Skip to content

Latest commit

 

History

History
106 lines (88 loc) · 11.8 KB

README_202108.md

File metadata and controls

106 lines (88 loc) · 11.8 KB

数据--所有

数据--年度

202108 信息源与信息类型占比

202108-信息源占比-secwiki

202108-信息源占比-xuanwu

202108-最喜欢语言占比

政策 推荐

title url
关键信息基础设施安全保护条例 http://www.gov.cn/zhengce/content/2021-08/17/content_5631671.htm

微信公众号 推荐

nickname_english weixin_no title url
雁行安全团队 YX_Security 我是如何捡到Jetty CVE的 https://mp.weixin.qq.com/s/Uj-gwD2QNer-6CnyR9DW7A
知识工场 fudankw 主题报告丨从知识图谱到认知智能 https://mp.weixin.qq.com/s/Qa9nSkN3Yj2AEPkfdUJwMw
数说安全 csreviews 谭晓生:中国网络安全技术趋势分析 https://mp.weixin.qq.com/s/CxGlNaCpDbnJXLIqeHJriQ
信息通信技术与政策 caict_dsc 专题丨网络空间测绘技术的实践与思考 https://mp.weixin.qq.com/s/sjHKGw6tZ7q-2HMnxLYpoQ
云头条 YunTouTiao 中央集采安全软件:17 家中标安全管理中心、9 家基线扫描、13 家漏洞扫描、16 家日志审计、5 家终端安全 https://mp.weixin.qq.com/s/Yni5Yw6SOLOJEvRbiSSRVg
青衣十三楼飞花堂 gh_9feb5a276a2a 漫谈PHP反汇编器/反编译器 https://mp.weixin.qq.com/s/bmdSyZem46aukj_hvLhu0w
漏洞战争 vulwar BlackHat USA 2021 洞察(三):议题技术解读 https://mp.weixin.qq.com/s/BCdN9KOFpCYUKQ_SNSgPPQ
湛卢工作室 xuehao_studio 说说JAVA反序列化 https://mp.weixin.qq.com/s/t2hMiPg0-qrgGIyysG9e_A
开放知识图谱 OpenKG-CN 论文浅尝 , 面向开放域的无监督实体对齐 https://mp.weixin.qq.com/s/gH1VNCUVT5Hd5lGaGvEO2w
云鼎实验室 YunDingLab 浅谈云上攻防——对象存储服务访问策略评估机制研究 https://mp.weixin.qq.com/s/ncWGrMsIAvh9HEK1QC5IGQ
默安逐日实验室 gh_995a1a9f25b5 VMware_vCenter 近期漏洞分析 https://mp.weixin.qq.com/s/W_vJA8tr_qFS1ff-lVy9Kw
锦行信息安全 jeeseensec SSH软链接后门利用和原理 https://mp.weixin.qq.com/s/CFPUbsblrV1MyDIGLaFKDg
绿盟科技研究通讯 nsfocus_research 数据脱敏的风险量化评估方案 https://mp.weixin.qq.com/s/ItTpyty3LMSxwy8YL86CLg
看雪学院 ikanxue JSONP和CORS跨域漏洞学习笔记 https://mp.weixin.qq.com/s/FGGdgpBLcUciSXqkqkE40g
元起资本 YuanPartners 从侠客到统帅——安全创业者Go to Market策略 https://mp.weixin.qq.com/s/h3rzwBP1mCHDQubUBiTicw
腾讯安全应急响应中心 tsrc_team 自动化数据分析下的威胁发现 https://mp.weixin.qq.com/s/vHXQcfOcnuehzhrnPn9nSQ
网安国际 inforsec 加州大学钱志云:那些计算机应用领域的脑洞是怎么产生的 https://mp.weixin.qq.com/s/295bsChkW6EC5xemDUUExA
