Security Checking

Mobile

Android

中文描述 相关链接
Frida for Android平台使用案例 https://www.anquanke.com/post/id/168152

IOS

中文描述 相关链接
Best IOS source相关 http://newosxbook.com/tools/iOSBinaries.html
Darwin networking分析 http://newosxbook.com/bonus/vol1ch16.html
Darwin kernel架构预览 https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KernelProgramming/Architecture/Architecture.html
Netbottom 源码 http://newosxbook.com/src.jl?tree=listings&file=netbottom.c
Multipath TCP使用详解 https://developer.apple.com/documentation/foundation/nsurlsessionconfiguration/improving_network_reliability_using_multipath_tcp?language=objc
CoreTrust IOS12新特性分析 https://research.dynastic.co/2019/01/31/coretrust-overview
ARM8.3-A 新特新分析 https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html
Macosx平台的praudit工具 http://newosxbook.com/tools/supraudit.html
Apple T2协处理器解密 https://duo.com/labs/research/apple-t2-xpc
IOS TSS保存(主要用于越狱使用) https://tsssaver.1conan.com/
IOS12 for debugserver+lldb http://iosre.com/t/ios12-debugserver-lldb/14429
IOS tweaks和batter draining 的关系 https://geosn0w.github.io/Understanding-iOS-Tweaks-and-Battery-Draining/

Coding Related

中文描述 相关链接
Android dlfcn 修改版 https://github.com/lizhangqu/dlfcn_compat

Destop

UNIX&Linux

中文描述 相关链接
命令行参数分析 http://www.catb.org/esr/writings/taoup/html/ch10s05.html
iptable 入门书籍 https://homes.di.unimi.it/sisop/qemu/iptables-tutorial.pdf
POSIX shell相关的tricks https://www.etalabs.net/sh_tricks.html
系统管理员的notebook https://habr.com/en/post/437912/
栈溢出基础 https://security.stackexchange.com/questions/20497/stack-overflows-defeating-canaries-aslr-dep-nx
栈溢出基础二 https://bbs.pediy.com/thread-247992.htm
PWN 由浅入深 https://bbs.pediy.com/thread-248682.htm

windows

中文描述 相关链接
OALabs恶意软件分析虚拟机 https://oalabs.openanalysis.net/2018/07/16/oalabs_malware_analysis_virtual_machine/

UnderLying keystones

compiler

中文描述 相关链接
动态二进制指令修改 http://deniable.org/reversing/binary-instrumentation
动态二进制指令修改工具集 https://github.com/DynamoRIO/dynamorio
Miasm 指令集操作工具 https://miasm.re/blog/index.html
Retargetable Decompiler组件 https://retdec.com/
V8 typing bug分析 https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/
编写自己的虚拟机 https://justinmeiners.github.io/lc3-vm/
clang AST分析 https://jonasdevlieghere.com/understanding-the-clang-ast/
软件优化(编译器角度) https://agner.org/optimize/#testp
干掉编译器级别的混淆 https://www.carbonblack.com/2019/02/25/defeating-compiler-level-obfuscations-used-in-apt10-malware/
LLVM 工程 https://llvm.org/
编译器优化(视频资料) https://www.youtube.com/watch?v=KnkZ18m5u9I

Disassembler Related

中文描述 相关链接
ARM指令集文档 https://sourceware.org/cgen/gen-doc/arm-thumb-insn.html
DiARM命令行反编译器for ARM平台 http://newosxbook.com/tools/disarm.html
ARM处理器性能(A12X)hackernews 讨论 https://news.ycombinator.com/item?id=19325548

Coding Related(SSL)

中文描述 相关链接
Facebook 关于tls1.3的实现 https://code.fb.com/security/fizz/
SipHash 新型伪随机数产生器 https://131002.net/siphash/
End-to-End 端到端加密实现指南 https://matrix.org/docs/guides/e2e_implementation.html
EC(个人认为最好的入门材料) https://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/

Blog

中文描述 相关链接
yurichev 俄罗斯大神 https://yurichev.com/blog/
DH算法的非完美转发私密性Hacknews讨论 https://news.ycombinator.com/item?id=18725824
Exploring 列表 https://www.exploit-db.com/
“4chan”的起源 https://www.256kilobytes.com/content/show/4319/biography-of-christopher-moot-poole-the-hacker-known-as-4chan
逆向兴趣材料 http://www.righto.com/2019/02/op-amp-on-moon-reverse-engineering.html
Exploiting 漏洞挖掘指南一 https://www.fuzzysecurity.com/tutorials/expDev/1.html
Exploiting 漏洞挖掘指南二 https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

Challenge

Challenge topic linking address
Ruby related https://ghostbin.com/paste/y8xwb
2018 3c challenge https://archive.aachen.ccc.de/35c3ctf.ccc.ac/challenges/index.html
POC 相关实现及其文档 https://github.com/corkami/pocs
OSS security 安全列表 https://www.openwall.com/lists/oss-security/
ARM64 ROP 挑战 https://blog.perfect.blue/ROPing-on-Aarch64
Some ctf writeups https://github.com/perfectblue/ctf-writeups/blob/master/insomnihack-teaser-2019/nyanc/sol.py
价值5000万刀的ctf writeup https://github.com/manoelt/50M_CTF_Writeup/blob/master/README.md
腾讯libshell 加壳工具分析 https://github.com/romainthomas/tencent_packer
乐固libshella 2.10.1分析笔记 https://bbs.pediy.com/thread-218782-1.htm
dex脱壳脚本 https://bbs.pediy.com/thread-214999.htm
伪·MSC解题报告 https://bbs.pediy.com/thread-197244.htm
CTF2019 readyu crackme解题思路 https://bbs.pediy.com/thread-249772.htm
2019Q1赛季 第五题 青梅竹马解题思路 https://bbs.pediy.com/thread-250340.htm
ISFB loader引导分析 https://0ffset.net/reverse-engineering/malware-analysis/analysing-isfb-loader/

Hacker Tools

中文描述 相关链接
hacker工具 https://hacker-tools.github.io/
LIFE 库(解析二进制文件) https://lief.quarkslab.com/doc/latest/installation.html#python
GEF GDB增强 https://gef.readthedocs.io/en/master/
pwntools工具集 http://docs.pwntools.com/en/stable/
afl-fuzz工具 http://lcamtuf.coredump.cx/afl/
IPv4 检测 https://ipcheck.need.sh/
zmap 工具集(主要用于网络检测) https://zmap.io/
ROPgadget 用于ROP exploiting https://github.com/JonathanSalwan/ROPgadget
D语言 http://dtrace.org/guide/preface.html