruleset/coreruleset None None None None 0 0 0 0 0 Python,Shell,Dockerfile,Perl 0 0
codeplutos MySQL客户端jdbc反序列化漏洞payload https://github.com/codeplutos/MySQL-JDBC-Deserialization-Payload None None None None 0 0 0 0 0 Java,C++ 107 20
cobbr .NET 编写的一款 C&C 渗透框架 https://github.com/cobbr/Covenant https://cobbr.io Dallas, TX SpecterOps 20 0 0 0 0 C#,PowerShell 1600 307
cn0xroot 3G 版本的 Osmocom 蜂窝网络实现 https://github.com/cn0xroot/osmocom_3G https://twitter.com/cn0Xroot null 127.0.0.1 null 261 0 0 0 0 Python,C,HTML,C++ 1000 252
chriskaliX AD-Pentest-Notes: 用于记录内网渗透(域渗透)学习 https://github.com/chriskaliX/AD-Pentest-Notes https://github.com/Acmesec Astray Fin @Acmesec 10 0 0 0 0 Python,Go 318 25
checkra1n 基于 checkra1n 越狱实现的 Pre-Boot 执行环境 https://github.com/checkra1n/pongoOS None None None None 0 0 0 0 0 Objective-C 0 0
charles2gan 一款全新的 Android 反编译工具,支持 APK、DEX、ODEX、OAT、JAR、AAR、CLASS 文件格式的反编译 https://github.com/charles2gan/GDA-android-reversing-Tool https://www.zhihu.com/people/gjden Leader of a Research Team, Senior security researcher. Malware Analysis, Vulnerability Analysis, Threat Intelligence etc. None adlab 25 0 0 0 0 Python,Makefile,Java,Ruby,C 1100 152
certego PcapMonkey - 用于分析 pcap 网络数据包并从中检测威胁的工具 https://github.com/certego/PcapMonkey None None None None 0 0 0 0 0 C,Zeek,Java,Python,Dockerfile,JavaScript,Perl,Shell,Go,PHP,Ruby,PowerShell 0 0
can1357 在 Windows 内核中运行 Lua Coroutines https://github.com/can1357/NtLua https://can.ac/ Security researcher and reverse engineer; mostly interested in Windows kernel development and low-level programming. None Verilave Inc. 0 0 0 0 0 C,C++ 388 125
bsauce Linux 内核多个漏洞的 Exploit 与 Writeup https://github.com/bsauce/kernel_exploit_factory// https://www.jianshu.com/u/a12c5b882be2 2nd year Ph.D. student majoring in binary analysis. None None 25 0 0 0 0 Python,C 156 23
bobfuzzer Linux kernel 5.0.0-rc7 f2fs 文件系统溢出漏洞 PoC https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927 None None None None 0 0 0 0 0 C 21 13
blacklanternsecurity TREVORspray - 微软 Office 365 密码爆破工具 https://github.com/blacklanternsecurity/TREVORspray None None None None 0 0 0 0 0 Shell,Python,JavaScript,Visual,Go,Ruby,PowerShell,CSS 0 0
blackberry 使用python解析PE文件的开源工具PE Tree发布 https://github.com/blackberry/pe_tree None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,C++,Objective-C,Go,Ruby 22 24
beurtschipper Depix - 从截屏马赛克处理后的图片中还原原始密码 https://github.com/beurtschipper/Depix https://www.graa.nl/ None None 26 0 0 0 0 Python,C 5300 262
bb1nfosec Windows漏洞利用资源以及漏洞利用的网站参考列表总结。 https://github.com/bb1nfosec/Information-Security-Tasks/blob/master/Post%20Exploitation/Windows%20Exploitation%2C%20post%20exploitation%20sites%20for%20reference None Just another guy whom loves to play 0 and 1 . India None 0 0 0 0 0 Python,Shell,HTML,CSS 49 16
avast Radare2 插件,用于将 RetDec 反汇编工具集成进 Radare2 https://github.com/avast/retdec-r2plugin None None None None 0 0 0 0 0 Groovy,LLVM,Java,Scala,Python,Kotlin,JavaScript,C++,HTML,Go 5500 657
autoguard 汽车安全研究方向的 Paper 收集 https://github.com/autoguard/awesome-vehicle-security-and-safety http://autoguard-sec.com china autoguard 11 0 0 0 0 JavaScript 24 7
ashishb Android Security Awesome,Android 安全方向的资料整理 https://github.com/ashishb/android-security-awesome https://ashishb.net Software Engineer - SF Bay area https://ashishb.net/about/ United States None 94 0 0 0 0 Python,Go,Shell,Makefile 4800 1200
arieljt VT Code Similarity Yara Generator https://github.com/arieljt/VTCodeSimilarity-YaraGen https://twitter.com/arieljt None None 3 0 0 0 0 Python 34 6
appsecco DVNA – Damn Vulnerable NodeJS Application https://github.com/appsecco/dvna None None None None 0 0 0 0 0 Shell,Java,Python,JavaScript,C#,Visual,HTML,ActionScript,PHP,CSS 439 129
antonio-morales Hackfest - Advanced Fuzzing Workshop 的资料 https://github.com/antonio-morales/Hackfest_Advanced_Fuzzing_Workshop https://twitter.com/Nosoynadiemas None None 6 0 0 0 0 C,JavaScript,Rich 106 20
airbus-seclab Diffware - 文件、目录 Diff 工具,支持多种配置参数 https://github.com/airbus-seclab/diffware None None None None 0 0 0 0 0 C,Python,OCaml,C++,Ruby,PowerShell 1000 137
airbus-cert 一款用于处理 Event Tracing for Windows(ETW)的IDA插件 https://github.com/airbus-cert/etwbreaker None None None None 0 0 0 0 0 C,Lua,Python,C#,Go,PHP 104 9
