Security Papers

(与本人兴趣强相关的)各种安全or计算机资料收集，如侵权请联系我删除～

book, manual, paper, blog, slides, report, course, survey，tool, online, video

Architecture

• 2014 manual ARM_Architecture_Reference_Manual_ARMv7-A_and_ARMv7-R_edition
• 2019 manual Arm_Architecture_Reference_Manual
• 2019 manual Intel_64_and_IA-32_Architectures_Software_Developers_Manual
• 2017 slides A_tour_of_the_ARM_architecture_and_its_Linux_support

Reverse Engineering

• 2005 book Reversing_Secrets_of_Reverse_Engineering
• 2016 book anti-reverse-engineering-linux
• 2016 paper An_In-Depth_Analysis_of_Disassembly_on_Full-Scale_x86x64_Binaries
• 2018 slides Unpacking_for_Dummies
• 2019 book Reverse_Engineering_for_Beginners
• 2019 slides Three_Heads_Are_Better_Than_One_Mastering_NSAs_Ghidra_Reverse_Engineering_Tool
• 2020 paper An_Observational_Investigation_of_Reverse_Engineers_Processes

Program Analysis

• 2004 book Principles_of_Program_Analysis
• 2005 paper WYSINWYX_What_You_See_Is_Not_What_You_eXecute
• 2007 paper CUTE_A_Concolic_Unit_Testing_Engine_for_C
• 2010 paper All_You_Ever_Wanted_to_Know_About_Dynamic_Taint_Analysis_and_Forward_Symbolic_Execution-but_might_have_been_afraid_to_ask
• 2012 paper Unleashing_MAYHEM_on_Binary_Code
• 2016 paper SVF_Interprocedural_Static_Value-Flow_Analysis_in_LLVM
• 2018 paper A_Survey_of_Symbolic_Execution_Techniques
• 2018 slides Intro_to_Binary_Analysis_with_Z3_and_Angr
• 2018 slides The_NOT-SO-PROFITABLE_Path_Towards_Automated_Heap_Exploitation
• 2018 slides Finding_security_vulnerabilities_with_modern_fuzzing_techniques
• 2019 book SAT-SMT_by_example
• 2019 book Static_Program_Analysis

Malware

• 2010 slides Malware-Analysis-Training
• 2017 slides Dr_Honeypots
• 2017 slides Digital_Vengeance_Exploiting_the_Most_Notorious_C&C_Toolkits
• 2017 paper Understanding_the_Mirai_Botnet
• 2018 paper Understanding_Linux_Malware
• 2018 slides Modern Linux Malware Exposed
• 2018 slides Trojans_in_SS7-how_they_bypass_all_security_measures
• 2019 slides Fileless_Malware_and_Process_Injection_in_Linux

Exploitation

• 1998 paper StackGuard_Automatic_Adaptive_Detection_and_Prevention_of_Buffer-Overflow_Attacks
• 2001 blog Exploiting_Format_String_Vulnerabilities
• 2001 blog The_advanced_return-into-libc_exploits
• 2002 blog Advances_in_format_string_exploitation
• 2005 paper Control-Flow_Integrity_Principles_Implementations_and_Applications
• 2007 slides Understanding_the_heap_by_breaking_it
• 2008 book Hacking-The_Art_of_Exploitation_2nd_Edition
• 2009 paper Surgically_Returning_to_Randomized_libc
• 2009 blog MALLOC_DES-MALEFICARUM
• 2010 paper G-Free_Defeating_Return-Oriented_Programming_through_Gadget-less_Binaries
• ★★★☆☆ 2011 book 0day安全-软件漏洞分析技术第2版
• 2011 paper Q_Exploit_Hardening_Made_Easy
• 2011 paper Jump-Oriented_Programming_A_New_Class_of_Code-Reuse_Attack
• 2012 paper Return-Oriented_Programming_Systems_Languages_and_Applications
• 2012 paper Understanding_Integer_Overflow_in_C:C++
• 2013 paper Just-in-time_code_reuse_On_the_effectiveness_of_fine-grained_address_space_layout_randomization
• 2013 paper Transparent_ROP_Exploit_Mitigation_using_Indirect_Branch_Tracing
• ★★★★★ 2014 paper Hacking_Blind
• ★★★★★ 2014 paper Framing_Signals—A_Return_to_Portable_Shellcode
• 2014 paper Code-Pointer_Integrity
• ★★★★★ 2015 paper How_the_ELF_Ruined_Christmas
• 2015 blog Glibc_Adventures_The_Forgotten_Chunks
• ★★★☆☆ 2015 course Modern_Binary_Exploitation
• 2015 paper Automatic_Generation_of_Data-Oriented_Exploits
• 2016 paper New_Exploit_Methods_against_Ptmalloc_of_GLIBC
• 2016 paper LAVA_Large-scale_Automated_Vulnerability_Addition
• 2017 paper ASLR_on_the_Line_Practical_Cache_Attacks_on_the_MMU
• 2017 blog Cyber_Grand_Shellphish
• 2018 survey 缓冲区溢出漏洞分析技术研究进展
• 2019 survey 安全漏洞自动利用综述
• 2019 survey The_Art_Science_and_Engineering_of_Fuzzing_A_Survey
• 2020 paper Typestate-Guided_Fuzzer_for_Discovering_Use-after-Free_Vulnerabilities

