Skip to content

Latest commit

 

History

History
211 lines (193 loc) · 32.3 KB

README_202110.md

File metadata and controls

211 lines (193 loc) · 32.3 KB

202110 信息源与信息类型占比

202110-信息源占比-secwiki

202110-信息源占比-xuanwu

202110-最喜欢语言占比

政策 推荐

title url
《互联网用户账号名称信息管理规定(征求意见稿)》 http://www.cac.gov.cn/2021-10/26/c_1636843202454310.htm
工业和信息化领域数据安全管理办法(试行)(征求意见稿) https://wap.miit.gov.cn/gzcy/yjzj/art/2021/art_dcb6cc8d9f5c414eabd7070871996525.html

微信公众号 推荐

nickname_english weixin_no title url
无害实验室sec WUHAISEC 【安卓】基于frida的一键脱壳+反编译 https://mp.weixin.qq.com/s?__biz=MzkwMTE4NDM5NA==&mid=2247485161&idx=1&sn=f3d7e0ef751430dbbeb85ee1070fe449
云计算和网络安全技术实践 gh_34d6b0cb5633 开源漏洞靶场vulfocus的实践(一) https://mp.weixin.qq.com/s?__biz=MzA3MjM5MDc2Nw==&mid=2650746611&idx=1&sn=92057edcc2a2be77c2e8735abe708d89
雾晓安全 gh_79582f17fd5a 最新BurpSuit2021.9.1破解版 https://mp.weixin.qq.com/s?__biz=Mzg2NDM2MTE5Mw==&mid=2247485774&idx=2&sn=88b9cf073656a5a61af002399a97b16d
电子物证 ewuzheng 【认识Nginx集群方式 】 https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651040332&idx=2&sn=9412948281504030ea0b01f0c789c85a
南街老友 gh_f9a38b1d58f0 案例|轻松绕过你的Nginx(上篇) https://mp.weixin.qq.com/s?__biz=MzA5OTA0MTU4Mg==&mid=2247485520&idx=1&sn=516f882b14a995c120ce72795e5f4fb9
默安逐日实验室 gh_995a1a9f25b5 VMware vCenter漏洞分析(二) https://mp.weixin.qq.com/s?__biz=MzkxMjI3MDgwOA==&mid=2247483876&idx=1&sn=dfbaf4eeb812e9b699e915c57abb2cae
跟着石头学安全 gh_bdb076c55582 Writeup-Five86-1 https://mp.weixin.qq.com/s?__biz=MzkxNTIxOTkzMQ==&mid=2247484289&idx=1&sn=f614b8a08980d3b1215f5d0e369f8c24
安全威胁情报 Threatbook 警惕!这种新型免杀木马未来可能会在攻防对抗中广泛使用 https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650170293&idx=1&sn=4c7af7aae4642f0ec14aabd5ace0385d
黑战士 heizhanshi1 SRC漏洞挖掘-从零到1的历程记录 https://mp.weixin.qq.com/s?__biz=MzUxMzQ2NTM2Nw==&mid=2247487377&idx=1&sn=4b02e359ad0b83dffbea09bf8a207879
绿盟科技研究通讯 nsfocus_research 区块链隐私保护技术解析——之门罗币(monero) https://mp.weixin.qq.com/s/rVVzAzbKWzPvczHTuyWehg
渗透测试教程 bzhack Linux清除记录的常见方式 https://mp.weixin.qq.com/s?__biz=MzI3OTIwNDkzNQ==&mid=2651836271&idx=1&sn=ff3e83db1944d0d742f57b0d495a8847
我的安全视界观 CANI_Security 漫谈在安全公司做内部安全的体验 https://mp.weixin.qq.com/s/UnLZE9HwJAc_uYTO5BXGww
弥天安全实验室 gh_41292c8e5379 HVV以假乱真之制作PHP伪装JSP蜜罐 https://mp.weixin.qq.com/s?__biz=MzU2NDgzOTQzNw==&mid=2247487743&idx=1&sn=0180c8f51e3eb76fbe84c5bed71a58dd
安恒威胁情报中心 gh_e0f7c5e21306 Evilnum组织近期网络资产扩充及大规模攻击活动 https://mp.weixin.qq.com/s?__biz=MzI1MDU5NjYwNg==&mid=2247492291&idx=1&sn=14784956d2b4dac1e58b48c26f26912f
威努特工控安全 winicssec_bj 防火墙ALG技术之DNS协议穿墙术 https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651079554&idx=1&sn=4f875f0dbe4a86ce5009bde32d2f6dbb
凌驭空间 OVERSPACE_TEAM 小试牛刀 , 记录一次对Confluence插件的破解 https://mp.weixin.qq.com/s?__biz=MzkxNjI3MjI2OA==&mid=2247483687&idx=1&sn=8d1e1dd188bf0b703e7334e0d5954f21
腾讯科恩实验室 KeenSecurityLab KeenLab Tech Talk(二), 浅谈React框架的XSS及后利用 https://mp.weixin.qq.com/s/1AU2TEePckzSWpHyuEGGJQ
知识工场 fudankw 原创成果丨HacRED:面向复杂样本的关系抽取数据集 https://mp.weixin.qq.com/s/x0aIQEPFaRScPP3mEl_mRw
