Skip to content

Latest commit

 

History

History
156 lines (136 loc) · 20.5 KB

README_202004.md

File metadata and controls

156 lines (136 loc) · 20.5 KB

202004 信息源与信息类型占比

202004-信息源占比-secwiki

202004-信息源占比-xuanwu

202004-最喜欢语言占比

微信公众号 推荐

nickname_english weixin_no title url
安全喷子 2019年网络安全报告精选 https://mp.weixin.qq.com/s/YCSuRXhiFYGaE-f3_C8l5A
DJ的札记 DJ_notes 相信技术的力量 - RSAC 2020 (2) https://mp.weixin.qq.com/s/C_qQtuisG0NVcwad4y0BqQ
网信防务 CyberDefense COVID-19攻击手段与数据分析 https://mp.weixin.qq.com/s/C_BN96qI9Wb96KcyqXb4_Q
网信中国 cacweixin 网络安全审查办法 https://mp.weixin.qq.com/s/nAjbLxdDnflhc_89y0e01Q
安全狗 safedog2013 在网络安全领域应用机器学习的困难和对策 https://mp.weixin.qq.com/s/j7vuiAWz6kY4ePsjb5EtDw
安全学术圈 secquan 在注册时检测社交网络中的虚假账户—以Wechat为例 https://mp.weixin.qq.com/s/DYYvjF6Rx1Xg7PVB80EKKA
人工智能架构 基于大数据的Uber数据实时监控(Part 1:Spark机器学习) https://mp.weixin.qq.com/s/mr-007pdIzOXPDaAUha1Ww
caoz的梦呓 caozsay 谈谈工作和学习中,所谓的主动性 https://mp.weixin.qq.com/s/qB9phQwF8NulwSGINQz3yA
ADLab v_adlab 启明星辰ADLab:渗透利器Cobalt Strike在野利用情况专题分析 https://mp.weixin.qq.com/s/Agr3doBvYMK6Bs0tH6urcw
谛听ditecting 2019年工业控制网络安全态势白皮书 https://mp.weixin.qq.com/s/phcpafQnNBnyQ10FOcSriQ
百度安全应急响应中心 baidu_sec 构建企业级研发安全编码规范 https://mp.weixin.qq.com/s/PNvCvV4gYJkfIsKJ1ccneA
SecWiki SecWiki [Sec-Trans-5] Subdomain Takeover: Thoughts on Risks https://mp.weixin.qq.com/s/fn3_2kC6ljUL3ac1Mhuh1A
黑金笔谈 heijinbitan Windows域环境及域渗透知识分享 https://mp.weixin.qq.com/s/gvDzKFIsdhtkOKRANscEJA
雷神众测 thorsrc 近源渗透测试之USBninja实战 https://mp.weixin.qq.com/s/qCA-6zXbwpj8nyn5791zfg
白帽汇 baimaohui888 打“怪”升级的靶场——Vulfocus https://mp.weixin.qq.com/s/ArDDWYuc1A64qUzeyPRzZA
安全研究与实践 secsky001 体系化的WAF安全运营实践 https://mp.weixin.qq.com/s/BiH23k7xAeuwb5wwaOEKVw
七夜安全博客 qiye_safe Python RASP 工程化:一次入侵的思考 https://mp.weixin.qq.com/s/icWaHsC6dzlclxfLhvQjYA
qz安全情报分析 lookvul 关于防守方封IP的一些想法 https://mp.weixin.qq.com/s/pgaTlc8LoUvH7RtgeKCBrg
VIPKID安全响应中心 vk_src 【技术分享】基于数据流的越权检测 https://mp.weixin.qq.com/s/FC6ROeMAdGUxkjVjFd914A
中国警察网 zgjcwcpd 公安部公布十起侵犯公民个人信息违法犯罪典型案件 https://mp.weixin.qq.com/s/3P4zEOepOxBETOcvBYhpDA
中国白客联盟 China_Baiker 渗透中的后门利用 https://mp.weixin.qq.com/s/EfzSC979qQqXxXLZsV9LpA
vessial的安全Trash Can vx_security 移动基带安全研究系列文章之概念与系统篇 https://mp.weixin.qq.com/s/YYicKHHZuI4Hgyw25AvFsQ
