René's URL Explorer Experiment


Title: GitHub - MyKings/security-study-tutorial: Summary of online learning materials

Open Graph Title: GitHub - MyKings/security-study-tutorial: Summary of online learning materials

X Title: GitHub - MyKings/security-study-tutorial: Summary of online learning materials

Description: Summary of online learning materials. Contribute to MyKings/security-study-tutorial development by creating an account on GitHub.

Open Graph Description: Summary of online learning materials. Contribute to MyKings/security-study-tutorial development by creating an account on GitHub.

X Description: Summary of online learning materials. Contribute to MyKings/security-study-tutorial development by creating an account on GitHub.

Opengraph URL: https://github.com/MyKings/security-study-tutorial

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:d78ec955-8bfe-67e1-4856-b891255389ce
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idE784:3CECC8:39435AE:4B68F68:6974663D
html-safe-nonce4f151c3001b3be4c86da887e6c6b057ddb6b679bbd751b4702955ba84cde59cd
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFNzg0OjNDRUNDODozOTQzNUFFOjRCNjhGNjg6Njk3NDY2M0QiLCJ2aXNpdG9yX2lkIjoiNzc3MDU2MDgzNzc4MDI2ODYwNSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmacddfe1916c697bddb254d510800abedb9c2b0b8bd052ddcdf6feffbb9bf46b275
hovercard-subject-tagrepository:171778902
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/MyKings/security-study-tutorial
twitter:imagehttps://opengraph.githubassets.com/a30d49b2de8c5c8e175266ec9887ecf889641f587b954519f1623130ad014da9/MyKings/security-study-tutorial
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/a30d49b2de8c5c8e175266ec9887ecf889641f587b954519f1623130ad014da9/MyKings/security-study-tutorial
og:image:altSummary of online learning materials. Contribute to MyKings/security-study-tutorial development by creating an account on GitHub.
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Nonee0b95d743b7672c9ac0e1032d5f117950182dc164a83434a7db86510e8f0b37c
turbo-cache-controlno-preview
go-importgithub.com/MyKings/security-study-tutorial git https://github.com/MyKings/security-study-tutorial.git
octolytics-dimension-user_id7788116
octolytics-dimension-user_loginMyKings
octolytics-dimension-repository_id171778902
octolytics-dimension-repository_nwoMyKings/security-study-tutorial
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id171778902
octolytics-dimension-repository_network_root_nwoMyKings/security-study-tutorial
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release56fe7e2e8de6e57740bca50402351ea656f7a4bf
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FMyKings%2Fsecurity-study-tutorial
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FMyKings%2Fsecurity-study-tutorial
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=MyKings%2Fsecurity-study-tutorial
Reloadhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
Reloadhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
Reloadhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
MyKings https://patch-diff.githubusercontent.com/MyKings
security-study-tutorialhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2FMyKings%2Fsecurity-study-tutorial
Fork 33 https://patch-diff.githubusercontent.com/login?return_to=%2FMyKings%2Fsecurity-study-tutorial
Star 90 https://patch-diff.githubusercontent.com/login?return_to=%2FMyKings%2Fsecurity-study-tutorial
90 stars https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/stargazers
33 forks https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/forks
Branches https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/branches
Tags https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/tags
Activity https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/activity
Star https://patch-diff.githubusercontent.com/login?return_to=%2FMyKings%2Fsecurity-study-tutorial
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2FMyKings%2Fsecurity-study-tutorial
Code https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
Issues 1 https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/issues
Pull requests 0 https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/pulls
Actions https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/actions
Security 0 https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/security
Insights https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/pulse
Code https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
Issues https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/issues
Pull requests https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/pulls
Actions https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/actions
Security https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/security
Insights https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/pulse
Brancheshttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/branches
Tagshttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/tags
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/branches
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/tags
106 Commitshttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/commits/master/
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/commits/master/
origin/Xuanwu Lab Securityhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/tree/master/origin/Xuanwu%20Lab%20Security
origin/Xuanwu Lab Securityhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/tree/master/origin/Xuanwu%20Lab%20Security
.gitignorehttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/blob/master/.gitignore
.gitignorehttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/blob/master/.gitignore
README.mdhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/blob/master/README.md
README.mdhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/blob/master/README.md
_config.ymlhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/blob/master/_config.yml
_config.ymlhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/blob/master/_config.yml
READMEhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#security-study-tutorial
