update

doc/1.1_ctf.md

@@ -1,33 +1,33 @@
 # 1.1 CTF 介绍
 
-- [概述](#overview)
-- [题目类别](#category)
+- [概述](#概述)
+- [题目类别](#题目类别)
  - [Reverse](#reverse)
  - [Web](#web)
  - [Crypto](#crypto)
  - [Misc](#misc)
  - [Mobile](#mobile)
-- [高质量的比赛](#game)
+- [高质量的比赛](#高质量的比赛)
 
 
-## <span id="overview">概述</span>
+## 概述
 CTF（Capture The Flag）中文一般译作夺旗赛，在网络安全领域中指的是网络安全技术人员之间进行技术竞技的一种比赛形式。CTF 起源于1996年 DEFCON 全球黑客大会，以代替之前黑客们通过互相发起真实攻击进行技术比拼的方式。发展至今，已经成为全球范围网络安全圈流行的竞赛形式。CTF 比赛尝试将专业的计算机安全工作许多方面的本质浓缩为可客观评估的简短挑战题目，主要包括逆向、漏洞挖掘与利用、Web 渗透、密码学、取证、隐写等类别。与 ACM， 信息学奥赛等类似，CTF 比赛以解决题目的分值和时间进行排名。
 
 CTF 为团队赛，通常以三人为限，要想在比赛中取得胜利，就要求团队中每个人在各种类别的题目中至少精通一类，三人优势互补，取得团队的胜利。同时，准备和参与 CTF 比赛是一种有效将计算机科学的离散面、聚焦于计算机安全领域的方法。
 
 
-## <span id="category">题目类别</span>
-### <span id="reverse">Reverse</span>
+## 题目类别
+### Reverse
 
-### <span id="pwn">Pwn</span>
+### Pwn
 
-### <span id="web">Web</span>
+### Web
 
-### <span id="crypto">Crypto</span>
+### Crypto
 
-### <span id="misc">Misc</span>
+### Misc
 
-### <span id="mobile">Mobile</span>
+### Mobile
 
 
-## <span id="game">高质量的比赛</span>
+## 高质量的比赛

doc/1.5.3_elf.md

@@ -1,7 +1,7 @@
 # Linux ELF
 
 - [一个实例](#一个实例)
-  - [elfdemo.o](#elfdemo.o)
+  - [elfdemo.o](#elfdemoo)
 - [ELF 文件结构](#elf-文件结构)
 
 

doc/6.2_wintools.md

@@ -3,7 +3,7 @@
 - [wxHexEditor](#wxhexeditor)
 - [PEview](#peview)
 
-## <span id="wxhexeditor">wxHexEditor</span>
+## wxHexEditor
 
 
-## <span id="peview">PEview</span>
+## PEview

doc/6.3_books&blogs.md

@@ -1,6 +1,30 @@
-# 博客、文章和书籍
+# 网站、文章和书籍
 
-## 博客
+- [网站](#网站)
+- [文章](#文章)
+- [书籍](#书籍)
+
+
+## 网站
+- [OpenSecurityTraining](http://opensecuritytraining.info/Welcome.html)
+- [Stanford Computer Security Laboratory](http://seclab.stanford.edu/)
+- [Shellcodes database for study cases](http://shell-storm.org/shellcode/)
+- [Corelan Team Articles](https://www.corelan.be/index.php/articles/)
+- [Debugging Fundamentals for Exploit Development](http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-development/)
+- [Tricks for Exploit Development](http://resources.infosecinstitute.com/in-depth-seh-exploit-writing-tutorial-using-ollydbg/)
+- [Introduction to return oriented programming (ROP)](http://codearcana.com/posts/2013/05/28/introduction-to-return-oriented-programming-rop.html)
+- [Smashing The Stack For Fun And Profit](http://insecure.org/stf/smashstack.html)
+- [Understanding DEP as a mitigation technology part 1](https://blogs.technet.microsoft.com/srd/2009/06/12/understanding-dep-as-a-mitigation-technology-part-1/)
+- [Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP](https://blogs.technet.microsoft.com/srd/2009/02/02/preventing-the-exploitation-of-structured-exception-handler-seh-overwrites-with-sehop/)
+- [CS642 Fall 2014: Computer Security](http://pages.cs.wisc.edu/~rist/642-fall-2014/)
+- [Offensive Computer Security Spring 2014](http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/)
+- [From 0x90 to 0x4c454554, a journey into exploitation.](http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html)
+- [Software Modeling and Verification](http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html)
+- [SATSMT Summer School 2011](https://wikis.mit.edu/confluence/display/satsmtschool11/SATSMT+Summer+School+2011;jsessionid=994854C69CABD6B1DC53F381A3CFF5E8)
+- [LOW-LEVEL ATTACKS AND DEFENSES](http://www.cs.umd.edu/class/spring2014/cmsc838g/list.txt)
+- [Checking the boundaries of static analysis](https://docs.google.com/presentation/d/1_Te02rSqn7wuhsmkkluqWhDBoXXFVUL5Mp0dUxH0cVE/edit#slide=id.gbd819d83_120)
+- [Reference Library](https://moflow.org/#%5B%5BReference%20Library%5D%5D)
+- [Deep Wizardry: Stack Unwinding](http://blog.reverberate.org/2013/05/deep-wizardry-stack-unwinding.html)
 
 ## 文章
 
@@ -10,3 +34,4 @@
 - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler 2nd Edition
 - Practical Malware Analysis by Michael Sikorski and Andrew Honig
 - Practical Reverse Engineering by Dang, Gazet, Bachaalany
+- Fuzzing: Brute Force Vulnerability Discovery