From a5bef98cc0ee79ae76477aadb9a34b9ba2e639fc Mon Sep 17 00:00:00 2001 From: firmianay Date: Wed, 10 Jun 2020 14:06:29 +0800 Subject: [PATCH] fix --- README.md | 1 + SUMMARY.md | 11 +----- doc/8.31_wysinwyx.md | 5 --- doc/8.32_mayhem.md | 5 --- doc/8.35_q.md | 5 --- doc/8.36_survey_symbolic_execution.md | 5 --- doc/8.37_cute.md | 5 --- doc/8.47_jop.md | 5 --- doc/8.49_ioc.md | 3 -- doc/8.51_cryptorex.md | 6 --- doc/8.8_dta_and_fse.md | 5 --- doc/8_academic.md | 55 --------------------------- 12 files changed, 2 insertions(+), 109 deletions(-) delete mode 100644 doc/8.31_wysinwyx.md delete mode 100644 doc/8.32_mayhem.md delete mode 100644 doc/8.35_q.md delete mode 100644 doc/8.36_survey_symbolic_execution.md delete mode 100644 doc/8.37_cute.md delete mode 100644 doc/8.47_jop.md delete mode 100644 doc/8.49_ioc.md delete mode 100644 doc/8.51_cryptorex.md delete mode 100644 doc/8.8_dta_and_fse.md delete mode 100644 doc/8_academic.md diff --git a/README.md b/README.md index faf9bdb..1b7d952 100644 --- a/README.md +++ b/README.md @@ -74,3 +74,4 @@ CC BY-SA 4.0 - 2019-10-02 Gk ¥66.6 - 2019-10-12 简单 ¥40.96 - 2020-04-05 jingle ¥200 +- 2020-05-19 新写的旧歌 ¥5.2 diff --git a/SUMMARY.md b/SUMMARY.md index c13744e..d9d79a2 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -204,14 +204,13 @@ GitHub 地址: * [7.1.8 CVE-2010-2883 Adobe CoolType SING 表栈溢出漏洞](doc/7.1.8_adobe_reader_2010-2883.md) * [7.1.9 CVE-2010-3333 Microsoft Word RTF pFragments 栈溢出漏洞](doc/7.1.9_ms_word_2010-3333.md) * Malware -* [八、学术篇](doc/8_academic.md) +* 八、学术篇 * [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](doc/8.1_ret2libc_without_calls.md) * [8.2 Return-Oriented Programming without Returns](doc/8.2_rop_without_ret.md) * [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms](doc/8.3_rop_rootkits.md) * [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks](doc/8.4_ropdefender.md) * [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks](doc/8.5_dop.md) * [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses](doc/8.7_jit-rop_defenses.md) - * [8.8 All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)](doc/8.8_dta_and_fse.md) * [8.9 Symbolic Execution for Software Testing: Three Decades Later](doc/8.9_symbolic_execution.md) * [8.10 AEG: Automatic Exploit Generation](doc/8.10_aeg.md) * [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software](doc/8.11_aslp.md) @@ -233,13 +232,8 @@ GitHub 地址: * [8.28 Cross-Architecture Bug Search in Binary Executables](doc/8.28_cross_arch_bug.md) * [8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data](doc/8.29_dynamic_hooks.md) * [8.30 Preventing brute force attacks against stack canary protection on networking servers](doc/8.30_prevent_brute_force_canary.md) - * [8.31 WYSINWYX What You See Is Not What You eXecute](doc/8.31_wysinwyx.md) - * [8.32 Unleashing MAYHEM on Binary Code](doc/8.32_mayhem.md) * [8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code](doc/8.33_ucklee.md) * [8.34 Enhancing Symbolic Execution with Veritesting](doc/8.34_veritesting.md) - * [8.35 Q: Exploit Hardening Made Easy](doc/8.35_q.md) - * [8.36 A Survey of Symbolic Execution Techniques](doc/8.36_survey_symbolic_execution.md) - * [8.37 CUTE: A Concolic Unit Testing Engine for C](doc/8.37_cute.md) * [8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking](doc/8.38_tainteraser.md) * [8.39 DART: Directed Automated Random Testing](doc/8.39_dart.md) * [8.40 EXE: Automatically Generating Inputs of Death](doc/8.40_exe.md) @@ -249,10 +243,7 @@ GitHub 地址: * [8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics](doc/8.44_multiverse.md) * [8.45 Ramblr: Making Reassembly Great Again](doc/8.45_ramblr.md) * [8.46 FreeGuard: A Faster Secure Heap Allocator](doc/8.46_freeguard.md) - * [8.47 