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#awesome
https://github.com/vinta/awesome-pythonhttps://github.com/vinta/awesome-python
https://github.com/Hack-with-Github/Awesome-Hackinghttps://github.com/Hack-with-Github/Awesome-Hacking
https://github.com/hslatman/awesome-threat-intelligencehttps://github.com/hslatman/awesome-threat-intelligence
https://github.com/bayandin/awesome-awesomenesshttps://github.com/bayandin/awesome-awesomeness
https://github.com/enaqx/awesome-pentesthttps://github.com/enaqx/awesome-pentest
https://github.com/carpedm20/awesome-hackinghttps://github.com/carpedm20/awesome-hacking
https://github.com/sbilly/awesome-securityhttps://github.com/sbilly/awesome-security
https://github.com/ashishb/android-security-awesomehttps://github.com/ashishb/android-security-awesome
https://github.com/paragonie/awesome-appsechttps://github.com/paragonie/awesome-appsec
https://github.com/PaulSec/awesome-sec-talkshttps://github.com/PaulSec/awesome-sec-talks
https://github.com/meirwah/awesome-incident-responsehttps://github.com/meirwah/awesome-incident-response
https://github.com/secfigo/Awesome-Fuzzinghttps://github.com/secfigo/Awesome-Fuzzing
https://github.com/yeyintminthuhtut/Awesome-Red-Teaminghttps://github.com/yeyintminthuhtut/Awesome-Red-Teaming
https://github.com/s0md3v/AwesomeXSShttps://github.com/s0md3v/AwesomeXSS
https://github.com/qazbnm456/awesome-cve-pochttps://github.com/qazbnm456/awesome-cve-poc
https://github.com/djadmin/awesome-bug-bountyhttps://github.com/djadmin/awesome-bug-bounty
https://github.com/toniblyx/my-arsenal-of-aws-security-toolshttps://github.com/toniblyx/my-arsenal-of-aws-security-tools
https://github.com/jaredthecoder/awesome-vehicle-securityhttps://github.com/jaredthecoder/awesome-vehicle-security
https://github.com/joe-shenouda/awesome-cyber-skillshttps://github.com/joe-shenouda/awesome-cyber-skills
https://github.com/nebgnahz/awesome-iot-hackshttps://github.com/nebgnahz/awesome-iot-hacks
https://github.com/jonathandion/awesome-emailshttps://github.com/jonathandion/awesome-emails
https://github.com/FabioBaroni/awesome-exploit-developmenthttps://github.com/FabioBaroni/awesome-exploit-development
https://github.com/Escapingbug/awesome-browser-exploithttps://github.com/Escapingbug/awesome-browser-exploit
https://github.com/snoopysecurity/awesome-burp-extensionshttps://github.com/snoopysecurity/awesome-burp-extensions
https://github.com/Hack-with-Github/Awesome-Security-Gistshttps://github.com/Hack-with-Github/Awesome-Security-Gists
https://github.com/InQuest/awesome-yarahttps://github.com/InQuest/awesome-yara
https://github.com/dhaval17/awsome-security-write-ups-and-POCshttps://github.com/dhaval17/awsome-security-write-ups-and-POCs
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#checklist
https://github.com/b-mueller/android_app_security_checklisthttps://github.com/b-mueller/android_app_security_checklist
https://github.com/shieldfy/API-Security-Checklisthttps://github.com/shieldfy/API-Security-Checklist
https://github.com/SecarmaLabs/IoTChecklisthttps://github.com/SecarmaLabs/IoTChecklist
https://github.com/netbiosX/Checklistshttps://github.com/netbiosX/Checklists
https://github.com/brunofacca/zen-rails-security-checklisthttps://github.com/brunofacca/zen-rails-security-checklist
https://github.com/privacyradius/gdpr-checklisthttps://github.com/privacyradius/gdpr-checklist
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#developer
Security Guide for Developershttps://github.com/FallibleInc/security-guide-for-developers
https://github.com/ExpLife0011/awesome-windows-kernel-security-developmenthttps://github.com/ExpLife0011/awesome-windows-kernel-security-development
https://github.com/jaywcjlove/awesome-machttps://github.com/jaywcjlove/awesome-mac
分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴https://github.com/ym2011/SecurityManagement
https://github.com/riusksk/secbookhttps://github.com/riusksk/secbook
https://github.com/bayandin/awesome-awesomenesshttps://github.com/bayandin/awesome-awesomeness
常用服务器、数据库、中间件安全配置基线https://github.com/re4lity/Benchmarks
https://github.com/NB-STAR/Security-Operationhttps://github.com/NB-STAR/Security-Operation
https://github.com/EbookFoundation/free-programming-bookshttps://github.com/EbookFoundation/free-programming-books
Machine Learning Crash Coursehttps://developers.google.com/machine-learning/crash-course/
https://github.com/yosriady/api-development-toolshttps://github.com/yosriady/api-development-tools
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#pentest
Payloads All The Thingshttps://github.com/swisskyrepo/PayloadsAllTheThings
1 – INTRODUCTION TO CYBER SECURITYhttps://www.prismacsi.com/en/1-introduction-to-cyber-security/
2 – PASSIVE INFORMATION GATHERING(OSINT)https://www.prismacsi.com/en/2-passive-information-gathering-osint/
3 – ACTIVE INFORMATION GATHERINGhttps://www.prismacsi.com/en/3-active-information-gathering/
4 – VULNERABILITY DETECTIONhttps://www.prismacsi.com/en/4-vulnerability-detection/
5 – EXPLOITATIONhttps://www.prismacsi.com/en/5-exploitation/
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Projecthttps://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
OSINT Resources for 2019https://medium.com/@micallst/osint-resources-for-2019-b15d55187c3f
CheatSheetSerieshttps://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets
Whitepaper: HTTP Security Headers and How They Workhttps://www.netsparker.com/whitepaper-http-security-headers/
webkit-bugmaphttps://bugmap.gitlab.io/webkit/
Webkit Exploitation Tutorialhttps://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/
A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more.https://github.com/trimstray/the-book-of-secret-knowledge
https://github.com/danielmiessler/SecListshttps://github.com/danielmiessler/SecLists
CVE Detailshttps://www.cvedetails.com/
A collected list of awesome security talkshttps://github.com/PaulSec/awesome-sec-talks
Curated list of public penetration test reports released by several consulting firms and academic security groupshttps://github.com/juliocesarfort/public-pentesting-reports
Web-Security-Learninghttps://github.com/CHYbeta/Web-Security-Learning
