Security Papers
(与本人兴趣强相关的)各种安全or计算机资料收集,如侵权请联系我删除~
book, manual, paper, blog, slides, report, course, survey,tool, online, video
Architecture
- 2014 manual ARM_Architecture_Reference_Manual_ARMv7-A_and_ARMv7-R_edition
- 2019 manual Arm_Architecture_Reference_Manual
- 2019 manual Intel_64_and_IA-32_Architectures_Software_Developers_Manual
- 2017 slides A_tour_of_the_ARM_architecture_and_its_Linux_support
Reverse Engineering
- 2005 book Reversing_Secrets_of_Reverse_Engineering
- 2016 book anti-reverse-engineering-linux
- 2016 paper An_In-Depth_Analysis_of_Disassembly_on_Full-Scale_x86x64_Binaries
- 2018 slides Unpacking_for_Dummies
- 2019 book Reverse_Engineering_for_Beginners
- 2019 slides Three_Heads_Are_Better_Than_One_Mastering_NSAs_Ghidra_Reverse_Engineering_Tool
- 2020 paper An_Observational_Investigation_of_Reverse_Engineers_Processes
Program Analysis
- 2004 book Principles_of_Program_Analysis
- 2005 paper WYSINWYX_What_You_See_Is_Not_What_You_eXecute
- 2007 paper CUTE_A_Concolic_Unit_Testing_Engine_for_C
- 2010 paper All_You_Ever_Wanted_to_Know_About_Dynamic_Taint_Analysis_and_Forward_Symbolic_Execution-but_might_have_been_afraid_to_ask
- 2012 paper Unleashing_MAYHEM_on_Binary_Code
- 2016 paper SVF_Interprocedural_Static_Value-Flow_Analysis_in_LLVM
- 2018 paper A_Survey_of_Symbolic_Execution_Techniques
- 2018 slides Intro_to_Binary_Analysis_with_Z3_and_Angr
- 2018 slides The_NOT-SO-PROFITABLE_Path_Towards_Automated_Heap_Exploitation
- 2018 slides Finding_security_vulnerabilities_with_modern_fuzzing_techniques
- 2019 book SAT-SMT_by_example
- 2019 book Static_Program_Analysis
Malware
- 2010 slides Malware-Analysis-Training
- 2017 slides Dr_Honeypots
- 2017 slides Digital_Vengeance_Exploiting_the_Most_Notorious_C&C_Toolkits
- 2017 paper Understanding_the_Mirai_Botnet
- 2018 paper Understanding_Linux_Malware
- 2018 slides Modern Linux Malware Exposed
- 2018 slides Trojans_in_SS7-how_they_bypass_all_security_measures
- 2019 slides Fileless_Malware_and_Process_Injection_in_Linux
Exploitation
- 1998 paper StackGuard_Automatic_Adaptive_Detection_and_Prevention_of_Buffer-Overflow_Attacks
- 2001 blog Exploiting_Format_String_Vulnerabilities
- 2001 blog The_advanced_return-into-libc_exploits
- 2002 blog Advances_in_format_string_exploitation
- 2005 paper Control-Flow_Integrity_Principles_Implementations_and_Applications
- 2007 slides Understanding_the_heap_by_breaking_it
- 2008 book Hacking-The_Art_of_Exploitation_2nd_Edition
- 2009 paper Surgically_Returning_to_Randomized_libc
- 2009 blog MALLOC_DES-MALEFICARUM
- 2010 paper G-Free_Defeating_Return-Oriented_Programming_through_Gadget-less_Binaries
- ★★★☆☆ 2011 book 0day安全-软件漏洞分析技术第2版
- 2011 paper Q_Exploit_Hardening_Made_Easy
- 2011 paper Jump-Oriented_Programming_A_New_Class_of_Code-Reuse_Attack
- 2012 paper Return-Oriented_Programming_Systems_Languages_and_Applications
- 2012 paper Understanding_Integer_Overflow_in_C:C++
- 2013 paper Just-in-time_code_reuse_On_the_effectiveness_of_fine-grained_address_space_layout_randomization
- 2013 paper Transparent_ROP_Exploit_Mitigation_using_Indirect_Branch_Tracing
- ★★★★★ 2014 paper Hacking_Blind
- ★★★★★ 2014 paper Framing_Signals—A_Return_to_Portable_Shellcode
- 2014 paper Code-Pointer_Integrity
- ★★★★★ 2015 paper How_the_ELF_Ruined_Christmas
- 2015 blog Glibc_Adventures_The_Forgotten_Chunks
- ★★★☆☆ 2015 course Modern_Binary_Exploitation