Fuzz

• 2020 paper IJON_Exploring_Deep_State_Spaces_via_Fuzzing
• 2020 paper AFLNet: A Greybox Fuzzer for Network Protocols

IOT

• 2006 paper IoT/Vulnerabilities_in_first-generation_RFID-enabled_credit_cards
• 2013 book Hacking the Xbox
• 2013 paper FIE_on_Firmware_Finding_Vulnerabilities_in_Embedded_Systems_Using_Symbolic_Execution
• 2014 paper A_Large-Scale_Analysis_of_the_Security_of_Embedded_Firmwares
• 2015 slides Advanced_SOHO_Router_Exploitation
• 2015 slides Cameras_Thermostats_and_Home_Automation_Controllers
• 2015 paper Firmalice-Automatic_Detection_of_Authentication_Bypass_Vulnerabilitiesin_Binary_Firmware
• 2016 paper Towards_Automated_Dynamic_Analysis_for_Linux-based_Embedded_Firmware
• 2016 paper Scalable_Graph-based_Bug_Search_for_Firmware_Images
• 2017 paper IoT_Goes_Nuclear_Creating_a_Zigbee_Chain_Reaction
• 2017 slides Reversing FreeRTOS on embedded devices
• ★★☆☆☆ 2017 survey 物联网安全综述
• ★☆☆☆☆ 2018 survey 智能家居安全综述
• 2018 survey 物联网操作系统安全研究综述
• ★★★☆☆ 2018 report 智能设备安全分析手册
• 2018 slides Fitbit Firmware Hacking
• 2018 slides Reversing_IoT_Xiaomi_ecosystem
• 2018 slides Bushwhacking your way around a bootloader
• 2018 slides Dissecting_QNX
• 2018 slides Hacking_Toshiba_Laptops
• 2018 slides Subverting_your_server_through_its_BMC_the_HPE_iLO4_case
• 2018 slides DIY_ARM_Debugger_for_Wi-Fi_Chips
• 2018 survey Program_Analysis_of_Commodity_IoT_Applications_for_Security_and_Privacy_Challenges_and_Opportunities
• 2018 paper Hackers_vs_Testers_A_Comparison_of_Software_Vulnerability_Discovery_Processes
• ★★★★☆ 2018 paper What_You_Corrupt_Is_Not_What_You_Crash_Challenges_in_Fuzzing_Embedded_Devices
• 2018 paper IoTFuzzer_Discovering_Memory_Corruptions_in_IoT_Through_App-based_Fuzzing
• 2018 paper Sensitive_Information_Tracking_in_Commodity_IoT
• 2018 paper DTaint_Detecting_the_Taint-Style_Vulnerability_in_Embedded_Device_Firmware
• 2018 slides Beginners_Guide_on_How_to_Start_Exploring_IoT_Security
• 2019 paper CryptoREX_Large-scale_Analysis_of_Cryptographic_Misuse_in_IoT_Devices
• 2019 slides Firmware_Extraction
• ★☆☆☆☆ 2019 report 2019物联网安全年报
• 2019 blog ANATOMY_OF_A_FIRMWARE_ATTACK
• 2019 blog Toward_Automated_Firmware_Analysis_in_the_IoT_Era
• 2019 paper Sok_Security_evaluation_of_home-based_iot_deployments
• 2019 paper Toward_the_Analysis_of_Embedded_Firmware_through_Automated_Re-hosting
• 2019 paper FIRM-AFL_High-Throughput_Greybox_Fuzzing_of_IoT_Firmware_via_Augmented_Process_Emulation
• 2019 slides Insecure_Boot
• 2019 slides Embedded_Research_Automation
• 2020 paper IoT_Behavioral_Monitoring_via_Network_Traffic_Analysis
• 2020 paper On_the_State_of_Internet_of_Things_Security_Vulnerabilities_Attacks_and_Recent_Countermeasures
• 2020 survey A_Survey_of_Security_Vulnerability_Analysis_Discovery_Detection_and_Mitigation_on_IoT_Devices
• ★☆☆☆☆ 2020 paper FIRMCORN_Vulnerability-Oriented_Fuzzing_of_IoT_Firmware_via_Optimized_Virtual_Execution
• 2020 blog A Case Of Analysing Encrypted Firmware
• 2020 blog MINDSHARE: DEALING WITH ENCRYPTED ROUTER FIRMWARE
• 2020 blog Virtualizing ARM-Based Firmware Part - 1
• 2020 blog Virtualizing ARM-Based Firmware Part - 2
• 2020 slides Exploit (Almost) All Xiaomi Routers Using Logical Bugs
• 2020 blog WarezTheRemote Turning remotes into listening devices
• 2020 blog Identified and Authorized: Sneaking Past Edge-Based Access Control Devices
• 2020 slides The Art & Craft of writing ARM shellcode
• 2020 paper FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
• 2021 blog printing-shellz
• 2020 tool Qiling Framework: Introduction
• 2020 manual 消费级物联网安全基线
• 2021 report 2020物联网安全年报-绿盟