漏洞推送 gh_d45bcadf18d7 Linux抓取Root明文密码 https://mp.weixin.qq.com/s?__biz=MzU5MTExMjYwMA==&mid=2247485228&idx=1&sn=2178f55d2775e2eacbebad6ca41d0157
漏洞战争 vulwar 洞察与思考Fuzzing技术发展趋势 https://mp.weixin.qq.com/s/ofGIYXc8IYErg8SK3Q-PNw
安全族 None JAVA反序列化漏洞分析 https://mp.weixin.qq.com/s?__biz=Mzg2NjU0MjA0Ng==&mid=2247485335&idx=1&sn=e46a2a101198369df43b039446300c07
RedCode Team RedCodetm 浅谈PHP预定义接口对代码审计的重要性 https://mp.weixin.qq.com/s?__biz=Mzg5MjY3MTk2Mw==&mid=2247484038&idx=1&sn=ead8dafde203287f7e290c1100b40a46
青衣十三楼飞花堂 gh_9feb5a276a2a 《Win10网络共享故障排查表单》与SMB漏洞八卦 https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247484861&idx=1&sn=799067f14cca000af3151c78e161e0af
锋刃科技 ahfengren Linux入侵应急响应一般流程与思路 https://mp.weixin.qq.com/s?__biz=MzUxMjc0MTE3Mw==&mid=2247486763&idx=1&sn=5d3691ae935c8ee9643c6fe1f50b7765
释然IT杂谈 ShiRan_IT 【干货】华为防火墙配置命令大全,带案例,相当详细的! https://mp.weixin.qq.com/s?__biz=MzIxMTEyOTM2Ng==&mid=2247496001&idx=1&sn=5751340c607b1ca297475cefc2afab4a
贝塔安全实验室 BetaSecLab CTFd动态靶机搭建笔记 https://mp.weixin.qq.com/s?__biz=Mzg4MzA4Nzg4Ng==&mid=2247494550&idx=1&sn=7b79d822cd8c63df6a0fc4a44c9ec7ab
宽字节安全 gh_2de2b9f7d076 一次域渗透测试过程 https://mp.weixin.qq.com/s?__biz=MzUzNTEyMTE0Mw==&mid=2247485511&idx=1&sn=087e7f37e9044fdf103a1064aedee0f2
信息安全与通信保密杂志社 cismag2013 网络空间资产探测关键技术研究 https://mp.weixin.qq.com/s/95iJLqZN3Ll1a3kcU60dbA
阿里云应急响应 gh_12f3517e40de 【漏洞分析】Oracle MySQL JDBC XXE漏洞(CVE-2021-2471) https://mp.weixin.qq.com/s/erIFMiPNB2XSBJSqXyxuKg
橘子杀手 gh_8c63a14284df SecMap - JWT https://mp.weixin.qq.com/s?__biz=MzI3OTE4MTU5Mw==&mid=2247485114&idx=1&sn=ab06ddc79872fcb67e3786157b7dafc7
星阑科技 StarCrossCN 【技术干货】Black Hat USA2021上CVE-2020-6537的分析 https://mp.weixin.qq.com/s/mdMlS1Dk8k0-A1DqpitG_A
三叶草小组Syclover gh_962842f4917b APIHook DLL注入实现代码钩取 https://mp.weixin.qq.com/s?__biz=MzIzOTg0NjYzNg==&mid=2247486013&idx=1&sn=57282e93a7cc72e598ecdb8b5f9cded6
Docker中文社区 dockerchina 一文详解 Kubernetes 的自动化部署实践 https://mp.weixin.qq.com/s?__biz=MzI1NzI5NDM4Mw==&mid=2247488003&idx=1&sn=996fbb2c562d6a875a48c00ce1cfaf33
虎符智库 TT_Thinktank 起底国家级APT组织:OilRig (APT-Q-53) https://mp.weixin.qq.com/s?__biz=MzIwNjYwMTMyNQ==&mid=2247486648&idx=1&sn=bdbd5c7856ff70a8c3b386cb1c618ed5
网络安全应急技术国家工程实验室 NELCERT 重磅 , 超大规模的物联网僵尸网络:Pink https://mp.weixin.qq.com/s?__biz=MzUzNDYxOTA1NA==&mid=2247521827&idx=1&sn=ad1eaf53acf9c6a6be59813912f026ef
绿盟科技 NSFOCUS-weixin 超大规模的物联网僵尸网络:Pink https://mp.weixin.qq.com/s?__biz=MjM5ODYyMTM4MA==&mid=2650419099&idx=4&sn=2f56174fe701da1435bbe514b56d07fa
云剑侠心 yunjianxx 审计|通读审计之信呼OA(附原创漏洞) https://mp.weixin.qq.com/s?__biz=MzkzMzEwNzIzNQ==&mid=2247494274&idx=1&sn=f53fb79415f91350102692eadf86ff70
Linux学习 LoveLinux1024 一文搞懂 , Linux 中的各种栈(进程栈 线程栈 内核栈 中断栈) https://mp.weixin.qq.com/s?__biz=MzI4MDEwNzAzNg==&mid=2649455033&idx=2&sn=96f10aa1b2bbe74c9fac4cce91148628
黑白之道 i77169 获取Windows明文密码的小技巧 https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650524823&idx=2&sn=2894af340134762d85471eda66bf637e
鸿鹄实验室 gh_a2210090ba3f 利用S4u2self进行本地提权 https://mp.weixin.qq.com/s?__biz=MzU0MjUxNjgyOQ==&mid=2247488920&idx=1&sn=694f938ffa3655e7e7d7e0562d2eed3f