SilverNeedleLab SilverNeedle_Lab Java内存攻击技术漫谈 https://mp.weixin.qq.com/s/JIjBjULjFnKDjEhzVAtxhw
ChaMd5安全团队 chamd5sec 关于路由器的CGI漏洞分析及挖掘 https://mp.weixin.qq.com/s/1Fqb0j_gsm-eHF1uOwVgBw
蓝鸟安全 gh_d365aca1d051 应急响应,Windows上机取证检查 https://mp.weixin.qq.com/s/2iyXBrobI2WjGmpsCrjUxw
绿盟科技威胁情报 NSFOCUS_NTI Lorec53组织分析报告- 攻击组件部分 https://mp.weixin.qq.com/s/t_d8I4l0SnzGDXLRmmQzYg
leveryd gh_8d7f6ed4daff 全流量入侵检测系统的性能分析 https://mp.weixin.qq.com/s/7_ZrnKVaWuBjXCgmqdaUAQ
莫哥谈安全 gh_247dfbdf3d43 如何做好一个威胁情报聚合查询平台及如何利用该平台来进行安全运营工作 https://mp.weixin.qq.com/s/dq-jL2t0nd9-F0_i7sU9_g
穿过丛林 gh_f90eac70537b 二进制漏洞利用可视化技术研究 https://mp.weixin.qq.com/s/2AW9FzVr3xaRsUbsiZ9cRQ
微步在线研究响应中心 gh_c108d4d389bf APT29—觊觎全球情报的国家级黑客组织(上) https://mp.weixin.qq.com/s/x0Y8psN_luaIH8dfQjwp3w
一个人的安全笔记 xjiek2015 [HTB] Spectra Writeup https://mp.weixin.qq.com/s/nDTJk9m4-gpd-S9j0i1w1A
PaperWeekly paperweekly ACL 2021 , 基于词依存信息类型映射记忆神经网络的关系抽取 https://mp.weixin.qq.com/s/BV1u8zq0YoP2yOKpKD_xNw
360威胁情报中心 CoreSec360 南亚地区APT组织2020年度攻击活动回顾(上) https://mp.weixin.qq.com/s/IG8g8F6-YqTTcGX1BaSNaQ
关键基础设施安全应急响应中心 CII-SRC 原创 , 《党委(党组)网络安全工作责任制实施办法》解读 https://mp.weixin.qq.com/s/ZzFx2Leu7DYhm39Kacofcg
Seebug漏洞平台 seebug_org 使用 GDB 获取软路由的文件系统 https://mp.weixin.qq.com/s/FWprX-R1EfWrPMNa0WPedA
FuzzWiki gh_fcf21e658324 fuzzing check分支概述 https://mp.weixin.qq.com/s/7JdHPEo6DyxOjFuw1VMlqg
编程语言Lab HW-PLLab 浅谈程序分析 https://mp.weixin.qq.com/s/l5NAWWQ584uXCO_HRMvQ0A
我需要的是坚持 MyPersistence2020 做红队你需要学习“如何挖掘战壕”(三) https://mp.weixin.qq.com/s/OO_VZ8QB_J5UY88qkpLXDg
安全学术圈 secquan Android生态系统中分析库的隐私风险分析和缓解 https://mp.weixin.qq.com/s/ItQUSf2PsA7KsSHryAGfmw
威胁棱镜 THREAT_PRISM 如何利用多杀软结果归并恶意软件家族名称 https://mp.weixin.qq.com/s/hOvqm0U7rc-NNdVjR0dAaA
SecWiki SecWiki Linux计划任务那点事儿 https://mp.weixin.qq.com/s/KfeKpoPj-X7BRNR7O6QAcw
M01N Team m01nteam 攻击技术研判|Lazarus结合NDay投递VBA恶意远控的攻击分析 https://mp.weixin.qq.com/s/x7L3R9iQdnrnEKpfop92Gg
腾讯技术工程 Tencent_TEG 攻防启示:Chromium组件风险剖析与收敛 https://mp.weixin.qq.com/s/AZhzOGjh_DtFRnkt1zunxQ