Jump-Oriented Programming: A New Class of Code-Reuse Attack](doc/8.47_jop.md) * [8.48 Reassembleable Disassembling](doc/8.48_uroboros.md) - * [8.49 Understanding Integer Overflow in C/C++](doc/8.49_ioc.md) - * [8.51 CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices](doc/8.51_cryptorex.md) * [九、附录](doc/9_appendix.md) * [9.1 更多 Linux 工具](doc/9.1_Linuxtools.md) * [9.2 更多 Windows 工具](doc/9.2_wintools.md) diff --git a/doc/8.31_wysinwyx.md b/doc/8.31_wysinwyx.md deleted file mode 100644 index cc6733b..0000000 --- a/doc/8.31_wysinwyx.md +++ /dev/null @@ -1,5 +0,0 @@ -# 8.31 WYSINWYX What You See Is Not What You eXecute - -[paper](http://research.cs.wisc.edu/wpis/papers/wysinwyx.final.pdf) - -## 简介 diff --git a/doc/8.32_mayhem.md b/doc/8.32_mayhem.md deleted file mode 100644 index 490fde7..0000000 --- a/doc/8.32_mayhem.md +++ /dev/null @@ -1,5 +0,0 @@ -# 8.32 Unleashing MAYHEM on Binary Code - -[paper](http://www.cse.psu.edu/~trj1/cse597-s13/docs/binary_mayhem_oakland_12.pdf) - -## 简介 diff --git a/doc/8.35_q.md b/doc/8.35_q.md deleted file mode 100644 index f291b8d..0000000 --- a/doc/8.35_q.md +++ /dev/null @@ -1,5 +0,0 @@ -# 8.35 Q: Exploit Hardening Made Easy - -[paper](http://static.usenix.org/legacy/events/sec11/tech/full_papers/Schwartz.pdf) - -## 简介 diff --git a/doc/8.36_survey_symbolic_execution.md b/doc/8.36_survey_symbolic_execution.md deleted file mode 100644 index 4845092..0000000 --- a/doc/8.36_survey_symbolic_execution.md +++ /dev/null @@ -1,5 +0,0 @@ -# 8.36 A Survey of Symbolic Execution Techniques - -[paper](http://season-lab.github.io/papers/survey-symbolic-execution-preprint-CSUR18.pdf) - -## 简介 diff --git a/doc/8.37_cute.md b/doc/8.37_cute.md deleted file mode 100644 index 9d28823..0000000 --- a/doc/8.37_cute.md +++ /dev/null @@ -1,5 +0,0 @@ -# 8.37 CUTE: A Concolic Unit Testing Engine for C - -[paper](http://mir.cs.illinois.edu/marinov/publications/SenETAL05CUTE.pdf) - -## 简介 diff --git a/doc/8.47_jop.md b/doc/8.47_jop.md deleted file mode 100644 index f2c3abd..0000000 --- a/doc/8.47_jop.md +++ /dev/null @@ -1,5 +0,0 @@ -# 8.47 Jump-Oriented Programming: A New Class of Code-Reuse Attack - -[paper](https://www.comp.nus.edu.sg/~liangzk/papers/asiaccs11.pdf) - -## 简介 diff --git a/doc/8.49_ioc.md b/doc/8.49_ioc.md deleted file mode 100644 index 3a09411..0000000 --- a/doc/8.49_ioc.md +++ /dev/null @@ -1,3 +0,0 @@ -# 8.49 Understanding Integer Overflow in C/C++ - -## 简介 diff --git a/doc/8.51_cryptorex.md b/doc/8.51_cryptorex.md deleted file mode 100644 index 6e4468e..0000000 --- a/doc/8.51_cryptorex.md +++ /dev/null @@ -1,6 +0,0 @@ -# 8.51 CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices - -[paper](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf) - -## 简介 - diff --git a/doc/8.8_dta_and_fse.md b/doc/8.8_dta_and_fse.md deleted file mode 100644 index c3ea716..0000000 --- a/doc/8.8_dta_and_fse.md +++ /dev/null @@ -1,5 +0,0 @@ -# 8.8 All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask) - -[paper](https://users.ece.cmu.edu/~aavgerin/papers/Oakland10.pdf) - -## 简介 diff --git a/doc/8_academic.md b/doc/8_academic.md deleted file mode 100644 index 423193f..0000000 --- a/doc/8_academic.md +++ /dev/null @@ -1,55 +0,0 @@ -# 第八章 学术篇 - -论文下载: -链接: 密码:vhfw - -* [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](8.1_ret2libc_without_calls.md) -* [8.2 Return-Oriented Programming without Returns](8.2_rop_without_ret.md) -* [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms](8.3_rop_rootkits.md) -* [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks](8.4_ropdefender.md) -* [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks](8.5_dop.md) -* [8.6 Hacking