CTF-All-In-One/SUMMARY.md
2018-05-19 21:22:04 +08:00

211 lines
12 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Summary
GitHub 地址https://github.com/firmianay/CTF-All-In-One
* [简介](README.md)
* [前言](doc/0_preface.md)
* [一、基础知识篇](doc/1_basic.md)
* [1.1 CTF 简介](doc/1.1_ctf.md)
* [1.2 学习方法](doc/1.2_how_to_learn.md)
* [1.3 Linux 基础](doc/1.3_linux_basic.md)
* [1.4 Web 安全基础](doc/1.4_web_basic.md)
* [1.4.1 HTML 基础](doc/1.4.1_html_basic.md)
* [1.4.2 HTTP 协议基础](doc/1.4.2_http_basic.md)
* [1.4.3 JavaScript 基础](doc/1.4.3_javascript_basic.md)
* [1.4.4 常见 Web 服务器基础](doc/1.4.4_webserver_basic.md)
* [1.4.5 OWASP Top Ten Project 漏洞基础](doc/1.4.5_owasp_basic.md)
* [1.4.6 PHP 源码审计基础](doc/1.4.6_php_basic.md)
* [1.5 逆向工程基础](doc/1.5_reverse_basic.md)
* [1.5.1 C 语言基础](doc/1.5.1_c_basic.md)
* [1.5.2 x86/x86-64 汇编基础](doc/1.5.2_x86_x64.md)
* [1.5.3 Linux ELF](doc/1.5.3_elf.md)
* [1.5.4 Windows PE](doc/1.5.4_pe.md)
* [1.5.5 静态链接](doc/1.5.5_static_link.md)
* [1.5.6 动态链接](doc/1.5.6_dynamic_link.md)
* [1.5.7 内存管理](doc/1.5.7_memory.md)
* [1.5.8 glibc malloc](doc/1.5.8_glibc_malloc.md)
* [1.5.9 Linux 内核](doc/1.5.9_linux_kernel.md)
* [1.5.10 Windows 内核](doc/1.5.10_windows_kernel.md)
* [1.5.11 jemalloc](doc/1.5.11_jemalloc.md)
* [1.6 密码学基础](doc/1.6_crypto_basic.md)
* [1.7 Android 安全基础](doc/1.7_android_basic.md)
* [1.7.1 Android 环境搭建](doc/1.7.1_android_env.md)
* [1.7.2 Dalvik 指令集](doc/1.7.2_dalvik.md)
* [1.7.3 ARM 汇编基础](doc/1.7.3_arm.md)
* [1.7.4 Android 常用工具](doc/1.7.4_android_tools.md)
* [二、工具篇](doc/2_tools.md)
* 虚拟化分析环境
* [2.1.1 VirtualBox](doc/2.1.1_virtualbox.md)
* [2.1.2 QEMU](doc/2.1.2_qemu.md)
* [2.1.3 Docker](doc/2.1.3_docker.md)
* [2.1.4 Unicorn](doc/2.1.4_unicorn.md)
* 静态分析工具
* [2.2.1 radare2](doc/2.2.1_radare2.md)
* [2.2.2 IDA Pro](doc/2.2.2_idapro.md)
* [2.2.3 JEB](doc/2.2.3_jeb.md)
* [2.2.4 Capstone](doc/2.2.4_capstone.md)
* [2.2.5 Keystone](doc/2.2.5_keystone.md)
* 动态分析工具
* [2.3.1 GDB](doc/2.3.1_gdb.md)
* [2.3.2 OllyDbg](doc/2.3.2_ollydbg.md)
* [2.3.3 x64dbg](doc/2.3.3_x64dbg.md)
* [2.3.4 WinDbg](doc/2.3.4_windbg.md)
* [2.3.5 LLDB](doc/2.3.5_lldb.md)
* 其他工具
* [2.4.1 pwntools](doc/2.4.1_pwntools.md)
* [2.4.2 zio](doc/2.4.2_zio.md)
* [2.4.3 metasploit](doc/2.4.3_metasploit.md)
* [2.4.4 binwalk](doc/2.4.4_binwalk.md)
* [2.4.5 Burp Suite](doc/2.4.5_burpsuite.md)
* [2.4.6 Wireshark](doc/2.4.6_wireshark.md)
* [三、分类专题篇](doc/3_topics.md)
* Pwn
* [3.1.1 格式化字符串漏洞](doc/3.1.1_format_string.md)
* [3.1.2 整数溢出](doc/3.1.2_integer_overflow.md)
* [3.1.3 栈溢出](doc/3.1.3_stack_overflow.md)
* [3.1.4 返回导向编程ROPx86](doc/3.1.4_rop_x86.md)
* [3.1.5 返回导向编程ROPARM](doc/3.1.5_rop_arm.md)
* [3.1.6 Linux 堆利用(上)](doc/3.1.6_heap_exploit_1.md)
* [3.1.7 Linux 堆利用(中)](doc/3.1.7_heap_exploit_2.md)
