Skip to content

Latest commit

 

History

History
1099 lines (1071 loc) · 197 KB

README_2019.md

File metadata and controls

1099 lines (1071 loc) · 197 KB
Raw

数据--所有

数据--年度

2019 信息源与信息类型占比

2019-信息源占比-secwiki

2019-信息源占比-xuanwu

2019-最喜欢语言占比

政策 推荐

title url
中国信息安全从业人员现状调研报告(2018-2019年度) http://www.itsec.gov.cn/zxxw/201909/t20190906_36022.html
关于印发加强工业互联网安全工作的指导意见的通知 http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057729/c7281215/content.html
儿童个人信息网络保护规定 http://www.cac.gov.cn/2019-08/23/c_1124913903.htm
水利部印发水利网络安全管理办法(试行) http://www.cac.gov.cn/2019-08/17/c_1124887757.htm
信息安全技术 移动互联网应用(App)收集个人信息基本规范(草... http://www.cac.gov.cn/2019-08/08/c_1124853418.htm
网络安全漏洞管理规定(征求意见稿) http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c7005976/content.html
个人信息出境安全评估办法(征求意见稿) http://www.cac.gov.cn/2019-06/13/c_1124613618.htm
数据安全管理办法(征求意见稿) http://www.cac.gov.cn/2019-05/28/c_1124546022.htm
关于《网络安全审查办法(征求意见稿)》公开征求意见 http://www.cac.gov.cn/2019-05/24/c_1124532846.htm
互联网个人信息安全保护指南 http://www.beian.gov.cn/portal/topicDetail?id=88
网络安全技术应用试点示范项目公示 http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c6794942/content.html
中央企业负责人经营业绩考核办法 http://www.sasac.gov.cn/n2588035/n2588320/n2588335/c8108632/content.html
中央网信办关于开展App安全认证工作的公告 http://gkml.samr.gov.cn/nsjg/rzjgs/201903/t20190315_292035.html?from=timeline&isappinstalled=0

学习视频 推荐

title url
伯克利课程:深度强化学习 (2019) https://www.bilibili.com/video/av69455099/

微信公众号 推荐

nickname_english weixin_no title url
软件安全智能并行分析实验室 学术报告,S&P2020-Savior:漏洞导向的混合模糊测试技术 https://mp.weixin.qq.com/s/hW8ned6DIRJ7mx1657dVew
白帽子的成长之路 whitehat_day 渗透测试Window平台中 Certutil的使用 https://mp.weixin.qq.com/s/4jZBIRqbQ7UR7BXz2zdZtA
数世咨询 数世咨询:2019年网络安全大事记 https://mp.weixin.qq.com/s/APOEaYrubmWupFRPbbjfkw
安全祖师爷 PowerShell渗透–Empire https://mp.weixin.qq.com/s/giBR-rnpm51cDE4aude2tg
飞虎行业观察 flyingtiger018 RSA和McAfee的2020年安全威胁预测 https://mp.weixin.qq.com/s/gUOO1kDB_wuZ32nKAZjM0g
轩辕实验室 基于卷积神经网络的入侵检测进行检测Dos攻击 https://mp.weixin.qq.com/s/yRQwHVPuYHM67yAo15hPOw
天地和兴 bjtdhxkj 针对ICS的网络攻击20强——谈天说地Part1 https://mp.weixin.qq.com/s/H9f-z3oLDZ-fMrEax3nMaA
qz安全情报分析 lookvul 浅谈OPSEC和C2 https://mp.weixin.qq.com/s/FIz4-xk093jGN3TOECAgqQ
OWASP OWASP_CHINA 2019年度OWASP中国项目总结 https://mp.weixin.qq.com/s/hcdA7R36RsSV40TnIu2fJg
DJ的札记 DJ_notes 下一座圣杯 - 2019 https://mp.weixin.qq.com/s/6Kli-u6LEInoliTVQgdrFQ
腾讯安全智能 TX_Security_AI 基于图挖掘的安全事件分析 https://mp.weixin.qq.com/s/ARfMqrUxiPKmbMcV_yaluw
浅黑科技 qianheikeji CTF:一部黑客心灵史 https://mp.weixin.qq.com/s/wEqBaZmO8FwOyGrcWDNgYQ
国际安全智库 guoji-anquanzhiku “震网”十年谜底终浮水面, 伊朗核计划流产源于内鬼“间谍行动” https://mp.weixin.qq.com/s/ORW8qWCpgQFJh8-bsaIg3w
信息安全与通信保密杂志社 cismag2013 开源软件的网络安全问题 https://mp.weixin.qq.com/s/TCb4kLH6N3JlCnyo6x2L1Q
Hacking就是好玩 对乌云漏洞库payload的整理以及Burp辅助插件 https://mp.weixin.qq.com/s/9RHVsw-HtAfo1UuPAqXZEw
行业研究报告 report88 2018-2019年网络安全行业深度报告 https://mp.weixin.qq.com/s/z-LN2AlMezEmJVekbDndcw
编程技术宇宙 ProgramUniverse 我是一个流氓软件线程 https://mp.weixin.qq.com/s/-ggUa3aWkjjHjr9VwQL9TQ
盘古实验室 PanguLab 从研究者视角看漏洞研究之2010年代 https://mp.weixin.qq.com/s/UBZv0pd7Nr-o-NMxjV53RQ
腾讯御见威胁情报中心 “海莲花”(OceanLotus)组织2019年针对中国大陆的攻击活动汇总 https://mp.weixin.qq.com/s/OA09fndsHfpLVxeo7DnjYg
维他命安全 VitaminSecurity 卡巴斯基2019年Q3垃圾邮件与钓鱼攻击报告 https://mp.weixin.qq.com/s/JE5J6misSPhzCjyKB0MxCA
牵着蜗牛遛弯儿 lau_cyun 浅谈工控CTF中网络数据分析的思路 https://mp.weixin.qq.com/s/bR1t53-YHSKWmFawT5t0Kg
秦萧 记一次应急响应实战 https://mp.weixin.qq.com/s/iIAPsEbHnywvL1l7YXA8sQ
企业安全工作实录 xiaohuangsec 安全运营三部曲之安全生态与安全国际 https://mp.weixin.qq.com/s/Fwk_Q7TE5pyq77_-IEp1mg
Python中文社区 python-china 微软开源可解释机器学习框架 interpret 实践 https://mp.weixin.qq.com/s/adkQr051QFzID4tEtPwjyQ
网信中国 cacweixin 国家互联网信息办公室关于《网络安全威胁信息发布管理办法(征求意见稿)》公开征求意见的通知 https://mp.weixin.qq.com/s/uu3fnM8OzC8JRcIiJkIX8w
最高人民法院 ch_zgrmfy 司法大数据专题报告:网络犯罪特点和趋势 https://mp.weixin.qq.com/s/ZxYS6Dwa2XVOZ8ku-PbKog
安恒信息 DBAPP2013 如何基于沙箱的威胁情报平台上搭建ATT&CK展示界面? https://mp.weixin.qq.com/s/YcQRAkRRo63OnRYWokl0nw
复旦白泽战队 fdwhitzard 白泽带你去参会@CCS19, London, UK丨论文分享(上) https://mp.weixin.qq.com/s/gYqamT3WXiyj79mjBQYRiA
heysec bloodzer007 计算机与网络安全系列书单推荐 https://mp.weixin.qq.com/s/kEH85B2L8hsTKQjaSluTVQ
404 Not F0und 从Black Hat Speaker到国内外研究者:强化学习的安全应用 https://mp.weixin.qq.com/s/YcH2P38_N4aZtGAc2ktkJw
法学学术前沿 frontiers-of-law 前沿, 刘艳红:网络爬虫行为的刑事规制 https://mp.weixin.qq.com/s/O9ue3cZjw5kfVFyFkoaeUg
南方法治报 nffzb1433 广东公安“净网2019”专项行动典型网络违法犯罪案例 https://mp.weixin.qq.com/s/XIAaaZetvfLa5KO-7Q6rlg
开放知识图谱 OpenKG-CN 论文浅尝 , 探索将预训练语言模型用于事件抽取和事件生成 https://mp.weixin.qq.com/s/8G-d3VT_I6ucRVrGm4VO2A
奇门遁甲安全 浅谈新手入门级红蓝对抗系列之——Sysmon攻防 https://mp.weixin.qq.com/s/_RcHF1vXPp1cnzXvGWnGvQ
七夜安全博客 qiye_safe 漫谈威胁建模下的安全通信 https://mp.weixin.qq.com/s/m-ouMuBGX4BhHohV52Kykg
现代服务产业技术创新战略联盟 深度学习实体关系抽取研究综述(上) https://mp.weixin.qq.com/s/_1bWSYIeGpkJyrSfSNhVdw
星维九州 流量加密也不怕!多种姿势检测冰蝎 https://mp.weixin.qq.com/s/ciAQNdL1YJ9B1HX7TMEDzA
情报分析师 qingbaofenxishi 社交网络在开源安全情报中的应用(一) https://mp.weixin.qq.com/s/QTcvAtaSe1jWvGTg9ZcfiQ
AI科技评论 aitechtalk 数据挖掘领头人韩家炜教授:如何从无结构文本到有用的知识? https://mp.weixin.qq.com/s/aKGh9wOdWsleSted_iEmBQ
丁爸 情报分析师的工具箱 dingba2016 【美国情报】图解NSA的48个Ant监控工具 https://mp.weixin.qq.com/s/gpM1Ze2ofLXt5ernZBOudw
腾讯技术工程 Tencent_TEG 机器学习模型可解释性的详尽介绍 https://mp.weixin.qq.com/s/JEIxzuPDrbvSJjpHExaI_w
学术plus caeit-e 美国国防部2019年消费账单出炉,竟频频打脸! https://mp.weixin.qq.com/s/Hk_BfBPz0TGqFNblGb_m5A
深度传送门 deep_deliver RecSys 2019参会总结及推荐精读论文 https://mp.weixin.qq.com/s/NrhIEcY0-76g88-GA01kww
凌天实验室 LT_labs 勒索解密工具整理篇 https://mp.weixin.qq.com/s/T6zSWZ-qMit-8gR4Itmknw
jaxsec Linux For Pentester: socat Privilege Escalation(中英对照) https://mp.weixin.qq.com/s?__biz=MzI5OTYzMjU1OA==&mid=2247483759&idx=1&sn=13cc7388d74532d0c77e2429e5c0ea2e&chksm=ec92d3aedbe55ab8573dad78ea7f0c68c3eae83c1fb585b9ee058f7d4d9b11b062d3566c5b92&mpshare=1&scene=23&srcid=&sharer_sharetime=1571632808853&sha
AD风险实验室 业务安全的资源层攻防时代 https://mp.weixin.qq.com/s/nkf5yRrAw-IA5_ROD6Za4g
川云安全团队 cyunsec Kibana < 6.6.1 代码执行漏洞复现笔记 https://mp.weixin.qq.com/s/3r41HE3bnNHhWOw42uziTQ
穿过丛林 容器云安全防御机制动态评估与优化框架 https://mp.weixin.qq.com/s/-g2MLk7i0QBToxdE-RHjSw
电网头条 sgcctop 刚刚,国家电网公司发布《泛在电力物联网白皮书2019》 https://mp.weixin.qq.com/s/gWLm5KMfkSlhNr0ptmIYwQ
暗影安全实验室 Eversec_Lab 反间谍之旅003 https://mp.weixin.qq.com/s/ZxsyB4ELKdV84eHh6zn1iQ
Viola后花园 Viola_deepblue Signal Sciences 下一代WAF https://mp.weixin.qq.com/s/daH3UatnuUvkFIq9BrZPyg
App个人信息举报 app_grxxjb 专题研究 , 手机设备识别码类型分析 https://mp.weixin.qq.com/s/Ly8XIfKanX3bgeZLe0QyeA
湛卢工作室 xuehao_studio SRC漏洞挖掘实用技巧 https://mp.weixin.qq.com/s/g-vlNmn4uQKUnBKZ7LMJvA
分类乐色桶 [CVE-2019-9535] Iterm2命令执行的不完整复现 https://mp.weixin.qq.com/s/4KcpS4eNGQ8bL6DTM4K0aQ
军鹰资讯 JoinInformation 浅析DARPA的运作机制(内附报告下载链接) https://mp.weixin.qq.com/s/T5EqLfqSCU8JRp6Ez4vdpg
90Sec Team hk90sec 域渗透总结 https://mp.weixin.qq.com/s?__biz=Mzg3NzE5OTA5NQ==&mid=2247483807&idx=1&sn=59be50aa5cc735f055db596269a857ce&chksm=cf27ea07f8506311d1c421e48d17deeebc19d569b037e0eb6c83656fee30fd9d59cc8228e372&token=2130309421&lang=zh_CN#rd
等级保护测评 zgdjbh 江苏网警发布第六批网络安全行政执法典型案例 https://mp.weixin.qq.com/s/zD-jjZLrAWyE4NPjpguRwg
嘶吼专业版 Pro4hou 俄罗斯APT图谱 https://mp.weixin.qq.com/s/kLjX6pMpA-v8Wh2LZK6dJw
信息安全最新论文技术交流 NIST SP800-207:零信任架构草案 https://mp.weixin.qq.com/s/F0tes4QbhQyv14PFokFYuQ
360智库 网络战的战术实践与战略思考 https://mp.weixin.qq.com/s/NcpsTiVKaMj_NTzRydaSag
安全乐观主义 使用方舟编译器检查Fastjson OOM问题 https://mp.weixin.qq.com/s/ornyzKd3uqjgUHEmdHGIJQ
人民公安报 rmgabs 新中国成立70年来公安科技信息化工作回眸 https://mp.weixin.qq.com/s/B64olNuiuu1HQUkdD3u0fg
FreeBuf企业安全 freebuf_ent 全程带阻:记一次授权网络攻防演练 https://mp.weixin.qq.com/s/BJlXOsBtPGVVU2cVs72TqQ
贝塔安全实验室 BetaSecLab 网络空间搜索引擎的魅力 https://mp.weixin.qq.com/s/AdrOhuA0mpjCtdpWjPC1jg
青藤云安全资讯 qingtengyun 一种基于欺骗防御的入侵检测技术研究 https://mp.weixin.qq.com/s/6BEY9qpi0rfk1_T1k1lWmg
新智元 AI_era Nature封面重磅:社交网络影响集体决策,或改变选举结果! https://mp.weixin.qq.com/s/KqyF7epXWRhaT4spGWHXSw
君哥的体历 jungedetili 企业如何构建有效的安全运营体系 https://mp.weixin.qq.com/s/JJkQ8S4qw0RigOoA9Xzhyw
中通安全应急响应中心 ZTO_SRC 中通安全开源项目之越权漏洞自动化检测 https://mp.weixin.qq.com/s/vwF7aTvk-U-SnJqO3f80gA
PaperWeekly paperweekly 百度实体链接比赛后记:行为建模和实体链接(含代码分享) https://mp.weixin.qq.com/s/hIGmW_J5xEvLUXa4hFHzsA
网信军民融合 wxjmrh “战斗民族”俄罗斯网络空间作战研究 https://mp.weixin.qq.com/s/lHTNtsA6Pc-FGGoQoO6AUw
小米安全中心 misrc_team 【技术分享】漏洞扫描技巧篇-Web 漏洞扫描器 https://mp.weixin.qq.com/s/urbFms6AiUb7uu_IGj3LXQ
小强说 xiaoqiangcall 从ATT&CK看威胁情报的发展和应用趋势 https://mp.weixin.qq.com/s/zbAwTDZ5IuRCMkuIDo82Cw
天御攻防实验室 TianyuLab 实战化ATT&CK™:威胁情报 https://mp.weixin.qq.com/s/CzrQoLdpVUHrXGTMrkWHPQ
baronpan 基于 ATT&CK 的 APT 威胁跟踪和狩猎 https://mp.weixin.qq.com/s/nqQmlWcemAGopy898I4cNg
道法术 [法]从SOAR中求解应用安全建设强运营突围之法 https://mp.weixin.qq.com/s/sedpOhSxEGSdaxX8SACIMA
安全喷子 网络安全“圣地”之行 https://mp.weixin.qq.com/s/xxU0R5eVcP_42VVd2DQeXQ
奇安信 CERT WebLogic安全研究报告 https://mp.weixin.qq.com/s/qxkV_7MZVhUYYq5QGcwCtQ
绿盟科技 NSFOCUS-weixin 2019TechWorld技术嘉年华精华大放送【附PPT下载】 https://mp.weixin.qq.com/s/pHYpHw1PuLddW2NJZZzA6A
汉客儿 一次美丽的误会引发对函数调用保护的思考 https://mp.weixin.qq.com/s/wna8pBu1s_jNI8kDeBGEwA
水滴安全实验室 EversecLab 物联网固件漏洞挖掘——经典命令执行漏洞分析复现 https://mp.weixin.qq.com/s/KPw81stOcBthxZHlanS0BA
威胁情报小屋 海莲花攻击手法概述 https://mp.weixin.qq.com/s/IrM60hbB6dWdbWxpFbO1lA
天融信阿尔法实验室 ATT&CK之后门持久化(一) https://mp.weixin.qq.com/s/SavldFETaFea3l7kVX2RyA
SIGAI SIGAICN NLP技术也能帮助程序分析? https://mp.weixin.qq.com/s/b4_OdxgxsK8CCU5b8qCEfw
ChaMd5安全团队 chamd5sec De1CTF 2019-WriteUp https://mp.weixin.qq.com/s/EN8cch8uO8Qnfb_eewbw9w
孟极实验室 mengjiteam 一条命令实现端口复用后门 https://mp.weixin.qq.com/s/HDZUsTbffeGhgwu1FOWQNg
雷神众测 thorsrc webshell中的分离免杀实践-java篇 https://mp.weixin.qq.com/s/RCXrCHJl4w4CTeLk_HPzQA
炼石网络CipherGateway CipherGateway 一篇读懂22种密码应用模式 https://mp.weixin.qq.com/s/07B4noqGHaQ8dHWqC_qSWQ
新兴产业研究中心 CrowdStrike52页深度,快速进化的下一代终端安全平台 https://mp.weixin.qq.com/s/9C94jzfD3M2zPVpQCfDppw
安比实验室 secbitlabs 初识「零知识」与「证明」 https://mp.weixin.qq.com/s/XQL_taBhPkCHGZOBc24MyQ
安全客 anquanbobao Black hat USA 2019 议题预览 https://mp.weixin.qq.com/s/TCKOmHt2MbeMI6MO5zq4HQ
安全回忆录 Sec-Huiyilu Commix命令注入靶场空格过滤的绕过测试 https://mp.weixin.qq.com/s/81gI5nFHSVYR5w648Z2oJQ
中国信息安全 chinainfosec 专题 , AI加持,威胁免疫——工业互联网安全体系建设 https://mp.weixin.qq.com/s/iywreVZ81o_bYKhuCHQl6Q
Docker dockerone 容器日志采集利器:Filebeat深度剖析与实践 https://mp.weixin.qq.com/s/H9ExikY7bd2-YVEqGZmsOA
网络空间安全军民融合创新中心 jmrh1226 病毒武器智能化技术现状与运用趋势 https://mp.weixin.qq.com/s/ojfjlJEdGSIjrR2ptYhPSw
百度安全实验室 BaiduX_lab 聪明人的笨功夫 -- MesaTEE安全形式化验证实践 https://mp.weixin.qq.com/s/X5PyWgQFZ11wLx8gpFtXOg
机器学习研究会 深度学习中的Normalization模型 https://mp.weixin.qq.com/s/D1Qvh-kqcmtp6pkH-CwPmg
时间之外沉浮事 tasnrh ThreatGEN:Red vs. Blue--在游戏中学习网络安全技能 https://mp.weixin.qq.com/s/OoCTXMYALjDQvCEOXvG2ZQ
公安三所网络安全法律研究中心 《新时代的中国国防》白皮书发布,多处涉及网络安全 https://mp.weixin.qq.com/s/d85LGOF-GubW6I7bGZ2Ovw
SDL安全实践 GitHub安全最佳实践 https://mp.weixin.qq.com/s/DRHmwihDwsoZHS8rrlwlHg
国科漏斗社区 Goktech_Security 线下赛AWD训练平台搭建手册 https://mp.weixin.qq.com/s/VPaAYUu_W3MTOmfmgVxUjA
国科军通科技 gkjtkj 揭秘:中国自主可控行业全景图 https://mp.weixin.qq.com/s/7_osWtZV3UZ5KuaoIzt7rA
GartnerInc GartnerChina 自动化在现代安全中的运用 https://mp.weixin.qq.com/s/HMvGOiUIwjMKBNE2j5qIBQ
赵武的自留地 网络安全这点屁事 https://mp.weixin.qq.com/s/kVfyoD_zRnSrQjpL4HfYAQ
绿盟科技研究通讯 nsfocus_research Graph Mining:审视世界的眼睛 https://mp.weixin.qq.com/s/1jutuzIq3xlkFejUFbLFFA
勾陈安全实验室 PolarisLab Knife:一个将有用的小功能加入Burp Suite右键菜单的插件 https://mp.weixin.qq.com/s/Y03VVF3sD9N0_H6TQlxYuQ
SecWiki SecWiki 福利—中国互联网安全领袖峰会门票! https://mp.weixin.qq.com/s/ZFsrfCjtwrBiRaak1mbhsg
SecPulse安全脉搏 SecPulse 网络安全学习方法论之体系的重要性 https://mp.weixin.qq.com/s/yXA4BRbMfJNPQ68_-Nme6g
PolarisLab PolarisLab Hacking WildFly https://mp.weixin.qq.com/s/KQ_17nJBPRcOTn-rPBRKTQ
APT攻击 cncg_team 展望未来的APT发展之路 https://mp.weixin.qq.com/s/1w6-HwD2u9GRP6IMm5xScg
ADLab v_adlab 启明星辰ADLab:智能音箱网络安全与隐私研究报告 https://mp.weixin.qq.com/s/suXWmn_PM6zmm3loYO1Zgw
高效运维 greatops 利用 ELK 搭建 Docker 容器化应用日志中心 https://mp.weixin.qq.com/s/7A4lI1zeE5_BljzbKkInbw
继之宫 威胁剑魔杂谈 https://mp.weixin.qq.com/s/wpBeoTEC7g-wFX-DA61gmA
漏洞战争 vulwar 关于漏洞挖掘的一点想法 https://mp.weixin.qq.com/s/79k5bxGr1ykCpN4lSeiTqw
