Skip to content

Latest commit

 

History

History
162 lines (140 loc) · 20.1 KB

README_202012.md

File metadata and controls

162 lines (140 loc) · 20.1 KB

202012 信息源与信息类型占比

202012-信息源占比-secwiki

202012-信息源占比-xuanwu

202012-最喜欢语言占比

学习视频 推荐

title url
2020 南京大学 “操作系统:设计与实现” https://www.bilibili.com/video/BV1N741177F5
计算机系统研究的一些体会 https://www.bilibili.com/video/BV1Ap4y167w3?p=1

微信公众号 推荐

nickname_english weixin_no title url
网安志异 KnewSec 沙虫 https://mp.weixin.qq.com/s/eBTXxLn4NFvLq-nmAAXgyg
枫林晚安全 galesec JAVA安全编码 https://mp.weixin.qq.com/s/p0SZN87PilFHUmENas6QEg
有价值炮灰 worthy_dust 安全研究员的自我修养 https://mp.weixin.qq.com/s/BuHQSLLeJ-EMhQSqFLgDgg
字节跳动安全中心 TouTiaoSec 字节跳动安全团队开源自研HIDS——AgentSmith-HIDS https://mp.weixin.qq.com/s/sAh_VH5zTuxHRFawYMvuOw
京麒 jqanquan 数据安全建设实践系列——数据资产平台建设 https://mp.weixin.qq.com/s/oofMyBaS7EMnUMy61Y-5MQ
漏洞战争 vulwar 聊聊漏洞自动修复技术的行业现状 https://mp.weixin.qq.com/s/xgwdhBSvE7yW0YcekGEWjA
数学人生 gh_ea2ff522308b 复杂网络中的节点相似性 https://mp.weixin.qq.com/s/EGpjUVdjJlEjYbdbjbpR7A
锦行信息安全 jeeseensec 安全技术 , 一次众测实战sql注入绕过 https://mp.weixin.qq.com/s/9BXMK4mVNKqQiBRkkiEJWg
网络空间安全科学与技术 gh_d54d2c7cabd7 2020年综述性论文合辑(上) https://mp.weixin.qq.com/s/e-3rSS2F7lVV9SMMnoqylQ
爱奇艺安全应急响应中心 iqiyi_71src 爱奇艺SOAR探索与实践 https://mp.weixin.qq.com/s/ovJKGWusN2kgxQ_4GkQ8QA
开源情报研究所 OSINTR 【技巧】如何查找相关人的信息 https://mp.weixin.qq.com/s/yeuMivJaizmAQAHL1poHTw
安全分析与研究 MalwareAnalysis 聊聊APT的溯源分析 https://mp.weixin.qq.com/s/hSnOYoC71z_HIU4PVf4tmw
威胁棱镜 THREAT_PRISM 发现并提取 Cobalt Strike 的配置信息 https://mp.weixin.qq.com/s/-jajjhu-6KVQvaZoh59Wuw
奇安信威胁情报中心 gh_166784eae33e 软件供应链来源攻击分析报告 https://mp.weixin.qq.com/s/ypKn7uanv7oSDc4h8zvmgQ
国网浙江信通公司 gh_12020d981693 鲸蓝计划丨溯源反制基本思路与实战 https://mp.weixin.qq.com/s/axNXFgyaD-5WSIkPwjkPrQ
国家网络威胁情报共享开放平台 CNTIC2017 cybereason:Molerats组织滥用云服务的攻击活动分析 https://mp.weixin.qq.com/s/iWYr18hSLBBL4Y1-hAmEeg
vivo千镜安全实验室 gh_54ff3f871510 你需要知道Fortify的使用 https://mp.weixin.qq.com/s/VUg92RSsZRpGPWaPKBWPNQ
b1ngz的笔记本 gh_70bda0a9ced0 自动化安全工具平台 - 架构笔记 https://mp.weixin.qq.com/s/OMhS9yFlcpI9KOQduSxq9g
360技术 qihoo_tech 用DNS进行网络度量和安全分析 https://mp.weixin.qq.com/s/L_wDNJtznQvrCyx1Kd1SlQ
公安部网安局 gh_e406f4bcdf34 公安机关网安部门打击网络黑产犯罪工作取得显著成效 https://mp.weixin.qq.com/s/h53qn-2vODsakiCxf9CvXQ
陌陌安全 MomoSecurity 陌陌数据安全探索与实践 https://mp.weixin.qq.com/s/yGLrdlpSmEe5ChiVn4b8Kg
落水轩 gh_c10ee4802699 吐槽国内对SolarWinds事件的分析 https://mp.weixin.qq.com/s/ytm62hJ59XIDi-QRlZTfEg
看雪学院 ikanxue Go恶意样本分析 https://mp.weixin.qq.com/s/22HqoBW-eVSf1Fzw7fxoFw