aind-containers AinD: Android (Anbox) in Docker,在 Docker 中运行 Android apps https://github.com/aind-containers/aind None None None None 0 0 0 0 0 Dockerfile 0 0
ail-project AIL framework - Analysis Information Leak framework https://github.com/ail-project/ail-framework None None None None 0 0 0 0 0 Python 6 0
adulau ssldump - SSLv3/TLS 网络协议 Analyzer https://github.com/adulau/ssldump https://github.com/MISP Enjoy when human are using machines in unexpected ways. I break stuff and I do stuff. Europe @MISP @CIRCL @cve-search and many others 113 1 0 0 0 Python,C,HTML 127 54
WebKit WebKit 引入 JIT-Caging 特性实现细粒度的 PAC 保护机制 https://github.com/WebKit/webkit/commit/2ffeeff4dfb86a74ae695dea8671fccc423559ad None None None None 0 0 0 0 0 Makefile 0 0
TralahM Go语言黑帽子系列教程资源。 https://github.com/TralahM/blackhat-go https://github.com/tralahtek Math & C.S Major, Programmer(Lisp, Python), Data scientist, Cloud Solutions Architect, Sys Integration, Devops. Writer & Scholar, Pan-African. Nairobi, KE @tralahtek 100 1 0 0 0 Go,Python,Shell,Common 13 6
TophantTechnology ARL: 资产侦察灯塔系统 https://github.com/TophantTechnology/ARL None None None None 0 0 0 0 0 Python 0 0
T0pCyber HAWK 工具项目。该工具为安全人员快速分析收集数据工具。 https://github.com/T0pCyber/hawk https://twitter.com/T0p_Cyber Microsoft Cyber Security Consultant Cloud Forensics Wake Forest NC None 3 0 0 0 0 PowerShell 203 42
ShiHuang-ESec EHole: (棱洞)-红队重点攻击系统指纹探测工具 https://github.com/ShiHuang-ESec/EHole None None None 2 0 0 0 0 113 17
Sentinel-One 基于 Qiling 框架实现的 UEFI NVRAM 变量 Fuzzer https://github.com/Sentinel-One/efi_fuzz None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,C++,C#,Objective-C,HTML,Shell 0 0
SecurityRiskAdvisors PDBlaster - 批量从可执行文件中提取 PDB 文件路径的工具 https://github.com/SecurityRiskAdvisors/PDBlaster None None None None 0 0 0 0 0 Shell,Java,Python,JavaScript,Perl,HTML,Ruby,PowerShell 0 0
SecureAuthCorp RCE in any MS Exchange via Exchange Trusted Subsystem fortra/impacket#857 None None None None 0 0 0 0 0 C,Java,Python,JavaScript,C#,HTML,Go 0 0
SafeGroceryStore MDAT - 综合数据库攻击利用工具 https://github.com/SafeGroceryStore/MDAT None None None None 0 0 0 0 0 Java 0 0
Rvn0xsy BadCode: 恶意代码逃逸源代码 https://github.com/Rvn0xsy/BadCode https://payloads.online 知者不惑,仁者不忧,勇者不惧。 None None 11 0 0 0 0 Lua,C,C++ 282 88
RedTeamPentesting Apache Tomcat WebSocket 漏洞 (CVE-2020-13935) Exploit https://github.com/RedTeamPentesting/CVE-2020-13935 None None None None 0 0 0 0 0 Go 0 0
QAX-A-Team PandaSniper: Linux C2 框架demo https://github.com/QAX-A-Team/PandaSniper?from=timeline None None None None 0 0 0 0 0 C,Shell,Java,C#,C++,Python,Go,PowerShell 0 0
Q4n Windows WalletService 本地提权漏洞分析及利用(CVE-2020-1362) https://github.com/Q4n/CVE-2020-1362 None Professional bug writer None None 18 0 0 0 0 Python,C,C++ 144 28
ProjectorBUg Double-Free BUG in WhatsApp exploit poc.[CVE-2020-11932] https://github.com/ProjectorBUg/CVE-2020-11932 None None None None 0 0 0 0 0 C,Shell,Jupyter,Python,Visual,HTML,Go,PHP,Ruby,Prolog 0 0
PaloAltoNetworks Palo Alto 安全团队的公开 Papers 与会议 PPT https://github.com/PaloAltoNetworks/research-notes None None None None 0 0 0 0 0 C,TypeScript,Python,JavaScript,Shell,HTML,Go,PowerShell,HCL 182 87
PLSysSec haybale - 一款 Rust 语言编写的 LLVM IR 级别的符号执行引擎 https://github.com/PLSysSec/haybale None None None None 0 0 0 0 0 C,LLVM,Assembly,HTML,Python,JavaScript,Makefile,C++,Haskell,Swift,Rust 0 0
OWASP OWASP NodeGoat项目资源,了解OWASP十大安全风险,如何使用Node.js开发的Web应用程序安全问题、 https://github.com/OWASP/NodeGoat None None None None 0 0 0 0 0 Shell,Java,Python,JavaScript,Perl,HTML,Go,Ruby,CSS 0 0
NiuTrans 机器翻译:统计建模与深度学习方法 https://github.com/NiuTrans/MTBook None None None None 0 0 0 0 0 TeX,C++ 1500 565
NetSPI Evil SQL Client (ESC) - 为渗透测试设计的交互式的 SQL Server Client,支持发现数据库、访问数据、提取数据 https://github.com/NetSPI/ESC None None None None 0 0 0 0 0 Java,C#,Python,HTML,Go,Ruby,PowerShell 1100 282
NeatMonster SlabDbg - 用于辅助调试 Linux 内核 SLUB 内存管理的脚本 https://github.com/NeatMonster/slabdbg https://neat.sh/ well now I am not doing it https://twitter.com/NeatMonster_ Toulouse, France None 17 0 0 0 0 Python,Java 558 81
NVISO-BE Windows OS Hardening with PowerShell DSC https://github.com/NVISO-BE/posh-dsc-windowsserver-hardening None None None None 0 0 0 0 0 Python,Shell,JavaScript,PowerShell,C++ 0 0
NLP-LOVE 《自然语言处理入门》详细笔记 https://github.com/NLP-LOVE/Introduction-NLP http://mantchs.com/ 邮箱:[email protected] 博客:http://mantchs.com/ None None 6 0 0 0 0 Python,HTML,Jupyter 6200 2000
