Skip to content

Latest commit

 

History

History
104 lines (85 loc) · 10.7 KB

tech_info_20210312.md

File metadata and controls

104 lines (85 loc) · 10.7 KB
Raw

互联网安全 推荐

ts title url

玄武实验室 推荐

ts title url
20210312 Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/
20210312 Regexploit: DoS-able Regular Expressions https://blog.doyensec.com//2021/03/11/regexploit.html
20210312 Whitelist Me, Maybe? 有攻击者组织 “Netbounce” 给 Fortinet 发邮件请求将被 误报的软件加入白名单 https://www.fortinet.com/blog/threat-research/netbounce-threat-actor-tries-bold-approach-to-evade-detection?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29
20210312 The Battle Between White Box and Black Box Bug Hunting in Wireless Routers https://www.thezdi.com/blog/2021/3/11/the-battle-between-white-box-and-black-box-bug-hunting-in-wireless-routers
20210312 Windows 内核 CVE-2020-1034 漏洞利用的新思路 http://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss
20210312 利用 GNU GRUB 漏洞实现特权命令执行 https://ssd-disclosure.com/ssd-advisory-gnu-grub-command-injection/
20210312 Windows Windbg 调试系列视频教程 https://www.youtube.com/watch?v=8zBpqc3HkSE&list=PLhx7-txsG6t6n_E2LgDGqgvJtCHPL7UFu
20210312 POC 2020 会议关于利用 CodeQL 静态审计代码的议题(视频) https://www.youtube.com/watch?v=XmAEgl8bVhg
20210312 VMware vCenter RCE 漏洞踩坑实录 https://paper.seebug.org/1500/

安全维基 推荐

ts title url
20210312 JavaScript反调试技巧 https://mp.weixin.qq.com/s/NMJd91AmuGEANz00sZELfw
20210312 资产管理的难点 https://mp.weixin.qq.com/s/DqtIzNdDvB7pYjXmoP1quQ
20210312 Japan Security Analyst Conference 2021 -1st Track- https://blogs.jpcert.or.jp/en/2021/03/jsac2021report3.html
20210312 Examining Exchange Exploitation and its Lessons for Defend... https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders

CVE Github 推荐

ts cve_id title url cve_detail
20210312T23:46:30Z CVE-2021-26882 PoC https://github.com/songjianyang/CVE-2021-26882 Remote Access API Elevation of Privilege Vulnerability
20210312T23:01:04Z CVE-2020-25213 Will write a python script for exploiting this vulnerability https://github.com/k0rup710n/Wordpress-CVE-2020-25213 The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
20210312T20:37:00Z CVE-2021-26855 CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. According to Orange Tsai, the researcher who discovered the vulnerabilities, CVE-2021-26855 allows code execution when chained with CVE-2021-27065 (see below). A successful exploit chain would allow an unauthenticated attacker to "execute arbitrary commands on Microsoft Exchange Server through only an open 443 port." More information and a disclosure timeline are available at https://proxylogon.com. https://github.com/raheel0x01/CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
20210312T19:09:48Z CVE-2021-26855 Null https://github.com/alt3kx/CVE-2021-26855_PoC Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
20210312T16:49:53Z CVE-2021-26855 Null https://github.com/XairGit/CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
20210312T16:16:04Z CVE-2021-26855 POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc https://github.com/Yt1g3r/CVE-2021-26855_SSRF Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
20210312T13:47:41Z CVE-2021-26855 CVE-2021-26855 SSRF Exchange Server https://github.com/Udyz/CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
20210312T13:33:07Z CVE-2020-25790 Exploit for CVE-2020-25790 https://github.com/v4lak/CVE-2020-25790 Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because %admins are considered trustworthy%; however, the behavior %contradicts our security policy% and is being fixed for 5.2.
20210312T10:44:01Z 未知编号 Null https://github.com/shacojx/CVE_2021_26855_Exploit_Hub 未查询到CVE信息
20210312T08:30:29Z 未知编号 2020l4web-app-mockup-DanCvejn created by GitHub Classroom https://github.com/pslib-cz/2020l4web-app-mockup-DanCvejn 未查询到CVE信息

klee on Github 推荐

ts title url stars forks
20210312T20:48:07Z RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs. https://github.com/project-oak/rust-verification-tools 109 8
20210312T17:06:48Z Null https://github.com/dhanyavittaldas/kleen-tidy-master 0 0
20210312T16:25:51Z Null https://github.com/TheBeehive/kleene 0 0
20210312T12:35:29Z The Kleenex programming language https://github.com/diku-kmc/kleenexlang 46 4

