security-study-tutorial
Summary of online learning materials
Awesome
- https://github.com/vinta/awesome-python
- https://github.com/Hack-with-Github/Awesome-Hacking
- https://github.com/hslatman/awesome-threat-intelligence
- https://github.com/bayandin/awesome-awesomeness
- https://github.com/enaqx/awesome-pentest
- https://github.com/carpedm20/awesome-hacking
- https://github.com/sbilly/awesome-security
- https://github.com/ashishb/android-security-awesome
- https://github.com/paragonie/awesome-appsec
- https://github.com/PaulSec/awesome-sec-talks
- https://github.com/meirwah/awesome-incident-response
- https://github.com/secfigo/Awesome-Fuzzing
- https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
- https://github.com/s0md3v/AwesomeXSS
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/djadmin/awesome-bug-bounty
- https://github.com/toniblyx/my-arsenal-of-aws-security-tools
- https://github.com/jaredthecoder/awesome-vehicle-security
- https://github.com/joe-shenouda/awesome-cyber-skills
- https://github.com/nebgnahz/awesome-iot-hacks
- https://github.com/jonathandion/awesome-emails
- https://github.com/FabioBaroni/awesome-exploit-development
- https://github.com/Escapingbug/awesome-browser-exploit
- https://github.com/snoopysecurity/awesome-burp-extensions
- https://github.com/Hack-with-Github/Awesome-Security-Gists
- https://github.com/InQuest/awesome-yara
- https://github.com/dhaval17/awsome-security-write-ups-and-POCs
Checklist
- https://github.com/b-mueller/android_app_security_checklist
- https://github.com/shieldfy/API-Security-Checklist
- https://github.com/SecarmaLabs/IoTChecklist
- https://github.com/netbiosX/Checklists
- https://github.com/brunofacca/zen-rails-security-checklist
- https://github.com/privacyradius/gdpr-checklist
Developer
- Security Guide for Developers
- https://github.com/ExpLife0011/awesome-windows-kernel-security-development
- https://github.com/jaywcjlove/awesome-mac
- 分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴
- https://github.com/riusksk/secbook
- https://github.com/bayandin/awesome-awesomeness
- 常用服务器、数据库、中间件安全配置基线
- https://github.com/NB-STAR/Security-Operation
- https://github.com/EbookFoundation/free-programming-books
- Machine Learning Crash Course
- https://github.com/yosriady/api-development-tools
Pentest
- Payloads All The Things
- 1 – INTRODUCTION TO CYBER SECURITY
- 2 – PASSIVE INFORMATION GATHERING(OSINT)
- 3 – ACTIVE INFORMATION GATHERING
- 4 – VULNERABILITY DETECTION
- 5 – EXPLOITATION
- https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
- OSINT Resources for 2019
- CheatSheetSeries
- Whitepaper: HTTP Security Headers and How They Work
- webkit-bugmap
- Webkit Exploitation Tutorial
- A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more.
- https://github.com/danielmiessler/SecLists
- CVE Details
- A collected list of awesome security talks
- Curated list of public penetration test reports released by several consulting firms and academic security groups
- Web-Security-Learning
- PENTEST-WIKI is a free online security knowledge library for pentesters / researchers
- Official Black Hat Arsenal Security Tools Repository
- Penetration Testing / OSCP Biggest Reference Bank / Cheatsheet
- Proof-of-concept codes created as part of security research done by Google Security Team.
- Security Research from the Microsoft Security Response Center (MSRC)
- Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.
- https://github.com/Micropoor/Micro8
- RedTeam资料收集整理
- Great security list for fun and profit
- https://github.com/ztgrace/red_team_telemetry
- Penetration tests cases, resources and guidelines.
