2017-08-11 23:24:19 +07:00
# Summary
2017-11-30 18:54:38 +07:00
GitHub 地址: https://github.com/firmianay/CTF-All-In-One
2017-08-11 23:24:19 +07:00
* [简介 ](README.md )
2017-12-14 09:21:13 +07:00
* [前言 ](doc/0_preface.md )
2017-08-11 23:24:19 +07:00
* [一、基础知识篇 ](doc/1_basic.md )
2017-12-25 14:07:24 +07:00
* [1.1 CTF 简介 ](doc/1.1_ctf.md )
* [1.2 学习方法 ](doc/1.2_how_to_learn.md )
* [1.3 Linux 基础 ](doc/1.3_linux_basic.md )
* [1.4 Web 安全基础 ](doc/1.4_web_basic.md )
2017-12-26 15:15:13 +07:00
* [1.4.1 HTML 基础 ](doc/1.4.1_html_basic.md )
* [1.4.2 HTTP 协议基础 ](doc/1.4.2_http_basic.md )
* [1.4.3 JavaScript 基础 ](doc/1.4.3_javascript_basic.md )
* [1.4.4 常见 Web 服务器基础 ](doc/1.4.4_webserver_basic.md )
* [1.4.5 OWASP Top Ten Project 漏洞基础 ](doc/1.4.5_owasp_basic.md )
* [1.4.6 PHP 源码审计基础 ](doc/1.4.6_php_basic.md )
2017-12-25 14:07:24 +07:00
* [1.5 逆向工程基础 ](doc/1.5_reverse_basic.md )
* [1.5.1 C 语言基础 ](doc/1.5.1_c_basic.md )
* [1.5.2 x86/x86-64 汇编基础 ](doc/1.5.2_x86&x64.md )
* [1.5.3 Linux ELF ](doc/1.5.3_elf.md )
* [1.5.4 Windows PE ](doc/1.5.4_pe.md )
* [1.5.5 静态链接 ](doc/1.5.5_static_link.md )
* [1.5.6 动态链接 ](doc/1.5.6_dynamic_link.md )
* [1.5.7 内存管理 ](doc/1.5.7_memory.md )
* [1.5.8 glibc malloc ](doc/1.5.8_glibc_malloc.md )
2018-03-30 20:18:28 +07:00
* [1.5.9 Linux 内核 ](doc/1.5.9_linux_kernel.md )
* [1.5.10 Windows 内核 ](doc/1.5.10_windows_kernel.md )
2017-12-25 14:07:24 +07:00
* [1.6 密码学基础 ](doc/1.6_crypto_basic.md )
* [1.6.1 初等数论 ](doc/1.6.1_number_theory.md )
* [1.6.2 近世代数 ](doc/1.6.2_modern_algebra.md )
* [1.6.3 流密码 ](doc/1.6.3_stream_cipher.md )
* [1.6.4 分组密码 ](doc/1.6.4_block_cipher.md )
* [1.6.5 公钥密码 ](doc/1.6.5_public-key_crypto.md )
* [1.6.6 哈希函数 ](doc/1.6.6_hash.md )
* [1.6.7 数字签名 ](doc/1.6.7_digital_signature.md )
* [1.7 Android 安全基础 ](doc/1.7_android_basic.md )
* [1.7.1 Android 环境搭建 ](doc/1.7.1_android_env.md )
* [1.7.2 Dalvik 指令集 ](doc/1.7.2_dalvik.md )
* [1.7.3 ARM 汇编基础 ](doc/1.7.3_arm.md )
* [1.7.4 Android 常用工具 ](doc/1.7.4_android_tools.md )
2017-08-11 23:24:19 +07:00
* [二、工具篇 ](doc/2_tools.md )
2017-12-25 14:07:24 +07:00
* [2.1 VM ](doc/2.1_vm.md )
2018-01-25 09:56:13 +07:00
* [2.1.1 QEMU ](doc/2.1.1_qemu.md )
2017-12-25 14:07:24 +07:00
* [2.2 gdb/peda ](doc/2.2_gdb.md )
* [2.3 ollydbg ](doc/2.3_ollydbg.md )
* [2.4 windbg ](doc/2.4_windbg.md )
* [2.5 radare2 ](doc/2.5_radare2.md )
* [2.6 IDA Pro ](doc/2.6_idapro.md )
* [2.7 pwntools ](doc/2.7_pwntools.md )
* [2.8 zio ](doc/2.8_zio.md )
* [2.9 JEB ](doc/2.9_jeb.md )