安全牛 aqniu-wx 国内四大UEBA解决方案 https://mp.weixin.qq.com/s/ftcks4wPVNmKMpODvOcfBQ
安全学术圈 secquan 骗局的艺术:剖析以太坊智能合约中的蜜罐 https://mp.weixin.qq.com/s/zKv3wKEXRT8CgOnVHOXi0Q
nmask nmask-article 当子域名遇上搜索引擎 https://mp.weixin.qq.com/s/yZFdVXPDh2O_qN_S1DsBPw
安全泰式柑汁 ts_sec 2019HW行动防守总结 https://mp.weixin.qq.com/s/q2KdfZ0Wa8rkGT9i6Vjh3g
阿里安全响应中心 alisrc 从零开始java代码审计系列(一) https://mp.weixin.qq.com/s/mEVxuFTr8VHCnxm1K7j4jw
看雪学院 ikanxue 如何实现 Https拦截进行 非常规“抓包” https://mp.weixin.qq.com/s/uPe2HHsNc44YBBUum4jogg
信息化协同创新专委会 CF-ICI 国内外颠覆性技术研究进展跟踪与研究方法总结 https://mp.weixin.qq.com/s/riKGPdyu8ekOy-WuEkyVoQ
Bypass Bypass-- Web日志安全分析技巧 https://mp.weixin.qq.com/s/CtnHy9X7_csTwrG5KJvDjg
红队攻防揭秘 klionsec CobaltStrike+MetaSploit 实战联动 https://mp.weixin.qq.com/s/x0txdB7tMEIg1W4v_ZK7Tg
新浪安全中心 自助安全扫描与代码审计系统架构实践 https://mp.weixin.qq.com/s/3N3eJzTaMwbznL_aofOjnQ
国家电网报 stategridnews 阿根廷全国大停电 https://mp.weixin.qq.com/s/0p_QrSpJuGSc3IaQB2NMMw
专注安管平台 Gartner2019年十大安全项目详解 https://mp.weixin.qq.com/s/dBw_z9oNoTRUQNVTkf1l_w
环球时报 hqsbwx 美国被爆料入侵俄罗斯电网,特朗普怒怼纽约时报叛国 https://mp.weixin.qq.com/s/kfnlzwHbfNHgVXEiX2-1sg
网络法前哨 cyberlawing 公安部|通报净网2019专项行动典型案例 https://mp.weixin.qq.com/s/P21rRO_tFo9ZDCrbDdIHGA
现代军事 xiandaijunshi 解读德国情报工作建设 https://mp.weixin.qq.com/s/dW-k_LlWZt04pakFuvfX8A
腾讯科恩实验室 KeenSecurityLab 《2018年Android应用安全白皮书》重磅发布:超98%Android应用存有安全风险 https://mp.weixin.qq.com/s/sb2hndSGn_IpMWmSGC4rPg
美团安全应急响应中心 安全架构评审实战 https://mp.weixin.qq.com/s/YQn1FQICk1esxvBCHZntFA
网络与信息安全学报 cjnis2015 网络空间安全学科简论 https://mp.weixin.qq.com/s/mQYaX-WGDZIIW26koGxTzQ
网安网事 网安独角兽CrowdStrike IPO分析(一) https://mp.weixin.qq.com/s/YHmQDUZze_qbmebaRlTKGg
安全小飞侠 AvFisher 企业安全建设的体系思考与落地实践 https://mp.weixin.qq.com/s/rmd8CvQKRMQWFR1o3t7I8w
学蚁致用 sudo_i Defcon China 1.0 胸卡破解笔记 https://mp.weixin.qq.com/s/j4Dqhko9nnxeuDkLZKftDA
仙人掌情报站 sec-cactus [搬砖手册]基于Packetbeat探索搭建轻量级网络流量监测系统 https://mp.weixin.qq.com/s/Tx9nHxvp9ezd0hf1PZcmiQ
信安之路 xazlsec DataCon 的 DNS 恶意流量检查一题回顾 https://mp.weixin.qq.com/s/M-J4FhGA5zg1WZCA9-Houg
安天 Antiylab 安天发布“方程式组织”攻击中东SWIFT服务商事件复盘分析报告 https://mp.weixin.qq.com/s/3ZQhn32NB6p-LwndB2o2zQ
奇安信威胁情报中心 银钩:针对国内网银用户的钓鱼的攻击活动 https://mp.weixin.qq.com/s/QINNIBQDY2bvLi795LsOoA
HLB虎狼帮 hlbhulangbang ESET分析了Turla APT对武器化PowerShell的使用 https://mp.weixin.qq.com/s/tNI54MlsN9bFKnm9kL6G-Q
FreeBuf freebuf 基于EVE-NG平台上构建企业内网攻防环境 https://mp.weixin.qq.com/s/vBYxrmnBoM-Abl_y1v4DtA
绿盟科技行业BG第一业务本部 军工行业工控安全防护思路 https://mp.weixin.qq.com/s/AVRYyob-bQdRRQ8i15SK3w
奇安信集团 qianxin-keji 一次攻防实战演习复盘总结 https://mp.weixin.qq.com/s/sfUQnFBlkRKf4uRDIVkG5Q
苹果资本 Applefunds 网络安全行业不会一家独大 https://mp.weixin.qq.com/s/pyJYZZqrdiVjjtCdRaxkOw
阿里技术 ali_tech 异常检测的N种方法,阿里工程师都盘出来了 https://mp.weixin.qq.com/s/w7SbAHxZsmHqFtTG8ZAXNg
永安在线情报平台 YongAnOnline 如何利用开源风控系统(星云)防止撞库? https://mp.weixin.qq.com/s/r7EY1zcydTmaaEY91H1m5A
有无科技法 youwulaw 重磅!最新!网络存证未获取法院支持判决书全文!, 网络存证 https://mp.weixin.qq.com/s/dqXA8KT_zFJWEx39RGd9Qg
中关村杂志 zgcmagazine “网安卫士”刘文懋 https://mp.weixin.qq.com/s/GryQEbF3wxAmT7e-76X-mw
这里是河马 https://mp.weixin.qq.com/s/FupNkLOOWAabvnC3Yob_uw
数字经济与社会 gh_feb1819ed27c 布拉格5G安全大会 “布拉格提案” https://mp.weixin.qq.com/s/sktQAoNeE-3na9lBPm9nzg
安全树洞 treeholeofsec 关于请教问题、一些圈子以及简历 https://mp.weixin.qq.com/s?__biz=MzU2NzkwNTQxNg==&mid=2247483719&idx=1&sn=1f68582237b3ece6f07bdf3be60fc1ec&chksm=fc975ca0cbe0d5b65824d2ec0bf2b11a2d26d69f6935371c73114db689fc3a56a13eeb6eeefb&token=1697253642&lang=zh_CN#rd
国际安全简报 securitybrief 赛门铁克公司加入美国防部的网络威胁情报共享项目 https://mp.weixin.qq.com/s/tHjveTuc1bi0TxmJKwMoGw
DappReview dappreview 2600万TRX被盗背后的罗生门 https://mp.weixin.qq.com/s/aInEaYdS9X7HP7FbzWl6AQ?from=timeline
逢人斗智斗勇 xiaopigfly 深入浅出略谈威胁情报 https://mp.weixin.qq.com/s/qv3pYEzi08DMydqUj1dSRw
终结诈骗 antifraud2 东南亚30万骗子,正在毁掉中国三代人! https://mp.weixin.qq.com/s/eDq-QpEHjZieX-pjmDQFCg
TideSec安全团队 TideSec 渗透测试中信息收集的那些事 https://mp.weixin.qq.com/s/EpDS21jQfckcM0C9mRk73w
CAICT5G创新研究中心 https://mp.weixin.qq.com/s/wL15_qP9iYae4J70XyncXw
象帕大人 shanpasama RD-10射频探测器-隐藏摄像头侦查器中文手册 https://mp.weixin.qq.com/s?__biz=MzAwODExNzk4Mw==&mid=2652259275&idx=1&sn=e4555ac45d605bb012279cc89d67e6ee&chksm=8091287bb7e6a16d330a6241a54c0be4db1fee32b0b3a2a3b0dd153de4814b64a6591fde7511&mpshare=1&scene=1&srcid=&key=8e787c7b9fab69d8f8b1b578e72312c
自主可控新鲜事 ZZKK-IT https://mp.weixin.qq.com/s/1AMEdl_YMXt0jjHl5RYP3A
科奖在线 kejijiangli 牛!清华吴子牛教授浅谈论文写作,赶紧收藏! https://mp.weixin.qq.com/s/6vLwQ7PMwn0X2zzJlnhjaA
浙大学报英文版 zdxbywb 研究生第一篇学术论文常犯问题总结 https://mp.weixin.qq.com/s/4ue0JlvJNbSTjzUM9NDejA
情报杂志 gh_a41bd02b1a24 美国高端智库的政策专家储备及其人才吸引机制研究———以兰德公司为例 https://mp.weixin.qq.com/s/0N8vOoO2B6a79XGG5I-j0w
人工智能头条 AI_Thinker 什么是语义角色标注? https://mp.weixin.qq.com/s/PVzVNI7jMzHPcUbL7UaCIQ
银河安全实验室 Galaxy-Lab https://mp.weixin.qq.com/s/RPLGCwb6do2LbIodFGoGBQ
秘猿科技Cryptape Cryptape 隐私币应用全景观察 https://mp.weixin.qq.com/s/bhWaKtVTqOLlJ1lj362rNA
深度学习自然语言处理 zenRRan 刘知远:NLP研究入门之道(一) https://mp.weixin.qq.com/s/PVoQI85YkDSzlA46FRU1OQ
待字闺中 daiziguizhongren 理清弄透:加密&解密、签名&验签 https://mp.weixin.qq.com/s/aw5V95kelBslFv-ScxUVMw
信口杂谈 gh_a0d1f3cbaefe 乱弹网络空间X检索 https://mp.weixin.qq.com/s/OvTHpWXCwCH-k0jf8cQBTg
中国保密协会科学技术分会 gh_be4f21d557c0 企业海外机构信息安全保密风险分析及对策建议 https://mp.weixin.qq.com/s/jJyq7bYuq1xxGXpfnmKP3g
我的安全视界观 CANI_Security 【SDL最初实践】安全需求 https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247484307&idx=1&sn=3758ef809f9a456d7ed83a2954487f5b&chksm=eb6c21ebdc1ba8fd8888ccf93043b0abc5107b0a96671419bbc8b3795260feded5292248338e&token=748595180&lang=zh_CN#rd
梅子酒的书札 a960596293_book 西湖论剑2019 WriteUp https://mp.weixin.qq.com/s/rlSyABoulRKygPmwfcUuXA
国防科技要闻 CDSTIC https://mp.weixin.qq.com/s/LXR853Z4E5peVYq89tXKZA
京东科技集团研究院 jdkjjtyjy 编译 , Palantir中标美国军方8亿美元人工智能系统研发采购计划 https://mp.weixin.qq.com/s/2afk7pLqgzpUnXgmQgMNEw
集智俱乐部 swarma_org 使用深度神经网络对 Twitter进行威胁检测 , 网络科学论文速递16篇 https://mp.weixin.qq.com/s/vsCAE-6e0jpX8wPw6Sd9eA
格友 gh_b6fbc09b1f54 在调试器里看QQLive捉迷藏 https://mp.weixin.qq.com/s/3Ft6205f8kUoCuGzB-hPtg
半佛仙人 banfoSB 屠夫遇上路霸丨揭秘高利贷与黑产的血色战争 https://mp.weixin.qq.com/s/AK6_wP_JtMW5DxzRyWaXXg
360威胁情报中心 CoreSec360 APT战争中脚本攻击的兵法之道 https://mp.weixin.qq.com/s/r-jAWFjtOxgd-JyVStFvsg
网络安全观 SecurityInsights Google 基础架构安全设计概述 https://mp.weixin.qq.com/s/MOJCYDN-W9KObOZpc6kx1g
枫林晚安全 galesec Druid拦截功能的配置与简单绕过 https://mp.weixin.qq.com/s/lGalf63VXCva2I5BpmSMgQ
阿里云开发者 aliyun_developer 异常检测的N种方法,阿里工程师都盘出来了 https://mp.weixin.qq.com/s/kv-ZrOF4nnxXoQwFOodzjA
爱奇艺安全应急响应中心 iqiyi_71src 堡垒机:爱奇艺海量服务器安全运维平台的建设 https://mp.weixin.qq.com/s/TGswXl9cuwlRmaVsZs46hA
数据智能英文刊 gh_aaa0c1cb93ec 基于对抗生成式模仿学习的实体和事件的联合抽取 https://mp.weixin.qq.com/s/z6Gfdp6ly0WdKjbrvhCACw
数字观星 shuziguanxing 春分 , 宜驱退灰暗威胁,忌大意无动于衷 https://mp.weixin.qq.com/s/ehO5UWBlGuLmFCSPef_oyw
中科院信息科技战略情报 xxkjzlqb 美公布2020财年预算 国防部96亿美元资助网络活动 https://mp.weixin.qq.com/s/FHPhXYTeDlkAZ42N7-XVaQ
51CTO技术栈 blog51cto 让Elasticsearch飞起来!百亿级实时查询优化实战 https://mp.weixin.qq.com/s/UV6NoI6-Y3Zh4BR-m5jP8w
Alfred数据室 Alfred_Lab 用大数据扒一扒蔡徐坤的真假流量粉 , Alfred数据室 https://mp.weixin.qq.com/s/j1kgf2RR7jssbWa7uWC-uA
腾讯安全应急响应中心 tsrc_team AI繁荣下的隐忧——Google Tensorflow安全风险剖析 https://mp.weixin.qq.com/s/rjcOK3A83oKHkpNgbm9Lbg
网安一起行_上海网警 shanghaiwangjing 一图看懂网络安全执法检查 https://mp.weixin.qq.com/s/gAS2cFaWMUdY0s6sT6ZtHw
数据安全与取证 Cflab_net 果断收藏!电子取证最全清单 https://mp.weixin.qq.com/s/ES83wSU-WBrUONGjCN6jYw
安在 AnZer_SH 新锐 , 盛华安张颖:左手SIEM右手服装设计的美女博士 https://mp.weixin.qq.com/s/LOrxA4EUB9xecvelTeBQKg
Ms08067安全实验室 Ms08067_com 步步为营之游走于内网 https://mp.weixin.qq.com/s/xGYfxdp_TQmXiuWvC1sN-g
谛听ditecting gh_ce3e0df31e50 2018年工业控制网络安全态势白皮书(上篇) https://mp.weixin.qq.com/s/w7aC7HzicQb4Hritde6b8g
美团技术团队 meituantech https://mp.weixin.qq.com/s/inKDcHLaP4M2ZbpxACORXw
数说安全 SSAQ2016 https://mp.weixin.qq.com/s/15w_RUG2PRiK6B1y7G16Jg
云影实验室 Yunying_Lab https://mp.weixin.qq.com/s/CMt7NX0sVJip7A8CZq8k-A
迷样人生 iot-sec C端安全产品的未来之路 https://mp.weixin.qq.com/s/Sp15EkyNKBZvOZHrJ7zJ2w
数字治理全球洞察 cyberlaw2015 喜讯,北京师范大学被列为“联合国网络犯罪问题政府间专家组”观察员 https://mp.weixin.qq.com/s/Ra1rcTl7K-Dtug9tNUwLPA
ArkTeam gh_16875f8ce964 Onion之眼:暗网的隐私与追踪 https://mp.weixin.qq.com/s/JyGaOV-wBVYCF6gKhYswWw
数据派THU DatapiTHU 清华张敏教授:个性化推荐研究进展(可解释性、鲁棒性和公平性) https://mp.weixin.qq.com/s/zIvsOB6G4YOnWq669VCqyg
全知科技 QUANZHI-TECH 从生产安全体系视角看数据安全 https://mp.weixin.qq.com/s/OS4iCYjqG7fW2ti9NN9f2w
Tide安全团队 TideSec Tide(潮汐)网络空间探测平台上线了~ https://mp.weixin.qq.com/s/mSikxVFvrsGnl6Eflbx1GQ
战略前沿技术 Tech999 【一网打尽】“DARPA”专题 https://mp.weixin.qq.com/s/bRIA5OFEUZNrapubD9ORYQ
鲸犀 whalerhino 如何利用开源威胁信息分析APT团伙 https://mp.weixin.qq.com/s/HZJQD0jHj2ACkgtvGmtyPw
网安寻路人 DataProtection101 详解GDPR向Google亮剑缘由(DPO社群成员观点) https://mp.weixin.qq.com/s/5sGSSpkrJhgvttKxP-udJA
王小明的事 Struggle_of_a_noob 使用Aggressor脚本雕饰Cobalt Strike https://mp.weixin.qq.com/s/CEI1XYkq2PZmYsP0DRU7jg
瀚思科技 HanSight 用于异常检测的几种图划分算法【瀚思安全知识小课堂】 https://mp.weixin.qq.com/s/9CQn4qFd88MRU56xBvY_Pw
国家互联网应急中心CNCERT CNCERTCC 2018年活跃DDoS攻击团伙分析报告 https://mp.weixin.qq.com/s/5F9CauALuwvAys5mwPHwdQ
京东安全应急响应中心 jsrc_team 安全小课堂第128期【甲方威胁情报生存指南】 https://mp.weixin.qq.com/s/Rdw7_z4jn3Z1AWp-S2B2Vg
云众可信 yunzhongkexin https://mp.weixin.qq.com/s/6Bt6-MwK0RtvRdtbMHrCuQ
InfoQ infoqchina 基于Flink的超大规模在线实时反欺诈系统的建设与实践 https://mp.weixin.qq.com/s/5opaOA9Rqk-3Sb-9bBRPJQ
百度安全应急响应中心 baidu_sec 企业级自动化代码安全扫描实战 https://mp.weixin.qq.com/s/T6EYwGpEQr64OGXGj2R5eA
有些鸟 youxieniao Presentation Skill: 从学术到商业 https://mp.weixin.qq.com/s/Frge3EX8sEdOEuygHEJNkg
58安全应急响应中心 wubasrc 关于风控预警体系的搭建方案 https://mp.weixin.qq.com/s/2r61XB_Po4s3ihkLy46xbA
透雾 wxWinder APT调研掌握APT攻击活动动态 https://mp.weixin.qq.com/s/cG19BtE7V62CsoJsGbv72g
补天平台 Patchingthesky 巧用命令注入的N种方式 https://mp.weixin.qq.com/s/Hm6TiLHiAygrJr-MGRq9Mw
腾讯安全威胁情报中心 gh_05a6c5ec3f78 疑似污水(MuddyWater)APT组织针对白俄罗斯国防部、外交部等机构的定向攻击活动分析 https://mp.weixin.qq.com/s/qzTGQMvV-IaAlP_IwCHnLg
网络安全应急技术国家工程实验室 NELCERT 全国联网打印机安全态势研究报告 https://mp.weixin.qq.com/s/LXJR3s6GpkgWZNNGyhuYMQ
秦安战略 qinan1128 揭秘美军“网络航母” https://mp.weixin.qq.com/s/jVhPDVOLOvX5EXHeR9iI3A
秘迹同学 mijitongxue 个人隐私保护大时代:至暗时刻将逝,一丝曙光在即 https://mp.weixin.qq.com/s/Gzz7AtZgH0JuNa7U_9yb4w
猎户攻防实验室 TassLiehu 浅析Java序列化和反序列化 https://mp.weixin.qq.com/s/8lkpqHJ_CrRizPDZ38svTg
方行企业管理 fangxingapp 龙国东:从攻城狮到CEO的逆袭之路 https://mp.weixin.qq.com/s/Cbdqfsnh3TJ1RrkbN1RTjA
平安集团安全应急响应中心 PSRC_Team https://mp.weixin.qq.com/s/pthuQFY9sQjxJOOQf91Weg
宜信安全应急响应中心 CreditEaseSec 【须弥SUMERU】宜信分布式安全服务编排实践 https://mp.weixin.qq.com/s/6CT1WX3q3WzT1ewxiFQnnA
安全张之家 zhang_informationSEC 【最新统计】2005-2017年国内科研单位在国际安全顶级会议中发表文章量统计 https://mp.weixin.qq.com/s/kd4S6hCE_GPpPGbp1aD5Jw
安全博物馆 security_museum ISO/IEC 27000 系列 https://mp.weixin.qq.com/s/F9oIpYvHB3FdAyjRSdUgRA
奇安信安全监测与响应中心 QAX-CERT [上篇]从补丁diff到EXP--CVE-2018-8453漏洞分析与利用 https://mp.weixin.qq.com/s/ogKCo-Jp8vc7otXyu6fTig
代码卫士 codesafe 开源软件源代码安全缺陷分析报告——物联网软件专题 https://mp.weixin.qq.com/s/HFeOolCoyKz91sK1QdMg4w
Go中国 golangchina https://mp.weixin.qq.com/s/YbaM-_vs_D2BS1lV6Z-u4g
黑鸟 blackorbird 爆破流DDOS团伙ChinaZ的流程记录 https://mp.weixin.qq.com/s/enSFtxUSYqovYuMX0X8nQg
软件工程研究与实践 SE-China 基于机器学习的 C 程序内存泄漏智能化检测方法 https://mp.weixin.qq.com/s/ZHd6wWqnHB1rjKL2SCUqWw
网安国际 inforsec LEMNA: 深度学习在网络安全应用中的可解释性 https://mp.weixin.qq.com/s/t0e49MiSGY2lam8y9B-FIg
网信防务 CyberDefense https://mp.weixin.qq.com/s/BB9abB5j3IuAH8Rj4lPyvQ
知识工场 fudankw 研究综述 , 事件抽取及推理 (下) https://mp.weixin.qq.com/s/xR_JFczYbxY0xuy7BYDc7g
深圳网信安协会服务中心 SNISA-001 2018国内网络安全赛事排名 https://mp.weixin.qq.com/s/OAqfstNEu0ns4l3aKJQ9oA
梦之光芒的电子梦 monyer_mp 黑客是场电子梦 https://mp.weixin.qq.com/s/Hraig48huSQ93ZMf448Htw
斗象智能安全 Riskivy Apache Spark RPC协议中的反序列化漏洞分析 , 网藤能力中心(十六期) https://mp.weixin.qq.com/s/tIG5PZHkMOh62mcIauxShQ
图灵人工智能 TuringAI01 发文最多的机构与作者是谁?2018 ML和NLP学术会议统计 https://mp.weixin.qq.com/s/6bVxjkjnKJR3ixsUGY7_4Q
全频带阻塞干扰 RFJamming 跨国定位手机の奥义 https://mp.weixin.qq.com/s/K-zFVBaSw6yThuoLdUTjdg
二当家的12138 gh_e826f23d42e9 NDSS 2019 议题抢先 (一) https://mp.weixin.qq.com/s/0VX4FAPhmCjqs1OYj4lOIw
中新社广东发布 CNS-gd 用视频揭开骗局,让诈骗无所遁形!广东省反诈短视频创作大赛正式启动 https://mp.weixin.qq.com/s/Kf0VzANEmBBWQkFu23dQRA
三六零CERT CERT-360 尝试进行RPC漏洞挖掘 https://mp.weixin.qq.com/s/RLNyzImYsgRWkGlp0AXcVg

