├── shield.png ├── README.md ├── 2021.md └── 2020.md /shield.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hong6914/awesome_software_securities/HEAD/shield.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | 5 | # Awesome Software Securities 6 | A Curated list of sites and URLs on software and securities that I hope to learn from you guys. 7 | 8 | - [Awesome Sites](#awesome-sites) 9 | - [Sites Better Visiting Every Week](#sites-urls) 10 | - [URLs in Year 2020](2020.md) 11 | - [URLs in Year 2021](2021.md) 12 | 13 | --- 14 | 15 | ## Awesome Sites 16 | 17 | * [Awesome Security Hardening](https://github.com/decalage2/awesome-security-hardening) 18 | * [Awesome Threat Detection and Hunting library](https://github.com/threat-hunting/awesome_Threat-Hunting) 19 | * [Awesome Malware Analysis](https://github.com/hslatman/awesome-malware-analysis) 20 | * [Awesome Mobile Security](https://github.com/vaib25vicky/awesome-mobile-security) 21 | * [Android Security Awesome](https://github.com/ashishb/android-security-awesome) 22 | * [Awesome Android Security](https://github.com/saeidshirazi/awesome-android-security) 23 | 24 | --- 25 | 26 | 27 | ## Sites URLs 28 | *Sites better visiting every week* 29 | 30 | * [vxunderground](https://vxug.fakedoma.in/) - largest collection of malware source, samples, and papers 31 | - [twitter](https://twitter.com/vxunderground) 32 | * [Exploits Database](https://www.exploit-db.com) - by Offensive Security 33 | * [reddit/r/netsec](https://www.reddit.com/r/netsec/new/) - Information Security News & Discussion 34 | * [Trail of Bits Blogs](https://blog.trailofbits.com/) 35 | * [Penetration Testing](https://securityonline.info/) 36 | * [Quarkslab's blog](https://blog.quarkslab.com/index.html) 37 | * [KitPloit](https://www.kitploit.com/) 38 | * Checkpoint Research 39 | - [Evasion techniques](https://evasions.checkpoint.com/) 40 | - [Vulnerability Repository](https://cpr-zero.checkpoint.com/) 41 | - [Anti-Debug Tricks](https://anti-debug.checkpoint.com/) 42 | * [Hack Tricks](https://book.hacktricks.xyz/) 43 | * [irq5.io](https://irq5.io/) 44 | * [InfoSec Diary Blog Archive](https://isc.sans.edu/diaryarchive.html) 45 | * [Red Teaming Experiments](https://ired.team/) 46 | * [Information-Security-Tasks](https://github.com/bb1nfosec/Information-Security-Tasks) 47 | * [SensePost Blogs](https://sensepost.com/blog/2020/) - Year 2020 48 | * [SECRET CLUB - we break software](https://secret.club/) 49 | * [Hacker Arise](https://www.hackers-arise.com/) 50 | * [Hacking Articles](https://www.hackingarticles.in/) 51 | * [mitre-attack](https://attack.mitre.org/) 52 | - [GitHub](https://github.com/mitre-attack) 53 | * [security-in-bits](https://www.securityinbits.com/) 54 | * [GitLab Security Lab](https://securitylab.github.com/research) 55 | * [MSRC security research](https://github.com/microsoft/MSRC-Security-Research/) 56 | * [Google Project Zero](https://googleprojectzero.blogspot.com/) 57 | * [Rapid7 blogs](https://blog.rapid7.com/tag/) 58 | * [mdsecresearch Publications](https://github.com/mdsecresearch/Publications) 59 | -------------------------------------------------------------------------------- /2021.md: -------------------------------------------------------------------------------- 1 | 2 | # Software Security Related Sites and URLs --- Y2020 3 | 4 | - [Conferences](#conferences-urls) 5 | - [Awesome Sites](#awesome-sites) 6 | - [Security](#security-urls) 7 | - [Fuzzing](#fuzzing-urls) 8 | - [Windows](#windows-urls) 9 | - [Linux](#linux-urls) 10 | - [iOS](#ios-urls) 11 | - [Java](#java-urls) 12 | - [C/C++](#c-&-c++-urls) 13 | - [Python](#python-urls) 14 | - [Rust](#rust-urls) 15 | - [GoLang](#golang-urls) 16 | - [Assembly](#assembly-urls) 17 | - [Virtualization](#vm-urls) 18 | - [Web](#web-urls) 19 | - [Mobile](#mobile-urls) 20 | - [Android](#android-urls) 21 | - [Tools](#tools-urls) 22 | - [Self Study](#self-study-urls) 23 | 24 | --- 25 | 26 | 27 | ## Conferences URLs 28 | 29 | * [Remote Chaos Experience 2020](https://media.ccc.de/c/rc3) 30 | * [Hack In The Box Security Conference](https://www.youtube.com/channel/UC0BJVNTIEbG8CLG-xVVWJnA) 31 | - [2020: D1 LAB - Qiling Framework with IDA Pro](https://www.youtube.com/watch?v=ykUXUZo8fAk&feature=youtu.be) 32 | * [VB2020 localhost videos](https://www.youtube.com/playlist?list=PLffioUnqXWkdzWcZXH-bzPVgcs2R4r7iS) 33 | * [Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security](https://dl.acm.org/doi/proceedings/10.1145/3372297) 34 | 35 | 36 | --- 37 | 38 | ## Awesome Sites 39 | 40 | * [Awesome-CobaltStrike](https://github.com/zer0yu/Awesome-CobaltStrike) 41 | * [Awesome-CobaltStrike-Defence](https://github.com/zer0yu/Awesome-CobaltStrike) 42 | 43 | --- 44 | 45 | 46 | ## Security URLs 47 | 48 | * [PaloAltoNetworks/research-notes - PDFs and PPTs](https://github.com/PaloAltoNetworks/research-notes) 49 | 50 | *Windows* 51 | * [**CyberARK threat research blogs**](https://www.cyberark.com/resources/threat-research-blog) 52 | - [A Modern Exploration of Windows Memory Corruption Exploits 1](https://www.cyberark.com/resources/threat-research-blog/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows) 