protocol

• 2015 specification MQTT Version 3.1.1 OASIS Standard

• 2019 specification MQTT Version 5.0 OASIS Standard

• 2015 blog MQTT Essentials

• 2019 blog MQTT 5 Essentials

• 2015 blog MQTT Security Fundamentals

• 2017 video A Guide to MQTT by Hacking a Doorbell to send Push Notifications

• 2017 blog Hacking the IoT with MQTT

• 2018 blog Are smart homes vulnerable to hacking?

• 2020 blog IoT Standards and Protocols

• 2020 survey Security_of_IoT_Application_Layer_Protocols_Challenges_and_Findings

• 2021 slides 基于模拟仿真的蓝牙协议栈漏洞挖掘

• tool MQTT Explorer

• tool Mosquitto

• tool HiveMQ

• tool Nmap Library mqtt

wireless

• 2007 paper Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
• 2008 paper Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
• 2016 slides GATTACKING_BLUETOOTH_SMART_DEVICES
• 2017 blog Getting Started With Radio Hacking – Part 1 – Radio Frequency Basics And Theory
• 2017 blog Getting Started With Radio Hacking – Part 2 – Listening To FM Using RTL-SDR And GQRX
• 2017 blog Reversing And Exploiting BLE 4.0 Communication
• 2017 blog How I Reverse Engineered And Exploited A Smart Massager
• 2018 blog “Find – Bluetooth Tracker” Responsible Vulnerability Disclosure – Blog
• 2018 blog Intel Edison as Bluetooth LE — Exploit box
• 2018 blog My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE
• 2018 blog Hacking Smart Locks with Bluetooth / BLE
• 2018 blog I hacked MiBand 3, and here is how I did it. Part I
• 2018 blog I hacked MiBand 3, and here is how I did it. Part II
• 2018 slides 802.11 Smart Fuzzing
• 2019 slides ble-bluetooth-low-energy-exploitation
• 2019 manual Bluetooth Core Specification
• 2019 blog ZigBee Networks An Overview for implementers and security testers
• 2020 slides Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares
• 2020 slides A Practical Introduction to Bluetooth Low Energy security without any special hardware