- 2015 paper Automatic_Generation_of_Data-Oriented_Exploits
- 2016 paper New_Exploit_Methods_against_Ptmalloc_of_GLIBC
- 2016 paper LAVA_Large-scale_Automated_Vulnerability_Addition
- 2017 paper ASLR_on_the_Line_Practical_Cache_Attacks_on_the_MMU
- 2017 blog Cyber_Grand_Shellphish
- 2018 survey 缓冲区溢出漏洞分析技术研究进展
- 2019 survey 安全漏洞自动利用综述
- 2019 survey The_Art_Science_and_Engineering_of_Fuzzing_A_Survey
- 2020 paper Typestate-Guided_Fuzzer_for_Discovering_Use-after-Free_Vulnerabilities
Fuzz
- 2020 paper IJON_Exploring_Deep_State_Spaces_via_Fuzzing
- 2020 paper AFLNet: A Greybox Fuzzer for Network Protocols
IOT
- 2006 paper IoT/Vulnerabilities_in_first-generation_RFID-enabled_credit_cards
- 2013 book Hacking the Xbox
- 2013 paper FIE_on_Firmware_Finding_Vulnerabilities_in_Embedded_Systems_Using_Symbolic_Execution
- 2014 paper A_Large-Scale_Analysis_of_the_Security_of_Embedded_Firmwares
- 2015 slides Advanced_SOHO_Router_Exploitation
- 2015 slides Cameras_Thermostats_and_Home_Automation_Controllers
- 2015 paper Firmalice-Automatic_Detection_of_Authentication_Bypass_Vulnerabilitiesin_Binary_Firmware
- 2016 paper Towards_Automated_Dynamic_Analysis_for_Linux-based_Embedded_Firmware
- 2016 paper Scalable_Graph-based_Bug_Search_for_Firmware_Images
- 2017 paper IoT_Goes_Nuclear_Creating_a_Zigbee_Chain_Reaction
- 2017 slides Reversing FreeRTOS on embedded devices
- ★★☆☆☆ 2017 survey 物联网安全综述
- ★☆☆☆☆ 2018 survey 智能家居安全综述
- 2018 survey 物联网操作系统安全研究综述
- ★★★☆☆ 2018 report 智能设备安全分析手册
- 2018 slides Fitbit Firmware Hacking
- 2018 slides Reversing_IoT_Xiaomi_ecosystem
- 2018 slides Bushwhacking your way around a bootloader
- 2018 slides Dissecting_QNX
- 2018 slides Hacking_Toshiba_Laptops
- 2018 slides Subverting_your_server_through_its_BMC_the_HPE_iLO4_case
- 2018 slides DIY_ARM_Debugger_for_Wi-Fi_Chips
- 2018 survey Program_Analysis_of_Commodity_IoT_Applications_for_Security_and_Privacy_Challenges_and_Opportunities
- 2018 paper Hackers_vs_Testers_A_Comparison_of_Software_Vulnerability_Discovery_Processes
- ★★★★☆ 2018 paper What_You_Corrupt_Is_Not_What_You_Crash_Challenges_in_Fuzzing_Embedded_Devices
- 2018 paper IoTFuzzer_Discovering_Memory_Corruptions_in_IoT_Through_App-based_Fuzzing
- 2018 paper Sensitive_Information_Tracking_in_Commodity_IoT
- 2018 paper DTaint_Detecting_the_Taint-Style_Vulnerability_in_Embedded_Device_Firmware
- 2018 slides Beginners_Guide_on_How_to_Start_Exploring_IoT_Security
- 2019 paper CryptoREX_Large-scale_Analysis_of_Cryptographic_Misuse_in_IoT_Devices
- 2019 slides Firmware_Extraction
- ★☆☆☆☆ 2019 report 2019物联网安全年报
- 2019 blog ANATOMY_OF_A_FIRMWARE_ATTACK
- 2019 blog Toward_Automated_Firmware_Analysis_in_the_IoT_Era
- 2019 paper Sok_Security_evaluation_of_home-based_iot_deployments
- 2019 paper Toward_the_Analysis_of_Embedded_Firmware_through_Automated_Re-hosting
- 2019 paper FIRM-AFL_High-Throughput_Greybox_Fuzzing_of_IoT_Firmware_via_Augmented_Process_Emulation
- 2019 slides Insecure_Boot
- 2019 slides Embedded_Research_Automation
- 2020 paper IoT_Behavioral_Monitoring_via_Network_Traffic_Analysis
- 2020 paper On_the_State_of_Internet_of_Things_Security_Vulnerabilities_Attacks_and_Recent_Countermeasures
- 2020 survey A_Survey_of_Security_Vulnerability_Analysis_Discovery_Detection_and_Mitigation_on_IoT_Devices
- ★☆☆☆☆ 2020 paper FIRMCORN_Vulnerability-Oriented_Fuzzing_of_IoT_Firmware_via_Optimized_Virtual_Execution
