From 46f49bf363862f5363ab1534f259b614a0eecb7b Mon Sep 17 00:00:00 2001 From: chenjiajia Date: Thu, 11 Jul 2024 21:10:47 +0000 Subject: [PATCH] Robot Updated at:11 Jul 2024 21:10:47 GMT --- docs/awesome/awesome-agi-cocosci.md | 2 +- docs/awesome/awesome-algorand.md | 2 +- docs/awesome/awesome-angular.md | 1 + .../awesome-browser-extensions-for-github.md | 34 ++--- docs/awesome/awesome-geojson.md | 1 + docs/awesome/awesome-java.md | 2 +- docs/awesome/awesome-malware-persistence.md | 122 +++++++++--------- docs/awesome/awesome-mysql.md | 1 + docs/awesome/awesome-password-cracking.md | 3 +- docs/awesome/awesome-python-typing.md | 2 +- docs/awesome/awesome-rust.md | 2 +- 11 files changed, 89 insertions(+), 83 deletions(-) diff --git a/docs/awesome/awesome-agi-cocosci.md b/docs/awesome/awesome-agi-cocosci.md index 53073de09e..46dfd0856b 100644 --- a/docs/awesome/awesome-agi-cocosci.md +++ b/docs/awesome/awesome-agi-cocosci.md @@ -427,7 +427,7 @@ organized into intricate patterns that seem to be consistent across individuals. * [The Interactive Evolution of Human Communication Systems](https://onlinelibrary.wiley.com/doi/epdf/10.1111/j.1551-6709.2009.01090.x) - ***Cognitive Science***, 2010. [[All Versions](https://scholar.google.com/scholar?cluster=6689941517686043970)]. Nicolas Fay's original paper on iconicity. -* [Iconicity: From sign to system in human communication and language](https://benjamins.com/catalog/pc.22.2.05fay) - ***Pragmatics & Cognition***, 2014. [[All Versions](https://scholar.google.com/scholar?cluster=8525760321117094567&hl=en&as_sdt=0,5)]. Nicolas Fay's account on the emergence of iconic language. +* [Iconicity: From sign to system in human communication and language](https://benjamins.com/catalog/pc.22.2.05fay) - ***Pragmatics & Cognition***, 2014. [[All Versions](https://scholar.google.com/scholar?cluster=8525760321117094567)]. This paper explores the role of iconicity in spoken language and other human communication systems. * [The Picture Exchange Communication System](https://journals.sagepub.com/doi/abs/10.1177/108835769400900301) - ***Behavior Modification***, 1994. [[All Versions](https://scholar.google.com/scholar?cluster=18113491434570143349&hl=en&as_sdt=0,5)]. diff --git a/docs/awesome/awesome-algorand.md b/docs/awesome/awesome-algorand.md index 4f579216f2..a166d916a1 100644 --- a/docs/awesome/awesome-algorand.md +++ b/docs/awesome/awesome-algorand.md @@ -45,7 +45,6 @@ Algorand is an open-source, proof of stake blockchain and smart contract computi > ⚠️ Given the [attacks](https://twitter.com/myalgo_/status/1632862464244162560) on MyAlgo wallet users, related sdk has been excluded from the list. - [Pera Wallet](https://github.com/perawallet) - Secure, open source and community driven wallet for both mobile and desktop devices. Maintained by the team behind official Algorand Wallet. -- [AlgoSigner](https://github.com/PureStake/algosigner) - Browser plugin Web Wallet and JS library for signing transactions in the browser. - [Method Wallet](https://methodwallet.app/) - Algorand Wallet you'll love. - [Defly Wallet](https://defly.app/) - Defly is an Algorand wallet with great suit of integrated DeFi features. - [Daffi Wallet](https://www.daffi.me/) - Daffi is a mobile wallet for Algorand with integrated access to Daffi platform. @@ -64,6 +63,7 @@ Algorand is an open-source, proof of stake blockchain and smart contract computi - [Asalytic](https://www.asalytic.app/) - Analyze the Algorand NFT space. - [Dappflow](https://app.dappflow.org/explorer/home) - Algorand Private Network Explorer (supports Sandbox in `localhost`). - [Bitquery](https://explorer.bitquery.io/algorand) - Actionable, insightful blockchain GraphQL APIs for more than 30 blockchains. One of the highlighted features is the ability to query a list of Algorand block proposers. +- [Lora](https://lora.algokit.io/mainnet) - Lora is a powerful visual tool designed to streamline the Algorand local development experience. It acts as both a network explorer and a tool for building and testing your Algorand applications. ## Portfolio Trackers diff --git a/docs/awesome/awesome-angular.md b/docs/awesome/awesome-angular.md index 11c3693cc4..de5910f293 100644 --- a/docs/awesome/awesome-angular.md +++ b/docs/awesome/awesome-angular.md @@ -852,6 +852,7 @@ Angular 7+ Validator, a library handle validation messages easy and automatic. * [spartan](https://github.com/goetzrobin/spartan) - Cutting-edge tools powering Angular full-stack development. * [ngify](https://github.com/ngify/ngify) - Use Angular features outside of Angular. * [ng-vibe](https://github.com/boris-jenicek/ng-vibe) - Designed for Angular 17+, these tools (drawer, dialog, toastify,timer, service-locator) are here to enhance your development process with dynamic and efficient solutions. +* [angular-kit](https://github.com/mikelgo/angular-kit) - A set of powerful Angular tools including pipes, lifecycle hooks, and reactive enhancements. #### Modals diff --git a/docs/awesome/awesome-browser-extensions-for-github.md