Skip to content

Latest commit

 

History

History
144 lines (124 loc) · 16.6 KB

README_202003.md

File metadata and controls

144 lines (124 loc) · 16.6 KB

202003 信息源与信息类型占比

202003-信息源占比-secwiki

202003-信息源占比-xuanwu

202003-最喜欢语言占比

微信公众号 推荐

nickname_english weixin_no title url
Bypass Bypass-- 渗透利器 , 常见的WebShell管理工具 https://mp.weixin.qq.com/s/hPyy1Z7SP6DpF5vdpoPaGQ
网络安全观 SecurityInsights 网络安全架构 , 建立安全架构方法的指导框架 https://mp.weixin.qq.com/s/_s3eOdO2AufZtTQdyVK6NA
看雪学院 ikanxue 初探HG110-B家庭网关 https://mp.weixin.qq.com/s/a_uzOzJKna3g27-JxOxj2w
深澜深蓝 漏洞分析视角下的CVE-2020-0796漏洞 https://mp.weixin.qq.com/s/Cn0bF7xG6ESCP2iVYiaW2g
中国保密协会科学技术分会 2020 Unit 42 IoT威胁报告(汉译版) https://mp.weixin.qq.com/s/40fgfbuwa2c5jp6e5vbnxQ
专注安管平台 美国联邦政府SOC建设动向(2019) https://mp.weixin.qq.com/s/8I8hM_G1AO9emXpqxdR0oA
黑金笔谈 heijinbitan 网络威胁检测技术NTA https://mp.weixin.qq.com/s/DYqFKBIj1BKwDzTpnO_tHg
落水轩 基于开源情报解密美国雷神山火神山 https://mp.weixin.qq.com/s/OCAK5byqIvXttqxxSQmDkQ
绿盟科技研究通讯 nsfocus_research 恶意软件命名与描述规范研究 https://mp.weixin.qq.com/s/KGfsmEUu_fMH9Vj3TleMMQ
盘古实验室 PanguLab 微信远程攻击面简单的研究与分析 https://mp.weixin.qq.com/s/yMQN3MciI-0f3mzz_saiwQ
白帽子的成长之路 whitehat_day 2020年开源情报(OSINT)TOP20 工具 https://mp.weixin.qq.com/s?__biz=MzI2NDY1NDg0OA==&mid=2247484049&idx=1&sn=e6e716cfcfef01956c1acc7d684d44d1
小米安全中心 misrc_team IoT上SSL安全开发小结 https://mp.weixin.qq.com/s/rSXqBCFmawLg_oYYVKecLQ
冷渗透 黑产研究之秒拨IP https://mp.weixin.qq.com/s/XL6XO-FBHq37H1h-iMwV4w
JohnDoe爱学习 俄罗斯情报部门代号一览(Top Secret) https://mp.weixin.qq.com/s/2FnrR5qsm9BTlAS_SeKrzw
GoCN golangchina 「开源发布」 滴滴内部监控系统 Nightingale 开源啦 https://mp.weixin.qq.com/s/Wo_em4yB5dRPvFecma4bkw
零队 加载远程XSL文件的宏免杀方法 https://mp.weixin.qq.com/s?__biz=MzU2NTc2MjAyNg==&mid=2247483758&idx=1&sn=1bd0006d16747389046058ea34c3b7b7&chksm=fcb783ebcbc00afd694b7a2ee10ad32aff0a534963878541ee17974ffee29c63342f4e617661&token=1823181969&lang=zh_CN#rd
AI科技评论 aitechtalk 如何以初学者角度写好一篇国际学术论文? https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g
赵武的自留地 写在Goby新版发布前,讨论网络安全测试工具的发展 https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA
腾讯御见威胁情报中心 腾讯安全威胁情报中心“明炉亮灶”工程:​自动化恶意域名检测揭秘 https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg
腾讯安全应急响应中心 tsrc_team 浅谈DDoS攻防对抗中的AI实践 https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A
山丘安全攻防实验室 hillsec 一篇文章带你从XSS入门到进阶(附Fuzzing+BypassWAF+Payloads) https://mp.weixin.qq.com/s?__biz=Mzg3MjIyNjY3MA==&mid=2247484238&idx=1&sn=242812079337b1020abf5adffa7a5b23
安恒信息安全研究院 蓝牙安全之Class of device https://mp.weixin.qq.com/s/TIYvcThrfOC40rqcy-VGCg