- 2020 blog A Case Of Analysing Encrypted Firmware
- 2020 blog MINDSHARE: DEALING WITH ENCRYPTED ROUTER FIRMWARE
- 2020 blog Virtualizing ARM-Based Firmware Part - 1
- 2020 blog Virtualizing ARM-Based Firmware Part - 2
- 2020 slides Exploit (Almost) All Xiaomi Routers Using Logical Bugs
- 2020 blog WarezTheRemote Turning remotes into listening devices
- 2020 blog Identified and Authorized: Sneaking Past Edge-Based Access Control Devices
- 2020 slides The Art & Craft of writing ARM shellcode
- 2020 paper FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
- 2021 blog printing-shellz
- 2020 tool Qiling Framework: Introduction
- 2020 manual 消费级物联网安全基线
- 2021 report 2020物联网安全年报-绿盟
protocol
-
2015 specification MQTT Version 3.1.1 OASIS Standard
-
2019 specification MQTT Version 5.0 OASIS Standard
-
2015 blog MQTT Essentials
-
2019 blog MQTT 5 Essentials
-
2015 blog MQTT Security Fundamentals
-
2017 video A Guide to MQTT by Hacking a Doorbell to send Push Notifications
-
2017 blog Hacking the IoT with MQTT
-
2018 blog Are smart homes vulnerable to hacking?
-
2020 blog IoT Standards and Protocols
-
2020 survey Security_of_IoT_Application_Layer_Protocols_Challenges_and_Findings
-
2021 slides 基于模拟仿真的蓝牙协议栈漏洞挖掘
-
tool MQTT Explorer
-
tool Mosquitto
-
tool HiveMQ
-
tool Nmap Library mqtt
wireless
- 2007 paper Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
- 2008 paper Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
- 2016 slides GATTACKING_BLUETOOTH_SMART_DEVICES
- 2017 blog Getting Started With Radio Hacking – Part 1 – Radio Frequency Basics And Theory
- 2017 blog Getting Started With Radio Hacking – Part 2 – Listening To FM Using RTL-SDR And GQRX
- 2017 blog Reversing And Exploiting BLE 4.0 Communication
- 2017 blog How I Reverse Engineered And Exploited A Smart Massager
- 2018 blog “Find – Bluetooth Tracker” Responsible Vulnerability Disclosure – Blog
- 2018 blog Intel Edison as Bluetooth LE — Exploit box
- 2018 blog My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE
- 2018 blog Hacking Smart Locks with Bluetooth / BLE
- 2018 blog I hacked MiBand 3, and here is how I did it. Part I
- 2018 blog I hacked MiBand 3, and here is how I did it. Part II
- 2018 slides 802.11 Smart Fuzzing
- 2019 slides ble-bluetooth-low-energy-exploitation
- 2019 manual Bluetooth Core Specification
- 2019 blog ZigBee Networks An Overview for implementers and security testers
- 2020 slides Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares
- 2020 slides A Practical Introduction to Bluetooth Low Energy security without any special hardware
Vehicle
- car-hacking-videos
- 2015 blog Car Hacking series
- 2016 book The Car Hacker's Handbook: A Guide for the Penetration Tester
- 2016 slides Pentesting_Vehicles_with_CANToolz
- 2016 slides video Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle
- 2016 slides video Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers
- ★★★★☆ 2016 slides 特斯拉安全漏洞的发现过程
- ★★★★★ 2017 book 智能汽车安全攻防大揭秘
- ★★★★★ 2017 slides video Free-Fall: Hacking Tesla from Wireless to CAN Bus
- ★★★★★ 2018 slides video Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
- 2017 blog Building a Car Hacking Development Workbench
- 2018 slides video Car Infotainment Hacking Methodology and Attack Surface Scenarios
- 2018 blog 宝马多款车型的安全研究综述
- ★★★☆☆ 2018 report 2018智能网联汽车信息安全年度报告
- ★★★☆☆ 2019 report 2019智能网联汽车信息安全年度报告