VMware中国研发中心 vmwarechinard 使用FATE进行图片识别的深度神经网络联邦学习 https://mp.weixin.qq.com/s/wlB8Hz4nTgz9zEP3OEQDAQ
美团安全应急响应中心 复杂风控场景下,如何打造一款高效的规则引擎 https://mp.weixin.qq.com/s/m4jFHUP3JYF9Z8TUxi9UIg
中睿天下 zorelworld 干货,一次对钓鱼邮件攻击者的溯源分析 https://mp.weixin.qq.com/s/-v7-M05Qyob5Rpzm_9lPQQ
腾讯安全智能 TX_Security_AI 基于SOC机器学习检测平台的行为分析建模---HTTP隐蔽通信检测 https://mp.weixin.qq.com/s/ggFbaQvn8yUJOFi_-DPNOw
腾讯安全应急响应中心 tsrc_team 网络层绕过IDS/IPS的一些探索 https://mp.weixin.qq.com/s/QJeW7K-KThYHggWtJ-Fh3w
绿盟科技研究通讯 nsfocus_research Provenance Mining:终端溯源数据挖掘与威胁狩猎 https://mp.weixin.qq.com/s/Te7c3HvCcxX3ci9HTn8lEQ
永安在线反欺诈 YongAnOnline 永安在线 , 生鲜电商拉新场景业务安全测评报告 https://mp.weixin.qq.com/s/oiSYOA-BDn9fUnb7EhO2vA
信息通信技术与政策 caict_dsc APT供应链攻击防护应对分析及意义 https://mp.weixin.qq.com/s/qGMRjCeIyHSHk_aXI8Fxbg
中国信息安全 chinainfosec 专题·原创 , 国际网络安全应急响应体系介绍 https://mp.weixin.qq.com/s/1_cJGTpH4dU780K6qngkjQ
404 Not F0und 我对安全与NLP的实践和思考 https://mp.weixin.qq.com/s/_q5s1fHc0DB3feSd4gQZyw
ChaMd5安全团队 chamd5sec Midnight Sun CTF 2020 WriteUp https://mp.weixin.qq.com/s/KF0vLJdRAzcgqMaI1izwUA
漏洞战争 vulwar 关于Adobe PDF 0day的故事 https://mp.weixin.qq.com/s/fx8MQ8ZMhZHwrruigLFbGA
锦行信息安全 jeeseensec 浅析HTTP走私攻击 https://mp.weixin.qq.com/s/IMZrvJGQjcLBZS74kMWRnA
腾讯御见威胁情报中心 Donot team 组织(APT-C-35)移动端攻击活动分析​ https://mp.weixin.qq.com/s/3j5yh8R1D8r9AxKV2qSMKA
网安国际 inforsec 【InForSec通讯】安全漏洞报告的差异性测量 , Usenix Security2019 https://mp.weixin.qq.com/s/h6xLJyqybGASORugqsvmgg
小议安全 xiaoyianquan 零信任架构实战系列:干掉密码,无密码化方案落地 https://mp.weixin.qq.com/s/xs-xybNs6Ha6_-Qr_EE-qw
君哥的体历 jungedetili 秦波:大型互联网应用安全SDL体系建设实践 https://mp.weixin.qq.com/s/STBzFf-NtfbDEA5s9RBdaw
关注安全技术 heresecurity 常见的web容器后门笔记 https://mp.weixin.qq.com/s/-cmM1k3--H6p1ditfQHPEw
云众可信 yunzhongkexin 原创干货 , 对某大型企业的一次web漏洞挖掘过程 https://mp.weixin.qq.com/s/GuJgbLfJobTcJ2FMii3IzA
heysec bloodzer007 工具推荐系列 - sigcheck文件签名检测 https://mp.weixin.qq.com/s/4oFtOAT-mRYrOuxBIe4XLA
Tide安全团队 TideSec 【应急响应】恶意代码分析静态分析初级篇 https://mp.weixin.qq.com/s/uVcnAPgTlnB3rIfacgi-9g
Ms08067安全实验室 Ms08067_com 六种bypass安全软件防护执行的方式 https://mp.weixin.qq.com/s/sfxJbyJMB6FyGfa6H0G3hA
360CERT CERT-360 “震网”三代和二代漏洞技术分析报告 https://mp.weixin.qq.com/s/qc25c_nuUax6UoknAVLrAw
大路咨询 daluzixun 中国工业网络安全厂商综合能力概览(2020年第1期) https://mp.weixin.qq.com/s/6i17MV8T3rou8j0rY-ZbIQ
国防科技要闻 CDSTIC 2021财年DARPA预算概况及发展动向解析 https://mp.weixin.qq.com/s/yEsrMmI0BpvllXaf3TBWkw