- Attack and defend active directory using modern post exploitation adversary tradecraft activity
- https://github.com/tiancode/learn-hacking
- https://github.com/rewardone/OSCPRepo
- https://github.com/redcanaryco/atomic-red-team
- HTA encryption tool for RedTeams
- https://github.com/infosecn1nja/Red-Teaming-Toolkit
- Red Team Field Manual
- The Shadow Brokers "Lost In Translation" leak
- Decrypted content of eqgrp-auction-file.tar.xz
- https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- https://github.com/Ridter/Intranet_Penetration_Tips
- 渗透测试、红队攻击、网络安全资源大集合
- Awesome Cybersecurity Blue Team - 蓝队防御相关的工具、文章资料收集
Mobile Application Security
Malware
- Bypass EDR’s memory protection, introduction to hooking
- Analyzing the Windows LNK file attack method
- 委内瑞拉关于人道主义援助运动的伪造域名钓鱼活动分析
- 对 Lazarus 下载者的简要分析
- Various public documents, whitepapers and articles about APT campaigns
- Personal compilation of APT malware from whitepaper releases, documents and own research
- Malware Capture Facility Project
- https://github.com/rootm0s/Injectors
- https://github.com/rshipp/awesome-malware-analysis
- 对 Chrome 恶意扩展应用的研究
- 分析 Gootkit 银行木马
- 二进制分析研究会议 BAR 2019 资源发布
- GLOBAL ATM MALWARE WALL
- Feed RSS with the latest samples:
- https://maskop9.tech/index.php/2019/01/30/analysis-of-netwiredrc-trojan/
- Slackor - Go 语言写的一个 C&C 服务器,基于 Slack
- 卡巴斯基对影响全球多个地区的 Riltok 手机银行木马的分析
- Metamorfo 银行木马利用 Avast 反病毒软件的可执行文件隐藏自己
- 列举了近些年知名的 APT 组织名单
- 腾讯安全御见发布《APT 2019年上半年研究报告》
- LNK 快捷方式文件在恶意代码攻击方面的应用
- 针对以色列某未知 APT 恶意样本的分析报告
- 此文作者分析恶意软件Malware过程系列
- [NSA 发了一份对俄罗斯 Turla APT 组织的分析文档(https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_TURLA_20191021%20VER%203%20-%20COPY.PDF)
Fuzzing
- (Guided-)fuzzing for JavaScript engines
- What the Fuzz
- OSS-Fuzz - continuous fuzzing of open source software
- Scalable fuzzing infrastructure.
- DOM fuzzer
- https://github.com/wmliang/pe-afl
- Web application fuzzer
- https://github.com/fuzzdb-project/fuzzdb
- NSA finest tool
- https://github.com/bin2415/fuzzing_paper
- Potentially dangerous files
- Fuzzing Browsers
- This module provides a Python wrapper for interacting with fuzzers, such as AFL
- 从零开始用honggfuzz fuzz VLC的全过程分享
- [Fuzzing] [PDF] https://www.dimva2019.org/wp-content/uploads/sites/31/2019/06/190620-DIMVA-keynote-FP.pdf:
- RetroWrite: 让闭源binary支持AFL和ASAN的Binary rewriting 工具
- MOPT:对fuzzer变异策略的选择分布进行优化的工作,paper发表在Usenix Security‘19
- 用AFL-Unicorn来fuzz内核,集合了afl的覆盖率和unicorn的局部模拟执行
- JANUS:将AFL和Syzkaller结合在一起fuzz文件系统的工作
- Mozilla的浏览器fuzz框架,类似于Google的clusterfuzz
- 利用 AFL Fuzz statzone DNS Zone Parsers
- 基于AFL对Linux内核模糊测试的过程详述