PENTEST-WIKI is a free online security knowledge library for pentesters / researchershttps://github.com/nixawk/pentest-wiki
Official Black Hat Arsenal Security Tools Repository https://github.com/toolswatch/blackhat-arsenal-tools/tree/master/code_assessment
Penetration Testing / OSCP Biggest Reference Bank / Cheatsheethttps://github.com/OlivierLaflamme/Cheatsheet-God
Proof-of-concept codes created as part of security research done by Google Security Team.https://github.com/google/security-research-pocs
Security Research from the Microsoft Security Response Center (MSRC)https://github.com/Microsoft/MSRC-Security-Research
Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.https://github.com/trimstray/technical-whitepapers
https://github.com/Micropoor/Micro8https://github.com/Micropoor/Micro8
RedTeam资料收集整理https://github.com/jeansgit/RedTeam
Great security list for fun and profithttps://github.com/zbetcheckin/Security_list
https://github.com/ztgrace/red_team_telemetryhttps://github.com/ztgrace/red_team_telemetry
Penetration tests cases, resources and guidelines.https://github.com/Voorivex/pentest-guide
Attack and defend active directory using modern post exploitation adversary tradecraft activityhttps://github.com/infosecn1nja/AD-Attack-Defense
https://github.com/tiancode/learn-hackinghttps://github.com/tiancode/learn-hacking
https://github.com/rewardone/OSCPRepohttps://github.com/rewardone/OSCPRepo
https://github.com/redcanaryco/atomic-red-teamhttps://github.com/redcanaryco/atomic-red-team
HTA encryption tool for RedTeamshttps://github.com/nccgroup/demiguise
https://github.com/infosecn1nja/Red-Teaming-Toolkithttps://github.com/infosecn1nja/Red-Teaming-Toolkit
Red Team Field Manualhttps://github.com/Agahlot/RTFM
The Shadow Brokers "Lost In Translation" leakhttps://github.com/misterch0c/shadowbroker
Decrypted content of eqgrp-auction-file.tar.xzhttps://github.com/x0rz/EQGRP
https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wikihttps://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.https://github.com/RhinoSecurityLabs/pacu
https://github.com/Ridter/Intranet_Penetration_Tipshttps://github.com/Ridter/Intranet_Penetration_Tips
渗透测试、红队攻击、网络安全资源大集合https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
Awesome Cybersecurity Blue Team - 蓝队防御相关的工具、文章资料收集https://github.com/meitar/awesome-cybersecurity-blueteam
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#mobile-application-security
https://gbhackers.com/mobile-application-penetration-testing/https://gbhackers.com/mobile-application-penetration-testing/
安卓内核提权漏洞分析https://github.com/tangsilian/android-vuln
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#malware
Bypass EDR’s memory protection, introduction to hookinghttps://movaxbx.ru/2019/02/19/bypass-edrs-memory-protection-introduction-to-hooking/
Analyzing the Windows LNK file attack methodhttps://dexters-lab.net/2019/02/16/analyzing-the-windows-lnk-file-attack-method/
委内瑞拉关于人道主义援助运动的伪造域名钓鱼活动分析https://securelist.com/dns-manipulation-in-venezuela/89592/
对 Lazarus 下载者的简要分析https://medium.com/emptyregisters/lazarus-downloader-brief-analy-17875f342d96
Various public documents, whitepapers and articles about APT campaignshttps://github.com/kbandla/APTnotes
Personal compilation of APT malware from whitepaper releases, documents and own researchhttps://github.com/sapphirex00/Threat-Hunting
Malware Capture Facility Projecthttps://www.stratosphereips.org/datasets-malware
https://github.com/rootm0s/Injectorshttps://github.com/rootm0s/Injectors
https://github.com/rshipp/awesome-malware-analysishttps://github.com/rshipp/awesome-malware-analysis
对 Chrome 恶意扩展应用的研究https://posts.specterops.io/no-place-like-chrome-122e500e421f
分析 Gootkit 银行木马http://www.certego.net/en/news/malware-tales-gootkit/
二进制分析研究会议 BAR 2019 资源发布https://ruoyuwang.me/bar2019/
GLOBAL ATM MALWARE WALLhttp://atm.cybercrime-tracker.net/index.php
Feed RSS with the latest samples:http://atm.cybercrime-tracker.net/wget.php
https://maskop9.tech/index.php/2019/01/30/analysis-of-netwiredrc-trojan/https://maskop9.tech/index.php/2019/01/30/analysis-of-netwiredrc-trojan/
Slackor - Go 语言写的一个 C&C 服务器,基于 Slackhttps://github.com/Coalfire-Research/Slackor
卡巴斯基对影响全球多个地区的 Riltok 手机银行木马的分析https://securelist.com/mobile-banker-riltok/91374/
Metamorfo 银行木马利用 Avast 反病毒软件的可执行文件隐藏自己https://blog.ensilo.com/metamorfo-avast-abuser
列举了近些年知名的 APT 组织名单https://www.freebuf.com/articles/network/208449.html
腾讯安全御见发布《APT 2019年上半年研究报告》https://s.tencent.com/research/report/762.html
LNK 快捷方式文件在恶意代码攻击方面的应用https://bitofhex.com/2019/07/15/deriving-intelligence-from-lnk-files
针对以色列某未知 APT 恶意样本的分析报告https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Israel/APT/Unknown/26-08-19/Malware%20analysis%2026-08-19.md
此文作者分析恶意软件Malware过程系列https://poxyran.github.io/poxyblog/src/pages/22-10-2019-unpacking-malware-series-maze-ransomware.html
https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_TURLA_20191021%20VER%203%20-%20COPY.PDFhttps://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_TURLA_20191021%20VER%203%20-%20COPY.PDF
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#fuzzing
(Guided-)fuzzing for JavaScript engineshttps://saelo.github.io/presentations/offensivecon_19_fuzzilli.pdf
What the Fuzzhttps://labs.mwrinfosecurity.com/blog/what-the-fuzz/
OSS-Fuzz - continuous fuzzing of open source softwarehttps://github.com/google/oss-fuzz
Scalable fuzzing infrastructure.https://github.com/google/clusterfuzz
DOM fuzzerhttps://github.com/googleprojectzero/domato
https://github.com/wmliang/pe-aflhttps://github.com/wmliang/pe-afl
Web application fuzzerhttps://github.com/xmendez/wfuzz
https://github.com/fuzzdb-project/fuzzdbhttps://github.com/fuzzdb-project/fuzzdb
NSA finest toolhttps://github.com/fuzzbunch/fuzzbunch
https://github.com/bin2415/fuzzing_paperhttps://github.com/bin2415/fuzzing_paper
Potentially dangerous fileshttps://github.com/Bo0oM/fuzz.txt
Fuzzing Browsershttps://github.com/RootUp/BFuzz
This module provides a Python wrapper for interacting with fuzzers, such as AFLhttps://github.com/angr/phuzzer
从零开始用honggfuzz fuzz VLC的全过程分享https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/