电驭叛客 gh_141164bf887e 我的应用安全方法论:路在脚下 https://mp.weixin.qq.com/s/atfMoXjxccUfrZbFsULiRg
懒人在思考 lazy-thought 简单聊聊网络空间测绘纵横之道 https://mp.weixin.qq.com/s/aBvptjz9gzxG_lPBY8ECVA
qz安全情报分析 lookvul SolarWinds事件八卦解读 https://mp.weixin.qq.com/s/aWZ0mrapJTpHwL0nBnGhmg
pirogue p1r06u3 越权扫描器碎碎念 https://mp.weixin.qq.com/s/yMpAiue7OT1I8E3C5Dkngw
CodeWisdom gh_2395906a410f 技术分享, 基于静态依赖分析的安卓GUI自动化探测方法 https://mp.weixin.qq.com/s/YQDxUqo_ufjt3cuDNOUfwQ
360威胁情报中心 CoreSec360 落鹰行动-史上影响力最大的供应链攻击行动揭秘 https://mp.weixin.qq.com/s/lh7y_KHUxag_-pcFBC7d0Q
360Quake空间测绘 gh_0284fd4851e7 利用JARM指纹进行TLS服务端标记 https://mp.weixin.qq.com/s/CTBO22SuQft1dBoHv2WRQg
中国信息安全 chinainfosec 盘点 , 各国数据隐私与保护情况 https://mp.weixin.qq.com/s/B061CcZsJKavNEj_ggkRLQ
潇湘信安 xxxasec 黑吃黑Getshell到提权实战案例 https://mp.weixin.qq.com/s/Hr-ybKz2CbG4yyTpww23rA
ATLAS Academy atlas-cyber-academy 2020网络安全大事记 - 监管判例篇 https://mp.weixin.qq.com/s/60-O9GGYPNZZW6KVvY_c8w
青藤实验室 gh_151a64925040 SharePoint Rce 系列分析(一) https://mp.weixin.qq.com/s/FfHc8TFUs_4H8JHWbYv3FQ
大超的记事本 Dachao_Dachao 数据安全怎么做——静态敏感数据治理 https://mp.weixin.qq.com/s/AejcWwJWxZWHf9dDRfVWPA
深信服千里目安全实验室 Further_eye 【组件攻击链】Spring全家桶各类RCE漏洞浅析 https://mp.weixin.qq.com/s/gfCtSJoefYLjJpaksbKLrQ
数说安全 SSAQ2016 中国网络安全公司资本关系图谱 V2.0 https://mp.weixin.qq.com/s/cv8z0791TLrVG2HYKY1pdg
我需要的是坚持 MyPersistence2020 从FireEye的泄露看红队的差距 https://mp.weixin.qq.com/s/K2W-hgCUFOzgxrhF6U1s1A
微步在线研究响应中心 gh_c108d4d389bf 30行代码搞定Monero活跃节点探测 https://mp.weixin.qq.com/s/omsTd3q5tOkknfK35tXGXg
安天 Antiylab FireEye红队工具失窃事件分析和思考 https://mp.weixin.qq.com/s/fkH9TZKOcWb_Ttvl-VlA4w
奇安信ATEAM gh_266190cebfff 从 CVE-2020-17144 看实战环境的漏洞武器化 https://mp.weixin.qq.com/s/nVtE-OFoO076x6T0147AMw
奇安信 CERT gh_64040028303e 中间件内存马注入&冰蝎连接(附更改部分代码) https://mp.weixin.qq.com/s/eI-50-_W89eN8tsKi-5j4g
天地和兴 bjtdhxkj 针对以色列水利/水务基础设施的网络攻击回顾 https://mp.weixin.qq.com/s/XvPf_irbpZF6B0-fnn1OBA
ChaMd5安全团队 chamd5sec RoarCTF-WriteUp https://mp.weixin.qq.com/s/Ipy-PCnxQWlctQk1oI9arw
情报分析师 qingbaofenxishi 【原创】手机app数据画像分析技战法 https://mp.weixin.qq.com/s/FdOeOC6JZE5a0r328nmtew
SecOps急行军 SecOpsWithU 红蓝对抗中的溯源反制实战 https://mp.weixin.qq.com/s/Dswz7lxNpW5yLxmWKtqY6Q
酒仙桥六号部队 anfu-360 玩转graphQL https://mp.weixin.qq.com/s/gp2jGrLPllsh5xn7vn9BwQ
绿盟科技研究通讯 nsfocus_research 【云原生攻防研究 】针对AWS Lambda的运行时攻击 https://mp.weixin.qq.com/s/duF1Z0EDC3n_G378Aq_XYA
安小记 AnSecNote MITRE ATT&CK基本概念 https://mp.weixin.qq.com/s/yOJNWazCeGKKMR8titj3cg
IRT工业安全红队 ICSRedTeam 基于Codesys工控软PLC环境 https://mp.weixin.qq.com/s/28BgVoIt7Naij84HEDqtFQ