组织github账号 推荐

github_id title url org_url org_profile org_geo org_repositories org_people org_projects repo_lang repo_star repo_forks
microsoft AttackSurfaceAnalyzer - 微软开源了一个用于分析软件对系统攻击面影响的工具,Diff 软件安装前后对系统安全配置的影响 https://github.com/microsoft/AttackSurfaceAnalyzer https://opensource.microsoft.com Open source, from Microsoft with love Redmond, WA 2457 4265 0 Jupyter,TypeScript,CMake,C#,JavaScript,C++,Python,Objective-C,HTML,Rich,Go,Java,PowerShell,CSS 76100 10400
Microsoft ChakraCore 的 3 月补丁发布 chakra-core/ChakraCore#6016 https://opensource.microsoft.com Open source, from Microsoft with love Redmond, WA 2297 4314 0 C,TypeScript,CMake,C#,JavaScript,C++,PowerShell,Python,Objective-C,HTML,F#,Java,Jupyter 71200 9500
paypal yurita: Anomaly detection framework @ PayPal https://github.com/paypal/yurita http://developer.paypal.com/ San Jose, CA 181 32 0 Shell,Java,Clojure,Scala,C#,JavaScript,Python,Objective-C,Go,PHP,Ruby 1800 938
tianocore Intel(r) Boot Guard 用于缓解 CVE-2019-11098 TOCTOU 漏洞的代码实现 https://github.com/tianocore/edk2-staging/tree/BootGuardTocTouVulnerabilityMitigation http://www.tianocore.org http://www.tianocore.org 0 0 0 Python,C,HTML,Batchfile,C++ 1200 796
angr Phuzzer - 用于与 AFL Fuzzer 交互的 Python Wrapper 工具 https://github.com/angr/phuzzer http://angr.horse Next-generation binary analysis framework! http://angr.horse 30 16 0 C,Shell,Python,C++,HTML,POV-Ray 3500 600
mwrlabs SharpGPOAbuse - MWR Labs 开发的基于 C# 的工具,用于滥用 GPO 编辑权限攻击该 GPO 控制的对象 https://github.com/mwrlabs/SharpGPOAbuse http://labs.mwrinfosecurity.com/ Basingstoke, Johannesburg, London, Manchester, Singapore, New York 43 0 0 C,Java,Python,JavaScript,C++,C#,Objective-C,Assembly,Ruby,PowerShell,CSS 1700 501
pywinauto pywinauto - Python 实现的 Windows 平台 GUI 自动化测试工具,可以向 UI 组件发送鼠标和键盘事件 https://github.com/pywinauto/pywinauto http://pywinauto.github.io/ Windows GUI Automation with Python http://pywinauto.github.io/ 0 0 0 Python,CSS,C++ 1600 337
REhints 从 UEFI 固件攻击硬件可信任架构(HROT) ,来自 offensive 2019 大会 https://github.com/REhints/Publications/blob/master/Conferences/Bypassing%20Hardware%20Root%20of%20Trust/offcon2019_final.pdf http://REhints.com http://REhints.com 10 2 0 Python,C,Assembly,CSS,C++ 1200 249
nowsecure NowSecure 开源的一款用于剖析 iOS/macOS Apple AirDrop 协议的工具,基于 Frida 实现 https://github.com/nowsecure/airspy https://www.nowsecure.com We secure Mobile Devices, Enterprises, & Mobile Apps https://www.nowsecure.com 0 0 0 C,TypeScript,Java,Python,JavaScript,SaltStack,CSS 435 99
nccgroup Blackbox protobuf - NCC Group 开源的用于解码和编辑 Protobuf 数据包的 Burp Suite 扩展 https://github.com/nccgroup/blackboxprotobuf https://www.nccgroup.trust Please report all security issues to security at nccgroup dot com Global 180 15 0 C,Shell,Java,Python,JavaScript,TypeScript,C#,HTML,Elixir,Go,Rust 692 63
CTFTraining CTFTraining: CTF Training 经典赛题复现环境 https://github.com/CTFTraining/CTFTraining https://CTFTraining.github.io A platform to provide challenge for CTFer China 50 1 1 TypeScript,Python,JavaScript,Perl,Shell,HTML,PHP,Dockerfile,CSS 137 27
ipasimulator ipasim - Windows 平台的一款 iOS 模拟器 https://github.com/ipasimulator/ipasim None iOS emulator for Windows None 0 0 0 C,LLVM,Objective-C++,C++ 104 16
OpenCTI-Platform Open Cyber Threat Intelligence Platform https://github.com/OpenCTI-Platform/opencti https://www.opencti.io Open Cyber Threat Intelligence Platform, supported by @ANSSI-FR, @certeu and @LuatixHQ. France 0 0 0 Python,JavaScript,HTML 47 7
mozilla Pwn2Own 2019 中 Firefox RCE 漏洞的补丁信息(CVE-2019-9813):https://github.com/mozilla/gecko-dev/commit/601d226fe3690ff57287580431fd9a937298be80 https://github.com/mozilla/gecko-dev/commit/752be3958fc6f6eb83eaa4a35fae1a99dc54746e https://wiki.mozilla.org/Github This technology could fall into the right hands. Mountain View, California 1976 284 30 TypeScript,Jupyter,FreeMarker,Python,JavaScript,C++,Nix,HTML,CSS,Elixir,PHP,Ruby,Rust 0 0
google go-containerregistry - Google 开源了一个 Go 语言版本的 Docker Registry 交互工具 https://github.com/google/go-containerregistry https://opensource.google.com/ Google ❤️ Open Source https://opensource.google.com/ 1460 2510 0 C,TypeScript,Java,HTML,Python,JavaScript,C++,Dart,Haskell,Go,PHP,CSS 0 0
intel ModernFW - Intel 开源的一个实现性项目,旨在为云主机服务器提供一个最小可用的平台固件 https://github.com/intel/ModernFW mailto:webmaster@linux.intel.com webmaster@linux.intel.com 616 23 0 C,Shell,Java,Python,JavaScript,C++,TypeScript,Go,Rust 0 0
rapid7 Metasploit 框架新增了一个 LibreOffice CVE-2018-16858 漏洞的利用代码,该漏洞通过 Document 事件触发脚本代码执行 https://github.com/rapid7/metasploit-framework/commit/22085113ad67c0716b7b0aa6adfdaf9f7c8b48f0 http://www.rapid7.com/ Boston, MA 232 0 0 C,Shell,Java,Python,JavaScript,HTML,Go,Ruby 0 0
facebook 通过同态散列算法安全地发布更新 - https://code.fb.com/security/homomorphic-hashing/ https://github.com/facebook/folly/blob/master/folly/experimental/crypto/LtHash.cpp https://opensource.fb.com We are working to build community through open source technology. NB: members must have two-factor auth. Menlo Park, California 161 187 0 C,TypeScript,Java,Python,JavaScript,OCaml,C++,Objective-C,Swift 0 0
OWASP QRLJacking - 扫描恶意二维码劫持用户登录回话的社工技术分享 https://github.com/OWASP/QRLJacking/tree/master/QRLJacker http://www.owasp.org The OWASP Foundation http://www.owasp.org 145 26 0 C,Shell,Java,Python,Dockerfile,JavaScript,Perl,HTML,Go,Ruby,CSS 0 0
monzo response: Monzos real-time incident response and reporting tool https://github.com/monzo/response https://monzo.com/ We’re building the best bank on the planet. London, UK 110 31 0 Python,Ruby,JavaScript,C++,Objective-C,Swift,Go,Dockerfile 0 0
redhawksdr Redhawk - 软件定义无线电(SDR)的开发框架: https://github.com/redhawksdr http://redhawksdr.github.io http://redhawksdr.github.io 85 2 0 Python,HTML,Java,JavaScript,C++ 0 0
zeromq ZeroMQ libzmq 远程代码执行漏洞与利用: zeromq/libzmq#3351 http://www.zeromq.org/ http://www.zeromq.org/ 79 50 0 C,Shell,Java,C#,JavaScript,C++,Perl,Python,Go,Erlang 0 0
MicrosoftEdge JsDbg: Debugging extensions for Microsoft Edge and Chromium-based browsers https://github.com/MicrosoftEdge/JsDbg None Microsoft Edge open source projects - demos, tools, data None 66 258 0 C#,JavaScript,C++,Python,HTML,PowerShell,CSS 0 0
RUB-NDS TLS-Attacker-BurpExtension - 检测 TLS 安全的BurpSuite 插件 https://github.com/RUB-NDS/TLS-Attacker-BurpExtension https://www.nds.ruhr-uni-bochum.de/ Research and development at the Chair for Network and Data Security concentrates on cryptographic protocols, Internet and XML security. Ruhr University Bochum 57 7 0 Python,CoffeeScript,PHP,Java,C++ 0 0
quarkslab Quarkslab 公开了很多他们团队近几年在安全会议上做过的演讲的资料 https://github.com/quarkslab/conf-presentations http://www.quarkslab.com http://www.quarkslab.com 46 2 0 Python,Shell,TeX,JavaScript,C++ 0 0
fireeye FireEye 开源 Windows 事件追踪辅助工具 - SilkETW https://github.com/fireeye/SilkETW http://blog.fireeye.com Milpitas, CA 44 1 0 C,Vue,Python,C++,C#,Visual,Go,PowerShell,CSS 0 0
qunarcorp qtalk: Startalk 是一款高性能的企业级im套件 https://github.com/qunarcorp/qtalk http://open.qunar.com/ Qunar.com open source projects Beijing, China 42 0 0 Groovy,C,Java,Python,JavaScript,C++,Lua,Objective-C,Erlang,Ruby 0 0
AzureAD Microsoft Authentication Library (MSAL) - AzureAD 团队开源的用于 Azure Active Directory 认证的 Python 库 https://github.com/AzureAD/microsoft-authentication-library-for-python http://azure.microsoft.com/en-us/services/active-directory/ Redmond, WA 37 82 0 C,TypeScript,Java,C#,JavaScript,Python,Objective-C,HTML,PHP,Ruby,PowerShell 0 0
Cisco-Talos Talos 团队开源了一批用于 Fuzz ClamAV 杀软的种子文件 https://github.com/Cisco-Talos/clamav-fuzz-corpus http://www.talosintelligence.com The official Organizational account of the Talos Group at Cisco http://www.talosintelligence.com 36 0 0 C,Shell,Python,JavaScript,C++,Lua,HTML,PHP 0 0
sslab-gatech 文件系统Fuzz工具,相关工作已发表在Oakland19 https://github.com/sslab-gatech/janus https://gts3.org https://gts3.org School of Computer Science, Georgia Tech 35 0 0 C,Filebench,Python,Makefile,C++,HTML,Smali 0 0
appsecco using-docker-kubernetes-for-automating-appsec-and-osint-workflows https://github.com/appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows http://appsecco.com PRAGMATIC SECURITY ADVICE. PRACTICAL HELP. KEEPING YOU SAFE. London, Bangalore, Boston 32 5 0 Shell,Python,JavaScript,Visual,HTML,ActionScript,PHP,CSS 0 0
fox-it adconnectdump - 从 Azure AD Connect 服务器中导出凭证的工具 https://github.com/fox-it/adconnectdump https://www.fox-it.com/ https://www.fox-it.com/ 31 1 0 C,Shell,Python,Bro,HTML,Ruby,PowerShell 0 0
CheckPointSW Karta - source code assisted fast binary matching plugin for IDA https://github.com/CheckPointSW/Karta http://www.checkpoint.com Worlds leading provider of cyber security solutions to governments and corporate enterprises. Visit our CloudGuard Dome9 account at https://github.com/Dome9 http://www.checkpoint.com 27 2 0 C,TypeScript,Java,Python,JavaScript,C++,C#,HTML,Shell,ActionScript,CSS 0 0
tenable router_badusb: BadUSB in Routers https://github.com/tenable/router_badusb http://www.tenable.com/ Columbia, MD 26 4 0 C,Shell,Java,Python,C++,Vim,CoffeeScript,HTML,Emacs,Ruby,PowerShell 0 0
comaeio OPCDE 2019 会议的资料公开了 https://github.com/comaeio/OPCDE/blob/master/README.md http://www.comae.io Dubai, UAE 24 0 0 C,Java,JavaScript,C++,Nginx,Smarty,PowerShell 0 0
airbus-seclab 静态二进制代码分析工具 BinCAT 1.1 发布,支持 AMD64: https://github.com/airbus-seclab/bincat/releases/tag/v1.1 https://airbus-seclab.github.io/ https://airbus-seclab.github.io/ 23 5 0 C,Python,OCaml,C++,Ruby,PowerShell 0 0
HexHive SMoTherSpectre PoC https://github.com/HexHive/SMoTherSpectre http://hexhive.github.io Enforcing memory safety guarantees and type safety guarantees at the compiler and runtime level http://hexhive.github.io 22 2 0 Python,C,HTML,Brainfuck,C++ 0 0
chaitin xray:HTTP 代理进行被动扫描 https://github.com/chaitin/xray http://chaitin.com 长亭科技 Beijing 17 8 0 TypeScript,Python,JavaScript,C++,Lua,HTML,Go 0 0
nao-sec tknk_scanner:Community-based integrated malware identification system https://github.com/nao-sec/tknk_scanner https://nao-sec.org Cyber Security Research Team https://nao-sec.org 16 1 0 Python,C#,PHP,Dockerfile,Vue 0 0
outflanknl 通过 DCOM 远程执行 Excel 4.0/XLM 宏实现横向渗透的利用脚本 https://github.com/outflanknl/Excel4-DCOM http://www.outflank.nl Clear advice with a hacker mindset. Red Teaming - Digital Attack Simulation - Incident Detection and Response Amsterdam, Netherlands, EU 15 1 0 C,Shell,C#,C++,Python,Visual,PowerShell,CSS 0 0
Coalfire-Research DeathMetal - 针对 Intel AMT 的攻击工具集 https://github.com/Coalfire-Research/DeathMetal http://www.coalfirelabs.com Advancing the state of the Infosec industry by providing cutting-edge research, open-source tools and tradecraft http://www.coalfirelabs.com 14 0 0 C,Python,JavaScript,Lua,PowerShell,HCL 0 0
googleprojectzero WinAFL 增加了基础 Intel PT 跟踪模式: https://github.com/googleprojectzero/winafl/blob/master/readme_pt.md https://googleprojectzero.blogspot.com Projects by Google Project Zero https://googleprojectzero.blogspot.com 14 0 0 C,C#,C++,Python,HTML,Swift 0 0
sysdream Chashell: Go reverse shell that communicates over DNS https://github.com/sysdream/chashell https://sysdream.com Paris 14 1 0 Go,Python,JavaScript,Java 0 0
SafeBreach-Labs SirepRAT: Remote Command Execution as SYSTEM on Windows IoT Core https://github.com/SafeBreach-Labs/SirepRAT http://www.safebreach.com SafeBreach Labs Worldwide 12 2 0 Python,Shell 0 0
doyensec Electronegativity - 在基于 Electron 实现的应用中检查安全配置不当问题的工具 https://github.com/doyensec/electronegativity https://doyensec.com Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk. San Francisco / Warsaw 12 1 0 Python,C,JavaScript,Java 0 0
RhinoSecurityLabs Apache Axis 由于代码中加载过期域名托管的资源导致的远程代码执行漏洞详情披露(CVE-2019-0227) https://github.com/RhinoSecurityLabs/CVEs/blob/master/CVE-2019-0227/README.md https://rhinosecuritylabs.com A boutique penetration testing and security assessment firm in Seattle, WA. Seattle, WA 10 0 0 Python,JavaScript,PowerShell,HCL 0 0
DigitalSecurity nrf5x芯片固件反编译工具 https://github.com/DigitalSecurity/nrf5x-tools http://www.digitalsecurity.fr Paris, France 9 2 0 Python,C,JavaScript,C++ 0 0
MLEveryday 100-Days-Of-ML-Code中文版 https://github.com/MLEveryday/100-Days-Of-ML-Code https://mleveryday.github.io/ machine learning everyday shanghai 9 2 0 Python,HTML,Jupyter 0 0
NLua NLua - Bridge between Lua and the .NET https://github.com/NLua/NLua http://nlua.org http://nlua.org 9 1 0 C#,Lua,C,Shell,Perl 0 0
Nothing2Hide pcap_ioc: Python library to extract potential IOCs from a pcap file https://github.com/Nothing2Hide/pcap_ioc https://nothing2hide.org/ Des outils pour protéger linformation Internet 9 0 0 Python,Shell,PHP,CSS 0 0
GhostPack harmj0y开源了 DPAPI 的 C#实现工具,关于DPAPI 的作用可以配合https://www.harmj0y.net/blog/redteaming/operational-guidance-for-offensive-user-dpapi-abuse/这篇文章一起食用 https://github.com/GhostPack/SharpDPAPI None A collection of security related toolsets. None 8 0 0 C# 0 0
corkami 可以生成 PDF 和 PE 的 MD5 冲突的脚本: https://github.com/corkami/pocs/blob/master/collisions/README.md#pdf---pe None Reverse engineering & visual documentation None 8 2 0 TeX,Python,HTML,Assembly 0 0
x41sec 平常在测试 Java 站点时经常能看到 500 错误所泄露出来的异常信息,为此该作者提供了一个网站输入异常信息即可展示出异常中所使用的 Java 组件的版本以及 CVE 编号,其做法是通过 类名、方法名、代码行数做Hash 之后存入数据库,最后通过检索数据库来确定版本信息。 https://github.com/x41sec/slides/blob/master/2019-bsides-stuttgart/YourStackTracesAreLeakingCVEs.pdf https://www.x41-dsec.de https://www.x41-dsec.de 8 0 0 C#,C,Java 0 0
firecracker-microvm firecracker:Secure and fast microVMs for serverless computing https://github.com/firecracker-microvm/firecracker https://amazon.com/aws/ https://amazon.com/aws/ 6 6 0 Go,Shell,Rust 0 0
mitre-attack BZAR - 使用 Bro/Zeek 网络安全监控检测 ATT&CK 活动的项目 https://github.com/mitre-attack/car/tree/master/implementations/bzar mailto:attack@mitre.org attack@mitre.org 6 0 0 Bro,TypeScript,HTML,Python,JavaScript 0 0
w-digital-scanner w12scan: 网络资产发现引擎 https://github.com/w-digital-scanner/w12scan None Network security products && w(\d+)scan None 5 1 0 Python,CSS 0 0
BSidesSF BSidesSF CTF 2019 源码、DockerFile 及解决方案发布 https://github.com/BSidesSF/ctf-2019-release/tree/master/challenges https://bsidessf.org Security BSides San Francisco San Francisco, CA 4 4 0 C,HTML,Ruby,CSS 0 0
advanced-threat-research McAfee 高级威胁研究团队开源了一个辅助寻找 ROP Gadget 的工具 - xbypass,xbypass 可以帮我们找到可以绕过 XML 文件格式字符限制的 Gadget 地址 https://github.com/advanced-threat-research/xbypass https://www.mcafee.com/enterprise/en-us/threat-center/advanced-threat-research.html https://www.mcafee.com/enterprise/en-us/threat-center/advanced-threat-research.html 4 0 0 Python,YARA 0 0
cw-leia 自定义的智能卡分析测试套件,包含软件和硬件 ,设备使用于Chipwhisperer https://github.com/cw-leia None LEIA: the Lab Embedded ISO7816 Analyzer A Custom Smartcard Reader for the ChipWhisperer by @ANSSI-FR None 4 0 0 C,Shell,HTML 0 0
openitsystem itops: 基于Python + Django的AD\Exchange管理系统 https://github.com/openitsystem/itops?from=timeline https://www.opscaff.com 为行业提供更好的开源IT系统 https://www.opscaff.com 4 0 0 Python,Shell,JavaScript 0 0
sophoslabs While parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use. https://github.com/sophoslabs/CVE-2018-18500/ https://www.sophos.com/en-us/labs.aspx https://www.sophos.com/en-us/labs.aspx 4 0 0 Python,HTML 0 0
momosecurity 陌陌开源的风控系统静态规则引擎 https://github.com/momosecurity/aswan https://security.immomo.com 陌陌安全 Beijing, China 3 0 0 Python,PHP,Java 0 0
opensec-cn VTest - 漏洞测试辅助系统 https://github.com/opensec-cn/vtest https://opensec-cn.github.io https://opensec-cn.github.io 3 5 0 Python,Go,HTML 0 0
redhuntlabs List of Awesome Asset Discovery Resources https://github.com/redhuntlabs/Awesome-Asset-Discovery http://redhuntlabs.com/ Discover and Assess your Attack Surface http://redhuntlabs.com/ 3 2 0 Python 0 0
QBDI QBDI - QuarksLab 开源的一款二进制动态插桩框架,支持 Linux, macOS, Android, iOS 和 Windows。 https://github.com/QBDI/QBDI https://qbdi.quarkslab.com QuarkslaB Dynamic binary Instrumentation Quarkslab 2 2 0 HTML,C++ 0 0
360-A-Team LuWu: 红队基础设施自动化部署工具 https://github.com/360-A-Team/LuWu None 360 A-TEAM has been renamed to QAX A-TEAM, check out https://github.com/QAX-A-Team None 1 0 0 0 0
Synacktiv exploit for CVE-2018-4193 https://github.com/Synacktiv/CVE-2018-4193 http://www.synacktiv.ninja/en/ Paris - France 1 2 0 Python 0 0
webarx-security wpbullet: A static code analysis for WordPress (and PHP) https://github.com/webarx-security/wpbullet https://www.webarxsecurity.com/ WebARX is a cyber security company focusing on web application security. https://www.webarxsecurity.com/ 1 0 0 Python 0 0
BlueTeamLabs 利用 Sysmon 和 MITRE ATT&CK 框架实现威胁检测的实践 https://github.com/BlueTeamLabs/sentinel-attack https://blueteamlabs.io https://blueteamlabs.io 0 0 0 Jupyter 0 0
CENSUS Windows 10 RS2/RS3 Bypass GDI pushlock Mitigation 的两个技巧 https://github.com/CENSUS/windows_10_rs2_rs3_exploitation_primitives http://census-labs.com/ Greece 0 0 0 Python,C++ 0 0
Netflix Several DoS conditions in certain HTTP/2 implementations https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md http://netflix.github.io/ Netflix Open Source Platform Los Gatos, California 0 0 0 Groovy,TypeScript,Java,Scala,Python,JavaScript,C++,Shell,Go,Clojure,Ruby 0 0
Riscure 用AFL Fuzz OP-TEE的系统调用 https://github.com/Riscure/optee_fuzzer http://www.riscure.com Riscure Security Lab http://www.riscure.com 0 0 0 Python,C,Julia 0 0
emsec 用于逆向门级网表的框架工具,主要是针对FPGA逻辑门电路的逆向。 https://github.com/emsec/hal http://emsec.rub.de Germany 0 0 0 C,CMake,VHDL,AGS,C++,Ruby 0 0
fgsect 用AFL-Unicorn来fuzz内核,集合了afl的覆盖率和unicorn的局部模拟执行 https://github.com/fgsect/unicorefuzz https://www.isti.tu-berlin.de/security_in_telecommunications/menue/overview/ The Computer Security Group at Berlin University of Technology Berlin, Germany 0 0 0 Python,JavaScript 0 0
qilingframework Qiling - 二进制模拟执行框架,可以以沙箱模式模拟执行多种架构的代码 https://github.com/qilingframework/qiling None Cross Platform and Multi Architecture Lightweight Sandbox qiling.io 0 0 0 Python 0 0
ssd-secure-disclosure 详细介绍了iOS安全缓解措施的一步步进化 https://github.com/ssd-secure-disclosure/typhooncon2019/blob/master/Siguza%20-%20Mitigations.pdf https://ssd-disclosure.com/ SSD helps security researchers turn their skills in uncovering security vulnerabilities into a career. https://ssd-disclosure.com/ 0 0 0 Python,C 0 0
ucsb-seclab sasi:基于Angr来清除二进制中冗余代码的工具,相对已有工具的性能提高主要来源于它能更加准确完整地恢复CFG https://github.com/ucsb-seclab/sasi http://seclab.cs.ucsb.edu The Computer Security Group at UC Santa Barbara Santa Barbara 0 0 0 Python,C,Java,C++ 0 0