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
thelinuxchoice 恶意Android apk生成器GetDroid v1.3发布(反向Shell),请注意分析和防范。 https://github.com/thelinuxchoice/getdroid http://twitter.com/linux_choice Twitter: @linux_choice None None 112 0 38 4200 5 Python,Shell,HTML 1600 626
vanhauser-thc 为 libfuzzer 生成一个直观的 HTML 格式的覆盖率报告 https://github.com/vanhauser-thc/libfuzzer-coverage// https://www.mh-sec.de/ Security researcher since 1994 https://www.mh-sec.de/ https://www.thc.org/ https://twitter.com/hackerschoice Berlin The Hackers Choice , mh-sec , me , myself 27 0 64 932 22 C,Shell,HTML,Python,C++,Batchfile 3700 1000
tandasat 在 Hyper-V 环境中测试 UEFI https://github.com/tandasat/MiniVisorPkg/blob/master/Docs/Testing_UEFI_on_Hyper-V.md http://standa-note.blogspot.ca/ Engineer @standa_t Vancouver, Canada None 58 0 19 668 3 C,C++ 777 245
qazbnm456 awesome-web-security: List of Web Security materials and resources https://github.com/qazbnm456/awesome-web-security https://www.patreon.com/boik https://www.boik.com.tw/ Taiwan None 109 0 1100 550 20 Python,JavaScript 4700 907
djhohnstein SharpChromium - 用于从 Chromium 系列浏览器中获取 Cookie、访问历史、网站登录凭据等敏感信息的工具 https://github.com/djhohnstein/SharpChromium https://github.com/specterops Operator at SpecterOps. Kali Contributor. Seattle, WA @specterops 123 0 10 288 6 C#,VBScript,C++ 104 23
haidragon haidragon/KiwiVM-1: virtualization encryption software for mobile applications https://github.com/haidragon/KiwiVM-1 http://weibo.com/haidragon QQ交流群 : 826038086 中国 北京 None 1200 0 57 227 532 C,JavaScript,C++ 87 31
Wenzel awesome-virtualization: Collection of resources about Virtualization https://github.com/Wenzel/awesome-virtualization None Security Researcher , VMI hypervisor-level debugger Paris, France None 110 0 363 192 104 Python,Ruby,Rust 517 103
citronneur rdp-rs: Remote Desktop Protocol in RUST https://github.com/citronneur/rdp-rs https://github.com/airbus-cert Toulouse, France @airbus-cert 24 0 284 159 102 Python,C#,JavaScript,Rust 1200 305
wcventure MemLock: Memory Usage Guided Fuzzing https://github.com/wcventure/MemLock-Fuzz https://wcventure.github.io/ Computer Software and Theory, Software Engineering, Machine Learning, Formal Method, Program Analysis, Software Verification, Cyber Security. Shenzhen, Guangdong Province, China, 518060 Shenzhen University 15 0 98 138 14 Python,C,Batchfile 244 36
gobysec Goby新一代安全测试工具 https://github.com/gobysec/Goby http://gobies.org Goby - Make Cybersecurity More Effective The new generation of network security technology None Goby 7 0 1 128 0 Python,Go 73 9
brompwnie A HTTP PoC Endpoint for cve-2020-5260 https://github.com/brompwnie/cve-2020-5260/ https://twitter.com/brompwnie Keyboard wrangler ⌨️ None None 29 0 16 91 169 Go,Shell 269 25
NoorQureshi Kali Linux 渗透测试手册 https://github.com/NoorQureshi/kali-linux-cheatsheet https://github.com/RocketChat #Hackers Are Real, Monsters are real too. They live inside us, and sometimes, They Win. None @RocketChat 187 0 106 81 37 Python,Shell 288 116
DimitriFourny macOS/iOS CVE-2019-6207 内核信息泄漏的 PoC 代码 https://github.com/DimitriFourny/cve-2019-6207 https://dimitrifourny.github.io French security researcher. None None 17 0 70 69 6 Python,C,C++ 62 13
bohops GhostBuild - MSBuild launchers for various GhostPack/.NET projects https://github.com/bohops/GhostBuild http://bohops.com None None 9 0 31 59 2 Python,PowerShell 105 17
smodnix This challenge is Inon Shkedys 31 days API Security Tips. https://github.com/smodnix/31-days-of-API-Security-Tips https://smodnix.codes Experienced in Web related technologies and interested in security aspects as well. None None 30 0 450 58 582 801 106
pventuzelo WARF - WebAssembly Runtimes Fuzzing project https://github.com/pventuzelo/wasm_runtimes_fuzzing https://webassembly-security.com/ Independent Security Researcher, Trainer of WebAssembly & Rust Security, mainly focused on Fuzzing, Vulnerability Research, Reversing & Binary analysis Paris, France Independent Security Researcher 40 0 254 53 55 Python,WebAssembly,JavaScript,HTML,Rust 230 38
vavkamil Damn Vulnerable WordPress - 用于研究 Wordpress 漏洞的一个项目 https://github.com/vavkamil/dvwp https://vavkamil.cz Czechia None 13 0 1100 51 22 Python,PHP,TSQL 56 9
nafod nafod 公开了自己 VMware UHCI ZDI-19-421 漏洞的 Exploit https://github.com/nafod/advent-vmpwn// None None None 15 0 117 44 24 C,JavaScript 5 1