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
ze0r Windows Win32k CVE-2020-17057 漏洞 PoC https://github.com/ze0r/cve-2020-17057// None None None 49 0 0 0 0 PowerShell,C++ 127 60
wcventure FuzzingPaper: Recent Fuzzing Paper https://github.com/wcventure/FuzzingPaper https://wcventure.github.io/ I am a Ph.D. student at Shenzhen University. My research interest is in the area of Cyber Security(SEC), Programming Language(PL), and Software Engineering(SE). Shenzhen, Guangdong Province, China, 518060 Shenzhen University 12 0 0 0 0 Python,C 684 117
tech-srl Neural Reverse Engineering of Stripped Binaries using Augmented Control Flow Graphs(Paper) https://github.com/tech-srl/Nero None None None None 0 0 0 0 0 C,Assembly,Python,JavaScript,C#,Java,Jupyter 0 0
tacnetsol IOT Exploitation Ghidra Scripts https://github.com/tacnetsol/ghidra_scripts None None None None 0 0 0 0 0 Python 0 0
susam UNIX命令语言(1976)资源。 https://github.com/susam/tucl https://susam.in/ None None 29 0 0 0 0 Python,C,JavaScript,Makefile,CSS 1500 66
sophos-ai SOREL-20M: Sophos-ReversingLabs 20 million sample dataset https://github.com/sophos-ai/SOREL-20M None None None None 0 0 0 0 0 YARA,Jupyter,Scala,Python,C++,CSS 0 0
sleirsgoevy PS4 6.72 版本固件的越狱利用代码 https://github.com/sleirsgoevy/ps4jb None None None 38 0 0 0 0 Python,C,JavaScript 379 107
seemoo-lab ToothPicker - 针对 Apple 蓝牙协议栈的 Fuzzing 测试 https://github.com/seemoo-lab/toothpicker None None None None 0 0 0 0 0 C,Shell,Jupyter,Python,Swift,JavaScript,C++,Objective-C,MATLAB,Kotlin,Java,Ruby 4600 333
rtcatc 一款针对Webpack等前端打包工具所构造的网站进行快速、高效安全检测的扫描工具 https://github.com/rtcatc/Packer-Fuzzer https://www.hackinn.com 嗷呜 NJI123%2MR% ç(-é$ùé&ù$$$éùù =$m$=$ None None 16 0 0 0 0 Python 535 60
r3nhat GRAT2 C2 - 支持 DNS Listener,HTTPS Listener https://github.com/r3nhat/GRAT2 https://medium.com/@r3n_hat Cyber Security Addicted. OSCE, OSCP, OSWP, eCPTX, eWPTX, CRTE, PACES, CEH Certified. None None 7 0 0 0 0 C#,Shell 211 52
r0eXpeR 红队中易被攻击的一些重点系统漏洞整理 https://github.com/r0eXpeR/redteam_vul None Unomi@棱角 China,ShangHai None 4 0 0 0 0 657 96
opencve opencve: CVE Alerting Platform https://github.com/opencve/opencve None None None None 0 0 0 0 0 Python 0 0
mytechnotalent Reverse Engineering For Everyone! https://github.com/mytechnotalent/Reverse-Engineering-Tutorial http://mytechnotalent.com Senior Software Engineer in Test Washington, DC BluVector, A Comcast Company 67 0 0 0 0 Python,C,Zeek,C++ 2500 181
kevoreilly CAPEv2: Malware Configuration And Payload Extraction https://github.com/kevoreilly/CAPEv2 https://twitter.com/CapeSandbox CAPE developer None None 8 0 0 0 0 Python,C 318 90
