Skip to content

Latest commit

 

History

History
167 lines (144 loc) · 16.3 KB

tech_info_202302.md

File metadata and controls

167 lines (144 loc) · 16.3 KB

互联网安全 推荐

ts title url

玄武实验室 推荐

ts title url
20230228 逆向分析 Intel 8086 处理器的 ModR/M 寻址微码 http://www.righto.com/2023/02/8086-modrm-addressing.html
20230228 恶意软件开始利用eBPF的一些特性来辅助攻击 http://redcanary.com/blog/ebpf-malware/
20230228 由google project zero研究员发现的Arm Mali CSF UAF漏洞细节。 https://bugs.chromium.org/p/project-zero/issues/detail?id=2373
20230228 hdmi的干涉可以被用作侧信道进行数据传输。这个技术可以用于在物理隔离的机器中偷数据。 https://www.windytan.com/2023/02/using-hdmi-radio-interference-for-high.html
20230228 卡巴斯基发布了移动平台下的恶意软件全方位的统计报告 https://securelist.com/mobile-threat-report-2022/108844/?reseller=usa_regular-sm_acq_ona_smm__onl_b2c_twi_post_sm-team______&utm_source=twitter&utm_medium=social&utm_campaign=us_regular-sm_en0177&utm_content=sm-post&utm_term=us_twitter_organic_1770xhjtaes6ymu
20230228 通过自动化分析发现了Gecko SDK的溢出漏洞。 https://www.reddit.com/r/ReverseEngineering/comments/11ddyvz/cve202224942_heapbased_buffer_overflow_in_silicon/
20230228 SolarWinds NPM对Json数据反序列化时缺乏校验,导致远程命令执行,攻击需认证。 https://www.zerodayinitiative.com/blog/2023/2/27/cve-2022-38108-rce-in-solarwinds-network-performance-monitor
20230228 借助uWSGI配置文件利用任意文件写漏洞实现RCE。uWSGI配置文件语法支持从http读取、文件描述符、进程stdout读取数据等。 http://blog.doyensec.com//2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html
20230228 一种将uWSGI服务器所部署服务的受限文件写入漏洞转换成RCE的攻击方式 http://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html
20230227 Weblogic CVE-2023-21839 RCE的漏洞利用代码,该漏洞为Weblogic IIOP/T3协议的实现缺陷 https://github.com/4ra1n/CVE-2023-21839
20230227 通用UEFI bootkit,可实现用户态代码执行 https://github.com/realoriginal/bootlicker
20230227 安卓APP逆向工程实用脚本 http://securityonline.info/apk-sh-makes-reverse-engineering-android-apps-easier/
20230227 模块化的、支持多语言的webshell https://github.com/kraken-ng/Kraken
20230227 将libafl harness编译为wasm来进行fuzz。 https://github.com/AFLplusplus/LibAFL/tree/main/fuzzers/baby_fuzzer_wasm#libafl-wasm
20230227 如何利用Phobos 勒索软件特定版本的问题对密钥生成可能性进行剪枝,从而在理论上实现对该勒索软件的暴力破解。 https://www.reddit.com/r/ReverseEngineering/comments/11axztr/a_tale_of_phobos_how_we_almost_cracked_a/
20230227 ProxmoxVE 下的 Windows 内核调试环境配置 http://paper.seebug.org/2052/
20230227 利用 Windows WMI 服务隔离漏洞实现本地权限提升 https://blog.securelayer7.net/how-to-exploit-the-windows-wmi-service-isolation-vulnerability/
20230226 一个合约的形式化认证工具。 https://medium.com/nethermind-eth/introduction-to-horus-part-1-fbc16af3ba67
20230226 使用oledump分析MSI文件。 http://i5c.us/d29584
20230226 Goanaywhere存在因反序列化导致的RCE漏洞。 https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-goanywhere

