{"id":13795167,"url":"https://github.com/chybeta/software-security-learning","last_synced_at":"2026-02-25T20:33:03.693Z","repository":{"id":108700218,"uuid":"100763899","full_name":"CHYbeta/Software-Security-Learning","owner":"CHYbeta","description":"Software-Security-Learning","archived":false,"fork":false,"pushed_at":"2022-08-31T23:17:48.000Z","size":45,"stargazers_count":1265,"open_issues_count":2,"forks_count":293,"subscribers_count":82,"default_branch":"master","last_synced_at":"2025-03-13T14:36:56.261Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://chybeta.github.io/2017/08/19/Software-Security-Learning/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CHYbeta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-08-19T02:17:57.000Z","updated_at":"2025-02-27T17:29:52.000Z","dependencies_parsed_at":"2023-04-01T11:48:20.683Z","dependency_job_id":null,"html_url":"https://github.com/CHYbeta/Software-Security-Learning","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FSoftware-Security-Learning","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FSoftware-Security-Learning/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FSoftware-Security-Learning/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FSoftware-Security-Learning/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CHYbeta","download_url":"https://codeload.github.com/CHYbeta/Software-Security-Learning/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245344076,"owners_count":20599887,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T23:00:52.895Z","updated_at":"2026-02-25T20:33:03.656Z","avatar_url":"https://github.com/CHYbeta.png","language":"HTML","funding_links":[],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"readme":"# [Software-Security-Learning](https://chybeta.github.io/2017/08/19/Software-Security-Learning/)\n\n在学习Software安全的过程中整合的一些资料。\n该repo会不断更新，最近更新日期为：2018/02/17。\n\n同步更新于： [chybeta: Software-Security-Learning (带目录) ](https://chybeta.github.io/2017/08/19/Software-Security-Learning/) \n\n更新小记：\n+ 新收录文章：\n\t+ 浏览器安全\n\t\t+ [浏览器漏洞](https://www.kanxue.com/book-9-208.htm)\n\t\t+ [X41-Browser-Security-White-Paper](https://github.com/x41sec/browser-security-whitepaper-2017)\n\t\t+ [纯干货：微软漏洞中国第一人黄正——如何用正确姿势挖掘浏览器漏洞（附完整 PPT）｜硬创公开课 ](https://www.leiphone.com/news/201612/YlysgkvgBbeBIkL9.html)\n\u003c!-- more --\u003e\n\t\n---\n\n# Bin Securiy\n+ [软件安全工程师技能表](https://github.com/feicong/sec_skills)\n\n## Tools\n+ [pharos: Automated static analysis tools for binary programs](https://github.com/cmu-sei/pharos)\n+ [Angr：The next-generation binary analysis platform ](https://github.com/angr/angr)\n+ [Angr：一个具有动态符号执行和静态分析的二进制分析工具 ](http://www.freebuf.com/sectool/143056.html)\n+ [angr初探](http://bestwing.me/2017/03/08/angr-study/)\n+ [符号执行：利用Angr进行简单CTF逆向分析 ](http://www.freebuf.com/articles/web/150296.html)\n+ [Vuzzer自动漏洞挖掘工具简单分析附使用介绍](http://www.freebuf.com/sectool/143123.html)\n+ [PEDA - Python Exploit Development Assistance for GDB](https://github.com/longld/peda)\n+ [pwntools - CTF framework and