雷神众测 bounty_team 恶意样本分析精要及实践8-IDA使用(一) https://mp.weixin.qq.com/s?__biz=MzI0NzEwOTM0MA==&mid=2652494660&idx=1&sn=c24e767c27ea115e1a6a8c4b0bd0b655
腾讯安全威胁情报中心 gh_05a6c5ec3f78 Oracle WebLogic多个高危漏洞补丁公告,腾讯安全专家建议尽快升级修复 https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247499441&idx=1&sn=ca347841149c79790c173de24cb6ada4
白帽子飙车路 hack-by-txf Burpsuite插件编写指南-Java篇(3) https://mp.weixin.qq.com/s?__biz=MzI1ODI0MTczNQ==&mid=2247487991&idx=1&sn=996d03eb405aceb9eeb11893b215f344
微步在线研究响应中心 gh_c108d4d389bf 这种新型免杀木马未来可能会在攻防对抗中广泛使用,警惕! https://mp.weixin.qq.com/s?__biz=MzA5MDc1NDc1MQ==&mid=2247490062&idx=1&sn=4f68f1ed900ff2f2194dc9855e9bd4de
学蚁致用 sudo_i 从虚假的XSS到放弃RCE再到Self-RCE https://mp.weixin.qq.com/s?__biz=MzI0MDI5MTQ3OQ==&mid=2247484313&idx=1&sn=7d2470ac7d48d642fc244d2d34cd39f2
Coggle数据科学 gh_8df601c10cb4 竞赛总结:KDD Cup 2021 时序异常检测(附 Top1 至 Top7思路视频 ) https://mp.weixin.qq.com/s/Jf7ckFpP7pqubOBN7OkgTQ
运维帮 yunweibang 运维案例 , 一个DNS解析引发的“血案” https://mp.weixin.qq.com/s?__biz=MzA3MzYwNjQ3NA==&mid=2651300847&idx=1&sn=a02baf081344cda753e3d3d7eac7c3d9
知道创宇 knownsec 知道创宇云监测—ScanV MAX更新:Apache httpd、Jenkins、Kibana等13个漏洞可监测 https://mp.weixin.qq.com/s?__biz=MjM5NzA3Nzg2MA==&mid=2649855764&idx=2&sn=a232f625dacf428b9a92b2dcf4bd7c56
我不是Hacker gh_aaed037e2267 gunicorn 20.0.4 请求走私漏洞简析(含复现环境&Poc) https://mp.weixin.qq.com/s?__biz=MzkwNDI1NDUwMQ==&mid=2247484615&idx=1&sn=eaa7715853c1466b5a7526d592ab614b&chksm=c088818df7ff089b0a2b899efdc4a7fe740e084a052a95bd81c1d93147f087378b4c67d2e481&token=87928276&lang=zh_CN#rd
安全宇宙 knownsec818 【创宇小课堂】任意文件上传漏洞代码审计 https://mp.weixin.qq.com/s?__biz=MzAxMDc5NzYwNQ==&mid=2652409002&idx=1&sn=f5e617f3b93bbf0dd77dfd39b0219965
安全初心 securityheart 利用 RDP 协议搭建 Socks5 代理隧道 https://mp.weixin.qq.com/s?__biz=MzU4NzU4MDg0Mw==&mid=2247486580&idx=1&sn=81f86f205a8127e6ec33a56dc86c173f
代码卫士 codesafe Node.js 易受两个HTTP请求走私漏洞影响 https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247508413&idx=1&sn=0a9ef2abb46ffa5197f25a0be4c0f144
XG小刚 XG_WEB Linux提权-SUID提权 https://mp.weixin.qq.com/s?__biz=MzIwOTMzMzY0Ng==&mid=2247486395&idx=1&sn=a4b851fd413864ca17b0ece6755dbcff
面具与甲虫 gh_f524e5a0a1fb 供应链安全—组件漏洞和合规治理 https://mp.weixin.qq.com/s/VkwU_wOUKAhT0Ec7OZ5RBw
腾讯安全应急响应中心 tsrc_team 关于BGP安全那些事儿 https://mp.weixin.qq.com/s/rZunI6Uxyks2TbSarsqR8A
穿过丛林 gh_f90eac70537b 2021年实验室学术年会前瞻报告(三)万瑶:代码大数据驱动的智能化软件工程进展与趋势(PPT) https://mp.weixin.qq.com/s/DWoYb4gRmHCToUWgE0xtnA
白帽子社区 baimaoshequ CS-Shellcode分析(一) https://mp.weixin.qq.com/s?__biz=MzUyMTAyODYwNg==&mid=2247493778&idx=1&sn=d7b6b9a027413d8271ec1a069764147f
疯猫网络 iloscat PortSwigger之HTTP请求走私+OAuth认证实验记录 https://mp.weixin.qq.com/s?__biz=MzIyMzE5NTQ3Ng==&mid=2650621017&idx=1&sn=69bce4b80e1e21dde7065991363493e3
特大牛 ITtedaniu 2021年中国信创产业研究报告(90页全本) https://mp.weixin.qq.com/s/7-6d_IzuKr-1oFqvBEUBpQ
学安全在路上 gh_c40eb977b2c4 二进制免杀思路与实践 https://mp.weixin.qq.com/s?__biz=MzI3MjI0NDEzMg==&mid=2247484040&idx=1&sn=af6da01a3794c83e0bc7de3bad85aa78
