README.old.md

Binary Reading List

Things I know and will have to know about binaries.

Courses

• FuzzySecurity
• Advanced Digital Forensics and Data Reverse Engineering
• CNIT 127: Exploit Development

ROP

• 一步一步学ROP -- by 蒸米
  • 一步一步学ROP之linux_x86篇
  • 一步一步学ROP之linux_x64篇
  • 一步一步学ROP之gadgets和2free篇
  • 一步一步学ROP之Android ARM 32位篇
• ROP Emporium
• Intro to ROP: ROP Emporium — Split
• 64-bit Linux Return-Oriented Programming -- by Ben Lynn
• Introduction to return oriented programming (ROP) -- by Alex Reece
• 现代栈溢出利用技术基础：ROP -- by beswing
• Return-oriented Programming:Exploitation without Code Injection -- by Erik Buchanan
• Return-Oriented Programming:Systems, Languages, and Applications -- by RYAN ROEMER
• Blind Return Oriented Programming (BROP) -- by A. Bittau
• Finding Function's Load Address
• ROP之return to dl-resolve
• BROP Attack之Nginx远程代码执行漏洞分析及利用 -- by k0shl
• Blind Return Oriented Programming (BROP) Attack -- by Liu Yutao
• 如何在32位系统中使用ROP+Return-to-dl来绕过ASLR+DEP

Heap

• Syscalls used by malloc -- by sploitfun
• Understanding glibc malloc
• Heap Exploitation ~ Abusing Use-After-Free -- by r3kt
• Double Free浅析 -- by explorer
• PWN之堆内存管理 -- by jmpews
• 逆向安全系列：Use After Free漏洞浅析 -- by ray_cp
• 堆溢出漏洞简介 -- by zh-explorer
• glibc内存分配与回收过程图解 -- by 猫科龙

Format String

• Introduction to Format String exploits -- by Alex Reece
• 格式化字符串漏洞利用小结 -- by tianyi201612
  • 格式化字符串漏洞利用小结（一）
  • 格式化字符串漏洞利用小结（二）
  • 借助DynELF实现无libc的漏洞利用小结
• 格式化字符串blind pwn详细教程 -- by 4SUN4_C8
• Linux系统下格式化字符串利用研究 -- by Hcamael
• Linux中的GOT和PLT到底是个啥？ -- by PhyzX