* [2.10 metasploit ](doc/2.10_metasploit.md )
* [2.11 binwalk ](doc/2.11_binwalk.md )
* [2.12 Burp Suite ](doc/2.12_burpsuite.md )
2018-02-04 11:12:44 +07:00
* [2.13 LLDB ](doc/2.13_lldb.md )
2017-08-11 23:24:19 +07:00
* [三、分类专题篇 ](doc/3_topics.md )
2017-12-25 14:07:24 +07:00
* [3.1 Reverse ](doc/3.1_reverse.md )
* [3.2 Crypto ](doc/3.2_crypto.md )
* [3.2.1 古典密码 ](doc/3.2.1_classic_crypto.md )
* [3.3 Pwn ](doc/3.3_pwn.md )
* [3.3.1 格式化字符串漏洞 ](doc/3.3.1_format_string.md )
* [3.3.2 整数溢出 ](doc/3.3.2_integer_overflow.md )
* [3.3.3 栈溢出 ](doc/3.3.3_stack_overflow.md )
2018-03-18 15:45:52 +07:00
* [3.3.4 返回导向编程( ROP) ( x86) ](doc/3.3.4_rop_x86.md )
* [3.3.5 返回导向编程( ROP) ( ARM) ](doc/3.3.5_rop_arm.md )
* [3.3.6 Linux 堆利用(上) ](doc/3.3.6_heap_exploit_1.md )
* [3.3.7 Linux 堆利用(中) ](doc/3.3.7_heap_exploit_2.md )
* [3.3.8 Linux 堆利用(下) ](doc/3.3.8_heap_exploit_3.md )
* [3.3.9 内核 ROP ](doc/3.3.9_kernel_rop.md )
* [3.3.10 Linux 内核漏洞利用 ](doc/3.3.10_linux_kernel_exploit.md )
* [3.3.11 Windows 内核漏洞利用 ](doc/3.3.11_windows_kernel_exploit.md )
2018-03-23 21:14:25 +07:00
* [3.3.12 竞争条件 ](doc/3.3.12_race_condition.md )
2017-12-25 14:07:24 +07:00
* [3.4 Web ](doc/3.4_web.md )
2018-01-11 20:30:41 +07:00
* [3.4.1 SQL 注入利用 ](doc/3.4.1_sql_injection.md )
* [3.4.2 XSS 漏洞利用 ](doc/3.4.2_xss.md )
2017-12-25 14:07:24 +07:00
* [3.5 Misc ](doc/3.5_misc.md )
* [3.6 Mobile ](doc/3.6_mobile.md )
2017-08-11 23:24:19 +07:00
* [四、技巧篇 ](doc/4_tips.md )
2018-04-12 21:16:00 +07:00
* [4.1 Linux 内核调试 ](doc/4.1_linux_kernel_debug.md )
2017-12-25 14:07:24 +07:00
* [4.2 Linux 命令行技巧 ](doc/4.2_Linux_terminal_tips.md )
* [4.3 GCC 编译参数解析 ](doc/4.3_gcc_arg.md )
* [4.4 GCC 堆栈保护技术 ](doc/4.4_gcc_sec.md )
2018-03-18 15:45:52 +07:00
* [4.5 ROP 防御技术 ](doc/4.5_defense_rop.md )
2017-12-25 14:07:24 +07:00
* [4.6 one-gadget RCE ](doc/4.6_one-gadget_rce.md )
* [4.7 通用 gadget ](doc/4.7_common_gadget.md )
* [4.8 使用 DynELF 泄露函数地址 ](doc/4.8_dynelf.md )
2018-03-24 00:05:55 +07:00
* [4.9 patch 二进制文件 ](doc/4.9_patch_binary.md )
* [4.10 反调试技术 ](doc/4.10_antidbg.md )
2018-03-24 18:16:03 +07:00
* [4.11 指令混淆 ](doc/4.11_instruction_confusion.md )
2018-04-09 00:12:57 +07:00
* [4.12 利用 __stack_chk_fail ](doc/4.12_stack_chk_fail.md )
2018-04-14 19:52:17 +07:00
* [4.13 利用 _IO_FILE 结构 ](doc/4.13_io_file.md )
* [4.14 glibc tcache 机制 ](doc/4.14_glibc_tcache.md )
2018-04-18 21:15:42 +07:00
* [4.15 利用 vsyscall 和 vDSO ](doc/4.15_vsyscall_vdso.md )
2017-08-11 23:24:19 +07:00
* [五、高级篇 ](doc/5_advanced.md )
2018-03-28 21:51:35 +07:00
