Skip to content

Latest commit

 

History

History
154 lines (136 loc) · 19.4 KB

README_201912.md

File metadata and controls

154 lines (136 loc) · 19.4 KB
Raw

数据--所有

数据--年度

201912 信息源与信息类型占比

201912-信息源占比-secwiki

201912-信息源占比-xuanwu

201912-最喜欢语言占比

微信公众号 推荐

nickname_english weixin_no title url
软件安全智能并行分析实验室 学术报告,S&P2020-Savior:漏洞导向的混合模糊测试技术 https://mp.weixin.qq.com/s/hW8ned6DIRJ7mx1657dVew
白帽子的成长之路 whitehat_day 渗透测试Window平台中 Certutil的使用 https://mp.weixin.qq.com/s/4jZBIRqbQ7UR7BXz2zdZtA
数世咨询 数世咨询:2019年网络安全大事记 https://mp.weixin.qq.com/s/APOEaYrubmWupFRPbbjfkw
安全祖师爷 PowerShell渗透–Empire https://mp.weixin.qq.com/s/giBR-rnpm51cDE4aude2tg
安全学术圈 secquan 安全学术圈2019年度总结 https://mp.weixin.qq.com/s/VrrQCLOfthxNTFhEqdT3xA
君哥的体历 jungedetili 2020安全工作展望 https://mp.weixin.qq.com/s/mihqZ0BJAgee1bEm1ZJAQw
PolarisLab PolarisLab 网络犯罪反制:714高炮与金融行业 https://mp.weixin.qq.com/s/yPTeg1Ue8AWq7dIZSqPrKw
Bypass Bypass-- 跨站脚本(XSS)备忘录-2019版 https://mp.weixin.qq.com/s/Q9Vjcj4W8F0ZQQi6P7djWA
飞虎行业观察 flyingtiger018 RSA和McAfee的2020年安全威胁预测 https://mp.weixin.qq.com/s/gUOO1kDB_wuZ32nKAZjM0g
雷神众测 thorsrc 论⾼级攻防团队建设⽅法论之思想的重要性(上) https://mp.weixin.qq.com/s/nFvGQqeFvSYaEFksbi8FLw
阿里安全响应中心 alisrc 【走心分享】白帽成长建议 https://mp.weixin.qq.com/s/ZXRI6KUtu6IwCYrjuy_3Tg
轩辕实验室 基于卷积神经网络的入侵检测进行检测Dos攻击 https://mp.weixin.qq.com/s/yRQwHVPuYHM67yAo15hPOw
继之宫 关于安全运营中心的几个问题 https://mp.weixin.qq.com/s/w_kfBpkXU7WdfkwSl-KSnA
天融信阿尔法实验室 ATT&CK之防御逃逸(一) https://mp.weixin.qq.com/s/Qwc234edENL8NBxSm4d56g
天地和兴 bjtdhxkj 针对ICS的网络攻击20强——谈天说地Part1 https://mp.weixin.qq.com/s/H9f-z3oLDZ-fMrEax3nMaA
qz安全情报分析 lookvul 浅谈OPSEC和C2 https://mp.weixin.qq.com/s/FIz4-xk093jGN3TOECAgqQ
OWASP OWASP_CHINA 2019年度OWASP中国项目总结 https://mp.weixin.qq.com/s/hcdA7R36RsSV40TnIu2fJg
DJ的札记 DJ_notes 下一座圣杯 - 2019 https://mp.weixin.qq.com/s/6Kli-u6LEInoliTVQgdrFQ
七夜安全博客 qiye_safe 反弹shell-逃逸基于execve的命令监控(上) https://mp.weixin.qq.com/s?__biz=MzIwODIxMjc4MQ==&mid=2651004359&idx=1&sn=4b2c6e06df652af95876e9b858e9711b&chksm=8cf13b85bb86b293f5b73d0a680dcbbd2e584cac216d94d3f84d0c0a53c3b74318d83518a6ee&token=1889883351&lang=zh_CN#rd
青藤云安全资讯 qingtengyun ATT&CK框架:攻击者最常用的TOP7攻击技术及其检测策略 https://mp.weixin.qq.com/s/02AcOPzTaA7dChHqye2wEg
