Skip to content

Latest commit

 

History

History
128 lines (108 loc) · 15.2 KB

README_202206.md

File metadata and controls

128 lines (108 loc) · 15.2 KB

202206 信息源与信息类型占比

202206-信息源占比-secwiki

202206-信息源占比-xuanwu

202206-最喜欢语言占比

政策 推荐

title url
移动互联网应用程序信息服务管理规定 http://www.gov.cn/xinwen/2022-06/14/content_5695690.htm
电力行业网络安全管理办法(修订征求意见稿) http://www.nea.gov.cn/2022-06/14/c_1310622577.htm

微信公众号 推荐

nickname_english weixin_no title url
金融电子化 fcmag1993 观点 , 商业银行攻防检测体系建设思考 https://mp.weixin.qq.com/s/eL73amOSRojcaIWsMb0Inw
网信中国 cacweixin 互联网用户账号信息管理规定 https://mp.weixin.qq.com/s/QTuVfRBRgq2M2Kqbzhecbg
君哥的体历 jungedetili 陈曦:信息系统供应链安全管理入门 https://mp.weixin.qq.com/s/0hc14-9SAGghfS35MdbMWA
优主张 yzhuzhang 浅谈企业安全建设“道”与“术”--道篇 https://mp.weixin.qq.com/s/6JMofN8KlLj03nFfFIKsxg
360漏洞研究院 gh_9dfd76b8e0c2 技术前瞻|下一代Windows漏洞利用:攻击通用日志文件系统 https://mp.weixin.qq.com/s/RkgSyKtLmwCFFQHY429Lkg
智能汽车设计 qcznsj 毕马威:2022车联网数据安全监管研究报告 https://mp.weixin.qq.com/s/CaWLiMWO_fhbLWt3DVMXbA
无线通信安全 SateSec 复盘卫星大战 Hack-A-Sat 1 天基攻防竞赛 https://mp.weixin.qq.com/s/HWLVfByhpnmIaRYugWfQ6Q
开放知识图谱 OpenKG-CN 论文浅尝 , Continual Learning for Named Entity Recognition https://mp.weixin.qq.com/s/uF1X7auEpYqXpsrSbhhG6A
妄为写代码 wwcoding6 当 Xiaomi 12 遇到 eBPF https://mp.weixin.qq.com/s/h_ixxr1WZ8VqYt-zMrwSDA
天书奇坛TFT gh_52ca0a568cdc 电信网络诈骗黑灰产生态概览:基础设施 https://mp.weixin.qq.com/s/N7ChFTCsDzfgQkL6J0ALow
俗事吧 gh_2cbae9d23f6a ysuserial 0.1 尝鲜 https://mp.weixin.qq.com/s/05LOjys8XJhUxg8qKYuWtg
专注安管平台 gh_48603b9bb05a 美国爱因斯坦计划跟踪与解读(2022v1版) https://mp.weixin.qq.com/s/qjC_dCOdFRIfYot8OUfJHA
404 Not F0und AI4Security 安全团队的演进及个人定位思考 https://mp.weixin.qq.com/s/lLawi2Dv_d3xPR2Rds9U3g
薮猫科技 CyberServal CobaltStrike 流量分析与入侵检测 https://mp.weixin.qq.com/s/CjsqWrm70HVEnolZrRD8oA
思想花火 ttfirework 信息安全BP的能力模型 https://mp.weixin.qq.com/s/qZ_uu58R418BltFaeVcWww
安天集团 Antiylab “暗象”组织:潜藏十年的网络攻击 https://mp.weixin.qq.com/s/mC5D8kFaQA-cIcw2rlTgeA
安全小飞侠 AvFisher 关于BIS的《信息安全控制:网络安全条目》的解读及影响分析 https://mp.weixin.qq.com/s/SlNo1ECifYSTQ4U-6umDEw