* [5.0 软件漏洞分析 ](doc/5.0_vulnerability.md )
2018-03-15 22:16:56 +07:00
* [5.1 模糊测试 ](doc/5.1_fuzzing.md )
2018-01-21 21:41:35 +07:00
* [5.1.1 AFL fuzzer ](doc/5.1.1_afl_fuzzer.md )
2018-01-25 23:50:41 +07:00
* [5.1.2 libFuzzer ](doc/5.1.2_libfuzzer.md )
2018-03-24 18:51:04 +07:00
* [5.2 动态二进制插桩 ](doc/5.2_dyn_binary_instrumentation.md )
* [5.2.1 Pin ](doc/5.2.1_pin.md )
* [5.2.2 DynamoRio ](doc/5.2.2_dynamorio.md )
* [5.2.3 Valgrind ](doc/5.2.3_valgrind.md )
2018-02-06 13:30:35 +07:00
* [5.3 符号执行 ](doc/5.3_symbolic_execution.md )
* [5.3.1 angr ](doc/5.3.1_angr.md )
* [5.3.2 Triton ](doc/5.3.2_triton.md )
* [5.3.3 KLEE ](doc/5.3.3_klee.md )
* [5.3.4 S²E ](doc/5.3.4_s2e.md )
2018-03-24 18:51:04 +07:00
* [5.4 数据流分析 ](doc/5.4_dataflow_analysis.md )
2018-03-31 20:27:09 +07:00
* [5.4.1 Soot ](doc/5.4.1_soot.md )
2018-03-24 18:51:04 +07:00
* [5.5 污点分析 ](doc/5.5_taint_analysis.md )
* [5.5.1 动态污点分析 ](doc/5.5.1_dyn_taint_analysis.md )
2017-12-25 14:07:24 +07:00
* [5.6 LLVM ](doc/5.6_llvm.md )
2018-03-24 18:51:04 +07:00
* [5.6.1 Clang ](doc/5.6.1_clang.md )
2017-12-25 14:07:24 +07:00
* [5.7 Capstone/Keystone ](doc/5.7_cap-keystone.md )
* [5.8 SAT/SMT ](doc/5.8_sat-smt.md )
2018-02-06 13:30:35 +07:00
* [5.8.1 Z3 ](doc/5.8.1_z3.md )
2018-03-28 21:51:35 +07:00
* [5.9 基于模式的漏洞分析 ](doc/5.9_pattern_based_detection.md )
* [5.10 基于二进制比对的漏洞分析 ](doc/5.10_diff_based_detection.md )
* [5.11 反编译技术 ](doc/5.11_decompiling.md )
* [5.11.1 RetDec ](doc/5.11.1_retdec.md )
2018-01-31 10:28:00 +07:00
* [5.12 Unicorn 模拟器 ](doc/5.12_unicorn.md )
2017-11-05 16:21:02 +07:00
* [六、题解篇 ](doc/6_writeup.md )
2017-11-23 20:32:22 +07:00
* pwn
* [6.1.1 pwn HCTF2016 brop ](doc/6.1.1_pwn_hctf2016_brop.md )
* [6.1.2 pwn NJCTF2017 pingme ](doc/6.1.2_pwn_njctf2017_pingme.md )
* [6.1.3 pwn XDCTF2015 pwn200 ](doc/6.1.3_pwn_xdctf2015_pwn200.md )
* [6.1.4 pwn BackdoorCTF2017 Fun-Signals ](doc/6.1.4_pwn_backdoorctf2017_fun_signals.md )
* [6.1.5 pwn GreHackCTF2017 beerfighter ](doc/6.1.5_pwn_grehackctf2017_beerfighter.md )
* [6.1.6 pwn DefconCTF2015 fuckup ](doc/6.1.6_pwn_defconctf2015_fuckup.md )
* [6.1.7 pwn 0CTF2015 freenote ](doc/6.1.7_pwn_0ctf2015_freenote.md )
2017-12-09 09:35:26 +07:00
* [6.1.8 pwn DCTF2017 Flex ](doc/6.1.8_pwn_dctf2017_flex.md )
2018-04-08 08:43:42 +07:00
* [6.1.9 pwn RHme3 Exploitation ](doc/6.1.9_pwn_rhme3_exploitation.md )
* [6.1.10 pwn 0CTF2017 BabyHeap2017 ](doc/6.1.10_pwn_0ctf2017_babyheap2017.md )