leveryd gh_8d7f6ed4daff 如何伪装进程信息 https://mp.weixin.qq.com/s?__biz=MzkyMDIxMjE5MA==&mid=2247484551&idx=1&sn=244cb24f9161fe7e9b688cf8f39c71ba
i春秋 icqedu HTB靶场记录之Europa https://mp.weixin.qq.com/s?__biz=MzUzNTkyODI0OA==&mid=2247506370&idx=1&sn=b88f7f5c46961d50df5c0dc798f5462c
V安全资讯 v-safe-cn 渗透测试中的提权思路 https://mp.weixin.qq.com/s?__biz=MzI4MDQ1MzQ0NA==&mid=2247488162&idx=1&sn=881648d848aebdde394dcc0e8f0985a7
SecTr安全团队 gh_41aaad68661b MirrorBlast:TA505组织针对金融行业的恶意活动 https://mp.weixin.qq.com/s?__biz=Mzg3NDQzMDg0MQ==&mid=2247504754&idx=1&sn=d37e27303897368c40105ddd75f346d8
IT牧场 itmuch_com 面试 Java 被问 Linux 命令 su 和 sudo 的区别? https://mp.weixin.qq.com/s?__biz=MzI4ODQ3NjE2OA==&mid=2247495601&idx=1&sn=8d7ddb2dec906123cef027e0422c709e
鹏组安全 Kris_Alex2 靶机实战-vuluhub系列-vulnhub_DOUBLETROUBLE_1 https://mp.weixin.qq.com/s?__biz=Mzg5NDU3NDA3OQ==&mid=2247484436&idx=1&sn=31c0d76630644dbc610253715ed9f3cb
雁行安全团队 YX_Security JSP内存马研究 https://mp.weixin.qq.com/s/79x6cIoV1xdm6dmNQaps6g
赛博回忆录 cybermemory 端内钓鱼,反制蚁剑 https://mp.weixin.qq.com/s/WNv9nPWvKudwimtYTd1zDQ
渗透攻击红队 RedTeamHacker Windows 2008 GPP 组策略首选项漏洞利用 https://mp.weixin.qq.com/s?__biz=MzkxNDEwMDA4Mw==&mid=2247488749&idx=1&sn=2d05bea2ff1a6da6710cba9000c3e456
无级安全 wujisec Apache又暴露新洞!CVE-2021-40438,POC https://mp.weixin.qq.com/s?__biz=MzI0Nzc0NTcwOQ==&mid=2247485127&idx=1&sn=6a1b4bbf1f695989ff27a6bebd4a568d
天禧信安 txxa-385 Socks5代理隧道浅析 https://mp.weixin.qq.com/s?__biz=MzUyMTE0MDQ0OA==&mid=2247486190&idx=1&sn=dcb48b9cded8f627e252d3ed79bf1a8a
湛卢工作室 xuehao_studio WatchAD攻防实战 https://mp.weixin.qq.com/s/v1_AIRwD_SfwnAH218MNaA
深信服千里目安全实验室 Further_eye 【漏洞通告】Apache Tomcat拒绝服务漏洞CVE-2021-42340 https://mp.weixin.qq.com/s?__biz=MzI4NjE2NjgxMQ==&mid=2650256177&idx=2&sn=120dfbab6bebcf0e61a86f2780bb1e21
橘猫学安全 gh_af700ee13397 文件读取漏洞总结 https://mp.weixin.qq.com/s?__biz=Mzg5OTY2NjUxMw==&mid=2247484810&idx=2&sn=26dcaff602a7152f2e172dfca87208fb
ChaMd5安全团队 chamd5sec ChaMd5获得华硕致谢|路由器栈溢出漏洞分析 https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247497178&idx=1&sn=eb720455bb34c2f650997e5b656fdc2c
看雪学院 ikanxue 殊途同归的CVE-2012-0774 TrueType字体整数溢出漏洞分析 https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458397272&idx=1&sn=9c179559e63b86fd4d985957fdcf025c
渗透Xiao白帽 SuPejkj {Vulhub漏洞复现(二) Apereo CAS} https://mp.weixin.qq.com/s?__biz=MzI1NTM4ODIxMw==&mid=2247490205&idx=2&sn=4706b4746094e3266ba667a973ed9b44
安天 Antiylab 挖矿木马简要技术分析 https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650184360&idx=1&sn=4c7923f3b81957a74743f4e21e55ace9
威胁棱镜 THREAT_PRISM 深度追踪 Keksec 僵尸网络 https://mp.weixin.qq.com/s/xDCS2GTAIQOMuM6TFSdyYw
奇安信 CERT gh_64040028303e 【安全风险通告】Apache Tomcat 拒绝服务漏洞安全风险通告 https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247494904&idx=1&sn=1b14f7a89b15971aafeaf16cd57da7fb
乌雲安全 hackctf linux系统自动化应急响应工具 https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247499172&idx=1&sn=e6e04075058a4671cab40a445e3c69cc
Ots安全 AnQuan7 【渗透测试】我如何通过源代码泄漏访问许多 PII https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247493179&idx=1&sn=9fb7757765e8a0b4d8ff0ac2f6d5ebad