国家网络威胁情报共享开放平台 CNTIC2017 使用 Python 从泄露的日志中挖掘威胁情报的金矿 https://mp.weixin.qq.com/s/0dnBvI9DNL0nko28UiLgrQ
信息通信软件供应链安全社区 gh_1b92fdc1f223 政策法规组,【SBOM政策文件研究】之 《现有SBOM格式和标准调查》译文 https://mp.weixin.qq.com/s/DXWXTMsz_Sf1zlDIJd4RBw
中国科学院网络数据重点实验室 NDST_CAS 一文读懂事件知识图谱 https://mp.weixin.qq.com/s/W3oewKOH2IXzDFXRCY4W6Q
Tide安全团队 TideSec 自动化渗透测试工具开发实践 https://mp.weixin.qq.com/s/jo_l-qU2rfP-JlAFs-8ZHg
M01N Team m01nteam CyberBattleSim(内网自动化渗透)研究分析 https://mp.weixin.qq.com/s/1XHJbGgK5kUtiiEtLlaY6w
360威胁情报中心 CoreSec360 鲨鱼的狂欢 — APT-C-55 Kimsuky组织近期BabyShark组件披露 https://mp.weixin.qq.com/s/ZV8AOTd7YGUgCTTTZtTktQ
虎符智库 TT_Thinktank RSAC2022, 从创新沙盒看网安技术创新趋势 https://mp.weixin.qq.com/s/3HXPUP-SoH95zxyWOflwyQ
落水轩 gh_c10ee4802699 微软数据安全防护之Know Your Data https://mp.weixin.qq.com/s/Hkro91XoY4SdjFZNGcFAvg
白帽兔 xzu77058 溯源反制案例分享(二) https://mp.weixin.qq.com/s/JXfNCIzZznn1UVXhYDzRIA
小道安全 kdsafety 浅谈设备指纹技术和应用 https://mp.weixin.qq.com/s/XAGQl8rk4E-JFJYefIHqKg
全栈开发运维 yellowleecn SQL脚本自动化审核工具(MYSQL) https://mp.weixin.qq.com/s/In-MdryQSdqFSA2fqdFHvg
电驭叛客 Cyber-Hack OT环境下IoT安全的破局探索 https://mp.weixin.qq.com/s/Hkw95Y146xVAHLwZnPAH4w
且听安全 qtcyber CVE-2022-26134 Confluence OGNL RCE 漏洞深入分析和高版本绕过沙箱实现命令回显 https://mp.weixin.qq.com/s/nCMtSD7QH8ai6fpurJBXTg
GoGoHack gogohack-n-secure ​C-V2X安全研究 https://mp.weixin.qq.com/s/ExecszAuGDXPa1ySysZ5xg
战略前沿技术 Tech999 张驰:星链的军事化应用 https://mp.weixin.qq.com/s/NQA3UvzDB0wnKY-0mJCB0g
安全学术圈 secquan 滥用隐藏属性来攻击 Node.js 生态系统 https://mp.weixin.qq.com/s/rTiXBtPtXb-QVZHJWUcA_g
威胁棱镜 THREAT_PRISM 云上典型挖矿团伙浮沉 https://mp.weixin.qq.com/s/pw9iMxU8wM7SGEReUsRNhQ
YY的黑板报 gh_a91bd497db44 我所理解的安全运营 https://mp.weixin.qq.com/s?__biz=Mzg5NzY5NjM5Mg==&mid=2247484056&idx=1&sn=751c997279e7693e201d2cab6429244e&chksm=c06c957ff71b1c692b03fa78ff90cf504229cd5f3d1e36d23decc1799f35237c2f007ca51800&token=71555406&lang=zh_CN#rd
MicroPest gh_696c36c5382b CVE-2022-30190漏洞的学习一 https://mp.weixin.qq.com/s/wzdXRnYM0-5iN3tcZZnUWA
这里是河马 gh_f779ec60843d 利用Confluence漏洞攻击的WebShell,河马已支持查杀 https://mp.weixin.qq.com/s/I0XOcfJF9vMlT7YuwnANHA