MythicAgents A Visual Studio Code Extension agent for Mythic C2 https://github.com/MythicAgents/venus None None None None 0 0 0 0 0 Python,C 0 0
Microsoft ApplicationInspector - 微软开源的源码分析工具 https://github.com/Microsoft/ApplicationInspector None None None None 0 0 0 0 0 TypeScript,Jupyter,C#,JavaScript,C++,Python,Objective-C,Rich,CMake,PowerShell,CSS 0 0
MalPhobic Abbadon 远控工具使用 Discord 作为 C&C https://github.com/MalPhobic/MalwareReports/blob/main/AbbadonRAT/Abbadon_RAT.pdf None None None None 0 0 0 0 0 0 0
LennyLeng SOC_Sankey_Generator: 从SOC日志中进行数据ETL与数据可视化的工具 https://github.com/LennyLeng/SOC_Sankey_Generator None None None None 0 0 0 0 0 None 0 0
LandGrey domainNamePredictor: 公司域名使用规律预测及生成工具 https://github.com/LandGrey/domainNamePredictor https://landgrey.me I learn cyber sec Shanghai None 18 0 0 0 0 Python,Java,Classic 1600 415
LIJI32 SnatchBox - macOS 沙箱逃逸漏洞的分析(CVE-2020-27935) https://github.com/LIJI32/SnatchBox None I fiddle with macOS, iOS, and Nintendo consoles. Israel None 21 0 0 0 0 Python,C,Assembly,Objective-C 657 91
KasperskyLab TinyCheck - 卡巴斯基开源的智能手机流量劫持工具 https://github.com/KasperskyLab/TinyCheck None None None None 0 0 0 0 0 C,Shell,Java,Python,Kotlin,C++,C#,PHP 0 0
Jewel591 XSSMAP-一款快速检测Web应用程序中的XSS漏洞的开源工具 https://github.com/Jewel591/xssmap http://Jewel591.fun Security operations engineer United Kingdom A security consulting firm 15 0 0 0 0 Python,C,Perl 30 5
Integration-IT Active Directory Exploitation Cheat Sheet https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet None None None 0 0 0 0 0 Ruby,PowerShell 308 55
HexHive FuzzGen: Automatic Fuzzer Generation https://github.com/HexHive/FuzzGen None None None None 0 0 0 0 0 C,Python,C++,TeX,HTML,Brainfuck 0 0
HerrSpace CCNA学习总结目录表。 https://github.com/HerrSpace/CCNA-Cheat-Sheet https://noot.geheim.org Hamburg, Germany, Earth None 34 0 0 0 0 Python,Ruby,HTML,JavaScript,Shell 59 25
FlameOfIgnis PWDB - New generation of Password Mass-Analysis https://github.com/FlameOfIgnis/Pwdb-Public https://github.com/EpicGames Junior year computer engineering student at METU/NCC. Turkey @EpicGames @NVIDIAGameWorks 0 0 0 0 0 Python,TypeScript,JavaScript,Cuda 835 325
FSecureLABS Physmem2profit 工具用于在可物理访问内存的情况下创建 LSASS 进程的 minidump https://github.com/FSecureLABS/physmem2profit None None None None 0 0 0 0 0 C,Shell,Java,Python,JavaScript,C++,C#,PowerShell 2200 584
Droidzzzio 用于枚举子域wordlist,php文件路径,html文件路径和js文件路径的开源工具 https://github.com/Droidzzzio/EnumerationList https://twitter.com/ShMalav Security Researcher Bug Bounty Hunter INDIA None 44 0 0 0 0 Python 32 8
DependencyTrack DependencyTrack: 开源软件成分分析平台 https://github.com/DependencyTrack/dependency-track None None None None 0 0 0 0 0 Vue,Java,JavaScript,CSS 595 192
DasSecurity-Labs AoiAWD: 专为比赛设计,便携性好,低权限运行的EDR系统 https://github.com/DasSecurity-Labs/AoiAWD None None None None 0 0 0 0 0 Python,PHP,HTML 0 0
DTolm VkFFT-Vulkan快速傅立叶变换库 https://github.com/DTolm/VkFFT None None None 2 0 0 0 0 C,C++ 213 6
D3VI5H4 ANTIVURUS ARTIFACTS - 有研究员对杀软检测及其 Hook 点的分析 https://github.com/D3VI5H4/Antivirus-Artifacts/blob/main/ANTIVURUS_ARTIFACTS.pdf https://twitter.com/devisharochlani ICAI , Malware , OSINT , INFJ , NERD @AXI4L , None None 1 0 0 0 0 23 7
D00MFist 与 JXA 有关的用于实现 macOS 系统攻击常驻的方法收集 https://github.com/D00MFist/PersistentJXA https://medium.com/@D00MFist None None 30 0 0 0 0 Shell,Jupyter,JavaScript,Visual,Go,CSS 109 10
CymaticsCC 恶意ELF二进制文件相似度比较及可视化 https://github.com/CymaticsCC/elf_similarity None None None 55 0 0 0 0 Python,HTML,Jupyter 2 2
ChiChou IDA-ObjCExplorer - 用于实现 Objective C classdump 的 IDA Pro 插件 https://github.com/ChiChou/IDA-ObjCExplorer https://github.com/alipay 我要卖掉我的代码 浪迹天涯 Beijing, China @alipay 68 0 0 0 0 TypeScript,Objective-C,Vue,JavaScript,C 489 109
Charmve Bluetooth-LE安全性:方法,工具和堆栈视频会议学习资源。 https://github.com/Charmve/BLE-Security-Attack-Defence https://charmve.github.io/ Research SDE at the Future Security Labs in Qihoo 360, B.E. in Electronic Engineering & B.A. in Business English at Yangzhou University Suzhou, Beijing, Shanghai, Hongkong Qihoo 360 33 0 0 0 0 Python,C,Java,C++ 6 2
Ch1ngg JCE - JSP/JPSX CodeEncode - 用于 Webshell 逃避静态查杀的辅... https://github.com/Ch1ngg/JCE https://www.ch1ng.com/ no no 24 0 0 0 0 Python,C#,ASP,Java 97 20