b/docs/awesome/awesome-browser-extensions-for-github.md index 6a644f2d9a..8ca4df5f1c 100644 --- a/docs/awesome/awesome-browser-extensions-for-github.md +++ b/docs/awesome/awesome-browser-extensions-for-github.md @@ -55,12 +55,12 @@ Installs: 8 | Stars: 463 | Last update: 1 Mar 2021 Displays size of each file, download link and an option of copying file contents directly to clipboard -Installs: 634 | Stars: 2055 | Last update: 3 Jun 2024 +Installs: 636 | Stars: 2055 | Last update: 3 Jun 2024 Easily search GIPHY to add a GIF into any GitHub comment box. -Installs: 507 | Stars: 180 | Last update: 18 Jan 2024 +Installs: 510 | Stars: 180 | Last update: 18 Jan 2024 Find the best GIFs for your awesome pull requests. @@ -70,7 +70,7 @@ Installs: 136 | Stars: 22 | Last update: n/a Quickly browse the history of a file from any git repository. -Installs: 191 | Stars: 13516 | Last update: 13 Oct 2023 +Installs: 192 | Stars: 13517 | Last update: 13 Oct 2023 GitHub provides a page that only shows diffs with a .diff at the end of the URL of the pull request. This browser extension makes it easier to view csv diffs by using daff on that page. @@ -80,7 +80,7 @@ Installs: 34 | Stars: 4 | Last update: n/a Code folding - the ability to selectively hide and display sections of a code - is an invaluable feature in many text editors and IDEs. Now, developers can utilize that same style code-folding while poring over source code on the web in GitHub. Works for any type of indentation- spaces or tabs. -Installs: 111 | Stars: 288 | Last update: 25 Apr 2024 +Installs: 112 | Stars: 289 | Last update: 25 Apr 2024 Set custom tab size for code view on GitHub.com @@ -135,7 +135,7 @@ Installs: 20000 | Stars: 1205 | Last update: n/a Chrome extension to see story points in GitHub projects. -Installs: 15 | Stars: 60 | Last update: 16 Aug 2020 +Installs: 16 | Stars: 60 | Last update: 16 Aug 2020 Generates a pie chart on user profile pages displaying a breakdown of what languages they have used in their repositories. @@ -160,7 +160,7 @@ Installs: 2000 | Stars: 306 | Last update: n/a It can make the sub-directories and files of github repository as zip and download it -Installs: 3514 | Stars: 37 | Last update: 21 Aug 2023 +Installs: 3519 | Stars: 37 | Last update: 21 Aug 2023 Create, save, edit, pin, search and delete filters that you commonly use on the Github Issues and Pull Requests pages. You are able to scope filters to be shown globally (on each repo) or only have them show up on the repo you create them on. Pinning filters is also a feature that this extension allows you to do. So if you have several filters you use daily - you have a way to quickly access them, at the top of your list. @@ -190,7 +190,7 @@ Installs: 10000 | Stars: 3474 | Last update: n/a Browser extension to add git graph to GitHub website. -Installs: 462 | Stars: 3175 | Last update: 1 Jan 2024 +Installs: 464 | Stars: 3181 | Last update: 1 Jan 2024 Chrome extension that adds a button in browser and links this button to a GitHub repository that you will configure, then on any webpage just click this extension button and it will add the given link with the title of the page in that repository. @@ -200,12 +200,12 @@ Installs: 57 | Stars: 235 | Last update: n/a See forks with the most stars under the names of repositories. -Installs: 315 | Stars: 592 | Last update: 30 Mar 2024 +Installs: 314 | Stars: 592 | Last update: 30 Mar 2024 Show Material icons for files/folders in repository file viewer. Display the same icons from vscode-material-icon-theme VSCode extension. -Installs: 801 | Stars: 491 | Last update: 7 Jul 2024 +Installs: 799 | Stars: 491 | Last update: 7 Jul 2024 An extension that creates direct links to imported modules, external or internal, on source code on GitHub. Supports multiple languages, including common ones like Rust, Go, Python and Ruby, but also odd ones like Nim, Haskell, Julia and Elm. @@ -225,7 +225,7 @@ Installs: 65 | Stars: 141 | Last update: 6 Apr 2023 Displays your GitHub notifications unread count. Supports GitHub Enterprise and an option to only show unread count for issues you're participating in. You can click the icon to quickly see your unread notifications. -Installs: 529 | Stars: 1811 | Last update: 24 Apr 2024 +Installs: 532 | Stars: 1811 | Last update: 24 Apr 2024 Filter your pull requests/issues in different categories giving you a big boost in productivity. Also suggests new trending repositories. @@ -235,7 +235,7 @@ Installs: 1 | Stars: 141 | Last update: 16 Jan 2020 OctoLinker is the easiest and best way to navigate between files and projects on GitHub. It supports languages such as JavaScript, Ruby, Go, PHP, JAVA and more. It works with package.json as well as with Gemfiles. -Installs: 12872 | Stars: 5257 | Last update: 13 Nov 2022 +Installs: 12874 | Stars: 5258 | Last update: 13 Nov 2022 OctoPermalinker is a browser extension that searches GitHub comments/files for links to files on branches, and adds a link to where the branch