Sectoolset
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Spectre Meltdown Checker | 3,715 | 3 months ago | 67 | Shell | ||||||
| Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD | ||||||||||
| Sectoolset | 1,187 | 13 days ago | Shell | |||||||
| The security tool(project) Set from github。github安全项目工具集合 | ||||||||||
| Spectre Attack | 662 | 6 years ago | 6 | C | ||||||
| Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715) | ||||||||||
| Hardware And Firmware Security Guidance | 563 | 8 months ago | 5 | other | C | |||||
| Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber | ||||||||||
| Specucheck | 544 | 4 years ago | 3 | C | ||||||
| SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4) | ||||||||||
| Meltdownspectre Patches | 341 | 6 years ago | 4 | unlicense | ||||||
| Summary of the patch status for Meltdown / Spectre | ||||||||||
| Speculation Bugs | 318 | 6 years ago | 3 | other | ||||||
| Docs and resources on CPU Speculative Execution bugs | ||||||||||
| In Spectre Meltdown | 84 | 6 years ago | gpl-3.0 | Python | ||||||
| This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in | ||||||||||
| Meltdownspectrereport | 71 | 5 years ago | PowerShell | |||||||
| Query mitigation status of Meltdown and Spectre against one or multiple Windows computers. It uses parallelization for fast data collection. | ||||||||||
| Hardware Attacks State Of The Art | 67 | 4 months ago | lgpl-3.0 | |||||||
| Microarchitectural exploitation and other hardware attacks. | ||||||||||
sectoolset -- Github安全相关工具集合
主要内容:
乌云镜像
近期安全热点
WebP 0day CVE-2023-4863 可能影响安卓系统
CVE-2023-4039:GCC的-fstack-protector存在动态堆栈分配漏洞,影响ARM64版本(Macbook M版本)
OpenSSH组件ssh-agent存远程代码执行漏洞(CVE-2023-38408)
Fortigate VPN远程代码执行(CVE-2023-27997),全网仍有大量机器未进行修补
Windows 11 可信平台模块TPM 2.0 越界读写漏洞 ( CVE-2023-1017,CVE-2023-1018 )
新型Linux勒索病毒Royal Ransomware专门针对VMware ESXi虚拟集群
Text4Shell:Apache Commons Text任意执行漏洞CVE-2022-42889
zlib安全漏洞CVE-2022-37434,影响面广,但是只有调用inflateGetHeader的应用程序会受到影响
Hertzbleed 侧信道攻击频率侧信道,影响所有厂商CPU CVE-2022-23823 和 CVE-2022-24436
Srpingshell危险漏洞 CVE-2022-22965 CVSS 9.8
Linux系统Snap-confine功能中发现多个漏洞CVE-2021-44731等
Linux kernel内核 TIPC协议漏洞 CVE-2022-0435
Linux Polkit权限提升漏洞(CVE-2021-4034)
2021十大安全技术 Top 10 web hacking techniques of 2021
CISA Log4j(CVE-2021-44228)漏洞指导,包括详尽的受影响软件列表
通过MySQL中的科学记数法bug透过使AWS WAF进行SQL注入攻击
BlackHat 2021和DEF CON 2021会议的顶级HACK议题
Nginx暴DNS解析器Off-by-One堆写入高危漏洞CVE-2021-23017
Openssl高版本(1.1.1d以上)爆高危漏洞 CVE-2021-3450,可导致Ddos攻击
linux内核scsi_transport_iscsi潜伏15年的漏洞(CVE-2021-27363 CVE-2021-27364 CVE-2021-27365),可以本地提权
Microsoft Exchange Server 0day攻击
Microsoft 365 Defender研究团队和威胁情报中心(MSTIC)的SolarWinds攻击分析文章
安全论文:《Measuring and Preventing Supply Chain Attacks on Package Managers》
Ubuntu提权漏洞,利用gdm3-accountsservice-LPE
License
Licensed under Apache License 2.0.
