Skip to content

Latest commit

 

History

History
108 lines (89 loc) · 10.1 KB

tech_info_20210223.md

File metadata and controls

108 lines (89 loc) · 10.1 KB

互联网安全 推荐

ts title url

玄武实验室 推荐

ts title url
20210223 有开发者开源的一款 macOS、iOS 日志可视化和日志共享工具 https://github.com/kean/Pulse
20210223 Farming for Red Teams: Harvesting NetNTLM https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/
20210223 去年天府杯 Chrome Full Chain Exploit 代码公开了 https://bugs.chromium.org/p/chromium/issues/detail?id=1146670
20210223 据 Checkpoint 报告,APT31 在 NSA 方程式 CVE-2017-0005 0day 泄露之前就使用了该漏洞 https://research.checkpoint.com/2021/the-story-of-jian/
20210223 攻击者利用 Accellion FTA 文件传输应用的 0Day 窃取数据 https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html
20210223 Windows 注册表中 RpcEptMapper 键权限设置不当导致可以实现本地提权 https://itm4n.github.io/windows-registry-rpceptmapper-exploit/
20210223 探索IPv6重复地址检测方法。 https://theinternetprotocolblog.wordpress.com/2021/02/21/ipv6-duplicate-address-detection/
20210223 Linux系统权限提升命令总结。 https://blog.theshahzada.com/2021/01/linux-privilege-escalation.html
20210223 VMware配置介绍:vmnet1(仅主机)和vmnet8(NAT)网络适配器的默认DHCP设置的步骤。 https://kb.vmware.com/s/article/1026510
20210223 美国航空航天局(NASA)首次采用Linux操作系统用于登陆火星Ingenuity直升机无人机上。 https://in.pcmag.com/drones/141086/linux-is-now-on-mars-thanks-to-nasas-perseverance-rover
20210223 使用SSH代理转发配置与故障排查。 https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding
20210223 Firefox 86 将支持 “Total Cookie Protection”,限制通过跨站点 Cookie 共享追踪用户 https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
20210223 DA14531芯片固件逆向系列(1)-固件加载和逆向分析 https://www.cnblogs.com/hac425/p/14437694.html
20210223 iOS 内核堆风水布局解读 https://mp.weixin.qq.com/s/iv55u9VC7R1rZmhbfTMcRA
20210223 teler - 基于 HTTP 访问日志的实时入侵检测工具 https://github.com/kitabisa/teler
20210223 Growing A Test Corpus with Bonsai Fuzzing https://rohan.padhye.org/files/bonsai-icse21.pdf
20210223 Zoom on the Keystrokes,有研究员发表 paper,研究如何在视频聊天中窃取对方的键盘敲击记录 https://arxiv.org/abs/2010.12078
20210223 Go 语言社区计划在 1.17 版本增加对 Go Fuzz 测试的支持 golang/go#44551
20210223 威胁情报自学指南 Part 1 https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
20210223 基于改写 modprobe_path 的 Linux 内核漏洞利用 https://lkmidas.github.io/posts/20210223-linux-kernel-pwn-modprobe/

安全维基 推荐

ts title url
20210223 CDN 2021 完全攻击指南 (二) https://www.anquanke.com/post/id/231437
20210223 CDN 2021 完全攻击指南 (一) https://www.anquanke.com/post/id/227818
20210223 菜菜鸡的初体验之内网渗透 https://xz.aliyun.com/t/9190
20210223 NDSS 2021 参会小记—2月22日论文报告 https://mp.weixin.qq.com/s/LI49ioKYMksguQMqKH1Rcw
20210223 漏洞管理的“新药” https://mp.weixin.qq.com/s/5Y-3r1KuJgCbNrWUGoKq0w
20210223 NDSS 2021 参会小记—2月22日论文报告 /news/28892

CVE Github 推荐

ts cve_id title url cve_detail
20210223T11:49:39Z CVE-2021-1727 Null https://github.com/klinix5/CVE-2021-1727 未查询到CVE信息
20210223T04:44:19Z CVE-2020-0814 Null https://github.com/klinix5/CVE-2020-0814 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka %Windows Installer Elevation of Privilege Vulnerability%. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843.
20210223T03:14:48Z CVE-2021-3156 Null https://github.com/oneoy/CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character.