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
ruanyf document-style-guide: 中文技术文档的写作规范 https://github.com/ruanyf/document-style-guide https://twitter.com/ruanyf Shanghai, China None 56 0 234 52000 0 JavaScript 0 0
justjavac 免费的计算机编程类中文书籍 https://github.com/justjavac/free-programming-books-zh_CN https://github.com/denoland Creator of vscode-deno. Currently a contributor to Deno @denoland and author of @denodev. Tianjin, China None 64 0 810 11800 128 TypeScript,JavaScript,HTML 0 0
nikic PHP-Fuzzer - 基于代码覆盖反馈信息 Fuzz PHP libraries https://github.com/nikic/PHP-Fuzzer https://nikic.github.io/ Berlin, Germany JetBrains 71 0 72 4000 24 C,PHP 26100 5900
evilsocket OpenSnitch - macOS Little Snitch 应用防火墙的 Linux 移植版 https://github.com/evilsocket/opensnitch https://www.evilsocket.net Italy Zimperium 115 0 14 3900 0 Go,Python,JavaScript 5700 538
byt3bl33d3r 利用脚本语言处理 .NET Payloads,实现 BYOI Payloads https://github.com/byt3bl33d3r/Slides/blob/master/RT%20Level%209000%2B%2B_BsidesPR.pdf https://byt3bl33d3r.github.io C Y B E R Error: Unable to resolve BlackHills InfoSec 98 0 1100 3000 120 Python,PowerShell,HCL,Boo 3000 795
s0md3v 绕过 WAF 的 XSS 检测机制研究 https://github.com/s0md3v/MyPapers/tree/master/Bypassing-XSS-detection-mechanisms https://github.com/s0md3v I make things, I break things and I make things that break things. Twitter: @s0md3v None None 30 0 0 2400 0 Python,JavaScript,Perl 0 0
thelinuxchoice Phishing Tool for 18 social media https://github.com/thelinuxchoice/shellphish http://twitter.com/linux_choice Twitter: @linux_choice None None 103 0 38 2200 5 Python,Shell,HTML 890 403
openbilibili 哔哩哔哩(bilibili)站的源码疑似泄漏 https://github.com/openbilibili/go-common None None None 0 0 0 2200 0 0 0
xdite 互联网资安风控实战 https://github.com/xdite/internet-security http://blog.xdite.net CEO of OTCBTC Taipei, Taiwan OTCBTC 177 0 214 1600 13 Makefile,Ruby 315 82
Micropoor Micro8: PHP安全新闻早8点全部文档 https://github.com/Micropoor/Micro8 None None None 2 0 60 1400 20 14500 5700
skeeto endlessh - 一个伪造的 SSH 服务端,当攻击者连上后会不断收到 SSH Banner 信息以耗费时间 https://github.com/skeeto/endlessh https://nullprogram.com/ Maryland None 217 0 175 1300 15 C,Emacs,C++ 864 60
trimstray reload.sh - 通过 SSH 实现重装、恢复以及擦除系统的脚本 https://github.com/trimstray/reload.sh https://trimstray.github.io/ BIO_read(wbio, buf, 4096) Poland None 16 0 868 1200 270 Shell 17900 1600
smealum butthax: lovense hush buttplug exploit chain https://github.com/smealum/butthax http://smealum.net None None 38 0 15 1200 2 C,Assembly 468 137
robertdavidgraham 研究员 robertdavidgraham 基于 zerosum0x0 CVE-2019-0708 扫描器的代码和开源 rdesktop 项目,移植了一个可以在 macOS 和 Windows 编译的 CVE-2019-0708 扫描器 https://github.com/robertdavidgraham/rdpscan http://robertgraham.com @ErrataRob None 37 0 0 1200 4 C 9900 1600
3gstudent A collection of pentest and development tips https://github.com/3gstudent/Pentest-and-Development-Tips https://3gstudent.github.io/ good in study,attitude and health None None 99 0 159 1200 11 Python,C#,Batchfile,PowerShell,C++ 431 158
taviso swisstable - 访问 Abseil Swiss Tables 的小型 C 封装库 https://github.com/taviso/swisstable None None None 11 0 9 1100 1 C 2600 193
mandatoryprogrammer tarnish - 针对 Chrome 扩展程序的静态分析工具: https://github.com/mandatoryprogrammer/tarnish https://thehackerblog.com/ ><script src=https://y.vg></script> ><script src=https://y.vg></script> ><script src=https://y.vg></script> 41 0 97 1100 18 Python,JavaScript,Dockerfile 1400 208
jgamblin CarHackingTools: Install and Configure Common Car Hacking Tools. https://github.com/jgamblin/CarHackingTools https://www.jerrygamblin.com Researcher. Builder. Hacker. Traveler. Cedere Nescio. United States None 65 0 0 1000 2 C,Shell 0 0
unixpickle 一款针对 Go 二进制和包的混淆工具 https://github.com/unixpickle/gobfuscate https://aqnichol.com Web developer, math geek, and AI enthusiast. San Francisco, CA None 544 0 147 994 50 Python,Go,Objective-C,JavaScript 590 175
fs0c131y ES 文件资源管理器 HTTP 服务端口打开漏洞披露(CVE-2019-6447): https://github.com/fs0c131y/ESFileExplorerOpenPortVuln https://twitter.com/fs0c131y French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, Donald Daters and others. Not completely schizophrenic. Not related to USANetwork. None None 11 0 0 960 0 Python,Kotlin 543 118
Ridter 2018年初整理的一些内网渗透TIPS https://github.com/Ridter/Intranet_Penetration_Tips https://evi1cg.me None None 104 0 405 909 20 Python,C#,C 1800 358
Xyntax 研究员 Xyntax 公开了多个 Paper,主要方向是安全数据分析和威胁防御 https://github.com/Xyntax/slides https://www.cdxy.me Web developer, security researcher and data analyst. Hangzhou,China Alibaba Cloud 50 0 297 902 86 Python,HTML,PowerShell 1100 579
vysecurity DomainFrontingLists: A list of Domain Frontable Domains by CDN https://github.com/vysecurity/DomainFrontingLists https://github.com/vysecurity @vysecurity Hong Kong SYON 646 0 581 892 56 Python,C#,PowerShell 761 194
Urinx browspy: 浏览器用户全部信息收集JavaScript https://github.com/Urinx/browspy https://urinx.github.io ペットの元気子犬 Wuhan, China Huazhong Univ of Sci & Tech 40 0 61 866 11 Python,Swift 0 0
EtherDream jsproxy: 一个基于浏览器端 JS 实现的在线代理 https://github.com/EtherDream/jsproxy None [Geeker, Hacker) Hangzhou, China 0xA11BABA 25 0 172 864 5 Shell,JavaScript 3400 614
PaulSec Shodan.io Android版官方应用程序 https://github.com/PaulSec/Shodan.io-mobile-app/issues https://paulsec.github.io/ I cant promise anything but Ill do my best. France None 93 0 503 811 26 Python 2800 361
boy-hack w13scan: 被动扫描器 https://github.com/boy-hack/w13scan?from=timeline https://www.hacking8.com/ Hacking tools just for fun ~ china None 29 0 118 809 15 Python,CSS 797 287
shmilylty OneForAll 一款功能强大的子域收集工具 https://github.com/shmilylty/OneForAll https://github.com/Qihoo360 Information security researcher, CTF enthusiast. Beijing, China @Qihoo360 108 0 992 753 116 Python,Go,JavaScript,HTML 747 216
ismailtasdelen Red Team Hardware Toolkit https://github.com/ismailtasdelen/redteam-hardware-toolkit http://ismailtasdelen.com Hi, My name is Ismail Tasdelen. As a security researcher. Im working Penetration Tester at Ernst & Young. Remember to follow and support. Have a great day. 😇 Istanbul Ernst & Young 97 0 783 733 467 Python,Shell,HTML 591 164
xairy VMware 虚拟机逃逸相关的资料整理 https://github.com/xairy/vmware-exploitation https://andreyknvl.com/ None None 29 0 0 727 14 Python,C 2600 621
TideSec Web指纹识别技术研究与优化实现 https://github.com/TideSec/TideFinger/blob/master/Web%E6%8C%87%E7%BA%B9%E8%AF%86%E5%88%AB%E6%8A%80%E6%9C%AF%E7%A0%94%E7%A9%B6%E4%B8%8E%E4%BC%98%E5%8C%96%E5%AE%9E%E7%8E%B0.md http://www.TideSec.com 一心不动,大巧不工。 China Tide 21 0 207 726 23 C,Shell,Java,Python,PHP,Ruby 947 341
0vercl0k Exploit for CVE-2019-9810 Firefox on Windows 64 bits https://github.com/0vercl0k/CVE-2019-9810 https://doar-e.github.com/ US/FR None 15 0 7 704 0 Python,JavaScript,C++ 760 157
zerosum0x0 研究员 zerosum0x0 公开 Windows RDP RCE CVE-2019-0708 漏洞的扫描器 https://github.com/zerosum0x0/CVE-2019-0708 https://zerosum0x0.blogspot.com USSA None 83 0 23 697 2 Python,C#,C,C++ 1300 362
SandboxEscaper SandboxEscaper公开了一个task scheduler服务未正确模拟client令牌导致LPE的0day。 https://github.com/SandboxEscaper/polarbearrepo None None None 1 0 0 692 0 C++ 157 88
clone95 Virgilio: Your new Mentor for Data Science E-Learning https://github.com/clone95/Virgilio None I graduated in Italy in IT Engineering, and im currently having my internship in a shiny AI startup. Bologna, Italy None 22 0 35 685 29 Python,Jupyter,PowerShell 0 0
lcatro 一些阅读源码和 Fuzzing 的经验,涵盖黑盒与白盒测试 https://github.com/lcatro/Source-and-Fuzzing https://github.com/lcatro/my-blog Binary ,WEB vulnerability and Fuzzing Research .. China WeBank ,Tencent 52 0 181 677 21 Python,PHP,Mask,C++ 405 107
jas502n Weblogic 任意文件上传漏洞(CVE-2019-2618)的 Exploit https://github.com/jas502n/cve-2019-2618/ None 1.misc 2.crypto 3. web 4. reverse 5. android 6. pwn 7. elf None None 129 0 103 661 109 Python,C,Shell,JavaScript,PHP 294 106
vstinner Python Security - 记录 Python 历史漏洞及补丁版本信息的 Repo https://github.com/vstinner/python-security https://github.com/python I am paid by Red Hat to maintain Python upstream (python.org) and downstream (RHEL, Fedora). @python core-dev. France Red Hat 32 0 7 642 0 Python 299 34
tyranid The Windows Sandbox Paradox (Flashback),来自 James Forshaw https://github.com/tyranid/infosec-presentations/blob/master/Nullcon/2019/The%20Windows%20Sandbox%20Paradox%20(Flashback).pdf None None None 31 0 0 638 2 C#,Python,C 700 197
Cyb3rWard0g OSSEM - 开源安全事件元数据,旨在定义和共享公共信息模型以改进安全事件日志的数据标准化: https://github.com/Cyb3rWard0g/OSSEM https://github.com/Cyb3rWard0g @Cyb3rWard0g None None 10 0 19 636 2 Jupyter,PowerShell 1400 336
vanhauser-thc AFL 的社区维护版 afl++ 发布 2.53c 版本 https://github.com/vanhauser-thc/AFLplusplus/releases/tag/2.53c https://www.mh-sec.de/ Security researcher since 1994 https://www.thc.org/ https://twitter.com/hackerschoice Berlin The Hackers Choice , mh-sec , me , myself 22 0 33 630 19 C,HTML,C++ 2900 841
Cryptogenic 在 PS4 6.20 上的 WebKit 远程代码执行漏洞(CVE-2018-4441)利用 https://github.com/Cryptogenic/PS4-6.20-WebKit-Code-Execution-Exploit https://twitter.com/SpecterDev PHP/C++ developer with an interest in user-land and web exploitation. None None 28 0 38 613 5 Go,C,JavaScript,HTML 591 153
k8gege K8tools: K8工具合集 https://github.com/k8gege/K8tools http://www.cnblogs.com/k8gege USA FBI 10 0 9 594 1 Python,C#,Ruby,PowerShell 1200 500
travisgoodspeed 利用 GHIDRA 逆向 Tytera MD380 的固件 https://github.com/travisgoodspeed/md380tools/wiki/GHIDRA None None None 31 0 35 593 24 Python,C,C++ 593 190
c0ny1 xxe-lab: 各种语言版本的XXE漏洞Demo https://github.com/c0ny1/xxe-lab http://gv7.me 漏洞在牛角尖上 None None 13 0 271 583 12 Python,Shell,PHP,Java 1200 307
ChiChou 前两周 ChiChou 公开了多个 macOS 平台的多个应用的漏洞利用代码,包括微软 Microsoft AutoUpdate、Adobe Creative Cloud Desktop 以及 Feedback Assistant https://github.com/ChiChou/sploits https://github.com/alipay 我要卖掉我的代码 浪迹天涯 Beijing, China @alipay 53 0 1500 551 242 Logos,C,Shell,JavaScript,C++,Objective-C,Vue 1100 152
dxa4481 结合 Oauth 进行 XSS 的高级利用以实现对目标的持久化访问: https://github.com/dxa4481/XSSOauthPersistence https://security.love Full stack hacker USA None 83 0 22 550 4 Python,HTML,JavaScript 3600 444
fdiskyou 用于枚举进程 Mitigation 状态的 WinDbg 调试器插件 https://github.com/fdiskyou/iris http://deniable.org Shut Up and Hack. London, UK None 65 0 125 547 28 Python,C,C++ 862 258
danielbohannon Revoke-Obfuscation: PowerShell Obfuscation Detection Framework https://github.com/danielbohannon/Revoke-Obfuscation http://danielbohannon.com Principal Applied Security Researcher (prev IR Consultant) Washington, D.C. Mandiant 7 0 0 533 5 PowerShell 1300 345
mame82 Logitech Unifying Vulnerabilities https://github.com/mame82/UnifyingVulnsDisclosureRepo/tree/master/vulnerability_reports https://www.twitter.com/mame82 None None 69 0 44 509 17 Python,Go,C,JavaScript 2500 517
infosecn1nja awesome-mitre-attack - 与 Mitre ATT&CK 攻击防御框架有关的工具和资料收集 https://github.com/infosecn1nja/awesome-mitre-attack None Red Teamer and Security Researcher Jakarta, Indonesia None 31 0 575 508 56 Python,Shell,PowerShell 4600 1500
zodiacon zodiacon 开源了一个工具,用于查看内核对象类型的句柄和对象 https://github.com/zodiacon/KernelObjectView http://scorpiosoftware.net Israel None 56 0 106 503 9 C#,C,C++ 714 208
Ekultek BlueKeep - Ekultek 研究员公开 Windows RDP CVE-2019-0708 RCE PoC https://github.com/Ekultek/BlueKeep None U3VjY2VzcyBpcyBpbiB0aGUgZXllIG9mIHRoZSBiZWhvbGRlci4= None None 89 0 122 497 11 Python,C++ 3700 952
elfmaster dsym_obfuscate - 一款加密动态符号表,并在运行时恢复的工具 : https://github.com/elfmaster/dsym_obfuscate http://www.bitlackeys.org Order of operation: Consciousness/Meditation Family Creativity, coding, hacking, reversing, security Seattle Leviathan 25 0 19 483 15 C,Objective-C,C++ 192 45
0x27 Cisco RV320 的 Dump 配置和远程 RCE 的漏洞利用: https://github.com/0x27/CiscoRV320Dump http://0x27.me/ EIP None 77 0 3000 475 34 Python,Go,C 397 220
tanjiti sec_profile: 分析安全信息站点、安全趋势、安全工作者账号 https://github.com/tanjiti/sec_profile http://tanjiti.com/ #Network Security Monitor #threat intelligence  #waf #ids #iOS App Security #Android App Security #game security shanghai baidu 16 0 4 470 166 Python,PHP,HTML,Perl 0 0
xerub voucher_swap - Exploit for P0 issue 1731 on iOS 12.1.2 https://github.com/xerub/voucher_swap None None None 29 0 0 447 0 Python,C 191 86
Lucifer1993 cmsprint: CMS和中间件指纹库 https://github.com/Lucifer1993/cmsprint None 安全圈职业炮灰 None None 25 0 315 444 25 Python,Ruby 897 403
jakeajames Patchfinders for offsets used in bazads PAC bypass https://github.com/jakeajames/jelbrekLib/blob/master/patchfinder64.m None A random guy on the internet. Antartica None 68 0 4 439 7 Logos,C 291 133
We5ter 开源powershell CMD bash命令混淆检测工具 https://github.com/We5ter/Flerken https://lightrains.org You are being watched. Anywhere. Anytime. Chengdu,China None 11 0 1200 426 108 Python,CSS 0 0
LandGrey Kibana CVE-2019-7609 RCE Exploit https://github.com/LandGrey/CVE-2019-7609/ https://landgrey.me I learn cyber sec Earth None 15 0 1100 425 44 Python,ASP 1000 285
sebastienros Jint - Javascript interpreter for .NET,在 Javascript 中运行 .NET 平台的代码 https://github.com/sebastienros/jint http://about.me/sebastienros Bellevue, WA Microsoft 61 0 10 378 0 C# 2600 902
rasta-mouse TikiTorch - 一款允许在任意进程中执行任意 ShellCode 的工具 https://github.com/rasta-mouse/TikiTorch https://github.com/ZeroPointSecurity None @ZeroPointSecurity 20 0 58 377 7 C#,PowerShell 0 0
Kevin-Robertson Windows网络协议层攻击套件包括 SMB LLMNR NBNS mDNS DNS https://github.com/Kevin-Robertson/InveighZero https://github.com/NetSPI None @NetSPI 7 0 226 364 8 C#,PowerShell 929 231
xorrior CobaltStrike 基于 WebSockets 的 C2 远控组件 https://github.com/xorrior/raven https://www.xorrior.com PowerShell, C#, Obj-C, macOS Security, Red Team Operator None SpecterOps 53 0 93 363 9 C#,Objective-C,PowerShell,C++ 358 82
secrary idenLib - 识别库函数的工具集: https://github.com/secrary/idenLib https://secrary.com @_qaz_qaz https://keybase.io/khasaia None 17 0 197 363 21 Python,C,C++ 0 0
mjg59 mjg59 为 Linux 内核提交了一个 Patch,支持用户态请求内核清空引用计数为 0 的内存页,防止重要密钥信息在进程崩溃、内存换页等场景下被泄漏。 https://github.com/mjg59/linux/commit/cd2bb1eb23ededafc2f301f8bc5561523daa96e6 https://github.com/google Oakland @google 73 0 2 356 0 Python,C 632 250
404notf0und 2018-2020青年安全圈-活跃技术博主/博客 https://github.com/404notf0und/Security-Data-Analysis-and-Visualization https://www.4o4notfound.org 欢迎关注公众号:404 Not F0und,专注于Cyber-Security-Data-Analysis Hangzhou,China Ant Financial 14 0 72 350 16 TSQL,Jupyter 520 121
Dliv3 Venom - A Multi-hop Proxy for Penetration Testers https://github.com/Dliv3/Venom https://twitter.com/D1iv3 BUPT , CTF , 天枢(Dubhe) , Tencent Security Xuanwu Lab China, Beijing BUPT 59 0 1200 348 176 Go,C,JavaScript,Java,PowerShell 3200 1200
leebaird 基于 Metasploit 写的一款自动化渗透测试工具 https://github.com/leebaird/discover None None None 3 0 49 344 2 Python,Shell,PHP 1700 515
xoofx JitBuddy - 可以将托管的 JIT native code 反汇编的辅助功能方法: https://github.com/xoofx/JitBuddy https://github.com/Unity-Technologies Grenoble - France @Unity-Technologies 56 0 209 335 19 C# 0 0
tunz Internet Explorer 脚本引擎远程代码执行漏洞(CVE-2018-8389)POC: https://github.com/tunz/js-vuln-db/blob/master/jscript/CVE-2018-8389.md http://tunz.kr South Korea None 11 0 68 331 61 Python,Haskell,Rust 0 0
caseysmithrc 在 Windows Script Hosts 的上下文中执行任意 .NET 汇编代码,来自 DerbyCon2019 https://github.com/caseysmithrc/DerbyCon2019 None None None 234 0 7 330 0 C,C#,C++,F#,Go,PHP,Ruby,PowerShell 55 25
grayddq GScan: Linux主机侧Checklist的自动全面化检测 https://github.com/grayddq/GScan None 一位喜欢原创的安全工作者! None None 14 0 0 327 0 Python 305 99
hannob Apache 不准备修复的 UAF 漏洞公开: https://github.com/hannob/apache-uaf/ https://hboeck.de/ Berlin None 79 0 2 318 2 Python,Shell,PHP 1400 150
Tuhinshubhra ExtAnalysis: Browser Extension Analysis Framework https://github.com/Tuhinshubhra/ExtAnalysis https://twitter.com/r3dhax0r I code and hack for fun! ... None 13 0 2 316 0 Python,PHP,JavaScript,CSS 0 0
0x4D31 大规模网络指纹探测与数据聚类分析,作者利用网络指纹信息追踪攻击者及攻击工具,同时发布了一个工具 FATT。来自 AusCERT 2019 会议 https://github.com/0x4D31/Presentations https://github.com/salesforce Lead Threat Detection Engineer @salesforce Sydney, Australia None 21 0 1100 307 77 Python,Go 793 164
piglei Python 工匠 https://github.com/piglei/one-python-craftsman http://www.zlovezl.cn A Python programmer who enjoys writing and reading beautiful codes. Also coding in Go, JavaScript. ShenZhen, China Tencent 24 0 1400 301 93 Python,Go,JavaScript 730 106
rvrsh3ll 将 shellcode 隐藏在资源文件中再通过 CPL 加载执行的POC https://github.com/rvrsh3ll/CPLResourceRunner None I hack code together and hope it works. NOVA None 118 0 19 299 9 Python,C#,HTML,PowerShell 377 114
ExpLife0011 优秀 Windows 内核漏洞利用方向资源收集 https://github.com/ExpLife0011/awesome-windows-kernel-security-development/blob/master/README.md None None None 2800 0 3000 283 487 C,Assembly,Python,AngelScript,C++,C# 668 226
dirkjanm Kerberos unconstrained delegation abuse toolkit https://github.com/dirkjanm/krbrelayx None The Netherlands None 19 0 11 281 1 Python 0 0
phantom0301 PTEye: 代理黑盒漏洞审计工具 https://github.com/phantom0301/PTEye http://phantom0301.github.io/ Free and Share Chengdu None 80 0 32 279 10 Python,JavaScript,PowerShell 81 9
pasta-auto 丰田公司开发了一套汽车ECU系统的测试工具,包含软件和硬件,repo里面有这套工具的相关介绍,目前应该是在售的状态。 https://github.com/pasta-auto/PASTA1.0 None None None 1 0 0 262 0 C 49 11
7kbstorm 7kbscan-WebPathBrute Web路径暴力探测工具 https://github.com/7kbstorm/7kbscan-WebPathBrute https://www.7kb.org Red Team None None 27 0 2 261 0 C++,XSLT 220 67
bettenW 2019腾讯广告算法大赛完整代码(冠军) https://github.com/bettenW/Tencent2019_Finals_Rank1st http://zhuanlan.zhihu.com/DataAI 鱼遇雨欲语与余 China, Beijing 京东集团,算法工程师 12 0 46 260 6 Python,Jupyter 235 83
WyAtu Perun: 网络资产漏洞扫描器/扫描框架 https://github.com/WyAtu/Perun None Security Researcher None None 12 0 14 251 8 Python,C 343 155
rk700 之前推过AFL-Unicorn项目可以让AFL fuzz能用Unicorn模拟的闭源binary,这个uniFuzzer项目很类似,是要把libfuzzer应用在闭源binary上 https://github.com/rk700/uniFuzzer// http://rk700.github.io None None 18 0 57 248 2 Python,C,Java 606 161
meitar Awesome Cybersecurity Blue Team - 蓝队防御相关的工具、文章资料收集 https://github.com/meitar/awesome-cybersecurity-blueteam https://web.archive.org/web/20190206200948/https://maymay.net/blog/2019/02/06/why-i-am-publicly-disassociating-myself-from-the-recurse-center/ ⚑ Ⓐnti-capitalist Free Software developer, pro white genocide, abolish all prisons, 0xACAB ⚑ https://cyberbusking.org/ Code signing GPG key: C42F 2F04 C42D 489E 23DD 71CE 07EF AA28 AB94 BC85 196 0 48 240 0 Shell,PHP,HTML 398 44
staaldraad Git Fetch 相关的漏洞利用研究(CVE-2018-11235 & CVE-2018-16873) https://github.com/staaldraad/troopers19/ https://github.com/heroku None @heroku 38 0 5 236 4 Go,Python,HTML 1200 473
cobbr SharpSploit - C# 语言编写的基于 .NET 的后渗透测试工具 https://github.com/cobbr/SharpSploit https://cobbr.io Dallas, TX SpecterOps 17 0 48 230 1 C#,PowerShell 570 89
gh0stkey PoCBox - 漏洞测试验证辅助平台 https://github.com/gh0stkey/PoCBox https://gh0st.cn 天行健,君子以自强不息;地势坤,君子以厚德载物。 China 米斯特安全团队 13 0 103 229 13 Python,PHP,HTML 358 98
RUB-SysSec NEMO:一款猜测password的工具,通过使用马尔可夫模型可以更高效地选择变异策略 https://github.com/RUB-SysSec/NEMO// https://syssec.rub.de Bochum, Germany Ruhr-University Bochum 21 0 11 228 0 Python,C,C++ 370 102
mgeeky Stracciatella - Bypass AMSI 和 Script Block Logging 加载执行 PowerShell 脚本的工具 https://github.com/mgeeky/Stracciatella https://www.linkedin.com/in/mariuszban/ Sencha-inspired Offensive Security engineer, doing heaps of penetration testings, packet craftings, reverse engineering and exploits/tools development. None None 52 0 1100 225 77 Python,C#,PowerShell,C++ 225 66
yeyintminthuhtut Browser、Mitigation 、Kernel 等漏洞利用相关研究 https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References http://pentest.space Twitter @yeyint_mth Singapore None 287 0 477 223 19 Shell 0 0
neal1991 2019年针对API安全的4点建议 https://github.com/neal1991/articles-translator/blob/master/2019%E5%B9%B4%E9%92%88%E5%AF%B9API%E5%AE%89%E5%85%A8%E7%9A%844%E7%82%B9%E5%BB%BA%E8%AE%AE.md https://madneal.com Obviously, I am cool. Shanghai ECNU 96 0 514 222 58 Python,Shell,JavaScript,Java,HTML 0 0
Viralmaniar I-See-You: Bash and Javascript tool to find the exact location of user https://github.com/Viralmaniar/I-See-You https://twitter.com/maniarviral Melbourne, Victoria, Australia None 36 0 221 219 93 Python,Shell 725 110
bcoles bcoles 收集的 Linux 内核 Exploits https://github.com/bcoles/kernel-exploits https://itsecuritysolutions.org rm -rf /* rm -rf /* rm -rf /* 29 0 62 217 19 Python,C,Shell,Ruby 17100 8400