* [3.1.8 Linux 堆利用(下)](doc/3.1.8_heap_exploit_3.md)
* [3.1.9 内核 ROP](doc/3.1.9_kernel_rop.md)
* [3.1.10 Linux 内核漏洞利用](doc/3.1.10_linux_kernel_exploit.md)
* [3.1.11 Windows 内核漏洞利用](doc/3.1.11_windows_kernel_exploit.md)
* [3.1.12 竞争条件](doc/3.1.12_race_condition.md)
* Reverse
* Web
* [3.3.1 SQL 注入利用](doc/3.3.1_sql_injection.md)
* [3.3.2 XSS 漏洞利用](doc/3.3.2_xss.md)
* Crypto
* Misc
* Mobile
* [四、技巧篇](doc/4_tips.md)
* [4.1 Linux 内核调试](doc/4.1_linux_kernel_debug.md)
* [4.2 Linux 命令行技巧](doc/4.2_Linux_terminal_tips.md)
* [4.3 GCC 编译参数解析](doc/4.3_gcc_arg.md)
* [4.4 GCC 堆栈保护技术](doc/4.4_gcc_sec.md)
* [4.5 ROP 防御技术](doc/4.5_defense_rop.md)
* [4.6 one-gadget RCE](doc/4.6_one-gadget_rce.md)
* [4.7 通用 gadget](doc/4.7_common_gadget.md)
* [4.8 使用 DynELF 泄露函数地址](doc/4.8_dynelf.md)
* [4.9 patch 二进制文件](doc/4.9_patch_binary.md)
* [4.10 反调试技术](doc/4.10_antidbg.md)
* [4.11 指令混淆](doc/4.11_instruction_confusion.md)
* [4.12 利用 __stack_chk_fail](doc/4.12_stack_chk_fail.md)
* [4.13 利用 _IO_FILE 结构](doc/4.13_io_file.md)
* [4.14 glibc tcache 机制](doc/4.14_glibc_tcache.md)
* [4.15 利用 vsyscall 和 vDSO](doc/4.15_vsyscall_vdso.md)
* [五、高级篇](doc/5_advanced.md)
* [5.0 软件漏洞分析](doc/5.0_vulnerability.md)
* [5.1 模糊测试](doc/5.1_fuzzing.md)
* [5.1.1 AFL fuzzer](doc/5.1.1_afl_fuzzer.md)
* [5.1.2 libFuzzer](doc/5.1.2_libfuzzer.md)
* [5.2 动态二进制插桩](doc/5.2_dyn_binary_instrumentation.md)
* [5.2.1 Pin](doc/5.2.1_pin.md)
* [5.2.2 DynamoRio](doc/5.2.2_dynamorio.md)
* [5.2.3 Valgrind](doc/5.2.3_valgrind.md)
* [5.3 符号执行](doc/5.3_symbolic_execution.md)
* [5.3.1 angr](doc/5.3.1_angr.md)
* [5.3.2 Triton](doc/5.3.2_triton.md)
* [5.3.3 KLEE](doc/5.3.3_klee.md)
* [5.3.4 S²E](doc/5.3.4_s2e.md)
* [5.4 数据流分析](doc/5.4_dataflow_analysis.md)
* [5.4.1 Soot](doc/5.4.1_soot.md)
* [5.5 污点分析](doc/5.5_taint_analysis.md)
* [5.5.1 TaintCheck](doc/5.5.1_taintcheck.md)
* [5.6 LLVM](doc/5.6_llvm.md)
* [5.6.1 Clang](doc/5.6.1_clang.md)
* [5.7 程序切片](doc/5.7_slicing.md)
* [5.8 SAT/SMT](doc/5.8_sat-smt.md)
* [5.8.1 Z3](doc/5.8.1_z3.md)
* [5.9 基于模式的漏洞分析](doc/5.9_pattern_based_analysis.md)
* [5.10 基于二进制比对的漏洞分析](doc/5.10_diff_based_analysis.md)
* [5.11 反编译技术](doc/5.11_decompiling.md)
* [5.11.1 RetDec](doc/5.11.1_retdec.md)
* [六、题解篇](doc/6_writeup.md)
* Pwn
* [6.1.1 pwn HCTF2016 brop](doc/6.1.1_pwn_hctf2016_brop.md)
* [6.1.2 pwn NJCTF2017 pingme](doc/6.1.2_pwn_njctf2017_pingme.md)
* [6.1.3 pwn XDCTF2015 pwn200](doc/6.1.3_pwn_xdctf2015_pwn200.md)
* [6.1.4 pwn BackdoorCTF2017 Fun-Signals](doc/6.1.4_pwn_backdoorctf2017_fun_signals.md)
* [6.1.5 pwn GreHackCTF2017 beerfighter](doc/6.1.5_pwn_grehackctf2017_beerfighter.md)
* [6.1.6 pwn DefconCTF2015 fuckup](doc/6.1.6_pwn_defconctf2015_fuckup.md)
* [6.1.7 pwn 0CTF2015 freenote](doc/6.1.7_pwn_0ctf2015_freenote.md)
