Skip to content

Latest commit

 

History

History
135 lines (116 loc) · 15.4 KB

tech_info_202101.md

File metadata and controls

135 lines (116 loc) · 15.4 KB
Raw

互联网安全 推荐

ts title url

玄武实验室 推荐

ts title url
20210131 渗透基础——Exchange Autodiscover的服务使用 https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E5%9F%BA%E7%A1%80-Exchange-Autodiscover%E7%9A%84%E4%BD%BF%E7%94%A8/
20210129 研究员在西数 My Cloud Pro NAS 设备发现两个漏洞在 Pwn2Own 赛前被补了 https://www.crowdstrike.com/blog/pwn2own-tale-of-a-bug-found-and-lost-again/
20210129 How We Escaped Docker in Azure Functions https://www.intezer.com/blog/research/how-we-escaped-docker-in-azure-functions/
20210129 Learning Linux Kernel Exploitation - Part 2 https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/
20210129 Exploiting a “Simple” Vulnerability – Part 1.5 – The Info Leak https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/
20210129 用于处理 Yara 规则的 libyara 库被发现多个漏洞 https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
20210129 Bad Neighbor on FreeBSD - FreeBSD IPv6 协议栈路由协议相关 4 个漏洞分析 https://blog.quarkslab.com/bad-neighbor-on-freebsd-ipv6-router-advertisement-vulnerabilities-in-rtsold-cve-2020-25577.html
20210129 Deep into the SunBurst Attack https://research.checkpoint.com/2021/deep-into-the-sunburst-attack/
20210128 Mitigating Abuse of Android Application Permissions and Special App Accesses https://medium.com/mitre-attack/mobile-attack-mitigating-android-abuse-50516fb7de85
20210128 Introducing FComm – C2 Lateral Movement https://labs.nettitude.com/blog/introducing-fcomm-c2-lateral-movement/
20210128 Using Cloudflare Workers as Redirectors https://ajpc500.github.io/c2/Using-CloudFlare-Workers-as-Redirectors/
20210128 Office 开始支持基于 Hyper-V 容器的 Application Guard 保护机制 https://techcommunity.microsoft.com/t5/microsoft-security-and/application-guard-for-office-now-generally-available/ba-p/2007539
20210128 这两天黑客攻击安全研究员事件相关 C&C 通信机制的分析 https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74
20210128 Reverse Engineering iMessage: Leveraging the Hardware to Protect the Software https://www.nowsecure.com/blog/2021/01/27/reverse-engineering-imessage-leveraging-the-hardware-to-protect-the-software/
20210128 NAT Slipstreaming v2.0 - NAT/防火墙内网隔离策略绕过的新变种 https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
20210128 ERNW Whitepaper 71 - 多种反病毒软件隔离文件的文件格式的分析 https://insinuator.net/2021/01/ernw-whitepaper-71-analysis-of-anti-virus-software-quarantine-files/
20210128 检测逃避恶意软件TeamTNT分析。 https://threatpost.com/teamtnt-cloaks-malware-open-source-tool/163414/
20210128 根据研究人员最新研究发现远程攻击者利用网络地址转换(NAT)滑流攻击对网络设备安全威胁。 https://threatpost.com/remote-attackers-internal-network-devices-nat-slipstreaming/163400/
20210128 为被动扫描器量身打造一款爬虫 - LSpider https://paper.seebug.org/1473/
20210128 XNU kauth 子系统解读 https://paper.seebug.org/1472/

安全维基 推荐

ts title url
20210131 2020年区块链生态安全态势年度报告 https://ncstatic.clewm.net/rsrc/2021/0129/15/e93a0825fa2b6d35b2ee59b70fab6bbb.pdf
20210131 2020年工业控制网络安全态势白皮书 https://ncstatic.clewm.net/rsrc/2021/0126/18/b93622f8d42d6529cfc7ed8b03d48efe.pdf
20210131 安全基线建设指南 https://mp.weixin.qq.com/s/ayhKILhCMUgFOKLcX0Y_3Q
20210129 CTF-小游戏解密俄罗斯方块 https://www.hetianlab.com/specialized/20210126131003
20210129 一次hvv中的asmx上传绕过waf记录 https://www.sec-in.com/article/854
20210128 远程命令与代码执行总结 https://www.anquanke.com/post/id/229611
20210128 为被动扫描器量身打造一款爬虫 https://paper.seebug.org/1473/
20210128 记一次面试bypass宝塔+安全狗的手注 https://www.hetianlab.com/specialized/20210126141706
20210128 CRC背后的故事 https://mp.weixin.qq.com/s/Qx6AuQkxqJO3Ob2REj9Myw
20210128 破解与攻击智能门锁 https://mp.weixin.qq.com/s/IY6j0v9pG4j-JlozEk7Jzw