CERT-Polska DRAKVUF - Hypervisor 层面的恶意软件自动化分析系统 https://github.com/CERT-Polska/drakvuf-sandbox None None None None 0 0 0 0 0 C,Java,Python,JavaScript,C++,PHP 189 35
Anemone95 MLDetectVuln: AI算法解决大规模二进制程序函数相似性分析 https://github.com/Anemone95/MLDetectVuln http://anemone.top Im very vegetable. None None 0 0 0 0 0 Python,JavaScript,PHP,Vim 8 5
AdaLogics Software security paper list https://github.com/AdaLogics/software-security-paper-list https://adalogics.com We do advanced software security. Oxford, UK Ada Logics 3 0 0 0 0 Python 41 5
7Hxz233 Lilac 2020 暑期pwn培训课件 https://github.com/7Hxz233/Lilac_2020_summer_pwn None None None None 0 0 0 0 0 PostScript,C,HTML,Ruby,PHP 0 0
4x99 码小六 - GitHub 代码泄露监控系统 https://github.com/4x99/code6 None None None 2 0 1 0 0 PHP 73 14
3v4Si0N HTTP-revshell: 用于Red team练习和渗透测试者的Powershell脚本工具,通过HTTP/S协议反向链接。 https://github.com/3v4Si0N/HTTP-revshell None Security Analyst at @Deloitte Spain https://twitter.com/3v4Si0N 10 0 0 0 0 Python,C,PowerShell 205 29
360-Linton-Lab WMIHACKER:免杀横向移动命令执行测试工具(无需445端口) https://github.com/360-Linton-Lab/WMIHACKER/blob/master/README_zh.md None None None None 0 0 0 0 0 C#,VBScript 0 0
2freeman POC 会议议题 《Three Dark clouds over the Android kernel》 https://github.com/2freeman/Slides/blob/main/PoC-2020-Three%20Dark%20clouds%20over%20the%20Android%20kernel.pdf None None None 1 0 0 0 0 7 1
1d8 用于分析移动应用程序的Android VM https://github.com/1d8/Android-Analysis None None None 25 0 0 0 0 Python,C 27 8
0x36 kernel exploit for Apple iOS 13.X https://github.com/0x36/oob_events https://twitter.com/_simo36 None None 7 0 0 0 0 Python,C,Makefile 171 46
0vercl0k Symbolizer - 为进程执行 Trace、Crash Dump 提供调试符号的工具 https://github.com/0vercl0k/symbolizer https://doar-e.github.com/ US/FR None 18 0 0 0 0 Python,JavaScript,C++ 928 192
0neb1n PoC of CVE-2020-16947 (Microsoft Outlook RCE vulnerablility) https://github.com/0neb1n/CVE-2020-16947 None I wanner be the pwner. None None 11 0 0 0 0 Lua,CSS 23 14

medium 推荐

title url
利用数据分析与展示的方法研究 Windows RPC 的安全性 http://medium.com/threat-hunters-forge/extending-the-exploration-and-analysis-of-windows-rpc-methods-calling-other-functions-with-ghidra-e4cdaa9555bd
利用 Windows 的 Native 二进制程序实现数据的向外渗透 http://debugactiveprocess.medium.com/data-exfiltration-with-lolbins-20e5e9c1ed8e
使用Dexcalibur和JEB逆向工具分析Android恶意软件。 http://link.medium.com/YFOeWtKMecb
Attacking Unattended Installs on macOS http://medium.com/tenable-techblog/attacking-unattended-installs-on-macos-dfc1f57984e0
How I Found The Facebook Messenger Leaking Access Token Of Million Users http://medium.com/bugbountywriteup/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3
iOS 内核的地址随机化(ASLR)分析 http://medium.com/@bellis1000/aslr-the-ios-kernel-how-virtual-address-spaces-are-randomised-d76d14dc7ebb
Exploiting SIGRed (CVE-2020–1350) on Windows Server 2012/2016/2019 http://datafarm-cybersecurity.medium.com/exploiting-sigred-cve-2020-1350-on-windows-server-2012-2016-2019-80dd88594228
勒索软件的体系结构研究(1/2) http://medium.com/bugbountywriteup/architecture-of-a-ransomware-1-2-1b9fee757fcb
使用开放网络进行MITM WiFi攻击测试。 http://medium.com/bugbountywriteup/mitm-wifi-attacks-using-open-networks-7c0cc283524c?source=rss----7b722bfd1b8d---4
WP: 发现 SSTI 漏洞并绕过 WAF http://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae
在 Python 中调用 Objective C 代码 http://medium.com/red-teaming-with-a-blue-team-mentaility/making-objective-c-calls-from-python-standard-libraries-550ed3a30a30
TP-Link Takeover with a Flash Drive http://medium.com/tenable-techblog/tp-link-takeover-with-a-flash-drive-d493666f6b39
A Deep Dive Into Windows Scheduled Tasks and The Processes Running Them http://nasbench.medium.com/a-deep-dive-into-windows-scheduled-tasks-and-the-processes-running-them-218d1eed4cce
How I got hacked, lost crypto and what it says about Apple’s security. Part 1 http://ksaitor.medium.com/how-i-got-hacked-lost-crypto-and-what-it-says-about-apples-security-part-1-83c107beae9
IBM QRadar Java 反序列化漏洞分析(CVE-2020–4280) http://medium.com/@testbnull/cve-2020-4280-ibm-qradar-java-deserialization-anlysis-and-bypass-c3fe57207057
AssaultCube 射击游戏 RCE 漏洞分析 http://medium.com/@elongl/assaultcube-rce-technical-analysis-e12dedf680e5
Hacking HTTP CORS from inside out http://medium.com/bugbountywriteup/hacking-http-cors-from-inside-out-512cb125c528