* [6.1.8 pwn DCTF2017 Flex](doc/6.1.8_pwn_dctf2017_flex.md)
* [6.1.9 pwn RHme3 Exploitation](doc/6.1.9_pwn_rhme3_exploitation.md)
* [6.1.10 pwn 0CTF2017 BabyHeap2017](doc/6.1.10_pwn_0ctf2017_babyheap2017.md)
* [6.1.11 pwn 9447CTF2015 Search-Engine](doc/6.1.11_pwn_9447ctf2015_search_engine.md)
* [6.1.12 pwn N1CTF2018 vote](doc/6.1.12_pwn_n1ctf2018_vote.md)
* [6.1.13 pwn 34C3CTF2017 readme_revenge](doc/6.1.13_pwn_34c3ctf2017_readme_revenge.md)
* [6.1.14 pwn 32C3CTF2015 readme](doc/6.1.14_pwn_32c3ctf2015_readme.md)
* [6.1.15 pwn 34C3CTF2017 SimpleGC](doc/6.1.15_pwn_34c3ctf2017_simplegc.md)
* [6.1.16 pwn HITBCTF2017 1000levels](doc/6.1.16_pwn_hitbctf2017_1000levels.md)
* [6.1.17 pwn SECCONCTF2016 jmper](doc/6.1.17_pwn_secconctf2016_jmper.md)
* [6.1.18 pwn HITBCTF2017 Sentosa](doc/6.1.18_pwn_hitbctf2017_sentosa.md)
* [6.1.19 pwn HITBCTF2018 gundam](doc/6.1.19_pwn_hitbctf2018_gundam.md)
* [6.1.20 pwn 33C3CTF2016 babyfengshui](doc/6.1.20_pwn_33c3ctf2016_babyfengshui.md)
* [6.1.21 pwn HITCONCTF2016 Secret_Holder](doc/6.1.21_pwn_hitconctf2016_secret_holder.md)
* [6.1.22 pwn HITCONCTF2016 Sleepy_Holder](doc/6.1.22_pwn_hitconctf2016_sleepy_holder.md)
* [6.1.23 pwn BCTF2016 bcloud](doc/6.1.23_pwn_bctf2016_bcloud.md)
* [6.1.24 pwn HITCONCTF2016 House_of_Orange](doc/6.1.24_hitconctf2016_house_of_orange.md)
* [6.1.25 pwn HCTF2017 babyprintf](doc/6.1.25_pwn_hctf2017_babyprintf.md)
* [6.1.26 pwn 34C3CTF2017 300](doc/6.1.26_pwn_34c3ctf2017_300.md)
* [6.1.27 pwn SECCONCTF2016 tinypad](doc/6.1.27_pwn_secconctf2016_tinypad.md)
* [6.1.28 pwn ASISCTF2016 b00ks](doc/6.1.28_pwn_asisctf2016_b00ks.md)
* Reverse
* [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
* [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)
* [6.2.3 re Codegate2017 angrybird](doc/6.2.3_re_codegate2017_angrybird.md)
* [6.2.4 re CSAWCTF2015 wyvern](doc/6.2.4_re_csawctf2015_wyvern.md)
* [6.2.5 re PicoCTF2014 Baleful](doc/6.2.5_re_picoctf2014_baleful.md)
* [6.2.6 re SECCON2017 printf_machine](doc/6.2.6_re_seccon2017_printf_machine.md)
* Web
* [6.3.1 web HCTF2017 babycrack](doc/6.3.1_web_hctf2017_babycrack.md)
* Crypto
* Misc
* Mobile
* [七、实战篇](doc/7_exploit.md)
* CVE
* [7.1.1 CVE-2017-11543 tcpdump sliplink_print 栈溢出漏洞](doc/7.1.1_tcpdump_2017-11543.md)
* [7.1.2 CVE-2015-0235 glibc __nss_hostname_digits_dots 堆溢出漏洞](doc/7.1.2_glibc_2015-0235.md)
* [7.1.3 CVE-2016-4971 wget 任意文件上传漏洞](doc/7.1.3_wget_2016-4971.md)
* [7.1.4 CVE-2017-13089 wget skip_short_body 栈溢出漏洞](doc/7.1.4_wget_2017-13089.md)
* [7.1.5 CVE2018-1000001 glibc realpath 缓冲区下溢漏洞](doc/7.1.5_glibc_2018-1000001.md)
* [7.1.6 CVE-2017-9430 DNSTracer 栈溢出漏洞](doc/7.1.6_dnstracer_2017-9430.md)
* [7.1.7 CVE-2018-6323 GNU binutils elf_object_p 整型溢出漏洞](doc/7.1.7_binutils_2018-6323.md)