pointed when the comment/file was made/updated. This helps you avoid following a link that was broken after being posted. For context, here's some discussion about broken GitHub links: [Don't link to line numbers in GitHub](https://news.ycombinator.com/item?id=8046710). @@ -252,7 +252,7 @@ Installs: 4000 | Stars: 962 | Last update: n/a Useful for developers who frequently read source in GitHub and do not want to download or checkout too many repositories. -Installs: 37239 | Stars: 22738 | Last update: 9 Jun 2024 +Installs: 37259 | Stars: 22740 | Last update: 9 Jun 2024 Revert GitHub's UI back to its classic look (before the June 23, 2020 update that has a flat, rounded and more whitespaced design). @@ -267,7 +267,7 @@ Installs: 37 | Stars: 70 | Last update: 23 Sep 2023 Helps you keep track of incoming and outgoing PRs, and notifies you when you receive a pull request on GitHub. -Installs: 32 | Stars: 117 | Last update: 21 Jun 2023 +Installs: 33 | Stars: 117 | Last update: 21 Jun 2023 Browser extension that shows which pull requests contain changes related to a file. @@ -277,7 +277,7 @@ Installs: 4 | Stars: 97 | Last update: 15 Oct 2020 Extension that simplifies the GitHub interface and adds useful features. -Installs: 8285 | Stars: 23645 | Last update: 10 Jul 2024 +Installs: 8298 | Stars: 23655 | Last update: 10 Jul 2024 Are they tabs? Are they spaces? How many? Never wonder again! Renders spaces as `·` and tabs as `→` in all the code on GitHub. @@ -298,7 +298,7 @@ The Sourcegraph browser extension gives GitHub IDE-like powers when you're viewi 4. Hover tooltips 5. File tree navigation -Installs: 859 | Stars: 9914 | Last update: 14 Apr 2023 +Installs: 862 | Stars: 9918 | Last update: 14 Apr 2023 Make tab indented code more readable by forcing the tab size to 4 instead of 8. @@ -338,12 +338,12 @@ Installs: 2000 | Stars: 131 | Last update: n/a gitpod streamlines developer workflows by providing ready-to-code development environments in your browser - powered by vs code. -Installs: 2308 | Stars: 142 | Last update: 21 Jun 2024 +Installs: 2323 | Stars: 142 | Last update: 21 Jun 2024 When viewing a repository on github.com that has a package.json file, this extension will introspect the dependencies in package.json and display links and description for each dependency, just below the repo's README. -Installs: 78 | Stars: 753 | Last update: 11 Jun 2024 +Installs: 79 | Stars: 753 | Last update: 11 Jun 2024 Extends GitHub pages with math, diagrams, embedded YouTube videos etc. diff --git a/docs/awesome/awesome-geojson.md b/docs/awesome/awesome-geojson.md index dcac618a4d..a106755659 100644 --- a/docs/awesome/awesome-geojson.md +++ b/docs/awesome/awesome-geojson.md @@ -39,6 +39,7 @@ GeoJSON utilities that will make your life easier. ### editors & viewers +* [play.placemark.io](https://play.placemark.io/): web-based editor, supports many filetype imports & exports, operations * [geojson.io](http://geojson.io/): web-based editor, supports many filetype imports & exports, operations, sharing via GitHub * [umap](http://umap.openstreetmap.fr/en/): web-based editor, supports sharing on-site * [geojson.tools](http://geojson.tools/): web-based editor from HERE XYZ diff --git a/docs/awesome/awesome-java.md b/docs/awesome/awesome-java.md index ed78873f31..8fbe77993c 100644 --- a/docs/awesome/awesome-java.md +++ b/docs/awesome/awesome-java.md @@ -1118,7 +1118,7 @@ _Frameworks that handle the communication between the layers of a web applicatio - [PrimeFaces](https://www.primefaces.org) - JSF framework with both free and commercial/support versions and frontend components. - [Ratpack](https://ratpack.io) - Set of libraries that facilitate fast, efficient, evolvable and well-tested HTTP applications. - [Takes](https://github.com/yegor256/takes) - Opinionated web framework which is built around the concepts of True Object-Oriented Programming and immutability. -- [Vaadin](https://vaadin.com) - Event-driven framework that uses standard web components. Server-side architecture with Ajax on the client side. +- [Vaadin](https://vaadin.com) - Full-stack open-source Java framework that simplifies web app development. Build complex, interactive applications with Java alone, and enhance with TypeScript and React components, without needing deep JavaScript, CSS, or HTML expertise. ### Workflow Orchestration Engines diff --git a/docs/awesome/awesome-malware-persistence.md b/docs/awesome/awesome-malware-persistence.md index f2d94f8a9c..425fc88e92 100644 --- a/docs/awesome/awesome-malware-persistence.md +++ b/docs/awesome/awesome-malware-persistence.md @@ -1,121 +1,125 @@