jfmaes SharpZipRunner - 利用 D/Invokes 在内存中解密 ZIP 加密压缩的 bin 并提取 Shellcode 执行 https://github.com/jfmaes/SharpZipRunner None None None 27 0 0 0 0 C#,Python,C++ 118 17
google Atheris: A Coverage-Guided, Native Python Fuzzer,用于 Fuzz Python 代码的工具 https://github.com/google/atheris None None None None 0 0 0 0 0 C,TypeScript,Java,Python,Kotlin,JavaScript,C++,Dart,Crystal,HTML,Starlark,Go 0 0
ggerganov Keytap2 - 通过机器学习训练键盘击键声音,通过侧信道的方式实现 Keylogger ggerganov/kbd-audio#31 https://github.com/viewray-inc Sofia, Bulgaria @viewray-inc 34 0 0 0 0 HTML,C++ 3100 277
fireeye Speakeasy - FireEye 开源的用于模拟执行 Windows 用户态、内核态恶意软件的工具 https://github.com/fireeye/speakeasy None None None None 0 0 0 0 0 C,Vue,Python,JavaScript,C++,C#,TypeScript,Go,PowerShell 0 0
fanglingsu Vimb- 一款Vim的web浏览器项目 https://github.com/fanglingsu/vimb https://fanglingsu.github.io/ Jena, Germany None 9 0 0 0 0 C,Shell 911 82
dwisiswant0 apkleaks: Scanning APK file for URIs, endpoints & secrets https://github.com/dwisiswant0/apkleaks https://github.com/kitabisa /lost+found Indonesia @kitabisa 257 0 0 0 0 Go,Python,Shell 908 124
dushixiang Next Terminal:由Golang与React语言开发的一款HTML5的远程桌面网关终端项目,支持RDP、SSH、VNC和Telnet协议的连接和管理。 https://github.com/dushixiang/next-terminal https://www.typesafe.cn beijing None 3 0 0 0 0 Go,JavaScript 490 43
ddzy 前端开发者学习资源。 https://github.com/ddzy/fe-necessary-book https://yyge.top Working Neusoft FE 87 0 0 0 0 TypeScript,JavaScript 1200 176
d4rk-d4nph3 勒索软件相关的报告收集 https://github.com/d4rk-d4nph3/Ransomware-Reports https://twitter.com/bh4b3sh Turing Complete CVE-2020-9000+ NT AUTHORITY\SYSTEM 25 0 0 0 0 C#,Python,Shell 31 6
chriskaliX AD-Pentest-Notes: 用于记录内网渗透(域渗透)学习 https://github.com/chriskaliX/AD-Pentest-Notes https://github.com/Acmesec Astray Fin @Acmesec 10 0 0 0 0 Python,Go 318 25
charles2gan 一款全新的 Android 反编译工具,支持 APK、DEX、ODEX、OAT、JAR、AAR、CLASS 文件格式的反编译 https://github.com/charles2gan/GDA-android-reversing-Tool https://www.zhihu.com/people/gjden Leader of a Research Team, Senior security researcher. Malware Analysis, Vulnerability Analysis, Threat Intelligence etc. None adlab 25 0 0 0 0 Python,Makefile,Java,Ruby,C 1100 152
certego PcapMonkey - 用于分析 pcap 网络数据包并从中检测威胁的工具 https://github.com/certego/PcapMonkey None None None None 0 0 0 0 0 C,Zeek,Java,Python,Dockerfile,JavaScript,Perl,Shell,Go,PHP,Ruby,PowerShell 0 0
bsauce Linux 内核多个漏洞的 Exploit 与 Writeup https://github.com/bsauce/kernel_exploit_factory// https://www.jianshu.com/u/a12c5b882be2 2nd year Ph.D. student majoring in binary analysis. None None 25 0 0 0 0 Python,C 156 23