Blind](8.6_brop.md) -* [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses](8.7_jit-rop_defenses.md) -* [8.8 All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)](8.8_dta_and_fse.md) -* [8.9 Symbolic Execution for Software Testing: Three Decades Later](8.9_symbolic_execution.md) -* [8.10 AEG: Automatic Exploit Generation](8.10_aeg.md) -* [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software](8.11_aslp.md) -* [8.12 ASLR on the Line: Practical Cache Attacks on the MMU](8.12_aslr_on_the_line.md) -* [8.13 New Frontiers of Reverse Engineering](8.13_reverse_engineering.md) -* [8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries](8.14_detecting_memory_allocators.md) -* [8.15 EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning](8.15_emu_vs_real.md) -* [8.16 DynaLog: An automated dynamic analysis framework for characterizing Android applications](8.16_dynalog.md) -* [8.17 A Static Android Malware Detection Based on Actual Used Permissions Combination and API Calls](8.17_actual_permissions.md) -* [8.18 MaMaDroid: Detecting Android malware by building Markov chains of behavioral models](8.18_malware_markov.md) -* [8.19 DroidNative: Semantic-Based Detection of Android Native Code Malware](8.19_droidnative.md) -* [8.20 DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware](8.20_droidanalytics.md) -* [8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks](8.21_tracing_to_detect_spraying.md) -* [8.22 Practical Memory Checking With Dr. Memory](8.22_memory_checking.md) -* [8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses](8.23_current_anti-rop.md) -* [8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization](8.24_runtime_re-randomization.md) -* [8.25 (State of) The Art of War: Offensive Techniques in Binary Analysis](8.25_angr.md) -* [8.26 Driller: Augmenting Fuzzing Through Selective Symbolic Execution](8.26_driller.md) -* [8.27 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware](8.27_firmalice.md) -* [8.28 Cross-Architecture Bug Search in Binary Executables](8.28_cross_arch_bug.md) -* [8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data](8.29_dynamic_hooks.md) -* [8.30 Preventing brute force attacks against stack canary protection on networking servers](8.30_prevent_brute_force_canary.md) -* [8.31 WYSINWYX What You See Is Not What You eXecute](8.31_wysinwyx.md) -* [8.32 Unleashing MAYHEM on Binary Code](8.32_mayhem.md) -* [8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code](8.33_ucklee.md) -* [8.34 Enhancing Symbolic Execution with Veritesting](8.34_veritesting.md) -* [8.35 Q: Exploit Hardening Made Easy](8.35_q.md) -* [8.36 A Survey of Symbolic Execution Techniques](8.36_survey_symbolic_execution.md) -* [8.37 CUTE: A Concolic Unit Testing Engine for C](8.37_cute.md) -* [8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking](8.38_tainteraser.md) -* [8.39 DART: Directed Automated Random Testing](8.39_dart.md) -* [8.40 EXE: Automatically Generating Inputs of Death](8.40_exe.md) -* [8.41 IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time](8.41_intpatch.md) -* [8.42 Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software](8.42_taintcheck.md) -* [8.43 DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation](8.43_dta++.md) -* [8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics](8.44_multiverse.md) -* [8.45 Ramblr: Making Reassembly Great Again](8.45_ramblr.md) -* [8.46 FreeGuard: A Faster Secure Heap Allocator](8.46_freeguard.md) -* [8.47 Jump-Oriented Programming: A New Class of Code-Reuse Attack](8.47_jop.md) -* [8.48 Reassembleable Disassembling](8.48_uroboros.md) -* [8.49 Understanding Integer Overflow in C/C++](8.49_ioc.md) -* [8.50 A Large-Scale Analysis of the Security of Embedded Firmwares](8.50_large_scale_embedded.md)