CVE Github 推荐

ts cve_id title url cve_detail
20210131T23:03:53Z CVE-2021-3156 A docker environment to research CVE-2021-3156 https://github.com/apogiatzis/docker-CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.
20210131T19:58:35Z CVE-2021-3345 Null https://github.com/MLGRadish/CVE-2021-3345
20210131T16:10:16Z CVE-2021-3156 Null https://github.com/kal1gh0st/CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.
20210131T13:08:37Z CVE-2021-3156 CVE-2021-3156 https://github.com/ymrsmns/CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.
20210131T07:02:46Z CVE-2021-3156 复现别人家的CVEs系列 https://github.com/Q4n/CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.
20210131T00:21:17Z CVE-2020-1350 HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019. https://github.com/ZephrFish/CVE-2020-1350 A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka %Windows DNS Server Remote Code Execution Vulnerability%.
20210130T16:37:11Z CVE-2021-3156 This simple bash script will patch the recently discovered sudo heap overflow vulnerability. https://github.com/elbee-cyber/CVE-2021-3156-PATCHER Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.
20210130T12:40:23Z CVE-2021-3156 1day research effort https://github.com/kernelzeroday/CVE-2021-3156-Baron-Samedit Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.
20210130T02:50:57Z CVE-2021-3156 Null https://github.com/Serpentiel/CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.
20210129T14:32:24Z CVE-2021-3156 Null https://github.com/baka9moe/CVE-2021-3156-Exp Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.

klee on Github 推荐

ts title url stars forks
20210131T22:11:22Z Spring 2021 Geography 817 work folder https://github.com/klee12/klee12.github.io 0 0
20210131T21:04:51Z Symbiotic is a tool for finding bugs in computer programs based on instrumentation, program slicing and KLEE https://github.com/staticafi/symbiotic 212 34
20210131T12:22:26Z An open-source Chinese font derived from Fontworks% Klee One https://github.com/lxgw/LxgwWenKai 5 0
20210131T00:48:35Z KLEE Symbolic Execution Engine https://github.com/klee/klee 1620 481
20210131T00:39:04Z ( Create file store & Sell paid groups & Subscription system ) -> on kleeja https://github.com/kleeja-official/kleeja_payment 2 1
20210130T09:50:17Z Null https://github.com/h2q8khor/kleefgaqbv 0 0
20210129T15:22:16Z RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs. https://github.com/project-oak/rust-verification-tools 107 6
20210129T06:49:53Z Null https://github.com/fontworks-fonts/Klee 340 9
20210129T04:16:14Z Null https://github.com/kleelab/kleelab.github.io 0 0
20210128T22:07:42Z The compiler inputs a PDDL benchmark of the Carpark planning problem and converts it to an equivalent C code which is used for solving the planning problem by program verification tools such as KLEE/TracerX. https://github.com/daneshvar-amrollahi/Carpark-PDDL2C 0 0

s2e on Github 推荐

ts title url stars forks
20210129T14:59:46Z S2E: A platform for multi-path program analysis with selective symbolic execution. https://github.com/S2E/s2e 96 22
20210126T23:21:10Z Your S2E project management tools. Visit https://s2e.systems/docs to get started. https://github.com/S2E/s2e-env 70 30
20210125T15:40:42Z Null https://github.com/yuvalkirstain/s2e-coref 1 1
20210118T16:24:13Z Null https://github.com/sabasabzeh/s2Exercise 0 0
20210111T14:49:47Z Convert geojson to s2 region cells in different levels https://github.com/ponlawat-w/uji_mt-s2encoding 0 0
20210108T20:19:44Z Robo Hazel is a robot prototype made using Arduino and WIZnet S2E module to advance industry 4.0 and solve the problem of message delivery. https://github.com/hamzakhalidhk/RoboHazel 0 0
20210108T15:14:31Z Convert geojson to s2 region cells in different levels https://github.com/ponlawat-w/uji_mt-geojson_s2encoding 0 0
20210106T02:55:41Z GUI Configuration tool for WIZnet serial to ethernet devices. https://github.com/Wiznet/WIZnet-S2E-Tool-GUI 11 7