beurtschipper Depix - 从截屏马赛克处理后的图片中还原原始密码 https://github.com/beurtschipper/Depix https://www.graa.nl/ None None 26 0 0 0 0 Python,C 5300 262
TralahM Go语言黑帽子系列教程资源。 https://github.com/TralahM/blackhat-go https://github.com/tralahtek Math & C.S Major, Programmer(Lisp, Python), Data scientist, Cloud Solutions Architect, Sys Integration, Devops. Writer & Scholar, Pan-African. Nairobi, KE @tralahtek 100 1 0 0 0 Go,Python,Shell,Common 13 6
T0pCyber HAWK 工具项目。该工具为安全人员快速分析收集数据工具。 https://github.com/T0pCyber/hawk https://twitter.com/T0p_Cyber Microsoft Cyber Security Consultant Cloud Forensics Wake Forest NC None 3 0 0 0 0 PowerShell 203 42
ShiHuang-ESec EHole: (棱洞)-红队重点攻击系统指纹探测工具 https://github.com/ShiHuang-ESec/EHole None None None 2 0 0 0 0 113 17
SafeGroceryStore MDAT - 综合数据库攻击利用工具 https://github.com/SafeGroceryStore/MDAT None None None None 0 0 0 0 0 Java 0 0
PaloAltoNetworks Palo Alto 安全团队的公开 Papers 与会议 PPT https://github.com/PaloAltoNetworks/research-notes None None None None 0 0 0 0 0 C,TypeScript,Python,JavaScript,Shell,HTML,Go,PowerShell,HCL 182 87
MythicAgents A Visual Studio Code Extension agent for Mythic C2 https://github.com/MythicAgents/venus None None None None 0 0 0 0 0 Python,C 0 0
LandGrey domainNamePredictor: 公司域名使用规律预测及生成工具 https://github.com/LandGrey/domainNamePredictor https://landgrey.me I learn cyber sec Shanghai None 18 0 0 0 0 Python,Java,Classic 1600 415
LIJI32 SnatchBox - macOS 沙箱逃逸漏洞的分析(CVE-2020-27935) https://github.com/LIJI32/SnatchBox None I fiddle with macOS, iOS, and Nintendo consoles. Israel None 21 0 0 0 0 Python,C,Assembly,Objective-C 657 91
KasperskyLab TinyCheck - 卡巴斯基开源的智能手机流量劫持工具 https://github.com/KasperskyLab/TinyCheck None None None None 0 0 0 0 0 C,Shell,Java,Python,Kotlin,C++,C#,PHP 0 0
D3VI5H4 ANTIVURUS ARTIFACTS - 有研究员对杀软检测及其 Hook 点的分析 https://github.com/D3VI5H4/Antivirus-Artifacts/blob/main/ANTIVURUS_ARTIFACTS.pdf https://twitter.com/devisharochlani ICAI , Malware , OSINT , INFJ , NERD @AXI4L , None None 1 0 0 0 0 23 7
Ch1ngg WebLogicPasswordDecryptor - 解密 WebLogic 密文 https://github.com/Ch1ngg/WebLogicPasswordDecryptorUi https://www.ch1ng.com/ no no 24 0 0 0 0 Python,C#,ASP,Java 118 21
AdaLogics Software security paper list https://github.com/AdaLogics/software-security-paper-list https://adalogics.com We do advanced software security. Oxford, UK Ada Logics 3 0 0 0 0 Python 41 5
2freeman POC 会议议题 《Three Dark clouds over the Android kernel》 https://github.com/2freeman/Slides/blob/main/PoC-2020-Three%20Dark%20clouds%20over%20the%20Android%20kernel.pdf None None None 1 0 0 0 0 7 1