- 作者发现CVE-2019-13504, CVE-2019-13503的过程,同时强调了在软件开发周期集成libFuzzer对API进行fuzz的重要性
- FUDGE:一个自动化生成Fuzz Driver的工作,核心思路是通过分析lib在软件中的正常调用情况来生成Fuzz Driver,部分Fuzz Driver已经加入到OSS-Fuzz项目中
- Adobe Font Development Kit for OpenType 套件相关的漏洞分析
- 复旦白泽战队对《Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations》 Paper 的解读
- Linux 内核 Fuzz 的入门教程
- 现有USB Fuzzing技术的总结
- 从源码层面对 Google honggfuzz Fuzz 原理的分析
- lain - 微软这两天开源了一个 Rust 语言写的 Fuzz 框架
- Fuzz闭源PDF阅读器时如何判断文件渲染结束以便关闭软件以及如何精简种子文件的一些方法
- 之前推过AFL-Unicorn项目可以让AFL fuzz能用Unicorn模拟的闭源binary,这个uniFuzzer项目很类似,是要把libfuzzer应用在闭源binary上
- 用AFL Fuzz OP-TEE的系统调用
- 平安科技银河安全实验室基于Unicorn和LibFuzzer实现了一个针对闭源可执行文件的fuzzer。借助Unicorn在x86架构上模拟执行arm指令,并通过Unicorn能hook基本块的功能获取代码覆盖率,从而反馈给libfuzzer实现对目标函数的fuzz。优势在于可以借助Unicorn在x86架构上fuzz闭源的可执行文件。缺点在于要针对目标架构和系统进行各种外部库、系统调用的适配,因此不太适合大型的目标。根据文章看来,其思路也是针对iot设备上的可执行文件进行fuzz。文章最后还开源概念验证代码。
- nccgroup团队基于Sulley构造的一个对网络协议进行模糊测试的工具。
- 使用苹果自带的LLDB Script fuzz macOS系统内核 – R3dF09
- 波鸿鲁尔大学关于如何在二进制程序中对抗 Fuzz 自动化发现漏洞的研究
- Fortinet 如何利用 Fuzz 的方法发现 Office Embedded Open Type (EOT) 的漏洞
- 湾区一个关于Fuzzing的workshop的分享内容,三个议题涵盖了c/c++,web应用等不同目标的Fuzzing技巧
- 用WinAFL Fuzz Windows Binary的实践分享,新颖之处是作者利用了内存访问的热图来精简输入种子大小
- Google 建了一个 Fuzzing Repo,用来放 Fuzzing 相关的文档、教程等资源
- lokihardt 在 jsc 编译器中 fuzz 出来的新漏洞
- 伦敦帝国学院研究团队通过 Fuzzing 方式对编译器 Bug 的研究报告
- 针对 Java 语言的基于覆盖率的 Fuzz 框架
- Fragscapy - 通过协议 Fuzz 的方法探测 IDS/防火墙检测规则的漏洞
- gramfuzz - 通过定义语法规则生成 Fuzz 测试样本数据的工具
- Fuzz中一个常见问题是Checksum或者Magic Value,以前的方法大多是通过符号执行的方法去求解约束,但这样的方法比较复杂。Redqueen这篇文章提出了一种更为简单的思路,即基于VMI来获取比较指令或者函数调用指令的参数,用这个参数来指导变异。具体实现依赖Intel PT。
- Jsfuzz: coverage-guided fuzz testing for Javascript
- Dhiraj Mishra 在 PHDays9 会议 AFL Fuzz Workshop 的 PPT
- Fuzz 方向的几篇 Paper 的解读
- 基于 Frida 实现的 In-Memory Android API Fuzzer
Browser
- An updated collection of resources targeting browser-exploitation.
- A collection of JavaScript engine CVEs with PoCs
- JavaScript engine fundamentals: the good, the bad, and the ugly
- Bypassing Chrome’s CSP with Link Preloading
- Triaging the exploitability of IE/EDGE crashes
- Firefox 发布 68 版本,修复 21 个漏洞
- Chrome 更新 76.0.3809.87 版本,修复 43 个安全漏洞
- 一个 Edge UXSS 漏洞分析
Deep Net
- All You Need to Know About Deep Learning - A kick-starter
- OnionScan is a free and open source tool for investigating the Dark Web.
Operating System
- https://github.com/drduh/macOS-Security-and-Privacy-Guide
- How-To-Secure-A-Linux-Server
- A practical guide to advanced Linux security in production environments
- https://www.itsecdb.com/
- Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
- some learning notes about Linux Security
- API samples for the Universal Windows Platform.
- Set of tools to analyze and attack Windows sandboxes.