Running JXA Payloads from macOS Office Macros http://medium.com/red-teaming-with-a-blue-team-mentaility/a-look-at-python-less-office-macros-for-macos-b1bf5c1488f1
Windows rundll32.exe 进程的深入分析 http://medium.com/@nasbench/a-deep-dive-into-rundll32-exe-642344b41e90
1-click meterpreter exploit chain with BeEF and AV/AMSI bypass http://medium.com/@bluedenkare/1-click-meterpreter-exploit-chain-with-beef-and-av-amsi-bypass-96b0eb61f1b6
利用不安全的 JSONP 调用接管 Kolesa 站点的任意账户 http://medium.com/bugbountywriteup/taking-down-the-sso-account-takeover-in-3-websites-of-kolesa-due-to-insecure-jsonp-call-facd79732e45
高速以太网ASIC的内容摘要。 http://medium.com/the-elegant-network/a-summary-of-high-speed-ethernet-asics-260637c50583
How I hacked redbus http://medium.com/bugbountywriteup/how-i-hacked-redbus-an-online-bus-ticketing-application-24ef5bb083cd?source=rss----7b722bfd1b8d---4
Ubiquiti UniFi Cloud Key Gen2 Plus 设备调试接口搭建以及管理接口漏洞分析 http://medium.com/tenable-techblog/exploring-the-ubiquiti-unifi-cloud-key-gen2-plus-f5b0f7ca688
Vault 101:Samsung CTF App逆向工程挑战赛题目。 http://medium.com/bugbountywriteup/vault-101-samsung-ctf-android-reverse-engineering-challenge-write-up-d5a2b16a9212
DHCP starvation attack without making any DHCP requests - DHCP IP 资源耗尽攻击 http://medium.com/bugbountywriteup/dhcp-starvation-attack-without-making-any-dhcp-requests-bef0022133c9
wget缓存中毒 http://medium.com/bugbountywriteup/cache-poisoning-of-wget-94a4d70104b1?source=rss----7b722bfd1b8d---4
常见的Linux权限提升手法 http://medium.com/bugbountywriteup/write-up-11-common-linux-privilege-escalation-92528853b616?source=rss----7b722bfd1b8d---4
无括号的XSS http://medium.com/@terjanq/arbitrary-parentheses-less-xss-e4a1cf37c13d
如何利用Kali下的神器Bloodhound 进行横向移动 http://medium.com/@rootsecdev/bloodhound-part-1-a-walkthrough-in-lateral-movements-and-paths-to-domain-admin-870dd05abde6
关于2020年Tor网络的安全分析第一部分 http://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
利用 .terminal 终端配置文件 Bypass macOS GateKeeper 的检查 http://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa
GraphQL 工具的常见错误配置以及如何被利用 http://link.medium.com/oiEg6EG6v5
Exploiting Imported Libraries to Bypass Cloudflare WAF http://medium.com/bugbountywriteup/exploiting-imported-libraries-to-bypass-cloudflare-waf-7aed99186c5a?source=rss----7b722bfd1b8d---4
billboard.js 2.0发布! 拥有更轻巧的体积和更高的性能。 http://medium.com/@alberto.park/billboard-js-2-0-is-out-15e84b52ab11
用于为 Android 应用提供 BLE 设备连接的 Nordic 库被发现漏洞 http://medium.com/bugbountywriteup/norec-attack-stripping-ble-encryption-from-nordics-library-cve-2020-15509-9798ab893b95
Vulnserver —第2部分(TRUN — EIP覆盖) http://medium.com/bugbountywriteup/expdev-vulnserver-part-2-46de4dd7bdde?source=rss----7b722bfd1b8d---4
介绍基于HTTP的Python脚本木马程序安全分析。 http://medium.com/bugbountywriteup/python-http-based-trojan-for-remote-system-forensics-and-privilege-transfer-ae128891b4de?source=rss----7b722bfd1b8d---4
如何在Windows环境中限制基于SMB的横向移动 http://medium.com/palantir/restricting-smb-based-lateral-movement-in-a-windows-environment-ed033b888721?source=friends_link&sk=a51a65b034ad9ef38e3c60eaeff7e331
基于Office的恶意软件分析-第二小节 http://link.medium.com/32pqJC0KX7
如何利用Unicode字符进行SQL注入 http://medium.com/bugbountywriteup/sql-injection-using-unicode-characters-8d360ead379c?source=rss----7b722bfd1b8d---4
Microsoft Access的UNC路径注入 http://medium.com/@rvrsh3ll/introduction-1d327afaf22d
请避免使用“特权”权限运行Docker http://medium.com/better-programming/escaping-docker-privileged-containers-a7ae7d17f5a1
逆向工程学习资源收录,包括技术博客、工具/插件、研究报告等 http://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed
JavaScript中的内存泄漏分析 http://medium.com/walkme-engineering/memory-in-javascript-beyond-leaks-8c1d697c655c
AMD 新发布的 Mini-PC 的 UEFI 镜像的漏洞挖掘与分析 http://link.medium.com/pazvQdeuo7
红队:如何在C#中嵌入Golang工具中的教程 http://medium.com/@shantanukhande/red-team-how-to-embed-golang-tools-in-c-e269bf33876a
关于进程令牌的原理以及利用方式-第一部分 http://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa
Pwn2Own Schneider 路径穿越漏洞的分析 http://medium.com/cognite/pwn2own-or-not2pwn-part-2-5-a-brief-tale-of-free-0days-e1df142eb815?source=friends_link&sk=42caecc5dc90e8ffc5c9aa394e41204d
索尼网站XSS漏洞 http://link.medium.com/UhLfjkZeU6
Car Hacking with Python  Part 1: 提取 GPS/OBDII/CAN Bus 的数据 http://medium.com/bugbountywriteup/car-hacking-with-python-part-1-data-exfiltration-gps-and-obdii-can-bus-69bc6b101fd1