exploit development library](https://github.com/Gallopsled/pwntools)\n\n\n## Course\n\n+ [Modern Binary Exploitation](http://security.cs.rpi.edu/courses/binexp-spring2015/)\n+ [Linux \\(x86\\) Exploit Development Series](https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/)\n+ [liveoverflow: Binary Hacking Course](http://liveoverflow.com/binary_hacking/index.html)\n+ [Lots of Tutorials](https://www.fuzzysecurity.com/tutorials.html)\n\n### Hack The Virtual Memory\n\n+ [Hack The Virtual Memory: C strings \u0026 /proc](https://blog.holbertonschool.com/hack-the-virtual-memory-c-strings-proc/)\n+ [Hack The Virtual Memory: Python bytes](https://blog.holbertonschool.com/hack-the-virtual-memory-python-bytes/)\n+ [Hack the Virtual Memory: drawing the VM diagram](https://blog.holbertonschool.com/hack-the-virtual-memory-drawing-the-vm-diagram/)\n+ [Hack the Virtual Memory: malloc, the heap \u0026 the program break](https://blog.holbertonschool.com/hack-the-virtual-memory-malloc-the-heap-the-program-break/)\n\n### Exploit writing tutorial\n\n+ [Stack Based Overflows](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)\n+ [Stack Based Overflows – jumping to shellcode](https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/)\n+ [SEH Based Exploits](https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/)\n+ [SEH Based Exploits – just another example](https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/)\n+ [From Exploit to Metasploit – The basics](https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/)\n+ [How debugger modules \u0026 plugins can speed up basic exploit development](https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/)\n+ [Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR](https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/)\n+ [Unicode – from 0x00410041 to calc](https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/)\n+ [Win32 Egg Hunting](https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/)\n+ [Introduction to Win32 shellcoding](https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/)\n+ [Chaining DEP with ROP](https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/)\n+ [Heap Spraying Demystified](https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/)\n\n## 基础知识\n\n+ [Linux中的GOT和PLT到底是个啥？ ](http://www.freebuf.com/articles/system/135685.html)\n+ [教练！那根本不是IO！——从printf源码看libc的IO](http://bobao.360.cn/learning/detail/4490.html)\n\n## ROP\n\n### 一步一步ROP\n\n+ [一步一步学ROP之linux\\_x86篇](http://cb.drops.wiki/drops/tips-6597.html)\n+ [一步一步学ROP之linux\\_x86篇](http://cb.drops.wiki/drops/papers-7551.html)\n+ [一步一步学ROP之gadgets和2free篇](http://cb.drops.wiki/drops/binary-10638.html)\n+ [一步一步学ROP之Android ARM 32位篇](http://cb.drops.wiki/drops/papers-11390.html)\n\n### 基本ROP\n+ [Intro to ROP: ROP Emporium — Split](https://medium.com/@iseethieves/intro-to-rop-rop-emporium-split-9b2ec6d4db08)\n+ [ROP Emporium](https://ropemporium.com/)\n+ [ropasaurusrex: a primer on return-oriented programming2](https://blog.skullsecurity.org/2013/ropasaurusrex-a-primer-on-return-oriented-programming)\n+ [ROP技术入门教程](http://bobao.360.cn/learning/detail/3569.html)\n+ [二进制漏洞利用中的ROP技术研究与实例分析](https://xianzhi.aliyun.com/forum/read/840.html?fpage=2)\n+ [现代栈溢出利用技术基础：ROP](http://bobao.360.cn/learning/detail/3694.html)\n+ [通过ELF动态装载构造ROP链](http://wooyun.jozxing.cc/static/drops/binary-14360.html)\n+ [Swing: 基础栈溢出复习 二 之 ROP ](http://bestwing.me/2017/03/19/stack-overflow-two-ROP/)\n\n### BROP\n\n+ [Blind Return Oriented Programming](http://www.scs.stanford.edu/brop/)\n+ [muhe: Have fun with Blind ROP](http://o0xmuhe.me/2017/01/22/Have-fun-with-Blind-ROP/)\n+ [Swing: 基础栈溢出复习 四 之 BROP ](http://bestwing.me/2017/03/24/stack-overflow-four-BROP/)\n\n### SROP\n\n+ [Sigreturn Oriented Programming \\(SROP\\) Attack攻击原理](http://www.freebuf.com/articles/network/87447.html)\n+ [Swing: 基础栈溢出复习 三 之 SROP ](http://bestwing.me/2017/03/20/stack-overflow-three-SROP/)\n\n### Return-to-dl-resolve\n+ [如何在32位系统中使用ROP+Return-to-dl来绕过ASLR+DEP](http://www.freebuf.com/articles/system/149214.html)\n+ [通过ELF动态装载构造ROP链 （ Return-to-dl-resolve）](http://www.evil0x.com/posts/19226.html)\n\n## 栈漏洞\n\n+ [手把手教你栈溢出从入门到放弃（上）](http://bobao.360.cn/learning/detail/3717.html)\n+ [手把手教你栈溢出从入门到放弃（下）](http://bobao.360.cn/learning/detail/3718.html)\n+ [Hcamael: PWN学习总结之基础栈溢出](http://0x48.pw/2016/11/03/0x26/)\n+ [Hcamael: PWN学习总结之基础栈溢出2 ](http://0x48.pw/2016/11/21/0x27/)\n+ [Swing: 基础栈溢出复习 之基础](http://bestwing.me/2017/03/18/stack-overflow-one/)\n+ [ARM栈溢出攻击实践：从虚拟环境搭建到ROP利用 ](http://www.freebuf.com/articles/terminal/107276.html)\n+ [64-bit Linux stack smashing tutorial: Part 1](https://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/)\n+ [64-bit Linux stack smashing tutorial: Part 2](https://blog.techorganic.com/2015/04/21/64-bit-linux-stack-smashing-tutorial-part-2/)\n+ [64-bit Linux stack smashing tutorial: Part 3](https://blog.techorganic.com/2016/03/18/64-bit-linux-stack-smashing-tutorial-part-3/)\n+ [Offset2lib: bypassing full ASLR on 64bit Linu](http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html)\n+ [return2libc学习笔记](https://www.tuicool.com/articles/VVBz6va)\n\n## 堆漏洞\n\n+ [Heap Exploitation](https://heap-exploitation.dhavalkapil.com/introduction.html)\n+ [how2heap](https://github.com/shellphish/)\n\n### 堆相关知识\n\n+ [PWN之堆内存管理](http://paper.seebug.org/255/)\n+ [Linux堆内存管理深入分析（上） ](http://www.freebuf.com/articles/system/104144.html)\n+ [Linux堆内存管理深入分析（下） ](http://www.freebuf.com/articles/security-management/105285.html)\n+ [Windows Exploit开发系列教程——堆喷射（一）](http://bobao.360.cn/learning/detail/3548.html)\n+ [Windows Exploit开发系列教程——堆喷射（二）](http://bobao.360.cn/learning/detail/3555.html)\n+ [Libc堆管理机制及漏洞利用技术 \\(一） ](http://www.freebuf.com/articles/system/91527.html)\n+ [Notes About Heap Overflow Under Linux](https://blog.iret.xyz/article.aspx/linux_heapoverflow_enterance)\n+ [如何理解堆和堆溢出漏洞的利用?](http://www.freebuf.com/vuls/98404.html)\n+ [Have fun with glibc内存管理](http://o0xmuhe.me/2016/11/21/Have-fun-with-glibc%E5%86%85%E5%AD%98%E7%AE%A1%E7%90%86/)\n+ [内存映射mmap](http://www.tuicool.com/articles/A7n2ueq)\n+ [glibc malloc学习笔记之fastbin](http://0x48.pw/2017/07/25/0x35/)\n+ [malloc.c源码阅读之__libc_free](http://0x48.pw/2017/08/07/0x37/)\n+ [Malloc碎碎念](http://www.cnblogs.com/wangaohui/p/5190889.html)\n+ [glibc内存分配与回收过程图解](http://blog.csdn.net/maokelong95/article/details/52006379)\n+ [理解 glibc malloc](http://blog.csdn.net/maokelong95/article/details/51989081#allocated-chunk)\n\n### 堆利用技术\n+ [how2heap总结-上](http://bobao.360.cn/learning/detail/4386.html)\n+ [how2heap总结-下](http://bobao.360.cn/learning/detail/4383.html)\n+ [溢出科普：heap overflow\u0026溢出保护和绕过](http://wooyun.jozxing.cc/static/drops/binary-14596.html)\n+ [现代化的堆相关漏洞利用技巧](http://bobao.360.cn/learning/detail/3197.html)\n+ [从一字节溢出到任意代码执行-Linux下堆漏洞利用](http://bobao.360.cn/learning/detail/3113.html)\n+ [Heap overflow using unlink](https://sploitfun.wordpress.com/2015/02/26/heap-overflow-using-unlink/?spm=a313e.7916648.0.0.x4nzYZ)\n+ [堆溢出的unlink利用方法](https://www.tuicool.com/articles/E3Ezu2u)\n+ [Linux堆溢出漏洞利用之unlink](https://jaq.alibaba.com/community/art/show?spm=a313e.7916646.24000001.74.ZP8rXN\u0026articleid=360)\n+ [浅析Linux堆溢出之fastbin](http://www.freebuf.com/news/88660.html?utm_source=tuicool\u0026utm_medium=referral)\n+ [Linux堆溢出之Fastbin Attack实例详解](http://bobao.360.cn/learning/detail/3996.html)\n+ [unsorted bin attack分析](http://bobao.360.cn/learning/detail/3296.html)\n+ [Double Free浅析](http://www.vuln.cn/6172)\n+ [Understanding the heap by breaking it](http://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf)\n+ [An Introduction to Use After Free Vulnerabilities](https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities)\n+ [Use After Free漏洞浅析](http://bobao.360.cn/learning/detail/3379.html?utm_source=tuicool\u0026utm_medium=referral)\n+ [Linux堆漏洞之Use after free实例](http://d0m021ng.github.io/2017/03/04/PWN/Linux堆漏洞之Use-after-free实例/)\n+ [堆之House of Spirit](http://bobao.360.cn/learning/detail/3417.html)\n+ [Dance In Heap（一）：浅析堆的申请释放及相应保护机制 ](http://www.freebuf.com/articles/system/151372.html)\n+ [Dance In Heap（二）：一些堆利用的方法（上） ](http://www.freebuf.com/articles/system/151407.html)\n+ [Dance In Heap（三）：一些堆利用的方法（中） ](http://www.freebuf.com/articles/system/151428.html)\n+ [Dance In Heap（四）：一些堆利用的方法（下） ](http://www.freebuf.com/articles/system/151435.html)\n+ [Glibc Adventures：The Forgotten Chunks](https://info.contextis.com/acton/attachment/24535/f-02c8/1/-/-/-/-/Glibc%20Adventures%3A%20The%20forgotten%20chunks.pdf)\n\n## 格式化字符串漏洞\n+ [Exploiting Format String Vulnerabilities](https://crypto.stanford.edu/cs155old/cs155-spring08/papers/formatstring-1.2.pdf)\n+ [二进制漏洞之——邪恶的printf](http://cb.drops.wiki/drops/binary-6259.html)\n+ [漏洞挖掘基础之格式化字符串](http://cb.drops.wiki/drops/papers-9426.html)\n+ [格式化字符串漏洞利用小结（一）](http://bobao.360.cn/learning/detail/3654.html)\n+ [格式化字符串漏洞利用小结（二）](http://bobao.360.cn/learning/detail/3674.html)\n+ [Linux下的格式化字符串漏洞利用姿势](http://www.cnblogs.com/Ox9A82/p/5429099.html)\n+ [Linux系统下格式化字符串利用研究 ](http://0x48.pw/2017/03/13/0x2c/?utm_source=tuicool\u0026utm_medium=referral)\n+ [Advances in format string exploitation](http://phrack.org/issues/59/7.html)\n+ [Exploiting Sudo format string vunerability](http://www.vnsecurity.net/research/2012/02/16/exploiting-sudo-format-string-vunerability.html)\n\n## 其余漏洞\n\n### FSP溢出\n\n+ [Head First FILE Stream Pointer Overflow](http://wooyun.jozxing.cc/static/drops/binary-12740.html)\n+ [abusing the FILE structure](https://outflux.net/blog/archives/2011/12/22/abusing-the-file-structure/)\n+ [File Stream Pointer Overflows Paper.](http://repo.thehackademy.net/depot_ouah/fsp-overflows.txt)\n+ [溢出利用FILE结构体](http://bobao.360.cn/learning/detail/3219.html)\n\n### 整数溢出\n\n+ [整数溢出漏洞](http://blog.csdn.net/wuxiaobingandbob/article/details/44618925)\n\n## 保护绕过\n\n### Cannary绕过\n\n+ [栈溢出之绕过CANARY保护 ](http://0x48.pw/2017/03/14/0x2d/)\n+ [论canary的几种玩法](http://veritas501.space/2017/04/28/论canary的几种玩法/)\n+ [Liunx下关于绕过cancry保护总结](http://yunnigu.dropsec.xyz/2017/03/20/Liunx下关于绕过cancry保护总结/)\n\n## 内核\n+ [Some-Kernel-Fuzzing-Paper](https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper)\n+ [Introduction to Windows Kernel Driver Exploitation (Pt. 1) - Environment Setup](Introduction to Windows Kernel Driver Exploitation (Pt. 1) - Environment Setup)\n+ [Introduction to Windows Kernel Driver Exploitation (Pt. 2) - Stack Buffer Overflow to System Shell](https://glennmcgui.re/introduction-to-windows-kernel-driver-exploitation-pt-2/)\n+ [HackSysExtremeVulnerableDriver](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver)\n+ [Starting with Windows Kernel Exploitation – part 1 – setting up the lab](https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/)\n+ [Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver](https://hshrzd.wordpress.com/2017/06/05/starting-with-windows-kernel-exploitation-part-2/)\n+ [利用WinDbg本地内核调试器攻陷 Windows 内核](http://bobao.360.cn/learning/detail/4477.html)\n+ [Windows内核利用之旅：熟悉HEVD（附视频演示）](http://bobao.360.cn/learning/detail/4002.html)\n+ [Windows 内核攻击：栈溢出](http://bobao.360.cn/learning/detail/3718.html)\n+ [Linux 内核漏洞利用教程（一）：环境配置](http://bobao.360.cn/learning/detail/3700.html)\n+ [Linux 内核漏洞利用教程（二）：两个Demo](http://bobao.360.cn/learning/detail/3702.html)\n+ [Linux 内核漏洞利用教程（三）：实践 CSAW CTF 题目](http://bobao.360.cn/learning/detail/3706.html)\n+ [Linux内核ROP姿势详解\\(一\\) ](http://www.freebuf.com/articles/system/94198.html)\n+ [Linux内核ROP姿势详解（二）](http://www.freebuf.com/articles/system/135402.html)\n\n## 虚拟机逃逸\n+ [Phrack: VM escape - QEMU Case Study](https://www.exploit-db.com/papers/42883/)\n+ [虚拟机逃逸——QEMU的案例分析（一）](http://bbs.pediy.com/thread-217997.htm)\n+ [虚拟机逃逸——QEMU的案例分析（二）](http://bbs.pediy.com/thread-217999.htm)\n+ [虚拟机逃逸——QEMU的案例分析（三） ](http://bbs.pediy.com/thread-218045.htm)\n\n## ARM\n\n+ [ARM 汇编基础速成1：ARM汇编以及汇编语言基础介绍](http://bobao.360.cn/learning/detail/4070.html)\n+ [ARM 汇编基础速成2：ARM汇编中的数据类型](http://bobao.360.cn/learning/detail/4075.html)\n+ [ARM 汇编基础速成3：ARM模式与THUMB模式](http://bobao.360.cn/learning/detail/4082.html)\n+ [ARM 汇编基础速成4：ARM汇编内存访问相关指令](http://bobao.360.cn/learning/detail/4087.html)\n+ [ARM 汇编基础速成5：连续存取](http://bobao.360.cn/learning/detail/4097.html)\n+ [ARM 