forked from CHYbeta/Software-Security-Learning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.md
333 lines (264 loc) · 22.3 KB
/
README.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
# [Software-Security-Learning](https://chybeta.github.io/2017/08/19/Software-Security-Learning/)
在学习Software安全的过程中整合的一些资料。
该repo会不断更新,最近更新日期为:2018/02/17。
同步更新于: [chybeta: Software-Security-Learning (带目录) ](https://chybeta.github.io/2017/08/19/Software-Security-Learning/)
更新小记:
+ 新收录文章:
+ 浏览器安全
+ [浏览器漏洞](https://www.kanxue.com/book-9-208.htm)
+ [X41-Browser-Security-White-Paper](https://github.com/x41sec/browser-security-whitepaper-2017)
+ [纯干货:微软漏洞中国第一人黄正——如何用正确姿势挖掘浏览器漏洞(附完整 PPT)|硬创公开课 ](https://www.leiphone.com/news/201612/YlysgkvgBbeBIkL9.html)
<!-- more -->
---
# Bin Securiy
+ [软件安全工程师技能表](https://github.com/feicong/sec_skills)
## Tools
+ [pharos: Automated static analysis tools for binary programs](https://github.com/cmu-sei/pharos)
+ [Angr:The next-generation binary analysis platform ](https://github.com/angr/angr)
+ [Angr:一个具有动态符号执行和静态分析的二进制分析工具 ](http://www.freebuf.com/sectool/143056.html)
+ [angr初探](http://bestwing.me/2017/03/08/angr-study/)
+ [符号执行:利用Angr进行简单CTF逆向分析 ](http://www.freebuf.com/articles/web/150296.html)
+ [Vuzzer自动漏洞挖掘工具简单分析附使用介绍](http://www.freebuf.com/sectool/143123.html)
+ [PEDA - Python Exploit Development Assistance for GDB](https://github.com/longld/peda)
+ [pwntools - CTF framework and exploit development library](https://github.com/Gallopsled/pwntools)
## Course
+ [Modern Binary Exploitation](http://security.cs.rpi.edu/courses/binexp-spring2015/)
+ [Linux \(x86\) Exploit Development Series](https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/)
+ [liveoverflow: Binary Hacking Course](http://liveoverflow.com/binary_hacking/index.html)
+ [Lots of Tutorials](https://www.fuzzysecurity.com/tutorials.html)
### Hack The Virtual Memory
+ [Hack The Virtual Memory: C strings & /proc](https://blog.holbertonschool.com/hack-the-virtual-memory-c-strings-proc/)
+ [Hack The Virtual Memory: Python bytes](https://blog.holbertonschool.com/hack-the-virtual-memory-python-bytes/)
+ [Hack the Virtual Memory: drawing the VM diagram](https://blog.holbertonschool.com/hack-the-virtual-memory-drawing-the-vm-diagram/)
+ [Hack the Virtual Memory: malloc, the heap & the program break](https://blog.holbertonschool.com/hack-the-virtual-memory-malloc-the-heap-the-program-break/)
### Exploit writing tutorial
+ [Stack Based Overflows](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
+ [Stack Based Overflows – jumping to shellcode](https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/)
+ [SEH Based Exploits](https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/)
+ [SEH Based Exploits – just another example](https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/)
+ [From Exploit to Metasploit – The basics](https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/)
+ [How debugger modules & plugins can speed up basic exploit development](https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/)
+ [Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR](https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/)