zer0yu 网络空间安全的RSS订阅 https://github.com/zer0yu/CyberSecurityRSS http://zeroyu.xyz/ Every light needs a shadow. You just have to learn how to control it,use it when you need it. None None 29 0 2100 214 1100 Python,C,CSS 0 0
hlldz APC-PPID - 通过 APC 注入创建进程并伪造父进程的项目 https://github.com/hlldz/APC-PPID https://artofpwn.com Pwner, Red Teamer İstanbul, Türkiye None 5 0 179 214 22 Python,PowerShell,C++ 691 159
pyn3rd Apache Tomcat 远程代码执行漏洞(CVE-2019-0232),可以通过 Windows enableCmdLineArguments 触发 https://github.com/pyn3rd/CVE-2019-0232/ https://twitter.com/pyn3rd Hangzhou Alibaba Group 7 0 0 210 0 Python,Batchfile,Java 118 46
h2hconference Hackers to Hackers(H2HC) 2019 会议的议题 PPT 公开了 https://github.com/h2hconference/2019 https://www.h2hc.com.br Hackers To Hackers Conference (H2HC) é uma conferência organizada por pessoas que trabalham ou que estão diretamente envolvidas com pesquisas e desenvolvimento Brazil H2HC 18 0 0 203 0 Python,HTML 50 12
gamozolabs applepie - 一款用于 Fuzz 的虚拟机管理器: https://github.com/gamozolabs/applepie None None None 25 0 2 203 0 C,Assembly,C++,Rust 293 32
zjlywjh001 披露一种针对W-IFI WPA/WPA2协议的MOTS(Man-On-The-Side)的攻击方式 https://github.com/zjlywjh001/CanSecWest19 https://www.jarviswang.me/ None None 52 0 5 202 0 C,JavaScript,Java 0 0
wonderkun CTFENV: 为应对CTF比赛而搭建的各种环境 https://github.com/wonderkun/CTFENV None None None 70 0 410 199 152 Python,C,PHP,Dockerfile 454 150
1522402210 一套 webkit 完整 rce 的详细分析 (render rce+sbx) https://github.com/1522402210/Issue-198327 None BlockChain Fans None None 599 0 3800 198 1700 Python,Go,PowerShell,C++ 289 111
drk1wi Modlishka - 一款灵活且功能强大的反向代理工具 : https://github.com/drk1wi/Modlishka https://twitter.com/drk1wi None None 37 0 87 196 3 Go,Swift,Makefile 0 0
ustayready fireprox - AWS API Gateway 管理工具,用于动态创建 HTTP 传递代理以实现唯一的 IP 轮换 https://github.com/ustayready/fireprox None divergent thinker/breaker and researcher of stuff None None 39 0 7 194 7 Python,C#,HTML 702 147
bkerler OPPO和一加手机的.ozip固件解密工具 https://github.com/bkerler/oppo_ozip_decrypt https://twitter.com/viperbjk Reverse Engineer and Data/Crypto Analyst Germany RevSkills 313 0 2 193 13 Python,C,Shell,CSS,C++ 526 94
ouqiang gocron: 定时任务管理系统 https://github.com/ouqiang/gocron None to be a better man Xiamen, China None 12 0 106 186 1 Go,PHP 1900 433
kpcyrd Sn0int - 半自动 OSINT 框架和包管理器: https://github.com/kpcyrd/sn0int None /waɪrd/ Hamburg, Germany None 220 0 660 185 180 Ruby,Assembly,Rust 0 0
13o-bbr-bbq 机器学习与安全相关的一些资料汇总 https://github.com/13o-bbr-bbq/machine_learning_security None Im an engineer, Machine Learning hacker and CISSP. Speaker at Black Hat Arsenal, DEFCON Demo Labs/AI Village, Pycon, CODE BLUE etc., Tokyo, Japan. None 9 0 25 185 1 Python 875 319
matteyeux 用于加载 Apple SecureROM 的 IDA 插件 https://github.com/matteyeux/srom64helper https://github.com/alterway Sysadmin. Sometimes I write code Paris @alterway 107 0 115 184 136 Python,C 10 4
JohnLaTwC Malware PowerShell shellcode analysis https://github.com/JohnLaTwC/Shared/blob/master/notebooks/Malware%20PowerShell%20shellcode%20analysis.ipynb https://github.com/JohnLaTwC @JohnLaTwC Distinguished Engineer and General Manager, Microsoft Threat Intelligence Center None Microsoft Corporation 16 0 3 182 1 Python,Visual,HTML,Jupyter 172 37
DrDonk Patch VMware ESXi 以支持 VMware 安装 macOS 系统的工具,支持 VMware ESXi 6.5 and 6.7 https://github.com/DrDonk/esxi-unlocker None None None 14 0 0 180 0 Python,C,Shell,JavaScript 902 179
mpgn CVE-2019-9580 - StackStorm CORS 验证不当导致的 XSS + RCE 漏洞详情披露 https://github.com/mpgn/CVE-2019-9580/ https://github.com/QuokkaLight ̿ ̿̿̿\̵͇̿̿=(•̪●)=/̵͇̿̿/̿̿ ̿ ̿ ̿ Paris @QuokkaLight 33 0 149 174 14 Python,HTML,Java 123 37
olafhartong Sysmon 监控手册,用一张图介绍了各个 Event ID 及其附属字段的含义 https://github.com/olafhartong/sysmon-cheatsheet http://olafhartong.nl The Netherlands None 51 0 61 164 4 Python,Shell,Batchfile,PowerShell,C# 489 73
maddiestone 谷歌安全团队成员在Recon 2019会议上分享的Android病毒逆向分析,病毒通过各种反射和混淆隐藏自身真实payload,但通过仔细逆向,仍然能够将其分析清楚,毕竟Java编译之后的代码语义的留存还是挺多的 https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf http://twitter.com/maddiestone None None 3 0 2 160 1 Python 436 91
rockbruno swiftshield - Swift/OBJ-C 代码混淆工具 https://github.com/rockbruno/swiftshield https://github.com/ifood Software Engineer (iOS) at @ifood, Writer https://swiftrocks.com Brazil @ifood 41 0 15 159 0 Java,Ruby,Swift,C++ 48700 7800
m1ghtym0 browser-pwn - 针对浏览器漏洞利用的资源合集 : https://github.com/m1ghtym0/browser-pwn None None None 17 0 85 159 12 Python,C 0 0
secgroundzero tetanus: Helper script for mangling CS payloads https://github.com/secgroundzero/tetanus None None None 10 0 4 157 7 Python,C#,JavaScript,Shell 2100 285
woj-ciech woj-ciech/LeakLooker: Find open databases with Shodan https://github.com/woj-ciech/LeakLooker None None None 11 0 0 156 0 Python,Go 747 101
vngkv123 Chrome V8 中类型错误导致的越界读写漏洞(CVE-2019-5782)与利用介绍: https://github.com/vngkv123/aSiagaming/tree/master/Chrome-v8-906043 https://twitter.com/vngkv123 Browser Exploitation, iOS Jailbreak, Linux Kernel Exploitation :-) @@ Jusun-Lee in Korea, Republic of None ReverseLab, Aegis 71 0 245 151 22 Python,C,JavaScript 0 0
exodusintel CVE-2019-5786 FileReader Exploit https://github.com/exodusintel/CVE-2019-5786/ http://www.exodusintel.com Austin, TX Exodus Intelligence 6 0 0 151 0 Python,JavaScript 220 65
TheKingOfDuck MySQLMonitor: MySQL实时监控工具(黑盒测试辅助工具) https://github.com/TheKingOfDuck/MySQLMonitor https://xz.aliyun.com/u/12470 贵州白马汇会所头牌,服务热线:https://xz.aliyun.com/u/12470 None GIT 34 0 7 151 4 Python,JavaScript 261 86
v-p-b 卡巴斯基本地提权 Exploit 代码 https://github.com/v-p-b/kaspy_toolz/blob/master/virsli.py http://blog.silentsignal.eu None Silent Signal 49 0 123 148 43 Python,Java,Ruby 84 35
jesusprubio Awesome Node.js for penetration testers https://github.com/jesusprubio/awesome-nodejs-pentest https://github.com/IBMResearch A Coruña @IBMResearch 37 0 2500 148 75 TypeScript,JavaScript,Rust 0 0
monoxgas BlackHat USA 会议上有一个关于 C&C(命令控制)技术的议题,作者最近将相关的工具也公开了 https://github.com/monoxgas/FlyingAFalseFlag None Utah, United States Silent Break Security 16 0 31 145 1 C#,Python,PowerShell,C++ 488 143
LinusHenze KeySteal是一个针对macOS<=10.14.3 Keychain漏洞利用程序,允许在没有用户提示的情况下访问Keychain中的密码。 https://github.com/LinusHenze/Keysteal None Germany None 5 0 0 143 0 C,JavaScript,Objective-C,C++ 321 86
alphaSeclab Awesome Forensics Resources - 安全取证分析相关的工具和资料收集 https://github.com/alphaSeclab/awesome-forensics None None None 11 0 23 141 0 1300 185
xuechiyaobai Pwn2Own 2019 Firefox 远程代码执行漏洞(CVE-2019-9810)的 POC https://github.com/xuechiyaobai/CVE-2019-9810-PoC/ None None None 22 0 143 135 25 C,HTML,JavaScript,C++ 108 30
houjingyi233 houjingyi233/CPU-vulnerabiility-collections https://github.com/houjingyi233/CPU-vulnerabiility-collections http://houjingyi233.com security researcher wechat:aG91amluZ3lpMTU5 None None 20 0 713 135 1 Visual,Java,C++ 124 56
lazyparser SpiderMonkey Internals - SpiderMonkey JavaScript 引擎学习相关的笔记 https://github.com/lazyparser/spidermonkey-internals http://lazyparser.com None None 48 0 199 134 62 HTML 93 53
al0ne LinuxCheck: linux信息收集脚本 https://github.com/al0ne/LinuxCheck None 入侵检测/流量分析/应急溯源 china None 6 0 511 132 173 Shell,Vim 146 27
citronneur volatility-wnf - 浏览并 Dump Windows Notification Facilities 的工具: https://github.com/citronneur/volatility-wnf https://github.com/airbus-cert Toulouse, France @airbus-cert 21 0 210 131 79 Python,C#,JavaScript 1000 243
djhohnstein CSharpSetThreadContext - 由 C# 开发的通过 CreateRemoteThread 和 SetThreadContext 执行shellcode 以逃避 Get-InjectedThread 检测的工具 https://github.com/djhohnstein/CSharpSetThreadContext https://popeax.io Operator at SpecterOps. Kali Contributor. Seattle, WA None 48 0 5 130 2 C# 154 35
kkamagui Shadow-box - 基于虚拟化技术实现的一个轻量级的 Linux 操作系统监控框架 https://github.com/kkamagui/shadow-box-for-x86 http://kkamagui.github.io Researcher. USENIX Security, HITBSecConf, Black Hat, beVX, KIMCHICON Speaker. Linux Kernel Contributor. Author of 64-bit multicore OS principles and structure. South Korea National Security Research Institute of South Korea 34 0 32 128 2 Python,C 138 34
masatokinugawa 浏览器 XSS Filter 绕过速查表 : https://github.com/masatokinugawa/filterbypass/wiki/Browsers-XSS-Filter-Bypass-Cheat-Sheet http:///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////twitter.com/kinugawamasato None None 6 0 0 122 0 Python,HTML,JavaScript,C++ 616 120
milabs awesome-linux-rootkits - Linux 平台 Rootkits 相关的资料收集 https://github.com/milabs/awesome-linux-rootkits None Linux kernel addict, security researcher, reverse engineer Russia, Moscow None 27 0 440 119 71 C 282 48
bkth 通过 JavaScript 编译器攻击 Edge https://github.com/bkth/Attacking-Edge-Through-the-JavaScript-Compiler https://twitter.com/bkth_ Security Researcher, CTF player, I like JavaScript but probably not in the same way as most people ;) France None 12 0 15 119 3 Python,C,JavaScript 75 14
a13xp0p0v Linux 内核漏洞利用开发实验项目 https://github.com/a13xp0p0v/kernel-hack-drill https://twitter.com/a13xp0p0v Linux Kernel Developer & Security Researcher None None 5 0 0 119 3 Python,Go,C,HTML 436 44
bitsadmin Windows 漏洞利用辅助工具 https://github.com/bitsadmin/wesng None Netherlands None 9 0 4 118 0 C#,Python,Visual,Batchfile 0 0
HiddenStrawberry 中国爬虫违法违规案例汇总 https://github.com/HiddenStrawberry/Crawler_Illegal_Cases_In_China None 资深前爬虫行业从业者 合作微信 hiddenstrawberry(备注Github) Beijing/Shenyang/Tianjin YiduCloud 22 0 13 116 5 Python,HTML 914 151
ChaitanyaHaritash 生成畸形debian安装包的工具 https://github.com/ChaitanyaHaritash/kimi None Im just someone, to whom it might take you time to understand :) lost None 63 0 356 116 105 Python,C,C++ 46 27
Bypass007 Nessus_to_report: Nessus中文报告自动化脚本 https://github.com/Bypass007/Nessus_to_report None 欢迎关注公众号Bypass--,专注于信息安全。 Xiamen, China None 4 0 3 115 0 Python 596 131
4B5F5F4B 研究员 4B5F5F4B 为 Hyper-V RCE(CVE-2017-007) 漏洞写的 PoC https://github.com/4B5F5F4B/HyperV None None None 20 0 508 114 80 Shell,C,HTML,C++ 125 51
imthenachoman How-To-Secure-A-Linux-Server https://github.com/imthenachoman/How-To-Secure-A-Linux-Server None None None 12 0 13 111 11 Shell,JavaScript,HTML 9100 492
blankwall OSX Privileged Helper Tool: https://github.com/blankwall/Offensive-Con/blob/master/OffCon.pdf None None None 13 0 12 110 0 Python,C,Assembly,C++ 308 34
guedou 为 Ghidra 逆向框架提供对东芝 MeP-c4 处理器架构的支持,源文件 https://github.com/guedou/ghidra-processor-mep None Paris, France None 29 0 73 108 0 Python,OCaml 3900 881
brainsmoke ptrace-burrito - 一款基于 ptrace 可以进行进程跟踪的工具: https://github.com/brainsmoke/ptrace-burrito None None None 34 0 7 104 0 Python,Go,C,Assembly 0 0
eoftedal Istio/Envoy 目录穿越漏洞详情披露(CVE-2019-9901) https://github.com/eoftedal/writings/blob/master/published/CVE-2019-9901-path-traversal.md http://erlend.oftedal.no/blog Oslo, Norway None 73 0 384 103 67 C#,JavaScript,Java 172 11
luguanxing Cheating-Plugin-Program: 从零开始研究外挂设计原理 https://github.com/luguanxing/Cheating-Plugin-Program http://luguanxing.online:8080 None None 17 0 7 102 2 C,JavaScript,HTML,C++ 412 106
kmkz 后渗透测试的真实案例分享,来自 Bsides Dublin 2019 大会 https://github.com/kmkz/PowerShell/tree/master/BsidesDublin-2019 http://www.linkedin.com/in/jean-marie-bourbon Grevenmacher (LU) None 11 0 18 101 9 Python,Assembly,PowerShell,Perl 245 51
wrlu SecIoT-Web: IoT漏洞检测平台 https://github.com/wrlu/SecIoT-Web https://wrlu.cn Mobile & IoT Security Researcher; Java & Python Developer. Beijing, China Huawei 26 0 41 100 33 Python,TSQL,JavaScript,Java 20 9
enovella r2frida-wiki - 关于 r2frida 的使用维基: https://github.com/enovella/r2frida-wiki https://github.com/nowsecure Mobile Security Researcher London, UK @nowsecure 140 0 83 100 54 C,Shell,Java,Python,JavaScript,C++ 93 19
j0nathanj From Zero to Zero Day ,介绍零基础挖掘 Chakra Core 漏洞的方法,来自 35C3 大会: https://github.com/j0nathanj/Publications/tree/master/35C3_From_Zero_to_Zero_Day https://twitter.com/j0nathanj A teenager interested in computers, maths and physics :) None None 3 0 74 99 46 Python,JavaScript 68 10
xmendez 模糊测试及暴力破解工具收集的分享:https://twitter.com/Alra3ees/status/1103563481641611264 https://github.com/xmendez/wfuzz/ http://wfuzz.org IT Security Consultant , Security Researcher; Twitter: @x4vi_mendez None None 4 0 6 98 1 Python,Ruby 1700 407
j3ssie IPOsint: Discovery IP Address of the target https://github.com/j3ssie/IPOsint https://twitter.com/j3ssiejjj I like abusing features None None 19 0 7 98 0 Python 0 0
r35tart R3start 总结的一些日常渗透测试项目的案例 https://github.com/r35tart/Penetration_Testing_Case http://R3start.net 人若无名,便可潜心练剑。 None None 51 0 130 95 5 Python 307 113
MatthewPierson 利用 OTA Blobs 实现 iOS 降级的工具 https://github.com/MatthewPierson/Vieux https://twitter.com/mosk_i I downgrade iPhones =) None None 10 0 0 95 1 Python,Shell,Rich 95 27
iSafeBlue TrackRay: 溯光(Trackray)渗透测试框架 2.0 https://github.com/iSafeBlue/TrackRay https://b1ue.cn Security Researcher , Java Development Engineer None None 9 0 281 92 40 Java,HTML,JavaScript 375 101
ze0r CVE-2018-8639-exp https://github.com/ze0r/CVE-2018-8639-exp/ None None None 5 0 5 91 5 Python,JavaScript,C++ 97 39
lowleveldesign 用于 trace .NET 程序网络通信流量的工具 https://github.com/lowleveldesign/dotnet-netrace https://lowleveldesign.org System Engineer • Interested in profiling, security, and OS internals Poland None 19 0 91 91 0 C#,ASP,C++ 489 44
Mel0day BCS 2019 红队行动会议重点内容 https://github.com/Mel0day/RedTeam-BCS None None None 116 0 304 91 20 Python,Ruby 210 56
npubird 东南大学《知识图谱》研究生课程 https://github.com/npubird/KnowledgeGraphCourse http://npubird.github.io None Southeast University 68 0 56 87 2 Python,HTML,Java,JavaScript 1100 376
Mattiwatti EfiGuard - x64 UEFI bootkit,在启动时修补 Windows 启动管理器以禁用 PatchGuard 和驱动程序签名验证(DSE) https://github.com/Mattiwatti/EfiGuard None The Netherlands None 19 0 13 87 3 C,Assembly,C++ 227 61
patois HRDevHelper - IDA HexRays 反汇编工具的插件,用于支持实时查看反编译后 C 代码的 ctree 信息 https://github.com/patois/HRDevHelper None Yo, was github? 127.0.0.1 None 32 0 233 86 48 Python 184 19
vincentcox bypass-firewalls-by-DNS-history - 通过寻找 DNS 历史来绕过 WAF 直接访问真实 IP 地址的工具: https://github.com/vincentcox/bypass-firewalls-by-DNS-history https://www.linkedin.com/in/ivincentcox/ vincentcox.com Belgium None 7 0 145 80 15 Shell,JavaScript,PowerShell 0 0
rootclay Powershell攻击指南----黑客后渗透之道 https://github.com/rootclay/Powershell-Attack-Guide http://rootclay.com A man who wants to be a ... beijing 360 34 0 401 80 81 Python,C#,HTML,PowerShell 298 87
heibaiying BigData-Notes: 大数据入门指南 https://github.com/heibaiying/BigData-Notes https://blog.csdn.net/m0_37809146 博客:https://blog.csdn.net/m0_37809146 shanghai None 2 0 20 80 0 Java 2900 755
0x36 iOS上的沙箱逃逸漏洞(A11平台,版本<12.2) https://github.com/0x36/powend None . Morocco None 6 0 23 79 0 C,Makefile 138 36
yadox666 硬件黑客的工具箱,里面涵盖了硬件安全各个领域中使用的软件和硬件工具的介绍和推荐。 https://github.com/yadox666/The-Hackers-Hardware-Toolkit/blob/master/TheHackersHardwareToolkit.pdf https://twitter.com/yadox Yago Hansen is a recognized authority in IT security topics. He successfully managed projects related to the design of Security technologies and devices. Madrid Mundo Hacker 8 0 1 78 1 Python 863 103
aleenzz MYSQL SQL 注入 Bypass 技巧总结 https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI None 发现问题,解决问题 None 404 11 0 24 78 31 Python 288 74
uknowsec 域渗透学习笔记 https://github.com/uknowsec/Active-Directory-Pentest-Notes http://uknowsec.cn 不忘初心,方得始终 Nanjing None 90 0 415 77 150 Python,PHP 95 15
cnlh easyProxy: 内网穿透代理服务器 https://github.com/cnlh/easyProxy None chengdu none 6 0 30 77 0 Go 0 0
mk-fg 通过 AppArmor Linux 内核安全模块限制应用程序访问权限 https://github.com/mk-fg/apparmor-profiles http://fraggod.net Random foss user, tinkerer, dev and freelancer. Mirror: http://fraggod.net/code/git/ Yekaterinburg, RU None 80 0 22 76 0 Python 201 35
tarafans XuWen在zer0con上关于js和DOM fuzz的议题,提出了一种Emulation-based generation的fuzz思路。 https://github.com/tarafans/collections/blob/master/ZeroCon2019.pdf https://gts3.org/~wen Atlanta Georgia Tech 20 0 5 75 10 Python,C,HTML 17 4
d0c-s4vage gramfuzz - 通过定义语法规则生成 Fuzz 测试样本数据的工具 https://github.com/d0c-s4vage/gramfuzz None None None 56 0 37 75 1 Python,JavaScript,Vim 149 29
husthuke awesome-knowledge-graph: 整理知识图谱相关学习资料 https://github.com/husthuke/awesome-knowledge-graph https://husthuke.github.io/ beijing VIPKID 31 0 234 74 31 Jupyter,HTML,Java,CSS 282 62
RedDrip7 RedDrip7团队收集恶意软件家族样本,帮助安全社区对抗恶意软件和针对性攻击。 https://github.com/RedDrip7/APT_Digital_Weapon https://ti.qianxin.com/blog/ Technical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence. China Qianxin 3 0 0 74 0 122 23
userlandkernel 如何破解 iPhone 基带的详细介绍: https://github.com/userlandkernel/baseband-research?files=1 https://github.com/Fontys-Hogeschool-ICT Im a Software Engineering and Cybersecurity student at @Fontys-Hogeschool-ICT I research MACH, Darwin and LowLevel System Security. Mainly intrested in iOS. Eindhoven, Netherlands @UKERN-Developers 33 0 48 72 11 HTML,C,Shell,Objective-C 0 0
matiskay html-similarity: Compare html similarity using structural and style metrics https://github.com/matiskay/html-similarity http://twitter.com/matiskay Doing security things by day and doing things with data and crafty stuff by night. Arequipa, Perú None 57 0 1100 71 209 Python,HTML 0 0
zMarch Orc - Bash 开发的 Linux 后渗透测试框架 https://github.com/zMarch/Orc https://attribution.party Pentester, hacker, forensicator. I write code, and sometimes I even publish it. Find me on twitter: https://twitter.com/_ta0 None None 6 0 2 67 10 Shell,Assembly,JavaScript 258 34
86hh 利用 Control Flow Guard 实现对 PE32 文件 EntryPoint 混淆的恶意代码 PoC https://github.com/86hh/POC-viruses/tree/master/Senshi.A None None None 10 0 1 67 1 Assembly 94 26
jakkdu fuzzilli的quickjs patch, Happy hacking :) https://github.com/jakkdu/fuzzilli-for-quickjs http://jakkdu.github.io Atlanta Georgia Institute of Technology 13 0 49 65 6 Python,TeX,Ruby 11 3
cfreal Apache 本地提权漏洞 CVE-2019-0211 Exploit https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache https://github.com/ambionics None @ambionics 2 0 3 65 0 PHP,HTML 423 71
AxtMueller Windows-Kernel-Explorer - 一款 Windows 内核研究工具: https://github.com/AxtMueller/Windows-Kernel-Explorer https://www.aldi-sued.de I am currently working in a grocery store, but I have been studying the Windows kernel for many years. Dußlingen, Germany ALDI SÜD 1 0 0 65 0 0 0
scarvell grandstream_exploits - Grandstream 设备中的 RCE 漏洞 EXPLOIT 集合 https://github.com/scarvell/grandstream_exploits None Australia None 22 0 54 63 37 Python,CoffeeScript,JavaScript,PHP 50 24
guitmz virii - 远古计算机病毒源代码的收集: https://github.com/guitmz/virii https://github.com/relayr Berlin @relayr 56 0 469 63 20 Go,Assembly,Nim 0 0
decoder-it powershellveryless - 绕过 Powershell 受限语言模式及 AMSI 的工具 https://github.com/decoder-it/powershellveryless/ None None None 9 0 1 63 0 C#,PowerShell,C++ 129 48
Kira-cxy 科恩实验室 Kira-cxy 在 TenSec 2019 会议关于虚拟化以及 QEMU slirp:tcp_emu 堆溢出虚拟机逃逸漏洞(CVE-2019-6778)的分析 https://github.com/Kira-cxy/qemu-vm-escape None baby security researcher None None 4 0 337 63 97 C,HTML,C++ 101 18
0xMJ AI-Security-Learning: 安全检测与数据挖掘的学习资料 https://github.com/0xMJ/AI-Security-Learning http://mang0.me CTF , Web Security , Data Analysis SiChuan, China None 41 0 255 63 300 Python,PHP,HTML 145 34
brompwnie Break out the Box (BOtB) - Blackhat Arsenal 会议上公开的一款用于容器分析和常见容器漏洞利用的工具 https://github.com/brompwnie/botb/releases/tag/1.2.0 https://twitter.com/brompwnie Keyboard wrangler ⌨️ None None 18 0 9 62 14 CSS,Go,Java,Smali,C++ 462 213
theLSA dz-ml-rce.py:discuz ml RCE漏洞检测工具 https://github.com/theLSA/discuz-ml-rce http://www.lsablog.com I like network security,penestration and programming(python,c/c++,php,java,ect),welcome to communicate with me! China None 27 0 15 60 14 Python 71 35
JeremyFetiveau TurboFan String.lastIndexOf JSCall 节点输入错误漏洞的利用: https://github.com/JeremyFetiveau/TurboFan-exploit-for-issue-762874 None None None 6 0 1 60 6 JavaScript,C++ 41 26
DavidXanatos 一个细粒度管理 Windows 软件更新包的工具 https://github.com/DavidXanatos/wumgr None None None 30 0 7 60 0 C#,C,PowerShell,C++ 405 57
b1ack0wl Linux Mint 18.3-19.1 yelp 命令注入 Bug PoC https://github.com/b1ack0wl/linux_mint_poc None None None 11 0 12 59 0 Python,Shell,HTML,Ruby,Propeller 20 3
Geluchat 研究员Geluchat公开了若干针对Chrome V8引擎的1day漏洞和比赛题目的exploit。 https://github.com/Geluchat/chrome_v8_exploit https://www.dailysecurity.fr France None 7 0 49 59 11 Python,C,JavaScript,PHP 31 5
V33RU IoTSecurity101 - IoT 安全方向优秀资源索引: https://github.com/V33RU/IoTSecurity101 http://iotpentest.com/ Keen Interested in IoT Penetration testing bangalore Independent 64 0 14 58 8 Python,Go 707 151