腾讯安全智能 TX_Security_AI 基于图挖掘的安全事件分析 https://mp.weixin.qq.com/s/ARfMqrUxiPKmbMcV_yaluw
湛卢工作室 xuehao_studio 道德骇客CEH之入门介绍 https://mp.weixin.qq.com/s/s6oL7p1hY_VotJMjtB7fVg
浅黑科技 qianheikeji CTF:一部黑客心灵史 https://mp.weixin.qq.com/s/wEqBaZmO8FwOyGrcWDNgYQ
学术plus caeit-e 人工智能在国防领域的七大应用 https://mp.weixin.qq.com/s/v4NDZFo81kJKDlrROI5FqA
奇安信威胁情报中心 为什么ATT&CK对APT关联归属分析用处不大 https://mp.weixin.qq.com/s/Cb7tROj0BXSOxnqyjftlRw
国际安全智库 guoji-anquanzhiku “震网”十年谜底终浮水面, 伊朗核计划流产源于内鬼“间谍行动” https://mp.weixin.qq.com/s/ORW8qWCpgQFJh8-bsaIg3w
嘶吼专业版 Pro4hou 直击北向峰会现场,“避危乘势,经略变局” https://mp.weixin.qq.com/s/lRAyLyBJtquMrMTmTHnYUQ
信息安全与通信保密杂志社 cismag2013 开源软件的网络安全问题 https://mp.weixin.qq.com/s/TCb4kLH6N3JlCnyo6x2L1Q
Hacking就是好玩 对乌云漏洞库payload的整理以及Burp辅助插件 https://mp.weixin.qq.com/s/9RHVsw-HtAfo1UuPAqXZEw
行业研究报告 report88 2018-2019年网络安全行业深度报告 https://mp.weixin.qq.com/s/z-LN2AlMezEmJVekbDndcw
贝塔安全实验室 BetaSecLab 绕过CDN查找真实IP方法总结 https://mp.weixin.qq.com/s/_qHGB3l58KU01tBOki5uag
编程技术宇宙 ProgramUniverse 我是一个流氓软件线程 https://mp.weixin.qq.com/s/-ggUa3aWkjjHjr9VwQL9TQ
穿过丛林 DARPA HIVE计划及其最新进展 https://mp.weixin.qq.com/s/_lzrhylYo9Z941ChqIgJIQ
盘古实验室 PanguLab 从研究者视角看漏洞研究之2010年代 https://mp.weixin.qq.com/s/UBZv0pd7Nr-o-NMxjV53RQ
赵武的自留地 网络空间测绘的生与死(三) https://mp.weixin.qq.com/s/jffEOTF3n028USQujIzmmw
腾讯御见威胁情报中心 “海莲花”(OceanLotus)组织2019年针对中国大陆的攻击活动汇总 https://mp.weixin.qq.com/s/OA09fndsHfpLVxeo7DnjYg
绿盟科技研究通讯 nsfocus_research 五年之后的回顾--磊科路由器后门利用情况分析 https://mp.weixin.qq.com/s/6djU9_yl8px9oimxCRQd5A
维他命安全 VitaminSecurity 卡巴斯基2019年Q3垃圾邮件与钓鱼攻击报告 https://mp.weixin.qq.com/s/JE5J6misSPhzCjyKB0MxCA
牵着蜗牛遛弯儿 lau_cyun 浅谈工控CTF中网络数据分析的思路 https://mp.weixin.qq.com/s/bR1t53-YHSKWmFawT5t0Kg
时间之外沉浮事 tasnrh 靶场发展态势⑤美国防部企业级赛博靶场环境(DECRE) https://mp.weixin.qq.com/s/mAeld9GbLN9Ps-M5wgelfw
云众可信 yunzhongkexin 原创干货 , 【工具分享】AssetScan内网脆弱面分析工具 https://mp.weixin.qq.com/s/dCP3PsjZYDY0f2wJX4dC4w
heysec bloodzer007 利用SSH隧道构建多级tunnel https://mp.weixin.qq.com/s/jg_7bKqwfeYh1ErTtljKYw
TideSec安全团队 TideSec 一文解密所有WebLogic密文 https://mp.weixin.qq.com/s/HY0X3koYVEIotYIQZi680w
FreeBuf freebuf 2010年以来重大网络安全事件盘点 https://mp.weixin.qq.com/s/kv64D0fqBwJ3J3pkDFqI3A
Docker dockerone Kubernetes 下零信任安全架构分析 https://mp.weixin.qq.com/s/WybnFRHiGy1joLFyQyba0g