+ [Unicode – from 0x00410041 to calc](https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/)
+ [Win32 Egg Hunting](https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/)
+ [Introduction to Win32 shellcoding](https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/)
+ [Chaining DEP with ROP](https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/)
+ [Heap Spraying Demystified](https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/)
## 基础知识
+ [Linux中的GOT和PLT到底是个啥? ](http://www.freebuf.com/articles/system/135685.html)
+ [教练!那根本不是IO!——从printf源码看libc的IO](http://bobao.360.cn/learning/detail/4490.html)
## ROP
### 一步一步ROP
+ [一步一步学ROP之linux\_x86篇](http://cb.drops.wiki/drops/tips-6597.html)
+ [一步一步学ROP之linux\_x86篇](http://cb.drops.wiki/drops/papers-7551.html)
+ [一步一步学ROP之gadgets和2free篇](http://cb.drops.wiki/drops/binary-10638.html)
+ [一步一步学ROP之Android ARM 32位篇](http://cb.drops.wiki/drops/papers-11390.html)
### 基本ROP
+ [Intro to ROP: ROP Emporium — Split](https://medium.com/@iseethieves/intro-to-rop-rop-emporium-split-9b2ec6d4db08)
+ [ROP Emporium](https://ropemporium.com/)
+ [ropasaurusrex: a primer on return-oriented programming2](https://blog.skullsecurity.org/2013/ropasaurusrex-a-primer-on-return-oriented-programming)
+ [ROP技术入门教程](http://bobao.360.cn/learning/detail/3569.html)
+ [二进制漏洞利用中的ROP技术研究与实例分析](https://xianzhi.aliyun.com/forum/read/840.html?fpage=2)
+ [现代栈溢出利用技术基础:ROP](http://bobao.360.cn/learning/detail/3694.html)
+ [通过ELF动态装载构造ROP链](http://wooyun.jozxing.cc/static/drops/binary-14360.html)
+ [Swing: 基础栈溢出复习 二 之 ROP ](http://bestwing.me/2017/03/19/stack-overflow-two-ROP/)
### BROP
+ [Blind Return Oriented Programming](http://www.scs.stanford.edu/brop/)
+ [muhe: Have fun with Blind ROP](http://o0xmuhe.me/2017/01/22/Have-fun-with-Blind-ROP/)
+ [Swing: 基础栈溢出复习 四 之 BROP ](http://bestwing.me/2017/03/24/stack-overflow-four-BROP/)
### SROP
+ [Sigreturn Oriented Programming \(SROP\) Attack攻击原理](http://www.freebuf.com/articles/network/87447.html)
+ [Swing: 基础栈溢出复习 三 之 SROP ](http://bestwing.me/2017/03/20/stack-overflow-three-SROP/)
### Return-to-dl-resolve
+ [如何在32位系统中使用ROP+Return-to-dl来绕过ASLR+DEP](http://www.freebuf.com/articles/system/149214.html)
+ [通过ELF动态装载构造ROP链 ( Return-to-dl-resolve)](http://www.evil0x.com/posts/19226.html)
## 栈漏洞
+ [手把手教你栈溢出从入门到放弃(上)](http://bobao.360.cn/learning/detail/3717.html)
+ [手把手教你栈溢出从入门到放弃(下)](http://bobao.360.cn/learning/detail/3718.html)
+ [Hcamael: PWN学习总结之基础栈溢出](http://0x48.pw/2016/11/03/0x26/)
+ [Hcamael: PWN学习总结之基础栈溢出2 ](http://0x48.pw/2016/11/21/0x27/)
+ [Swing: 基础栈溢出复习 之基础](http://bestwing.me/2017/03/18/stack-overflow-one/)
+ [ARM栈溢出攻击实践:从虚拟环境搭建到ROP利用 ](http://www.freebuf.com/articles/terminal/107276.html)
+ [64-bit Linux stack smashing tutorial: Part 1](https://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/)
+ [64-bit Linux stack smashing tutorial: Part 2](https://blog.techorganic.com/2015/04/21/64-bit-linux-stack-smashing-tutorial-part-2/)
+ [64-bit Linux stack smashing tutorial: Part 3](https://blog.techorganic.com/2016/03/18/64-bit-linux-stack-smashing-tutorial-part-3/)
