## sectoolset -- Github安全相关工具集合 ## 主要内容： [0x00 漏洞利用实战练习&CTF安全竞赛](Practice_CTF.md) [0x01 安全扫描器](Scanner.md) [0x02 安全防守](Defence.md) [0x03 渗透测试](PenetrationTest.md) [0x04 漏洞库及利用工具（POC，EXP)](ProofofConcept_Exploit.md) [0x05 二进制及代码分析工具](BinaryAnalysis.md) [0x06 威胁情报&蜜罐](ThreatIntelligence_Honey.md) [0x07 安全文档资料](SecurityDoucument.md) [0x11 所有内容](All.md) ## 乌云镜像 [乌云镜像，已挂](http://wooyun.webbaozi.com) [乌云镜像,已挂](http://wy.hx99.net/) ## 近期安全热点 [Text4Shell：Apache Commons Text任意执行漏洞CVE-2022-42889](https://www.docker.com/blog/security-advisory-cve-2022-42889-text4shell/) [zlib安全漏洞CVE-2022-37434，影响面广，但是只有调用inflateGetHeader的应用程序会受到影响](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) [Hertzbleed 侧信道攻击频率侧信道,影响所有厂商CPU CVE-2022-23823 和 CVE-2022-24436 ](https://www.hertzbleed.com/) [Srpingshell危险漏洞 CVE-2022-22965 CVSS 9.8 ](https://blog.sonatype.com/new-0-day-spring-framework-vulnerability-confirmed) [Linux系统Snap-confine功能中发现多个漏洞CVE-2021-44731等](https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt) [Linux kernel内核 TIPC协议漏洞 CVE-2022-0435](https://access.redhat.com/security/cve/CVE-2022-0435) [Linux Polkit权限提升漏洞（CVE-2021-4034）](http://blog.nsfocus.net/linux-polkit-cve-2021-4034/) [2021十大安全技术 Top 10 web hacking techniques of 2021](https://portswigger.net/research/top-10-web-hacking-techniques-of-2021) [新的跨平台后门SysJoker分析](https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/) [CISA Log4j(CVE-2021-44228)漏洞指导，包括详尽的受影响软件列表](https://github.com/cisagov/log4j-affected-db) [CISA已知可被利用漏洞目录](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) [通过MySQL中的科学记数法bug透过使AWS WAF进行SQL注入攻击](https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/) [NSA：量子计算和后量子加密算法FAQ](https://media.defense.gov/2021/Aug/04/2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF) [BlackHat 2021和DEF CON 2021会议的顶级HACK议题](https://portswigger.net/daily-swig/top-hacks-from-black-hat-and-def-con-2021) [NSA K8S加固指南(PDF)](https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF) [CISA年度最易被利用的漏洞](https://us-cert.cisa.gov/ncas/alerts/aa21-209a) [Linux内核安全现状2020](https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf) [Nginx暴DNS解析器Off-by-One堆写入高危漏洞CVE-2021-23017](https://www.freebuf.com/vuls/274503.html) [Openssl高版本（1.1.1d以上）爆高危漏洞 CVE-2021-3450，可导致Ddos攻击](https://www.openssl.org/news/secadv/20210325.txt) [linux内核scsi_transport_iscsi潜伏15年的漏洞（CVE-2021-27363 CVE-2021-27364 CVE-2021-27365），可以本地提权](https://www.bleepingcomputer.com/news/security/15-year-old-linux-kernel-bugs-let-attackers-gain-root-privileges/) [Git远程执行漏洞 CVE-2021-21300](https://www.openwall.com/lists/oss-security/2021/03/09/3) [Microsoft Exchange Server 0day攻击](https://www.toutiao.com/a6935327174329172519/) [GRUB2SecureBootBypass2021](https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021) [Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities CVE-2021-25274 CVE-2021-25275 CVE-2021-25276](https://www.toutiao.com/a6922256117624259076/) [Sudo严重堆溢出漏洞 CVE-2021-3156](https://www.toutiao.com/a6922256117624259076/) [Microsoft 365 Defender研究团队和威胁情报中心（MSTIC）的SolarWinds攻击分析文章](https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/) [安全论文：《Measuring and Preventing Supply Chain Attacks on Package Managers》](https://arxiv.org/pdf/2002.01139.pdf) [Ubuntu提权漏洞，利用gdm3-accountsservice-LPE](https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE) [Nmap 7.9发布，更新Npcap，大量指纹更新](https://seclists.org/nmap-announce/2020/1) [五眼联盟国家网络安全技术指导书](https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf) [2018 Blackhat 工具集](BlackHat2018.md) [Meltdown & Spectre](Meltdown_Spectre.md) ## License Licensed under [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0.html).