Vehicle

• car-hacking-videos
• 2015 blog Car Hacking series
• 2016 book The Car Hacker's Handbook: A Guide for the Penetration Tester
• 2016 slides Pentesting_Vehicles_with_CANToolz
• 2016 slides video Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle
• 2016 slides video Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers
• ★★★★☆ 2016 slides 特斯拉安全漏洞的发现过程
• ★★★★★ 2017 book 智能汽车安全攻防大揭秘
• ★★★★★ 2017 slides video Free-Fall: Hacking Tesla from Wireless to CAN Bus
• ★★★★★ 2018 slides video Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
• 2017 blog Building a Car Hacking Development Workbench
• 2018 slides video Car Infotainment Hacking Methodology and Attack Surface Scenarios
• 2018 blog 宝马多款车型的安全研究综述
• ★★★☆☆ 2018 report 2018智能网联汽车信息安全年度报告
• ★★★☆☆ 2019 report 2019智能网联汽车信息安全年度报告
• 2019 survey 车联网安全综述
• 2019 slides paper video Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars
• 2019 slides Common Attacks Against Car Infotainment Systems
• 2019 blog Car Hacking 101
  • Part I: Setting Up
  • Part II: Exploitation
  • Part III: SavvyCAN, Fuzzing CAN Frame and playing around with CAN frames
• 2019 Automotive Penetration Testing with Scapy
  • slides
  • video
• 2019 slides 0-days&Mitigations_Roadways_to_Exploit_and_Secure_Connected_BMW_Cars
• 2019 paper slides video Losing the Car Keys: Wireless PHY-Layer Insecurity in EV Charging
• 2020 paper slides video Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps
• *2020 paper slides video Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft
• ★★★★☆ 2020 blog Simple intros
  • CAN Bus Explained
  • OBD2 Explained
  • J1939 Explained
  • CANopen Explained
  • CAN FD Explained
  • LIN Bus Explained
  • CAN DBC File Explained
  • MF4 (MDF4) Explained
• 2020 Hacking my Tesla Model 3
  • 1. Security Overview
  • 2. Internal API
  • 3. Software Modes
• 特斯拉固件逆向系列
  • 1. Reverse Engineering Tesla Hardware
  • 2. Reverse Engineering the Tesla Firmware Update Process
• 2020 slides video 特斯拉NFC中继攻击
  • blog
  • slides
  • video
• 2020 report 车联网网络安全白皮书(2020年)
• 2020 report 智能网联汽车安全渗透白皮书(2020年)
• 2020 report 梅赛德斯-奔驰安全研究报告
• ★★☆☆☆ 2020 blog slides video Tesla远程API逆向分析与利用
• 2021 slides video X-in-the-Middle_Attacking_Fast_Charging_Piles_and_Electric_Vehicles
• ★★★☆☆ 2021 blog 施耐德充电桩漏洞挖掘之旅
• 2021 blog 奔驰汽车信息安全研究综述报告
• 2021 slides paper TBONE – A zero-click exploit for Tesla MCUs
• 2020 paper Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols
• 2021 report 车联网数据安全体系建设指南

hardware

• 2017 slides Breaking Code Read Protection on the NXP LPC-family Microcontrollers
• 2018 slides Hardware_toolkits_for_IoT_security_analysis
• 2019 book Hardware_Security_A_Hands-on_Learning_Approach
• 2019 slides Hardware Hacking 101

Android

• 2021 slides video (Un)protected Broadcasts in Android 9 and 10protected_Broadcasts_in_Android_9_and_10)
• 2020 book Android Application Secure Design/Secure Coding Guidebook

Linux

• 2007 blog Ltrace_Internals
• ★★★☆☆ 2011 blog Glibc内存管理_Ptmalloc2源代码分析
• 2016 book Learning_Linux_Binary_Analysis
• 2016 slides Anatomy_of_cross-compilation_toolchains
• ★★★☆☆ 2017 slides GDB基础
• 2017 slides Tips_for_Linux_Kernel_Development
• 2019 slides Linux_Kernel_and_Driver_Development_Training
• 2019 slides Embedded_Linux_system_development
• 2019 slides Buildroot_Training

Compiler

• 1994 book Reverse_Compilation_Techniques
• 2007 book Compilers_Principles_Techniques_and_Tools_2nd_Edition
• 2011 book Engineering_a_Compiler_2nd_edition
• 2012 book Modern_Compiler_Design_2nd_Edition
• 2014 book Getting_Started_with_LLVM_Core_Libraries
• 2014 slides BHUSA2014-capstone
• 2016 slides BHUSA2016-keystone
• 2018 slides Decompiler internals: microcode

Virtualization & Emulation

• 2015 slides BHUSA2015-unicorn
• 2018 slides Hypervisor-Level_Debugger_Benefits_Challenges
• 2018 slides unboxing_your_virtualboxes
• 2018 slides thinking_outside_the_virtualbox
• 2018 blog intel_virtualisation_how_vt-x_kvm_and_qemu_work_together
• 2019 manual VirtualBox_User_Manual
• 2020 manual openSUSE Leap 15.2 Virtualization Guide

Cryptography

• 2017 book A_Graduate_Course_in_Applied_Cryptography
• 2017 slides API_design_for_cryptography
• online TLS Security

CTF

• ★★★☆☆ 2014 slides An_introduction_to_the_Return_Oriented_Programming_and_ROP_chain_generation
• ★★☆☆☆ 2015 slides 掘金CTF_CTF中的内存漏洞利用技巧
• ★☆☆☆☆ 2015 slides PLAY_WITH_LINUX_HEAP
• ★★☆☆☆ 2015 blog Linux_x86漏洞利用系列教程

Others

• 2016 survey 云计算环境安全综述
• 2017 report X41_Browser_Security_White_Paper
• 2017 report Cure53_Browser_Security_White_Paper
• 2018 slides Reversing_Vulnerability_Research_of_Ethereum_Smart_Contracts
• ★★★☆☆ 2019 blog The_Beginners_Guide_to_IDAPython
• 2019 slides Bug_Hunting_in_Synology_NAS
• 2020 report 全球高级持续性威胁（APT）2019年报告

Stargazers over time