+ [Offset2lib: bypassing full ASLR on 64bit Linu](http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html)
+ [return2libc学习笔记](https://www.tuicool.com/articles/VVBz6va)
## 堆漏洞
+ [Heap Exploitation](https://heap-exploitation.dhavalkapil.com/introduction.html)
+ [how2heap](https://github.com/shellphish/)
### 堆相关知识
+ [PWN之堆内存管理](http://paper.seebug.org/255/)
+ [Linux堆内存管理深入分析(上) ](http://www.freebuf.com/articles/system/104144.html)
+ [Linux堆内存管理深入分析(下) ](http://www.freebuf.com/articles/security-management/105285.html)
+ [Windows Exploit开发系列教程——堆喷射(一)](http://bobao.360.cn/learning/detail/3548.html)
+ [Windows Exploit开发系列教程——堆喷射(二)](http://bobao.360.cn/learning/detail/3555.html)
+ [Libc堆管理机制及漏洞利用技术 \(一) ](http://www.freebuf.com/articles/system/91527.html)
+ [Notes About Heap Overflow Under Linux](https://blog.iret.xyz/article.aspx/linux_heapoverflow_enterance)
+ [如何理解堆和堆溢出漏洞的利用?](http://www.freebuf.com/vuls/98404.html)
+ [Have fun with glibc内存管理](http://o0xmuhe.me/2016/11/21/Have-fun-with-glibc%E5%86%85%E5%AD%98%E7%AE%A1%E7%90%86/)
+ [内存映射mmap](http://www.tuicool.com/articles/A7n2ueq)
+ [glibc malloc学习笔记之fastbin](http://0x48.pw/2017/07/25/0x35/)
+ [malloc.c源码阅读之__libc_free](http://0x48.pw/2017/08/07/0x37/)
+ [Malloc碎碎念](http://www.cnblogs.com/wangaohui/p/5190889.html)
+ [glibc内存分配与回收过程图解](http://blog.csdn.net/maokelong95/article/details/52006379)
+ [理解 glibc malloc](http://blog.csdn.net/maokelong95/article/details/51989081#allocated-chunk)
### 堆利用技术
+ [how2heap总结-上](http://bobao.360.cn/learning/detail/4386.html)
+ [how2heap总结-下](http://bobao.360.cn/learning/detail/4383.html)
+ [溢出科普:heap overflow&溢出保护和绕过](http://wooyun.jozxing.cc/static/drops/binary-14596.html)
+ [现代化的堆相关漏洞利用技巧](http://bobao.360.cn/learning/detail/3197.html)
+ [从一字节溢出到任意代码执行-Linux下堆漏洞利用](http://bobao.360.cn/learning/detail/3113.html)
+ [Heap overflow using unlink](https://sploitfun.wordpress.com/2015/02/26/heap-overflow-using-unlink/?spm=a313e.7916648.0.0.x4nzYZ)
+ [堆溢出的unlink利用方法](https://www.tuicool.com/articles/E3Ezu2u)
+ [Linux堆溢出漏洞利用之unlink](https://jaq.alibaba.com/community/art/show?spm=a313e.7916646.24000001.74.ZP8rXN&articleid=360)
+ [浅析Linux堆溢出之fastbin](http://www.freebuf.com/news/88660.html?utm_source=tuicool&utm_medium=referral)
+ [Linux堆溢出之Fastbin Attack实例详解](http://bobao.360.cn/learning/detail/3996.html)
+ [unsorted bin attack分析](http://bobao.360.cn/learning/detail/3296.html)
+ [Double Free浅析](http://www.vuln.cn/6172)
+ [Understanding the heap by breaking it](http://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf)
+ [An Introduction to Use After Free Vulnerabilities](https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities)
+ [Use After Free漏洞浅析](http://bobao.360.cn/learning/detail/3379.html?utm_source=tuicool&utm_medium=referral)
+ [Linux堆漏洞之Use after free实例](http://d0m021ng.github.io/2017/03/04/PWN/Linux堆漏洞之Use-after-free实例/)
+ [堆之House of Spirit](http://bobao.360.cn/learning/detail/3417.html)
+ [Dance In Heap(一):浅析堆的申请释放及相应保护机制 ](http://www.freebuf.com/articles/system/151372.html)
+ [Dance In Heap(二):一些堆利用的方法(上) ](http://www.freebuf.com/articles/system/151407.html)
+ [Dance In Heap(三):一些堆利用的方法(中) ](http://www.freebuf.com/articles/system/151428.html)