53 | - [Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?](https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower) 54 | - [Make Memcpy Safe Again: CodeQL](https://www.cyberark.com/resources/threat-research-blog/make-memcpy-safe-again-codeql) 55 | - [DLLSpy – Tighten Your Defense by Discovering DLL Hijacking Easily](https://www.cyberark.com/resources/threat-research-blog/dllspy-tighten-your-defense-by-discovering-dll-hijacking-easily) 56 | * [**Forrest-orr.net blogs**](https://www.forrest-orr.net/blog) 57 | * [Windows Defender Application Control (WDAC) in win10 20H2](https://mattifestation.medium.com/windows-defender-application-control-wdac-updates-in-20h2-and-building-a-simple-secure-4fd4ee86de4) 58 | * [CET Internals in Windows 10 20H1](http://windows-internals.com/cet-on-windows/) 59 | * [NTFS Remote Code Execution (CVE-2020-17096) Analysis](https://blog.zecops.com/vulnerabilities/ntfs-remote-code-execution-cve-2020-17096-analysis/) 60 | * [**two new Windows anti-debug methods**](https://secret.club/2021/01/04/thread-stuff.html) 61 | * [An Outlook parasite for stealth persistence](https://vanmieghem.io/stealth-outlook-persistence/) 62 | * [OSR: Mitigations and Best Practices for ExAllocatePoolZero Security Vulnerabilities](https://www.osr.com/blog/2021/01/07/mitigations-exallocatepoolzero-security-vulnerability/) 63 | * [Malware Development: Leveraging Beacon Object Files for Remote Process Injection via Thread Hijacking](https://connormcgarr.github.io/thread-hijacking/) 64 | * [Bypassing Windows protection mechanisms & Playing with OffensiveNim](https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/) 65 | * [**secret club**](https://secret.club/) 66 | * [Pushing back on userland hooks with Cobalt Strike](https://blog.cobaltstrike.com/2021/01/13/pushing-back-on-userland-hooks-with-cobalt-strike/) 67 | 68 | * :point_right:[Antimalware-Research](https://github.com/NtRaiseHardError/Antimalware-Research) 69 | * :point_right:[mimikatz - a little tool to play with Windows security](https://github.com/gentilkiwi/mimikatz) 70 | * :point_right:[nccgroup](https://github.com/nccgroup) 71 | - [pybeacon](https://github.com/nccgroup/pybeacon) - scripts to deal with Cobalt Strike beacons in Python 72 | 73 | *Linux* 74 | * [Linux Hardening Guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html) 75 | *[Simon Scannell's exploits](https://github.com/scannells/exploits) 76 | 77 | *GitHub* 78 | * [Ransomware Reports](https://github.com/d4rk-d4nph3/Ransomware-Reports) 79 | 80 | * :point_right:[vxunderground](https://github.com/vxunderground) 81 | - [MalwareSourceCode](https://github.com/vxunderground/MalwareSourceCode) 82 | * :point_right:[MichaelKoczwara repos](https://github.com/MichaelKoczwara?tab=repositories) 83 | 84 | * [Control Things Platform]() 85 | - [ctbin](https://github.com/ControlThings-io/ctbin) - Tool for analyzing binary files 86 | - [ct-samples](https://github.com/ControlThings-io/ct-samples) - sample files 87 | 88 | * [bottom - cross-platform graphical process/system monitor](https://github.com/ClementTsang/bottom) 89 | 90 | --- 91 | 92 | 93 | ## Fuzzing URLs 94 | 95 | *Conferences* 96 | 97 | *Fuzzing Techniques* 98 | * [Find Software Bugs Using Symbolic Execution (KLEE)](https://sasnauskas.eu/finding-software-bugs-using-symbolic-execution/) 99 | * [Fuzzing with Grammars](https://www.fuzzingbook.org/html/Grammars.html) 100 | 101 | *Fuzz on Windows* 102 | 103 | *Fuzz on Linux* 104 | 105 | 106 | *Web related* 107 | 108 | *Tools* 109 | * [resmack-rust - Feedback-driven Grammar Fuzzing](https://narly.me/posts/resmack-grammar-fuzz-thoughts-4/) 110 | *[binary format fuzzer](https://uds-se.github.io/FormatFuzzer/) 111 | 112 | * :point_right:[**Qiling Advanced Binary Emulation Framework**](https://github.com/qilingframework/qiling) 113 | * [binee - Binary Emulation Environment for Windows](https://github.com/carbonblack/binee) 114 | 115 | * [E9Patch - A Powerful Static Binary Rewriter on ELF](https://github.com/GJDuck/e9patch) 116 | 117 | * [macos-gpu-fuzzing-public - Fuzz macOS GPU](https://github.com/astarasikov/macos-gpu-fuzzing-public) 118 | * [xnuspy - an iOS kernel function hooking framework for checkra1n'able devices](https://github.com/jsherman212/xnuspy) 119 | 120 | * [ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing](https://github.com/profuzzbench/profuzzbench) 121 | 122 | * [Binary Ninja Hexagon Processor Plugin, by Google](https://github.com/google/binja-hexagon) 123 | 124 | *self-study* 125 | 126 | 127 | --- 128 | 129 | 130 | ## Windows URLs 131 | 132 | *kernel* 133 | * [Windows Kernel Programming](https://github.com/XShar/Windows_Kernel_Programming) 134 | * [**DIRT: Driver Initial Reconnaissance Tool**](https://github.com/jthuraisamy/DIRT) 135 | 136 | * [Part 1: Fs Minifilter Hooking](https://aviadshamriz.medium.com/part-1-fs-minifilter-hooking-7e743b042a9d) 137 | * [Part 2: Display Miniport Hooking](https://aviadshamriz.medium.com/part-2-display-miniport-hooking-e1a54661d2e1) 138 | * [Hunting for Bugs in Windows Mini-Filter Drivers](https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html) 