谢公子学安全 xie_sec 域渗透文章总结 https://mp.weixin.qq.com/s?__biz=MzI2NDQyNzg1OA==&mid=2247489464&idx=1&sn=51ef4cdc836cfe7926c7abed8df666ab
猪猪谈安全 zzt-anquan 工具 , Cobalt Strike基本使用 https://mp.weixin.qq.com/s?__biz=MzIyMDAwMjkzNg==&mid=2247496184&idx=1&sn=11be7a3d71f79401e9941760ef55f007
开源聚合网络空间安全研究院 OSPtech_Cyberspace 【必胜宝典】网安竞赛之Awd的小结 https://mp.weixin.qq.com/s?__biz=MzI4NTE4NDAyNA==&mid=2650389831&idx=1&sn=a8d5390f3357cbc757ad8c52e8d2ae81
山石网科安全技术研究院 HSN_LAB 2021鹤城杯|Reverse及MISC部分WP全 https://mp.weixin.qq.com/s?__biz=MzUzMDUxNTE1Mw==&mid=2247490038&idx=2&sn=f918ab9a73a7ef5793c3ac462f7cb3af
宸极实验室 ChenJiLab 『IOT』路由器漏洞挖掘之从0到0.1 https://mp.weixin.qq.com/s?__biz=Mzg4NTA0MzgxNQ==&mid=2247485086&idx=1&sn=52003a27408c8245041fc068c754a070
一个人的安全笔记 xjiek2015 [HTB] Luanne Writeup https://mp.weixin.qq.com/s/GHC0G6ZVTIt_pSYDHTC4pw
SecOps急行军 SecOpsWithU 2021中国网络安全产业分析报告解读 https://mp.weixin.qq.com/s/YgjVkukxQUTLBG1uRL-kEQ
HACK之道 hacklearn 实战,从XSS到远程代码执行 https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247495950&idx=1&sn=30189402068def607f3758269aa04a80
酒仙桥六号部队 anfu-360 记一次旁站渗透过程 https://mp.weixin.qq.com/s?__biz=MzAwMzYxNzc1OA==&mid=2247494537&idx=1&sn=b22a4ad9d5d6f9b9ec206b383e782120
祺印说信安 qiyinshuoxinan 使用以太网电缆创建无线信号从系统窃取数据 https://mp.weixin.qq.com/s?__biz=MzA5MzU5MzQzMA==&mid=2652090349&idx=2&sn=a6d1dc86a0b276ea8d6aeb8c037baafa
安恒信息应急响应中心 gh_1c2b41c1abc7 微软10月安全更新补丁和多个高危漏洞风险提示 https://mp.weixin.qq.com/s?__biz=MzUzOTE2OTM5Mg==&mid=2247486511&idx=1&sn=6578dfb567c58fd2270ec40765976b33
天融信阿尔法实验室 gh_0b0b1747bf15 天融信关于微软10月补丁日多个产品高危漏洞风险提示 https://mp.weixin.qq.com/s?__biz=Mzg3MDAzMDQxNw==&mid=2247490528&idx=1&sn=a12ae28165348d5e47e7c32c049f408c
哈拉少安全小队 gh_b273ce95df95 【反序列化漏洞】phar反序列化原理&实例分析 https://mp.weixin.qq.com/s?__biz=MzAxNzkyOTgxMw==&mid=2247487547&idx=1&sn=b29b696837c753d12ca64b529c640d9d
aFa攻防实验室 gzh_afagfsys jwt攻击 https://mp.weixin.qq.com/s?__biz=MzAxMjcxMjkyOA==&mid=2247485556&idx=1&sn=61fe8c7bf99ee0ea696731bd5502fb5b
SecIN技术平台 sec-in 原创 , 变量覆盖漏洞 https://mp.weixin.qq.com/s?__biz=MzI4Mzc0MTI0Mw==&mid=2247491391&idx=1&sn=4e5fd2b1cad9a261be345978566de106
高效运维 greatops Filebeat、Logstash、Rsyslog 各种姿势采集Nginx日志 https://mp.weixin.qq.com/s?__biz=MzA4Nzg5Nzc5OA==&mid=2651704583&idx=1&sn=ed2a71e8bbb4a0314d8329e135782d63
邑安全 EansecD GhostEmperor:通过利用内核以及ProxyLogon系列漏洞发起攻击(上) https://mp.weixin.qq.com/s?__biz=MzUyMzczNzUyNQ==&mid=2247508122&idx=3&sn=3ffc90acd82d4cee5fb086c3dd8cb205
网络侦查研究院 PCpolicesir dll注入&代码注入 学习总结 https://mp.weixin.qq.com/s?__biz=MzIxOTM2MDYwNg==&mid=2247507947&idx=2&sn=8f1018f75cce54688342ce51c1a9efb4
灼剑安全团队 Tsojan 漏洞复现|Struts2多版本漏洞复现 https://mp.weixin.qq.com/s?__biz=Mzg5OTY1ODMxMg==&mid=2247488388&idx=1&sn=89d1fc3f79fddcb05f54ed5f4351c5c0
潇湘信安 xxxasec 某锁/某神/某狗的计算机名认证绕过 https://mp.weixin.qq.com/s?__biz=Mzg4NTUwMzM1Ng==&mid=2247491997&idx=1&sn=752f87a9127b003feb2540317054627c
慢雾科技 SlowMist 天价手续费分析:我不是真土豪 https://mp.weixin.qq.com/s?__biz=MzU4ODQ3NTM2OA==&mid=2247492157&idx=1&sn=791e7d52dbb9704ceb22e809be388454&chksm=fdde9cbacaa915ac5ef8f3041c9fdcffb926aa7e3c0025a141fa8d20f1c5adde55f07e8d44ec&token=1743499466&lang=zh_CN#rd