+ [Dance In Heap(四):一些堆利用的方法(下) ](http://www.freebuf.com/articles/system/151435.html)
+ [Glibc Adventures:The Forgotten Chunks](https://info.contextis.com/acton/attachment/24535/f-02c8/1/-/-/-/-/Glibc%20Adventures%3A%20The%20forgotten%20chunks.pdf)
## 格式化字符串漏洞
+ [Exploiting Format String Vulnerabilities](https://crypto.stanford.edu/cs155old/cs155-spring08/papers/formatstring-1.2.pdf)
+ [二进制漏洞之——邪恶的printf](http://cb.drops.wiki/drops/binary-6259.html)
+ [漏洞挖掘基础之格式化字符串](http://cb.drops.wiki/drops/papers-9426.html)
+ [格式化字符串漏洞利用小结(一)](http://bobao.360.cn/learning/detail/3654.html)
+ [格式化字符串漏洞利用小结(二)](http://bobao.360.cn/learning/detail/3674.html)
+ [Linux下的格式化字符串漏洞利用姿势](http://www.cnblogs.com/Ox9A82/p/5429099.html)
+ [Linux系统下格式化字符串利用研究 ](http://0x48.pw/2017/03/13/0x2c/?utm_source=tuicool&utm_medium=referral)
+ [Advances in format string exploitation](http://phrack.org/issues/59/7.html)
+ [Exploiting Sudo format string vunerability](http://www.vnsecurity.net/research/2012/02/16/exploiting-sudo-format-string-vunerability.html)
## 其余漏洞
### FSP溢出
+ [Head First FILE Stream Pointer Overflow](http://wooyun.jozxing.cc/static/drops/binary-12740.html)
+ [abusing the FILE structure](https://outflux.net/blog/archives/2011/12/22/abusing-the-file-structure/)
+ [File Stream Pointer Overflows Paper.](http://repo.thehackademy.net/depot_ouah/fsp-overflows.txt)
+ [溢出利用FILE结构体](http://bobao.360.cn/learning/detail/3219.html)
### 整数溢出
+ [整数溢出漏洞](http://blog.csdn.net/wuxiaobingandbob/article/details/44618925)
## 保护绕过
### Cannary绕过
+ [栈溢出之绕过CANARY保护 ](http://0x48.pw/2017/03/14/0x2d/)
+ [论canary的几种玩法](http://veritas501.space/2017/04/28/论canary的几种玩法/)
+ [Liunx下关于绕过cancry保护总结](http://yunnigu.dropsec.xyz/2017/03/20/Liunx下关于绕过cancry保护总结/)
## 内核
+ [Some-Kernel-Fuzzing-Paper](https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper)
+ [Introduction to Windows Kernel Driver Exploitation (Pt. 1) - Environment Setup](Introduction to Windows Kernel Driver Exploitation (Pt. 1) - Environment Setup)
+ [Introduction to Windows Kernel Driver Exploitation (Pt. 2) - Stack Buffer Overflow to System Shell](https://glennmcgui.re/introduction-to-windows-kernel-driver-exploitation-pt-2/)
+ [HackSysExtremeVulnerableDriver](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver)
+ [Starting with Windows Kernel Exploitation – part 1 – setting up the lab](https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/)
+ [Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver](https://hshrzd.wordpress.com/2017/06/05/starting-with-windows-kernel-exploitation-part-2/)
+ [利用WinDbg本地内核调试器攻陷 Windows 内核](http://bobao.360.cn/learning/detail/4477.html)
+ [Windows内核利用之旅:熟悉HEVD(附视频演示)](http://bobao.360.cn/learning/detail/4002.html)
+ [Windows 内核攻击:栈溢出](http://bobao.360.cn/learning/detail/3718.html)
+ [Linux 内核漏洞利用教程(一):环境配置](http://bobao.360.cn/learning/detail/3700.html)
+ [Linux 内核漏洞利用教程(二):两个Demo](http://bobao.360.cn/learning/detail/3702.html)
+ [Linux 内核漏洞利用教程(三):实践 CSAW CTF 题目](http://bobao.360.cn/learning/detail/3706.html)
+ [Linux内核ROP姿势详解\(一\) ](http://www.freebuf.com/articles/system/94198.html)