exploit on Github 推荐

ts title url stars forks
20210131T23:45:30Z ASLR Evasion, Egghunters, SEH Overwrites https://github.com/freddiebarrsmith/Advanced-Windows-Exploit-Development-Practice 9 1
20210131T23:43:05Z forked version of funtuna, a homebrew ps2 app launcher designed to ease the pain of getting a stable exploit for those that have a console uncompatible with FreeMcBoot that doesnt have a modchip https://github.com/israpps/Funtuna-Fork 1 0
20210131T22:25:55Z In this paper I will initially retrace the path marked by Ray C. Fair with his long lasting series of presidential elections forecasts exploiting the same variables he uses but enriching the model with panel data. Exploiting the Fixed Effects estimation I will then add new variables that, according to our intuition, could lead to an overall improvement of the model and test for them applying the LASSO algorithm for model selection. I will finally infer the results and explore the possible challenges in disentangling causality from correlation https://github.com/Hainexx/A_Brief_Panel_Data_Analysis_to_Forecast_US_Presidential_Elections 0 0
20210131T22:24:48Z Testing the hyphotesis of cointegration of two term structures through Dickey-Fuller tests and Engle-Granger causality. Finally I exploit the VECM to infer the model and through the Cholesky decomposition I analyze SIRF and FEVD https://github.com/Hainexx/A_Brief_Time_Series_Analysis_of_German_Bund_Term_Structure_of_Interest_Rate 0 0
20210131T22:23:26Z I designed a naive shiny web application which is intended to take a string of words and predict the next possible word based on the probability of occurrence exploiting Markov chains. https://github.com/Hainexx/An_NLP_algorithm_for_interactive_prediction 0 0
20210131T22:10:50Z Thi powershell script has got to run in remote windows host, even for pivoting https://github.com/FabioDefilippo/winallenum 0 1
20210131T22:09:36Z We all know Rust%s trait system is Turing complete, so tell me, why aren%t we exploiting this??? https://github.com/doctorn/trait-eval 322 9
20210131T21:32:12Z This bash script will help you to hack remote hosts https://github.com/FabioDefilippo/linuxallremote 4 1
20210131T21:26:05Z Old and new CTFs about Linux kernel exploitation. https://github.com/MaherAzzouzi/LinuxKernelExploitation 1 0
20210131T21:10:33Z Null https://github.com/VoleNN420/Exploit 0 0

backdoor on Github 推荐

ts title url stars forks
20210131T23:42:23Z ez mode https://github.com/YeahOMA/omaBackdoor 0 0
20210131T23:21:46Z TrojanZoo provides a universal pytorch platform to conduct security researches (especially backdoor attacks/defenses) of image classification in deep learning. https://github.com/ain-soph/trojanzoo 33 7
20210131T22:36:49Z A backdoor which is similar to Meterpreter. https://github.com/0xStressedd/RemoteCMD 2 0
20210131T22:01:47Z Hacking tools pack & backdoors generator. https://github.com/AdrMXR/KitHack 332 57
20210131T21:53:08Z Open-Source PowerShell module to allow online play of Backdoors & Breaches card game devised by Black Hills Information Security https://github.com/TheShiShiLion/BackdoorsAndBreaches 1 0
20210131T19:58:46Z Null https://github.com/1MiKHalyCH1/backdoored_cipher 0 0
20210131T13:07:05Z A curated list of backdoor learning resources https://github.com/THUYimingLi/backdoor-learning-resources 160 23
20210131T12:40:54Z Null https://github.com/cherryBasher/BlackEyeS 0 0
20210131T12:40:11Z Null https://github.com/cherryBasher/BlackEyeS_Installer 0 0
20210131T11:07:20Z Null https://github.com/rabbitx1337/backdoor 0 0

fuzz on Github 推荐

ts title url stars forks
20210131T23:58:36Z go-fuzz corpus data for Matt Layher%s projects. MIT Licensed. https://github.com/mdlayher/fuzz-corpus 2 1
20210131T23:51:39Z Includes Fuzzy Set Algorithms, Intuitionistic Fuzzy Set Algorithms and Fuzzy Cluster Validity Indexes https://github.com/ibrahimayaz/PyFuzzySet 0 0
20210131T23:50:40Z Software for fuzzing, used on web application pentestings. https://github.com/NESCAU-UFLA/FuzzingTool 4 1
20210131T23:47:24Z Towards fuzzing ROS 2 automatically https://github.com/JnxF/automatic_fuzzing 0 0
20210131T22:48:34Z OSS-Fuzz - continuous fuzzing for open source software. https://github.com/google/oss-fuzz 5829 1176
20210131T22:02:35Z Dény® tools for archiving, visualization and fuzzing purposes. https://github.com/iomonad/deny-toolkit 0 0
20210131T21:58:18Z Generate code for json encoders/decoders, codecs, fuzzers, generators, and more https://github.com/MartinSStewart/elm-review-todo-it-for-me 0 0
20210131T21:39:40Z Burp Suite extension for Radamsa-powered fuzzing with Intruder https://github.com/nscuro/bradamsa-ng 11 5
20210131T21:35:47Z Null https://github.com/ArijZouaoui/Credit-Scoring-using-Fuzzy-Logic 0 0
20210131T21:23:01Z Personal website of Laurence Hughes https://github.com/fuzzylogicxx/fuzzylogic 4 1

日更新程序