0xricksanchez HITB 2020 Lockdown 会议 《Fuzz 文件系统的实现》议题的代码与 PPT https://github.com/0xricksanchez/fs-fuzzer http://0x434b.dev Trying to advance in the areas of IT-Sec, reversing and hacking. Also doing administrative jobs @ www.0x00sec.org @0xricksanchez None 14 0 395 44 46 Python,Shell,CSS 10 4
assafmo joincap: Merge multiple pcap files together, gracefully. https://github.com/assafmo/joincap https://github.com/enigmampc Israel @enigmampc 25 0 270 35 18 Go,JavaScript 140 12
Qftm Handbook of information collection for penetration testing and src https://github.com/Qftm/Information_Collection_Handbook https://qftm.github.io/ CTFer,Pentester,BugBountyHunter,Security Researcher,Mobile Security and Development Internet None 7 0 53 35 35 Python,HTML,JavaScript,PHP,C++ 254 56
yusufqk SystemToken: Steal privileged token to obtain SYSTEM shell https://github.com/yusufqk/SystemToken None Twitter: @ZupOctopus None None 5 0 6 26 37 Python,C,JavaScript 112 24
S1lkys XAMPP 本地提权漏洞分析(CVE-2020-11107) https://github.com/S1lkys/CVE-2020-11107/ None None None 27 0 1 23 0 Python,Shell 12 3
yardenshafir KernelDataStructureFinder - 在内核 lookaside 链表中搜索数据结构的工具 https://github.com/yardenshafir/KernelDataStructureFinder None None None 5 0 2 22 0 C,C++ 40 20
mrlnc 禁用LTE网络安全性-商业网络中的配置错误安全研究分享。 https://github.com/mrlnc/LTE-ciphercheck None Research Assistant & PhD student. Mobile Network Security at Ruhr-Universität Bochum. Bochum, Germany Ruhr-Universität Bochum 15 0 26 18 30 C++ 36 13
xscorp pingfisher: A ping detection tool for linux https://github.com/xscorp/pingfisher None I am a computer science noob who loves programming and cyber security stuff. I believe in self learning and hard work rather than miracles :-) None None 10 0 3 13 0 Python,PHP,Hack 18 2
chrivers 三星SSD固件文件解密工具Samsung Firmware Magic发布 https://github.com/chrivers/samsung-firmware-magic http://christianiversenit.dk Denmark Iversen IT 23 0 15 13 6 Python,HTML,Smarty 135 20
chompie1337 有研究员公开了一个三星 S8 手机利用 CVE-2019-2215 漏洞 Bypass DAC + SELinux + Knox/RKP 保护机制的完整 Exploit https://github.com/chompie1337/s8_2019_2215_poc None None None 1 0 1 7 0 C 28 10
afilipovich 用于 Google Safe Browsing API 交互的 Python 库 https://github.com/afilipovich/gglsbl None Olomouc None 10 0 31 7 4 Python,JavaScript 66 30
Tera0017 APT组织TA505所使用的SDBbot RAT解包工具发布,支持x86和x64 https://github.com/Tera0017/SDBbot-Unpacker None I dont get it. None None 3 0 0 6 0 Python 38 4
Martyx00 Assistant plugin for vulnerability research https://github.com/Martyx00/VulnFanatic None None None 4 0 2 5 0 Python,Objective-C,Shell 26 4
weizman WhatsApp Desktop 0.3.9309 之前版本 XSS 漏洞分析 https://github.com/weizman/CVE-2019-18426 http://www.weizmangal.com javascript expert and web security enthusiastic :) Israel https://www.perimeterx.com 8 0 3 4 1 JavaScript 5 1
zj1244 beholder:一款监控端口变化的系统 https://github.com/zj1244/beholder_scanner None None 10 0 60 3 3 Python,C,HTML,Java 6 5
sibears 用于修改 IDA HexRays AST 的工具 https://github.com/sibears/HRAST None None None None 0 0 0 0 0 Python,JavaScript,HTML,CSS 0 0
seemoo-lab Frankenstein - 用于为无线设备固件提供模拟执行和 Fuzz 环境的框架 https://github.com/seemoo-lab/frankenstein/ None None None None 0 0 0 0 0 C,Shell,Jupyter,Python,JavaScript,TeX,Objective-C,HTML,MATLAB,Java 4100 296
mitre-attack Joystick :transform the ATT&CK Evaluations data into concise views https://github.com/mitre-attack/joystick None None None None 0 0 0 0 0 TypeScript,HTML,Python,JavaScript,Zeek,PowerShell 0 0
fofapro 基于 Docker 镜像的漏洞靶场平台 https://github.com/fofapro/vulfocus None None None None 0 0 0 0 0 C,Vue,Java,Python,Go,CSS 169 19
ffffffff0x Dork-Admin: 盘点近年来的数据泄露、供应链污染事件 https://github.com/ffffffff0x/Dork-Admin None None None None 0 0 0 0 0 HTML,Java 0 0
appsecco Attacking and Auditing Docker Containers and Kubernetes Clusters https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes-clusters None None None None 0 0 0 0 0 Shell,Java,Python,JavaScript,C#,Visual,HTML,ActionScript,PHP,CSS 540 150
aind-containers AinD: Android (Anbox) in Docker,在 Docker 中运行 Android apps https://github.com/aind-containers/aind None None None None 0 0 0 0 0 Dockerfile 0 0
ail-project AIL framework - Analysis Information Leak framework https://github.com/ail-project/ail-framework None None None None 0 0 0 0 0 Python 6 0
QAX-A-Team sharpwmi: 基于RPC的横向移动工具 https://github.com/QAX-A-Team/sharpwmi None None None None 0 0 0 0 0 C,Shell,Java,C#,C++,Python,Go,PowerShell 0 0
CERT-Polska DRAKVUF - Hypervisor 层面的恶意软件自动化分析系统 https://github.com/CERT-Polska/drakvuf-sandbox None None None None 0 0 0 0 0 C,Java,Python,JavaScript,C++,PHP 189 35