- 2019 survey 车联网安全综述
- 2019 slides paper video Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars
- 2019 slides Common Attacks Against Car Infotainment Systems
- 2019 blog Car Hacking 101
- 2019 Automotive Penetration Testing with Scapy
- 2019 slides 0-days&Mitigations_Roadways_to_Exploit_and_Secure_Connected_BMW_Cars
- 2019 paper slides video Losing the Car Keys: Wireless PHY-Layer Insecurity in EV Charging
- 2020 paper slides video Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps
- *2020 paper slides video Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft
- ★★★★☆ 2020 blog Simple intros
- 2020 Hacking my Tesla Model 3
- 特斯拉固件逆向系列
- 2020 slides video 特斯拉NFC中继攻击
- 2020 report 车联网网络安全白皮书(2020年)
- 2020 report 智能网联汽车安全渗透白皮书(2020年)
- 2020 report 梅赛德斯-奔驰安全研究报告
- ★★☆☆☆ 2020 blog slides video Tesla远程API逆向分析与利用
- 2021 slides video X-in-the-Middle_Attacking_Fast_Charging_Piles_and_Electric_Vehicles
- ★★★☆☆ 2021 blog 施耐德充电桩漏洞挖掘之旅
- 2021 blog 奔驰汽车信息安全研究综述报告
- 2021 slides paper TBONE – A zero-click exploit for Tesla MCUs
- 2020 paper Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols
- 2021 report 车联网数据安全体系建设指南
hardware
- 2017 slides Breaking Code Read Protection on the NXP LPC-family Microcontrollers
- 2018 slides Hardware_toolkits_for_IoT_security_analysis
- 2019 book Hardware_Security_A_Hands-on_Learning_Approach
- 2019 slides Hardware Hacking 101
Android
- 2021 slides video (Un)protected Broadcasts in Android 9 and 10protected_Broadcasts_in_Android_9_and_10)
- 2020 book Android Application Secure Design/Secure Coding Guidebook
Linux
- 2007 blog Ltrace_Internals
- ★★★☆☆ 2011 blog Glibc内存管理_Ptmalloc2源代码分析
- 2016 book Learning_Linux_Binary_Analysis
- 2016 slides Anatomy_of_cross-compilation_toolchains
- ★★★☆☆ 2017 slides GDB基础
- 2017 slides Tips_for_Linux_Kernel_Development
- 2019 slides Linux_Kernel_and_Driver_Development_Training
- 2019 slides Embedded_Linux_system_development
- 2019 slides Buildroot_Training
Compiler
- 1994 book Reverse_Compilation_Techniques
- 2007 book Compilers_Principles_Techniques_and_Tools_2nd_Edition
- 2011 book Engineering_a_Compiler_2nd_edition
- 2012 book Modern_Compiler_Design_2nd_Edition
- 2014 book Getting_Started_with_LLVM_Core_Libraries
- 2014 slides BHUSA2014-capstone
- 2016 slides BHUSA2016-keystone
- 2018 slides Decompiler internals: microcode
Virtualization & Emulation
- 2015 slides BHUSA2015-unicorn
- 2018 slides Hypervisor-Level_Debugger_Benefits_Challenges
- 2018 slides unboxing_your_virtualboxes
- 2018 slides thinking_outside_the_virtualbox
- 2018 blog intel_virtualisation_how_vt-x_kvm_and_qemu_work_together
- 2019 manual VirtualBox_User_Manual
- 2020 manual openSUSE Leap 15.2 Virtualization Guide
Cryptography
- 2017 book A_Graduate_Course_in_Applied_Cryptography
- 2017 slides API_design_for_cryptography
- online TLS Security
CTF
- ★★★☆☆ 2014 slides An_introduction_to_the_Return_Oriented_Programming_and_ROP_chain_generation
- ★★☆☆☆ 2015 slides 掘金CTF_CTF中的内存漏洞利用技巧
- ★☆☆☆☆ 2015 slides PLAY_WITH_LINUX_HEAP
- ★★☆☆☆ 2015 blog Linux_x86漏洞利用系列教程
Others
- 2016 survey 云计算环境安全综述
- 2017 report X41_Browser_Security_White_Paper
- 2017 report Cure53_Browser_Security_White_Paper
- 2018 slides Reversing_Vulnerability_Research_of_Ethereum_Smart_Contracts
- ★★★☆☆ 2019 blog The_Beginners_Guide_to_IDAPython
- 2019 slides Bug_Hunting_in_Synology_NAS
- 2020 report 全球高级持续性威胁(APT)2019年报告