klee on Github 推荐

ts title url stars forks
20210223T14:39:58Z This is a Native Android project in which Hydrokleen team can see their day to day task Can see their service location. Can post images and videos and day to day reports update team information Can call, email, message their customers Can provide overall services to the teams AC customers https://github.com/Mostainahmed/HydroKleen 0 0
20210223T01:13:31Z C library to support Map2Check Tool https://github.com/hbgit/map2check-library 0 0

s2e on Github 推荐

ts title url stars forks

exploit on Github 推荐

ts title url stars forks
20210223T23:36:47Z This is a chrome extension that removes the psychological exploit that is Reddit Karma https://github.com/BeckTimothy/reddit-volition 0 0
20210223T23:29:41Z Null https://github.com/I7Z3R0/Exploit 0 0
20210223T23:28:22Z Thi powershell script has got to run in remote windows host, even for pivoting https://github.com/FabioDefilippo/winallenum 2 1
20210223T23:16:31Z Oracle Siebel XSS Stored Exploit https://github.com/omurugur/Oracle_Siebel_XSS_Stored_Exploit 0 1
20210223T23:14:10Z Oracle CTF Web XML Entity Exploit https://github.com/omurugur/Oracle_CTF_Web_XML_Entity_Exploit 0 1
20210223T23:11:32Z Oracle Operational Decision Support System XSS Stored https://github.com/omurugur/Oracle_Operational_Decision_Support_System_XSS_Stored 0 0
20210223T23:06:34Z FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities. https://github.com/Ziconius/FudgeC2 190 44
20210223T22:58:05Z A post-exploitation framework https://github.com/enkomio/AlanFramework 0 0
20210223T22:57:24Z Root shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4, 4C, 3Gv2, 4Q, miWifi 3C... https://github.com/acecilia/OpenWRTInvasion 349 73
20210223T22:34:53Z Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. https://github.com/cedowens/Swift-Attack 18 2

backdoor on Github 推荐

ts title url stars forks
20210223T20:48:39Z TrojanZoo provides a universal pytorch platform to conduct security researches (especially backdoor attacks/defenses) of image classification in deep learning. https://github.com/ain-soph/trojanzoo 43 8
20210223T19:55:31Z A backdoor that works on both windows or Linux. https://github.com/joseph-giron/CSharpBackDoor 0 0
20210223T19:42:35Z Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection . https://github.com/Screetsec/TheFatRat 4969 1640
20210223T18:49:50Z A simple persistence backdoor for linux https://github.com/Exploit-lang/backdoor-penguin 0 0
20210223T17:47:12Z backdoor uiuiuiui https://github.com/zeru2/backdoor 0 0
20210223T16:33:30Z FUD cross-platform python2 backdoor with C2 https://github.com/7h3w4lk3r/pyback 18 5
20210223T15:48:57Z Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable https://github.com/persianhydra/Xeexe-TopAntivirusEvasion 303 82
20210223T15:05:24Z A sample app to demonstrate how to create Xamarin UITests using the Page Object architecture, Backdoor Methods and App Links (aka Deep Linking) https://github.com/brminnick/UITestSampleApp 32 25
20210223T14:41:11Z A VBS Backdoor https://github.com/kgsensei/VBSBackdoor 0 0
20210223T13:56:33Z PoC minecraft backdoor plugin https://github.com/mathisvickie/mc-backdoor 1 0

fuzz on Github 推荐

ts title url stars forks
20210223T23:39:44Z Combination of the Little Gem 9V Amp and 1 Knob Fuzz Guitar Pedal https://github.com/Hexadecimator/LittleGem_1KnobFuzz_Combo 0 0
20210223T23:36:33Z FEW2.1 Fuzz Buzz TS Conversion https://github.com/chrismlee26/fizz-buzz-ts 0 0
20210223T23:35:40Z Scalable fuzzing infrastructure. https://github.com/google/clusterfuzz 4439 421
20210223T23:22:45Z Fuzzing scripts for VeriWasm https://github.com/PLSysSec/veriwasm_fuzzing 0 0
20210223T23:19:24Z Null https://github.com/bartman13/Fuzzy-reasoning 1 0
20210223T23:00:39Z Null https://github.com/Amin-Golzari-Oskouei/CGFFCM-Cluster-weight-and-Group-local-Feature-weight-learning-in-Fuzzy-C-Means-clustering-algorithm 0 0
20210223T22:59:26Z all manner of wordlists https://github.com/thelikes/fuzzmost 5 11
20210223T22:42:57Z Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging https://github.com/seemoo-lab/frankenstein 277 48
20210223T22:19:10Z Snake URLs A Powerfull fuzzer Tools. Search And Find Report Results From Google - DocDocGO - Wikipedia And More... Writen By WitBlack Hacker. https://github.com/witblack/snake_URLs 1 0
20210223T20:30:11Z Software for fuzzing, used on web application pentestings. https://github.com/NESCAU-UFLA/FuzzingTool 4 1

日更新程序