安全维基 推荐

ts title url
20230228 企业级SaaS化脆弱性管理平台建设实践 https://mp.weixin.qq.com/s/9WoNVqGmc-KMPlPHTn5kwg
20230228 网络靶场:划时代的新型网络安全基础设施 https://mp.weixin.qq.com/s/EVrDJfoL2_I5_o4flRo3Kg
20230228 伪造Cisco VPN证书更新程序的C3木马 https://mp.weixin.qq.com/s/iKPm0T3aR3Shjiw_W6jTsw
20230228 中国网络安全市场洞察报告(2022年) https://docs.qq.com/pdf/DT0tXT2l4TlFLYUtG?&u=2f6f19393f7e4f08b1a6d90a50ad8d3a
20230228 ChatGPT 中,G、P、T 分别是什么意思? https://mp.weixin.qq.com/s/vXoYeA7w6l_WiKmDHogdTA
20230228 2022 年度最“不可赦”漏洞 https://mp.weixin.qq.com/s/P_EYQxOEupqdU0BJMRqWsw
20230228 活跃的hoze挖矿木马分析 https://mp.weixin.qq.com/s/-mZD0pPbeIgxoTUNNFBnrw
20230228 加密SOCKS5信道中防DNS泄露 https://mp.weixin.qq.com/s/SNu9SXFFT1xA6LH4r81YOw
20230228 数字中国建设整体布局规划 https://mp.weixin.qq.com/s/zUmy99B8wx7p8MrXVoYD1g
20230227 SecWiki周刊(第469期) https://www.sec-wiki.com/weekly/469

CVE Github 推荐

ts cve_id title url cve_detail
20230228T17:01:21Z CVE-2022-22965 🚀 Exploit for Spring core RCE in C [ wip ] https://github.com/pwnwriter/CVE-2022-22965
20230228T12:11:48Z CVE-2022-1386 Null https://github.com/ardzz/CVE-2022-1386
20230228T11:29:52Z 未知编号 Check and report for cve_2021_44228 (log4shell) on your system. https://github.com/robertdebock/ansible-role-cve_2021_44228
20230228T09:17:58Z CVE-2023-21839 Null https://github.com/DXask88MA/Weblogic-CVE-2023-21839
20230228T01:36:42Z CVE-2022-39952 POC for CVE-2022-39952 https://github.com/horizon3ai/CVE-2022-39952
20230228T01:34:25Z cve-2022-42889 Kubernetes Lab for CVE-2022-42889 https://github.com/devenes/text4shell-cve-2022-42889
20230228T00:27:37Z cve-2020-0796 cve-2020-0796利用工具级 https://github.com/OldDream666/cve-2020-0796
20230227T19:31:54Z CVE-2023-0669 Null https://github.com/yosef0x01/CVE-2023-0669-Analysis
20230227T09:04:40Z CVE-2021-22205 Null https://github.com/hhhotdrink/CVE-2021-22205
20230227T05:38:27Z CVE-2021-32305 Null https://github.com/sz-guanx/CVE-2021-32305

klee on Github 推荐

ts title url stars forks
20230228T08:51:30Z Minecraft Mod. Allows breaking only one half of a double slab block. https://github.com/TwelveIterationMods/KleeSlabs 14 6
20230228T07:11:15Z KLEE Symbolic Execution Engine https://github.com/klee/klee 2173 607
20230227T02:27:34Z An open-source Chinese font derived from Fontworks% Klee One. 一款开源中文字体,基于 FONTWORKS 出品字体 Klee One 衍生。 https://github.com/lxgw/LxgwWenKai 10832 350
20230227T02:01:00Z Null https://github.com/onionoino/klee 1 1
20230226T13:16:43Z An open-source Simplified Chinese font derived from Klee One. https://github.com/lxgw/LxgwWenkaiGB 218 2
20230225T17:03:15Z Null https://github.com/kleelab/kleelab.github.io 3 0
20230225T04:30:48Z TracerX Symbolic Virtual Machine https://github.com/tracer-x/TracerX 20 11
20230224T14:10:15Z An open-source Unified Ideograph (Extension) font derived from Fontworks% Klee One. https://github.com/Des-Magmeta/PlanKai 2 0
20230224T00:05:46Z A project for the generation of synthetic data for research into social networks and NLP https://github.com/forxiny/kleek 0 0
20230220T17:33:01Z Null https://github.com/Peltorator/klees-measure-lower-bounds-repo 0 0