作者给Facebook的提bug挣了$31500,一个漫长而精彩的故事。 http://link.medium.com/U0kbvLP1V6
如何开始搭建自己的网络安全实验室 http://medium.com/@robertscocca/building-a-cyber-security-lab-4874bddd056b
DOS系统文件路径魔法研究。 http://medium.com/walmartlabs/dos-file-path-magic-tricks-5eda7a7a85fa
PHP 序列化漏洞的利用 http://link.medium.com/rkOjYq6Ny6
网络取证:渗透测试查找系统后门漏洞学习方法。 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.pentesteracademy.com%2Fnetwork-forensics-finding-backdoored-system-b0b88fc23b5c
从 PDF 文件下载到 SSRF 漏洞 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fserver-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911
SpecterOps Team 关于纵深防御的系列 Blog http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fdetection-in-depth-a2392b3a7e94
从 iOS 设备越狱到应用静态分析 http://link.medium.com/KogHw50ek6
From fuzzing to remote code execution in Samsung Android http://medium.com/@social_62682/from-fuzzing-to-remote-code-execution-in-samsung-android-56cbdebcfeca
安全策略(CSP)绕过技术内容介绍。 http://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
Windows 本地提权相关的技术总结 http://medium.com/bugbountywriteup/privilege-escalation-in-windows-380bee3a2842?source=rss----7b722bfd1b8d---4
Build your first LLVM Obfuscator http://medium.com/@polarply/build-your-first-llvm-obfuscator-80d16583392b
写给入门者的 Web RCE 漏洞利用案例分析 http://medium.com/bugbountywriteup/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311?source=rss----7b722bfd1b8d---4
CVE-2020-0796 Windows SMBv3 LPE漏洞 POC详细分析 http://medium.com/@knownsec404team/cve-2020-0796-windows-smbv3-lpe-exploit-poc-analysis-c77569124c87
Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image) http://medium.com/@asdqwedev/remote-image-upload-leads-to-rce-inject-malicious-code-to-php-gd-image-90e1e8b2aada
OWASP 中提到的最严重的 API 漏洞类型 - BOLA (Broken Object Level Authorization) 是怎么回事儿 http://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2
滥用 hostPath 挂载逃逸 Kubernetes Namespace http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fkubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216
Avast 安全浏览器可以被滥用 NTFS Hardlink 特性实现本地提权 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fsidechannel.tempestsi.com%2Fvulnerability-in-avast-secure-browser-enables-escalation-of-privileges-on-windows-eb770d196c45%3F
php博客平台Typecho代码执行漏洞详细分析 http://medium.com/@knownsec404team/analysis-of-typecho-front-end-getshell-vulnerability-4c1ce43eaeaa
AWS Document Signing Security Control Bypass http://link.medium.com/4XnhSyUqo4
iOS 越狱和应用渗透必备工具 http://medium.com/@ved_wayal/jailbreak-and-stuff-kickstart-tools-and-techniques-for-ios-application-pentesting-6fa53a3987ab
详解 DeFi 协议 bZx 两次被黑始末 http://link.medium.com/uOqzbT63c4
Hacking Flask Applications,利用 Werkzeug Debugger 执行命令 http://link.medium.com/fAb3m2Zkb4
Hacking IoT devices with Focaccia-Board http://medium.com/@LucaBongiorni/hacking-iot-devices-with-focaccia-board-8c4e009ed488
利用一个小技巧绕过 Windows 10 用户组策略 http://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
战争永不改变:针对WPA3的“增强开放”的无线攻击-第1部分教程。 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fwar-never-changes-attacks-against-wpa3s-enhanced-open-part-1-how-we-got-here-71f5a80e3be7
iOS screen framebuffer 字符渲染机制研究 http://medium.com/@bellis1000/exploring-the-ios-screen-frame-buffer-a-kernel-reversing-experiment-6cbf9847365
Launching ATT&CK for ICS - 针对工控系统的 ATT&CK 框架 http://medium.com/mitre-attack/launching-attack-for-ics-2be4d2fb9b8
CyberTruck Challenge 2019中一例Android CTF题目详解 http://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530
逆向 Web Assembly (WASM) 字节码 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fanee.me%2Freversing-web-assembly-wasm-dd59eb2a52d4

medium 推荐

title url
Mapping ATT&CK Data Sources to Security Events via OSSEM https://medium.com/threat-hunters-forge/mapping-att-ck-data-sources-to-security-events-via-ossem-%EF%B8%8F-b606d99e738c
FAQs on Getting Started in Cyber Threat Intelligence https://medium.com/katies-five-cents/faqs-on-getting-started-in-cyber-threat-intelligence-f567f267348e
How Malicious Tor Relays are Exploiting Users in 2020 (Par... https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
Security Detections on Windows Events with Recurrent Neura... https://medium.com/@ditrizna/security-detections-on-windows-events-with-recurrent-neural-networks-346d0b2738fe
SSRF on Zimbra Led to Dump All Credentials in Clear Text https://medium.com/bugbountywriteup/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc
Mining DNS MX Records for Fun and Profit https://medium.com/@jason_trost/mining-dns-mx-records-for-fun-and-profit-7a069da9ee2d
Lateral Movement: PowerShell Remoting https://medium.com/@subhammisra45/lateral-movement-powershell-remoting-89da402a9885
Everything You Need to Know About IDOR https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
CATBERT — Detecting malicious emails with a bleeding-edge... https://medium.com/@sophos.ai/detecting-malicious-emails-with-a-bleeding-edge-neural-language-model-355b366d8940
ATT&CK for ICS https://medium.com/mitre-attack/launching-attack-for-ics-2be4d2fb9b8
Blind SQL Injection without an “in” https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952
The Bug That Exposed Your PayPal Password https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9

知乎 推荐

title url
浅谈安全运营平台中数据分析交互逻辑的设计 https://zhuanlan.zhihu.com/p/339629476
网络空间测绘技术之:协议识别(RDP篇) https://zhuanlan.zhihu.com/p/336936793
自然语言处理的未来十年 https://zhuanlan.zhihu.com/p/289716231
万字长文——信息安全职业生涯规划 https://zhuanlan.zhihu.com/p/250905301
Webshell研究综述:检测与对抗技术的动态博弈进展 https://zhuanlan.zhihu.com/p/259985000?utm_oi=771453567763492864
南京大学《软件分析》课程 https://zhuanlan.zhihu.com/p/136697432
DataCon2020 僵尸网络追踪第三题writeup https://zhuanlan.zhihu.com/p/186948840
有关Angr的正确学习路线 https://zhuanlan.zhihu.com/p/102582636
攻防对抗的思考(2)21分钟学会网络攻防 https://zhuanlan.zhihu.com/p/228478328
如何评价安全工作的好坏 https://zhuanlan.zhihu.com/p/226493047
攻防对抗的思考(1)网络诈骗的拱心石 https://zhuanlan.zhihu.com/p/223173210
DataCon2020 僵尸网络追踪第一题writeup https://zhuanlan.zhihu.com/p/186254809
写给技术创业者的创业思考框架 https://zhuanlan.zhihu.com/p/84058442
从现状看威胁情报发展趋势 https://zhuanlan.zhihu.com/p/183993203
人物图谱构建技术 https://zhuanlan.zhihu.com/p/166587883
记 MOSEC 2020 及上海一游 (2) https://zhuanlan.zhihu.com/p/164905986
记 MOSEC 2020 及上海一游 (1) https://zhuanlan.zhihu.com/p/163528893
从开源组件安全现状浅谈开源组件安全运营 https://zhuanlan.zhihu.com/p/164610491
多模态知识图谱 https://zhuanlan.zhihu.com/p/163278672
r3kapig:校园明星 CTF 战队的奇幻养成之旅 https://zhuanlan.zhihu.com/p/163375485
知识图谱平台化助力知识图谱行业大发展 https://zhuanlan.zhihu.com/p/159149955
方舟编译器环境支持的新浪新闻极速版APP分析 https://zhuanlan.zhihu.com/p/154438363
CTF实战特训营实训真题 https://zhuanlan.zhihu.com/p/148384035
知识图谱之知识表示篇(一) https://zhuanlan.zhihu.com/p/148785892
抱紧你的SIM卡—5G物理安全初探 https://zhuanlan.zhihu.com/p/149614674
时间序列预测方法总结 https://zhuanlan.zhihu.com/p/67832773
简单梳理一下机器学习可解释性(Interpretability) https://zhuanlan.zhihu.com/p/141013178
从Google内部安全架构设计看威胁情报与威胁狩猎的应用场景 https://zhuanlan.zhihu.com/p/129064940
谈谈蜜罐(调研)与内网安全 https://zhuanlan.zhihu.com/p/110886405
信息安全风险评估与FAIR模型学习笔记 https://zhuanlan.zhihu.com/p/108995767
多知识图谱的融合算法探索 https://zhuanlan.zhihu.com/p/105203565
2020 后区块链世界及安全的一些思考 https://zhuanlan.zhihu.com/p/102384263
知识图谱构建技术综述与实践 https://zhuanlan.zhihu.com/p/69360094
作为个体如何做安全运营 https://zhuanlan.zhihu.com/p/100610851

论坛 推荐

title url
Django CVE-2020-9402 Geo SQL注入分析 https://xz.aliyun.com/t/7403
Django SQL 注入CVE-2020-7471 漏洞详细分析原理以及 POC https://xz.aliyun.com/t/7218

论坛 推荐

title url
细说APT之Rootkit自我保护 https://xz.aliyun.com/t/8675
SQL注入渗透PostgreSQL(bypass tricks) https://xz.aliyun.com/t/8621
从mimikatz学Windows本地hash抓取 https://xz.aliyun.com/t/8601
云安全威胁检测项 https://help.aliyun.com/document_detail/191144.html
内网技巧-RDP劫持及利用hash登录 https://xz.aliyun.com/t/8574
As-Exploits: 中国蚁剑后渗透框架 https://xz.aliyun.com/t/8591
Java中js命令执行的攻与防 https://xz.aliyun.com/t/8567
从sql注入到连接3389 https://xz.aliyun.com/t/8561
记一次三层网络环境的靶场渗透 https://xz.aliyun.com/t/8519
高级的MSSQL注入技巧 https://xz.aliyun.com/t/8513
从0到tfp0第一部分:基础知识 https://xz.aliyun.com/t/8509
UEditor编辑器任意文件上传漏洞分析 https://xz.aliyun.com/t/8488
某HW行动中的一次渗透测试 https://xz.aliyun.com/t/8493
云上渗透-RDS数据库攻防 https://xz.aliyun.com/t/8451
XSS 实战攻击思路总结 https://xz.aliyun.com/t/8459
一个文件上传靶场知识总结记录 https://xz.aliyun.com/t/8435
AKSK 命令执行到谷歌验证码劫持 https://xz.aliyun.com/t/8429
实战讲解TP3框架下的渗透思路 https://xz.aliyun.com/t/8417
一次简单的内网渗透靶场实验 https://xz.aliyun.com/t/8394
利用不安全的JSONP绕过SSO实现账户接管(分析+实践) https://xz.aliyun.com/t/8350
Pickle反序列化源码分析与漏洞利用 https://xz.aliyun.com/t/8342
《透视APT》读书笔记 https://xz.aliyun.com/t/8335
CVE-2020-15148 Yii2反序列化RCE POP链分析 https://xz.aliyun.com/t/8307
记一次偶遇Adminer https://xz.aliyun.com/t/8309
bugbounty之我是如何侵入电信网络的 https://xz.aliyun.com/t/8255
记一次对某非法站点从SQL注入到整站打包与本地搭建全过程 https://xz.aliyun.com/t/8213