## Awesome Malware Persistence [![Awesome](https://awesome.re/badge.svg)](https://github.com/sindresorhus/awesome) -> 精选的恶意软件持久性工具和资源列表. +> A curated list of awesome malware persistence tools and resources. -恶意软件持久性包括对手用来在重启、更改凭据和其他可能切断其访问的中断期间保持对系统的访问的技术. 用于持久性的技术包括允许他们在系统上保持立足点的任何访问、操作或配置更改,例如替换或劫持合法代码或添加启动代码. +Malware persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code. -[Main article about malware persistence](https://github.com/Karneades/malware-persistence/blob/master/README.md) 有更多的上下文和信息. +[Main article about malware persistence](https://github.com/Karneades/malware-persistence/blob/master/README.md) with more context and information. ## Techniques -_持久性技术和检测._ +_Persistence techniques and detection._ ### Generic -- [MITRE ATT&CK tactic "TA0003 - Persistence"](https://attack.mitre.org/tactics/TA0003/) - MITRE ATT&CK 战术“TA0003 - 坚持”. -- [forensic artifact repository](https://github.com/ForensicArtifacts/artifacts) - 取证工件存储库涵盖了其工件中的持久性技术. -- [Sigma rules](https://github.com/Neo23x0/sigma/tree/master/rules) - 涵盖持久性技术的 Sigma 规则. 您甚至可以使用诸如“--filter tag=attack.persistence”之类的过滤器,或者专门针对一种技术“tag=attack.t1084”. +* [MITRE ATT&CK tactic "TA0003 - Persistence"](https://attack.mitre.org/tactics/TA0003/) - MITRE ATT&CK tactic "TA0003 - Persistence". +* [forensic artifact repository](https://github.com/ForensicArtifacts/artifacts) - Forensic artifact repository covers persistence techniques in their artifacts. +* [Sigma rules](https://github.com/Neo23x0/sigma/tree/master/rules) - Sigma rules which covers persistence techniques. You can even use filters such as `--filter tag=attack.persistence` or specifically for one technique `tag=attack.t1084`. ### Linux -- [Linux Malware Persistence with Cron](https://www.sandflysecurity.com/blog/linux-malware-persistence-with-cron/) - 关于使用 cron 作业的 linux 持久性的博客文章. -- [Linux Persistence Techniques](https://research.splunk.com/stories/linux_persistence_techniques/) - 持久性技术列表. -- [Linux Red Team Persistence Techniques](https://www.linode.com/docs/guides/linux-red-team-persistence-techniques/) - 持久性技术列表. -- [ebpfkit](https://github.com/Gui774ume/ebpfkit) - 利用 eBPF 的 Rootkit. -- [TripleCross](https://github.com/h3xduck/TripleCross) - 利用 eBPF 的 Rootkit. +* [Linux Malware Persistence with Cron](https://www.sandflysecurity.com/blog/linux-malware-persistence-with-cron/) - Blog post about linux persistence using cron jobs. +* [Linux Persistence Techniques](https://research.splunk.com/stories/linux_persistence_techniques/) - List of persistence techniques. +* [Linux Red Team Persistence Techniques](https://www.linode.com/docs/guides/linux-red-team-persistence-techniques/) - List of persistence techniques. +* [ebpfkit](https://github.com/Gui774ume/ebpfkit) - Rootkit leveraging eBPF. +* [TripleCross](https://github.com/h3xduck/TripleCross) - Rootkit leveraging eBPF. ### macOS -- [theevilbit's series "Beyond the good ol' LaunchAgents"](https://theevilbit.github.io/tags/beyond/) - 除了 LaunchDaemons 或 LaunchAgents 之外的 macOS 持久性列表. -- [KnockKnock](https://github.com/objective-see/KnockKnock/blob/main/Plugins) - 用于 macOS 的持久性检测工具,用于扫描 macOS 上的持久性机制. 具体的持久化位置可以在 [plugins](https://github.com/objective-see/KnockKnock/tree/main/Plugins) 文件夹,例如 [LaunchItems](https://github.com/objective-see/KnockKnock/blob/main/Plugins/LaunchItems.m#L21) 或者 [StartupScripts](https://github.com/objective-see/KnockKnock/blob/main/Plugins/StartupScripts.m#L22). -- [PoisonApple](https://github.com/CyborgSecurity/PoisonApple/blob/master/poisonapple/techniques.py) - 通过查看 PoisonApple 的源代码了解各种 macOS 持久性技术. -- [How malware persists on macOS](https://www.sentinelone.com/blog/how-malware-persists-on-macos/) - macOS 持久性机制列表. +* [theevilbit's series "Beyond the good ol' LaunchAgents"](https://theevilbit.github.io/tags/beyond/) - List of macOS persistence beyond just the LaunchDaemons or LaunchAgents. +* [KnockKnock](https://github.com/objective-see/KnockKnock/blob/main/Plugins) - A persistence detection tool for macOS to scan for persistence mechanisms on macOS. Specific persistence locations are found in the [plugins](https://github.com/objective-see/KnockKnock/tree/main/Plugins) folder, e.g. [LaunchItems](https://github.com/objective-see/KnockKnock/blob/main/Plugins/LaunchItems.m#L21) or [StartupScripts](https://github.com/objective-see/KnockKnock/blob/main/Plugins/StartupScripts.m#L22). +* [PoisonApple](https://github.com/CyborgSecurity/PoisonApple/blob/master/poisonapple/techniques.py) - Learn about various macOS persistence techniques by looking at the source code of PoisonApple. +* [How malware persists on macOS](https://www.sentinelone.com/blog/how-malware-persists-on-macos/) - List of macOS persistence mechanisms. ### Windows -- [Hexacorn's blog](http://www.hexacorn.com/blog/category/autostart-persistence/) - Hexacorn 的持久性类别博客类别,包括系列“Beyond good ol' Run key”. -- [Autoruns](https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns) - 您可以通过在您自己的客户端上查看 Autoruns 的输出来了解检查了哪些 Windows 持久性机制. 在输出中可以看到类别和发现事物的不同位置. Autoruns 的反汇编列出了被扫描的条目的子集. -- [PowerShell implementation of Autoruns](https://github.com/p0w3rsh3ll/AutoRuns/blob/master/AutoRuns.psm1) - 另一种查找 Windows 持久性位置的方法是查看 PowerShell 版本的 Autoruns 的源代码. 