medium 推荐

title url
安全策略(CSP)绕过技术内容介绍。 http://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
Windows 本地提权相关的技术总结 http://medium.com/bugbountywriteup/privilege-escalation-in-windows-380bee3a2842?source=rss----7b722bfd1b8d---4
Build your first LLVM Obfuscator http://medium.com/@polarply/build-your-first-llvm-obfuscator-80d16583392b
写给入门者的 Web RCE 漏洞利用案例分析 http://medium.com/bugbountywriteup/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311?source=rss----7b722bfd1b8d---4
CVE-2020-0796 Windows SMBv3 LPE漏洞 POC详细分析 http://medium.com/@knownsec404team/cve-2020-0796-windows-smbv3-lpe-exploit-poc-analysis-c77569124c87

medium 推荐

title url
Lateral Movement: PowerShell Remoting https://medium.com/@subhammisra45/lateral-movement-powershell-remoting-89da402a9885
Everything You Need to Know About IDOR https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
CATBERT — Detecting malicious emails with a bleeding-edge... https://medium.com/@sophos.ai/detecting-malicious-emails-with-a-bleeding-edge-neural-language-model-355b366d8940

知乎 推荐

title url
从Google内部安全架构设计看威胁情报与威胁狩猎的应用场景 https://zhuanlan.zhihu.com/p/129064940

论坛 推荐

title url
短信身份验证的安全风险 https://xz.aliyun.com/t/7638
一次Reverse出题手记 https://xz.aliyun.com/t/7619
记一次对PUBG外挂病毒的反制过程 https://xz.aliyun.com/t/7626
红队测评技巧:对公司发起OSINT https://xz.aliyun.com/t/7610
waf-bypass学习 https://xz.aliyun.com/t/7578
详述一次拿shell后的单机信息搜集和贯穿整个内网的大型横向渗... https://xz.aliyun.com/t/7538
百家cms代码审计 https://xz.aliyun.com/t/7542
CVE-2020-0796 SMB漏洞本地提权分析 https://xz.aliyun.com/t/7550
浅析接口安全之WebService https://xz.aliyun.com/t/7541
从0到1认识DNS重绑定攻击 https://xz.aliyun.com/t/7495
记一次360众测仿真实战靶场考核WP https://xz.aliyun.com/t/7547

日更新程序

python update_daily.py