mcw0 HiSilicon DVR 黑客笔记 https://github.com/mcw0/pwn-hisilicon-dvr/blob/master/README.adoc None None None 5 0 3 57 2 Python 208 87
jaredestroud 如何通过 vim 来实现代码执行及持久化等攻击: https://github.com/jaredestroud/WOTD/blob/master/%5BDARK%5D%20Weapons%20of%20%20Text%20Destruction.pdf None None None 17 0 208 57 37 SaltStack,PHP,Shell,C++ 0 0
TarlogicSecurity 从 Linux 内存中 dump 出Kerberos 票据 https://github.com/TarlogicSecurity/tickey https://www.tarlogic.com/en/ Cyber security, cyber intelligence, Red Team None Tarlogic 11 0 0 56 0 Go,Python,C,C++ 87 19
1120362990 vulnerability-list: 渗透测试中快速检测常见中间件、组件的高危漏洞 https://github.com/1120362990/vulnerability-list None web安全-渗透测试-python None None 5 0 193 56 58 Python,Java 269 61
LinXueyuanStdio Python数据挖掘与实战 https://github.com/LinXueyuanStdio/PythonDataMining http://xichen.pub He who thinks wins. None None 78 0 329 55 32 Java,Jupyter,Rust 0 0
lucasg 基于 IDA 脚本实现的枚举系统 RPC 接口的工具 https://github.com/lucasg/findrpc None None None 24 0 33 54 3 C#,Python,C,TeX,CSS 1600 128
sapphirex00 APT IOCs 收集整理: https://github.com/sapphirex00/Threat-Hunting None None None 18 0 38 53 48 Python,Shell 0 0
jiansiting Decryption-Tools: 勒索病毒解密工具的汇总 https://github.com/jiansiting/Decryption-Tools None 剑思庭 China Industrial Control Security Researcher 12 0 8 53 0 Python 90 49
xinali Adobe Font Development Kit for OpenType 套件相关的漏洞分析 https://github.com/xinali/AfdkoFuzz/ None Malware Analysis, Coder & Antiy Lab Harbin,China Jilin University 14 0 121 52 56 Python,HTML,Dockerfile,C++,Vue 85 37
qingxp9 macOS Mojave 10.14.4 802.1X 组件网络流量劫持逻辑漏洞的 PoC https://github.com/qingxp9/CVE-2019-6203-PoC https://qingxp9.github.io/ Wireless Security Researcher None 360 PegasusTeam 18 0 118 52 22 Python,C,Shell 3800 859
DeepSpaceHarbor 人工智能(AI)安全方向的资料整理 https://github.com/DeepSpaceHarbor/Awesome-AI-Security None ¯_(ツ)_/¯ None 8 0 15 52 1 HTML 882 134
0xcpu Windows 10 20H1 18999 新加了一个特性 AltSystemCallHandlers,可以实现 KiSystemCall 的 HOOK 回调 https://github.com/0xcpu/WinAltSyscallHandler None nothing interesting None None 16 0 1300 52 112 Python,C,C++,Rust 48 11
needmorecowbell Hamburglar: collect useful information from urls, directories, and files https://github.com/needmorecowbell/Hamburglar http://adammusciano.com Sharing is a moral imperative Pittsburgh, Pennsylvania Inquest 68 0 458 50 34 Python,YARA,C++ 0 0
jthuraisamy Synaptics 音频 Windows 内核驱动 CxUtilSvc 本地提权漏洞(CVE-2019-9730) https://github.com/jthuraisamy/CVE-2019-9730/ http://jackson.thuraisamy.me None None 22 0 37 50 8 C#,Python,C,JavaScript,Java 40 9
shogunlab Hyper-V 漏洞及利用相关的资料收集 https://github.com/shogunlab/awesome-hyper-v-exploitation http://www.shogunlab.com Vulnerability Researcher at Shogun Lab. The lab was started to help organizations find security flaws in their software. Canada Shogun Lab 8 0 395 49 24 Python,Swift,Ruby 114 27
IgorKorkin 基于 HyperPlatform / DdiMon 实现的驱动程序内核内存访问保护。作者举的实际应用例子是防止劫持其它驱动程序的 FILE_OBJECT 对象,但似乎有点大材小用。 https://github.com/IgorKorkin/MemoryRanger http://igorkorkin.blogspot.com An expert in digital security, full of passion and curiosity Im focusing on protection the Windows OS Kernel. #MEPhI alumni None None 16 0 3 49 29 C++ 53 14
0x7ff PoC for setting nonce without triggering KPP/KTRR/PAC https://github.com/0x7ff/dimentio None Monero: 42XMRm2cADx8tN3FxA9i2n852PNUTS1JSaDrqdBnxKkiW44WTQMvawFHXmYwxJmhhoKruQHE8bFNjH9BsWH35BjeETyG8fE None None 10 0 0 49 6 C 28 9
RanchoIce 湛泸实验室 RanchoIce 在 ZeroNights 2018 会议演讲《From Graphic Mode To God Mode - Discovery Vulnerabilities of GPU Virtualization》的 PPT https://github.com/RanchoIce/ZeroNights2018// https://twitter.com/RanchoIce Researcher of Tencent Security ZhanluLab None ZhanluLab 61 0 0 48 11 Ruby,PowerShell,C++ 19 12
codemayq 中文公开聊天语料库 https://github.com/codemayq/chaotbot_corpus_Chinese None new bird in nlp Beijing China Peking University 7 0 234 47 12 Python,TypeScript 725 192
mohuihui antispy: Windows下手工杀毒辅助工具开源 https://github.com/mohuihui/antispy None QQ & WeChat:454858525 None Alibaba 9 0 5 46 2 C,Java,Objective-C 242 133
intelstormteam 针对 CPU 分支预测侧信道攻击的一种 Mitigation 防御方法 https://github.com/intelstormteam/Papers/blob/master/2019-Randpoline_A_Software_Mitigation_for_Branch_Target_Injection_Attacks_v1.42.pdf https://twitter.com/intelstormteam Intel STrategic Offensive Research & Mitigations Team (STORM) None Intel Corporation 6 0 0 46 7 C++ 8 6
lis912 Evaluation_tools: 等级保护测评工具 https://github.com/lis912/Evaluation_tools None 时不时拧巴的菜鸡一只。 None None 9 0 16 45 0 Go,Shell,HTML,CSS 161 54
numirias 通过 VIM 对 modelines 特殊格式的支持可以实现任意代码执行。漏洞影响 Vim < 8.1.1365, Neovim < 0.3.6 版本 https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md https://twitter.com/rawsec Infosec fanboy Europe None 18 0 40 44 5 Python,JavaScript 270 13
marcinguy Android 7月补丁修复的Media Framework漏洞CVE-2019-2107的PoC https://github.com/marcinguy/CVE-2019-2107 None Berlin, Germany None 39 0 11 44 28 Python,C 52 13
chris408 ct-exposer: discovers sub-domains by searching Certificate Transparency logs https://github.com/chris408/ct-exposer https://linkedin.com/in/chris408 chris408.com None None 9 0 6 44 6 Python,C 0 0
biggerwing 绿盟科技漏洞扫描器(RSAS)漏洞知识库 https://github.com/biggerwing/nsfocus-rsas-knowledge-base None YmlnZ2VyLndpbmdAZ21haWwuY29tCg== None None 79 0 13 44 1 Python,Lua,C,HTML 141 42
yyhsong iDataV: 大屏数据可视化示例 https://github.com/yyhsong/iDataV None Just coding for fun. None None 13 0 31 42 0 JavaScript 875 368
sailay1996 Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe) https://github.com/sailay1996/UAC_bypass_windows_store https://heynowyouseeme.blogspot.com/ @404death Myanmar None 169 0 5 41 2 C,Shell,Python,JavaScript,C++,PowerShell 75 23
0xDezzy 攻击 Pulse Secure Connect VPN 服务的 Exploit 代码 https://github.com/0xDezzy/CVE-2019-11539 None Houston based Security Researcher and Red Teamer Houston, Texas EY 93 0 124 41 52 Python,KiCad,JavaScript,C++ 68 15
jovanbulck Intel SGX enclave 侧通道攻击框架 SGX-Step v1.3 发布,现已支持 Foreshadow 瞬态执行攻击: https://github.com/jovanbulck/sgx-step https://distrinet.cs.kuleuven.be/people/jo PhD student @KU_Leuven , Trusted Computing & Side-Channel Attacks , #IntelSGX #Sancus #Foreshadow None None 16 0 64 40 0 C,Verilog 0 0
allpaca V8Harvest - V8 代码库近期回归测试样本的分析,方便分析 v8 的漏洞 https://github.com/allpaca/V8Harvest None None None 46 0 37 40 4 JavaScript,C++ 96 20
rohanpadhye 针对 Java 语言的基于覆盖率的 Fuzz 框架 https://github.com/rohanpadhye/jqf https://cs.berkeley.edu/~rohanpadhye PhD student Berkeley, CA UC Berkeley 29 0 50 39 6 C,Java 121 24
0xffff0800 MuddyWater 组织的 Muddyc3 C2 源码泄漏 https://github.com/0xffff0800/muddyc3 https://www.twitter.com/0xffff0800 Security Researcher, Malware Analyst Shenzhen Guangdong China None 1 0 0 39 0 Python 103 67
dahall Vanara - 方便从 .NET 调用 Windows Native API 而写的 .NET 字节码库 https://github.com/dahall/Vanara None Ive been writing and designing code for over 20 years for both commercial and open source use. I work as a CTO for tech firm. United States None 14 0 2 38 0 C# 304 69
kam800 macOS 平台的一款 Mach-O 混淆工具 https://github.com/kam800/MachObfuscator None Poland None 9 0 467 37 11 Ruby,Objective-C,Swift,C 193 20
zznop bn-genesis - 协助分析 SEGA Genesis ROM 的 Binary Ninja 插件 https://github.com/zznop/bn-genesis None Dayton, Ohio None 12 0 116 36 17 Python,Java,C,Assembly 71 12
vishnudxb automated-pentest-自动化扫描和生成渗透测试报告的 Parrot OS 系统容器 https://github.com/vishnudxb/automated-pentest http://www.vishnudxb.me Vishnu Nair is working as a Technology Lead in Taylor & Francis The Netherlands None 130 0 179 36 54 Go,Shell,Ruby,PHP 110 12
unknownv2 CoreHook - 基于 .NET Core 运行时实现的 Windows HOOK 库 https://github.com/unknownv2/CoreHook https://thierrybiz.page Software Engineer interested in data engineering and cloud computing. None None 32 0 888 36 30 C#,Java,C++,Scala 75 11
therealsaumil ARM-X - 基于 Qemu 模拟执行 IoT 设备 ARM 固件的框架 https://github.com/therealsaumil/armx https://twitter.com/therealsaumil None None 8 0 0 36 2 Shell,C,JavaScript,Assembly,Arduino 170 32
securemode Invoke-Apex - 基于 PowerShell 的后渗透测试工具包: https://github.com/securemode/Invoke-Apex https://securemode.io None None 13 0 158 35 0 Lua,Shell,PowerShell 0 0
open-cmdb cmdb: CMDB 配置管理系统 资产管理系统 https://github.com/open-cmdb/cmdb None Shanghai None 2 0 2 35 0 Python,JavaScript 413 166
BusesCanFly Automate discovering and dropping payloads on LAN Raspberry Pis via ssh https://github.com/BusesCanFly/rpi-hunter None I make things, I break things. ¯_(ツ)_/¯ ‮‮‮ Somewhere in a linux server None 4 0 437 35 66 Python 0 0
superhedgy AttackSurfaceMapper - 一款开源的情报搜集工具 https://github.com/superhedgy/AttackSurfaceMapper https://github.com/SpiderLabs Just another InfoSec Ninja! My Latest open source tool is HostHunter: github.com/SpiderLabs/HostHunter/ United Kingdom @SpiderLabs 4 0 89 34 11 Python,Shell 292 41
momika233 ClamAV 反病毒软件 0Day Exploit https://github.com/momika233/ClamAV_0Day_exploit/ https://twitter.com/momika233 momika233 Korea None 4 0 4 34 0 Python 97 24
imjdl SearchApp: 小型网络空间搜索引擎 https://github.com/imjdl/SearchApp http://blog.blackarch.xyz Read The Fucking Source Code 菜雞一個 HK.China undergraduate 125 0 341 33 174 Python 0 0
dsnezhkov zombieant - 逃避 Linux EDR 检测的工具 https://github.com/dsnezhkov/zombieant/ None None None 33 0 170 33 8 C#,Python,C,Go,C++ 78 16
CaijiOrz Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法 https://github.com/CaijiOrz/fastjson-1.2.47-RCE https://www.sec.kim/ A true master is an eternal student Chongqing China None 11 0 216 33 108 Python,Ruby,HTML,Java 22 11
niemand-sec AntiCheat-Testing-Framework - 游戏反外挂测试框架,作者在 Recon2019 会议有一个关于这个工具的演讲 https://github.com/niemand-sec/AntiCheat-Testing-Framework None Twitter: @niemand_sec None None 23 0 21 32 4 C#,Python,C++ 102 21
avishayil 模拟 Capital One 数据泄露漏洞环境的云配置文件 https://github.com/avishayil/caponeme https://github.com/cyberark Cloud & DevOps Engineer @ CyberArk Israel @cyberark 23 0 52 32 0 Java,Python,JavaScript,Objective-C,Dockerfile,CSS 435 102
NotMedic NetNTLMtoSilverTicket - 实现 SpoolSample -> NetNTLMv1 -> NTLM -> Silver Ticket 攻击链的工具: https://github.com/NotMedic/NetNTLMtoSilverTicket None None None 14 0 2 32 0 C,Shell,JavaScript,C++,HTML,PowerShell 210 35
A2nkF 研究员 A2nkF 公开了一个 macOS 内核 0Day Exploit https://github.com/A2nkF/macOS-Kernel-Exploit/ https://twitter.com/A2nkF_ None None 14 0 21 32 15 Python,C,C++ 106 18
Macr0phag3 GithubMonitor: 关键词监控GitHub泄漏 https://github.com/Macr0phag3/GithubMonitor https://www.tr0y.wang hello hacker ! None None 22 0 53 31 2 Python,Shell 0 0
echowei DeepTraffic: Deep Learning models for network traffic classification https://github.com/echowei/DeepTraffic None Beijing None 1 0 1 29 0 Python 153 117
Cherishao APT-Sample Files https://github.com/Cherishao/APT-Sample https://cherishao.github.io/ Malware researcher && APT Follow , Analyze threats,Blue/Red Team methodology, Networks, Malware Analysis,Reverse Engineering🕵️‍♂️ BTC:17iDHpUqe9XGpGJ2cMBUVciq ChengDu None 68 1 346 29 31 Python,HTML 47 24
AdrianVollmer PowerHub - 辅助 PowerSploit 绕过杀毒软件检测和应用白名单的 Web 应用 https://github.com/AdrianVollmer/PowerHub https://github.com/SySS-Research @mr_mitm Tübingen, Germany SySS GmbH @SySS-Research 8 0 33 29 13 Python,C,Ruby,PowerShell 126 15
terjanq 一款JS编码工具,可以将 JS 编码成仅含有 /[a-z().]/ 字符的代码 https://github.com/terjanq/JS-Alpha/tree/master None Student of Informatics and Mathematics at University of Wroclaw None None 21 0 17 28 7 HTML,JavaScript,C++ 166 7
artsploit solr-injection: Apache Solr Injection Research https://github.com/artsploit/solr-injection https://artsploit.blogspot.com/ None Veracode 5 0 8 28 0 PHP,Java 191 16
ION28 BLUESPAWN - 用于辅助蓝队实现 Windows 系统主动防御的监控工具 https://github.com/ION28/BLUESPAWN/blob/master/README.md https://metactf.com None MetaCTF 8 0 165 28 29 JavaScript,C++ 60 16
Dongdongshe neuzz - 基于神经网络的 fuzzer: https://github.com/Dongdongshe/neuzz None None None 28 0 6 28 1 Python,C,C++ 171 31
hanbinglengyue FART: ART环境下自动化脱壳方案 https://github.com/hanbinglengyue/FART None 大成若缺,大道至简 None None 78 0 3 27 20 Python,Java,C,PHP,Ruby 239 77
digital-missiles 上周爆出 CVE-2019-0708 远程桌面服务的蠕虫级 RCE 漏洞,但是一只没有 PoC 公开出来。昨天 GitHub 上 digital-missiles 公开了一个可以触达漏洞函数路径的 PoC,不会引起拒绝服务。 https://github.com/digital-missiles/CVE-2019-0708-PoC-Hitting-Path None None None 1 0 0 27 0 Python 183 67
Sheisback Win32k CreateWindowEx 函数 UAF Exploit https://github.com/Sheisback/CVE-2019-0859-1day-Exploit http://sheisback.xyz None None 66 0 10 27 4 Python,C#,C,JavaScript,C++ 56 19
zerobyte-id Bashter: Web Crawler, Scanner, and Analyzer Framework (Shell-Script based) https://github.com/zerobyte-id/Bashter https://zerobyte.id Dumb Repo None None 11 0 3 26 0 Shell,JavaScript,PHP 0 0
leeberg BlueHive - 基于 PowerShell 实现的活动目录密罐用户管理项目,并且带仪表盘以可视化展示结果 https://github.com/leeberg/BlueHive http://www.leealanberg.com Product Manager, Automation Engineer, Content Producer, EX Microsoft MVP, Nerd Madison, Wisconsin, United States None 35 0 85 26 64 C# 4 0
hyrathon 《Android平台上NFC相关漏洞的研究》议题作者发现的漏洞 PoCs https://github.com/hyrathon/PoCs None Android Security Researcher Beijing, PRC None 59 0 341 26 35 C,JavaScript,Java,C++ 21 5
Alexandre-Bartel DOSBox 模拟器缓冲区溢出漏洞 CVE-2019-12594 Exploit https://github.com/Alexandre-Bartel/CVE-2019-12594/ https://www.abartel.net None None 15 0 4 26 1 Python,C,Java 7 2
shadow-horse CVE-2019-17571/Apache Log4j 1.2.X 存在反序列化远程代码执行漏洞 https://github.com/shadow-horse/CVE-2019-17571 None Penetration, Vulnerability Research, SDL, STRIDE None None 23 0 61 25 7 Python,JavaScript,Java,HTML,CSS 5 1
daddycocoaman Bypass Python 3.8 版本新增的 Runtime Audit Hooks 安全审计特性 https://github.com/daddycocoaman/SlidePresentations/blob/master/2019/BypassingPython38AuditHooks.pptx None None None 10 0 11 25 1 Python,PowerShell,Boo 43 9
tikazyq crawlab: 基于Celery的爬虫分布式爬虫管理平台 https://github.com/tikazyq/crawlab/blob/master/README-zh.md None Chongqing, China None 35 0 98 24 19 Python,Vue 527 100
erbbysam erbbysam/DNSGrep: Quickly Search Large DNS Datasets https://github.com/erbbysam/dnsgrep/ None USA None 13 0 54 24 4 Go,Shell,JavaScript,PHP 250 43
DanyL 作者公开了iOS12.3中修复的漏洞CVE-2019-8637和CVE-2019-8593的exploits https://github.com/DanyL/lockdownd_playground None None None 16 0 15 24 7 Tcl,C,Shell,Ruby,Objective-C 40 9
lyxhh HTTPDecrypt: 利用HTTP协议 远程加解密数据包,实现Burp一条龙服务 https://github.com/lyxhh/lxhToolHTTPDecrypt None None None 5 0 169 23 0 Python,JavaScript,HTML 354 112
locoz666 手把手教你写爬虫 https://github.com/locoz666/spider-article None ShenZhen Midu(www.midu.com) 3 0 42 23 2 JavaScript 0 0
linuxthor uul - 让 uul ELF 二进制文件同时在多个 *nix 风格的系统上运行的项目: https://github.com/linuxthor/uul None Yorkshire None 32 0 0 23 3 C,Assembly 0 0
si9int Inserting arbitrary files into Google Earth Projects Archives https://github.com/si9int/OFFSEC-Archive/blob/master/web/Inserting%20arbitrary%20files%20into%20Google%20Earth%20Projects%20Archives.pdf https://si9int.sh Whitehat in own definition None None 7 0 11 22 0 Python 0 0
hannespayer V8 Team在PLDI上办的v8讲座的资料 https://github.com/hannespayer/v8-tutorial-pldi2019 None None None 4 0 0 22 0 C++ 12800 2500
atrosinenko Linux内核快速模糊测试工具的集合 https://github.com/atrosinenko/kbdysch None Saint-Petersburg, Russia None 33 0 78 22 1 C,C++,Scala 59 2
xrkk 跟 IDA Pro 有关的资源收集,当前包括的工具个数 450 左右 https://github.com/xrkk/awesome-ida None None None 7 0 1400 21 0 Python,TypeScript 403 69
vigneshsrao CVE-2019-11707 Firefox IonMonkey JIT类型混淆漏洞的完整exploit利用代码。 https://github.com/vigneshsrao/CVE-2019-11707 https://github.com/teambi0s Cyber Security Enthusiast. Does pwning and forensics for Team bi0s. None @teambi0s 24 0 4 21 5 Python,JavaScript,Java 22 4
SolomonSklash chomp-scan: 用于简化Bug Bounty/Penetration Test探测阶段的工具脚本 https://github.com/SolomonSklash/chomp-scan https://www.solomonsklash.io/ Senior penetration tester at FIS Global. None FIS Global 22 0 739 21 13 Python,Go,Shell 0 0
KibodWapon Axis-1.4-RCE-Poc: Axis https://github.com/KibodWapon/Axis-1.4-RCE-Poc https://kibodwapon.github.io/ None None 4 0 5 21 0 Python,HTML 97 59
JonGates jon: LINUX系统攻防工具箱 https://github.com/JonGates/jon http://blog.jongates.cn birl None 597.com 10 0 118 21 7 Go,C,JavaScript 104 28
Ch1ngg AggressorScript-CreateCloneHiddenAccount https://github.com/Ch1ngg/AggressorScript-CreateCloneHiddenAccount https://www.ch1ng.com/ no no 7 0 99 21 14 C#,Python,ASP,Java,PowerShell 16 5
vulmon Vulmap: Vulmap Online Local Vulnerability Scanners Project https://github.com/vulmon/Vulmap https://github.com/yavuzatlas Open source tools of Vulmon @yavuzatlas @ozelfatih None None 1 0 1 20 0 Python 0 0
streaak Keyhacks - 逐个请求各公司 API 服务接口,用于检查泄漏的 API Keys 是否是主流公司的有效 API Key https://github.com/streaak/keyhacks None None None 31 0 13 20 1 Python,Shell,Ruby 98 20
stevenaldinger stevenaldinger/decker: Declarative penetration testing orchestration framework https://github.com/stevenaldinger/decker https://www.linkedin.com/in/steven-aldinger-7a32a774/ None None 51 0 54 20 8 Go,Shell,HCL 208 14
gnebbia pdlist: A passive subdomain finder https://github.com/gnebbia/pdlist None Italy None 231 0 225 20 5 C,XSLT,Python,JavaScript,Makefile,Perl,HTML,Go,PowerShell 104 14
feexd runc 容器逃逸漏洞(CVE-2019-5736)及利用介绍 : 1) https://www.exploit-db.com/exploits/463592) https://github.com/feexd/pocs3) https://github.com/feexd/pocs3) https://www.twitter.com/poprdi None None 3 0 30 20 2 Python,C 207 73
dvur12 基带安全研究相关的资料整理 https://github.com/dvur12/awesome-baseband-research https://twitter.com/dvur12 Israel TroopsLabs 36 0 81 20 15 Python,C,C++ 30 10
crypto-cypher 《Privacy for Identities: The Art of Pseudonymity》发布,主要探讨信息安全,隐私权和大规模监控 https://github.com/crypto-cypher/privacy-for-identities/blob/master/PrivacyForIdentities%20-%20Prerelease.pdf https://twitter.com/CryptoCypher Networking. OpSec. Privacy. Coding. Just another paranoid cypherpunk whos terrible at calculus. Dreaming big. None None 7 0 7 20 7 Shell 32 5
Rman0fCN ML_Malware_detect: 阿里云安全恶意程序检测比赛 https://github.com/Rman0fCN/ML_Malware_detect None Stu from HITsz None None 48 0 76 20 67 Python,PHP,JavaScript,Smarty 43 10
MagicZer0 fastjson 1.2.46 版本 RCE Exploit https://github.com/MagicZer0/fastjson-rce-exploit None web security researcher, like coding. None None 8 0 6 20 4 HTML,Java,PHP 59 21
trombastic 基于 Django 实现的开源 SCADA 系统,支持多种工控协议 https://github.com/trombastic/PyScada http://martin-schroeder.net Berlin Technische Universität Berlin 11 0 8 19 0 Python,JavaScript 138 52
paul-axe paul-axe 公开的 WCTF 2019 P Door 赛题的 writeup https://github.com/paul-axe/ctf/tree/master/wctf2019/p-door None None None 5 0 94 19 10 Python,C,PHP,Haskell 7 1
StrangerealIntel 针对以色列某未知 APT 恶意样本的分析报告 https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Israel/APT/Unknown/26-08-19/Malware%20analysis%2026-08-19.md None None None 1 0 0 19 0 Visual 67 14
GuidoPaul CAIL2019: 中国法研杯司法人工智能挑战赛之相似案例匹配第一名... https://github.com/GuidoPaul/CAIL2019 http://www.baosl.com/ None None 20 0 124 19 12 Python,Jupyter,Java,Vim 68 24
Areizen 一款基于 Android 模拟器和 Frida 实现的 Android 恶意软件分析的沙盒 https://github.com/Areizen/Android-Malware-Sandbox None None None 16 0 2 19 2 Python,Shell,JavaScript 86 23
yangruiqiyr 一个用Intel VT-X/EPT实现的类似Sysinternals Process Monitor的工具 https://github.com/yangruiqiyr/Syscall-Monitor None Weak chicken in weak chicken None None 74 0 57 18 34 Python,C,PHP,Java,C++ 1 0
chrisnas DebuggingExtensions - 一款可以用于 Windows 和 Linux 的 .NET Core 控制台的调试工具 https://github.com/chrisnas/DebuggingExtensions/releases/tag/v1.6 None None None 9 0 2 18 1 C#,PowerShell 102 13
Darkabode zerokit - GAPZ Bootkit 源码 https://github.com/Darkabode/zerokit None None None 6 0 0 18 0 C,Java,C++ 84 33
wish-i-was femida: Automated blind-xss search for Burp Suite https://github.com/wish-i-was/femida None Twitter https://twitter.com/wish_iwas None None 1 0 1 17 4 Python 100 24
linhlhq 微软 2 月份修复的 SharePoint RCE 漏洞的 PoC 代码(CVE-2019-0604) https://github.com/linhlhq/CVE-2019-0604 https://twitter.com/linhlhq None None 53 0 2 17 3 C,C#,C++,Python,Pascal,Go,PowerShell 75 45
batteryshark 商用硬件Token设备软件实现中安全问题 https://github.com/batteryshark/writeups/tree/master/20190417 None New York, NY Stonefish Systems 46 0 2 17 0 Python,C 24 2
baronpan SysmonHunter:一个简单的基于ATT&CK的Sysmon日志狩猎工具 https://github.com/baronpan/SysmonHunter http://threatmobile.blogspot.com None None 11 0 10 17 5 Python,Batchfile,JavaScript,Java,PowerShell 31 7
rndinfosecguy Scavenger: Crawler searching for credential leaks on paste sites https://github.com/rndinfosecguy/Scavenger https://twitter.com/rnd_infosec_guy Just an information security guy marching down his path. /dev/null None 2 0 2 16 7 Python,JavaScript 114 27