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
zan8in afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 https://github.com/zan8in/afrog https://github.com/zan8in?tab=followers 美丽人生,享受生活!- life is fantastic. enjoy life. None None 19 0 117 0 0 Go 0 0
winsiderss System Informer - 一款开源的 Windows 资源监控和软件调试工具 https://github.com/winsiderss/systeminformer None None None None 0 0 0 0 0 C 0 0
twosmi1e 静态分析及代码审计自动化相关资料收集 https://github.com/twosmi1e/Static-Analysis-and-Automated-Code-Audit https://github.com/twosmi1e?tab=followers None None 38 0 309 0 0 JavaScript,Java,HTML 0 0
tr3ee Linux eBPF CVE-2022-23222 提权漏洞 Exploit https://github.com/tr3ee/CVE-2022-23222 http://tr3e.ee tr3eee , Member of ROIS/SCSL , Security Researcher None None 28 0 0 0 0 0 0
therealsaumil EMUX Firmware Emulation Framework https://github.com/therealsaumil/emux https://github.com/therealsaumil?tab=followers None None 10 0 0 0 0 Python,C,JavaScript,Assembly,Arduino 0 0
sarsko CreuSAT - Rust 写的 SAT solver https://github.com/sarsko/CreuSAT https://github.com/sarsko @sarsko Oslo None 10 0 19 0 0 C,JavaScript,Rust 0 0
saeidshirazi 智能合约安全相关的资料整理 https://github.com/saeidshirazi/Awesome-Smart-Contract-Security https://github.com/saeidshirazi?tab=followers Cyber Security Researcher canada None 37 0 17 0 0 Python,Jupyter,CSS 0 0
rust-fuzz honggfuzz-rs - 利用 Honggfuzz Fuzz Rust 代码 https://github.com/rust-fuzz/honggfuzz-rs None None None None 0 0 0 0 0 HTML,Shell,C++,Rust 0 0
quarkslab TPMEavesEmu - 通过模拟的方法辅助测试 TPM 实现安全的工具 https://github.com/quarkslab/tpmee None None None None 0 0 0 0 0 C,TypeScript,Python,JavaScript,C++,Shell,Go 0 0
p0dalirius 常见 CMS/LMS Web 框架的 RCE 技术整理 https://github.com/p0dalirius/Awesome-RCE-techniques https://github.com/p0dalirius?tab=followers Security Researcher 🕵️‍♂️ , Speaker 📣 [object Object] Podalirius 65 0 7 0 0 Python,PHP,Dockerfile 0 0
omair2084 Windows NFS CVE-2022-26937 PoC https://github.com/omair2084/CVE-2022-26937 https://github.com/omair2084?tab=followers None None 13 0 0 0 0 Python,Shell 0 0
mattifestation AntimalwareBlight - 滥用 Windows Early Launch Antimalware (ELAM) 的防护功能 https://github.com/mattifestation/AntimalwareBlight https://github.com/mattifestation?tab=followers None None 29 0 10 0 0 PowerShell 0 0
mandiant floss - mandiant 开源的用于从恶意软件中提取反混淆字符串的工具 https://github.com/mandiant/flare-floss None None None None 0 0 0 0 0 C,Vue,Python,C++,C#,PowerShell 0 0
hardenedvault VED - Linux 内核威胁检测和防御系统 https://github.com/hardenedvault/ved None None None None 0 0 0 0 0 Python,C,Shell 0 0
eset ESET 对基于多层虚拟机实现的恶意软件 Loader - Wslink 的分析 https://github.com/eset/wslink-vm-analyzer/blob/master/slides/WslinkVMREcon.pdf None None None None 0 0 0 0 0 Python,YARA,C,CSS,Go 0 0
ehids eCapture - 基于 eBPF 技术实现 TLS 加密的明文捕获 https://github.com/ehids/ecapture None None None None 0 0 0 0 0 Go,C 0 0
cea-sec usbsas - 从不受信任的 USB 存储设备读取数据的工具 https://github.com/cea-sec/usbsas None None None None 0 0 0 0 0 Python,C,Rust 0 0
brant-ruan 2022云原生安全技术峰会议题Slide https://github.com/brant-ruan/slides-and-papers/ https://github.com/brant-ruan?tab=followers IT Security Researcher China NSFOCUS Inc. 58 0 515 0 0 Python,Go,Shell 0 0
aquasecurity Trivy - 在容器镜像、文件系统、Git Repo 中扫描漏洞的工具 https://github.com/aquasecurity/trivy None None None None 0 0 0 0 0 Go,Python,Shell,Dockerfile,TypeScript 0 0
Yamato-Security Hayabusa - 基于 Windows Event Log 的快速取证 Timeline 分析工具 https://github.com/Yamato-Security/hayabusa None None None None 0 0 0 0 0 Python,Makefile,PowerShell,Rust 0 0
TheOfficialFloW 在 Hardwear.io 安全会议上,研究员 theflow0 分享了他利用 Blu-ray 蓝光光碟攻击面攻击 PS5 的细节 https://github.com/TheOfficialFloW/Presentations/blob/master/2022-hardwear-io-bd-jb.pdf https://github.com/TheOfficialFloW?tab=followers Information Security Engineer Zurich None 34 0 48 0 0 C 0 0
StarCrossPortal QingTing: 安全工具编排平台 https://github.com/StarCrossPortal/QingTing None None None None 0 0 0 0 0 PHP,Java,Rust,C++ 0 0
SigmaHQ Sigma - 用于 SIEM 系统通用地描述事件日志的开放格式 https://github.com/SigmaHQ/sigma None None None None 0 0 0 0 0 Python 0 0
RoseSecurity 西门子 APOGEE PXC 自动化控制器认证绕过漏洞(CVE-2017-9947)扫描器 https://github.com/RoseSecurity/APOLOGEE https://github.com/RoseSecurity?tab=followers Hobbyist Hacker , Lifetime Learner None None 11 0 71 0 0 Lua 0 0
Rivaill 区块链安全攻击、漏洞事件的分析和重现 https://github.com/Rivaill/CryptoVulhub https://github.com/Rivaill?tab=followers None None 13 0 49 0 0 Python,Go,Solidity 0 0
ManasHarsh Web3 安全相关的资料收集 https://github.com/ManasHarsh/Awesome-Web3-security https://github.com/ManasHarsh?tab=followers Cracking the web, a bit different than others Bangalore Netskope 16 0 10 0 0 Python,Shell 0 0
Idov31 FunctionStomping - 类似 Module Stomping 的 Shellcode 注入技术,用于逃逸反病毒软件的检测 https://github.com/Idov31/FunctionStomping https://github.com/Idov31?tab=followers Im an offensive security researcher and using this platform to share my projects and research :) mov eax, [ebp+location] None 10 0 139 0 0 C++,Rust,PowerShell 0 0
FrenchYeti interruptor - 对 Frida Stalker 封装,提供更加易用的 Hook 库 https://github.com/FrenchYeti/interruptor https://github.com/FrenchYeti?tab=followers Software Security Researcher France None 99 0 72 0 0 TypeScript,Python,JavaScript 0 0
Bypass007 一份开源安全项目清单,以帮助甲方安全从业人员构建企业安全能力 https://github.com/Bypass007/Safety-Project-Collection https://github.com/Bypass007?tab=followers 专注于网络安全 Xiamen, China None 14 0 6 0 0 Java 0 0
10000Tigers BlueHound-一款自研主机威胁狩猎工具 https://github.com/10000Tigers/BlueHound https://github.com/10000Tigers?tab=followers None None 2 0 0 0 0 Go 0 0

