Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bollwarm/SecToolSet

The security tool(project) Set from github。github安全项目工具集合
https://github.com/bollwarm/SecToolSet

Last synced: about 2 months ago
JSON representation

The security tool(project) Set from github。github安全项目工具集合

Awesome Lists containing this project

README

        

## sectoolset -- Github安全相关工具集合

## 主要内容:

[0x00 漏洞利用实战练习&CTF安全竞赛](Practice_CTF.md)

[0x01 安全扫描器](Scanner.md)

[0x02 安全防守](Defence.md)

[0x03 渗透测试](PenetrationTest.md)

[0x04 漏洞库及利用工具(POC,EXP)](ProofofConcept_Exploit.md)

[0x05 二进制及代码分析工具](BinaryAnalysis.md)

[0x06 威胁情报&蜜罐](ThreatIntelligence_Honey.md)

[0x07 安全文档资料](SecurityDoucument.md)

[0x11 所有内容](All.md)

## 乌云镜像

[乌云镜像,已挂](http://wooyun.webbaozi.com)

[乌云镜像,已挂](http://wy.hx99.net/)

## 近期安全热点

[glibc iconv()中的缓冲区溢出导致PHP RCE攻击CNEXT(CVE-2024-2961)](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1)

[TunnelVision (CVE-2024-3661):攻击者通过路由定向数据到未加密通道,从而获取VPN的数据,影响所有DHCP的VPN(Linux,Windows,iOS 和 MacOS)](https://www.leviathansecurity.com/blog/tunnelvision)

[PuTTY vuln-p521-bias漏洞影响0.68—0.8版本用ecdsa-sha2-nistp521签发的证书](https://www.toutiao.com/article/7358457832808956456/)

[论文:红队中AI生成式模型使用调查](https://arxiv.org/pdf/2404.00629.pdf)

[关于xz后门详解](http://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/)

[谷歌《2023年在野0-day漏洞利用报告》](https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf)

[ZenHammer:Rowhammer适用于AMD Zen的平台攻击 ](https://comsec.ethz.ch/research/dram/zenhammer/)

[警惕:研究人员发现Github中暗藏私货恶意仓库超十万](https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/)

[针对Openssh的水龟攻击:通过序列号操作破坏SSH通道完整性( CVE-2023-48795)](https://terrapin-attack.com/)

[论文《BEYOND MEMORIZATION: VIOLATING PRIVACY VIA INFERENCE WITH LARGE LANGUAGE MODELS》使用大语言模型和社交网络数据推理个人隐私信息(位置、收入和性别等)](https://arxiv.org/abs/2310.07298)

[OAuth验证不严谨导致数北万用户账户被劫持](https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts)

[WebP 0day CVE-2023-4863 可能影响安卓系统](https://blog.isosceles.com/the-webp-0day/)

[CVE-2023-4039:GCC的-fstack-protector存在动态堆栈分配漏洞,影响ARM64版本(Macbook M版本)](https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html)

[OpenSSH组件ssh-agent存远程代码执行漏洞(CVE-2023-38408)](https://www.toutiao.com/article/7258066128541794851)

[Fortigate VPN远程代码执行(CVE-2023-27997),全网仍有大量机器未进行修补](https://blog.lexfo.fr/xortigate-cve-2023-27997.html)

[WiFi协议中节能机制存缺陷,攻击者劫持和窃取数据包](https://www.toutiao.com/article/7215950877579133455/)

[Windows 11 可信平台模块TPM 2.0 越界读写漏洞 ( CVE-2023-1017,CVE-2023-1018 )](https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html)

[CISA已知可被利用漏洞目录](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

[NSA:量子计算和后量子加密算法FAQ](https://media.defense.gov/2021/Aug/04/2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF)

[安全论文:《Measuring and Preventing Supply Chain Attacks on Package Managers》](https://arxiv.org/pdf/2002.01139.pdf)

[五眼联盟国家网络安全技术指导书](https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf)

[2018 Blackhat 工具集](BlackHat2018.md)

[Meltdown & Spectre](Meltdown_Spectre.md)

## License

Licensed under [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0.html).