* [6.1.11 pwn 9447CTF2015 Search-Engine ](doc/6.1.11_pwn_9447ctf2015_search_engine.md )
* [6.1.12 pwn N1CTF2018 vote ](doc/6.1.12_pwn_n1ctf2018_vote.md )
* [6.1.13 pwn 34C3CTF2017 readme_revenge ](doc/6.1.13_pwn_34c3ctf2017_readme_revenge.md )
2018-04-09 00:12:57 +07:00
* [6.1.14 pwn 32C3CTF2015 readme ](doc/6.1.14_pwn_32c3ctf2015_readme.md )
2018-04-14 19:52:17 +07:00
* [6.1.15 pwn 34C3CTF2017 SimpleGC ](doc/6.1.15_pwn_34c3ctf2017_simplegc.md )
2018-04-21 11:02:03 +07:00
* [6.1.16 pwn HITBCTF2017 1000levels ](doc/6.1.16_pwn_hitbctf2017_1000levels.md )
2018-04-19 13:37:37 +07:00
* [6.1.17 pwn SECCONCTF2016 jmper ](doc/6.1.17_pwn_secconctf2016_jmper.md )
2018-04-21 11:02:03 +07:00
* [6.1.18 pwn HITBCTF2017 Sentosa ](doc/6.1.18_pwn_hitbctf2017_sentosa.md )
2017-11-23 20:32:22 +07:00
* re
* [6.2.1 re XHPCTF2017 dont_panic ](doc/6.2.1_re_xhpctf2017_dont_panic.md )
2017-11-28 16:12:21 +07:00
* [6.2.2 re ECTF2016 tayy ](doc/6.2.2_re_ectf2016_tayy.md )
2017-12-02 22:38:19 +07:00
* [6.2.3 re Codegate2017 angrybird ](doc/6.2.3_re_codegate2017_angrybird.md )
2017-12-04 15:13:39 +07:00
* [6.2.4 re CSAWCTF2015 wyvern ](doc/6.2.4_re_csawctf2015_wyvern.md )
2017-12-05 18:06:40 +07:00
* [6.2.5 re PicoCTF2014 Baleful ](doc/6.2.5_re_picoctf2014_baleful.md )
2017-12-18 15:39:33 +07:00
* [6.2.6 re SECCON2017 printf_machine ](doc/6.2.6_re_seccon2017_printf_machine.md )
2018-01-11 20:30:41 +07:00
* web
* [6.3.1 web HCTF2017 babycrack ](doc/6.3.1_web_hctf2017_babycrack.md )
2017-12-07 08:30:58 +07:00
* [七、实战篇 ](doc/7_exploit.md )
2018-03-08 20:05:51 +07:00
* CVE
* [7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow](doc/7.1.1_tcpdump_2017-11543.md)
* [7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow](doc/7.1.2_glibc_2015-0235.md)
* [7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload](doc/7.1.3_wget_2016-4971.md)
* [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](doc/7.1.4_wget_2017-13089.md)
* [7.1.5 [CVE– 2018-1000001] glibc Buffer Underflow](doc/7.1.5_glibc_2018-1000001.md)
* [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](doc/7.1.6_dnstracer_2017-9430.md)
* [7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow](doc/7.1.7_binutils_2018-6323.md)
* Malware
* 7.2.x
2018-03-19 11:33:57 +07:00
* [八、学术篇 ](doc/8_academic.md )
* Return-Oriented Programming
2018-03-20 11:03:32 +07:00
* [8.1.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) ](doc/8.1.1_return-into-libc_without_function_calls.md )
2018-03-21 18:48:13 +07:00
