资料搜集:

  1. C++ 调试相关优秀资源收集:

https://github.com/MattPD/cpplinks/blob/master/debugging.md

  1. linux-kernel-defense-map - Linux 内核防御图:

https://github.com/a13xp0p0v/linux-kernel-defence-map/blob/master/README.md

  1. Linux kernel exploit stack smashing:

http://tacxingxing.com/2018/02/15/linux-kernel-exploit-stack-smashing/

  1. 使用 Binary Ninja 进行漏洞建模:

https://blog.trailofbits.com/2018/04/04/vulnerability-modeling-with-binary-ninja/

  1. 《Professional Linux Kernel Architecture 》(深入Linux内核架构) PDF:

https://cse.yeditepe.edu.tr/~kserdaroglu/spring2014/cse331/termproject/BOOKS/ProfessionalLinuxKernelArchitecture-WolfgangMauerer.pdf

  1. Effect of CPU caches,CPU 缓存研究:

https://medium.com/@minimarcel/effect-of-cpu-caches-57db81490a7f

  1. linux kernel 巨详细的资料:

https://www.kernel.org/doc/html/latest/core-api/index.html

  1. ELF文件格式解析报告

http://www.skyfree.org/linux/references/ELF_Format.pdf

  1. ctf 练习题库:

https://github.com/sixstars/starctf2018/tree/master/pwn-note

  1. [ Tools ] SQLInjectionWiki - 记录各种 SQL 注入方法的 Wiki:

https://github.com/NetSPI/SQLInjectionWiki

  1. Using unsorted bin attack to achieve a leakless RCE on PIE binaries

https://gist.github.com/romanking98/9aab2804832c0fb46615f025e8ffb0bc

  1. [ Exploit ] 无需内存泄露,基于堆风水技术实现 libc-2.24 的 RCE:

https://github.com/romanking98/House-Of-Roman

  1. 研究者发布了一种堆中的新漏洞利用技术并命名为House of Roman http://t.cn/RuavBNs

  2. Linux Restricted Shell Bypass http://t.cn/R3PXdpb

  3. https://github.com/mwrlabs/win_driver_plugin

  4. https://github.com/mwrlabs/KernelFuzzer

  5. [ Linux ] 理解与分析 ELF 二进制文件格式: https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/

  6. [ Programming ] printf 函数的详细实现流程:

http://www.maizure.org/projects/printf/index.html

  1. [ Browser ] 浏览器漏洞利用方向的资源整合:

https://www.it-sec-catalog.info/browser_exploitation.html

  1. [ Rootkit ] Reptile - LKM Linux rootkit (支持 2.6.x/3.x/4.x 内核版本):

https://github.com/f0rb1dd3n/Reptile

  1. [ Tools ] cpu_rec - 识别任意二进制文件中 cpu 指令的工具:

https://github.com/airbus-seclab/cpu_rec

  1. [ Tools ] 漏洞利用开发备忘清单:

https://raw.githubusercontent.com/coreb1t/awesome-pentest-cheat-sheets/master/docs/pentest-exploit-dev-cheatsheet.jpg

  1. [ Windows ] Windows漏洞利用开发 第2节,破坏结构化异常处理和控制内存指针:

http://blog.k3170makan.com/2018/05/windows-exploit-development-primer-ii.html

  1. [ Linux ] BinExp - Linux 二进制漏洞利用教程:

https://github.com/r0hi7/BinExp

  1. https://www.countercraft.eu/blog/post/arbitrary-vs-kernel/

Arbitrary Code Guard vs. Kernel Code Injections

ACG会阻止分配可写可执行的内存,从而使要分配内存存放shellcode的代码注入攻击方式失效

  1. 复习资料:https://firmianay.gitbooks.io/ctf-all-in-one/content/doc/2.3.1_gdb.html#gefpwndbg

  2. 别人整理的关于pwn的资料 https://github.com/str8outtaheap/pwning

28.​​ [ Attack ] 历年针对 PC 端和服务器攻击技术相关的 Paper 收集整理:

https://timeglider.com/timeline/5ca2daa6078caaf4

    • [ Tools ] mandibule - linux elf 进程注入工具:

https://github.com/ixty/mandibule

  1. https://github.com/CHYbeta/Software-Security-Learning

  2. [ Debug ] 使用 Ptrace 进行反调试的方法:

https://github.com/yellowbyte/analysis-of-anti-analysis/blob/master/research/hiding_call_to_ptrace/hiding_call_to_ptrace.md

  1. 逆向学习教程:http://martin.uy/blog/projects/reverse-engineering/

  2. 有趣的脚本:http://www.leeholmes.com/projects/ps_html5/Invoke-PSHtml5.ps1

  3. http://www.wowotech.net/kernel_synchronization/445.html

  4. gdb 查看heap的插件:https://github.com/cloudburst/libheap/blob/master/docs/InstallGuide.md

  5. https://github.com/De4dCr0w/HyperPlatform

  6. https://mp.weixin.qq.com/s/uO8y3dG_nNOIUsWYJgCSrA

  7. 重现 TP-Link SR20 本地网络远程代码执行漏洞 https://xax007.github.io/2019-03-30-tp-link-sr20-router-lan-rce-vulnerability-walkthrough/?nsukey=4UfqxAP%2BmNJjexLKrv6k44FdMxKnv9UXaWk%2BkxJOjpsh6iDyQq6A9Ww9jcS4u%2BDEcOWA0%2FKjdSY7e9es0T248QSWjQZGCghgfXozIzLebfQDx6pQAmjFhEB9MDICGAxxoLwqthwbyiOmdj5Hz1eOjAm1eD%2F4oeZlghGVdybgrfQ%3D&from=timeline&isappinstalled=0