s2e on Github 推荐

ts title url stars forks
20230228T08:08:19Z S2E user side repository for Formation Flying study https://github.com/ut-issl/s2e-ff 4 1
20230227T11:59:47Z S2E: A platform for multi-path program analysis with selective symbolic execution. https://github.com/S2E/s2e 302 74
20230227T07:18:09Z The exploit generator CRAX++ is CRAX with x86_64 ROP techniques, s2e 2.0 upgrade, code selection, I/O states, dynamic ROP, and more! https://github.com/SQLab/CRAXplusplus 78 14
20230226T16:24:58Z Bachelor%s thesis: developing symbolic execution for Rlang using Chef and S2E https://github.com/SoptikHa2/bachelors-thesis 3 0
20230218T14:11:14Z Exercise S2 - Pham Viet Duc https://github.com/vietduc218/s2exercise 0 0
20230217T07:05:16Z Spacecraft Simulation Environment Core codes https://github.com/ut-issl/s2e-core 27 8
20230216T18:27:56Z Null https://github.com/SKyletoft/s2e-autocxx-error 0 0
20230214T13:52:13Z Null https://github.com/MetadataGitTesting/S2eJej9r 0 0
20230209T15:55:48Z Null https://github.com/uweDF7823D/s2ewgs21g3a 0 0
20230209T08:59:46Z WIZnet Serial to Ethernet(S2E) module based on W7500 chip, WIZ107/108SR S2E compatible device https://github.com/Wiznet/WIZ750SR 14 15

exploit on Github 推荐

ts title url stars forks
20230228T23:39:16Z This repository contains multiple exploits I have written for various CVEs and CTFs https://github.com/ret2eax/exploits 0 0
20230228T23:34:56Z Gengar PwnerKit https://github.com/h0ru/gpk 10 0
20230228T23:33:18Z Null https://github.com/codingcore12/SILENT-EXCEL-XLS-EXPLOIT-CLEAN-5t 1 0
20230228T23:32:26Z Null https://github.com/codingcore12/SILENT-PDF-EXPLOIT-CLEAN-5t 1 0
20230228T23:31:07Z Null https://github.com/codingcore12/SILENT-DOC-EXPLOIT-CLEAN-5t 1 0
20230228T23:23:20Z K[nown]E[exploited]V[ulnerabilietes]IN[sights] https://github.com/Marcuccio/kevin 0 0
20230228T22:49:47Z Exploiting digital side channels to extract passwords https://github.com/anderson-truong/ECE188-Side-Channel-Attacks 0 0
20230228T21:52:09Z The old et exploits (Deleted) were saved by me. https://github.com/Tacogamerman/Et-exploits-legacy 1 0
20230228T19:48:03Z Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories. https://github.com/ronin-rb/ronin 529 43
20230228T13:45:44Z 🚀 Exploit for Spring4Shell in C [ wip ] https://github.com/pwnwriter/CVE-2022-22965 0 0

backdoor on Github 推荐

ts title url stars forks
20230228T23:34:56Z Gengar PwnerKit https://github.com/h0ru/gpk 10 0
20230228T18:20:40Z Cyber Security projects. . . https://github.com/bharadwajamavilla/Cyber-Octopus 3 0
20230228T18:10:04Z Backdoor Stuff https://github.com/RexerField/RexDoor 0 0
20230228T17:23:48Z Reverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build for evasion. https://github.com/Drew-Alleman/powershell-backdoor-generator 58 10
20230228T17:22:16Z Ukab (UNO) Sample php_backdoor generator/connector , py3 urllib-based 100% https://github.com/timizart/Ukab 0 0
20230228T17:12:25Z 一句話木馬管理工具-Webshell Manager https://github.com/malbuffer4pt/WebBus 1 0
20230228T16:40:54Z No backdoor ETH & ERC-20 & NFT stealer drains ETH + NFT Seaport, Uniswap Drainer https://github.com/C4lme/monkey-drainer 31 23
20230228T16:39:50Z Uniswap & Seaport, Opensea NFT Drainer, ERC-20, ETH All in one No backdoor https://github.com/C4lme/nft-drainer-monkey-drainer 42 0
20230228T13:43:47Z DOSrat 2.0 is a very light Remote Administration Tool (RAT) for Windows written in C++ with a fancy C.L.I. https://github.com/Criper98/DOSrat-2.0 3 0
20230228T12:32:52Z A python utility to remotely control your device https://github.com/Xeroxxhah/6u4rd 4 0

