2018-03-19 11:33:57 +07:00
# 第八章 学术篇
论文下载:
链接: https://pan.baidu.com/s/1G-WFCzAU2VdrrsHqJzjGpw 密码: vhfw
2018-06-12 19:15:50 +07:00
* [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) ](8.1_ret2libc_without_calls.md )
* [8.2 Return-Oriented Programming without Returns ](8.2_rop_without_ret.md )
2018-04-29 21:21:55 +07:00
* [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms ](8.3_rop_rootkits.md )
* [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks ](8.4_ropdefender.md )
* [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks ](8.5_dop.md )
* [8.6 Hacking Blind ](8.6_brop.md )
* [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses ](8.7_jit-rop_defenses.md )
2018-06-11 13:56:56 +07:00
* [8.8 All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask) ](8.8_dta_and_fse.md )
2018-04-29 21:21:55 +07:00
* [8.9 Symbolic Execution for Software Testing: Three Decades Later ](8.9_symbolic_execution.md )
* [8.10 AEG: Automatic Exploit Generation ](8.10_aeg.md )
* [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software ](8.11_aslp.md )
* [8.12 ASLR on the Line: Practical Cache Attacks on the MMU ](8.12_aslr_on_the_line.md )
* [8.13 New Frontiers of Reverse Engineering ](8.13_reverse_engineering.md )
* [8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries ](8.14_detecting_memory_allocators.md )
2018-06-12 19:15:50 +07:00
* [8.15 EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning ](8.15_emu_vs_real.md )
2018-04-29 21:21:55 +07:00
* [8.16 DynaLog: An automated dynamic analysis framework for characterizing Android applications ](8.16_dynalog.md )
2018-06-12 19:15:50 +07:00
* [8.17 A Static Android Malware Detection Based on Actual Used Permissions Combination and API Calls ](8.17_actual_permissions.md )
* [8.18 MaMaDroid: Detecting Android malware by building Markov chains of behavioral models ](8.18_malware_markov.md )
2018-04-29 21:21:55 +07:00
* [8.19 DroidNative: Semantic-Based Detection of Android Native Code Malware ](8.19_droidnative.md )
* [8.20 DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware ](8.20_droidanalytics.md )
* [8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks ](8.21_tracing_to_detect_spraying.md )
* [8.22 Practical Memory Checking With Dr. Memory ](8.22_memory_checking.md )
* [8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses ](8.23_current_anti-rop.md )
* [8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization ](8.24_runtime_re-randomization.md )
2018-06-11 13:56:56 +07:00
* [8.25 (State of) The Art of War: Offensive Techniques in Binary Analysis ](8.25_angr.md )
* [8.26 Driller: Augmenting Fuzzing Through Selective Symbolic Execution ](8.26_driller.md )
2018-06-14 17:34:09 +07:00
* [8.27 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware ](8.27_firmalice.md )
2018-06-17 16:46:53 +07:00
* [8.28 Cross-Architecture Bug Search in Binary Executables ](8.28_cross_arch_bug.md )
2018-06-02 13:52:30 +07:00
* [8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data ](8.29_dynamic_hooks.md )
2018-06-08 19:46:05 +07:00
* [8.30 Preventing brute force attacks against stack canary protection on networking servers ](8.30_prevent_brute_force_canary.md )
2018-06-11 13:56:56 +07:00
* [8.31 WYSINWYX What You See Is Not What You eXecute ](8.31_wysinwyx.md )
* [8.32 Unleashing MAYHEM on Binary Code ](8.32_mayhem.md )
* [8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code ](8.33_ucklee.md )
* [8.34 Enhancing Symbolic Execution with Veritesting ](8.34_veritesting.md )
* [8.35 Q: Exploit Hardening Made Easy ](8.35_q.md )
2018-06-12 19:15:50 +07:00
* [8.36 A Survey of Symbolic Execution Techniques ](8.36_survey_symbolic_execution.md )
* [8.37 CUTE: A Concolic Unit Testing Engine for C ](8.37_cute.md )
2018-06-14 17:34:09 +07:00
* [8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking ](8.38_tainteraser.md )
* [8.39 DART: Directed Automated Random Testing ](8.39_dart.md )
* [8.40 EXE: Automatically Generating Inputs of Death ](8.40_exe.md )
* [8.41 IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time ](8.41_intpatch.md )
* [8.42 Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software ](8.42_taintcheck.md )
* [8.43 DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation ](8.43_dta++.md )
2018-06-17 16:46:53 +07:00
* [8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics ](8.44_multiverse.md )
2018-07-13 23:31:51 +07:00
* [8.45 Ramblr: Making Reassembly Great Again ](8.45_ramblr.md )
* [8.46 FreeGuard: A Faster Secure Heap Allocator ](8.46_freeguard.md )
* [8.47 Jump-Oriented Programming: A New Class of Code-Reuse Attack ](8.47_jop.md )