安全学术圈 secquan EuroS&P 2020 论文录用列表 https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ
安全喷子 威胁狩猎101文档 https://mp.weixin.qq.com/s/0hOtnTz9QrKlLivAobjU7Q
安全乐观主义 SDL已死,应用安全路在何方? https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw
PolarisLab PolarisLab Bypassing Crowdstrike Falcon 1:大力出奇迹 https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ
PeckShield PeckShield 硬核:解密美国司法部起诉中国OTC承兑商洗钱案件 https://mp.weixin.qq.com/s/wWrm3gwT72Pc8Nxw-1OiSw
道法术 2020 IoT Threat Report (简单解读版) https://mp.weixin.qq.com/s/AqUyHGLzlmrBSKfk-IxW6g
水滴安全实验室 EversecLab 物联网漏洞挖掘及利用实践:mips栈溢出 https://mp.weixin.qq.com/s/psVle6RAcTqX8VY_d4ouKg
星阑科技 StarCrossCN PHP 开源白盒审计工具初探(上) https://mp.weixin.qq.com/s/gklKcFRR5erB2rdjr3BTUQ
君哥的体历 jungedetili 终端安全运营年度笔记 https://mp.weixin.qq.com/s/cHYu7Ayni5mkjWpn6_XrwA
七夜安全博客 qiye_safe 无文件执行:一切皆是shellcode (上) https://mp.weixin.qq.com/s/Bv0xebGKaJ2GGwntKGq2NQ
奇安信威胁情报中心 网空威胁情报(CTI)日益成熟:2020年SANSCTI调查结果解读 https://mp.weixin.qq.com/s/ERakfCjEjW_UfViz9KoxFQ
PaperWeekly paperweekly 文本分类和序列标注“深度”实践 https://mp.weixin.qq.com/s/afO58DDDZGb5w_EEG8oW6Q
爱奇艺技术产品团队 iQIYI-TP 爱奇艺在日志实时数据监控的探索与实践 https://mp.weixin.qq.com/s/wal_BVdp8yunXXPFpUy-gw
湛卢工作室 xuehao_studio DIY , 树莓派搭载kali Linux https://mp.weixin.qq.com/s/aOWEheNMxIYTBalDErSuMQ
工业菜园 gycy-2019 菜农观点 , 陆宝华:关于智慧城市安全的讨论 https://mp.weixin.qq.com/s/1-xpgttndYIXGkyspTIp1w
哈工大SCIR HIT_SCIR 赛尔笔记 , 机器阅读理解简述 https://mp.weixin.qq.com/s/Rm1uFunX9IRQaL_rUAZxfQ
银河安全实验室 Galaxy-Lab 尝试利用Cython将Python项目转化为单个.so https://mp.weixin.qq.com/s/YRKY7FgLFw-w4QIlrNd-FA
云众可信 yunzhongkexin 原创干货 , Java代码审计之跨站脚本攻击 https://mp.weixin.qq.com/s/lQNixguOJahjM-AXvPoHqQ
青衣十三楼飞花堂 burp pro 2020.2 https://mp.weixin.qq.com/s/WXdEvc0p04KjyOlmb4qtRg
永安在线反欺诈 YongAnOnline 业务安全蓝军测评标准白皮书 https://mp.weixin.qq.com/s/23fcilR_XhrGLWSaKv21zA
小议安全 xiaoyianquan 零信任架构远程办公实战 https://mp.weixin.qq.com/s/Kgm0wuPeQHX7fJoUondz4Q
安天 Antiylab 安天对“超高能力网空威胁行为体”系列分析回顾 https://mp.weixin.qq.com/s/N0LxStDpc6GyzpyszYnguQ
heysec bloodzer007 完成一次渗透测试项目 https://mp.weixin.qq.com/s/39wB8zLvda13p-sJytRa5w
Tide安全团队 TideSec 远控免杀专题(30)-Python加载shellcode免杀-8种方式(VT免杀率10-69) https://mp.weixin.qq.com/s/HyBSqrF_kl2ARaCYAMefgA
Ms08067安全实验室 Ms08067_com Mr.Robot靶机 - 机器人先生 https://mp.weixin.qq.com/s/-0EhntZSXvu4-xYQ89sPeQ
物联网IOT安全 IOTsafety Cobalt Strike|从入门到入狱 https://mp.weixin.qq.com/s/WAqgHn0DrXerEeow131w4Q
大潘点点 dapandiandian 网安产业结构和动力分析——从合规型向能力型 https://mp.weixin.qq.com/s/V6P-6X_fnw_kvHWMxtqwLg
SecWiki SecWiki 2020 Google夏日编程之安全项目列表 https://mp.weixin.qq.com/s/Gf937RjTpA0QsT2DJFQRqQ