TODO

• 使用OllyDbg从零开始Cracking
• 从逆向工程的角度来看C++
• Shellcode Injection
• Buffer Overflow
• Writing you own shellcode
• SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit
• Stack based v/s Register based architectures and android's Dalvik VM
• How does a C debugger work?
• How the heck do we get to main()?
• Smashing the Stack for Fun and Profit
• GOT, PLT and Dynamic Sharing
• What Every Computer Scientist Should Know About Floating-Point Arithmetic
• NX Bit - Does it protect the stack?
• Malware Analysis Tutorials: a Reverse Engineering Approach -- by Dr. Xiang Fu
• x86 Assembly Guide
• Beej's Quick Guide to GDB
• x86 Assembly
• Corelan Team Blog
• Using GDB to Develop Exploits
• x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique
• The "Ultimate" Anti-Debugging Reference
• Low-level Software Security: Attacks and Defenses
• Heap exploitation -- by Angelboy
• Advanced heap exploitation -- by Angelboy
• Hack The Virtual Memory -- by Julien Barbier
  • Hack The Virtual Memory: C strings & /proc
  • Hack The Virtual Memory: Python bytes
  • Hack the Virtual Memory: drawing the VM diagram
  • Hack the Virtual Memory: malloc, the heap & the program break
• Exploit writing tutorial -- By Corelan Team
  • Stack Based Overflows
  • Stack Based Overflows – jumping to shellcode
  • SEH Based Exploits
  • SEH Based Exploits – just another example
  • From Exploit to Metasploit – The basics
  • How debugger modules & plugins can speed up basic exploit development
  • Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
  • Unicode – from 0x00410041 to calc
  • Win32 Egg Hunting
  • Introduction to Win32 shellcoding
  • Chaining DEP with ROP
  • Heap Spraying Demystified
• 软件分析技术 -- by 熊英飞
• Compiler Design -- by Frank Pfenning
• Optimizing Compilers -- by Todd C. Mowry
• System Security and Binary Code Analysis
• Main is usually a function. So then when is it not? -- by James Rowe
• Heap Exploitation -- by Dhaval Kapil
• Linux堆内存管理深入分析 -- by 阿里聚安全
  • Linux堆内存管理深入分析（上）
  • Linux堆内存管理深入分析（下）
• Windows Exploit开发系列教程 -- by Netfairy, lufei
  • Windows Exploit开发系列教程——堆喷射（一）
  • Windows Exploit开发系列教程——堆喷射（二）
• Notes About Heap Overflow Under Linux -- by Silver
• 如何理解堆和堆溢出漏洞的利用？ -- by 老王隔壁的白帽子
• how2heap -- by shellphish
  • how2heap总结-上
  • how2heap总结-下 by 7o8v_
• Principles of Program Analysis -- by Nielson
• Windows Kernel Exploitation Tutorial -- by rootkit
  • Part 1: Setting up the Environment
  • Part 2: Stack Overflow
  • Part 3: Arbitrary Memory Overwrite (Write-What-Where)
• Type-Safety in Programming Languages -- by Michael Hicks
• Memory-Safety in Programming Languages -- by Michael Hicks
• CS 252r: Advanced Topics in Programming Languages -- by Prof. Stephen Chong
• X86 EXPLOITATION 101 -- by GB_MASTER
• heap overflow&溢出保护和绕过
• Libc堆管理机制及漏洞利用技术 (一） -- by ysyy
• 堆溢出的unlink利用方法
• Linux堆溢出漏洞利用之unlink
• 浅析Linux堆溢出之fastbin -- by 银河实验室
• Linux堆溢出利用:unlink -- by v-v.mom
• 堆之House of Spirit -- by ray_cp
• ctf-HITCON-2016-houseoforange学习 -- by 一肩担风月
• CTF Pwn之创造奇迹的Top Chunk -- by for_while
• unsorted bin attack分析 -- by ray_cp
• linux堆溢出学习之unsafe unlink -- by Anciety
• 手把手教你栈溢出从入门到放弃（上） -- by Jwizard
• 手把手教你栈溢出从入门到放弃（下） -- by Jwizard
• Z3一把梭：用约束求解搞定一类CTF题 -- by 朱文雷
• Smashing the stack in 2010 -- by Andrea Cugliari
• Linker and Libraries Guide
• ROP stager + Return-to-dl-resolveによるASLR+DEP回避 -- by hatena
• x64でROP stager + Return-to-dl-resolveによるASLR+DEP回避をやってみる -- by hatena
• Acronyms relevant to Executable and Linkable Format (ELF)
• Dance In Heap 系列
  • Dance In Heap（一）：浅析堆的申请释放及相应保护机制
  • Dance In Heap（二）：一些堆利用的方法（上）
  • Dance In Heap（三）：一些堆利用的方法（中）
  • Dance In Heap（四）：一些堆利用的方法（下）
• Linux堆漏洞之Use after free实例
• Sigreturn Oriented Programming (SROP) Attack攻击原理
• An Introduction to Use After Free Vulnerabilities
• 逆向安全系列：Use After Free漏洞浅析
• Linux堆溢出之Fastbin Attack实例详解
• 从一字节溢出到任意代码执行-Linux下堆漏洞利用
• 现代化的堆相关漏洞利用技巧
• DECISION PROCEDURES FOR BIT-VECTORS, ARRAYS AND INTEGERS
• I433 System & Protocol Security
• From fuzzing to 0-day