139 | 140 | *user space* 141 | * [Parent Process vs. Creator Process](https://scorpiosoftware.net/2021/01/10/parent-process-vs-creator-process/) - by Pavel Yosifovich 142 | 143 | *reverse* 144 | * [Christophe Tafani-Dereeper - Windows Security](https://blog.christophetd.fr/category/security/windows-security/) 145 | * [Extending the Exploration and Analysis of Windows RPC Methods Calling other Functions with Ghidra](https://medium.com/threat-hunters-forge/extending-the-exploration-and-analysis-of-windows-rpc-methods-calling-other-functions-with-ghidra-e4cdaa9555bd) 146 | * [D3VI5H4] 147 | - [Windows Persistence](https://github.com/D3VI5H4/Persistence) 148 | - [Antivirus Artifacts on hook detection](https://github.com/D3VI5H4/Antivirus-Artifacts/) 149 | - [Antivirus Artifacts on hook detection part 2](https://github.com/D3VI5H4/Antivirus-Artifacts/blob/main/AntivirusArtifacts2.pdf) 150 | * [Bypassing Windows SmartScreen](https://www.gironsec.com/blog/2020/12/bypassing-windows-smartscreen/) 151 | 152 | * [SysWhispers2 - AV/EDR evasion via direct system calls](https://github.com/jthuraisamy/SysWhispers2) 153 | * [SharpZipRunner - run position independent shellcode from an encrypted zip](https://github.com/jfmaes/SharpZipRunner) 154 | * [**clairvoyance - Visualize the virtual address space of a Windows process**](https://github.com/0vercl0k/clairvoyance) 155 | * [Windows pentest scripts](https://github.com/S3cur3Th1sSh1t/WinPwn) 156 | 157 | *Tools* 158 | * [Win_API_Obfuscation](https://github.com/XShar/Win_API_Obfuscation) 159 | * [CRC32](https://github.com/XShar/CRC32) 160 | 161 | *PowerShell* 162 | * [Hawk - tool to gather O365 info for intrusions and potential Breaches](https://github.com/T0pCyber/hawk) 163 | 164 | --- 165 | 166 | 167 | ## Linux URLs 168 | 169 | *kernel* 170 | 171 | *user space* 172 | 173 | *reverse* 174 | 175 | *tools* 176 | * [nsjail - a light-weight process isolation tool](https://github.com/google/nsjail) - by Google 177 | 178 | --- 179 | 180 | 181 | ## iOS URLs 182 | 183 | * [setup iOS Debugging for jailbreaking](https://understruction.com/setting-up-ios-debugging) 184 | * [The Mac Malware of 2020](https://objective-see.com/blog/blog_0x5F.html) 185 | 186 | * [SnatchBox (CVE-2020-27935) - a sandbox escape vulnerability and exploit](https://github.com/LIJI32/SnatchBox) 187 | * [macOS 11.0.1 - Source](https://opensource.apple.com/release/macos-1101.html) - from Apple 188 | 189 | --- 190 | 191 | 192 | ## Java URLs 193 | 194 | 195 | *Tools* 196 | * :point_right:[**ghidra**](https://github.com/NationalSecurityAgency/ghidra) 197 | - [ghidra_scripts](https://github.com/ghidraninja/ghidra_scripts) 198 | 199 | --- 200 | 201 | 202 | ## C & C++ URLs 203 | 204 | *Tools* 205 | * [GJDuck/EffectiveSan - Runtime type and bounds-error checking for C/C++](https://github.com/GJDuck/EffectiveSan) 206 | * [GJDuck/LowFat - Lean C/C++ Bounds Checking with Low-Fat Pointers](https://github.com/GJDuck/LowFat) 207 | 208 | --- 209 | 210 | 211 | ## Python URLs 212 | 213 | --- 214 | 215 | 216 | ## Rust URLs 217 | 218 | * [rustcc - a C compiler written in Rust](https://github.com/ClementTsang/rustcc) 219 | 220 | --- 221 | 222 | 223 | ## GoLang URLs 224 | 225 | * [Blackhat Go](https://github.com/TralahM/blackhat-go) 226 | 227 | --- 228 | 229 | 230 | ## Assembly URLs 231 | 232 | * [FoxDec - decompile x86/x64 assembly to C code](https://ssrg-vt.github.io/FoxDec/) 233 | 234 | --- 235 | 236 | 237 | ## Virtualization URLs 238 | 239 | * [two conference talks by Alisa Esage](https://www.youtube.com/channel/UC-a8hBNKa-n0O5bjRu-_Khw) 240 | * [Hyper-V debugging for beginners. 2nd edition](https://hvinternals.blogspot.com/2021/01/hyper-v-debugging-for-beginners-2nd.html) 241 | 242 | *Tools* 243 | * [HyperViper - Toolkit for Hyper-V security research](https://github.com/JaanusKaapPublic/HyperViper) 244 | 245 | * [Bring Your Own VM - Mac Edition - XPN InfoSec Blog](https://blog.xpnsec.com/bring-your-own-vm-mac-edition/) 246 | 247 | --- 248 | 249 | 250 | ## Web URLs 251 | 252 | * [Everything Old is New Again: Binary Security of WebAssembly](https://www.usenix.org/system/files/sec20-lehmann.pdf) 253 | * [Practical Web Cache Poisoning](https://portswigger.net/research/practical-web-cache-poisoning) 254 | 255 | * [Template Injection in Action](https://gosecure.github.io/template-injection-workshop/) 256 | * [Pentest - Everything SMTP](https://luemmelsec.github.io/Pentest-Everything-SMTP/) 257 | * [Advanced XXE Exploitation workshop](https://gosecure.github.io/xxe-workshop/#0) 258 | 259 | *Tools* 260 | * [Viper - metasploit-framework with webui for red teamers](https://github.com/FunnyWolf/Viper) 261 | * [EMOTET - a State-Machine reversing exercise over emails](https://github.com/cecio/EMOTET-2020-Reversing) 262 | * [PcapMonkey - analyze pcap packets using Suricata and Zeek](https://github.com/certego/PcapMonkey) 263 | 264 | *Self Study* 265 | * [fe-necessary-book - A book and software collection about frontend](https://github.com/ddzy/fe-necessary-book) 266 | 267 | --- 268 | 269 | 270 | ## Mobile URLs 271 | 272 | * [Data Security