medium 推荐

title url
利用数据分析与展示的方法研究 Windows RPC 的安全性 http://medium.com/threat-hunters-forge/extending-the-exploration-and-analysis-of-windows-rpc-methods-calling-other-functions-with-ghidra-e4cdaa9555bd
利用 Windows 的 Native 二进制程序实现数据的向外渗透 http://debugactiveprocess.medium.com/data-exfiltration-with-lolbins-20e5e9c1ed8e
使用Dexcalibur和JEB逆向工具分析Android恶意软件。 http://link.medium.com/YFOeWtKMecb
Attacking Unattended Installs on macOS http://medium.com/tenable-techblog/attacking-unattended-installs-on-macos-dfc1f57984e0
How I Found The Facebook Messenger Leaking Access Token Of Million Users http://medium.com/bugbountywriteup/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3
iOS 内核的地址随机化(ASLR)分析 http://medium.com/@bellis1000/aslr-the-ios-kernel-how-virtual-address-spaces-are-randomised-d76d14dc7ebb
Exploiting SIGRed (CVE-2020–1350) on Windows Server 2012/2016/2019 http://datafarm-cybersecurity.medium.com/exploiting-sigred-cve-2020-1350-on-windows-server-2012-2016-2019-80dd88594228
勒索软件的体系结构研究(1/2) http://medium.com/bugbountywriteup/architecture-of-a-ransomware-1-2-1b9fee757fcb
使用开放网络进行MITM WiFi攻击测试。 http://medium.com/bugbountywriteup/mitm-wifi-attacks-using-open-networks-7c0cc283524c?source=rss----7b722bfd1b8d---4

medium 推荐

title url
Mapping ATT&CK Data Sources to Security Events via OSSEM https://medium.com/threat-hunters-forge/mapping-att-ck-data-sources-to-security-events-via-ossem-%EF%B8%8F-b606d99e738c

知乎 推荐

title url
浅谈安全运营平台中数据分析交互逻辑的设计 https://zhuanlan.zhihu.com/p/339629476
网络空间测绘技术之:协议识别(RDP篇) https://zhuanlan.zhihu.com/p/336936793

论坛 推荐

title url
细说APT之Rootkit自我保护 https://xz.aliyun.com/t/8675
SQL注入渗透PostgreSQL(bypass tricks) https://xz.aliyun.com/t/8621
从mimikatz学Windows本地hash抓取 https://xz.aliyun.com/t/8601
云安全威胁检测项 https://help.aliyun.com/document_detail/191144.html
内网技巧-RDP劫持及利用hash登录 https://xz.aliyun.com/t/8574
As-Exploits: 中国蚁剑后渗透框架 https://xz.aliyun.com/t/8591

日更新程序

python update_daily.py