{"id":13511559,"url":"https://github.com/ffffffff0x/1earn","last_synced_at":"2025-05-14T10:06:35.522Z","repository":{"id":37254319,"uuid":"178545630","full_name":"ffffffff0x/1earn","owner":"ffffffff0x","description":"ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup","archived":false,"fork":false,"pushed_at":"2024-06-06T02:54:19.000Z","size":63309,"stargazers_count":5471,"open_issues_count":2,"forks_count":1247,"subscribers_count":142,"default_branch":"master","last_synced_at":"2025-04-09T11:01:44.808Z","etag":null,"topics":["blueteam","collection","ctf","hacking","ics-security","infosec","linux-learning","markdown-article","pentest","pentest-tool","poc","post-penetration","redteam","security","security-tools","study","writeup"],"latest_commit_sha":null,"homepage":"https://home.ffffffff0x.com/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ffffffff0x.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-30T10:44:28.000Z","updated_at":"2025-04-06T14:36:29.000Z","dependencies_parsed_at":"2024-05-28T15:53:11.057Z","dependency_job_id":"33254aaf-f570-4d84-9a40-8777bf4d5904","html_url":"https://github.com/ffffffff0x/1earn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ffffffff0x%2F1earn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ffffffff0x%2F1earn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ffffffff0x%2F1earn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ffffffff0x%2F1earn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ffffffff0x","download_url":"https://codeload.github.com/ffffffff0x/1earn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254119472,"owners_count":22017951,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","collection","ctf","hacking","ics-security","infosec","linux-learning","markdown-article","pentest","pentest-tool","poc","post-penetration","redteam","security","security-tools","study","writeup"],"created_at":"2024-08-01T03:00:56.285Z","updated_at":"2025-05-14T10:06:35.467Z","avatar_url":"https://github.com/ffffffff0x.png","language":"C++","funding_links":[],"categories":["C++","其他_安全与渗透","红队\u0026渗透测试","LLM分析过程"],"sub_categories":["网络服务_其他"],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./assets/img/banner/logo.png\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Category-knowledge-red.svg\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/repo-size/No-Github/1earn?color=yellow\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/last-commit/No-Github/1earn.svg?color=blue\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-CC%20BY--NC--SA%204.0-lightgrey.svg?color=brightgreen\"\u003e\n\u003c/p\u003e\n\n\u003e 万事开头难,然后一直开头一直难...\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./assets/img/banner/readme.jpg\"\u003e\n\u003c/p\u003e\n\n* **简介** : 本项目的初衷是分享知识资源,让更多人接触和了解安全、运维领域,但受限于本人能力有限,难免会有错误和借鉴的地方,对于内容中有疑问或建议请提交 issue.