https://www.dimva2019.org/wp-content/uploads/sites/31/2019/06/190620-DIMVA-keynote-FP.pdfhttps://www.dimva2019.org/wp-content/uploads/sites/31/2019/06/190620-DIMVA-keynote-FP.pdf
RetroWrite: 让闭源binary支持AFL和ASAN的Binary rewriting 工具https://github.com/HexHive/retrowrite/blob/master/docker
MOPT:对fuzzer变异策略的选择分布进行优化的工作,paper发表在Usenix Security‘19https://nesa.zju.edu.cn/download/MOPT_Optimize%20Mutation%20Scheduling%20for%20Fuzzers.pdf
用AFL-Unicorn来fuzz内核,集合了afl的覆盖率和unicorn的局部模拟执行https://github.com/fgsect/unicorefuzz
JANUS:将AFL和Syzkaller结合在一起fuzz文件系统的工作https://r3xnation.wordpress.com/2019/07/06/fuzzing-file-systems-via-two-dimensional-input-space-exploration-summary/
Mozilla的浏览器fuzz框架,类似于Google的clusterfuzzhttps://blog.mozilla.org/security/2019/07/10/grizzly/
利用 AFL Fuzz statzone DNS Zone Parsershttps://www.cambus.net/fuzzing-dns-zone-parsers/
基于AFL对Linux内核模糊测试的过程详述https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/
作者发现CVE-2019-13504, CVE-2019-13503的过程,同时强调了在软件开发周期集成libFuzzer对API进行fuzz的重要性https://fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/
FUDGE:一个自动化生成Fuzz Driver的工作,核心思路是通过分析lib在软件中的正常调用情况来生成Fuzz Driver,部分Fuzz Driver已经加入到OSS-Fuzz项目中https://ai.google/research/pubs/pub48314
Adobe Font Development Kit for OpenType 套件相关的漏洞分析https://github.com/xinali/AfdkoFuzz/
复旦白泽战队对《Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations》 Paper 的解读https://zhuanlan.zhihu.com/p/74947208
Linux 内核 Fuzz 的入门教程https://buff.ly/2LKEIpO
现有USB Fuzzing技术的总结 https://davejingtian.org/2019/07/17/usb-fuzzing-a-usb-perspective/
从源码层面对 Google honggfuzz Fuzz 原理的分析https://www.anquanke.com/post/id/181936
lain - 微软这两天开源了一个 Rust 语言写的 Fuzz 框架https://github.com/microsoft/lain
Fuzz闭源PDF阅读器时如何判断文件渲染结束以便关闭软件以及如何精简种子文件的一些方法https://hubs.ly/H0k0Rt60
之前推过AFL-Unicorn项目可以让AFL fuzz能用Unicorn模拟的闭源binary,这个uniFuzzer项目很类似,是要把libfuzzer应用在闭源binary上https://github.com/rk700/uniFuzzer/
用AFL Fuzz OP-TEE的系统调用 https://github.com/Riscure/optee_fuzzer
平安科技银河安全实验室基于Unicorn和LibFuzzer实现了一个针对闭源可执行文件的fuzzer。借助Unicorn在x86架构上模拟执行arm指令,并通过Unicorn能hook基本块的功能获取代码覆盖率,从而反馈给libfuzzer实现对目标函数的fuzz。优势在于可以借助Unicorn在x86架构上fuzz闭源的可执行文件。缺点在于要针对目标架构和系统进行各种外部库、系统调用的适配,因此不太适合大型的目标。根据文章看来,其思路也是针对iot设备上的可执行文件进行fuzz。文章最后还开源概念验证代码。https://galaxylab.com.cn/%e5%9f%ba%e4%ba%8eunicorn%e5%92%8clibfuzzer%e7%9a%84%e6%a8%a1%e6%8b%9f%e6%89%a7%e8%a1%8cfuzzing/
nccgroup团队基于Sulley构造的一个对网络协议进行模糊测试的工具。https://github.com/nccgroup/fuzzowski
使用苹果自带的LLDB Script fuzz macOS系统内核 – R3dF09https://i.blackhat.com/USA-19/Thursday/us-19-Lilang-Debug-For-Bug-Crack-And-Hack-Apple-Core-By-Itself-Fun-And-Profit-To-Debug-And-Fuzz-Apple-Kernel-By-LLDB-Script.pdf
波鸿鲁尔大学关于如何在二进制程序中对抗 Fuzz 自动化发现漏洞的研究https://github.com/RUB-SysSec/antifuzz
Fortinet 如何利用 Fuzz 的方法发现 Office Embedded Open Type (EOT) 的漏洞 https://www.fortinet.com/blog/threat-research/a-14-day-journey-through-embedded-open-type-font-fuzzing.html
湾区一个关于Fuzzing的workshop的分享内容,三个议题涵盖了c/c++,web应用等不同目标的Fuzzing技巧 https://github.com/MotherFuzzers/meetups/blob/master/README.md
用WinAFL Fuzz Windows Binary的实践分享,新颖之处是作者利用了内存访问的热图来精简输入种子大小 https://sec-consult.com/en/blog/2017/09/hack-the-hacker-fuzzing-mimikatz-on-windows-with-winafl-heatmaps-0day/
Google 建了一个 Fuzzing Repo,用来放 Fuzzing 相关的文档、教程等资源 https://github.com/google/fuzzing
lokihardt 在 jsc 编译器中 fuzz 出来的新漏洞https://bugs.chromium.org/p/project-zero/issues/detail?id=1876
伦敦帝国学院研究团队通过 Fuzzing 方式对编译器 Bug 的研究报告https://srg.doc.ic.ac.uk/projects/compiler-bugs
针对 Java 语言的基于覆盖率的 Fuzz 框架 https://github.com/rohanpadhye/jqf
Fragscapy - 通过协议 Fuzz 的方法探测 IDS/防火墙检测规则的漏洞https://blog.amossys.fr/fragscapy-fuzzing-protocols-to-evade-firewalls.html
gramfuzz - 通过定义语法规则生成 Fuzz 测试样本数据的工具https://github.com/d0c-s4vage/gramfuzz
Fuzz中一个常见问题是Checksum或者Magic Value,以前的方法大多是通过符号执行的方法去求解约束,但这样的方法比较复杂。Red­queen这篇文章提出了一种更为简单的思路,即基于VMI来获取比较指令或者函数调用指令的参数,用这个参数来指导变异。具体实现依赖Intel PT。https://github.com/RUB-SysSec/redqueen
Jsfuzz: coverage-guided fuzz testing for Javascript https://github.com/fuzzitdev/jsfuzz
Dhiraj Mishra 在 PHDays9 会议 AFL Fuzz Workshop 的 PPThttps://github.com/RootUp/PHDays9
Fuzz 方向的几篇 Paper 的解读 https://github.com/bsauce/Some-Papers-About-Fuzzing
基于 Frida 实现的 In-Memory Android API Fuzzerhttps://github.com/andreafioraldi/frida-qbdi-fuzzer
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#browser
An updated collection of resources targeting browser-exploitation.https://github.com/m1ghtym0/browser-pwn
A collection of JavaScript engine CVEs with PoCshttps://github.com/tunz/js-vuln-db
JavaScript engine fundamentals: the good, the bad, and the uglyhttps://slidr.io/bmeurer/javascript-engine-fundamentals-the-good-the-bad-and-the-ugly#1
Bypassing Chrome’s CSP with Link Preloadinghttps://ioactive.com/bypassing-chromes-csp-with-link-preloading/
Triaging the exploitability of IE/EDGE crasheshttps://movaxbx.ru/2019/02/20/triaging-the-exploitability-of-ie-edge-crashes/
Firefox 发布 68 版本,修复 21 个漏洞https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-9811
Chrome 更新 76.0.3809.87 版本,修复 43 个安全漏洞https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
一个 Edge UXSS 漏洞分析https://leucosite.com/Microsoft-Edge-uXSS/?q
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#deep-net
All You Need to Know About Deep Learning - A kick-starterhttps://github.com/machinelearningmindset/deep-learning-ocean
OnionScan is a free and open source tool for investigating the Dark Web.https://github.com/s-rah/onionscan
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#operating-system
https://github.com/drduh/macOS-Security-and-Privacy-Guidehttps://github.com/drduh/macOS-Security-and-Privacy-Guide
How-To-Secure-A-Linux-Serverhttps://github.com/imthenachoman/How-To-Secure-A-Linux-Server
A practical guide to advanced Linux security in production environmentshttps://github.com/trimstray/the-practical-linux-hardening-guide
https://www.itsecdb.com/https://www.itsecdb.com/
Vulnerability scanner for Linux/FreeBSD, agentless, written in Gohttps://github.com/future-architect/vuls
some learning notes about Linux Securityhttps://github.com/JnuSimba/LinuxSecNotes
API samples for the Universal Windows Platform.https://github.com/Microsoft/Windows-universal-samples
Set of tools to analyze and attack Windows sandboxes.https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools
https://github.com/trimstray/test-your-sysadmin-skillshttps://github.com/trimstray/test-your-sysadmin-skills
https://github.com/wstart/DB_BaseLinehttps://github.com/wstart/DB_BaseLine
Windows memory hacking libraryhttps://github.com/DarthTon/Blackbone
https://github.com/j00ru/windows-syscallshttps://github.com/j00ru/windows-syscalls
https://github.com/zodiacon/WindowsInternalshttps://github.com/zodiacon/WindowsInternals
https://github.com/GDSSecurity/Windows-Exploit-Suggesterhttps://github.com/GDSSecurity/Windows-Exploit-Suggester
https://github.com/EasyHook/EasyHookhttps://github.com/EasyHook/EasyHook
Bypass Windows Exploit Guard ASR (PPT)https://github.com/sevagas/WindowsDefender_ASR_Bypass-OffensiveCon2019
Windows 中一些启动相关的注册表项介绍http://www.hexacorn.com/blog/2019/02/23/beyond-good-ol-run-key-part-104/
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#blockchain
Knowledge Base 慢雾安全团队知识库https://github.com/slowmist/Knowledge-Base
SlowMist Vulnerability Research Advisories https://github.com/slowmist/papers
https://github.com/knownsec/Ethereum-Smart-Contracts-Security-CheckListhttps://github.com/knownsec/Ethereum-Smart-Contracts-Security-CheckList
https://github.com/bcosorg/whitepaper/blob/master/BCOS_Whitepaper.mdhttps://github.com/bcosorg/whitepaper/blob/master/BCOS_Whitepaper.md
https://github.com/1522402210/BlockChain-Security-Listhttps://github.com/1522402210/BlockChain-Security-List
https://github.com/liuchengxu/blockchain-tutorialhttps://github.com/liuchengxu/blockchain-tutorial
https://github.com/dvf/blockchainhttps://github.com/dvf/blockchain
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#security-conference
2019 Pass the SALT 会议的大部分议题 PPT 公开了https://2019.pass-the-salt.org/schedule/
RuhrSec 2019 会议的视频公开了https://www.ruhrsec.de/2019/videos.html
学术届 ACM ASIACCS 2019 会议的议题 PPT 都公开了https://asiaccs2019.github.io/program.html
即将举办的 Black Hat USA 2019 大会值得关注的七大热点网络安全趋势https://www.freebuf.com/news/207907.html
lack Hat USA 2019 会议上,微软宣布对于可以成功利用的 Azure 平台的 Exploit,微软最多可以奖励 30 万美金https://threatpost.com/microsoft-lab-300k-working-azure-exploits/146938/
Nicolas Joly 在 BlackHat USA 2019 对 Outlook/Exchange 漏洞及利用的总结https://i.blackhat.com/USA-19/Wednesday/us-19-Joly-Hunting-For-Bugs-Catching-Dragons.pdf
研究员 Maor Shwartz 在 BlackHat USA 2019 会议上对 0Day 市场买卖交易双方的介绍http://i.blackhat.com/USA-19/Wednesday/us-19-Shwartz-Selling-0-Days-To-Governments-And-Offensive-Security-Companies.pdf
5G 通信网络的新漏洞,来自 BlackHat USA 2019https://i.blackhat.com/USA-19/Wednesday/us-19-Shaik-New-Vulnerabilities-In-5G-Networks-wp.pdf
腾讯安全Blade Team在blackhat usa 2019 上关于利用WiFi漏洞RCE的细节公开了。 – freener0https://i.blackhat.com/USA-19/Thursday/us-19-Pi-Exploiting-Qualcomm-WLAN-And-Modem-Over-The-Air-wp.pdf
来自 DEF CON 27 会议上针对 MikroTik RouterOS 系统的漏洞利用研究https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
BSides Canberra 2019 会议议题 “iOS 越狱需要什么?Hacking the iPhone: 2014 - 2019” 的视频https://www.youtube.com/watch?v=31azOpD7DmI
来自 Kcon 2019 360 安全研究员的议题《如何去挖掘物联网环境中的高级恶意软件威胁》 https://drive.google.com/open?id=1H_NX2L3KebS9-f1oPS8IbVg9CfWuOj4U
KCon 2019 安全会议的议题 PPT 可以下载了https://paper.seebug.org/1023/
HITB GSEC 2019 会议议题的 PPT 都公开了https://gsec.hitb.org/materials/sg2019/
DerbyCon 会议 NCC Group 研究员关于 COM Hijacking 的议题https://www.slideshare.net/DavidTulis1/com-hijacking-techniques-derbycon-2019
R2CON 2019 会议的议题 PPT 公开了https://github.com/radareorg/r2con2019
Derbycon 2019 会议的视频上线了http://bit.ly/302eUZM
Black Hat Europe 2019 会议议题列表(部分)公开了http://ow.ly/cRPK30pyRHC
OSDFCon19 会议关于 Linux 操作系统取证分析的议题 PPThttps://github.com/ashemery/LinuxForensics
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#tools
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#ssh
https://github.com/ncsa/ssh-auditorhttps://github.com/ncsa/ssh-auditor
https://github.com/r3vn/punk.pyhttps://github.com/r3vn/punk.py
https://github.com/mthbernardes/sshLooterhttps://github.com/mthbernardes/sshLooter
https://github.com/ropnop/windows_sshagent_extracthttps://github.com/ropnop/windows_sshagent_extract
https://github.com/arthepsy/ssh-audithttps://github.com/arthepsy/ssh-audit
https://github.com/mozilla/ssh_scanhttps://github.com/mozilla/ssh_scan
https://github.com/govolution/betterdefaultpasslist/blob/master/ssh.txthttps://github.com/govolution/betterdefaultpasslist/blob/master/ssh.txt
https://hackertarget.com/ssh-examples-tunnels/https://hackertarget.com/ssh-examples-tunnels/
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#dns
In-depth DNS Enumeration and Network Mappinghttps://github.com/caffix/amass
A DNS rebinding attack framework.https://github.com/nccgroup/singularity
Knock Subdomain Scanhttps://github.com/guelfoweb/knock
https://github.com/iphelix/dnschefhttps://github.com/iphelix/dnschef
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#exploiter
https://github.com/offensive-security/exploitdbhttps://github.com/offensive-security/exploitdb
Automated Mass Exploiterhttps://github.com/NullArray/AutoSploit
Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.https://github.com/Coalfire-Research/Red-Baron
A bunch of links related to VMware escape exploitshttps://github.com/xairy/vmware-exploitation
This contains common local exploits and enumeration scriptshttps://github.com/AusJock/Privilege-Escalation
Windows Exploitshttps://github.com/WindowsExploits/Exploits
windows-kernel-exploits Windows平台提权漏洞集合https://github.com/SecWiki/windows-kernel-exploits
MS17-010https://github.com/worawit/MS17-010
https://github.com/akayn/PostExploitshttps://github.com/akayn/PostExploits
https://github.com/smgorelik/Windows-RCE-exploitshttps://github.com/smgorelik/Windows-RCE-exploits
A Course on Intermediate Level Linux Exploitationhttps://github.com/nnamon/linux-exploitation-course
https://github.com/Semmle/SecurityExploitshttps://github.com/Semmle/SecurityExploits
https://github.com/lukechilds/reverse-shellhttps://github.com/lukechilds/reverse-shell
https://github.com/klsfct/getshellhttps://github.com/klsfct/getshell
https://github.com/rootm0s/WinPwnagehttps://github.com/rootm0s/WinPwnage
https://github.com/51x/WHPhttps://github.com/51x/WHP
https://github.com/SecWiki/linux-kernel-exploitshttps://github.com/SecWiki/linux-kernel-exploits