on Mobile Devices: Current State of theArt, Open Problems, and Proposed Solutions](https://securephones.io/main.pdf) 273 | 274 | --- 275 | 276 | 277 | ## Android URLs 278 | 279 | * [Samsung RKP(Real-time Kernel Protection) internals](https://blog.longterm.io/samsung_rkp.html) 280 | * [Android Kernel Exploitation Workshop](https://cloudfuzz.github.io/android-kernel-exploitation/chapters/exploitation.html) 281 | * [Locating the kernel PGD on Android/aarch64](https://duasynt.com/blog/android-pgd-page-tables) 282 | 283 | *Tools* 284 | * [apkleaks - scan APK file for URIs, endpoints & secrets](https://github.com/dwisiswant0/apkleaks) 285 | * [Google - Android Emulator Hypervisor Driver for AMD Processors](https://github.com/google/android-emulator-hypervisor-driver-for-amd-processors) 286 | 287 | *Self study* 288 | * [anantshri/Android_Security - suplimentary material for Android Training](https://github.com/anantshri/Android_Security) 289 | 290 | --- 291 | 292 | 293 | ## Tools URLs 294 | 295 | *IDA Pro related* 296 | 297 | *Ghidra related* 298 | 299 | 300 | --- 301 | 302 | ## Self Study URLs 303 | 304 | * [tutorial - Reverse Engineering For Everyone](https://github.com/mytechnotalent/Reverse-Engineering-Tutorial) 305 | -------------------------------------------------------------------------------- /2020.md: -------------------------------------------------------------------------------- 1 | 2 | # Software Security Related Sites and URLs --- Y2020 3 | 4 | - [Conferences](#conferences-urls) 5 | - [Security](#security-urls) 6 | - [Fuzzing](#fuzzing-urls) 7 | - [Windows](#windows-urls) 8 | - [Linux](#linux-urls) 9 | - [iOS](#ios-urls) 10 | - [Java](#java-urls) 11 | - [C/C++](#c-&-c++-urls) 12 | - [Python](#python-urls) 13 | - [Rust](#rust-urls) 14 | - [GoLang](#golang-urls) 15 | - [Assembly](#assembly-urls) 16 | - [Virtualization](#vm-urls) 17 | - [Web](#web-urls) 18 | - [Android](#android-urls) 19 | - [Tools](#tools-urls) 20 | - [Self Study](#self-study-urls) 21 | 22 | --- 23 | 24 | 25 | ## Conferences URLs 26 | 27 | * [PPTs of HITBCyberWeek 2020 are released](https://cyberweek.ae/materials/2020/) 28 | * [DefCon](https://media.defcon.org/) 29 | * [USENIX Conferences](https://www.usenix.org/conferences/) 30 | - [USENIX Security '20 Technical Sessions](https://www.usenix.org/conference/usenixsecurity20/technical-sessions) 31 | * [Hexacon](https://www.hexacorn.com/blog/) 32 | - [Hacks In Taiwan](https://www.facebook.com/HITCON/) - Facebook page 33 | 34 | --- 35 | 36 | 37 | ## Security URLs 38 | 39 | *Malware Samples and Database* 40 | 41 | * [Application Security Knowledgebase](https://ishaqmohammed.me/posts/application-security-knowledgebase/) 42 | * [fabrimagic72/malware-samples](https://github.com/fabrimagic72/malware-samples) 43 | * [samples and leaked source etc](https://vxug.fakedoma.in/samples.html) 44 | * [theZoo - A Live Malware Repository](https://thezoo.morirt.com/) 45 | * [The national cert of Switzerland has started pushing their samples to it](https://twitter.com/GovCERT_CH/status/1308658448167505920) 46 | * [MalwareBazaar](https://bazaar.abuse.ch/) - abuse.ch's project to share malware samples with the community 47 | * [APT Malware Dataset](https://github.com/cyber-research/APTMalware) 48 | * [Software security paper list](https://github.com/AdaLogics/software-security-paper-list) 49 | 50 | *URLs* 51 | * [When Anti-Virus Engines Look Like Kernel Rootkits](https://volatility-labs.blogspot.com/2020/05/when-anti-virus-engines-look-like.html) 52 | - [Volatility Foundation](https://github.com/volatilityfoundation) 53 | * [Perform External Black-box Penetration Testing in Organization with “ZERO” Information](https://gbhackers.com/external-black-box-penetration-testing/) 54 | * Masking Malicious Memory Artifacts 55 | - [Part I: Phantom](https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing) 56 | - [Part II: Insights](https://www.forrest-orr.net/post/masking-malicious-memory-artifacts-part-ii-insights-from-moneta) 57 | * [hacking blogs](https://hakin9.org/blog-2/) 58 | * [Light Blue Touchpaper](https://www.lightbluetouchpaper.org/) - Security Research, Computer Laboratory, University of Cambridge 59 | 60 | *GitHub* 61 | * [ReddyyZ/GhostShell](https://github.com/ReddyyZ/GhostShell) - Malware indetectable, with AV bypass techniques, anti-disassembly, etc. 62 | * [Security Assessment Mindset](https://github.com/dsopas/assessment-mindset) 63 | * [sbousseaden/EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES) - Windows Events Attack Samples 64 | * [shellphish/how2heap](https://github.com/shellphish/how2heap) - various heap exploitation techniques 65 | 66 | *anti-virus* 67 | * [GitHub topics on anti-virus](https://github.com/topics/antivirus) 68 | - [zelon88 / HR-AV](https://github.com/zelon88/HR-AV) 69 | - [Windows Inspector driver](https://github.com/repnz/windows-inspector) 70 | - [HackTheWorld - Bypasses All Antivirus so far](https://github.com/stormshadow07/HackTheWorld) 71 | - [Armadito core](https://github.com/armadito/armadito-av) 72 | - [OWASP / SecureTea-Project](https://github.com/OWASP/SecureTea-Project) 73 | - :point_right:[**Antimalware-Research**](https://github.com/NtRaiseHardError/Antimalware-Research) 74 | - [apriorit / Simple-Antirootkit-SST-Unhooker](https://github.com/apriorit/Simple-Antirootkit-SST-Unhooker) 75 | - [Malice Plugins](https://github.com/malice-plugins) 76 | - [basicLibPP](https://github.com/zzy590/basicLibPP) - library for inline-hook,lock,compress etc 77 | - [Winpayloads](https://github.com/nccgroup/Winpayloads) - Undetectable Windows Payload Generation 78 | - [Ch0pin / AVIator](https://github.com/Ch0pin/AVIator) - a backdoor generator utility 79 | 80 | - :point_right:[**ClamAV**](https://github.com/Cisco-Talos/clamav-devel) - on Linux 81 | - [Docker ClamAV](https://github.com/openbridge/clamav) 82 | - [mko-x / docker-clamav](https://github.com/mko-x/docker-clamav) 83 | - [tiredofit/docker-clamav](https://github.com/tiredofit/docker-clamav) - Dockerfile to build an Clam Antivirus container image 84 | - [Ansible Role: ClamAV](https://github.com/geerlingguy/ansible-role-clamav) 85 | - [malice-fprot](https://github.com/malice-plugins/fprot) 86 | - [docker-antivirus with ClamAV and Atomic](https://github.com/wdhif/docker-antivirus) 87 | - [malice-fsecure](https://github.com/malice-plugins/fsecure) 88 | - [VxSig](https://github.com/google/vxsig) - automatically generate AV byte signatures from sets of similar binaries 89 | - [rordi/docker-antivirus](https://github.com/rordi/docker-antivirus) - Antivirus/Antimalware as a Microservice/Docker Container 90 | 91 | --- 92 | 93 | 94 | ## Fuzzing URLs 95 | 96 | *Concerences* 97 | - [FuzzCon Europe 2020](https://www.youtube.com/playlist?list=PLI0R_0_8-TV4JArtdlgnuPtgXALZxAYqu) 98 | - [Fuzz Week 2020](https://gamozolabs.github.io/2020/07/12/fuzz_week_2020.html) 99 | 100 | * :point_right:[**SecurityLab - research**](https://securitylab.github.com/research) 101 | - [Fuzzing software: common challenges and potential solutions (Part 1)](https://securitylab.github.com/research/fuzzing-challenges-solutions-1) 102 | - [Fuzzing software: advanced tricks (Part 2)](https://securitylab.github.com/research/fuzzing-software-2) 103 | * :point_right:[**Fuzz publications**](https://mboehme.github.io/) 104 | - [Boosting Fuzzer Efficiency: An Information Theoretic Perspective](https://mboehme.github.io/paper/FSE20.Entropy.pdf) 105 | * :point_right:[**Chair for Systems Security**](https://github.com/RUB-SysSec?tab=repositories) 106 | * :point_right:[**SOLA - University of Stuttgart, Germany**](http://www.software-lab.org/publications.html) 107 | * :point_right:[**Gamozo Labs Blog**](https://gamozolabs.github.io/) 108 | - [mesos](https://github.com/gamozolabs) 109 | * :point_right:[**Long Lu**](https://www.longlu.org/) 110 | - [Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code](https://www.longlu.org/publication/fics/) 111 | * :point_right:[**Academic papers related to fuzzing, binary analysis, and exploit dev**](https://github.com/0xricksanchez/paper_collection) 112 | 113 | *Fuzzing Techniques* 114 | * [Fuzzing Image Parsing in Windows, Part One: Color Profiles](https://www.fireeye.com/blog/threat-research/2020/09/fuzzing-image-parsing-in-windows-color-profiles.html) 115 | * [Microsoft onefuzz](https://github.com/microsoft/onefuzz) - seems more an ad selling on Azure than showing a high-performance fuzz engine 116 | * [Fuzzing a simple C program using WinAFL on windows](https://hardik05.wordpress.com/2020/09/06/fuzzing-with-winafl-fuzzing-a-simple-c-program-using-winafl-on-windows/) 117 | * [Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x](https://blogs.cisco.com/security/talos/barbervisor) 118 | * [Fuzzing afdko with AFL in 32bit Mode](https://hardik05.wordpress.com/2020/08/08/fuzzing-afdko-with-afl-in-32bit-mode/) 119 | * [Address Sanitizer for Windows adds support on x64 and checked build](https://devblogs.microsoft.com/cppblog/asan-for-windows-x64-and-debug-build-support/) 120 | * [Grammar based fuzzing PDFs with Domato](https://symeonp.github.io/2020/04/18/grammar-based-fuzzing.html) 121 | * [Pwning Adobe Reader Multiple Times with Malformed Strings](https://conference.hitb.org/hitblockdown/materials/D1%20-%20Pwning%20Adobe%20Reader%20Multiple%20Times%20with%20Malformed%20Strings%20-%20Ke%20Liu.pdf) 122 | * [Creating a fuzzing harness for FoxitReader 9.7 ConvertToPDF Function](https://christopher-vella.com/2020/02/28/creating-a-fuzzing-harness-for-foxitreader-9-7-converttopdf-function/) 123 | * [PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction](https://qingkaishi.github.io/public_pdfs/SP2020.pdf) 124 | * [Using Echidna to test a smart contract library](https://blog.trailofbits.com/2020/08/17/using-echidna-to-test-a-smart-contract-library/) 125 | * [BigFuzz: Efficient Fuzz Testing for Data Analytics Using Framework Abstraction](https://rohan.padhye.org/files/bigfuzz-ase20.pdf) 126 | * [Fuzzing binaries with LLVM's libFuzzer and rev.ng](https://rev.ng/blog/fuzzing/post.html) 127 | * Fuzzing Like A Caveman 128 | - [part 1](https://h0mbre.github.io/Fuzzing-Like-A-Caveman/) 129 | - [part 2: Improving Performance](https://h0mbre.github.io/Fuzzing-Like-a-Caveman-2/) 130 | - [part 