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
lirantal Awesome Node.js Security resources https://github.com/lirantal/awesome-nodejs-security#static-code-analysis https://github.com/snyksec 🥑 Developer Advocate @snyksec , @nodejs Security WG , @jsheroes ambassador , Author of Essential Node.js Security , #opensource #web ❤ Tel Aviv, Israel @snyk 240 0 695 621 271 JavaScript 2600 108
unamer 之前被用于 WizardOpium APT 攻击行动的 CVE-2019-1458 Windows LPE 漏洞的 Exploit https://github.com/unamer/CVE-2019-1458 http://127.0.0.1/phpMyAdmin <script>alert(Hello world)</script> C:\Windows\ None 39 0 35 499 4 Python,C,C++ 748 359
moonbingbing OpenResty 最佳实践 https://github.com/moonbingbing/openresty-best-practices None None 360 30 0 49 465 5 Python,Lua,C,Perl 2900 726
woj-ciech LeakLooker X - 数据库/源码泄漏监控工具 https://github.com/woj-ciech/LeakLooker-X None None None 15 0 0 306 0 Python,Go,JavaScript,CSS 1100 227
alphaSeclab DBI(Dynamic Binary Instrumentation:动态二进制插桩)逆向有关的资源收集 https://github.com/alphaSeclab/DBI-Stuff None None None 17 0 38 288 0 1600 264
Leezj9671 渗透测试和安全面试的经验之谈 https://github.com/Leezj9671/Pentest_Interview http://neversec.top 2018 newly graduated student. Web pentester/Python coder. 公众号: NeverSec Shenzhen,CN None 45 0 95 178 0 Python,JavaScript,Dockerfile 891 207
dayt0n 64-bit iOS boot image patcher written in C https://github.com/dayt0n/kairos http://dayt0n.com 19. iOS and OS X tinkerer. Computer Science at UAH. United States None 37 0 43 132 47 Python,C,Shell,C++ 23 7
euphrat1ca security_w1k1: 安全相关资源列表 https://github.com/euphrat1ca/security_w1k1 None Thousands Times polar None 79 0 498 120 40 Python,Go,Ruby 343 119
ChanChiChoi 人脸识别相关的 Papers 收集 - Awesome Face Recognition https://github.com/ChanChiChoi/awesome-Face_Recognition http://www.cnblogs.com/shouhuxianjian/ China None 21 0 184 110 51 Python,Jupyter 1800 495
zsdlove Hades - 静态代码脆弱性检测系统 https://github.com/zsdlove/Hades None None None 126 0 193 62 16 Python,Java,Smali 163 41
mike-goodwin owasp-threat-dragon-desktop: 威胁建模工具 https://github.com/mike-goodwin/owasp-threat-dragon-desktop https://github.com/OWASP UK @OWASP 24 0 1 54 1 Shell,JavaScript,HTML,CSS 398 88
EddieIvan01 iox: 端口转发 & 内网代理工具 https://github.com/EddieIvan01/iox/blob/master/docs/README_CN.md http://iv4n.cc/ 127.0.0.1 None 36 0 55 51 16 Go,Python,Scheme 115 23
CTF-MissFeng bayonet: SRC资产管理系统 https://github.com/CTF-MissFeng/bayonet None None None 3 0 57 46 0 Python 443 87
ATpiu asset-scan: 甲方企业的外网资产周期性扫描监控系统 https://github.com/ATpiu/asset-scan None Penetration Test/Gopher/App Sec/ICS Sec None None 100 0 292 28 119 Go,Python 40 6
threat-hunting Awesome Threat Detection and Hunting library https://github.com/threat-hunting/awesome_Threat-Hunting None Sweden None 42 0 5 25 16 JavaScript,Java 228 46
ody5sey Voyager: 安全工具集合平台 https://github.com/ody5sey/Voyager None None None 3 0 1 21 0 Python,HTML 147 61
GuoKerS 基于协程的CVE-2020-0796快速检测脚本 https://github.com/GuoKerS/aioScan_CVE-2020-0796 https://o0o0.club 好好学习,天天向上。 Guang Xi None 43 0 281 15 41 Python,C#,HTML,PowerShell 10 5
qianxiao996 CTF-Tools: 一款Python+Pyqt写的CTF编解码工具 https://github.com/qianxiao996/CTF-Tools http://blog.qianxiao996.cn 博客:blog.qianxiao996.cn None None 35 0 193 13 4 Python,C#,HTML 15 8
open-source-rs The-Cyber-Intelligence-Analyst-Cookbook https://github.com/open-source-rs/The-Cyber-Intelligence-Analyst-Cookbook None None None 8 0 0 13 2 Python,PHP 34 7
renzu0 nw-tips: Win内网_域控安全 https://github.com/renzu0/nw-tips None None None 31 0 2 12 2 Python,TypeScript 3 2
onSec-fr 基于 HTTP 协议的异步反弹 Shell https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell None Cybersecurity Enthusiast. None None 4 0 7 12 1 C#,Shell,PowerShell 78 20
aforensics HiddenVM — Use any desktop OS without leaving a trace. https://github.com/aforensics/HiddenVM None None None 1 0 0 9 0 Shell 836 31
karkason PyWinSandbox - Python 实现的将进程放到 Sandbox 环境运行的工具 https://github.com/karkason/pywinsandbox None None None 3 0 19 6 7 Python,C++ 61 3
Equationliu ImageNet 图像分类对抗攻击 No.3 solution https://github.com/Equationliu/Attack-ImageNet None None None 9 0 19 4 1 Python 2 1
pyppeteer pyppeteer2 - 用于控制 Headless Chrome 的 puppeteer 的 Python 移植版 https://github.com/pyppeteer/pyppeteer2 None None None None 0 0 0 0 0 Python 0 0
nowsecure NowSecure 开源的基于 Frida 的 API Trace 工具 https://github.com/nowsecure/frida-trace None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,Smarty,Dockerfile,CSS 541 112
microsoft Memory Tagging 技术的安全性分析,来自 MSRC https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20memory%20tagging.pdf None None None None 0 0 0 0 0 C,TypeScript,Jupyter,C#,JavaScript,C++,Python,Go,CMake,Swift 0 0
hardenedlinux srcinv: source code audit tool 代码审计工具 https://github.com/hardenedlinux/srcinv None None None None 0 0 0 0 0 HTML,C,Shell,Assembly,Roff,C++,Nix,Zeek,Go 243 56
google FuzzBench - Fuzzer benchmarking as a service https://github.com/google/FuzzBench None None None None 0 0 0 0 0 C,Shell,Java,Python,Kotlin,JavaScript,C++,TypeScript,HTML,Go,Rust 0 0
NVISO-BE Windows OS Hardening with PowerShell DSC https://github.com/NVISO-BE/posh-dsc-windowsserver-hardening None None None None 0 0 0 0 0 Python,Shell,JavaScript,PowerShell,C++ 0 0
LennyLeng SOC_Sankey_Generator: 从SOC日志中进行数据ETL与数据可视化的工具 https://github.com/LennyLeng/SOC_Sankey_Generator None None None None 0 0 0 0 0 None 0 0