\n* **定位** : ffffffff0x 团队维护的安全知识框架\n* **项目地址** : https://github.com/ffffffff0x/1earn\n* **学习线路图** : 初学者或想快速构建知识结构请访问 [roadmap](roadmap.md)\n\n---\n\n## 项目文件一览\n\n* **[Security](./1earn/Security/Power-PenTest.md)**\n\n    * **[安全工具](https://github.com/No-Github/1earn/tree/master/1earn/Security/%E5%AE%89%E5%85%A8%E5%B7%A5%E5%85%B7)** - 各类安全工具的使用介绍\n\n    * **安全资源**\n        * 靶机\n            * HTB\n            * VulnHub\n                * [DC Serial](./1earn/Security/安全资源/靶机/VulnHub/DC) - DC 系列靶场,难度简单至中等,可以学习各种提权和CMS漏洞利用,推荐初学者挑战\n                * [It’s_October](./1earn/Security/安全资源/靶机/VulnHub/It’s_October)\n                * [Kioptrix Serial](./1earn/Security/安全资源/靶机/VulnHub/Kioptrix) - Kioptrix 系列靶场,难度简单至中等,推荐初学者挑战\n                * [Mission-Pumpkin](./1earn/Security/安全资源/靶机/VulnHub/Mission-Pumpkin) - 难度适中,偏向于加解密比较多,漏洞利用内容较少\n                * [symfonos Serial](./1earn/Security/安全资源/靶机/VulnHub/symfonos) - 挺有难度的靶场,内容丰富,难度中等,漏洞利用内容很多,推荐有一定经验者挑战\n            * Wargames\n                * [Bandit](./1earn/Security/安全资源/靶机/Wargames/Bandit/Bandit-WalkThrough.md)\n\n    * **BlueTeam**\n        * [分析](./1earn/Security/BlueTeam/分析.md) - 分析工具与分析案例\n        * [加固](./1earn/Security/BlueTeam/加固.md) - 系统、应用加固的方法和工具资源\n        * [安全建设](./1earn/Security/BlueTeam/安全建设.md) - 有关查杀、监控、蜜罐的资源\n        * [取证](./1earn/Security/BlueTeam/取证.md) - 内容涉及操作系统的取证、web 的取证、文件的取证\n        * [应急](./1earn/Security/BlueTeam/应急.md) - 应急资源、溯源案例\n        * [笔记](https://github.com/No-Github/1earn/blob/master/1earn/Security/BlueTeam/%E7%AC%94%E8%AE%B0) - 涉及磁盘取证、内存取证、USB取证等内容\n        * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Security/BlueTeam/%E5%AE%9E%E9%AA%8C) - 涉及流量分析实战、安防设施搭建等内容\n\n    * **Crypto**\n        * [Crypto](./1earn/Security/Crypto/Crypto.md) - 介绍各种编码和加密算法及相关的工具\n\n    * **CTF**\n        * [CTF](./1earn/Security/CTF/CTF.md) - 收集 CTF 相关的工具和 writeup 资源\n        * [writeup](https://github.com/No-Github/1earn/tree/master/1earn/Security/CTF/writeup) - 自己参与的一些比赛记录\n\n    * **ICS**\n        * [工控协议](./1earn/Security/ICS/工控协议.md) - 总结各类工控协议的知识点\n        * [上位机安全](./1earn/Security/ICS/上位机安全.md) - 总结上位机安全相关的知识点\n        * [PLC攻击](./1earn/Security/ICS/PLC攻击.md) - 总结 PLC 攻击的相关知识点\n        * [S7comm相关](./1earn/Security/ICS/S7comm相关.md) - 记录 S7comm 相关错误类型、功能码和相关参数\n        * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Security/ICS/%E5%AE%9E%E9%AA%8C) - 仿真环境搭建和 PLC 攻击实验\n\n    * **IOT**\n        * 固件安全\n            * [固件安全](./1earn/Security/IOT/固件安全/固件安全.md) - 记录 IOT 固件分析的知识点,包括固件提取、固件分析、固件解密等\n            * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Security/IOT/%E5%9B%BA%E4%BB%B6%E5%AE%89%E5%85%A8/%E5%AE%9E%E9%AA%8C) - 分析固件实验\n        * 无线电安全\n            * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Security/IOT/%E6%97%A0%E7%BA%BF%E7%94%B5%E5%AE%89%E5%85%A8/%E5%AE%9E%E9%AA%8C) - 无线电安全实验\n        * 硬件安全\n            * [Device-Exploits](./1earn/Security/IOT/硬件安全/Device-Exploits.md) - 嵌入式设备相关漏洞利用,不太熟悉这一块,内容不多\n            * [HID](https://github.com/No-Github/1earn/tree/master/1earn/Security/IOT/%E7%A1%AC%E4%BB%B6%E5%AE%89%E5%85%A8/HID) - 和组员制作的 HID 实物记录\n\n    * **MobileSec**\n        * [Android安全](./1earn/Security/MobileSec/Android安全.md) - 记录一些安卓安全相关的内容,这块掌握较少\n\n    * **RedTeam**\n        * 安防设备\n            * [Bypass技巧](./1earn/Security/RedTeam/安防设备/Bypass技巧.md) - 记录 waf 绕过手段\n            * [SecDevice-Exploits](./1earn/Security/RedTeam/安防设备/SecDevice-Exploits.md) - 常见的安全设备的漏洞利用方法\n        * 后渗透\n            * [后渗透](./1earn/Security/RedTeam/后渗透/后渗透.md) - 后渗透知识点的大纲\n            * [权限提升](./1earn/Security/RedTeam/后渗透/权限提升.md) - 操作系统和数据库的提权方法\n            * [权限维持](./1earn/Security/RedTeam/后渗透/权限维持.md) - 权限维持的各种方法和资源\n            * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Security/RedTeam/%E5%90%8E%E6%B8%97%E9%80%8F/%E5%AE%9E%E9%AA%8C)\n        * 软件服务安全\n            * [CS-Exploits](./1earn/Security/RedTeam/软件服务安全/CS-Exploits.md) - 收集软件、业务应用服务漏洞的渗透手段和 cve 漏洞\n            * [DesktopApps-Exploits](./1earn/Security/RedTeam/软件服务安全/DesktopApps-Exploits.md) - 收集桌面软件的渗透手段和 cve 漏洞\n        * 协议安全\n            * [Protocol-Exploits](./1earn/Security/RedTeam/协议安全/Protocol-Exploits.md) - 按照协议归类各种漏洞、攻击手段\n        * 信息收集\n            * [端口安全](./1earn/Security/RedTeam/信息收集/端口安全.md) - 记录端口渗透时的方法和思路\n            * [空间测绘](./1earn/Security/RedTeam/信息收集/空间测绘.md) - 收集搜索引擎语法资源\n            * [信息收集](./1earn/Security/RedTeam/信息收集/信息收集.md) - 记录信息收集方面各类技术，如漏扫、IP 扫描、端口扫描、DNS 枚举、目录枚举、指纹等\n        * 语言安全\n            * [语言安全](https://github.com/No-Github/1earn/tree/master/1earn/Security/RedTeam/%E8%AF%AD%E8%A8%80%E5%AE%89%E5%85%A8)\n        * 云安全\n            * [公有云安全](./1earn/Security/RedTeam/云安全/公有云安全.md) - 云主机利用工具,渗透案例,相关知识点\n        * OS安全\n            * [Linux安全](./1earn/Security/RedTeam/OS安全/Linux安全.md) - 包含 Linux 口令破解，漏洞利用、获取Shell\n            * [OS-Exploits](./1earn/Security/RedTeam/OS安全/OS-Exploits.md) - 收集操作系统的 cve 漏洞\n            * [Windows安全](./1earn/Security/RedTeam/OS安全/Windows安全.md) - 包含 windows pth、ptt，漏洞利用、提权、远程执行命令\n            * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Security/RedTeam/OS%E5%AE%89%E5%85%A8/%E5%AE%9E%E9%AA%8C)\n        * Web 安全\n            * [前端攻防](./1earn/Security/RedTeam/Web安全/前端攻防.md) - 前端解密,绕过访问\n            * [BS-Exploits](./1earn/Security/RedTeam/Web安全/BS-Exploits.md) - 全面收集 web 漏洞 POC | Payload | exp\n            * [IDOR](./1earn/Security/RedTeam/Web安全/IDOR.md) - 整个部分结构大部分基于乌云的几篇密码找回、逻辑漏洞类文章,在其基础上记录和归纳\n            * [靶场](https://github.com/No-Github/1earn/tree/master/1earn/Security/RedTeam/Web%E5%AE%89%E5%85%A8/%E9%9D%B6%E5%9C%BA)\n            * [Web_Generic](https://github.com/No-Github/1earn/tree/master/1earn/Security/RedTeam/Web%E5%AE%89%E5%85%A8/Web_Generic)\n            * [Web_Tricks](https://github.com/No-Github/1earn/tree/master/1earn/Security/RedTeam/Web%E5%AE%89%E5%85%A8/Web_Tricks)\n\n    * **Reverse**\n        * [Reverse](./1earn/Security/Reverse/Reverse.md)\n        * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Security/Reverse/%E5%AE%9E%E9%AA%8C)\n        * [FILE](https://github.com/No-Github/1earn/tree/master/1earn/Security/Reverse/FILE)\n\n* **Develop**\n\n    * **版本控制**\n        * [Git学习笔记](./1earn/Develop/版本控制/Git学习笔记.md) - 记录 git 的用法和平时使用 github 遇到的问题\n\n    * **标记语言**\n        * [HTML](https://github.com/No-Github/1earn/tree/master/1earn/Develop/%E6%A0%87%E8%AE%B0%E8%AF%AD%E8%A8%80/HTML)\n        * [JSON](https://github.com/No-Github/1earn/tree/master/1earn/Develop/%E6%A0%87%E8%AE%B0%E8%AF%AD%E8%A8%80/JSON)\n        * [XML](https://github.com/No-Github/1earn/tree/master/1earn/Develop/%E6%A0%87%E8%AE%B0%E8%AF%AD%E8%A8%80/XML)\n\n    * **可视化**\n        * [gnuplot](https://github.com/No-Github/1earn/tree/master/1earn/Develop/%E5%8F%AF%E8%A7%86%E5%8C%96/gnuplot)\n\n    * **正则**\n        * [regex](./1earn/Develop/正则/regex.md) - 常用正则表达式和相关资源\n\n    * **Web**\n        * [Speed-Web](./1earn/Develop/Web/Speed-Web.md)\n        * [HTTP](https://github.com/No-Github/1earn/tree/master/1earn/Develop/Web/HTTP)\n        * [笔记](https://github.com/No-Github/1earn/tree/master/1earn/Develop/Web/%E7%AC%94%E8%AE%B0)\n\n* **Integrated**\n\n    * **数据库**\n        * [Power-SQL](https://github.com/No-Github/1earn/blob/master/1earn/Integrated/%E6%95%B0%E6%8D%AE%E5%BA%93/Power-SQL.md)\n        * [Speed-SQL](https://github.com/No-Github/1earn/blob/master/1earn/Integrated/%E6%95%B0%E6%8D%AE%E5%BA%93/Speed-SQL.md)\n        * [笔记](https://github.com/No-Github/1earn/tree/master/1earn/Integrated/%E6%95%B0%E6%8D%AE%E5%BA%93/%E7%AC%94%E8%AE%B0)\n        * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Integrated/%E6%95%B0%E6%8D%AE%E5%BA%93/%E5%AE%9E%E9%AA%8C)\n\n    * **虚拟化**\n        * [Docker](https://github.com/No-Github/1earn/tree/master/1earn/Integrated/%E8%99%9A%E6%8B%9F%E5%8C%96/Docker)\n\n    * **Linux**\n        * [God-Linux](./1earn/Integrated/Linux/God-Linux.md) - 记录 Linux 下的骚操作,收集的较少,后面会慢慢添加\n        * [Power-Linux](./1earn/Integrated/Linux/Power-Linux.md) - 配置指南,记录各种服务搭建与配置过程\n        * [Secure-Linux](./1earn/Integrated/Linux/Secure-Linux.md) - Linux 加固+维护+应急响应参考\n        * [Speed-Linux](./1earn/Integrated/Linux/Speed-Linux.md) - 命令速查手册,记录各种基本命令操作\n        * [笔记](https://github.com/No-Github/1earn/tree/master/1earn/Integrated/Linux/%E7%AC%94%E8%AE%B0)\n        * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Integrated/Linux/%E5%AE%9E%E9%AA%8C) - 各种 linux 服务的搭建过程和案例\n\n    * **Network**\n        * [Speed-Net](./1earn/Integrated/Network/Speed-Net.md) - 各类帧、报文格式、掩码等\n        * [Power-Net](./1earn/Integrated/Network/Power-Net.md) - 记录 TCP/IP 协议栈的协议\n\n    * **Windows**\n        * [Secure-Win](./1earn/Integrated/Windows/Secure-Win.md) - Windows 加固+维护+应急响应参考\n        * [Speed-Win](./1earn/Integrated/Windows/Speed-Win.md) - 记录 windows 下 CMD 常用命令\n        * [笔记](https://github.com/No-Github/1earn/tree/master/1earn/Integrated/Windows/%E7%AC%94%E8%AE%B0)\n        * [实验](https://github.com/No-Github/1earn/tree/master/1earn/Integrated/Windows/%E5%AE%9E%E9%AA%8C) -涉及域环境搭建、基础服务搭建\n        * [Powershell](./1earn/Integrated/Windows/PowerShell/PowerShell笔记.md)\n\n* **Plan**\n\n    * [Misc-Plan](./1earn/Plan/Misc-Plan.md) - 各种小技巧\n    * [Team-Plan](./1earn/Plan/Team-Plan.md) - 团队协作解决方案\n    * [Thinking-Plan](./1earn/Plan/Thinking-Plan.md) - 问题解决方式的记录和学习\n    * [VM-Plan](./1earn/Plan/VM-Plan.md) - VMWare 常见问题记录\n\n---\n\n## 三板斧\n\n`收集、归纳、分享` 我认为这是知识学习的\"三板斧\"\n\n收集,很好理解,比如收集各种学习的资源,看过的论文、文章,和各种工具\n\n归纳,或者说是总结与分类,将自己学习过程中的心得体会记载下来,写成各种笔记,文章,将收集的资源整理归类\n\n分享,在博客上传一篇文章也好,在 qq 群帮助群友解决一个问题也好,都是分享\n\n没有收集和归纳的能力,整个学习的过程就像是在用一个菜篮子接水,留不住的,同样,如果不愿意分享,就像是在闭门造车,无法接触到不同的观点,没人指正你的问题,久而久之有可能想法变得偏执,并且固步自封\n\n---\n\n## 阅读建议\n\n`本项目所有文档均在 VScode 编辑器中编写,故只兼容 VScode 侧边预览的 markdown 语法,暂不考虑兼容其他编辑器的 md 语法`\n\n~~由于 github 的 markdown 引擎 kramdown 不支持 [TOC] 链接,以及各种不兼容的排版问题, 导致阅读体验极不友好, 因此~~ 建议还是下载/clone到本地阅读\n```\ngit clone --depth 1 https://github.com/ffffffff0x/1earn.git\n```\n\n建议的阅读体验\n* [VScode](https://code.visualstudio.com/) + [FiraCode](https://github.com/tonsky/FiraCode) (推荐,整个项目在vscode环境下编写,基本不会出现排版问题)\n* [Typora](https://www.typora.io/)\n\n\u003e 如果 clone 速度太慢,可以先导入码云中(选择从 URL 中导入),再进行 clone ： https://blog.gitee.com/2018/06/05/github_to_gitee/?from=homepage\n\n\u003e 提高 release 速度,可以参考这几篇文章 https://jinfeijie.cn/post-805.html 、https://blog.csdn.net/weixin_44821644/article/details/107574297?utm_source=app\n\n\u003e 现在只需按下句号(.)键，即可启用 web 版 vscode 浏览本项目\n\n---\n\n以下是该项目的灵感来源\n\n* [Micro8-渗透沉思录](https://www.secpulse.com/archives/98814.html)\n* [Teach Yourself Programming in Ten Years](http://norvig.com/21-days.html)\n* [To Find a Better Solution, Ask a Better Question  Member Feature Stories  Medium](https://medium.com/s/story/to-find-a-better-solution-ask-a-better-question-3be7fee5af65)\n* [The Magpie Developer](https://blog.codinghorror.com/the-magpie-developer/)\n\n---\n\n## CONTRIBUTORS \u0026 Thanks\n\n- [CONTRIBUTORS](./assets/CONTRIBUTORS.md)\n\n---\n\n## 联系我\n\n- 如果你有任何其他方面的问题或建议，可以在 issue 提出或发送邮件至 D2hwakH7BS5E@protonmail.com\n\n---\n\n## Disclaimer\u0026License\n\n- \u003csup\u003e本项目采用 [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/deed.zh) 协议.\u003c/sup\u003e\n    - \u003csup\u003e共享 — 在任何媒介以任何形式复制、发行本作品。\u003c/sup\u003e\n    - \u003csup\u003e演绎 — 修改、转换或以本作品为基础进行创作在任何用途下，甚至商业目的。\u003c/sup\u003e\n    - \u003csup\u003e署名 — 您必须给出适当的署名，提供指向本许可协议的链接，同时标明是否（对原始作品）作了修改。您可以用任何合理的方式来署名，但是不得以任何方式暗示许可人为您或您的使用背书。\u003c/sup\u003e\n    - \u003csup\u003e没有附加限制 — 您不得适用法律术语或者 技术措施 从而限制其他人做许可协议允许的事情。\u003c/sup\u003e\n- \u003csup\u003e注: 本项目所有文件仅供学习和研究使用,请勿使用项目中的技术源码用于非法用途,任何人造成的任何负面影响,与本人无关.\u003c/sup\u003e\n\n---\n\n\u003e create by ffffffff0x\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fffffffff0x%2F1earn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fffffffff0x%2F1earn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fffffffff0x%2F1earn/lists"}