小道安全 kdsafety APP加固攻防梳理 https://mp.weixin.qq.com/s?__biz=MzUxODkyODE0Mg==&mid=2247488481&idx=1&sn=86a5a35dff7438503bc5ea2ecc644364
娜璋AI安全之家 gh_91f1fe28fc6e [AI安全论文] 08.基于溯源图的APT攻击检测安全顶会论文总结 https://mp.weixin.qq.com/s/NosFWfRl9Mmqi2_QXUJNpw
合天网安实验室 hee_tian kerberos协议从0到1 https://mp.weixin.qq.com/s?__biz=MjM5MTYxNjQxOA==&mid=2652881770&idx=1&sn=349d9d5bf936a2f781c4146c9047ad72
互联网安全内参 anquanneican 警惕!挖矿木马盯上华为云,利用“配置错误”发动攻击 https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247499645&idx=1&sn=c33eb1ae0c8f1b59509e45e414436687
黑伞安全 hack_umbrella C2服务器隧道代理分析 https://mp.weixin.qq.com/s?__biz=MzU0MzkzOTYzOQ==&mid=2247486266&idx=1&sn=cf661e6fcde911643ed7a6e232d3c2f2
骨哥说事 guge_guge 寻找更多IDOR漏洞的几种方法 https://mp.weixin.qq.com/s?__biz=MjM5Mzc4MzUzMQ==&mid=2650254839&idx=1&sn=341703cc61bad431f1b6570678147710
盾山实验室 DunShanRR Karta:IDA源代码辅助插件 https://mp.weixin.qq.com/s?__biz=MzkzMjIwMDY4Nw==&mid=2247485581&idx=1&sn=78099296cef7643bea4a2da4584dba0e
火线Zone huoxian_zone Web漏洞挖掘指南 -SSRF服务器端请求伪造 https://mp.weixin.qq.com/s?__biz=MzI2NDQ5NTQzOQ==&mid=2247488968&idx=1&sn=72d78859f0f6d03c6872ba98fde3faf8
安全龙 safe443 安卓模拟器APP\微信小程序\HTTPS抓包教程 2021.10 https://mp.weixin.qq.com/s?__biz=MzIwMTI4NDk2NA==&mid=2247487531&idx=1&sn=b1b291fad8dd8fefb949014a46db953e
安全攻防团队 gh_983c1037a3f6 JAVA反序列化之C3P0不出网利用 https://mp.weixin.qq.com/s/KBog9XXz7Of93hAiV8Y7fQ
安全客 anquanbobao 【技术分享】深入 FTP 攻击 php-fpm 绕过 disable_functions https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649752958&idx=3&sn=beec4dce30e7a9d9ecb6e9e3fbea6d87
奇安信威胁情报中心 gh_166784eae33e Kimsuky武器库更新:利用新冠疫情为诱饵针对韩国地区的攻击活动分析 https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247497037&idx=1&sn=a3a7e4783e8b82a6b98653cb7965ac90
三六零CERT CERT-360 CVE-2021-42013: Apache HTTP Server 路径穿越漏洞通告 https://mp.weixin.qq.com/s?__biz=MzU5MjEzOTM3NA==&mid=2247490270&idx=1&sn=c7f3deb6f70a845cf8344b8d934c0738
web安全工具库 websec-tools Metasploit6.0系列教程 -- 爆破WordPress网站 https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247490690&idx=1&sn=bc809c8a6470d48d0246fefcda9b12e1
Tide安全团队 TideSec 【红蓝对抗】利用CS进行内网横向 https://mp.weixin.qq.com/s/tAsPmsinh0Q3fBEFUuCX3Q
Linux中国 linux-cn 在 Linux 上使用 jps 命令检查 Java 进程 , Linux 中国 https://mp.weixin.qq.com/s?__biz=MjM5NjQ4MjYwMQ==&mid=2664642134&idx=4&sn=b6f5b32ab817ca26c658f1a81fb2ca99
GoCN golangchina 「GoCN酷Go推荐」用户态和内核态通信的利器-netlink库 https://mp.weixin.qq.com/s?__biz=MzA4ODg0NDkzOA==&mid=2247493303&idx=1&sn=7c4522a676758c3160828a53c5d959fc
98KSec AKA-98KSec 浅析Ofbiz反序列化漏洞(CVE-2020-9496) https://mp.weixin.qq.com/s?__biz=Mzk0MTIxNzAyNw==&mid=2247483960&idx=1&sn=152320b737ddea7c1a29a5d3ba4dba83
默安玄甲实验室 gh_fb6fe2418513 小侃威胁情报(一) https://mp.weixin.qq.com/s/zY1cCM7ysYzLpn0_5B7K1w
黑云信息安全 heiyunxinxi 小白如何编写自己的POC和EXP,并实现批量刷洞 https://mp.weixin.qq.com/s?__biz=Mzg5OTYxMjk0Mw==&mid=2247484938&idx=2&sn=3036b836eb4779dcc2b7ed320cae35d4
觉学社 WakerGroup Rust生态安全漏洞总结系列 , Part 3 https://mp.weixin.qq.com/s/RsfEKl7FAGs2L9vXKC0rWQ