medium 推荐

title url
Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image) http://medium.com/@asdqwedev/remote-image-upload-leads-to-rce-inject-malicious-code-to-php-gd-image-90e1e8b2aada
OWASP 中提到的最严重的 API 漏洞类型 - BOLA (Broken Object Level Authorization) 是怎么回事儿 http://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2
滥用 hostPath 挂载逃逸 Kubernetes Namespace http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fkubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216
Avast 安全浏览器可以被滥用 NTFS Hardlink 特性实现本地提权 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fsidechannel.tempestsi.com%2Fvulnerability-in-avast-secure-browser-enables-escalation-of-privileges-on-windows-eb770d196c45%3F
php博客平台Typecho代码执行漏洞详细分析 http://medium.com/@knownsec404team/analysis-of-typecho-front-end-getshell-vulnerability-4c1ce43eaeaa

知乎 推荐

title url
谈谈蜜罐(调研)与内网安全 https://zhuanlan.zhihu.com/p/110886405

论坛 推荐

title url
Django CVE-2020-9402 Geo SQL注入分析 https://xz.aliyun.com/t/7403

论坛 推荐

title url
smbghost(CVE-2020-0796)漏洞POC汇总及简单分析 https://xz.aliyun.com/t/7440
使用AFL挖掘libxml2 https://xz.aliyun.com/t/7400
Django CVE-2020-9402 Geo SQL注入分析 https://xz.aliyun.com/t/7403
Bug Bounty:绕过Google域检测 https://xz.aliyun.com/t/7384
基于tomcat的内存 Webshell 无文件攻击技术 https://xz.aliyun.com/t/7388
Cobalt Strike折腾踩坑填坑记录 https://xz.aliyun.com/t/7375
使用 Dom Clobbering 扩展 XSS https://xz.aliyun.com/t/7329
从0到1的虚拟机逃逸三部曲 https://xz.aliyun.com/t/7345
初探利用angr进行漏洞挖掘(下) https://xz.aliyun.com/t/7275
初探利用angr进行漏洞挖掘(上) https://xz.aliyun.com/t/7274

日更新程序

python update_daily.py