Things I know and will have to know about binaries.
- Reverse Engineering for Beginners -- by Dennis Yurichev
- Modern Binary Exploitation -- by RPISEC
- FuzzySecurity
- Advanced Digital Forensics and Data Reverse Engineering
- CNIT 127: Exploit Development
- 一步一步学ROP -- by 蒸米
- ROP Emporium
- Intro to ROP: ROP Emporium — Split
- 64-bit Linux Return-Oriented Programming -- by Ben Lynn
- Introduction to return oriented programming (ROP) -- by Alex Reece
- 现代栈溢出利用技术基础:ROP -- by beswing
- Return-oriented Programming:Exploitation without Code Injection -- by Erik Buchanan
- Return-Oriented Programming:Systems, Languages, and Applications -- by RYAN ROEMER
- Blind Return Oriented Programming (BROP) -- by A. Bittau
- Finding Function's Load Address
- ELF如何摧毁圣诞——通过ELF动态装载机制进行漏洞利用
- ROP之return to dl-resolve
- BROP Attack之Nginx远程代码执行漏洞分析及利用 -- by k0shl
- Blind Return Oriented Programming (BROP) Attack -- by Liu Yutao
- 如何在32位系统中使用ROP+Return-to-dl来绕过ASLR+DEP
- Syscalls used by malloc -- by sploitfun
- Understanding glibc malloc
- Heap Exploitation ~ Abusing Use-After-Free -- by r3kt
- Double Free浅析 -- by explorer
- PWN之堆内存管理 -- by jmpews
- 逆向安全系列:Use After Free漏洞浅析 -- by ray_cp
- 堆溢出漏洞简介 -- by zh-explorer
- glibc内存分配与回收过程图解 -- by 猫科龙
- PEDA - Python Exploit Development Assistance for GDB
- pwntools - CTF framework and exploit development library
- angr - The next-generation binary analysis platform
- zio - unified io lib for pwning development written in python
-
Exploiting Format String Vulnerabilities -- by scut/team teso
-
Introduction to Format String exploits -- by Alex Reece
-
格式化字符串漏洞利用小结 -- by tianyi201612
-
格式化字符串blind pwn详细教程 -- by 4SUN4_C8
-
漏洞挖掘基础之格式化字符串 -- by 珈蓝夜宇
-
Linux系统下格式化字符串利用研究 -- by Hcamael
-
Linux中的GOT和PLT到底是个啥? -- by PhyzX
- Windows Kernel Exploit Part 1
- Windows Kernel Exploit Part 2
- Windows Kernel Exploit Part 3
- Windows Kernel Exploit Part 4
- Windows Kernel Exploit Part 5
- Windows Kernel Exploit Part 6
- Windows Kernel Exploit Part 7
-
SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit
-
Stack based v/s Register based architectures and android's Dalvik VM
-
What Every Computer Scientist Should Know About Floating-Point Arithmetic
-
Malware Analysis Tutorials: a Reverse Engineering Approach -- by Dr. Xiang Fu
-
x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique
-
MALLOC DES-MALEFICARUM -- by blackngel
-
Heap exploitation -- by Angelboy
-
Advanced heap exploitation -- by Angelboy
-
Hack The Virtual Memory -- by Julien Barbier
-
Exploit writing tutorial -- By Corelan Team
- Stack Based Overflows
- Stack Based Overflows – jumping to shellcode
- SEH Based Exploits
- SEH Based Exploits – just another example
- From Exploit to Metasploit – The basics
- How debugger modules & plugins can speed up basic exploit development
- Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
- Unicode – from 0x00410041 to calc
- Win32 Egg Hunting
- Introduction to Win32 shellcoding
- Chaining DEP with ROP
- Heap Spraying Demystified
-
Advances in format string exploitation -- by gera, riq
-
软件分析技术 -- by 熊英飞
-
Compiler Design -- by Frank Pfenning
-
Optimizing Compilers -- by Todd C. Mowry
-
Main is usually a function. So then when is it not? -- by James Rowe
-
Heap Exploitation -- by Dhaval Kapil
-
Linux堆内存管理深入分析 -- by 阿里聚安全
-
Windows Exploit开发系列教程 -- by Netfairy, lufei
-
Notes About Heap Overflow Under Linux -- by Silver
-
如何理解堆和堆溢出漏洞的利用? -- by 老王隔壁的白帽子
-
how2heap -- by shellphish
- how2heap总结-上
- how2heap总结-下 by 7o8v_
-
Ltrace Internals -- by Rodrigo Rubira Branco
-
Principles of Program Analysis -- by Nielson
-
Static Program Analysis -- by Anders
-
Windows Kernel Exploitation Tutorial -- by rootkit
-
Type-Safety in Programming Languages -- by Michael Hicks
-
Memory-Safety in Programming Languages -- by Michael Hicks
-
CS 252r: Advanced Topics in Programming Languages -- by Prof. Stephen Chong
-
X86 EXPLOITATION 101 -- by GB_MASTER
-
Glibc Adventures: The Forgotten Chunks -- by Francois Goichon
-
Libc堆管理机制及漏洞利用技术 (一) -- by ysyy
-
浅析Linux堆溢出之fastbin -- by 银河实验室
-
Linux堆溢出利用:unlink -- by v-v.mom
-
堆之House of Spirit -- by ray_cp
-
ctf-HITCON-2016-houseoforange学习 -- by 一肩担风月
-
CTF Pwn之创造奇迹的Top Chunk -- by for_while
-
unsorted bin attack分析 -- by ray_cp
-
linux堆溢出学习之unsafe unlink -- by Anciety
-
手把手教你栈溢出从入门到放弃(上) -- by Jwizard
-
手把手教你栈溢出从入门到放弃(下) -- by Jwizard
-
Z3一把梭:用约束求解搞定一类CTF题 -- by 朱文雷
-
Smashing the stack in 2010 -- by Andrea Cugliari
-
The advanced return-into-lib(c) exploits -- by Nergal
-
ROP stager + Return-to-dl-resolveによるASLR+DEP回避 -- by hatena
-
x64でROP stager + Return-to-dl-resolveによるASLR+DEP回避をやってみる -- by hatena
-
Dance In Heap 系列
-
Quick introduction into SAT/SMT solvers and symbolic execution