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
nikic PHP-Fuzzer - 基于代码覆盖反馈信息 Fuzz PHP libraries https://github.com/nikic/PHP-Fuzzer https://nikic.github.io/ Berlin, Germany JetBrains 71 0 72 4000 24 C,PHP 26100 5900
k8gege Ladon: 大型内网渗透扫描器&Cobalt Strike https://github.com/k8gege/Ladon https://k8gege.org USA FBI 24 0 17 1400 1 C#,Python,PowerShell 2300 1100
PaulSec Shodan.io Android版官方应用程序 https://github.com/PaulSec/Shodan.io-mobile-app/issues https://paulsec.github.io/ I cant promise anything but Ill do my best. France None 93 0 503 811 26 Python 2800 361
TideSec Web指纹识别技术研究与优化实现 https://github.com/TideSec/TideFinger/blob/master/Web%E6%8C%87%E7%BA%B9%E8%AF%86%E5%88%AB%E6%8A%80%E6%9C%AF%E7%A0%94%E7%A9%B6%E4%B8%8E%E4%BC%98%E5%8C%96%E5%AE%9E%E7%8E%B0.md http://www.TideSec.com 一心不动,大巧不工。 China Tide 21 0 207 726 23 C,Shell,Java,Python,PHP,Ruby 947 341
maddiestone Maddie Stone 在 Jailbreak Security Summit 会议关于 Whats App 0Day 漏洞分析的 PPT https://github.com/maddiestone/ConPresentations/blob/master/Jailbreak2019.WhatsUpWithWhatsApp.pdf http://twitter.com/maddiestone None None 4 0 2 242 1 Python 524 105
alphaSeclab Awesome Forensics Resources - 安全取证分析相关的工具和资料收集 https://github.com/alphaSeclab/awesome-forensics None None None 11 0 23 141 0 1300 185
HiddenStrawberry 中国爬虫违法违规案例汇总 https://github.com/HiddenStrawberry/Crawler_Illegal_Cases_In_China None 资深前爬虫行业从业者 合作微信 hiddenstrawberry(备注Github) Beijing/Shenyang/Tianjin YiduCloud 22 0 13 116 5 Python,HTML 914 151
wrlu SecIoT-Web: IoT漏洞检测平台 https://github.com/wrlu/SecIoT-Web https://wrlu.cn Mobile & IoT Security Researcher; Java & Python Developer. Beijing, China Huawei 26 0 41 100 33 Python,TSQL,JavaScript,Java 20 9
MatthewPierson 利用 OTA Blobs 实现 iOS 降级的工具 https://github.com/MatthewPierson/Vieux https://twitter.com/mosk_i I downgrade iPhones =) None None 10 0 0 95 1 Python,Shell,Rich 95 27
heibaiying BigData-Notes: 大数据入门指南 https://github.com/heibaiying/BigData-Notes https://blog.csdn.net/m0_37809146 博客:https://blog.csdn.net/m0_37809146 shanghai None 2 0 20 80 0 Java 2900 755
RedDrip7 RedDrip7团队收集恶意软件家族样本,帮助安全社区对抗恶意软件和针对性攻击。 https://github.com/RedDrip7/APT_Digital_Weapon https://ti.qianxin.com/blog/ Technical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence. China Qianxin 3 0 0 74 0 122 23
avishayil 模拟 Capital One 数据泄露漏洞环境的云配置文件 https://github.com/avishayil/caponeme https://github.com/cyberark Cloud & DevOps Engineer @ CyberArk Israel @cyberark 23 0 52 32 0 Java,Python,JavaScript,Objective-C,Dockerfile,CSS 435 102
echowei DeepTraffic: Deep Learning models for network traffic classification https://github.com/echowei/DeepTraffic None Beijing None 1 0 1 29 0 Python 153 117
Cherishao APT-Sample Files https://github.com/Cherishao/APT-Sample https://cherishao.github.io/ Malware researcher && APT Follow , Analyze threats,Blue/Red Team methodology, Networks, Malware Analysis,Reverse Engineering🕵️‍♂️ BTC:17iDHpUqe9XGpGJ2cMBUVciq ChengDu None 68 1 346 29 31 Python,HTML 47 24
shadow-horse CVE-2019-17571/Apache Log4j 1.2.X 存在反序列化远程代码执行漏洞 https://github.com/shadow-horse/CVE-2019-17571 None Penetration, Vulnerability Research, SDL, STRIDE None None 23 0 61 25 7 Python,JavaScript,Java,HTML,CSS 5 1
fcavallarin domdig: DOM XSS scanner for Single Page Applications https://github.com/fcavallarin/domdig https://fcvl.net None None 3 0 1 25 0 Python,JavaScript 492 104