bsauce Fuzz 方向的几篇 Paper 的解读 https://github.com/bsauce/Some-Papers-About-Fuzzing https://www.jianshu.com/u/a12c5b882be2 None None 18 0 48 16 17 Python,C,CSS,C++ 25 6
blaCCkHatHacEEkr PENTESTING-BIBLE https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE https://twitter.com/cry__pto MalwareHacker,,OSPentester,,NetworkBreaker,,ForensicsExpert,,SocialEngineeringPro,,WebProtector,,: ::::::::::GPG:68E11CD1:::::::::: syria None 2 0 21 16 13 85 19
alexfrancow A-Detector: An anomaly-based intrusion detection system. https://github.com/alexfrancow/A-Detector https://twitter.com/alexfrancow SysAdmin, Pentester and Python developer. Future OSCP and computer engineer. A Coruña, Spain None 22 0 52 16 13 Python,Ruby,CSS 0 0
rutkai pentest-bookmarks - 渗透测试相关的资料收集 https://github.com/rutkai/pentest-bookmarks http://rutkai.hu/ Hungary LogMeIn 14 0 42 15 0 HTML,JavaScript,PHP 9 6
mattnotmax cyber-chef-recipes - 包含大量编码解密等工具的项目收集: https://github.com/mattnotmax/cyber-chef-recipes https://bitofhex.com None None 13 0 86 15 1 Python 0 0
c0d3p1ut0s FasterXML jackson-databind 2.x 服务器任意文件读漏洞(CVE-2019-12086) https://github.com/c0d3p1ut0s/CVE-2019-12086-jackson-databind-file-read https://c0d3p1ut0s.github.io/ Hangzhou China None 5 0 2 15 0 Python,HTML,Java 61 7
Vlad-tri 6 月份被发现的野外 Win32k 0Day 提权漏洞(CVE-2019-1132)的 PoC https://github.com/Vlad-tri/CVE-2019-1132/ http://www.botnetarmy.wordpress.com Learning Machine Learning and Malware Anlaysis None None 16 0 1 15 1 Python,C++ 27 19
DimopoulosElias alpc-mmc-uac-bypass - 通过 ALPC 绕过 UAC 的项目 https://github.com/DimopoulosElias/alpc-mmc-uac-bypass https://www.linkedin.com/in/dimopouloselias None None 5 0 11 15 2 Python,C,C++ 43 10
sumas OSCP-Cheatsheet-God - OSCP 考试备忘清单 https://github.com/sumas/OSCP-Cheatsheet-God None None None 18 0 1 14 1 Python,JavaScript,Java,PHP 124 31
anx1ang anx1ang 收集的主流 Web 框架的漏洞攻击代码 https://github.com/anx1ang/Poc_Pentest None None None 56 0 74 14 18 Python,C,JavaScript 62 15
No-Github Dork-Admin: 盘点近年来的数据泄露事件 https://github.com/No-Github/Dork-Admin None 井底之蛙 remote None 30 0 574 14 10 HTML 132 7
CoreyD97 Stepper: A natural evolution of Burp Suites Repeater tool https://github.com/CoreyD97/Stepper https://github.com/nccgroup Security Consultant @nccgroup UK. United Kingdom NCC Group 8 0 6 14 2 JavaScript,Java 29 4
butterflyhack linux蓝牙模块空指针引用漏洞PoC。 https://github.com/butterflyhack/CVE-2019-10207/ None None None 129 0 19 13 28 Python,C,Java 15 7
sgxrop SGX-ROP - 使用 Intel SGX 的 Enclave 恶意软件,paper: https://arxiv.org/abs/1902.03256 PoC: https://github.com/sgxrop/sgxrop None None None 0 0 0 12 0 0 0
redaelli imago-forensics - Python 实现的图像数字取证工具 https://github.com/redaelli/imago-forensics None I’m a cyber security enthusiast. blog: https://www.forensics-matters.com/ twitter: @solventred None None 1 0 9 12 16 Python 66 12
hongphipham95 研究员 hongphipham95 公开 KMPlayer 和 VirualBox 的很多漏洞分析文章,昨天新增一篇 VirtualBox Intel PRO 1000 设备模拟整数溢出漏洞的分析 https://github.com/hongphipham95/Vulnerabilities None Viet Nam None 6 0 79 12 9 Python,Java,C++ 13 3
SVF-tools SVF - 针对 C/C++ 程序的指针和过程依赖静态分析工具 https://github.com/SVF-tools/SVF None None None 4 0 0 12 0 C,C++ 284 93
kabachook Kubernetes 容器管理系统安全相关的资料收集 https://github.com/kabachook/k8s-security None Making coziness via tech. Fan of Docker🐋 and CTF🚩, do backend(Nodejs and Python), done a bit of ML, also DevOps None None 11 0 160 11 5 Jupyter,Shell,JavaScript,PHP 10 1
0xpwntester Sysmon configuration and scripts https://github.com/0xpwntester/Sysmon None None None 9 0 6 11 3 Python,ASP,Batchfile,PowerShell,C++ 48 11
kirk-sayre-work 恶意 VB 脚本样本的分析 https://github.com/kirk-sayre-work/talks None I do cyber security work for Walmart. None Walmart 7 0 3 10 0 Python,C#,JavaScript 39 6
cwerling 分析和解析AMD安全处理器的固件工具包 https://github.com/cwerling/psptool None Berlin None 2 0 10 10 0 Python 27 1
antonioCoco 一款自带混淆的ASPX类型的Webshell https://github.com/antonioCoco/SharPyShell None @splinter_code Italy None 1 0 3 10 7 Python 103 16
ReAbout datacon比赛方向三-攻击源与攻击者分析writeup https://github.com/ReAbout/datacon None Re.About Beijing Tsinghua University 4 0 124 10 2 Python 21 8
fcavallarin Htcap - 一款通过拦截 ajax 调用和 DOM 修改的方式进行 Web 应用扫描的工具 : https://github.com/fcavallarin/htcap None None None 2 0 1 9 0 Python,JavaScript 432 88
daikerSec Windows 内网协议学习 https://github.com/daikerSec/windows_protocol/blob/master/SUMMARY.md None None None 4 0 16 9 4 Go,HTML,CSS 9 2
cdisselkoen pitchfork - 基于 argr,利用符号执行的方式检测 CPU Spectre 漏洞 https://github.com/cdisselkoen/pitchfork https://cseweb.ucsd.edu/~cdisselk PhD student at UC San Diego None None 33 0 3 9 0 C++ 0 0
W00t3k Awesome-Cellular-Hacking https://github.com/W00t3k/Awesome-Cellular-Hacking None Wireless eap peap lootbooty None Lootb00ty Inc. 601 0 85 9 3 Python,C,HTML 71 8
JuxhinDB OOB-Server: A Bind9 server for pentesters to use for Out-of-Band vulnerabilities https://github.com/JuxhinDB/OOB-Server https://github.com/JuxhinDB Twitter: @JuxhinDB Malta None 12 0 58 9 4 Python,Shell,Java,Rust 0 0
OYE93 Chinese-NLP-Corpus: Collections of Chinese NLP corpus https://github.com/OYE93/Chinese-NLP-Corpus https://oyeblog.com/ None None 16 0 2 8 0 Python,HTML,Dockerfile,CSS 110 18
Magpol 利用 FRiDA 爆破 Samsung S7 Edge FDE 全盘加密 https://github.com/Magpol/fridafde https://twitter.com/may_pol17 All things Android - Forensics None None 4 0 1 8 1 Python,Shell 21 3
yogeshshe1ke MobaTek MobaXterm 个人版 SSH 私钥泄漏漏洞(CVE-2019-7690) https://github.com/yogeshshe1ke/CVE/ https://twitter.com/yogesh_she1ke Software Security , Binary Reversing , Exploitation Bengaluru, India None 6 0 231 7 25 Python,Ruby,PowerShell,C++ 3 0
grigoritchy (browser exploit)Webkit JavascriptCore array unshift race condition, it leads to RCE. https://github.com/grigoritchy/unshift-racy None None None 1 0 0 7 0 JavaScript 11 4
ansionasc 2019年哈尔滨ASC安全峰会的会议PPT https://github.com/ansionasc/ASC/tree/master/2019 https://www.ansion.cn Ansion Security Conference China Ansion 1 0 1 7 0 14 5
XiaoXiaoGuaiXiaShi OpenSource-HoneyPot: 对开源蜜罐的学习研究与理解 https://github.com/XiaoXiaoGuaiXiaShi/OpenSource-HoneyPot None 信息安全学习者 None None 3 0 80 7 38 Python,JavaScript 12 1
TheCyberGeek rConfig 3.9.2 被发现提权漏洞(CVE-2019-19268) https://github.com/TheCyberGeek/CVE-2019-19268 https://TheCyberGeek.co.uk Bournemouth, United Kingdom None 7 0 0 7 2 CSS 0 0
PokemonGoTeam CRYPTOPOKEMON: Simple C++ cryptolocker Blowfish CBC https://github.com/PokemonGoTeam/CRYPTOPOKEMON http://pokemongo.icu Kiev, Ukraine PokemonGo 1 0 0 7 0 C++ 12 3
Microsvuln AFL Fuzz 相关的资料整理 https://github.com/Microsvuln/Awesome-AFL None None None 6 0 2 7 1 C 124 8
wfh45678 radar: 实时风控引擎(Risk Engine) https://github.com/wfh45678/radar http://radar.pgmmer.top 它山之石,可以攻玉 China/ShangHai 票易通 2 0 18 6 1 Java 99 37
qq4108863 himqtt: MQTT物联网防火墙源码 https://github.com/qq4108863/himqtt None None None 2 0 0 6 0 C 15 7
lucamassarelli 二进制函数相似性比对工具,相关论文已公开。相比于之前使用机器学习方法解决此类问题的研究,其亮点是引入了 RNN 神经网络中的 Self-Attentive (自注意力) 技术,且仅使用了汇编指令的特征。论文中与 Gemini 做了实验对比,各项数据都优于 Gemini 。 https://github.com/lucamassarelli/yarasafe None Phd Student @ Sapienza University of Rome Rome None 7 0 7 6 0 Python,C,CSS 52 7
KTN1990 WordPress Ninja Forms File Uploads 插件任意文件上传漏洞 PoC(CVE-2019-10869) https://github.com/KTN1990/CVE-2019-10869/blob/master/README.md https://www.facebook.com/KtN.1990 𝖍𝖆𝖈𝖐 𝖙𝖔 𝖑𝖎𝖛𝖊 𝖆𝖓𝖉 𝖑𝖎𝖛𝖊 𝖙𝖔 𝖍𝖆𝖈𝖐 DZ ⓪ⓧ⑥⑥⑥ 11 0 8 6 3 Python,Perl 7 0
chame1eon jni 函数调用 trace 模块,基于 frida https://github.com/chame1eon/jnitrace None None None 3 0 0 5 0 Python,Lua,JavaScript 71 9
Frint0 email-enum - 通过搜索主流社交网站判断邮箱是否注册的工具 https://github.com/Frint0/email-enum https://pwnable.club Pro Expert Elite Master Hacker Los Angeles None 3 0 1 5 1 Python,CSS 167 27
ydhcui Scanver: 分布式在线资产漏洞扫描管理系统 https://github.com/ydhcui/Scanver None biu biu biu None cn 11 0 4 4 3 Python,HTML,Java,JavaScript 4 4
mfthomps RESim - 基于 Simics 模拟器的全系统模拟动态分析工具。 https://github.com/mfthomps/RESim None None None 6 0 0 4 1 Python,C#,HTML 21 9
cmcmsec dpia: GDPR个人数据合规评估 https://github.com/cmcmsec/dpia None None None 3 0 0 4 0 JavaScript,Ruby 21 15
attakercyebr DVR 摄像头漏洞攻击脚本(CVE-2018-2019) https://github.com/attakercyebr/hack4lx_CVE-2018-2019 https://t.me/hack4lx The black hat hacker team leader just came out for destruction M4nifest0 Cyber security team™ Romania @os20ir 18 0 21 4 17 Python,Visual,Shell 6 3
tim124058 华硕智能家居 App 和 HG100 网关漏洞利用代码( CVE-2019-11061、CVE-2019-11063) https://github.com/tim124058/ASUS-SmartHome-Exploit/ None None None 27 0 3 3 3 Python,HTML,C++ 16 5
sharepub CheckVM-Sandbox https://github.com/sharepub/CheckVM-Sandbox None None None 1 0 0 3 0 C++ 70 17
dogangcr vulnerable-sso: vulnerable single sign on https://github.com/dogangcr/vulnerable-sso None None None 2 0 9 3 1 Java 80 11
JarekMSFT MSRC 成员对 Microsoft bug bounty 的介绍、如何 润色 报告及获得更高的奖金 https://github.com/JarekMSFT/Presentations/blob/master/Getting%20to%2010K_Nullcon2019.pdf None None None 2 0 0 3 0 4 2
mykter aws-security-cert-service-notes - AWS 服务安全认证学习笔记 https://github.com/mykter/aws-security-cert-service-notes http://mykter.com UK None 20 0 29 2 0 Python,C,TypeScript 272 52
lion-gu IOC Explorer:自动化关联失陷指标的工具 https://github.com/lion-gu/ioc-explorer None None None 1 0 3 2 0 Python 22 2
chipik SAP Gateway ACL 错误配置漏洞的 Exploit https://github.com/chipik/SAP_GW_RCE_exploit None https://twitter.com/_chipik None None 5 0 2 2 1 Python 4 2
llt4l 从思科 Ciscos CUCM (Call Manager,呼叫管理软件)的 TFTP 服务器中提取手机配置文件并搜索密钥信息 https://github.com/llt4l/iCULeak.py https://twitter.com/llt4l Infosec person.. None None 5 0 0 1 0 Python,HTML,CSS 5 2
dplusec 端对端加密的微信聊天插件 https://github.com/dplusec/tgwechat None None None 2 0 0 1 0 HTML 15 4
bd249ce4 QBAnalyzer: automates extracting artifacts and binaries https://github.com/bd249ce4/QBAnalyzer None None None 2 0 0 1 0 YARA,HTML 3 1
PINGXcpost F-NAScan-PLUS 安服资产搜集 https://github.com/PINGXcpost/F-NAScan-PLUS http://hackhat.net None None 7 0 0 1 0 Python,Shell,PowerShell 19 8
MoonLight-SteinsGate LearnAFL--knowledge-learn evolutionary fuzzer https://github.com/MoonLight-SteinsGate/LearnAFL None None None 2 0 1 1 0 C,C++ 8 3
MegadodoPublications Mautic Remote Code Execution https://github.com/MegadodoPublications/exploits/blob/master/mautic.md None Germany None 1 0 0 1 0 4 1
AzizMea Exim 远程命令执行漏洞(CVE-2019-10149)Exploit https://github.com/AzizMea/CVE-2019-10149-privilege-escalation None riyadh None 3 0 0 1 0 Python,PowerShell 1 2
zeek Zeek - 一款开源的网络协议分析工具 https://github.com/zeek/zeek None None None None 0 0 0 0 0 Bro,C,Zeek,CMake,Python,JavaScript,C++,Vim,Yacc,PHP,Dockerfile 2800 728
zaproxy zaproxy - OWASP Zed Attack Proxy (ZAP),一个用于辅助 Web 应用安全性测试的工具 https://github.com/zaproxy/zaproxy None None None None 0 0 0 0 0 Java,C#,JavaScript,Python,HTML,Go,PHP,Rust 6300 1200
xsleaks 一些可能导致跨域信息泄漏的 DOM API 收集 https://github.com/xsleaks/xsleaks/wiki/Browser-Side-Channels None None None None 0 0 0 0 0 0 0
xiangpasama 京东SRC小课堂系列文章 https://github.com/xiangpasama/JDSRC-Small-Classroom None None None 1 0 0 0 0 34 9
vim 8.1.2136 补丁:释放window内存与fuzzer的 autocmd命令一起使用 https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 None None None None 0 0 0 0 0 Shell,C,Batchfile,Vim 0 0
uds-se 关于 Fuzz 的书《Generating Software Tests》的原始文件 https://github.com/uds-se/fuzzingbook None None None None 0 0 0 0 0 C,LLVM,Java,Python,Kotlin,JavaScript,Shell,Objective-C,HTML,Jupyter,R,Dockerfile 0 0
ucsb-seclab 自动固件仿真工具,相关论文在:http://subwire.net/publication/pretender/ https://github.com/ucsb-seclab/pretender None None None None 0 0 0 0 0 Python,C,Java,C++ 0 0
telspacesystems 华硕 Windows 触摸板驱动 AsusPTPFilter.sys 存在拒绝服务漏洞(CVE-2019-10709) https://github.com/telspacesystems/Asus-DOS/ https://www.telspace.co.za South Africa Telspace Systems 2 0 0 0 0 Python 0 1
tea-deliverers PlaidCTF 2019 比赛的 Writeup https://github.com/tea-deliverers/ctf-writeups/blob/master/pctf2019/PlaidCTF2019_Writeup_Tea_Deliverers.pdf None None None None 0 0 0 0 0 0 0
tarantula-team 开源防火墙 fSense 2.4.4-p2 - 2.4.4-p3 XSS 漏洞 PoC(CVE-2019-12949) https://github.com/tarantula-team/CVE-2019-12949/ None None None None 0 0 0 0 0 0 0
sslab-gatech QSYM - 为混合 Fuzz 定制的符号执行引擎 https://github.com/sslab-gatech/qsym None None None None 0 0 0 0 0 C,Filebench,Python,Makefile,C++,HTML,HCL 0 0
sophiabiancalatessa FakeNewsDeepLearning: Opening the Black-Box of Deep Learning Based Detector https://github.com/sophiabiancalatessa/FakeNewsDeepLearning None None None 2 0 0 0 0 Python,C++ 9 6
skydive-project Skydive可用以对网络拓扑及协议进行实时分析,以图像的方式清晰展现。 https://github.com/skydive-project/skydive None None None None 0 0 0 0 0 Go,Python,HTML,JavaScript,Puppet 0 0
seemoo-lab Nexmon - 一款支持 Broadcom/Cypress WiFi 芯片的固件 Patch 框架,基于框架可以编写自己的补丁,启用监听模式 https://github.com/seemoo-lab/nexmon None None None None 0 0 0 0 0 C,Shell,Jupyter,Python,JavaScript,C++,TeX,Objective-C,HTML,MATLAB,Java 3300 274
seecode-audit seecode-audit: SeeCode Audit 代码审计管理系统 https://github.com/seecode-audit/seecode-audit None None None None 0 0 0 0 0 Python 0 0
secdevops-cuse CyberRange: The Open-Source AWS Cyber Range https://github.com/secdevops-cuse/CyberRange None None None None 0 0 0 0 0 Python,C,Dockerfile,CSS,HCL 0 0
rackerlabs scantron - 分布式 Nmap/Masscan 网络扫描框架 https://github.com/rackerlabs/scantron None None None None 0 0 0 0 0 Groovy,TypeScript,Java,Python,JavaScript,Shell,HTML,HCL,Ruby,CSS 0 0
pdbpp pdb++ - Python debugger(pdb)的增强版 https://github.com/pdbpp/pdbpp None None None None 0 0 0 0 0 Python 0 0
pan-unit42 Powershell自动反混淆工具 https://github.com/pan-unit42/public_tools/tree/master/powershellprofiler None None None None 0 0 0 0 0 Python,PHP,CSS 0 0
palantir Windows Exploit Guard 相关的资料整理 https://github.com/palantir/exploitguard None None None None 0 0 0 0 0 Groovy,TypeScript,Java,Scala,Python,JavaScript,Shell,Go,Rust 0 0
openworldoperations 一种高级的网络钓鱼技术,可让攻击者设置有效的域和SSL证书,请注意防范 https://github.com/openworldoperations/FISHY None None None None 0 0 0 0 0 Python,HTML 15 4
nccgroup acCOMplice - 用于发现和利用 COM 劫持的工具,作者 9 月份在 DerbyCON 会议有过一次关于这个工具的演讲 https://github.com/nccgroup/acCOMplice None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,C++,C#,HTML,Shell,Elixir,Go,PowerShell,Rust 874 157
microsoft 微软开源了 MSVC 的 C++ 标准库 STL https://github.com/microsoft/STL None None None None 0 0 0 0 0 TypeScript,Jupyter,C#,JavaScript,SQLPL,C++,Python,HTML,Go,PHP,Dockerfile,PowerShell 83100 12000
libusb libusb - 跨平台的 USB 设备交互库 https://github.com/libusb/libusb None None None None 0 0 0 0 0 C,HTML 0 0
k8scop k8s-security-dashboard: A security monitoring solution for Kubernetes https://github.com/k8scop/k8s-security-dashboard None None None None 0 0 0 0 0 Python 0 0
jmpsec osctrl: Fast and efficient osquery management https://github.com/jmpsec/osctrl None None None None 0 0 0 0 0 Go,CSS 0 0
intel Intel 开源了一个 VBH(Virtualization Based Hardening)项目,通过 API 可以为 Client 提供基于虚拟化的安全防护特性支持 https://github.com/intel/vbh None None None None 0 0 0 0 0 C,Shell,Assembly,Python,JavaScript,BitBake,C++,Go,Java,Rust 0 0
immunityinc Immunity 开源了一个用于进程调试和 Trace 的库 - libptrace https://github.com/immunityinc/libptrace None None None None 0 0 0 0 0 C 0 0
idapython IDA Pro IDAPython 项目的源代码 https://github.com/idapython/src None None None None 0 0 0 0 0 Python 0 0
hungryfoolou CVE漏洞信息爬取 https://github.com/hungryfoolou/Vulnerability_Mining/tree/master/craw None None XiDian University 6 0 10 0 3 Python,C,HTML 75 39
guardicore labs_campaigns 攻击团队IOC信息 https://github.com/guardicore/labs_campaigns None None None None 0 0 0 0 0 C,TypeScript,Java,Python,JavaScript,C++,CoffeeScript,C# 0 0
goretk GoRE - 用于分析 Go 二进制文件的工具库 https://github.com/goretk/gore None None None None 0 0 0 0 0 Python,Go,Shell,HTML 0 0
googleprojectzero j00ru 开源了一个 Linux 版本的 DLL Loader,用于加载 Windows FontSub.dll https://github.com/googleprojectzero/BrokenType/tree/master/fontsub-dll-on-linux None None None None 0 0 0 0 0 C,C#,C++,Python,HTML,Swift 0 0
google Google 开源了一个实现差分隐私算法的 C++ 库 https://github.com/google/differential-privacy/tree/master/differential_privacy None None None None 0 0 0 0 0 C,Java,Python,JavaScript,C++,Dart,HTML,Go 0 0
fuzzitdev Jsfuzz: coverage-guided fuzz testing for Javascript https://github.com/fuzzitdev/jsfuzz None None None None 0 0 0 0 0 C,TypeScript,CMake,Dockerfile,C++,Swift,HCL,Go,Java,Ruby,Rust 234 11
fkie-cad cwe_checker:基于漏洞Pattern在Binary中搜索漏洞的BAP插件 https://github.com/fkie-cad/cwe_checker None None None None 0 0 0 0 0 C,Shell,Python,OCaml,C++,Emacs,Dockerfile 0 0
fireeye fireeye/SharPersist https://github.com/fireeye/SharPersist None None None None 0 0 0 0 0 C,Vue,Python,JavaScript,C++,C#,Go,PowerShell 0 0
eth-sri 利用机器学习的方法还原(推测)被 strip 过的二进制程序的调试符号信息 https://github.com/eth-sri/debin None None None None 0 0 0 0 0 C,TypeScript,Java,D,Python,Mathematica,C++,C#,HTML,SMT,JavaScript 0 0
ernw ERNW GmbH 公开了几篇关于 Windows WDAC 与 Code integrity 的研究 Paper https://github.com/ernw/Windows-Insight/tree/master/articles/Device%20Guard/WDAC None None None None 0 0 0 0 0 C,Shell,Java,XSLT,Python,Erlang 488 134
defenxor dsiem: Security event correlation engine for ELK stack https://github.com/defenxor/dsiem?from=timeline None None None None 0 0 0 0 0 Go,HTML 0 0
compsec-snu Fuzz内核中条件竞争漏洞的工具,相关工作已经发表在Oakland19上 https://github.com/compsec-snu/razzer None None None None 0 0 0 0 0 C 0 0
chineseocr darknet-ocr: darknet text detect and darknet cnn ocr https://github.com/chineseocr/darknet-ocr None None None None 0 0 0 0 0 Python,C,C++ 0 0
baidu-security openrasp-iast: IAST 灰盒扫描工具 https://github.com/baidu-security/openrasp-iast None None None None 0 0 0 0 0 Java,Python,JavaScript,C++,HTML,Go,TSQL 0 0
apachecn 面向机器学习的特征工程 https://github.com/apachecn/fe4ml-zh None None None None 0 0 0 0 0 Shell,Jupyter,Scala,Python,JavaScript,HTML,PHP,CSS 22200 7800
android-hacker 无 ROOT 版本 Xposed - VirtualXposed 新增对 Android 10 系统的支持 https://github.com/android-hacker/VirtualXposed/releases/tag/0.18.0 None None None None 0 0 0 0 0 Kotlin,JavaScript,Java 0 0
advanced-threat-research Repository of YARA rules made by McAfee ATR Team https://github.com/advanced-threat-research/Yara-Rules None None None None 0 0 0 0 0 Python,YARA,HTML 0 0
YanxinTang Watermark: 网页添加水印的库 https://github.com/YanxinTang/Watermark https://yanx.in Frontend Developer None None 13 0 65 0 2 JavaScript 0 0
Tencent TencentOS tiny - 腾讯开源的面向物联网领域的实时操作系统 https://github.com/Tencent/TencentOS-tiny None None None None 0 0 0 0 0 C,Java,Python,Kotlin,JavaScript,C++,Lua,Go,PHP,CSS,C# 23200 5900
SCUBSRGroup SCUBSRGroup 整理的关于软件漏洞自动化利用(AEG)方向的技术资料 https://github.com/SCUBSRGroup/Automatic-Exploit-Generation None None None None 0 0 0 0 0 Python,C,HTML,C++ 28 13
QAX-A-Team LuWu: 红队基础设施自动化部署工具 https://github.com/QAX-A-Team/LuWu None None None None 0 0 0 0 0 C,Shell,Java,Python,C++,Go,PowerShell 0 0
PSGumshoe 用于从 Windows 各类日志和缓存中收集取证信息的 PowerShell 模块 https://github.com/PSGumshoe/PSGumshoe/releases/tag/v1.1 None None None None 0 0 0 0 0 PowerShell 0 0
NoneAge 交易所安全测试系列指南文档 https://github.com/NoneAge/BlockchainSecurityTutorial None None None None 0 0 0 0 0 Python,WebAssembly 0 0
Netis packet-agent: 云环境网络流量镜像项目 https://github.com/Netis/packet-agent/blob/master/README-zh-Hans.md None None None None 0 0 0 0 0 C,C++ 0 0
MotherFuzzers 湾区一个关于Fuzzing的workshop的分享内容,三个议题涵盖了c/c++,web应用等不同目标的Fuzzing技巧 https://github.com/MotherFuzzers/meetups/blob/master/README.md None None None None 0 0 0 0 0 0 0
MicrosoftDocs 微软公开 Windows Driver Kit 相关的文档 https://github.com/MicrosoftDocs/windows-driver-docs None None None None 0 0 0 0 0 TypeScript,HTML,C#,JavaScript,Python,Shell,PowerShell 3100 8200
FederatedAI FATE: 联邦学习开源项目 https://github.com/FederatedAI/FATE None None None None 0 0 0 0 0 Python,Java,CSS 703 203
FSecureLABS FSecure Labs 开源了一款用于 AWS 云上资源关联关系可视化的工具 https://github.com/FSecureLABS/awspx None None None None 0 0 0 0 0 C,Shell,Java,Python,JavaScript,C++,C#,PowerShell 2000 549
BloodHoundAD 域渗透神器 BloodHound2.1.0 发布 https://github.com/BloodHoundAD/BloodHound/releases/tag/2.1.0 None None None None 0 0 0 0 0 C#,Python,PowerShell 0 0
Bashfuscator Bashfuscator - 完全可配置和可扩展的 Bash 混淆框架: https://github.com/Bashfuscator/Bashfuscator None None None None 0 0 0 0 0 Python 0 0
AngelCtulhu Wordpress Support Candy 插件的文件上传漏洞 https://github.com/AngelCtulhu/CVE-2019-11223/ http://cert.kalasag.com.ph Pasig 8Layer Technologies Inc. 2 0 0 0 0 Python 0 0
0Kee-Team JavaProbe: 一款Java应用运行时信息收集工具 https://github.com/0Kee-Team/JavaProbe?from=timeline&isappinstalled=0 None None None None 0 0 0 0 0 Java 0 0