凌晨一点零三分 gh_f2274e37fc2b FreeRDP安全性思考 https://mp.weixin.qq.com/s/VQ5JwOPHSJKyGRWcA4v2Dg
云鼎实验室 YunDingLab 浅谈云上攻防--SSRF漏洞带来的新威胁 https://mp.weixin.qq.com/s/gMdorUjh5U_dJdGgRLPzNQ
维他命安全 VitaminSecurity 英国每日电讯报ES配置错误泄露10TB数据;研发团队修复Apache中路径遍历漏洞(CVE-2021-41773) https://mp.weixin.qq.com/s?__biz=MzUxMDQzNTMyNg==&mid=2247496855&idx=1&sn=c41fc6003a25191dd1fedd867891ff75
嘶吼专业版 Pro4hou 利用 LLVM 攻击 VMProtect 代码混淆(下) https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247529900&idx=2&sn=1b00eb4bb3bb1f54370100e315b7f25d
亿人安全 Yr-Sec 安卓逆向系列篇:安卓工具总结 https://mp.weixin.qq.com/s?__biz=Mzk0MTIzNTgzMQ==&mid=2247486838&idx=1&sn=ba9d163c36aa3a9211ef6e1ff0106346
且听安全 qtcyber 【最新漏洞预警】CVE-2021-41773-Apache HTTP Server 路径穿越漏洞快速分析与复现 https://mp.weixin.qq.com/s/XEnjVwb9I0GPG9RG-v7lHQ
LSCteam gh_d97c073d1479 伪造跨站请求 https://mp.weixin.qq.com/s?__biz=MzUyMjAyODU1NA==&mid=2247488574&idx=1&sn=6a035673ea88fdd87b9c9548d651df43
HACK学习呀 Hacker1961X 渗透技巧 , 关于csv文件在渗透中的妙用 https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247500548&idx=1&sn=0d7da61cc6f4bdf10d152cde5edb295a
进德修业行道 gh_ad128618f5e9 内网穿透之reGeorge https://mp.weixin.qq.com/s?__biz=Mzg5NTU2NjA1Mw==&mid=2247485850&idx=1&sn=cbd98536bc1a0da8faa643b1eb2e3b87
系统安全运维 Taurus-1314147 通过一道CTF学习HTTP协议请求走私 https://mp.weixin.qq.com/s?__biz=Mzk0NjE0NDc5OQ==&mid=2247492456&idx=1&sn=f52b2537ade82771fcd5beabcfccc20d
河南等级保护测评 hndjbh 设备安全指南:平台指南-Windows OS https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247484067&idx=1&sn=25a7cd3e2e6846727b3d3b1d1fd63fa2
数缘信安社区 gh_91e7eb722058 用故障注入和二进制分析对BootLoader实施攻击 https://mp.weixin.qq.com/s/okV-i5un6ewvbW70K7n8eQ
掌控安全EDU ZKAQEDU 文库|CTF密码学-加解密总结 https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247517916&idx=1&sn=e7ce8d938044bcd968760d5b0bf3a55e
天億网络安全 tywlaq 实战|内网穿透之多层代理 https://mp.weixin.qq.com/s?__biz=MzU4ODU1MzAyNg==&mid=2247497089&idx=1&sn=aac08b7ca24183c0adbaf3d41802958e
大余安全 dayuST123 HackTheBox-Linux-Book https://mp.weixin.qq.com/s?__biz=Mzg3MDMxMTg3OQ==&mid=2247496896&idx=1&sn=d8770ce626cee915f9fb47dc78c75b59
Top security Top_security Cobalt Strike4.0学习 https://mp.weixin.qq.com/s?__biz=Mzg3MDU0NjQyMg==&mid=2247486923&idx=1&sn=25799dce98c0d186eb90e03f9b76ee09
LemonSec lemon-sec PHP项目安全:使用PHP的访问限制 https://mp.weixin.qq.com/s?__biz=MzUyMTA0MjQ4NA==&mid=2247516711&idx=1&sn=091bf05174d6fae1f6be7a4d56e77f9d
Khan安全攻防实验室 KhanCJSH 红队笔记 - 域渗透攻击 https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247487724&idx=1&sn=2a49609025252db824e27aa3ca8ded4e
Hacking黑白红 Hacking012 【渗透技术系列】- 常见的WAF绕过方法 (从网络架构层、HTTP协议层、第三方应用层分析) https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247499368&idx=1&sn=7c5833312f68d8d21340a8535dfd8be2
安全行者老霍 gh_c2b78e839fd7 自动化入侵和攻击模拟(BAS): 降低成本和风险的革命已经来临 https://mp.weixin.qq.com/s/UQcRr5kiKXf_iZ-_CKn_1Q
安全学术圈 secquan 基于频域分析的实时恶意流量检测 https://mp.weixin.qq.com/s/nAiN-17OYh7begqcUYGJyQ
FreeBuf freebuf 2021 Gartner安全运营成熟度曲线(Hype Cycle)解读 https://mp.weixin.qq.com/s/RhTVIsGkIumUB-YfEAv6Jg
RCE TEAM gh_3688f58729a9 文件上云 - 对象存储的攻击方式 https://mp.weixin.qq.com/s/eZ8OAO5ELgUNvVricIStGA