奖励:每个 Autoruns 版本的覆盖持久性位置的历史记录也可以在模块文件的末尾找到,这太棒了! -- [Common malware persistence mechanisms](https://resources.infosecinstitute.com/common-malware-persistence-mechanisms/) - 描述了不同向量的不同持久性机制. -- [Malware persistence techniques](https://www.andreafortuna.org/2017/07/06/malware-persistence-techniques/) - 对多种持久性机制的良好总结,从多个注册表项到更高级的机制,如 COM 劫持. -- [Detecting & Removing an Attacker's WMI Persistence](https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96) - 关于检测和删除 WMI 持久性的博客文章. -- [Windows Persistence using WinLogon](https://www.hackingarticles.in/windows-persistence-using-winlogon/) - 关于滥用 WinLogon 的博客文章. -- [Untangling Kovter's persistence methods](https://blog.malwarebytes.com/threat-analysis/2016/07/untangling-kovter/) - 关于隐藏在注册表中的 Kovter 持久化方法等的博客文章. 另一个是 [Threat Spotlight: Kovter Malware Fileless Persistence Mechanism](https://threatvector.cylance.com/en_us/home/threat-spotlight-kovter-malware-fileless-persistence-mechanism.html). -- [Persistence using GlobalFlags in Image File Execution Options – Hidden from Autoruns.exe](https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/) - 关于滥用 GlobalFlag 执行流程的博文. -- [Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response](https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-a-mykings-variant-with-bootloader-persistence-via-managed-detection-and-response/) - 关于引导加载程序持久性的博客文章. -- 关于 COM/CLSID 劫持的各种博客文章 - - [COM Object hijacking: the discreet way of persistence, 2014](https://www.gdatasoftware.com/blog/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence) - - [Persistence – COM Hijacking, 2020](https://pentestlab.blog/2020/05/20/persistence-com-hijacking/) - - [Abusing COM hijacking in combination with scheduled tasks, 2016](https://enigma0x3.net/2016/05/25/userland-persistence-with-scheduled-tasks-and-com-handler-hijacking/) -- [Hunting for persistence via Microsoft Exchange Server or Outlook](https://speakerdeck.com/heirhabarov/hunting-for-persistence-via-microsoft-exchange-server-or-outlook) - 关于 Microsoft Exchange 服务器持久性的博客文章. +* [Hexacorn's blog](http://www.hexacorn.com/blog/category/autostart-persistence/) - Hexacorn's blog category for persistence category including the series "Beyond good ol' Run key". +* [Autoruns](https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns) - You can learn which Windows persistence mechanisms are checked by looking at the output of Autoruns on your own client. Categories and the different locations where things were found are seen in the output. A disassembly of Autoruns lists a subset of the entries which are scanned. +* [PowerShell implementation of Autoruns](https://github.com/p0w3rsh3ll/AutoRuns/blob/master/AutoRuns.psm1) - Another way to find Windows persistence locations is to look at the source code of the PowerShell version of Autoruns. Bonus: A history of the covered persistence locations for each Autoruns version is found at the end of the module file too, which is so awesome! +* [Common malware persistence mechanisms](https://resources.infosecinstitute.com/common-malware-persistence-mechanisms/) - Different persistence mechanisms for different vectors are described. +* [Malware persistence techniques](https://www.andreafortuna.org/2017/07/06/malware-persistence-techniques/) - Good summary of multiple persistence mechanisms, ranging from multiple registry keys to more advanced one, like COM hijacking. +* [Detecting & Removing an Attacker's WMI Persistence](https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96) - Blog post about detecting and removing WMI persistence. +* [Windows Persistence using WinLogon](https://www.hackingarticles.in/windows-persistence-using-winlogon/) - Blog post about abusing WinLogon. +* [Untangling Kovter's persistence methods](https://blog.malwarebytes.com/threat-analysis/2016/07/untangling-kovter/) - Blog post about Kovter's persistens methos, among others, hiding in registry. Another one is [Threat Spotlight: Kovter Malware Fileless Persistence Mechanism](https://threatvector.cylance.com/en_us/home/threat-spotlight-kovter-malware-fileless-persistence-mechanism.html). +* [Persistence using GlobalFlags in Image File Execution Options – Hidden from Autoruns.exe](https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/) - Blog post about abusing GlobalFlag for process execution. +* [Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response](https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-a-mykings-variant-with-bootloader-persistence-via-managed-detection-and-response/) - Blog post about bootloader persistence. +* Various blog posts about COM/CLSID hijacking + * [COM Object hijacking: the discreet way of persistence, 2014](https://www.gdatasoftware.com/blog/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence) + * [Persistence – COM Hijacking, 2020](https://pentestlab.blog/2020/05/20/persistence-com-hijacking/) + * [Abusing COM hijacking in combination with scheduled tasks, 2016](https://enigma0x3.net/2016/05/25/userland-persistence-with-scheduled-tasks-and-com-handler-hijacking/) +* [Hunting for persistence via Microsoft Exchange Server or Outlook](https://speakerdeck.com/heirhabarov/hunting-for-persistence-via-microsoft-exchange-server-or-outlook) - Blog post about Microsoft Exchange server persistence. + +### Cloud + +* [Shadow Linking: The Persistence Vector of SaaS Identity Threat](https://www.obsidiansecurity.com/blog/shadow-linking-the-persistence-vector-of-saas-identity-threat/) - Abuse of additional identity providers to persist in an environment. ### Firmware -- [MoonBounce: the dark side of UEFI firmware](https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468) - 一篇关于一个特定 UEFI bootkit 的深入报道. +* [MoonBounce: the dark side of UEFI firmware](https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468) - An in-depth write up about one particular UEFI bootkit. ## Persistence Removal - _用于删除持久性机制的工具和命令. 