+ [Linux内核ROP姿势详解(二)](http://www.freebuf.com/articles/system/135402.html)
## 虚拟机逃逸
+ [Phrack: VM escape - QEMU Case Study](https://www.exploit-db.com/papers/42883/)
+ [虚拟机逃逸——QEMU的案例分析(一)](http://bbs.pediy.com/thread-217997.htm)
+ [虚拟机逃逸——QEMU的案例分析(二)](http://bbs.pediy.com/thread-217999.htm)
+ [虚拟机逃逸——QEMU的案例分析(三) ](http://bbs.pediy.com/thread-218045.htm)
## ARM
+ [ARM 汇编基础速成1:ARM汇编以及汇编语言基础介绍](http://bobao.360.cn/learning/detail/4070.html)
+ [ARM 汇编基础速成2:ARM汇编中的数据类型](http://bobao.360.cn/learning/detail/4075.html)
+ [ARM 汇编基础速成3:ARM模式与THUMB模式](http://bobao.360.cn/learning/detail/4082.html)
+ [ARM 汇编基础速成4:ARM汇编内存访问相关指令](http://bobao.360.cn/learning/detail/4087.html)
+ [ARM 汇编基础速成5:连续存取](http://bobao.360.cn/learning/detail/4097.html)
+ [ARM 汇编基础速成6:条件执行与分支](http://bobao.360.cn/learning/detail/4104.html)
+ [ARM 汇编基础速成7:栈与函数](http://bobao.360.cn/learning/detail/4108.html)
## Lua
+ [Lua程序逆向之Luac文件格式分析](http://bobao.360.cn/learning/detail/4534.html)
## 进程注入
+ [10种常见的进程注入技术的总结](http://bobao.360.cn/learning/detail/4131.html)
+ [系统安全攻防战:DLL注入技术详解 ](http://www.freebuf.com/articles/system/143640.html)
## 符号执行
+ [关于符号执行](https://github.com/enzet/symbolic-execution)
+ [Playing with Dynamic symbolic execution](http://www.miasm.re/blog/2017/10/05/playing_with_dynamic_symbolic_execution.html)
## 漏洞挖掘
+ [看我如何对Apache进行模糊测试并挖到了一个价值1500刀的漏洞](http://bobao.360.cn/learning/detail/4213.html)
## CTF中的pwn
+ [pwn & exploit](https://github.com/jmpews/pwn2exploit)
### 入门
+ [跟我入坑PWN第一章](http://bobao.360.cn/learning/detail/3300.html)
+ [跟我入坑PWN第二章](http://bobao.360.cn/learning/detail/3339.html)
### 技巧
+ [借助DynELF实现无libc的漏洞利用小结](http://bobao.360.cn/learning/detail/3298.html?utm_source=tuicool&utm_medium=referral)
+ [what DynELF does basically ](http://o0xmuhe.me/2016/12/24/what-DynELF-does-basically/)
+ [Finding Function's Load Address ](http://uaf.io/exploitation/misc/2016/04/02/Finding-Functions.html)
### 总结
+ [CTF总结](https://github.com/stfpeak/CTF)
+ [pwn tips](http://skysider.com/?p=223)
+ [CTF-pwn-tips](https://github.com/Naetw/CTF-pwn-tips)
+ [pwn 学习总结](http://www.angelwhu.com/blog/?p=460)
+ [CTF中做Linux下漏洞利用的一些心得](http://www.cnblogs.com/Ox9A82/p/5559167.html)
+ [linux常见漏洞利用技术实践](http://drops.xmd5.com/static/drops/binary-6521.html)
### WP
+ [堆溢出学习之0CTF 2017 Babyheap ](http://0x48.pw/2017/08/01/0x36/)
+ [一道有趣的CTF PWN题](http://bobao.360.cn/learning/detail/3189.html)
+ [Exploit-Exercises Nebula全攻略](https://github.com/1u4nx/Exploit-Exercises-Nebula)
+ [三个白帽之从pwn me调试到Linux攻防学习](http://wooyun.jozxing.cc/static/drops/binary-16700.html)
# Android Security
## Exercise
+ [DIVA Android](https://github.com/payatu/diva-android/)
+ [Android安全项目入门篇](https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&mid=2649846643&idx=1&sn=0286e8f1b3e6da0acbd129cb248eac2a)
## Skill
+ [Android应用逆向工程](http://bobao.360.cn/learning/detail/4428.html)
+ [初探 Android SO 开发](http://www.ikey4u.com/blog/android-develop/android-so/)
+ [Android App漏洞学习(一)](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247484642&idx=1&sn=d34ec8b6fc9b5a63b627316e13821b13&chksm=ec1e34cadb69bddc80598c93a0aef429d0b1d668b4fc6e5e6b31a7a3ebfa713aafda1f1b8f7a&scene=21#wechat_redirect)