https://github.com/hardenedlinux/linux-exploit-development-tutorialhttps://github.com/hardenedlinux/linux-exploit-development-tutorial
https://github.com/Coalfire-Research/java-deserialization-exploitshttps://github.com/Coalfire-Research/java-deserialization-exploits
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#osint
People tracker on the Internet: OSINT analysis and research tool by Jose Pinohttps://github.com/jofpin/trape
Email OSINT and password breach hunting.https://github.com/khast3x/h8mail
Maintained collection of OSINT related resources. (All Free & Actionable)https://github.com/Ph055a/OSINT-Collection
Incredibly fast crawler designed for OSINT.https://github.com/s0md3v/Photon
OSINT Frameworkhttps://github.com/lockfale/OSINT-Framework
https://github.com/Moham3dRiahi/Th3inspectorhttps://github.com/Moham3dRiahi/Th3inspector
https://github.com/jivoi/awesome-osinthttps://github.com/jivoi/awesome-osint
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#wordlist
https://github.com/RicterZ/genpAsshttps://github.com/RicterZ/genpAss
https://github.com/lavalamp-/password-listshttps://github.com/lavalamp-/password-lists
https://github.com/LandGrey/pydictorhttps://github.com/LandGrey/pydictor
https://github.com/bit4woo/passmakerhttps://github.com/bit4woo/passmaker
https://github.com/brannondorsey/PassGANhttps://github.com/brannondorsey/PassGAN
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#git
Reconnaissance tool for GitHub organizationshttps://github.com/michenriksen/gitrob
GitHub Sensitive Information Leakage Monitor Spiderhttps://github.com/0xbug/Hawkeye
Searches through git repositories for high entropy strings and secrets, digging deep into commit historyhttps://github.com/dxa4481/truffleHog
GitHub Sensitive Information Leakagehttps://github.com/FeeiCN/GSIL
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#burpsuite
https://github.com/1N3/IntruderPayloadshttps://github.com/1N3/IntruderPayloads
https://github.com/vulnersCom/burp-vulners-scannerhttps://github.com/vulnersCom/burp-vulners-scanner
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#iot
http://va.ler.io/myfiles/dva/iot-rev-engineering.pdfhttp://va.ler.io/myfiles/dva/iot-rev-engineering.pdf
https://github.com/jaredthecoder/awesome-vehicle-securityhttps://github.com/jaredthecoder/awesome-vehicle-security
https://github.com/V33RU/IoTSecurity101https://github.com/V33RU/IoTSecurity101
https://github.com/schutzwerk/CANalyzat0rhttps://github.com/schutzwerk/CANalyzat0r
https://github.com/w3h/icsmasterhttps://github.com/w3h/icsmaster
https://github.com/xl7dev/ICSecurityhttps://github.com/xl7dev/ICSecurity
https://github.com/SecarmaLabs/IoTChecklisthttps://github.com/SecarmaLabs/IoTChecklist
https://github.com/mrmtwoj/0day-mikrotikhttps://github.com/mrmtwoj/0day-mikrotik
https://github.com/jiayy/android_vuln_poc-exphttps://github.com/jiayy/android_vuln_poc-exp
https://github.com/advanced-threat-research/firmware-security-traininghttps://github.com/advanced-threat-research/firmware-security-training
Exploitation Framework for Embedded Deviceshttps://github.com/threat9/routersploit
Printer Exploitation Toolkit https://github.com/RUB-NDS/PRET
作者分析了一款IoT路由的安全性,从web到硬件进行了全面的漏洞挖掘和分析,值得一看https://www.pentestpartners.com/security-blog/ewon-flexy-iot-router-a-deep-dive/
针对Arlo相机设备功能及安全性的一次深入分析https://medium.com/tenable-techblog/an-analysis-of-arlo-6f1b691236b5
研究人员在 Orvibo 智能家居产品的开放数据库中发现了用户的用户名、密码、精确位置等隐私数据https://www.vpnmentor.com/blog/report-orvibo-leak/
嵌入式与 IoT 安全方向的资料https://github.com/fkie-cad/awesome-embedded-and-iot-security
Cyber-ITL 对来自 22 个厂商的近 5000 个版本的 IoT 固件的分析报告https://cyber-itl.org/2019/08/26/iot-data-writeup.html
入门教程-如何探索网络摄像的漏洞(固件)https://medium.com/@knownsec404team/getting-started-tutorial-how-to-explore-the-camera-vulnerability-firmware-c405e25ed177
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#traffic
Malicious traffic detection systemhttps://github.com/stamparm/maltrail
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#honey
https://github.com/paralax/awesome-honeypotshttps://github.com/paralax/awesome-honeypots
https://github.com/ppacher/honeysshhttps://github.com/ppacher/honeyssh
Kippo - SSH Honeypothttps://github.com/desaster/kippo
https://github.com/ysrc/yulong-hidshttps://github.com/ysrc/yulong-hids
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#hunter
https://github.com/SpiderLabs/Responderhttps://github.com/SpiderLabs/Responder
https://github.com/Tencent/HaboMalHunterhttps://github.com/Tencent/HaboMalHunter
https://github.com/sapphirex00/Threat-Huntinghttps://github.com/sapphirex00/Threat-Hunting
https://github.com/kbandla/APTnoteshttps://github.com/kbandla/APTnotes
https://github.com/aptnotes/datahttps://github.com/aptnotes/data
APT & CyberCriminal Campaign Collectionhttps://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
Modlishka. Reverse Proxy. Phishing NG.https://github.com/drk1wi/Modlishka
A toolset to make a system look as if it was the victim of an APT attackhttps://github.com/NextronSystems/APTSimulator
https://github.com/bit4woo/domain_hunterhttps://github.com/bit4woo/domain_hunter
https://github.com/mvelazc0/Orianahttps://github.com/mvelazc0/Oriana
An informational repo about hunting for adversaries in your IT environment.https://github.com/ThreatHuntingProject/ThreatHunting
The Hunting ELKhttps://github.com/Cyb3rWard0g/HELK
https://github.com/dafthack/MailSniperhttps://github.com/dafthack/MailSniper
https://github.com/threatexpress/domainhunterhttps://github.com/threatexpress/domainhunter
https://github.com/A3sal0n/CyberThreatHuntinghttps://github.com/A3sal0n/CyberThreatHunting
https://github.com/Cyb3rWard0g/ThreatHunter-Playbookhttps://github.com/Cyb3rWard0g/ThreatHunter-Playbook
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#scanner
Web Application Security Scanner Frameworkhttps://github.com/Arachni/arachni
Web path scannerhttps://github.com/maurosoria/dirsearch
Fast and powerful SSL/TLS server scanning library.https://github.com/nabla-c0d3/sslyze
Next generation web scannerhttps://github.com/urbanadventurer/WhatWeb