除了下面提到的工具,使用标准操作系统命令来删除持久性._ +_Tools and commands for persistence mechanisms removal. Beside the tools mentioned below, use standard OS commands to remove the persistence._ ### Generic -- [Awesome Incident Response](https://github.com/meirwah/awesome-incident-response) - 使用工具和资源进行安全事件响应,旨在帮助安全分析师和 DFIR 团队. +* [Awesome Incident Response](https://github.com/meirwah/awesome-incident-response) - Use the tools and resources for security incident response, aimed to help security analysts and DFIR teams. ### Windows -- [PowerSponse](https://github.com/swisscom/PowerSponse) - PowerSponse 包括用于清理持久性机制的各种命令. -- [Removing Backdoors – Powershell Empire Edition](https://www.n00py.io/2017/01/removing-backdoors-powershell-empire-edition/) - 各种博客文章处理 WMI 植入物的移除. -- [RegDelNull](https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull) - Removal of registry keys with null bytes - used e.g. in run keys for evasion. +* [PowerSponse](https://github.com/swisscom/PowerSponse) - PowerSponse includes various commands for cleanup of persistence mechanisms. +* [Removing Backdoors – Powershell Empire Edition](https://www.n00py.io/2017/01/removing-backdoors-powershell-empire-edition/) - Various blog posts handle the removal of WMI implants. +* [RegDelNull](https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull) - Removal of registry keys with null bytes - used e.g. in run keys for evasion. ## Detection Testing - _用于测试检测的工具. 使用中描述的技术 [Persistence Techniques](#persistence-techniques) 创建这些文件或手动添加配置更改以测试您的检测._ +_Tools for testing detections. Use the techniques described in [Persistence Techniques](#persistence-techniques) to create these files or add the configuration changes by hand to test your detections._ -- [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) - Atomic Red Team 还支持 MITRE ATT&CK 持久化技术,参见 eg [T1044 "File System Permissions Weakness"](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1044/T1044.yaml). -- [hasherezade persistence demos](https://github.com/hasherezade/persistence_demos) - 恶意软件用于测试自身检测的各种(也是非标准的)持久性方法,其中包括在 repo 中找到的 COM 劫持演示. -- [PoisonApple](https://github.com/CyborgSecurity/PoisonApple) - 在 macOS 上执行各种持久性技术. +* [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) - Atomic Red Team supports also the MITRE ATT&CK persistence techniques, see e.g. [T1044 "File System Permissions Weakness"](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1044/T1044.yaml). +* [hasherezade persistence demos](https://github.com/hasherezade/persistence_demos) - Various (also non standard) persistence methods used by malware for testing own detection, among others COM hijacking demo is found in the repo. +* [PoisonApple](https://github.com/CyborgSecurity/PoisonApple) - Perform various persistence techniques on macOS. ## Prevention -_防止恶意持久化的工具._ +_Tools for preventing malicious persistence._ ### macOS -- [BlockBlock](https://github.com/objective-see/BlockBlock) - 一种通过监视持久性位置并相应地保护它们来提供持续保护的工具. 类似于 KnockKnock 但用于阻塞. +* [BlockBlock](https://github.com/objective-see/BlockBlock) - A tool which provides continual protection by monitoring persistence locations and protects them accordingly. Similar to KnockKnock but for blocking. ## Collection -_持久性收集工具._ +_Tools for persistence collection._ ### Generic -- [Awesome Forensics](https://github.com/Cugu/awesome-forensics) - 使用此列表中的工具,其中包括非常棒的免费(主要是开源)取证分析工具和资源. 它们有助于大规模收集持久性机制,例如通过使用远程取证工具. -- [osquery](https://osquery.readthedocs.io) - 客户端查询持久性机制. -- [OSSEC](https://github.com/ossec/ossec-hids) - 使用 HIDS 的规则和日志来检测配置更改. +* [Awesome Forensics](https://github.com/Cugu/awesome-forensics) - Use the tools from this list which includes awesome free (mostly open source) forensic analysis tools and resources. They help collecting the persistence mechanisms at scale, e.g. by using remote forensics tools. +* [osquery](https://osquery.readthedocs.io) - Query persistence mechanisms on clients. +* [OSSEC](https://github.com/ossec/ossec-hids) - Use rules and logs from the HIDS to detection configuration changes. ### Linux _There is no dedicated persistence collection tool for Linux I'm aware of. Use some of the tools from #General or standard OS commands for collection. Thanks for contributing links to Linux specific persistence collection tools._ -* [Linux Security and Monitoring Scripts](https://github.com/sqall01/LSMS) - 安全和监控脚本,可用于监控您的 Linux 安装以了解与安全相关的事件或进行调查. 