medium 推荐

title url
CVE-2019-17556: Unsafe deserialization in Apache Olingo http://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817
双因素认证(2FA)绕过技术的总结 http://medium.com/@surendirans7777/2fa-bypass-techniques-32ec135fb7fe
作者分析Apache Olingo中存在反序列化安全漏洞(CVE-2019-17556) http://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817?source=rss----7b722bfd1b8d---4
作者介绍在Chrome中使用WebRTC ICE服务器进行对端口扫描的新技术。 http://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474
威胁报告ATT&CK映射器(TRAM)是基于Web的工具,可自动提取对手的行为进行分析,将其映射到ATT&CK。 http://medium.com/mitre-attack/automating-mapping-to-attack-tram-1bb1b44bda76
滥用 SourceMappingURL 实现 Javascript Anti Debugging http://medium.com/@weizmangal/javascript-anti-debugging-some-next-level-sh-t-part-1-abusing-sourcemappingurl-da91ff948e66
一款新的恶意广告样本 macOS Bundlore Loader 分析 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.confiant.com%2Fnew-macos-bundlore-loader-analysis-ca16d19c058c
从LTE服务退回到3G-CSFB详解 http://link.medium.com/3HOw2oexi2
利用 DeviceIoControl 清理 NTFS 的 meta data http://medium.com/@grzegorztworek/cleaning-ntfs-artifacts-with-fsctl-clean-volume-metadata-bd29afef290c?source=friends_link&sk=6ef94fc3bdf764386990c6644905fcbb
入侵XML数据 -使用XPATH注入获得数据访问 http://link.medium.com/WJD9QOxs91
调试Samsung Android内核 第三部分:如何为三星内核启用USB串行调试 http://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-3-a6a7f762fcd6?source=friends_link&sk=635b789114be318db3b28e454b4069d7
利用红外线攻击 Android Smart TV 的细节 http://medium.com/@drakkars/hacking-an-android-tv-in-2-minutes-7b6f29518ff3
在Node.JS中实现Steam API介绍 http://medium.com/florence-development/working-with-node-js-stream-api-60c12437a1be
wolfssl CVE-2019–18840 被发现堆溢出漏洞 http://medium.com/@social_62682/heap-overflow-in-wolfssl-cve-2019-18840-185d233c27de
Symantec 终端防护软件本地 SYSTEM 提权漏洞(CVE-2019–12757)的分析 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
作者分析入侵JSON Web令牌(JWT)过程 http://link.medium.com/2rXn12vA80
Facebook Creator Studio Session 过期 Bypass 漏洞的分析 http://medium.com/bugbountywriteup/session-expiration-bypass-in-facebook-creator-app-b4f65cc64ce4?source=rss----7b722bfd1b8d---4
Understanding usbmux and the iOS lockdown service,了解 iTunes、Xcode 是如何与 iOS 设备交互的 http://medium.com/@jon.gabilondo.angulo_7635/understanding-usbmux-and-the-ios-lockdown-service-7f2a1dfd07ae
Proftpd 被发现缓冲区溢出漏洞(CVE-2019–18217),影响 1.3.6b 之前版本 http://medium.com/@social_62682/proftpd-buffer-overflow-cve-2019-18217-281503c527e6
Online WebAssembly Terminal - 一款在浏览器中直接执行 WebAssembly 模块的网站 http://medium.com/wasmer/webassembly-sh-408b010c14db
如何用使用burp套件扩展插件(taborator)利用exploit远程文件包含/带外资源加载(HTTP)测试 http://link.medium.com/RKQJyWPJSZ
入门教程-如何探索网络摄像的漏洞(固件) http://medium.com/@knownsec404team/getting-started-tutorial-how-to-explore-the-camera-vulnerability-firmware-c405e25ed177
XSS 高级技巧之 Bypass Uppercase filters http://medium.com/@Master_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce
对基于物联网的出勤设备进行渗透测试 http://medium.com/bugbountywriteup/pentesting-an-iot-based-biometric-attendance-device-10c0efd69392
作者介绍了一种绕过 Microsoft-Windows-Threat-Intelligence 机制向线程注入 APC 的方法——借助 kenel APC 向线程注入 user APC http://medium.com/@philiptsukerman/bypassing-the-microsoft-windows-threat-intelligence-kernel-apc-injection-sensor-92266433e0b0
一个 DLL 注入导致的本地提权漏洞 http://medium.com/@bazyli.michal/more-than-a-penetration-test-cve-2019-1082-647ba2e59034
利用上传文件到服务器和服务器上传文件到Amazon S3的时间空隙,通过本地文件包含实现了RCE。 http://medium.com/@YoKoKho/race-condition-that-could-result-to-rce-a-story-with-an-app-that-temporary-stored-an-uploaded-9a4065368ba3
作者介绍了用自己的工具 Shhmon 卸载 Sysmon 的相关技术分析 http://medium.com/p/shhmon-silencing-sysmon-via-driver-unload-682b5be57650
利用 FireEye 开源的 SilkETW 工具实现基于 ETW Events 的威胁检测 http://medium.com/threat-hunters-forge/threat-hunting-with-etw-events-and-helk-part-1-installing-silketw-6eb74815e4a0
Process Reimaging 杀软逃逸行为的检测 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fyou-can-run-but-you-cant-hide-detecting-process-reimaging-behavior-e6bb9a10c40b
Qualcomm driver on the Dell XPS 本地提权漏洞披露 http://medium.com/tenable-techblog/kernel-write-what-where-in-qualcomm-driver-lpe-f08389f6fce9
逃逸基于机器学习技术的恶意软件检测,这是作者今年参加 DEFCON AI Village 的 Writeup http://medium.com/@william.fleshman/evading-machine-learning-malware-classifiers-ce52dabdb713
从 Windows 客户端漏洞利用到获取 Kubernetes Cluster 管理员权限 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Ffrom-thick-client-exploitation-to-becoming-kubernetes-cluster-admin-the-story-of-a-fun-bug-we-fe92a7e70aa2
基于时间的侧信道攻击,实现准确识别请求是被WAF直接拦截or被WAF过滤后传递到服务器。 http://medium.com/@0xInfection/fingerprinting-waf-rules-via-timing-based-side-channel-attacks-cd29c48fb56
来自 DEF CON 27 会议上针对 MikroTik RouterOS 系统的漏洞利用研究 http://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
上周发生的 Capital One 数据泄漏事件的技术分析 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.cloudsploit.com%2Fa-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea%3F
Opera Android 浏览器地址栏欺骗(CVE-2019–12278)漏洞的分析 http://medium.com/@justm0rph3u5/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c
AI 与机器学习的安全性问题研究 http://link.medium.com/5FVO5CWpAY
Comodo杀毒软件存在安全漏洞,可以从其沙箱中直接获得SYSTEM权限 http://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67
Jira把联系管理员处的表单数据当成freemarker模板解析,导致前台RCE。 http://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
Citrix SD-WAN下三个漏洞及攻击手段介绍 http://medium.com/tenable-techblog/an-exploit-chain-against-citrix-sd-wan-709db08fb4ac
视频会议系统Zoom的Mac客户端存在多个安全漏洞,可能导致拒绝服务和信息泄漏 http://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
编译、刷入、然后调试三星手机内核的系列的结尾篇。在这个系列中,作者非常详细列出了各类工具的使用方法、需要输入的命令和一些问题的解决方法,可以说很良心了,是调试三星手机内核很好的入门篇 http://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-3-c27e916c9a7d
Windows 系统雷蛇环绕音频服务 1.1.63.0 版本存在因文件/目录权限设置不当导致的本地提权漏洞 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c
利用“白”的程序执行“黑”的程序来绕过杀毒检测 http://medium.com/@reegun/update-nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-b55295144b56
针对Arlo相机设备功能及安全性的一次深入分析 http://medium.com/tenable-techblog/an-analysis-of-arlo-6f1b691236b5
文章详细介绍了从越狱手机中dump出app的二进制文件,获取class及method的方法,利用frida hook程序,最后注入了一个动态库到目标程序的过程。 http://medium.com/@lerner98/skiptracing-part-2-ios-3c610205858b
Windows SetThreadContext API 剖析 http://medium.com/tenable-techblog/api-series-setthreadcontext-d08c9f84458d
在云上搭建一个 Burp Collaborator 服务器的方法 http://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70
Mybb 18.20 存储型 XSS 漏洞以及 RCE 利用过程分析 http://medium.com/@knownsec404team/the-analysis-of-mybb-18-20-from-stored-xss-to-rce-7234d7cc0e72?postPublishedType=initial
作者详细介绍了逆向分析Spotify.app并hook其功能获取数据的过程。 http://medium.com/@lerner98/skiptracing-reversing-spotify-app-3a6df367287d
V8 Bug Hunting 之 JS 类型对象的内存布局 http://medium.com/@stankoja/v8-bug-hunting-part-2-memory-representation-of-js-types-ea37571276b8
ATT&CK 威胁建模方法在企业威胁感知方面的应用,分 3 个不同的级别针对不同规模的企业 http://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f
V8 引擎编译及调试环境的搭建 http://medium.com/@stankoja/v8-bug-hunting-part-1-setting-up-the-debug-environment-7ef34dc6f2de
基于 Windows 渗透搭建的 CTF,包括了完整的域渗透流程,还是值得一看。 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.ettic.ca%2Fnorthsec-2019-windows-track-writeup-69d5bcf06abd
本地攻击三星手机 ContainerAgent APP 的导出组件,导致持久化的本地DOS http://medium.com/@fs0c131y/how-to-brick-all-samsung-phones-6aae4389bea
搭建一个 Drupal Core RCE(CVE-2019–6340 )漏洞的蜜罐 http://medium.com/@SecurityBender/building-a-real-world-web-honeypot-for-cve-2019-6340-rce-in-drupal-core-f4240f989c3f
CVE-2019–0708 Windows RDP RCE 漏洞的影响面有多大,以及如何利用 Sigma 规则、Elastic、ArcSight 检测这种攻击 http://medium.com/@ab_65156/proactive-detection-content-cve-2019-0708-vs-mitre-att-ck-sigma-elastic-and-arcsight-22f9ebae7d82
利用 Slack Windows 版本客户端的漏洞窃取 Slack 用户下载的所有文件 http://link.medium.com/eFLkuCEvLW
WordPress 5.0.0 RCE(CVE-2019–6977) 漏洞的详细分析 http://medium.com/@knownsec404team/the-detailed-analysis-of-wordpress-5-0-rce-a171ed719681
CORS(跨域资源共享)错误配置漏洞的高级利用 http://link.medium.com/UTKkk4wvGW
组合 4 个 CSRF 漏洞搞定公司的账户 http://medium.com/a-bugz-life/4x-csrfs-chained-for-company-account-takeover-f9fada416986
如何利用 Confluence 未授权 RCE 漏洞(CVE-2019-3396)在6小时内黑掉 50+ 公司 http://link.medium.com/l0IpOUJXeW
Venator - SpecterOps 开发的一款用于 macOS 平台恶意软件行为检测的工具,这个工具会搜集可能会暴露恶意软件行为痕迹的信息,包括:launch_agents、browser extensions、bash_history 等等 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fintroducing-venator-a-macos-tool-for-proactive-detection-34055a017e56%3Fsource%3Drss----f05f8696e3cc---4
我是如何在 OWASP ModSecurity Core Rule Set (CRS) 中发现 5 个正则表达式拒绝服务漏洞的 http://medium.com/@somdevsangwan/how-i-found-5-redos-vulnerabilities-in-mod-security-crs-ce8474877e6e?sk=c64852245215d6fead387acbd394b7db
法国政府推出了一款通讯工具 Tchap,宣称比 Telegram 更加安全。研究员 Elliot Alderson 通过分析发了一个邮箱验证的漏洞,成功以 Tchap 雇员的身份登录了软件。 http://medium.com/@fs0c131y/tchap-the-super-not-secure-app-of-the-french-government-84b31517d144?source=friends_link&sk=59e15e44ba75dd78d7248262a4c8f0b7
基于P4wnP1镜像将Raspberry Pi Zero W变成badUSB设备,最终实现逃脱杀毒软件检测的安全研究 http://medium.com/@fbotes2/advance-av-evasion-symantec-and-p4wnp1-usb-c7899bcbc6af
作者发现阿里巴巴多个站点加载了 alipay 某个域名,该域名中返回的内容是可以通过 cookie 控制的,于是作者在 alipay 其他的子域名上找到了一处反射型 XSS(曲折的绕过了 WAF,cookie 设置的限制),通过此 XSS 设置上恶意的 cookie 后来完成账号的窃取。 http://link.medium.com/jNotfTcVSV
Rootpipe Reborn - macOS TimeMachine diagnose 扩展 Root 命令注入漏洞分析 http://medium.com/@CodeColorist/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43?source=friends_link&sk=3970823f97714fac1d04d75325e3cbac
使用 SSH Tunnel 进行端口转发和搭建 Socks5 代理 http://medium.com/tarkalabs/power-of-ssh-tunneling-cf82bc56da67
绕过域账户认证失败锁定次数限制的技巧 http://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
利用 HTML 注入漏洞泄漏用户数据 http://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
使用 ATT&CK Datamap 可视化展示潜在威胁 http://medium.com/@olafhartong/assess-your-data-potential-with-att-ck-datamap-f44884cfed11
滥用 macOS 的 Folder Actions 功能实现持久化控制 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Ffolder-actions-for-persistence-on-macos-8923f222343d
深入理解 Apple 的二进制属性列表 plist 格式 http://medium.com/@karaiskc/understanding-apples-binary-property-list-format-281e6da00dbd
使用 Sboxr 自动发现并利用 DOM XSS 漏洞 -  Part 2 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fautomating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-2-3b5c494148e0
XPWN 2018 Safari sandbox escape 中文版:https://weibo.com/ttarticle/p/show?id=2309404354112320866984 http://medium.com/p/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
使用 Sboxr 自动化发现和利用 DOM XSS - Part 1 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.appsecco.com%2Fautomating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1
使用 BadUSB 攻击路由设备控制目标网络 http://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
PostgreSQL 从 9.3 到 11.2 版本的认证用户任意命令执行漏洞披露(CVE-2019–9193) http://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
跨站点内容和状态类型泄漏 http://medium.com/@terjanq/cross-site-content-and-status-types-leakage-ef2dab0a492
从 RCE 到 LDAP 信息泄漏 http://medium.com/@thbcn/from-rce-to-ldap-access-9ce4f9d2fd78
分析 Metasploit Linux/x64 reverse shell payload http://medium.com/@0x0FFB347/analysis-of-some-metasploit-network-payloads-linux-x64-ab8a8d11bbae
如何为 WinDbg 和 LLDB 编写 ClrMD 扩展 http://medium.com/@kevingosse/writing-clrmd-extensions-for-windbg-and-lldb-916427956f66
我是如何在 redacted.com 挖到 Blind XSS 的 http://medium.com/@newp_th/how-i-find-blind-xss-vulnerability-in-redacted-com-33af18b56869
编写受密码保护的反弹 Shell (Linux/x64) http://medium.com/@0x0FFB347/writing-a-password-protected-reverse-shell-linux-x64-5f4d3a28d91a
Vimeo 从 SSRF 到 SSH Key 泄漏 http://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
红队评估物理环境安全性常用的五种方式 http://medium.com/@adam.toscher/top-5-ways-the-red-team-breached-and-assessed-the-physical-environment-fa567695b354
MikroTik RouterOS SMB 服务无需认证的 RCE 漏洞挖掘与利用(CVE-2018–7445) http://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1
通过 Excel 文件执行命令以反弹 Meterpreter shell 的不同方法 http://medium.com/@Bank_Security/ms-excel-weaponization-techniques-79ac51610bf5
微软针对云网络安全打造的 SIEM 解决方案 - Azure Sentinel 介绍 http://medium.com/@maarten.goet/microsoft-azure-sentinel-not-your-daddys-splunk-3775bda28f39
从 Xceedium Xsuite 远程代码执行漏洞到域管权限的实际案例 http://medium.com/@DanielC7/remote-code-execution-gaining-domain-admin-privileges-due-to-a-typo-dbf8773df767

medium 推荐

title url
Threat Hunter Playbook+Mordor Datasets+BinderHub=Infrastru... https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4
The Githubification of InfoSec https://medium.com/@johnlatwc/the-githubification-of-infosec-afbdbfaad1d1
Malicious document targets Vietnamese officials https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a
Top 10 Browser Extensions for Hackers & OSINT Researchers https://medium.com/@NullByteWht/top-10-browser-extensions-for-hackers-osint-researchers-fca19b469158
RouterOS Post Exploitation https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
Meteor Blind NoSQL Injection https://medium.com/rangeforce/meteor-blind-nosql-injection-29211775cd01
Automating Firmware Security with FwAnalyzer https://medium.com/cruise/firmware-security-fwanalyzer-dcbd95cef717
Auxiliary Loss Optimization for Hypothesis Augmentation fo... https://medium.com/@jason_trost/auxiliary-loss-optimization-for-hypothesis-augmentation-for-dga-domain-detection-98c382082514
A Top 10 Reading List if You’re Getting Started in Cyber ... https://medium.com/katies-five-cents/a-top-10-reading-list-if-youre-getting-started-in-cyber-threat-intelligence-c11a18fc9798
CTI Reading List https://medium.com/@sroberts/cti-reading-list-a93ccdd7469c
Assess your data potential with ATT&CK Datamap https://medium.com/@olafhartong/assess-your-data-potential-with-att-ck-datamap-f44884cfed11
Getting Started with ATT&CK: Detection and Analytics https://medium.com/mitre-attack/getting-started-with-attack-detection-a8e49e4960d0
Getting Started with ATT&CK: Threat Intelligence https://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f
A Debugging Primer with CVE-2019–0708 https://medium.com/@straightblast426/a-debugging-primer-with-cve-2019-0708-ccfa266682f6
Detecting Patterns with Unsupervised Learning https://medium.com/code-gin/detecting-patterns-with-unsupervised-learning-88ba737d4f34
Details of SIM port hack https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124?sk=4c29b27bacb2eff038ec8fe4d40cd615
Even more secret Telegrams https://medium.com/@labunskya/secret-telegrams-bdd2035b6e84
Stealing Downloads from Slack Users https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
Reversing Golang Binaries: Part-2 https://medium.com/@nishanmaharjan17/reversing-golang-binaries-part-2-26f522264d01
Reversing Golang Binaries: Part-1 https://medium.com/@nishanmaharjan17/reversing-golang-binaries-part-1-c273b2ca5333
An Old Cisco OpenSSH Bug https://medium.com/tenable-techblog/an-old-cisco-openssh-bug-342ce6679f61
How to start learning Digital Forensics https://medium.com/@a.alwashli/how-to-start-learning-digital-forensics-8038bcc9af6a
Android Cloak and Dagger Attack https://medium.com/@targetpractice/cloak-and-dagger-malware-techniques-demystified-c4d8a035b94e
Multiple Vulnerabilities + WAF bypass to Account Takeover https://medium.com/@y.shahinzadeh/chaining-multiple-vulnerabilities-waf-bypass-to-account-takeover-in-almost-all-alibabas-websites-f8643eaa2855
使用 BadUSB 攻击路由设备控制目标网络 https://medium.com/tenable-techblog/owning-the-network-with-badusb-72daa45d1b00
SigintOS: A Wireless Pentest Distro Review https://medium.com/@tomac/sigintos-a-wireless-pentest-distro-review-a7ea93ee8f8b
Reflected XSS in SolarWinds Database Performance Analyzer https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
Writing a Custom Shellcode Encoder https://medium.com/@0x0FFB347/writing-a-custom-shellcode-encoder-31816e767611
Writing a Password Protected Reverse Shell (Linux/x64) https://medium.com/@0x0FFB347/writing-a-password-protected-reverse-shell-linux-x64-5f4d3a28d91a
3 XSS in ProtonMail for iOS – Vladimir Metnew – Medium https://medium.com/@vladimirmetnew/3-xss-in-protonmail-for-ios-95f8e4b17054
SVG XLink SSRF fingerprinting libraries version – Arbaz H... https://medium.com/@arbazhussain/svg-xlink-ssrf-fingerprinting-libraries-version-450ebecc2f3c
Finding and exploiting CVE-2018–7445 https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1
Host Header Poisoning in IBM Websphere https://medium.com/@x41x41x41/host-header-poisoning-in-ibm-websphere-3d459a990f00

知乎 推荐

title url
复旦白泽战队对《Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations》 Paper 的解读 https://zhuanlan.zhihu.com/p/74947208
复旦白泽团队对 Paper《Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation》的解读 https://zhuanlan.zhihu.com/p/73982491
复旦白泽战队对 NDSS 2019 《REDQUEEN: Fuzzing with Input-to-State Correspondence》 Paper 的解读 https://zhuanlan.zhihu.com/p/72839694
复旦白泽战队对《Protocol state machine fuzzing of TLS Implementations》 paper 的解读 https://zhuanlan.zhihu.com/p/68058146

知乎 推荐

title url
再谈安全运营 https://zhuanlan.zhihu.com/p/84591095
机器学习科研的十年 https://zhuanlan.zhihu.com/p/74249758
风控引擎的演进及设计思想 https://zhuanlan.zhihu.com/p/73181470
安全分析中的威胁情报(二):ATT&CK https://zhuanlan.zhihu.com/p/73172883
针对机器学习模型的成员推理攻击 https://zhuanlan.zhihu.com/p/70982640
基于攻防演练的社会工程案例猜想 https://zhuanlan.zhihu.com/p/67953724
首届云安全挑战赛之线上热身赛解题分享 https://zhuanlan.zhihu.com/p/68800032
安全分析中的威胁情报(一) https://zhuanlan.zhihu.com/p/68780251
机器学习方法在二进制分析中的应用与思考 https://zhuanlan.zhihu.com/p/68538874
知识图谱怎么入门 https://zhuanlan.zhihu.com/p/65457826
使用Suricata和ELK进行流量检测 https://zhuanlan.zhihu.com/p/64742715
风控对抗中的常规特征及处置选择 https://zhuanlan.zhihu.com/p/62525083
.NET CLR注入方法探讨 https://zhuanlan.zhihu.com/p/61464591
kaggle 首战拿金牌总结 https://zhuanlan.zhihu.com/p/60953933
ICS安全工具系列3.1:多功能安全工具 https://zhuanlan.zhihu.com/p/60080122
ICS安全工具系列3.2:攻击指标(IOC)检测工具 https://zhuanlan.zhihu.com/p/60080388
ICS安全工具系列3.3:网络流量检测工具 https://zhuanlan.zhihu.com/p/60091755
控制系统设备:架构和供应渠道概述 https://zhuanlan.zhihu.com/p/58878866
基于机器学习的攻击检测(二)下-lstm实现 https://zhuanlan.zhihu.com/p/58732540
基于机器学习的攻击检测(二)上-理解lstm https://zhuanlan.zhihu.com/p/58725390
基于机器学习的攻击检测(一) https://zhuanlan.zhihu.com/p/58689080
基于深度学习的webshell检测(二) https://zhuanlan.zhihu.com/p/58683374
基于机器学习的webshell检测(一) https://zhuanlan.zhihu.com/p/58676764

论坛 推荐

title url
代码审计zzcms https://xz.aliyun.com/t/7006
国外某cms审计之文件删除漏洞 https://xz.aliyun.com/t/6999
通过AST来手撕Pickle opcode https://xz.aliyun.com/t/7012
Log4j反序列化分析(CVE-2019-17571&CVE-2017-5645) https://xz.aliyun.com/t/7010
挖洞神器之XRAY使用初体验 https://xz.aliyun.com/t/6981
blind-pwn系列总结+创新 https://xz.aliyun.com/t/6984
记针对某单位一次相对完整的渗透测试 https://xz.aliyun.com/t/6979
内网穿透及端口转发大合集 https://xz.aliyun.com/t/6966
PHP代码审计入门篇bluecms https://xz.aliyun.com/t/6946
Android内核漏洞学习——CVE-2014-3153分析(2) https://xz.aliyun.com/t/6948
H1ve--开源攻防训练平台 https://xz.aliyun.com/t/6889
Python中有潜在代码执行风险的函数(一) https://xz.aliyun.com/t/6902
Weblogic-T3-CVE-2019-2890-Analysis https://xz.aliyun.com/t/6904
Python模板注入(SSTI)深入学习 https://xz.aliyun.com/t/6885
Linux逆向之调试&反调试 https://xz.aliyun.com/t/6882
NJUPT CTF 天璇Writeup https://xz.aliyun.com/t/6876
漏洞验证和利用代码编写指南 https://xz.aliyun.com/t/6880
一篇文章带你读懂 HTTP Smuggling 攻击 https://xz.aliyun.com/t/6878
持久化研究-Scheduled Tasks https://xz.aliyun.com/t/6822
回调函数绕过D盾小套路 https://xz.aliyun.com/t/6823
路由器破解初探之栈溢出漏洞利用 https://xz.aliyun.com/t/6808
Java反序列化漏洞原理解析 https://xz.aliyun.com/t/6787
Web中间件漏洞总结之Nginx漏洞 https://xz.aliyun.com/t/6801
Redhat 线下赛 WEB WP https://xz.aliyun.com/t/6826
iTerm2 任意命令执行漏洞分析(CVE-2019-9535) https://xz.aliyun.com/t/6796
分析并使用python3编写meterpreter加载器绕过AV https://xz.aliyun.com/t/6782
从锐捷某系统鸡肋XSS到通用WAF绕过 https://xz.aliyun.com/t/6733
2019红帽杯 Writeup by X1cT34m https://xz.aliyun.com/t/6746
从Kibana-RCE对nodejs子进程创建的思考 https://xz.aliyun.com/t/6755
基于主机的反弹shell检测思路 https://xz.aliyun.com/t/6727
从0到1打造一款堪称完美antSword(蚁剑) https://xz.aliyun.com/t/6701
基于卷积神经网络的恶意代码家族标注 https://xz.aliyun.com/t/6705
PHP反序列化拓展攻击详解--phar https://xz.aliyun.com/t/6699
关于子域名劫持的一些总结 https://xz.aliyun.com/t/6683
Shellcode编码技术 https://xz.aliyun.com/t/6665
深入了解子域名挖掘tricks https://xz.aliyun.com/t/6617
angr 入门介绍(二) https://xz.aliyun.com/t/6569
angr 入门介绍(一) https://xz.aliyun.com/t/6557
加密Webshell“冰蝎”攻防 https://xz.aliyun.com/t/6550
jsonp的一些安全问题 https://xz.aliyun.com/t/6539
v8 exploit - RealWorld CTF2019 accessible https://xz.aliyun.com/t/6507
Windows样本高级静态分析之识别汇编中C代码结构(switch) https://xz.aliyun.com/t/6505
eve-ng搭建攻防域环境 https://xz.aliyun.com/t/6504
“北极星杯”AWD线上赛复盘 https://xz.aliyun.com/t/6477
Hacking Windows 备忘录 https://xz.aliyun.com/t/6498
ThinkPHP5.1.X反序列化利用链 https://xz.aliyun.com/t/6467
2019浙江省大学生网络与信息安全竞赛决赛部分WriteUp https://xz.aliyun.com/t/6458
基于qemu和unicorn的Fuzz技术分析 https://xz.aliyun.com/t/6457
windows中常见后门持久化方法总结 https://xz.aliyun.com/t/6461
“第五空间”网络安全线下赛PWN部分WRITEUP https://xz.aliyun.com/t/6431
建立加密socks5转发的两种方法 https://xz.aliyun.com/t/6447
2019工业信息安全技能大赛个人线上赛第二场(5道) writeup https://xz.aliyun.com/t/6445
内网渗透之端口转发、映射、代理 https://xz.aliyun.com/t/6349
钓鱼邮件的投递和伪造 https://xz.aliyun.com/t/6325
QQ空间流氓转发分析 https://xz.aliyun.com/t/6238
深度学习检测恶意PowerShell新方法 https://xz.aliyun.com/t/6247
通过基于时间的侧信道攻击识别WAF规则 https://xz.aliyun.com/t/6175
TP Link SR20 ACE漏洞分析 https://xz.aliyun.com/t/6073
固件修改及编译记录 https://xz.aliyun.com/t/6053
华为路由器 H532G 漏洞分析 https://xz.aliyun.com/t/6116
拦截Android Flutter应用程序流量的研究 https://xz.aliyun.com/t/6149
基于访问日志的异常请求检测 https://xz.aliyun.com/t/6117
单机日志分析工具-logC https://xz.aliyun.com/t/5894
web.config文件上传技术研究 https://xz.aliyun.com/t/6037
拟态防御系列问题分析 https://xz.aliyun.com/t/5953
基于机器学习的jsp/jspx webshell检测 https://xz.aliyun.com/t/5994
SURF路由器安全漏洞研究 https://xz.aliyun.com/t/5884
CobaltStrike插件开发官方指南 Part2 https://xz.aliyun.com/t/5892
CobaltStrike插件开发官方指南 Part1 https://xz.aliyun.com/t/5887
一次真实axis2渗透测试 https://xz.aliyun.com/t/5832
关于对antSword(蚁剑)进行流量混淆处理的解决方案 https://xz.aliyun.com/t/5756
论菜鸡pwn手如何在无网环境下生存 https://xz.aliyun.com/t/5749
2019年四川省大学生信息安全技术大赛AWD简单分析 https://xz.aliyun.com/t/5793
国赛决赛laravel的另一种不完美做法 https://xz.aliyun.com/t/5816
路由器漏洞分析系列(4):CVE-2019-7297 7298 D-Link DIR-823G ... https://xz.aliyun.com/t/5705
路由器漏洞分析系列(3):CVE-2018-20057 DIR-619L&605L后门漏洞... https://xz.aliyun.com/t/5702
反溯源-cs和msf域名上线 https://xz.aliyun.com/t/5728
FastJson最新反序列化漏洞分析 https://xz.aliyun.com/t/5680
精简版SDL落地实践 https://xz.aliyun.com/t/5656
赛博杯2019 Write Up https://xz.aliyun.com/t/5648
CVE-2019-0863漏洞分析 https://xz.aliyun.com/t/5571
Discuz!ML V3.X 代码注入分析 https://xz.aliyun.com/t/5638
phpMyAdmin 文件包含复现分析 https://xz.aliyun.com/t/5534
拟态防御题型pwn&web初探 https://xz.aliyun.com/t/5532
浅析PHP文件包含及其getshell的姿势 https://xz.aliyun.com/t/5535
通过异常处理机制实现漏洞利用 https://xz.aliyun.com/t/5480
Laravel5.7反序列化漏洞之RCE链挖掘 https://xz.aliyun.com/t/5483
Google2019CTF web 解题思路 https://xz.aliyun.com/t/5503
macOS恶意软件驻留技术分析 https://xz.aliyun.com/t/5463
强网杯线下Router-路由器漏洞挖掘 https://xz.aliyun.com/t/5468
无监督异常检测模型原理与安全实践 https://xz.aliyun.com/t/5378
基于污点分析的XSS漏洞辅助挖掘的一种方式 https://xz.aliyun.com/t/5380
从外网到内网的渗透姿势分享 https://xz.aliyun.com/t/5330
一次不完美的Jboss渗透 https://xz.aliyun.com/t/5326
某CMS组合漏洞至Getshell https://xz.aliyun.com/t/5277
CVE-2018-12067及类似漏洞分析与相关思考 https://xz.aliyun.com/t/5248
国赛-bbvvmm-SM4逆向分析,虚拟机指令分析 https://xz.aliyun.com/t/5195
APT28分析之CVE-2015-1641样本分析 https://xz.aliyun.com/t/5198
RCTF 2019 Web Writeup https://xz.aliyun.com/t/5218
一次综合渗透测试 https://xz.aliyun.com/t/5128
我的CSP绕过思路及总结 https://xz.aliyun.com/t/5084
Kerberos Security https://xz.aliyun.com/t/5004
Google搜索中的突变XSS https://xz.aliyun.com/t/4865
HiSilicon DVR 黑客笔记 https://xz.aliyun.com/t/4840
Windows常见backdoor、权限维持方法及排查技术 https://xz.aliyun.com/t/4842
2019-DDCTF-WEB-WriteUp https://xz.aliyun.com/t/4862
Spring Cloud Config Server 路径穿越与任意文件读取漏洞分析 https://xz.aliyun.com/t/4844
2019掘安杯web writeup https://xz.aliyun.com/t/4741
Ethereal 靶机渗透 https://xz.aliyun.com/t/4672
Java 反序列化过程深究 https://xz.aliyun.com/t/4761
MongoShake—基于MongoDB的跨数据中心的数据复制平台 https://yq.aliyun.com/articles/603329
对某网的一次渗透测试纪实 https://xz.aliyun.com/t/4694
AFL源码分析笔记(一) https://xz.aliyun.com/t/4628
OSINT Primer:组织(第3部分) https://xz.aliyun.com/t/4600
OSINT Primer:人员(第2部分) https://xz.aliyun.com/t/4599
RemTeam攻击技巧和安全防御 https://xz.aliyun.com/t/4602
从零开始Java代码审计系列(一) https://xz.aliyun.com/t/4558
CVE-2014-4113内核漏洞分析 https://xz.aliyun.com/t/4456
跨域方式及其产生的安全问题 https://xz.aliyun.com/t/4470
浅析MS Excel武器化 https://xz.aliyun.com/t/4426
.NET高级代码审计(第二课) Json.Net反序列化漏洞 https://xz.aliyun.com/t/4464
.NET高级代码审计(第一课)XmlSerializer反序列漏洞 https://xz.aliyun.com/t/4374
Kubernetes安全入门 https://xz.aliyun.com/t/4276
一个威胁数万用户GPON家用路由器 的RCE https://xz.aliyun.com/t/4242
探索CobaltStrike的External C2框架 https://xz.aliyun.com/t/4220

日更新程序

python update_daily.py