从剖析CS木马生成到开发免杀工具 https://xz.aliyun.com/t/8103
以OpenRASP为基础-展开来港港RASP的类加载 https://xz.aliyun.com/t/8148
针对学校内网的一次渗透测试 https://xz.aliyun.com/t/8147
TP5.0.xRCE&5.0.24反序列化分析 https://xz.aliyun.com/t/8143
无字母数字webshell总结 https://xz.aliyun.com/t/8107
浅探内网横向移动-Pass The Hash https://xz.aliyun.com/t/8117
浅谈PHP无回显命令执行的利用 https://xz.aliyun.com/t/8125
OneThink前台注入分析 https://xz.aliyun.com/t/8081
关于检测web蜜罐利用jsonp获取信息的一些想法 https://xz.aliyun.com/t/8111
实战绕过双重waf结合sqlmap tamper获取数据 https://xz.aliyun.com/t/8064
Android渗透测试HTTPS证书校验绕过 https://xz.aliyun.com/t/8047
Redis数据库在渗透中的利用 https://xz.aliyun.com/t/8018
Oracle 注入 All in ONE https://xz.aliyun.com/t/8020
PHP代码审计之旅 https://xz.aliyun.com/t/7992
Metasploit & CobaltStrike 的shellcode分析 https://xz.aliyun.com/t/7996
wireshark和威胁分析 https://xz.aliyun.com/t/7802
密码找回中的套路 https://xz.aliyun.com/t/7977
使用 CodeQL 挖掘 CVE-2020-9297 https://xz.aliyun.com/t/7979
内网渗透之应用层隧道技术 https://xz.aliyun.com/t/7956
Java代码审计 https://xz.aliyun.com/t/7945
红队攻防系列之花式鱼竿钓鱼篇 https://xz.aliyun.com/t/7958
Windows/Linux文件下载方式汇总 https://xz.aliyun.com/t/7937
浅谈短信验证码漏洞 https://xz.aliyun.com/t/7926
对Linux 提权的简单总结 https://xz.aliyun.com/t/7924
踩坑记录-DNS Beacon https://xz.aliyun.com/t/7938
渗透经验分享之SQL注入思路拓展 https://xz.aliyun.com/t/7919
Java代码审计之Struts2-001 https://xz.aliyun.com/t/7915
Powershell免杀的探索 https://xz.aliyun.com/t/7903
Linux Pam后门总结拓展 https://xz.aliyun.com/t/7902
内网渗透之ICMP隐藏隧道 https://xz.aliyun.com/t/7875
firefox-hackbar-2.2.9 自签名学习版全过程 https://xz.aliyun.com/t/7857
某cms的一次审计 https://xz.aliyun.com/t/7872
Docker逃逸小结 第一版 https://xz.aliyun.com/t/7881
记一次测试Gitlab https://xz.aliyun.com/t/7870
初探PythonOpcode逃逸 https://xz.aliyun.com/t/7828
vBulletin 5.6.1 SQL注入漏洞 https://xz.aliyun.com/t/7831
D-Link DIR815路由器缓冲区溢出漏洞再分析 https://xz.aliyun.com/t/7835
Monstra CMS RCE漏洞分析(CVE-2020-13384) https://xz.aliyun.com/t/7850
LFCMS的一次审计 https://xz.aliyun.com/t/7844
nodejs沙箱与黑魔法 https://xz.aliyun.com/t/7842
Intigriti的2020年5月XSS挑战 https://xz.aliyun.com/t/7800
基于机器学习的GitHub敏感信息泄露监控 https://xz.aliyun.com/t/7805
Django 初次尝试编写 Web 漏洞扫描器挖坑记录 https://xz.aliyun.com/t/7816
浅析域渗透中的组策略利用 https://xz.aliyun.com/t/7784
Thinkphp5代码执行学习 https://xz.aliyun.com/t/7792
codeql学习——污点分析 https://xz.aliyun.com/t/7789
红队-C2 Server基础构建 https://xz.aliyun.com/t/7758
从0学习WebLogic CVE-2020-2551漏洞 https://xz.aliyun.com/t/7725
域控提权合集 https://xz.aliyun.com/t/7726
虎符杯两道NodeJS题目的分析 https://xz.aliyun.com/t/7714
对缓存投毒的学习总结 https://xz.aliyun.com/t/7696
linux后渗透之收集登录凭证 https://xz.aliyun.com/t/7698
Rick教你写shellcode系列之邪恶的pdf https://xz.aliyun.com/t/7684
短信身份验证的安全风险 https://xz.aliyun.com/t/7638
一次Reverse出题手记 https://xz.aliyun.com/t/7619
记一次对PUBG外挂病毒的反制过程 https://xz.aliyun.com/t/7626
红队测评技巧:对公司发起OSINT https://xz.aliyun.com/t/7610
waf-bypass学习 https://xz.aliyun.com/t/7578
详述一次拿shell后的单机信息搜集和贯穿整个内网的大型横向渗... https://xz.aliyun.com/t/7538
百家cms代码审计 https://xz.aliyun.com/t/7542
CVE-2020-0796 SMB漏洞本地提权分析 https://xz.aliyun.com/t/7550
浅析接口安全之WebService https://xz.aliyun.com/t/7541
从0到1认识DNS重绑定攻击 https://xz.aliyun.com/t/7495
记一次360众测仿真实战靶场考核WP https://xz.aliyun.com/t/7547
smbghost(CVE-2020-0796)漏洞POC汇总及简单分析 https://xz.aliyun.com/t/7440
使用AFL挖掘libxml2 https://xz.aliyun.com/t/7400
Django CVE-2020-9402 Geo SQL注入分析 https://xz.aliyun.com/t/7403
Bug Bounty:绕过Google域检测 https://xz.aliyun.com/t/7384
基于tomcat的内存 Webshell 无文件攻击技术 https://xz.aliyun.com/t/7388
Cobalt Strike折腾踩坑填坑记录 https://xz.aliyun.com/t/7375
使用 Dom Clobbering 扩展 XSS https://xz.aliyun.com/t/7329
从0到1的虚拟机逃逸三部曲 https://xz.aliyun.com/t/7345
初探利用angr进行漏洞挖掘(下) https://xz.aliyun.com/t/7275
初探利用angr进行漏洞挖掘(上) https://xz.aliyun.com/t/7274
浅析CORS攻击及其挖洞思路 https://xz.aliyun.com/t/7242
SSH隧道技术在实战中的使用 https://xz.aliyun.com/t/7245
使用Suricata和ELK进行流量检测 https://xz.aliyun.com/t/7263
zeratool:基于 angr 的CTF pwn 自动化利用工具介绍 https://xz.aliyun.com/t/7224
钓鱼配合smb重放攻击 https://xz.aliyun.com/t/7234
本人在2019年对一些NodeJS问题的研究 https://xz.aliyun.com/t/7237
浅析javascript原型链污染攻击 https://xz.aliyun.com/t/7182
基于 angr 的漏洞利用自动生成之缓冲区溢出案例分析 https://xz.aliyun.com/t/7199
Rex: 自动化利用引擎分析 https://xz.aliyun.com/t/7179
那些shellcode免杀总结 https://xz.aliyun.com/t/7170
如何利用AgentSmith-HIDS检测反弹shell https://xz.aliyun.com/t/7158
记一次验签机制伪造绕过的继续渗透测试 https://xz.aliyun.com/t/7143
Stowaway--go语言编写的多级代理工具 https://xz.aliyun.com/t/7119
Empire的进攻性研究 https://xz.aliyun.com/t/7071

日更新程序

python update_daily.py