- https://github.com/trimstray/test-your-sysadmin-skills
- https://github.com/wstart/DB_BaseLine
- Windows memory hacking library
- https://github.com/j00ru/windows-syscalls
- https://github.com/zodiacon/WindowsInternals
- https://github.com/GDSSecurity/Windows-Exploit-Suggester
- https://github.com/EasyHook/EasyHook
- Bypass Windows Exploit Guard ASR (PPT)
- Windows 中一些启动相关的注册表项介绍
Blockchain
- Knowledge Base 慢雾安全团队知识库
- SlowMist Vulnerability Research Advisories
- https://github.com/knownsec/Ethereum-Smart-Contracts-Security-CheckList
- https://github.com/bcosorg/whitepaper/blob/master/BCOS_Whitepaper.md
- https://github.com/1522402210/BlockChain-Security-List
- https://github.com/liuchengxu/blockchain-tutorial
- https://github.com/dvf/blockchain
Security conference
- 2019 Pass the SALT 会议的大部分议题 PPT 公开了
- RuhrSec 2019 会议的视频公开了
- 学术届 ACM ASIACCS 2019 会议的议题 PPT 都公开了
- 即将举办的 Black Hat USA 2019 大会值得关注的七大热点网络安全趋势
- lack Hat USA 2019 会议上,微软宣布对于可以成功利用的 Azure 平台的 Exploit,微软最多可以奖励 30 万美金
- Nicolas Joly 在 BlackHat USA 2019 对 Outlook/Exchange 漏洞及利用的总结
- 研究员 Maor Shwartz 在 BlackHat USA 2019 会议上对 0Day 市场买卖交易双方的介绍
- 5G 通信网络的新漏洞,来自 BlackHat USA 2019
- 腾讯安全Blade Team在blackhat usa 2019 上关于利用WiFi漏洞RCE的细节公开了。 – freener0
- 来自 DEF CON 27 会议上针对 MikroTik RouterOS 系统的漏洞利用研究
- BSides Canberra 2019 会议议题 “iOS 越狱需要什么?Hacking the iPhone: 2014 - 2019” 的视频
- 来自 Kcon 2019 360 安全研究员的议题《如何去挖掘物联网环境中的高级恶意软件威胁》
- KCon 2019 安全会议的议题 PPT 可以下载了
- HITB GSEC 2019 会议议题的 PPT 都公开了
- DerbyCon 会议 NCC Group 研究员关于 COM Hijacking 的议题
- R2CON 2019 会议的议题 PPT 公开了
- Derbycon 2019 会议的视频上线了
- Black Hat Europe 2019 会议议题列表(部分)公开了
- OSDFCon19 会议关于 Linux 操作系统取证分析的议题 PPT
Tools
SSH
- https://github.com/ncsa/ssh-auditor
- https://github.com/r3vn/punk.py
- https://github.com/mthbernardes/sshLooter
- https://github.com/ropnop/windows_sshagent_extract
- https://github.com/arthepsy/ssh-audit
- https://github.com/mozilla/ssh_scan
- https://github.com/govolution/betterdefaultpasslist/blob/master/ssh.txt
- https://hackertarget.com/ssh-examples-tunnels/
DNS
- In-depth DNS Enumeration and Network Mapping
- A DNS rebinding attack framework.
- Knock Subdomain Scan
- https://github.com/iphelix/dnschef
Exploiter
- https://github.com/offensive-security/exploitdb
- Automated Mass Exploiter
- Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.
- A bunch of links related to VMware escape exploits
- This contains common local exploits and enumeration scripts
- Windows Exploits
- windows-kernel-exploits Windows平台提权漏洞集合
- MS17-010
- https://github.com/akayn/PostExploits
- https://github.com/smgorelik/Windows-RCE-exploits
- A Course on Intermediate Level Linux Exploitation
- https://github.com/Semmle/SecurityExploits
- https://github.com/lukechilds/reverse-shell
- https://github.com/klsfct/getshell
- https://github.com/rootm0s/WinPwnage
- https://github.com/51x/WHP
- https://github.com/SecWiki/linux-kernel-exploits
- https://github.com/hardenedlinux/linux-exploit-development-tutorial
- https://github.com/Coalfire-Research/java-deserialization-exploits
OSINT
- People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- Email OSINT and password breach hunting.
- Maintained collection of OSINT related resources. (All Free & Actionable)
- Incredibly fast crawler designed for OSINT.