* [8.1.2 Return-Oriented Programming without Returns ](doc/8.1.2_rop_without_returns.md )
2018-03-20 11:03:32 +07:00
* [8.1.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms ](doc/8.1.3_return-oriented_rootkits.md )
2018-03-21 18:48:13 +07:00
* [8.1.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks ](doc/8.1.4_ropdefender.md )
2018-03-22 12:19:32 +07:00
* [8.1.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks ](doc/8.1.5_data-oriented_programming.md )
2018-03-23 21:14:25 +07:00
* [8.1.6 Hacking Blind ](doc/8.1.6_hacking_blind.md )
2018-03-21 18:48:13 +07:00
* Symbolic Execution
* [8.2.1 All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask) ](doc/8.2.1_dynamic_taint_analysis.md )
* [8.2.2 Symbolic Execution for Software Testing: Three Decades Later ](doc/8.2.2_symbolic_execution_for_software_testing.md )
2018-04-12 21:16:00 +07:00
* [8.2.3 AEG: Automatic Exploit Generation ](doc/8.2.3_automatic_exploit_generation.md )
2018-04-14 19:52:17 +07:00
* Address Space Layout Randomization
2018-04-09 00:12:57 +07:00
* [8.3.1 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software ](doc/8.3.1_aslp.md )
2018-03-21 18:48:13 +07:00
* Code Obfuscation
2018-03-19 13:32:21 +07:00
* Reverse Engineering
* [8.3 New Frontiers of Reverse Engineering ](doc/8.3_new_frontiers_of_reverse_engineering.md )
* Android Security
* [8.4 EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning ](doc/8.4_emulator_vs_real_phone.md )
* [8.5 DynaLog: An automated dynamic analysis framework for characterizing Android applications ](doc/8.5_dynalog_an_automated_dynamic_analysis_framework.md )
* [8.6 A Static Android Malware Detection Based on Actual Used Permissions Combination and API Calls ](doc/8.6_malware_detection_based_on_actual_used_permissions.md )
* [8.7 MaMaDroid: Detecting Android malware by building Markov chains of behavioral models ](doc/8.7_detecting_malware_by_building_markov_chains.md )
* [8.8 DroidNative: Semantic-Based Detection of Android Native Code Malware ](doc/8.8_droidnative_semantic-based_detection_of_android_native_code_malware.md )
* [8.9 DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware ](doc/8.9_droidanalytics_signature_based_analytic_system.md )
2018-03-19 11:33:57 +07:00
* [九、附录 ](doc/9_appendix.md )
* [9.1 更多 Linux 工具 ](doc/9.1_Linuxtools.md )
* [9.2 更多 Windows 工具 ](doc/9.2_wintools.md )
* [9.3 更多资源 ](doc/9.3_books_blogs.md )
* [9.4 Linux x86-64 系统调用表 ](doc/9.4_linux_syscall.md )
* [9.5 幻灯片 ](doc/9.5_slides.md )