A high performance offensive security tool for reconnaissance and vulnerability scanninghttps://github.com/evyatarmeged/Raccoon
Docker security analysis & hacking toolshttps://github.com/cr0hn/dockerscan
AIL framework - Analysis Information Leak frameworkhttps://github.com/CIRCL/AIL-framework
Network Security Vulnerability Scannerhttps://github.com/jeffzh3ng/Fuxi-Scanner
A fast and modular scanner for Tor exit relays.https://github.com/NullHypothesis/exitmap
OpenVAS remote network security scannerhttps://github.com/greenbone/openvas-scanner
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架https://github.com/WyAtu/Perun
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.https://github.com/t94j0/AIRMASTER
分布式web漏洞扫描https://github.com/TideSec/WDScanner
Golang编写的开源POC检测框架https://github.com/opensec-cn/kunpeng
Weak password blasting of weak ports and integrated detection tools for unauthorized access.https://github.com/aedoo/Allscanner
DeepSearch - Advanced Web Dir Scannerhttps://github.com/m4ll0k/DeepSearch
Nmap Web Dashboard and Reportinghttps://github.com/Rev3rseSecurity/WebMap
Fast CORS misconfiguration vulnerabilities scannerhttps://github.com/chenjj/CORScanner
Web App Monitorhttps://github.com/knownsec/wam
https://github.com/joaomatosf/jexbosshttps://github.com/joaomatosf/jexboss
Automated pentest framework for offensive security experts https://github.com/1N3/Sn1per
https://github.com/ysrc/xunfenghttps://github.com/ysrc/xunfeng
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#phisher
https://github.com/wifiphisher/wifiphisherhttps://github.com/wifiphisher/wifiphisher
Swordphish Phishing Awareness Toolhttps://github.com/certsocietegenerale/swordphish-awareness
Ruby on Rails Phishing Framework https://github.com/pentestgeek/phishing-frenzy
https://github.com/ryhanson/phisheryhttps://github.com/ryhanson/phishery
https://github.com/vishnudxb/docker-blackeyehttps://github.com/vishnudxb/docker-blackeye
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#rat
Android Remote Administration Toolhttps://github.com/AhMyth/AhMyth-Android-RAT
Hardware backdoors in some x86 CPUshttps://github.com/xoreaxeaxeax/rosenbridge
https://github.com/sincoder/gh0sthttps://github.com/sincoder/gh0st
Koadic C3 COM Command & Control - JScript RAThttps://github.com/zerosum0x0/koadic
iOS/macOS/Linux Remote Administration Toolhttps://github.com/neoneggplant/EggShell
https://github.com/secretsquirrel/the-backdoor-factoryhttps://github.com/secretsquirrel/the-backdoor-factory
(Windows, Linux, OSX, Android) remote administration and post-exploitation tool https://github.com/n1nj4sec/pupy
Python Remote Administration Tool (RAT)https://github.com/nathanlopez/Stitch
https://github.com/jgamblin/Mirai-Source-Codehttps://github.com/jgamblin/Mirai-Source-Code
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#wordlist-1
https://github.com/jeanphorn/wordlisthttps://github.com/jeanphorn/wordlist
https://github.com/We5ter/Scanners-Boxhttps://github.com/We5ter/Scanners-Box
https://github.com/berzerk0/Probable-Wordlistshttps://github.com/berzerk0/Probable-Wordlists
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#proxy
https://github.com/realgam3/pymultitorhttps://github.com/realgam3/pymultitor
https://github.com/stamparm/fetch-some-proxieshttps://github.com/stamparm/fetch-some-proxies
https://github.com/fate0/proxylisthttps://github.com/fate0/proxylist
http://www.cnproxy.com/proxy1.htmlhttp://www.cnproxy.com/proxy1.html
https://www.cool-proxy.net/proxies/http_proxy_list/sort:score/direction:deschttps://www.cool-proxy.net/proxies/http_proxy_list/sort:score/direction:desc
https://free-proxy-list.net/https://free-proxy-list.net/
https://proxy-list.org/english/index.phphttps://proxy-list.org/english/index.php
http://comp0.ru/downloads/proxylist.txthttp://comp0.ru/downloads/proxylist.txt
http://www.proxylists.net/http_highanon.txthttp://www.proxylists.net/http_highanon.txt
http://www.proxylists.net/http.txthttp://www.proxylists.net/http.txt
http://ab57.ru/downloads/proxylist.txthttp://ab57.ru/downloads/proxylist.txt
https://www.rmccurdy.com/scripts/proxy/good.txthttps://www.rmccurdy.com/scripts/proxy/good.txt
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#other
https://github.com/meirwah/awesome-incident-responsehttps://github.com/meirwah/awesome-incident-response
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applicationshttps://github.com/python-security/pyt
Official Black Hat Arsenal Security Tools Repositoryhttps://github.com/toolswatch/blackhat-arsenal-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.https://github.com/toniblyx/my-arsenal-of-aws-security-tools
Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.https://github.com/nullsecuritynet/tools
Open-Source Security Architecturehttps://github.com/bloodzer0/ossa
Golang安全资源合集https://github.com/re4lity/Hacking-With-Golang
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform https://github.com/Patrowl/PatrowlManager
https://github.com/luyg24/IT_securityhttps://github.com/luyg24/IT_security
Find open databases with Shodanhttps://github.com/woj-ciech/LeakLooker
https://github.com/Truneski/external_c2_frameworkhttps://github.com/Truneski/external_c2_framework
https://github.com/nshalabi/ATTACK-Toolshttps://github.com/nshalabi/ATTACK-Tools
https://github.com/byt3bl33d3r/SprayingToolkithttps://github.com/byt3bl33d3r/SprayingToolkit
https://github.com/threatexpress/malleable-c2https://github.com/threatexpress/malleable-c2
https://github.com/rsmudge/Malleable-C2-Profileshttps://github.com/rsmudge/Malleable-C2-Profiles
Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts. https://github.com/nullsecuritynet/tools
https://github.com/EmpireProject/Empirehttps://github.com/EmpireProject/Empire
https://github.com/PowerShellMafia/PowerSploithttps://github.com/PowerShellMafia/PowerSploit
https://github.com/MobSF/Mobile-Security-Framework-MobSFhttps://github.com/MobSF/Mobile-Security-Framework-MobSF
https://github.com/BugScanTeam/DNSLoghttps://github.com/BugScanTeam/DNSLog
An advanced memory forensics frameworkhttps://github.com/volatilityfoundation/volatility
https://github.com/beefproject/beefhttps://github.com/beefproject/beef
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#vulnerability