+ [Android App漏洞学习(二) ](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247484706&idx=1&sn=eb49d5f71f89fd4d2e3bec23c44c0ae6&chksm=ec1e350adb69bc1c9f775bfaf997459e1cfa3beb065f553ed90fbd88220d7739487e9f7208bd#rd)
+ [WIKI: Android](http://wiki.ioin.in/sort/android)
+ [Android组件安全](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247484387&idx=1&sn=7264428205276452d40c1ef7b1ed0dcc&chksm=ec1e33cbdb69badd00794f81caa43e5d62e0dc9bb7b9baa9d4c3c9eb64a3a0a18613356bf584#rd)
+ [通过 WebView 攻击 Android 应用](https://zhuanlan.zhihu.com/p/28107901)
## Tool
+ [走到哪黑到哪——Android渗透测试三板斧](http://bobao.360.cn/learning/detail/4254.html)
+ [Brida:将frida与burp结合进行移动app渗透测试](http://www.4hou.com/penetration/6916.html)
# 浏览器安全
+ [浏览器漏洞](https://www.kanxue.com/book-9-208.htm)
+ [浅谈多浏览器的自动化测试](http://www.freebuf.com/articles/others-articles/145586.html)
+ [浏览器漏洞挖掘思路](https://zhuanlan.zhihu.com/p/28719766)
+ [IE漏洞攻防编年简史](http://blog.topsec.com.cn/ad_lab/ie%E6%BC%8F%E6%B4%9E%E6%94%BB%E9%98%B2%E7%BC%96%E5%B9%B4%E7%AE%80%E5%8F%B2/)
+ [IE浏览器漏洞综合利用技术:UAF利用技术的发展](http://bobao.360.cn/learning/detail/3666.html)
+ [IE浏览器漏洞综合利用技术:堆喷射技术](http://bobao.360.cn/learning/detail/3656.html)
+ [cure53-browser-sec-whitepaper](https://github.com/cure53/browser-sec-whitepaper)
+ [X41-Browser-Security-White-Paper](https://github.com/x41sec/browser-security-whitepaper-2017)
+ [纯干货:微软漏洞中国第一人黄正——如何用正确姿势挖掘浏览器漏洞(附完整 PPT)|硬创公开课 ](https://www.leiphone.com/news/201612/YlysgkvgBbeBIkL9.html)
# IOS/OSX Securiy
+ [OSX/iOS reverse engineering](https://github.com/michalmalik/osx-re-101)
## IOS
### Exercise
+ [Damn Vulnerable iOS Application (DVIA)](http://damnvulnerableiosapp.com/#trainings)
### Skill
+ [IosHackStudy](https://github.com/pandazheng/IosHackStudy)
+ [Papers, Slides and Thesis Archive : iOS](https://papers.put.as/ios/ios/)
+ [ios-wiki: iOS Security](http://security.ios-wiki.com/)
+ [apple官方文档:iOS Security](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)
+ [iOS安全系列汇总](http://esoftmobile.com/2014/02/14/ios-security/)
+ [浅谈iOS应用安全自动化审计](https://security.tencent.com/index.php/blog/msg/105)
+ [iOS安全审计入门](http://www.freebuf.com/articles/terminal/123098.html)
+ [iOS内核漏洞挖掘–fuzz&代码审计](http://blog.pangu.io/xkungfoo2015/)
## OSX
### Exercise
+ [OS X : Crackmes](https://reverse.put.as/crackmes/)
+ [OS X内核大揭秘之基础篇](http://bobao.360.cn/learning/detail/4501.html)
+ [OS X内核大揭秘之利用篇](http://bobao.360.cn/learning/detail/4500.html)
### Skill
+ [Papers, Slides and Thesis Archive : Mac OS X](https://papers.put.as/macosx/macosx/)
+ [实现 macOS 内核监控的几种方法](https://paper.seebug.org/380/)
# 蓝牙安全
+ [Guide to Bluetooth Security](https://csrc.nist.gov/csrc/media/publications/sp/800-121/rev-2/draft/documents/sp800_121_r2_draft.pdf)
# malware
+ [Reverse engineering malware: TrickBot (part 1 - packer)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-1-packer)
+ [Reverse engineering malware: TrickBot (part 2 - loader)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-2-loader)
+ [Reverse engineering malware: TrickBot (part 3 - core)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-3-core )
+ [《恶意样本分析手册》合辑](http://blog.nsfocus.net/malware-sample-analysis-summary/)