daikerSec Windows 内网协议学习 https://github.com/daikerSec/windows_protocol/blob/master/SUMMARY.md None None None 4 0 16 9 4 Go,HTML,CSS 9 2
OYE93 Chinese-NLP-Corpus: Collections of Chinese NLP corpus https://github.com/OYE93/Chinese-NLP-Corpus https://oyeblog.com/ None None 16 0 2 8 0 Python,HTML,Dockerfile,CSS 110 18
bd249ce4 QBAnalyzer: automates extracting artifacts and binaries https://github.com/bd249ce4/QBAnalyzer None None None 2 0 0 1 0 YARA,HTML 3 1
vim 8.1.2136 补丁:释放window内存与fuzzer的 autocmd命令一起使用 https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 None None None None 0 0 0 0 0 Shell,C,Batchfile,Vim 0 0
uds-se 关于 Fuzz 的书《Generating Software Tests》的原始文件 https://github.com/uds-se/fuzzingbook None None None None 0 0 0 0 0 C,LLVM,Java,Python,Kotlin,JavaScript,Shell,Objective-C,HTML,Jupyter,R,Dockerfile 0 0
ucsb-seclab KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware https://github.com/ucsb-seclab/karonte?from=timeline None None None None 0 0 0 0 0 C,Java,Python,JavaScript,C++,Dockerfile 0 0
sslab-gatech QSYM - 为混合 Fuzz 定制的符号执行引擎 https://github.com/sslab-gatech/qsym None None None None 0 0 0 0 0 C,Filebench,Python,Makefile,C++,HTML,HCL 0 0
seemoo-lab Nexmon - 一款支持 Broadcom/Cypress WiFi 芯片的固件 Patch 框架,基于框架可以编写自己的补丁,启用监听模式 https://github.com/seemoo-lab/nexmon None None None None 0 0 0 0 0 C,Shell,Jupyter,Python,JavaScript,C++,TeX,Objective-C,HTML,MATLAB,Java 3300 274
secdevops-cuse CyberRange: The Open-Source AWS Cyber Range https://github.com/secdevops-cuse/CyberRange None None None None 0 0 0 0 0 Python,C,Dockerfile,CSS,HCL 0 0
rackerlabs scantron - 分布式 Nmap/Masscan 网络扫描框架 https://github.com/rackerlabs/scantron None None None None 0 0 0 0 0 Groovy,TypeScript,Java,Python,JavaScript,Shell,HTML,HCL,Ruby,CSS 0 0
pdbpp pdb++ - Python debugger(pdb)的增强版 https://github.com/pdbpp/pdbpp None None None None 0 0 0 0 0 Python 0 0
openworldoperations 一种高级的网络钓鱼技术,可让攻击者设置有效的域和SSL证书,请注意防范 https://github.com/openworldoperations/FISHY None None None None 0 0 0 0 0 Python,HTML 15 4
libusb libusb - 跨平台的 USB 设备交互库 https://github.com/libusb/libusb None None None None 0 0 0 0 0 C,HTML 0 0
immunityinc Immunity 开源了一个用于进程调试和 Trace 的库 - libptrace https://github.com/immunityinc/libptrace None None None None 0 0 0 0 0 C 0 0
google Google 在 sanitizers Repo 介绍了一些存在条件竞争问题的代码模型 https://github.com/google/sanitizers/wiki/ThreadSanitizerPopularDataRaces None None None None 0 0 0 0 0 Groovy,C,Java,HTML,Python,Kotlin,JavaScript,C++,Haskell,Go,Jupyter,Rust,Lasso 0 0
chineseocr darknet-ocr: darknet text detect and darknet cnn ocr https://github.com/chineseocr/darknet-ocr None None None None 0 0 0 0 0 Python,C,C++ 0 0
baidu-security openrasp-iast: IAST 灰盒扫描工具 https://github.com/baidu-security/openrasp-iast None None None None 0 0 0 0 0 Java,Python,JavaScript,C++,HTML,Go,TSQL 0 0
apachecn 面向机器学习的特征工程 https://github.com/apachecn/fe4ml-zh None None None None 0 0 0 0 0 Shell,Jupyter,Scala,Python,JavaScript,HTML,PHP,CSS 22200 7800
NoneAge 交易所安全测试系列指南文档 https://github.com/NoneAge/BlockchainSecurityTutorial None None None None 0 0 0 0 0 Python,WebAssembly 0 0
FSecureLABS FSecure Labs 开源了一款用于 AWS 云上资源关联关系可视化的工具 https://github.com/FSecureLABS/awspx None None None None 0 0 0 0 0 C,Shell,Java,Python,JavaScript,C++,C#,PowerShell 2000 549
0Kee-Team 0Kee Team 开源的用于收集 URL 入口的爬虫,基于 Headless Chrome 编写 https://github.com/0Kee-Team/crawlergo None None None None 0 0 0 0 0 Python,Vue,Java 0 0