私人github账号 推荐

github_id title url p_url p_profile p_loc p_company p_repositories p_projects p_stars p_followers p_following repo_lang repo_star repo_forks
uxmal Reko - 一款开源的反汇编工具,自动 GUI https://github.com/uxmal/reko https://github.com/uxmal?tab=followers I like picking software apart and putting it back together. Sweden None 64 0 0 0 0 C# 0 0
soxoj maigret: Collect a dossier on a person by username from th... https://github.com/soxoj/maigret None None None None 0 0 0 0 0 None 0 0
seed-labs seed-emulator: A Python framework for creating emulation of the Internet. https://github.com/seed-labs/seed-emulator None None None None 0 0 0 0 0 Python,TeX 0 0
reviewdog reviewdog: Automated code review tool integrated with any ... https://github.com/reviewdog/reviewdog None None None None 0 0 0 0 0 TypeScript,Ruby,JavaScript,Shell,Go,Dockerfile 0 0
mcdulltii 自动检测代码混淆情况的 IDA Pro 插件 https://github.com/mcdulltii/obfDetect https://github.com/mcdulltii?tab=followers A programming enthusiast that does image synthesis on the side. Singapore None 25 1 0 0 0 Python,C,Shell,JavaScript 0 0
ice-doom EyeJo: 一款自动化资产风险评估平台 https://github.com/ice-doom/EyeJo https://github.com/ice-doom?tab=followers None None 2 0 0 0 0 Python,C++ 0 0
firmianay firmeye - IoT固件漏洞挖掘工具 https://github.com/firmianay/firmeye https://github.com/XDSEC Security researcher & CTF Player & member of @XDSEC, @xdlinux, @LCTF China Xidian University 24 0 0 0 0 Python,C 0 0
dipjyotimetia HybridTestFramewrok: End to End testing of Web, API and Se... https://github.com/dipjyotimetia/HybridTestFramewrok#setup--tools https://github.com/dipjyotimetia?tab=followers Software Engineer Melbourne, Australia anz 435 0 0 0 0 Go,TypeScript,Java 0 0
boku7 Cobalt Strike BOF - Inject AMSI Bypass https://github.com/boku7/injectAmsiBypass https://github.com/boku7?tab=followers SpiderLabs , OSWE , eWPTX , OSCE , eCXD , OSCP , SLAE32,64 United States Trustwave SpiderLabs 42 0 0 0 0 C,Assembly 0 0
TideSec TideFinger: 开源指纹工具 https://github.com/TideSec/TideFinger https://github.com/TideSec?tab=followers 一心不动,大巧不工。 China Tide 19 0 0 0 0 Python,PHP,Ruby,XSLT 0 0
SummerSec learning-codeql: CodeQL Java 全网最全的中文学习资料 https://github.com/SummerSec/learning-codeql https://github.com/SummerSec?tab=followers None None 47 0 0 0 0 Shell,Java,Python,BitBake,HTML,CSS 0 0
GuidoBartoli sherloq - 一款开源的图片取证分析工具 https://github.com/GuidoBartoli/sherloq https://github.com/GuidoBartoli?tab=followers My education is in software development as well as my current job, but my passion is photography. I love to code apps fusing the best of both worlds. Tuscany, ITALY www.zcscompany.com 2 0 0 0 0 Perl 0 0
GhostPack Certify - Active Directory Certificate Services 错误配置检测工具 https://github.com/GhostPack/Certify None None None None 0 0 0 0 0 None 0 0
G-Security-Team GSLibrary: 轻量级知识库&POC管理平台 https://github.com/G-Security-Team/GSLibrary None None None None 0 0 0 0 0 None 0 0
CHYbeta Nginx 场景绕过之一: URL white spaces + Gunicorn https://github.com/CHYbeta/OddProxyDemo/blob/master/nginx/demo1/README.md https://github.com/CHYbeta?tab=followers China XMU 31 0 0 0 0 Python,HTML 0 0
BloodHoundAD BloodHound:Six Degrees of Domain Admin https://github.com/BloodHoundAD/BloodHound None None None None 0 0 0 0 0 None 0 0

medium 推荐

title url
利用 Trust Policy 访问模型的古老特性实现 AWS 的特权 http://rzepsky.medium.com/aws-privilege-escalation-exploring-odd-features-of-the-trust-policy-7a970a32861
利用存储式 XSS 漏洞利用实现 ManageEngine ServiceDesk Plus RCE http://medium.com/tenable-techblog/stored-xss-to-rce-chain-as-system-in-manageengine-servicedesk-plus-493c10f3e444
运维管理工具 ManageEngine 整数溢出漏洞到 RCE(CVE-2021–20082) http://medium.com/tenable-techblog/integer-overflow-to-rce-manageengine-asset-explorer-agent-cve-2021-20082-7e54cb2caad5
1Password App 管理密码的实现细节 http://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2F1password-secret-retrieval-methodology-and-implementation-6a9db3f3c709
How to Hack Apple ID http://zemnmez.medium.com/how-to-hack-apple-id-f3cc9b483a41
Common GraphQL Misconceptions http://securitygoat.medium.com/common-graphql-misconceptions-a-rant-489647167ca3
Using ProxyCannon-NG to Create Unlimited Rotating Proxies http://medium.com/@devinjaystokes/using-proxycannon-ng-to-create-unlimited-rotating-proxies-fccffa70a728
利用 Apple AWDL 协议从物理隔离的环境中向外渗透数据 http://medium.com/sensorfu/escaping-from-a-truly-air-gapped-network-via-apple-awdl-6cf6f9ea3499
利用 CVE-2021-20090 漏洞绕过 Arcadyan 路由器的认证 http://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2

知乎 推荐

title url
Microsoft对于信息安全建设与业务发展之间平衡的思考(上) https://zhuanlan.zhihu.com/p/376562987

日更新程序

python update_daily.py