汇编基础速成6：条件执行与分支](http://bobao.360.cn/learning/detail/4104.html)\n+ [ARM 汇编基础速成7：栈与函数](http://bobao.360.cn/learning/detail/4108.html)\n\n## Lua\n+ [Lua程序逆向之Luac文件格式分析](http://bobao.360.cn/learning/detail/4534.html)\n\n## 进程注入\n\n+ [10种常见的进程注入技术的总结](http://bobao.360.cn/learning/detail/4131.html)\n+ [系统安全攻防战：DLL注入技术详解 ](http://www.freebuf.com/articles/system/143640.html)\n\n## 符号执行\n+ [关于符号执行](https://github.com/enzet/symbolic-execution)\n+ [Playing with Dynamic symbolic execution](http://www.miasm.re/blog/2017/10/05/playing_with_dynamic_symbolic_execution.html)\n\n## 漏洞挖掘\n+ [看我如何对Apache进行模糊测试并挖到了一个价值1500刀的漏洞](http://bobao.360.cn/learning/detail/4213.html)\n\n## CTF中的pwn\n\n+ [pwn \u0026 exploit](https://github.com/jmpews/pwn2exploit)\n\n### 入门\n\n+ [跟我入坑PWN第一章](http://bobao.360.cn/learning/detail/3300.html)\n+ [跟我入坑PWN第二章](http://bobao.360.cn/learning/detail/3339.html)\n\n### 技巧\n\n+ [借助DynELF实现无libc的漏洞利用小结](http://bobao.360.cn/learning/detail/3298.html?utm_source=tuicool\u0026utm_medium=referral)\n+ [what DynELF does basically ](http://o0xmuhe.me/2016/12/24/what-DynELF-does-basically/)\n+ [Finding Function's Load Address ](http://uaf.io/exploitation/misc/2016/04/02/Finding-Functions.html)\n\n### 总结\n\n+ [CTF总结](https://github.com/stfpeak/CTF)\n+ [pwn tips](http://skysider.com/?p=223)\n+ [CTF-pwn-tips](https://github.com/Naetw/CTF-pwn-tips)\n+ [pwn 学习总结](http://www.angelwhu.com/blog/?p=460)\n+ [CTF中做Linux下漏洞利用的一些心得](http://www.cnblogs.com/Ox9A82/p/5559167.html)\n+ [linux常见漏洞利用技术实践](http://drops.xmd5.com/static/drops/binary-6521.html)\n\n### WP\n+ [堆溢出学习之0CTF 2017 Babyheap ](http://0x48.pw/2017/08/01/0x36/)\n+ [一道有趣的CTF PWN题](http://bobao.360.cn/learning/detail/3189.html)\n+ [Exploit-Exercises Nebula全攻略](https://github.com/1u4nx/Exploit-Exercises-Nebula)\n+ [三个白帽之从pwn me调试到Linux攻防学习](http://wooyun.jozxing.cc/static/drops/binary-16700.html)\n\n# Android Security\n## Exercise\n+ [DIVA Android](https://github.com/payatu/diva-android/)\n+ [Android安全项目入门篇](https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==\u0026mid=2649846643\u0026idx=1\u0026sn=0286e8f1b3e6da0acbd129cb248eac2a)\n\n## Skill\n+ [Android应用逆向工程](http://bobao.360.cn/learning/detail/4428.html)\n+ [初探 Android SO 开发](http://www.ikey4u.com/blog/android-develop/android-so/)\n+ [Android App漏洞学习（一）](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==\u0026mid=2247484642\u0026idx=1\u0026sn=d34ec8b6fc9b5a63b627316e13821b13\u0026chksm=ec1e34cadb69bddc80598c93a0aef429d0b1d668b4fc6e5e6b31a7a3ebfa713aafda1f1b8f7a\u0026scene=21#wechat_redirect)\n+ [Android App漏洞学习（二） ](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==\u0026mid=2247484706\u0026idx=1\u0026sn=eb49d5f71f89fd4d2e3bec23c44c0ae6\u0026chksm=ec1e350adb69bc1c9f775bfaf997459e1cfa3beb065f553ed90fbd88220d7739487e9f7208bd#rd)\n+ [WIKI: Android](http://wiki.ioin.in/sort/android)\n+ [Android组件安全](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==\u0026mid=2247484387\u0026idx=1\u0026sn=7264428205276452d40c1ef7b1ed0dcc\u0026chksm=ec1e33cbdb69badd00794f81caa43e5d62e0dc9bb7b9baa9d4c3c9eb64a3a0a18613356bf584#rd)\n+ [通过 WebView 攻击 Android 应用](https://zhuanlan.zhihu.com/p/28107901)\n\n## Tool\n+ [走到哪黑到哪——Android渗透测试三板斧](http://bobao.360.cn/learning/detail/4254.html)\n+ [Brida:将frida与burp结合进行移动app渗透测试](http://www.4hou.com/penetration/6916.html)\n\n# 浏览器安全\n+ [浏览器漏洞](https://www.kanxue.com/book-9-208.htm)\n+ [浅谈多浏览器的自动化测试](http://www.freebuf.com/articles/others-articles/145586.html)\n+ [浏览器漏洞挖掘思路](https://zhuanlan.zhihu.com/p/28719766)\n+ [IE漏洞攻防编年简史](http://blog.topsec.com.cn/ad_lab/ie%E6%BC%8F%E6%B4%9E%E6%94%BB%E9%98%B2%E7%BC%96%E5%B9%B4%E7%AE%80%E5%8F%B2/)\n+ [IE浏览器漏洞综合利用技术：UAF利用技术的发展](http://bobao.360.cn/learning/detail/3666.html)\n+ [IE浏览器漏洞综合利用技术：堆喷射技术](http://bobao.360.cn/learning/detail/3656.html)\n+ [cure53-browser-sec-whitepaper](https://github.com/cure53/browser-sec-whitepaper)\n+ [X41-Browser-Security-White-Paper](https://github.com/x41sec/browser-security-whitepaper-2017)\n+ [纯干货：微软漏洞中国第一人黄正——如何用正确姿势挖掘浏览器漏洞（附完整 PPT）｜硬创公开课 ](https://www.leiphone.com/news/201612/YlysgkvgBbeBIkL9.html)\n\n# IOS/OSX Securiy\n+ [OSX/iOS reverse engineering](https://github.com/michalmalik/osx-re-101)\n\n## IOS\n### Exercise\n+ [Damn Vulnerable iOS Application (DVIA)](http://damnvulnerableiosapp.com/#trainings)\n\n### Skill\n+ [IosHackStudy](https://github.com/pandazheng/IosHackStudy)\n+ [Papers, Slides and Thesis Archive : iOS](https://papers.put.as/ios/ios/)\n+ [ios-wiki: iOS Security](http://security.ios-wiki.com/)\n+ [apple官方文档：iOS Security](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)\n+ [iOS安全系列汇总](http://esoftmobile.com/2014/02/14/ios-security/)\n+ [浅谈iOS应用安全自动化审计](https://security.tencent.com/index.php/blog/msg/105)\n+ [iOS安全审计入门](http://www.freebuf.com/articles/terminal/123098.html)\n+ [iOS内核漏洞挖掘–fuzz\u0026代码审计](http://blog.pangu.io/xkungfoo2015/)\n\n## OSX\n### Exercise\n+ [OS X : Crackmes](https://reverse.put.as/crackmes/)\n+ [OS X内核大揭秘之基础篇](http://bobao.360.cn/learning/detail/4501.html)\n+ [OS X内核大揭秘之利用篇](http://bobao.360.cn/learning/detail/4500.html)\n\n### Skill\n+ [Papers, Slides and Thesis Archive : Mac OS X](https://papers.put.as/macosx/macosx/)\n+ [实现 macOS 内核监控的几种方法](https://paper.seebug.org/380/)\n\n# 蓝牙安全\n+ [Guide to Bluetooth Security](https://csrc.nist.gov/csrc/media/publications/sp/800-121/rev-2/draft/documents/sp800_121_r2_draft.pdf)\n\n# malware\n+ [Reverse engineering malware: TrickBot (part 1 - packer)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-1-packer)\n+ [Reverse engineering malware: TrickBot (part 2 - loader)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-2-loader)\n+ [Reverse engineering malware: TrickBot (part 3 - core)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-3-core )\n+ [《恶意样本分析手册》合辑](http://blog.nsfocus.net/malware-sample-analysis-summary/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchybeta%2Fsoftware-security-learning","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchybeta%2Fsoftware-security-learning","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchybeta%2Fsoftware-security-learning/lists"}