medium 推荐

title url
CVE-2019-17556: Unsafe deserialization in Apache Olingo http://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817
双因素认证(2FA)绕过技术的总结 http://medium.com/@surendirans7777/2fa-bypass-techniques-32ec135fb7fe
作者分析Apache Olingo中存在反序列化安全漏洞(CVE-2019-17556) http://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817?source=rss----7b722bfd1b8d---4
作者介绍在Chrome中使用WebRTC ICE服务器进行对端口扫描的新技术。 http://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474
威胁报告ATT&CK映射器(TRAM)是基于Web的工具,可自动提取对手的行为进行分析,将其映射到ATT&CK。 http://medium.com/mitre-attack/automating-mapping-to-attack-tram-1bb1b44bda76
滥用 SourceMappingURL 实现 Javascript Anti Debugging http://medium.com/@weizmangal/javascript-anti-debugging-some-next-level-sh-t-part-1-abusing-sourcemappingurl-da91ff948e66
一款新的恶意广告样本 macOS Bundlore Loader 分析 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.confiant.com%2Fnew-macos-bundlore-loader-analysis-ca16d19c058c
从LTE服务退回到3G-CSFB详解 http://link.medium.com/3HOw2oexi2
利用 DeviceIoControl 清理 NTFS 的 meta data http://medium.com/@grzegorztworek/cleaning-ntfs-artifacts-with-fsctl-clean-volume-metadata-bd29afef290c?source=friends_link&sk=6ef94fc3bdf764386990c6644905fcbb
入侵XML数据 -使用XPATH注入获得数据访问 http://link.medium.com/WJD9QOxs91
调试Samsung Android内核 第三部分:如何为三星内核启用USB串行调试 http://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-3-a6a7f762fcd6?source=friends_link&sk=635b789114be318db3b28e454b4069d7

medium 推荐

title url
Threat Hunter Playbook+Mordor Datasets+BinderHub=Infrastru... https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4
The Githubification of InfoSec https://medium.com/@johnlatwc/the-githubification-of-infosec-afbdbfaad1d1

论坛 推荐

title url
代码审计zzcms https://xz.aliyun.com/t/7006
国外某cms审计之文件删除漏洞 https://xz.aliyun.com/t/6999
通过AST来手撕Pickle opcode https://xz.aliyun.com/t/7012
Log4j反序列化分析(CVE-2019-17571&CVE-2017-5645) https://xz.aliyun.com/t/7010
挖洞神器之XRAY使用初体验 https://xz.aliyun.com/t/6981
blind-pwn系列总结+创新 https://xz.aliyun.com/t/6984
记针对某单位一次相对完整的渗透测试 https://xz.aliyun.com/t/6979
内网穿透及端口转发大合集 https://xz.aliyun.com/t/6966
PHP代码审计入门篇bluecms https://xz.aliyun.com/t/6946
Android内核漏洞学习——CVE-2014-3153分析(2) https://xz.aliyun.com/t/6948
H1ve--开源攻防训练平台 https://xz.aliyun.com/t/6889
Python中有潜在代码执行风险的函数(一) https://xz.aliyun.com/t/6902
Weblogic-T3-CVE-2019-2890-Analysis https://xz.aliyun.com/t/6904
Python模板注入(SSTI)深入学习 https://xz.aliyun.com/t/6885
Linux逆向之调试&反调试 https://xz.aliyun.com/t/6882
NJUPT CTF 天璇Writeup https://xz.aliyun.com/t/6876
漏洞验证和利用代码编写指南 https://xz.aliyun.com/t/6880
一篇文章带你读懂 HTTP Smuggling 攻击 https://xz.aliyun.com/t/6878

日更新程序

python update_daily.py