3: Trying to Somewhat Understand The Importance Code Coverage](https://h0mbre.github.io/Fuzzing-Like-A-Caveman-3/) 131 | - [part 4: Snapshot/Code Coverage Fuzzer!](https://h0mbre.github.io/Fuzzing-Like-A-Caveman-4/) 132 | * :point_right:[**On Measuring and Visualizing Fuzzer Performance**](https://hexgolems.com/2020/08/on-measuring-and-visualizing-fuzzer-performance/) 133 | * Resmack 134 | - [Part 1: Grammar Fuzzing Thoughts](https://narly.me/posts/resmack-grammar-fuzz-thoughts-1/) 135 | - [Part 2: Full Fuzzer Detour](https://narly.me/posts/resmack-detour-full-fuzzer-experiment/) 136 | * [Symbolic execution with SYMCC: Don’t interpret, compile!](http://www.s3.eurecom.fr/docs/usenixsec20_symcc.pdf) 137 | 138 | *Fuzz on Windows* 139 | * [Debug Information Validation for Optimized Code](https://helloqirun.github.io/papers/pldi20_yuanbo1.pdf) 140 | * [BinRec: Dynamic Binary Lifting and Recompilation](https://download.vusec.net/papers/binrec_eurosys20.pdf) 141 | * [Binary Rewriting without Control Flow Recovery](https://www.comp.nus.edu.sg/~abhik/pdf/PLDI20.pdf) 142 | * [Evading Deepfake-Image Detectors with White- and Black-Box Attacks](https://arxiv.org/pdf/2004.00622.pdf) 143 | * [ret2spec: Speculative Execution Using Return Stack Buffers](https://christian-rossow.de/publications/ret2spec-ccs2018.pdf) 144 | * [Designing New Operating Primitives to Improve Fuzzing Performance](https://acmccs.github.io/papers/p2313-xuA.pdf) 145 | * [USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation](https://nebelwelt.net/publications/files/20SEC3.pdf) 146 | * :point_right:[**FuzzGen: Automatic Fuzzer Generation**](https://github.com/HexHive/FuzzGen) 147 | * :point_right:[**FireEye: malware unpacking based on Bochs emulation**](https://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html) 148 | 149 | *Fuzz on Linux* 150 | * [Use Fault Injection to Turn Data Transfers into Arbitrary Execution](https://raelize.com/upload/using-fault-injection-for-turning-data-transfers-into-arbitrary-execution-poc2019-slides-1.0.pdf) 151 | * [Agamotto: Accelerate Kernel Driver Fuzzing with Lightweight VM Checkpoints](https://github.com/securesystemslab/agamotto) 152 | 153 | *Web related* 154 | * [Fuzzing TLS certificates from their ASN.1 grammar](https://blog.doyensec.com/2020/05/14/asn1fuzz.html) 155 | * [Fuzzing Firefox with WebIDL](https://hacks.mozilla.org/2020/04/fuzzing-with-webidl/) 156 | 157 | * [Speeding up fuzzing rust with shared initialization](https://da-data.blogspot.com/2020/05/speeding-up-fuzzing-rust-with-shared.html) 158 | 159 | *Tools* 160 | * :point_right:[**AFL++**](https://github.com/antonio-morales/AFLplusplus) 161 | * [AFLNet: A Greybox Fuzzer for Network Protocols](https://github.com/aflnet/aflnet) 162 | * [Magma - a Fuzzer evaluator](https://hexhive.epfl.ch/magma/) 163 | * [Nautilus - A Grammar Based Feedback Fuzzer](https://www.kitploit.com/2020/08/nautilus-grammar-based-feedback-fuzzer.html) 164 | * [Driller: augmenting AFL with symbolic execution](https://github.com/shellphish/driller) 165 | * [shellphish-qemu](https://github.com/shellphish/shellphish-qemu) - A pip wrapper around ridiculous amount of qemu forks 166 | * :point_right:[**FLUFFI - A distributed evolutionary binary fuzzer for pentesters**](https://github.com/siemens/fluffi) 167 | - [siemens/drace](https://github.com/siemens/drace) - DynamoRIO based windows binary instrumentor 168 | * :point_right:[**Sienna Locomotive fuzz for Windows**](https://github.com/trailofbits/sienna-locomotive) 169 | * Google Project Zero 170 | - [TinyInst](https://github.com/googleprojectzero/TinyInst) - lightweight dynamic instrumentation library 171 | - [DrSancov](https://github.com/googleprojectzero/DrSancov) - DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables 172 | - [SkCodecFuzzer](https://github.com/googleprojectzero/SkCodecFuzzer) - Android Skia Image Fuzzing Harness 173 | * :point_right:[**Gum - cross-platform instrumentation and introspection library in C**](https://github.com/frida/frida-gum) 174 | * [PeAfl](https://ezqelusia.blogspot.com/2020/06/some-dos-bugs-while-processing.html) - Some DOS bugs while processing Microsoft LNK files 175 | * [**FuzzExMachina**](https://github.com/fgsect/fexm) 176 | - [blackhat 21018 paper](https://i.blackhat.com/us-18/Thu-August-9/us-18-Ulitzsch-Follow-The-White-Rabbit-Simplifying-Fuzz-Testing-Using-FuzzExMachina.pdf) 177 | * [**nautilus: coverage guided, grammar based fuzzer**](https://github.com/nautilus-fuzz/nautilus) 178 | * [IntelLabs/kAFL](https://github.com/IntelLabs/kAFL) - Intel's implementation of AFL based on Intel PT/VT 179 | * [vFuzz](https://github.com/guidovranken/vfuzz) - by Guido Vranken 180 | 181 | * [**QBDI**](https://github.com/QBDI) - dynamic instrumentation based on LLVM 182 | * [RetroWrite](https://www.youtube.com/watch?v=VdT_0jPr00U) - Statically Instrumenting COTS Binaries for Fuzzing and Sanitization 183 | - [github](https://github.com/HexHive/retrowrite/) 184 | * [The fastest Intel-PT decoder for fuzzing](https://github.com/nyx-fuzz/libxdc) 185 | * [kabeor/Micro-Unicorn-Engine-API-Documentation](https://github.com/kabeor/Micro-Unicorn-Engine-API-Documentation) 