houjingyi
0%

关于

主要研究二进制,包括漏洞挖掘/病毒分析/加壳脱壳
对文章有问题或者想交个朋友:wx(aG91amluZ3lpMTU5)

挖过的一些并没有什么卵用的漏洞

vendor CVE link
apple CVE-2019-8801 https://support.apple.com/en-us/HT210722
bitrock CVE-2020-3979 https://blog.installbuilder.com/2020/08/updates-and-bug-fixes-with-version-2070.html
cisco CVE-2020-3432 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-dos-36s2y3Lv
cisco - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv65124
dell CVE-2020-5358 https://www.dell.com/support/article/SLN321789
dell CVE-2020-5385 https://www.dell.com/support/article/SLN322456
fortinet CVE-2020-9287/CVE-2020-9290 https://fortiguard.com/psirt/FG-IR-19-060
HP CVE-2019-18919/CVE-2019-18920 https://support.hp.com/us-en/document/c06609927
huawei CVE-2020-1844 https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200221-01-pcmanager-en
intel CVE-2020-12287 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00399.html
lenovo CVE-2019-6197 http://iknow.lenovo.com/detail/dc_186945.html
PostgreSQL CVE-2020-10733 https://www.postgresql.org/about/news/2038/
trendmicro CVE-2020-8601 https://success.trendmicro.com/solution/000241963
alibaba - https://security.alibaba.com/people.htm?id=4c13d5096e353613b2bbf1e82a34a06f
alipay - https://security.alipay.com/honorranking.htm (2020.6/2020.7)
baidu - https://bsrc.baidu.com/v2/#/rank/list (2020.4/2020.5)
beike - https://security.ke.com/rank (2020.6)
bytedance - https://security.bytedance.com/honor/rank/ (2020.4/2020.7)
douyu - https://security.douyu.com/index.php?m=&c=hall&a=index
evernote - https://www.yinxiang.com/security/report-issue/
huawei - https://bugbounty.huawei.com/hbp/#/ranking (2020 Q2)
iqiyi - https://security.iqiyi.com/#honour (2019.11/2020.1/2020.4)
jingdong - https://security.jd.com/#/user/2237AF8C8EB5
JJWorld - https://security.jj.cn/rank_list/personal/ (2020.4)
netease - https://aq.163.com/contribution (2020.4/2020.5/2020.7)
oppo - https://security.oppo.com/cn/charts.html (2020.5)
sogou - http://sec.sogou.com/ranking/user/?id=929d683988d3bb4b87df86be14ed56d7
suning - https://security.suning.com/ssrc-web/public/rank.do (2020.1/2020.4)
tencent - https://security.tencent.com/index.php/user/p/oEiJUwo5OGE-WOaQV96j1BOtFdsM
unionpay - https://security.unionpay.com/contribution/list (2020.4/2020.6)
vipshop - https://sec.vip.com/userinfo/b6b21141-1f2a-4bd2-b2fc-6694e31bb5e3
vivo - https://security.vivo.com.cn/#/rank/list (2020.3)
xiaomi - https://sec.xiaomi.com/u/c6bd9b1c79829e88

vulnerability coordination and bug bounty platform

platform link
bugcrowd https://bugcrowd.com/houjingyi
butian https://www.butian.net/WhiteHat/d/3580618
hackerone https://hackerone.com/hhjjyy

讲过的talk

XKungfoo2018:2017年恶意代码威胁回顾和快速分析实践

CSDN博客

houjingyi的博客

在安全客发表的文章

https://www.anquanke.com/member/143742

在看雪论坛发表的文章

https://bbs.pediy.com/user-734571.htm

在先知社区发表的文章

https://xz.aliyun.com/u/4572

在公司发表的文章(*表示与他人合作)

CVE-2019-0708 metasploit EXP分析

CVE-2019-9213——linux内核用户空间0虚拟地址映射漏洞分析

尝试进行RPC漏洞挖掘

VPNFilter Botnet情况更新*

VPNFilter-新型IoT Botnet深度解析*

2017年中国高级持续性威胁研究报告*

CVE–2017–13156Janus安卓签名漏洞预警分析

坏兔子勒索病毒事件基本分析报告(更新:永恒浪漫漏洞使用技术信息)*

CCleaner恶意代码分析预警*

XShellGhost事件技术回顾报告*

Sorebrect勒索病毒分析报告

友情链接

360的希望:https://blog.th3wind.xyz/