CTF-All-In-One/doc/8_academic.md
2018-08-05 17:43:10 +08:00

55 lines
4.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 第八章 学术篇
论文下载:
链接:<https://pan.baidu.com/s/1G-WFCzAU2VdrrsHqJzjGpw> 密码vhfw
* [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](8.1_ret2libc_without_calls.md)
* [8.2 Return-Oriented Programming without Returns](8.2_rop_without_ret.md)
* [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms](8.3_rop_rootkits.md)
* [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks](8.4_ropdefender.md)
* [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks](8.5_dop.md)
* [8.6 Hacking Blind](8.6_brop.md)
* [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses](8.7_jit-rop_defenses.md)
* [8.8 All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)](8.8_dta_and_fse.md)
* [8.9 Symbolic Execution for Software Testing: Three Decades Later](8.9_symbolic_execution.md)
* [8.10 AEG: Automatic Exploit Generation](8.10_aeg.md)
* [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software](8.11_aslp.md)
* [8.12 ASLR on the Line: Practical Cache Attacks on the MMU](8.12_aslr_on_the_line.md)
* [8.13 New Frontiers of Reverse Engineering](8.13_reverse_engineering.md)
* [8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries](8.14_detecting_memory_allocators.md)
* [8.15 EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning](8.15_emu_vs_real.md)
* [8.16 DynaLog: An automated dynamic analysis framework for characterizing Android applications](8.16_dynalog.md)
* [8.17 A Static Android Malware Detection Based on Actual Used Permissions Combination and API Calls](8.17_actual_permissions.md)
* [8.18 MaMaDroid: Detecting Android malware by building Markov chains of behavioral models](8.18_malware_markov.md)
* [8.19 DroidNative: Semantic-Based Detection of Android Native Code Malware](8.19_droidnative.md)
* [8.20 DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware](8.20_droidanalytics.md)
* [8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks](8.21_tracing_to_detect_spraying.md)
* [8.22 Practical Memory Checking With Dr. Memory](8.22_memory_checking.md)
* [8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses](8.23_current_anti-rop.md)
* [8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization](8.24_runtime_re-randomization.md)
* [8.25 (State of) The Art of War: Offensive Techniques in Binary Analysis](8.25_angr.md)
* [8.26 Driller: Augmenting Fuzzing Through Selective Symbolic Execution](8.26_driller.md)
* [8.27 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware](8.27_firmalice.md)
* [8.28 Cross-Architecture Bug Search in Binary Executables](8.28_cross_arch_bug.md)
* [8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data](8.29_dynamic_hooks.md)
* [8.30 Preventing brute force attacks against stack canary protection on networking servers](8.30_prevent_brute_force_canary.md)
* [8.31 WYSINWYX What You See Is Not What You eXecute](8.31_wysinwyx.md)
* [8.32 Unleashing MAYHEM on Binary Code](8.32_mayhem.md)
* [8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code](8.33_ucklee.md)
* [8.34 Enhancing Symbolic Execution with Veritesting](8.34_veritesting.md)
* [8.35 Q: Exploit Hardening Made Easy](8.35_q.md)
* [8.36 A Survey of Symbolic Execution Techniques](8.36_survey_symbolic_execution.md)
* [8.37 CUTE: A Concolic Unit Testing Engine for C](8.37_cute.md)
* [8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking](8.38_tainteraser.md)
* [8.39 DART: Directed Automated Random Testing](8.39_dart.md)
* [8.40 EXE: Automatically Generating Inputs of Death](8.40_exe.md)
* [8.41 IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time](8.41_intpatch.md)
* [8.42 Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software](8.42_taintcheck.md)
* [8.43 DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation](8.43_dta++.md)
* [8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics](8.44_multiverse.md)
* [8.45 Ramblr: Making Reassembly Great Again](8.45_ramblr.md)
* [8.46 FreeGuard: A Faster Secure Heap Allocator](8.46_freeguard.md)
* [8.47 Jump-Oriented Programming: A New Class of Code-Reuse Attack](8.47_jop.md)
* [8.48 Reassembleable Disassembling](8.48_uroboros.md)
* [8.49 Understanding Integer Overflow in C/C++](8.49_ioc.md)