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
yaklang yak gRPC Client GUI - 集成化单兵工具平台 https://github.com/yaklang/yakit None None None None 0 0 0 0 0 Go,TypeScript,JavaScript 0 0
xforcered 远程判断目标系统是否运行 Web Client service (WebDAV) 的工具 https://github.com/xforcered/GetWebDAVStatus None None None None 0 0 0 0 0 C#,Python,C,JavaScript 0 0
oversecured Oversecured Vulnerable iOS App,一款存在多个安全漏洞的 iOS App,可以用于漏洞安全研究或检测工具的基准测试 https://github.com/oversecured/ovia None None None None 0 0 0 0 0 None 0 0
jonathandata1 有研究员公开了一个 iOS 15.0.1 RCE PoC 代码,不过该漏洞需要设备信任连接的 Host 才能触发 https://github.com/jonathandata1/ios_15_rce https://github.com/jonathandata1?tab=followers Just a guy Boerne, TX Zroblack, LLC 19 0 0 0 0 Shell,JavaScript,Smali 0 0
intel 基于 Xen 和 AFL 实现的内核 Fuzzer,利用 Xen VM forks 实现 AFL 多实例并行支持,利用 Intel PT 实现 Coverage 收集 https://github.com/intel/kernel-fuzzer-for-xen-project None None None None 0 0 0 0 0 C,Shell,Java,Roff,Python,JavaScript,BitBake,C++,HTML,Go 0 0
guardicore monkey: Infection Monkey - An automated pentest tool https://github.com/guardicore/monkey None None None None 0 0 0 0 0 Python,Go,C,Java,C# 0 0
google Surface Pro 3 TPM 安全启动环境验证相关实现存在漏洞(CVE-2021-42299) https://github.com/google/security-research/tree/master/pocs/bios/tpm-carte-blanche None None None None 0 0 0 0 0 TypeScript,Java,Python,Kotlin,JavaScript,C++,Objective-C,HTML,Go,Jupyter 0 0
facebook Mariana Trench - Facebook 开源的一款 Android 静态漏洞扫描工具 https://github.com/facebook/mariana-trench/ None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,OCaml,C++,Objective-C,Jupyter,Ruby 0 0
aliyunav Finger - IDA 插件,用于在指定的二进制文件中识别未命名的库函数 https://github.com/aliyunav/Finger None None None None 0 0 0 0 0 None 0 0
aemmitt-ns radius - 基于 radare2 写的符号执行引擎 https://github.com/aemmitt-ns/radius https://github.com/aemmitt-ns?tab=followers Mobile Security Researcher at NowSecure None @nowsecure 16 0 0 0 0 Python,C,JavaScript,Vala 0 0
Metarget Metarget:构建云原生基础设施靶场 https://github.com/Metarget/metarget None None None None 0 0 0 0 0 Python,Shell 0 0
Ciphey Ciphey - 基于人工智能与自然语言处理技术实现的一款自动化密... https://github.com/Ciphey/Ciphey None None None None 0 0 0 0 0 TypeScript,Python,Dockerfile,C++,TeX,Ruby 0 0
BC-SECURITY Starkiller: Starkiller is a Frontend for PowerShell Empire https://github.com/BC-SECURITY/Starkiller None None None None 0 0 0 0 0 C,Vue,Python,VBA,C++,C#,PowerShell 0 0

medium 推荐

title url
在手机充电器内植入一个 WiFi 路由器 http://machinehum.medium.com/i-put-a-wifi-router-into-a-phone-charger-final-post-c4be866e1d34
MITRE ATT&CK 框架更新 v10 版本 http://medium.com/mitre-attack/introducing-attack-v10-7743870b37e3
iCloud Drive 文件夹共享 XSS 漏洞分析 http://bountyget.medium.com/how-i-got-9000-usd-by-hacking-into-icloud-80ed8816d3b5
Bypassing required reviews using GitHub Actions http://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7
Azure Privilege Escalation via Service Principal Abuse http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fazure-privilege-escalation-via-service-principal-abuse-210ae2be2a5

知乎 推荐

title url
HFL:基于混合模糊测试的Linux内核漏洞挖掘 https://zhuanlan.zhihu.com/p/123373175
图在异常流量识别中的应用和演进 https://zhuanlan.zhihu.com/p/419340068
沉浸式《程序分析》教材 https://zhuanlan.zhihu.com/p/417187798

日更新程序

python update_daily.py