- OSINT Framework
- https://github.com/Moham3dRiahi/Th3inspector
- https://github.com/jivoi/awesome-osint
Wordlist
- https://github.com/RicterZ/genpAss
- https://github.com/lavalamp-/password-lists
- https://github.com/LandGrey/pydictor
- https://github.com/bit4woo/passmaker
- https://github.com/brannondorsey/PassGAN
Git
- Reconnaissance tool for GitHub organizations
- GitHub Sensitive Information Leakage Monitor Spider
- Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- GitHub Sensitive Information Leakage
Burpsuite
IoT
- http://va.ler.io/myfiles/dva/iot-rev-engineering.pdf
- https://github.com/jaredthecoder/awesome-vehicle-security
- https://github.com/V33RU/IoTSecurity101
- https://github.com/schutzwerk/CANalyzat0r
- https://github.com/w3h/icsmaster
- https://github.com/xl7dev/ICSecurity
- https://github.com/SecarmaLabs/IoTChecklist
- https://github.com/mrmtwoj/0day-mikrotik
- https://github.com/jiayy/android_vuln_poc-exp
- https://github.com/advanced-threat-research/firmware-security-training
- Exploitation Framework for Embedded Devices
- Printer Exploitation Toolkit
- 作者分析了一款IoT路由的安全性,从web到硬件进行了全面的漏洞挖掘和分析,值得一看
- 针对Arlo相机设备功能及安全性的一次深入分析
- 研究人员在 Orvibo 智能家居产品的开放数据库中发现了用户的用户名、密码、精确位置等隐私数据
- 嵌入式与 IoT 安全方向的资料
- Cyber-ITL 对来自 22 个厂商的近 5000 个版本的 IoT 固件的分析报告
- 入门教程-如何探索网络摄像的漏洞(固件)
Traffic
Honey
- https://github.com/paralax/awesome-honeypots
- https://github.com/ppacher/honeyssh
- Kippo - SSH Honeypot
- https://github.com/ysrc/yulong-hids
Hunter
- https://github.com/SpiderLabs/Responder
- https://github.com/Tencent/HaboMalHunter
- https://github.com/sapphirex00/Threat-Hunting
- https://github.com/kbandla/APTnotes
- https://github.com/aptnotes/data
- APT & CyberCriminal Campaign Collection
- Modlishka. Reverse Proxy. Phishing NG.
- A toolset to make a system look as if it was the victim of an APT attack
- https://github.com/bit4woo/domain_hunter
- https://github.com/mvelazc0/Oriana
- An informational repo about hunting for adversaries in your IT environment.
- The Hunting ELK
- https://github.com/dafthack/MailSniper
- https://github.com/threatexpress/domainhunter
- https://github.com/A3sal0n/CyberThreatHunting
- https://github.com/Cyb3rWard0g/ThreatHunter-Playbook
Scanner
- Web Application Security Scanner Framework
- Web path scanner
- Fast and powerful SSL/TLS server scanning library.
- Next generation web scanner
- A high performance offensive security tool for reconnaissance and vulnerability scanning
- Docker security analysis & hacking tools
- AIL framework - Analysis Information Leak framework
- Network Security Vulnerability Scanner
- A fast and modular scanner for Tor exit relays.
- OpenVAS remote network security scanner
- Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
- Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
- 分布式web漏洞扫描
- Golang编写的开源POC检测框架
- Weak password blasting of weak ports and integrated detection tools for unauthorized access.
- DeepSearch - Advanced Web Dir Scanner
- Nmap Web Dashboard and Reporting
- Fast CORS misconfiguration vulnerabilities scanner
- Web App Monitor
- https://github.com/joaomatosf/jexboss
- Automated pentest framework for offensive security experts
- https://github.com/ysrc/xunfeng
Phisher
- https://github.com/wifiphisher/wifiphisher
- Swordphish Phishing Awareness Tool
- Ruby on Rails Phishing Framework
- https://github.com/ryhanson/phishery
- https://github.com/vishnudxb/docker-blackeye
RAT
- Android Remote Administration Tool
- Hardware backdoors in some x86 CPUs
- https://github.com/sincoder/gh0st
- Koadic C3 COM Command & Control - JScript RAT
- iOS/macOS/Linux Remote Administration Tool
- https://github.com/secretsquirrel/the-backdoor-factory
- (Windows, Linux, OSX, Android) remote administration and post-exploitation tool
- Python Remote Administration Tool (RAT)
- https://github.com/jgamblin/Mirai-Source-Code
Wordlist
- https://github.com/jeanphorn/wordlist
- https://github.com/We5ter/Scanners-Box
- https://github.com/berzerk0/Probable-Wordlists
Proxy
- https://github.com/realgam3/pymultitor
- https://github.com/stamparm/fetch-some-proxies
- https://github.com/fate0/proxylist
- http://www.cnproxy.com/proxy1.html
- https://www.cool-proxy.net/proxies/http_proxy_list/sort:score/direction:desc
- https://free-proxy-list.net/
- https://proxy-list.org/english/index.php
- http://comp0.ru/downloads/proxylist.txt
- http://www.proxylists.net/http_highanon.txt
- http://www.proxylists.net/http.txt
- http://ab57.ru/downloads/proxylist.txt
- https://www.rmccurdy.com/scripts/proxy/good.txt
Other
- https://github.com/meirwah/awesome-incident-response
- A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
- Official Black Hat Arsenal Security Tools Repository
- List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
- Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.