s2e on Github 推荐

ts title url stars forks

exploit on Github 推荐

ts title url stars forks
20210312T23:34:20Z Exploration-Exploitation using MAB https://github.com/aegoe/MAB 0 1
20210312T23:29:17Z Null https://github.com/devairdarolt/exploit_temp 0 0
20210312T23:28:28Z My research and exploit development https://github.com/dustinsilveri/tradecraft 0 0
20210312T23:04:26Z scripts https://github.com/NubH4x/ZB-Exploit 0 0
20210312T23:01:04Z Will write a python script for exploiting this vulnerability https://github.com/k0rup710n/Wordpress-CVE-2020-25213 0 0
20210312T22:57:13Z Small DDoS Script i made for Wordpress website that have XMLRPC enabled. https://github.com/k0rup710n/Wordpress-XXE-DDoS-Exploit-XMLRPC 0 0
20210312T22:54:33Z Very Simple lib to stylize i/o for prototypes or exploits https://github.com/Ramoreik/quack 0 0
20210312T22:53:29Z This bash script will help you to hack remote hosts https://github.com/FabioDefilippo/linuxallremote 9 1
20210312T22:48:38Z Full Kernel Exploit and Webkit Exploit for PS4 FW.7.50. Netcat Payload on port 9020 https://github.com/KameleonReloaded/PS4JB750 0 0
20210312T22:44:20Z This repository contains different learning paths for different disciplines such as Bug Bounty hunting and ARM Exploitation https://github.com/djIsLucid/LearningPaths 0 0

backdoor on Github 推荐

ts title url stars forks
20210312T21:03:03Z Injectra injects shellcode payloads into MacOS applications and package installers. https://github.com/Taguar258/injectra 9 3
20210312T18:28:23Z Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. https://github.com/EntySec/ghost 980 486
20210312T17:42:09Z Null https://github.com/mpurohit1234/multi-threaded-backdoor 0 0
20210312T17:35:56Z C# Backdoor & Mapper/Proxy tool (backdoor & proxy tool working in memory only) https://github.com/DamonMohammadbagher/NativePayload_MP 2 0
20210312T16:25:06Z A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side https://github.com/karma9874/AndroRAT 183 81
20210312T12:21:16Z Null https://github.com/Delle9999/backdoor 0 0
20210312T09:47:54Z Linux Kernel module-less implant (backdoor) https://github.com/milabs/kopycat 24 10
20210312T05:27:17Z TrojanZoo provides a universal pytorch platform to conduct security researches (especially backdoor attacks/defenses) of image classification in deep learning. https://github.com/ain-soph/trojanzoo 50 8
20210312T03:03:44Z This repository contains a detailed list of commands and instructions used to facilitate a backdoor exploitation through a controlled environment. https://github.com/dorianeSF/Backdoor_Simulation 0 0
20210312T02:25:30Z A sample app to demonstrate how to create Xamarin UITests using the Page Object architecture, Backdoor Methods and App Links (aka Deep Linking) https://github.com/brminnick/UITestSampleApp 34 25

fuzz on Github 推荐

ts title url stars forks
20210312T23:39:51Z FuzzingWorkshop https://github.com/CSC-DevOps/Fuzzing 0 32
20210312T23:39:45Z A self-hosted Fuzzing-As-A-Service platform https://github.com/microsoft/onefuzz 2286 117
20210312T23:05:57Z Null https://github.com/petegq/fuzzy-guacamole 0 0
20210312T22:57:50Z Manage & generate prefs.js files https://github.com/MozillaSecurity/prefpicker 4 1
20210312T22:57:42Z Null https://github.com/PBearson/MQTT_Fuzzer 0 0
20210312T22:13:52Z Project page for %The Fuzzing Book% https://github.com/uds-se/fuzzingbook 546 109
20210312T21:31:09Z Null https://github.com/AdamKorcz/go-fuzz-headers 0 0
20210312T21:18:29Z Null https://github.com/fuzzylogicxx/fuzzy-speedlify 0 0
20210312T21:07:57Z A playground to learn computer graphics https://github.com/patiboh/fuzzy-playground 1 0
20210312T20:55:29Z Null https://github.com/dustinsilveri/fuzzers 0 0

日更新程序