186 | * [MemLock: Memory Usage Guided Fuzzing](https://github.com/wcventure/MemLock-Fuzz) 187 | * [Fuzzing VIM with AFL++](https://www.inputzero.io/2020/03/fuzzing-vim.html) 188 | * [AFLNet](https://github.com/aflnet/aflnet) - fuzz networking protocols 189 | * [Learn how to combine libprotobuf-mutator with libfuzzer & AFL++](https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning) 190 | * [**simple fuzzers**](https://github.com/debasishm89) 191 | - [author's site](http://www.debasish.in/) 192 | * [Facebook/infer](https://github.com/facebook/infer) - static code analyzer, supports Java, C, C++, Objective-C 193 | * [vanhauser-thc/libfuzzer-coverage](https://github.com/vanhauser-thc/libfuzzer-cov) - nice coverage HTML on libfuzzer runs 194 | 195 | * [catenacyber/webfuzz](https://github.com/catenacyber/webfuzz) - a fuzzer against web applications 196 | 197 | *self-study* 198 | * [Microsoft: A brief introduction to fuzzing](https://www.microsoft.com/en-us/research/blog/a-brief-introduction-to-fuzzing-and-why-its-an-important-tool-for-developers/) 199 | * [Fuzzing with AFL series](https://www.youtube.com/playlist?list=PLHGgqcJIME5koI76OlBdBj7sCid1hbjf-) 200 | * [EkoParty - Advanced Fuzzing Workshop](https://github.com/antonio-morales/EkoParty_Advanced_Fuzzing_Workshop) 201 | 202 | 203 | --- 204 | 205 | 206 | ## Windows URLs 207 | 208 | * :point_right:[**Windows Exploit Development**](https://github.com/FULLSHADE/WindowsExploitationResources) 209 | * [**The Human Machine Interface**](https://h0mbre.github.io/) 210 | - [driver CVEs & exploits](https://h0mbre.github.io/) 211 | * [**NCC group**](https://research.nccgroup.com/) 212 | * [**PenTestPartner**](https://www.pentestpartners.com/security-blog/) - security blogs 213 | * [**RACK911 Labs**](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/) - Exploiting (Almost) Every Antivirus Software 214 | * :point_right:[**F-Secure LABS**](https://labs.f-secure.com/blog/) 215 | - [Bypassing Windows Defender Runtime Scanning](https://labs.f-secure.com/blog/bypassing-windows-defender-runtime-scanning/) 216 | - [What the Fuzz](https://labs.f-secure.com/blog/what-the-fuzz/) 217 | - [Ventures into Hyper-V - Fuzzing hypercalls](https://labs.f-secure.com/blog/ventures-into-hyper-v-part-1-fuzzing-hypercalls/) 218 | - [Debugging Released Xamarin Android Applications](https://labs.f-secure.com/blog/debugging-released-xamarin-android-applications/) 219 | - [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.f-secure.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/) 220 | * [**Detection in Depth - SpecterOps Team**](https://posts.specterops.io/detection-in-depth-a2392b3a7e94) 221 | 222 | * [Exploiting Feedback Hub in Windows 10](http://decoder.cloud/2020/04/28/exploiting-feedback-hub-in-windows-10/) 223 | * [**PS C:\Users\itm4n> _ blogs**](https://itm4n.github.io/) 224 | * [**n4r1b/re$ blogs**](https://www.n4r1b.com/posts/) 225 | * :point_right:[**Sina & Shahriar's Blog**](https://rayanfam.com/topics/category/windows/) 226 | * [**wbenny**](https://github.com/wbenny) - GitHub 227 | 228 | *kernel* 229 | * :point_right:[**awesome-windows-kernel-security-development**](https://github.com/ExpLife0011/awesome-windows-kernel-security-development) 230 | * [How to use Trend Micro's Rootkit Remover to Install a Rootkit](https://d4stiny.github.io/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/) 231 | * [Study of IOMMU (VT-d) and Kernel DMA Protection on Intel Processors](https://standa-note.blogspot.com/2020/05/introductory-study-of-iommu-vt-d-and.html) 232 | * :point_right:[**Low level pleasure blogs**](https://repnz.github.io/posts/) 233 | * [**Windows internals blogs**](https://windows-internals.com/pages/internals-blog/) 234 | * [Basic Windows Kernel Programming](https://github.com/raminfp/basicwindowskernelprogramming) 235 | * [Bugs on the Windshield: Fuzzing the Windows Kernel](https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/) 236 | * [**Kernel debugging in seconds with Vagrant**](https://secret.club/2020/04/10/kernel_debugging_in_seconds.html) 237 | * [**Book Review: Windows Kernel Programming and Creating Drivers**](https://truneski.github.io/post/2020/04/03/book-review-windows-kernel-programming-and-creating-drivers-of-select-exercises/) 238 | * [Methodology for Static Reverse Engineering of Windows Kernel Drivers](https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83) 239 | * [A Defender’s Guide For Rootkit Detection: Episode 1 – Kernel Drivers](https://labs.jumpsec.com/2020/04/20/a-defenders-guide-for-rootkit-detection-episode-1-kernel-drivers/) 240 | * [Removing Kernel Callbacks Using Signed Drivers](https://br-sn.github.io/Removing-Kernel-Callbacks-Using-Signed-Drivers/) 241 | * [SassyKitdi: Kernel Mode TCP Sockets + LSASS Dump](https://zerosum0x0.blogspot.com/2020/08/sassykitdi-kernel-mode-tcp-sockets.html) 242 | * [Writing Windows File System Drivers is Hard](https://www.tiraniddo.dev/2020/05/writing-windows-file-system-drivers-is.html) 243 | * [Windows Projected File System - NTFS symlink mitigation