- Open-Source Security Architecture
- Golang安全资源合集
- PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
- https://github.com/luyg24/IT_security
- Find open databases with Shodan
- https://github.com/Truneski/external_c2_framework
- https://github.com/nshalabi/ATTACK-Tools
- https://github.com/byt3bl33d3r/SprayingToolkit
- https://github.com/threatexpress/malleable-c2
- https://github.com/rsmudge/Malleable-C2-Profiles
- Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.
- https://github.com/EmpireProject/Empire
- https://github.com/PowerShellMafia/PowerSploit
- https://github.com/MobSF/Mobile-Security-Framework-MobSF
- https://github.com/BugScanTeam/DNSLog
- An advanced memory forensics framework
- https://github.com/beefproject/beef
Vulnerability
XXE
- https://www.w3.org/TR/REC-xml/#sec-prolog-dtd
- https://www.vsecurity.com//download/publications/XMLDTDEntityAttacks.pdf
- https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md
- https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
- https://github.com/BuffaloWill/oxml_xxe
- https://github.com/enjoiz/XXEinjector
SSRF
- https://github.com/swisskyrepo/SSRFmap
- https://github.com/samhaxr/XXRF-Shots
- https://github.com/cujanovic/SSRF-Testing
- https://github.com/tarunkant/Gopherus
- https://github.com/bcoles/ssrf_proxy
- https://github.com/dreadlocked/SSRFmap
- http://blog.safebuff.com/2016/07/03/SSRF-Tips/
- http://ceye.io/
- SSRF bible. Cheatsheet
- https://github.com/jayeshchauhan/SKANDA
- 从 SSRF 到最终获取 AWS S3 Bucket 访问权限的实际案例
XSS
- ws-na.amazon-adsystem.com(Amazon) 反射型 XSS 漏洞披露
- 浏览器 XSS Filter 绕过速查表
- CentOS Web Panel 0.9.8.763 存储型 XSS 漏洞披露(CVE-2019-7646
- Browser's XSS Filter Bypass Cheat Sheet
- https://github.com/s0md3v/XSStrike
- https://github.com/evilcos/xssor2
- Microsoft Office 365 Outlook 的两个 XSS 漏洞披露
- 漏洞赏金私人项目中的 XSS 及 RCE 漏洞实例
- Video Downloader and Video Downloader Plus Chrome Extension Hijack Exploit - UXSS via CSP Bypass (~15.5 Million Affected)
- Gitlab Markdown 存储型 XSS 漏洞详情披露:
- 实用的DOM XSS入门手册
Shooting
- https://github.com/vulhub/vulhub
- https://github.com/Medicean/VulApps
- https://github.com/davevs/dvxte
- https://github.com/MyKings/docker-vulnerability-environment
- https://github.com/payatu/diva-android
- https://github.com/snoopysecurity/dvws
- https://github.com/s4n7h0/xvwa
Buffer Overflow
Other
- A list of interesting payloads, tips and tricks for bug bounty hunters.
- some learning notes about Web/Cloud/Docker Security、 Penetration Test、 Security Building
- Command Injection Payload List
- NSE script based on Vulners.com API
- Named vulnerabilities and their practical impact
- https://github.com/Hacker0x01/hacker101
- https://github.com/ctf-wiki/ctf-wiki
- https://github.com/SecWiki/sec-chart
- 各种安全相关思维导图整理收集
- https://github.com/OWASP/Top10
- https://github.com/SuperKieran/WooyunDrops
- 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
- https://github.com/trustedsec/ptf
- https://github.com/evilcos/papers