在其他发现用于恶意软件持久性的 systemd 单元文件中. +* [Linux Security and Monitoring Scripts](https://github.com/sqall01/LSMS) - Security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Among other finding systemd unit files used for malware persistence. ### macOS -- [KnockKnock](https://www.objective-see.com/products/knockknock.html) - 一种用于发现持续安装的软件以普遍揭示此类恶意软件的工具. 看 [GitHub repository too for the source code](https://github.com/objective-see/KnockKnock). -- [Dylib Hijack Scanner or DHS](https://www.objective-see.com/products/dhs.html) - 一个简单的实用程序,可以扫描您的计算机以查找易受 dylib 劫持或已被劫持的应用程序. 看 [GitHub repository too for the source code](https://github.com/objective-see/DylibHijackScanner). +* [KnockKnock](https://www.objective-see.com/products/knockknock.html) - A tool to uncover persistently installed software in order to generically reveal such malware. See [GitHub repository too for the source code](https://github.com/objective-see/KnockKnock). +* [Dylib Hijack Scanner or DHS](https://www.objective-see.com/products/dhs.html) - A simple utility that will scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked. See [GitHub repository too for the source code](https://github.com/objective-see/DylibHijackScanner). ### Windows -- [Autoruns](http://technet.microsoft.com/en-us/sysinternals/bb963902) - Windows 上一个强大的持久性收集工具是 Autoruns. 它从实时系统收集不同的类别和持久性信息,并且[在 - 来自离线图像的有限方式](https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/). 有一个 UI 和一个命令行程序,输出格式可以设置为 CSV,然后可以将其导入到您选择的日志收集系统中. -- [AutorunsToWinEventLog.ps1](https://github.com/palantir/windows-event-forwarding/blob/master/AutorunsToWinEventLog/AutorunsToWinEventLog.ps1) - 您可以使用 AutorunsToWinEventLog 脚本将 Autoruns 输出转换为 Windows 事件日志并依赖标准 Windows 事件日志转发,而不是使用 CSV 输出并将这些文件复制到服务器. -- [PowerShell Autoruns](https://github.com/p0w3rsh3ll/AutoRuns) - Autoruns 的 PowerShell 版本. -- [PersistenceSniper](https://github.com/last-byte/PersistenceSniper) - 用于寻找植入 Windows 机器中的持久性的 Powershell 模块. -- [RegRipper](https://github.com/keydet89/RegRipper2.8) - 直接从注册表文件中提取各种持久性机制. -- [RECmd](https://github.com/EricZimmerman/RECmd) - 提取各种持久性机制,例如通过使用配置文件 [UserClassesASEPs](https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/UserClassesASEPs.reb) 提取用户的 CLSID 信息. -- [KAPE](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape) - 该工具允许使用目标和模块收集各种预定义的工件,请参阅 [KapeFiles](https://github.com/EricZimmerman/KapeFiles) 其中包括持久性机制,除此之外还有一系列 [LNK files](https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Windows/LNKFilesAndJumpLists.tkape), [scheduled task files](https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Windows/ScheduledTasks.tkape) 和 [scheduled task listing](https://github.com/EricZimmerman/KapeFiles/blob/master/Modules/LiveResponse/schtasks.mkape) 或 [WMI repository auditing](https://github.com/EricZimmerman/KapeFiles/blob/master/Modules/LiveResponse/WMI-Repository-Auditing.mkape) 模块. +* [Autoruns](http://technet.microsoft.com/en-us/sysinternals/bb963902) - A powerful persistence collection tool on Windows is Autoruns. It collects different categories and persistence information from a live system and [in + limited ways from offline images](https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/). There is a UI and a command line program and the output format can be set to CSV which can then be imported into your log collection system of choice. +* [AutorunsToWinEventLog.ps1](https://github.com/palantir/windows-event-forwarding/blob/master/AutorunsToWinEventLog/AutorunsToWinEventLog.ps1) - Instead of using CSV output and copy these file to the server, you can use the AutorunsToWinEventLog script to convert the Autoruns output to Windows event logs and rely on standard Windows event log forwarding. +* [PowerShell Autoruns](https://github.com/p0w3rsh3ll/AutoRuns) - A PowerShell version of Autoruns. +* [PersistenceSniper](https://github.com/last-byte/PersistenceSniper) - Powershell module to hunt for persistence implanted in Windows machines. +* [RegRipper](https://github.com/keydet89/RegRipper2.8) - Extracts various persistence mechanisms from the registry files directly. +* [RECmd](https://github.com/EricZimmerman/RECmd) - Extract various persistence mechanisms, e.g. by using the config file [UserClassesASEPs](https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/UserClassesASEPs.reb) to extract user's CLSID information. +* [KAPE](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape) - The tool allows collecting various predefined artifactgs using targets and modules, see [KapeFiles](https://github.com/EricZimmerman/KapeFiles) which include persistence mechanisms, among others there's a collection of [LNK files](https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Windows/LNKFilesAndJumpLists.tkape), [scheduled task files](https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Windows/ScheduledTasks.tkape) and [scheduled task listing](https://github.com/EricZimmerman/KapeFiles/blob/master/Modules/LiveResponse/schtasks.mkape) or a [WMI repository auditing](https://github.com/EricZimmerman/KapeFiles/blob/master/Modules/LiveResponse/WMI-Repository-Auditing.mkape) module. ## Contributing -欢迎投稿! 