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#xxe
https://www.w3.org/TR/REC-xml/#sec-prolog-dtdhttps://www.w3.org/TR/REC-xml/#sec-prolog-dtd
https://www.vsecurity.com//download/publications/XMLDTDEntityAttacks.pdfhttps://www.vsecurity.com//download/publications/XMLDTDEntityAttacks.pdf
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.mdhttps://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processinghttps://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
https://github.com/BuffaloWill/oxml_xxehttps://github.com/BuffaloWill/oxml_xxe
https://github.com/enjoiz/XXEinjectorhttps://github.com/enjoiz/XXEinjector
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#ssrf
https://github.com/swisskyrepo/SSRFmaphttps://github.com/swisskyrepo/SSRFmap
https://github.com/samhaxr/XXRF-Shotshttps://github.com/samhaxr/XXRF-Shots
https://github.com/cujanovic/SSRF-Testinghttps://github.com/cujanovic/SSRF-Testing
https://github.com/tarunkant/Gopherushttps://github.com/tarunkant/Gopherus
https://github.com/bcoles/ssrf_proxyhttps://github.com/bcoles/ssrf_proxy
https://github.com/dreadlocked/SSRFmaphttps://github.com/dreadlocked/SSRFmap
http://blog.safebuff.com/2016/07/03/SSRF-Tips/http://blog.safebuff.com/2016/07/03/SSRF-Tips/
http://ceye.io/http://ceye.io/
SSRF bible. Cheatsheethttps://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit
https://github.com/jayeshchauhan/SKANDAhttps://github.com/jayeshchauhan/SKANDA
从 SSRF 到最终获取 AWS S3 Bucket 访问权限的实际案例https://medium.com/@logicbomb_1/chain-of-hacks-leading-to-database-compromise-b2bc2b883915
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#xss
ws-na.amazon-adsystem.com(Amazon) 反射型 XSS 漏洞披露https://medium.com/@newp_th/reflected-xss-on-ws-na-amazon-adsystem-com-amazon-f1e55f1d24c
浏览器 XSS Filter 绕过速查表 https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet
CentOS Web Panel 0.9.8.763 存储型 XSS 漏洞披露(CVE-2019-7646https://www.exploit-db.com/exploits/46349
Browser's XSS Filter Bypass Cheat Sheethttps://github.com/masatokinugawa/filterbypass
https://github.com/s0md3v/XSStrikehttps://github.com/s0md3v/XSStrike
https://github.com/evilcos/xssor2https://github.com/evilcos/xssor2
Microsoft Office 365 Outlook 的两个 XSS 漏洞披露https://leucosite.com/Microsoft-Office-365-Outlook-XSS/
漏洞赏金私人项目中的 XSS 及 RCE 漏洞实例https://zetc0de.github.io/bugbounty/2019/02/14/RCE-and-XSS-on-Private-Program-Cyber-Army.html
Video Downloader and Video Downloader Plus Chrome Extension Hijack Exploit - UXSS via CSP Bypass (~15.5 Million Affected)https://thehackerblog.com/video-download-uxss-exploit-detailed/
Gitlab Markdown 存储型 XSS 漏洞详情披露:https://gitlab.com/gitlab-org/gitlab-ce/issues/54427
实用的DOM XSS入门手册https://public-firing-range.appspot.com/urldom/index.html
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#shooting
https://github.com/vulhub/vulhubhttps://github.com/vulhub/vulhub
https://github.com/Medicean/VulAppshttps://github.com/Medicean/VulApps
https://github.com/davevs/dvxtehttps://github.com/davevs/dvxte
https://github.com/MyKings/docker-vulnerability-environmenthttps://github.com/MyKings/docker-vulnerability-environment
https://github.com/payatu/diva-androidhttps://github.com/payatu/diva-android
https://github.com/snoopysecurity/dvwshttps://github.com/snoopysecurity/dvws
https://github.com/s4n7h0/xvwahttps://github.com/s4n7h0/xvwa
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#buffer-overflow
https://0xrick.github.io/binary-exploitation/bof2/https://0xrick.github.io/binary-exploitation/bof2/
https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#other-1
A list of interesting payloads, tips and tricks for bug bounty hunters.https://github.com/EdOverflow/bugbounty-cheatsheet
some learning notes about Web/Cloud/Docker Security、 Penetration Test、 Security Buildinghttps://github.com/JnuSimba/MiscSecNotes
Command Injection Payload Listhttps://github.com/ismailtasdelen/command-injection-payload-list
NSE script based on Vulners.com APIhttps://github.com/vulnersCom/nmap-vulners
Named vulnerabilities and their practical impacthttps://github.com/hannob/vulns
https://github.com/Hacker0x01/hacker101https://github.com/Hacker0x01/hacker101
https://github.com/ctf-wiki/ctf-wikihttps://github.com/ctf-wiki/ctf-wiki
https://github.com/SecWiki/sec-charthttps://github.com/SecWiki/sec-chart
各种安全相关思维导图整理收集https://github.com/phith0n/Mind-Map
https://github.com/OWASP/Top10https://github.com/OWASP/Top10
https://github.com/SuperKieran/WooyunDropshttps://github.com/SuperKieran/WooyunDrops
1000个PHP代码审计案例(2016.7以前乌云公开漏洞)https://github.com/Xyntax/1000php
https://github.com/trustedsec/ptfhttps://github.com/trustedsec/ptf
https://github.com/evilcos/papershttps://github.com/evilcos/papers
checklist https://patch-diff.githubusercontent.com/topics/checklist
apt https://patch-diff.githubusercontent.com/topics/apt
fuzzing https://patch-diff.githubusercontent.com/topics/fuzzing
awesome-list https://patch-diff.githubusercontent.com/topics/awesome-list
pager https://patch-diff.githubusercontent.com/topics/pager
pentesting https://patch-diff.githubusercontent.com/topics/pentesting
web-security-research https://patch-diff.githubusercontent.com/topics/web-security-research
security-tutorial https://patch-diff.githubusercontent.com/topics/security-tutorial
Readme https://patch-diff.githubusercontent.com/MyKings/security-study-tutorial#readme-ov-file
Please reload this pagehttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial
Activityhttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/activity
90 starshttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/stargazers
7 watchinghttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/watchers
33 forkshttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/forks
Report repository https://patch-diff.githubusercontent.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2FMyKings%2Fsecurity-study-tutorial&report=MyKings+%28user%29
Releaseshttps://patch-diff.githubusercontent.com/MyKings/security-study-tutorial/releases
Packages 0https://patch-diff.githubusercontent.com/users/MyKings/packages?repo_name=security-study-tutorial
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.