medium 推荐

title url
Inside JavaScript Engines, Part 1: Parsing https://medium.com/@yanguly/inside-javascript-engines-part-1-parsing-c519d75833d7
微软 Synapse Analytics 平台被发现提权漏洞 https://medium.com/tenable-techblog/microsoft-azure-synapse-pwnalytics-87c99c036291
Instagram 任意用户缩略图修改漏洞 https://medium.com/@root.n33r4j/how-i-found-a-critical-bug-in-instagram-and-got-49500-bounty-from-facebook-626ff2c6a853
Defeating Windows ASLR via 32-bit Share Library https://medium.com/@mxmssh/defeating-windows-aslr-via-32-bit-shared-libraries-in-2-hours-1e225e182155?source=social.tw
组合多个漏洞实现俄罗斯社交网站 VK 的 RCE https://medium.com/@byq/from-open-redirect-to-rce-in-one-week-66a7f73fd082
Honeysploit - 在公开漏洞利用代码中嵌入恶意代码攻击 Exploiter https://curtbraz.medium.com/exploiting-the-exploiters-46fd0d620fd8

知乎 推荐

title url
Google对于云安全未来的发展方向(CISO 云安全转型指南白皮书... https://zhuanlan.zhihu.com/p/529772138
Google对于未来SOC的建设思考(自动化安全运营白皮书) https://zhuanlan.zhihu.com/p/528817905
在计算机领域的科研中,最初的创新点从何而来? https://www.zhihu.com/question/534444001
Fuzzm: 针对WebAssembly内存错误的模糊测试 https://zhuanlan.zhihu.com/p/523207785

论坛 推荐

title url
ATT&CK矩阵的攻与防 https://xz.aliyun.com/t/11347
bandit工具分析 https://xz.aliyun.com/t/11341
基于框架漏洞的代码审计实战 https://xz.aliyun.com/t/11360

日更新程序

python update_daily.py