* [7.1.8 CVE-2010-2883 Adobe CoolType SING 表栈溢出漏洞](doc/7.1.8_adobe_reader_2010-2883.md)
* [7.1.9 CVE-2010-2333 Microsoft Word RTF pFragments 栈溢出漏洞](doc/7.1.9_ms_word_2010-2333.md)
* Malware
* [八、学术篇](doc/8_academic.md)
* [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](doc/8.1_ret2libc_without_func_calls.md)
* [8.2 Return-Oriented Programming without Returns](doc/8.2_rop_without_returns.md)
* [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms](doc/8.3_rop_rootkits.md)
* [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks](doc/8.4_ropdefender.md)
* [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks](doc/8.5_dop.md)
* [8.6 Hacking Blind](doc/8.6_brop.md)
* [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses](doc/8.7_jit-rop_defenses.md)
* [8.8 All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)](doc/8.8_dynamic_taint_analysis.md)
* [8.9 Symbolic Execution for Software Testing: Three Decades Later](doc/8.9_symbolic_execution.md)
* [8.10 AEG: Automatic Exploit Generation](doc/8.10_aeg.md)
* [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software](doc/8.11_aslp.md)
* [8.12 ASLR on the Line: Practical Cache Attacks on the MMU](doc/8.12_aslr_on_the_line.md)
* [8.13 New Frontiers of Reverse Engineering](doc/8.13_reverse_engineering.md)
* [8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries](doc/8.14_detecting_memory_allocators.md)
* [8.15 EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning](doc/8.15_emulator_vs_real_phone.md)
* [8.16 DynaLog: An automated dynamic analysis framework for characterizing Android applications](doc/8.16_dynalog.md)
* [8.17 A Static Android Malware Detection Based on Actual Used Permissions Combination and API Calls](doc/8.17_actual_used_permissions.md)
* [8.18 MaMaDroid: Detecting Android malware by building Markov chains of behavioral models](doc/8.18_malware_markov_chains.md)
* [8.19 DroidNative: Semantic-Based Detection of Android Native Code Malware](doc/8.19_droidnative.md)
* [8.20 DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware](doc/8.20_droidanalytics.md)
* [8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks](doc/8.21_tracing_to_detect_spraying.md)
* [8.22 Practical Memory Checking With Dr. Memory](doc/8.22_memory_checking.md)
* [8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses](doc/8.23_current_anti-rop.md)
* [8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization](doc/8.24_runtime_re-randomization.md)
* [九、附录](doc/9_appendix.md)
* [9.1 更多 Linux 工具](doc/9.1_Linuxtools.md)
* [9.2 更多 Windows 工具](doc/9.2_wintools.md)
* [9.3 更多资源](doc/9.3_books_blogs.md)
* [9.4 Linux 系统调用表](doc/9.4_linux_syscall.md)
* [9.5 幻灯片](doc/9.5_slides.md)