symbolic execution on Github 推荐

ts title url stars forks
20230228T12:30:52Z SymCC: efficient compiler-based symbolic execution https://github.com/eurecom-s3/symcc 624 111
20230228T07:11:15Z KLEE Symbolic Execution Engine https://github.com/klee/klee 2173 607
20230228T05:52:43Z Symbolic execution engine for .NET Core https://github.com/VSharp-team/VSharp 36 24
20230228T04:39:50Z A native symbolic execution engine for WebAssembly https://github.com/HNYuuu/SeeWasm 21 2
20230227T11:59:47Z S2E: A platform for multi-path program analysis with selective symbolic execution. https://github.com/S2E/s2e 302 74
20230227T01:44:15Z radius2 is a fast binary emulation and symbolic execution framework using radare2 https://github.com/aemmitt-ns/radius 321 24
20230226T20:25:30Z The symbolic execution engine powering the K Framework https://github.com/runtimeverification/haskell-backend 190 43
20230226T16:24:58Z Bachelor%s thesis: developing symbolic execution for Rlang using Chef and S2E https://github.com/SoptikHa2/bachelors-thesis 3 0
20230225T11:49:29Z QEMU VM with generic KVM extensions for symbolic execution https://github.com/S2E/qemu 22 14
20230222T09:13:13Z Unicorn: Symbolic Execution, Bounded Model Checking, and Code Optimization of RISC-V Code using Classical Solvers and Quantum Computers https://github.com/cksystemsgroup/unicorn 14 5

big4 on Github 推荐

ts title url stars forks
20230228T04:23:37Z Code for the NDSS%23 paper %DARWIN: Survival of the Fittest Fuzzing Mutators% https://github.com/TUDA-SSL/DARWIN 1 0
20230227T14:40:25Z Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation (NDSS%23). https://github.com/dongtsi/OWAD 14 2
20230227T14:39:48Z Source code for our NDSS%18 paper %Automated Website Fingerprinting through Deep Learning% https://github.com/DistriNet/DLWF 72 38
20230227T02:12:34Z A curated list of Meachine learning Security & Privacy papers published in security top-4 conferences (IEEE S&P, ACM CCS, USENIX Security and NDSS). https://github.com/gnipping/Awesome-ML-SP-Papers 28 2
20230226T15:55:05Z BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems (NDSS%23) https://github.com/KaiWangGitHub/BARS 2 1
20230225T10:19:15Z StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice Assistant Using Zero-Permission Sensors, NDSS 2023 https://github.com/Samsonsjarkal/StealthyIMU 9 1
20230224T12:09:49Z A Summary of Vulnerabilities Found in the BlockScope NDSS%23 Paper https://github.com/VPRLab/BlkVulnReport 4 0
20230220T13:49:50Z Original implementation of FlowPrint as in the NDSS %20 paper https://github.com/Thijsvanede/FlowPrint 74 28
20230220T08:35:24Z This repo collects the best papers from top 4 computer security conferences, including IEEE S&P, ACM CCS, USENIX Security, and NDSS. https://github.com/prncoprs/best-papers-in-computer-security 3 1
20230217T16:16:23Z DroneSecurity (NDSS 2023) https://github.com/RUB-SysSec/DroneSecurity 2 0

fuzz on Github 推荐

ts title url stars forks
20230228T21:31:45Z Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)... https://github.com/hktalent/scan4all 3436 413
20230228T21:30:03Z Null https://github.com/marticztn/fuzzyerasoftworks.com 0 0
20230228T19:22:32Z Null https://github.com/alvarotorijano/flipperZero_helpDeskFuzzer 0 0
20230228T17:45:01Z Generating random queries for tabular data https://github.com/skababji-ehil/fuzzy_sql 0 0
20230228T15:25:56Z Custom bootloader & os that will eventually launch a hypervisor for full system snapshot based fuzzing https://github.com/seal9055/vfuzz 3 1
20230228T11:58:53Z Null https://github.com/ldm0902/fuzzy-octo-winner 0 0
20230228T10:15:08Z Null https://github.com/the-Jirakinalan/fuzzy-octo-parakeet 1 0
20230228T10:10:56Z Null https://github.com/adriandersen/obsidian-fuzzytag 7 0
20230228T09:18:17Z The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more! https://github.com/AFLplusplus/AFLplusplus 3451 693
20230228T06:59:17Z Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting (TIFS 2022 Accepted). https://github.com/Messi-Q/IR-Fuzz 18 2

日更新程序