阅读 [contribution guidelines](https://github.com/Karneades/awesome-malware-persistence/blob/master/CONTRIBUTING.md) 第一的. +Contributions welcome! Read the [contribution guidelines](https://github.com/Karneades/awesome-malware-persistence/blob/master/CONTRIBUTING.md) first. diff --git a/docs/awesome/awesome-mysql.md b/docs/awesome/awesome-mysql.md index 91d24721b2..d000df5040 100644 --- a/docs/awesome/awesome-mysql.md +++ b/docs/awesome/awesome-mysql.md @@ -86,6 +86,7 @@ This list accepts and encourages pull requests. See [CONTRIBUTING](https://githu *MySQL deployment tools* - [dbdeployer](https://github.com/datacharmer/dbdeployer) (archived) - A tool that installs one or more MySQL servers within seconds, easily, securely, and with full control. +- [MariaDB4j](https://github.com/MariaDB4j/MariaDB4j) - A Java launcher to run MariaDB without installation or external dependencies. - [MySQL Docker](https://hub.docker.com/_/mysql/) - Official Docker images. diff --git a/docs/awesome/awesome-password-cracking.md b/docs/awesome/awesome-password-cracking.md index cceeaaf285..fe6030a760 100644 --- a/docs/awesome/awesome-password-cracking.md +++ b/docs/awesome/awesome-password-cracking.md @@ -109,7 +109,6 @@ Read [CONTRIBUTING.md](https://github.com/narkopolo/awesome-password-cracking/bl ## Misc - [hashgen](https://github.com/cyclone-github/hashgen) - Hashgen is a simple yet very fast CLI hash generator written in Go and cross compiled for Linux, Windows & Mac. -- [hashID](https://github.com/psypanda/hashID) - Software to identify the different types of hashes. - [Name That Hash](https://github.com/HashPals/Name-That-Hash) - Don't know what type of hash it is? Name That Hash will name that hash type! Identify MD5, SHA256 and 300+ other hashes. Comes with a neat web app. @@ -224,7 +223,7 @@ Read [CONTRIBUTING.md](https://github.com/narkopolo/awesome-password-cracking/bl - [pdfrip](https://github.com/mufeedvh/pdfrip) - A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks. ### JKS -- [JKS private key cracker](https://github.com/floyd-fuh/JKS-private-key-cracker-hashcat) - Cracking passwords of private key entries in a JKS fileCracking passwords of private key entries in a JKS file. +- [JKS private key cracker](https://github.com/floyd-fuh/JKS-private-key-cracker-hashcat) - Cracking passwords of private key entries in a JKS file. ### ZIP - [bkcrack](https://github.com/kimci86/bkcrack) - Crack legacy zip encryption with Biham and Kocher's known plaintext attack. diff --git a/docs/awesome/awesome-python-typing.md b/docs/awesome/awesome-python-typing.md index 5722840a93..4eb15fcf04 100644 --- a/docs/awesome/awesome-python-typing.md +++ b/docs/awesome/awesome-python-typing.md @@ -63,7 +63,7 @@ Collection of awesome Python types, stubs, plugins, and tools to work with them. ## Backports and improvements - [future-typing](https://github.com/PrettyWood/future-typing) - Backport for type hinting generics in standard collections and union types as `X | Y`. -- [typing-extensions](https://github.com/python/typing/tree/master/typing_extensions) - Backported and experimental type hints. +- [typing-extensions](https://github.com/python/typing_extensions) - Backported and experimental type hints. - [typing-utils](https://github.com/bojiang/typing_utils) - Backport 3.8+ runtime typing utils(for eg: get_origin) & add issubtype & more. ## Tools diff --git a/docs/awesome/awesome-rust.md b/docs/awesome/awesome-rust.md index 0dc62a0dd1..5a00ec3959 100644 --- a/docs/awesome/awesome-rust.md +++ b/docs/awesome/awesome-rust.md @@ -318,7 +318,7 @@ See also [A comparison of operating systems written in Rust](https://github.com/ * [kpcyrd/rshijack](https://github.com/kpcyrd/rshijack) - A TCP connection hijacker; rewrite of shijack * [kpcyrd/sn0int](https://github.com/kpcyrd/sn0int) - A semi-automatic OSINT framework and package manager * [kpcyrd/sniffglue](https://github.com/kpcyrd/sniffglue) - A secure multithreaded packet sniffer -* [ObserverWard](https://github.com/0x727/ObserverWard) - Community based web technologies analysis tool. +* [observer_ward](https://github.com/emo-crab/observer_ward) - Web application and service fingerprint identification tool * [Raspirus](https://github.com/Raspirus/Raspirus) - User- and resources-friendly signatures-based malware scanner [![status](https://github.com/Raspirus/Raspirus/actions/workflows/testproject.yml/badge.svg)](https://github.com/Raspirus/Raspirus/actions/workflows/testproject.yml) * [ripasso](https://github.com/cortex/ripasso/) - A password manager, filesystem compatible with pass * [rustscan/rustscan](https://github.com/RustScan/RustScan) - Make Nmap faster with this port scanning tool [![build badge](https://github.com/RustScan/RustScan/workflows/Continuous%20integration/badge.svg?branch=master)](https://github.com/RustScan/RustScan/actions?query=workflow%3A%22Continuous+integration%22)