bypass](https://docs.google.com/document/d/13ZGDSa4eLRA-Uyhxi52t6U_zb2XXJcBEsEzNUcj7V2o/edit) 244 | * [**ETW tracing handles in kernel**](https://redplait.blogspot.com/2020/07/etw-tracing-handles-in-kernel.html) 245 | * [kernel-SegmentHeap-Aligned-Chunk-Confusion](https://github.com/synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion) - POC 246 | * [**Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver**](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/) 247 | 248 | * [Driver Store Explorer](https://github.com/lostindark/DriverStoreExplorer) 249 | * [zodiacon/ProcMonXv2](https://github.com/zodiacon/ProcMonXv2) - Process Monitor based on ETW 250 | * [can1357/NtLua](https://github.com/can1357/NtLua) - running Lua Coroutines inside Windows kernel 251 | 252 | *user space* 253 | * :point_right:[**Windows Hot Patching Mechanism Explained**](https://dev.to/pelock/windows-hot-patching-mechanism-explained-2m1f) 254 | * [**Solving Uninitialized Stack Memory on Windows**](https://msrc-blog.microsoft.com/2020/05/13/solving-uninitialized-stack-memory-on-windows/) 255 | * [Netwalker Fileless Ransomware Injected via Reflective Loading](https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/) 256 | * [KMS-activator](https://github.com/CHEF-KOCH/KMS-activator) - on activating Windows 257 | * [Microsoft videos on software security](https://www.youtube.com/channel/UC4s3tv0Qq_OSUBfR735Jc6A) 258 | * [Masquerading Windows processes like a Double Agent](https://sensepost.com/blog/2020/masquerading-windows-processes-like-a-doubleagent./) 259 | * [Defending Windows Domain Against Mimikatz Attacks](http://woshub.com/defending-windows-domain-against-mimikatz-attacks/) 260 | * Understanding and Abusing Process Tokens 261 | - [Part I](https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa) 262 | - [Part II](https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962) 263 | * [Retrieving ntdll Syscall Stubs from Disk at Run-time](https://ired.team/offensive-security/defense-evasion/retrieving-ntdll-syscall-stubs-at-run-time) 264 | * [Demystifying the “SVCHOST.EXE” Process and Its Command Line Options](https://medium.com/@nasbench/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747) 265 | * [journey into object manager executive handles](https://ntamonsec.blogspot.com/2020/06/journey-into-object-manager-executive-handles.html) 266 | 267 | *reverse* 268 | * [**Using Frida For Windows Reverse Engineering**](https://darungrim.com/research/2020-06-17-using-frida-for-windows-reverse-engineering.html) 269 | * [**Bypassing World of Warcraft's Read-Only Code Protection (crc32)**](https://ferib.dev/blog.php?l=post%2FBypassing_World_of_Warcraft_Crc32_Integrity_Checks) 270 | * **Process Injection** 271 | - [Part I](https://sevrosecurity.com/2020/04/08/process-injection-part-1-createremotethread/) - CreateRemoteThread() 272 | - [Part II](https://sevrosecurity.com/2020/04/13/process-injection-part-2-queueuserapc/) - QueueUserAPC() 273 | * [APC Series: User APC Internals](https://repnz.github.io/posts/apc/kernel-user-apc-api/) 274 | * [In-Memory shellcode decoding to evade AVs/EDRs](https://shells.systems/in-memory-shellcode-decoding-to-evade-avs/) 275 | * [**Zero2Automated Advanced Malware RE Course**](https://medium.com/@ReversingMagic/zero2automated-advanced-malware-re-course-custom-sample-analysis-40e14ddca78d) — Custom Sample Analysis 276 | * Qiling For Malware Analysis 277 | - [Part 1](https://n1ght-w0lf.github.io/tutorials/qiling-for-malware-analysis-part-1/) 278 | - [Part 2](https://n1ght-w0lf.github.io/tutorials/qiling-for-malware-analysis-part-2/) 279 | * [Crimson RAT Malware Analysis](https://malwr-analysis.com/2020/07/24/crimson-rat-malware-analysis/) 280 | * [Forensic Investigation: Windows Registry Analysis](https://www.hackingarticles.in/forensic-investigation-windows-registry-analysis/) 281 | * [**VMPDump**](https://github.com/0xnobody/vmpdump) - dynamically unpacking VMP shell 282 | * [CVE-2020-1015 Analysis](https://0xeb-bp.github.io/blog/2020/05/12/cve-2020-1015-analysis.html) 283 | * [**privilege escalations**](https://medium.com/bugbountywriteup/privilege-escalation-in-windows-380bee3a2842?source=rss----7b722bfd1b8d---4) 284 | * [Turning the Pages: Introduction to Memory Paging on Windows 10 x64](https://connormcgarr.github.io/paging/) 285 | * An old enemy – Diving into QBot 286 | - [part 1](https://malwareandstuff.com/an-old-enemy-diving-into-qbot-part-1/) 287 | - [part 2](https://malwareandstuff.com/an-old-enemy-diving-into-qbot-part-2/) 288 | - [part 3](https://malwareandstuff.com/an-old-enemy-diving-into-qbot-part-3/) 289 | * [Universally Evading Sysmon and ETW](https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/) 290 | * [Windows 10 x64 ESTROBJ STROBJ](https://versprite.com/blog/security-research/reverse-engineering-undocumented-structures/) - undocumented structures 291 | * [Process Hollowing detection](https://posts.specterops.io/engineering-process-injection-detections-part-1-research-951e96ad3c85) 292 | * [MSRC - Memory Tagging](https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20memory%20tagging.pdf) 293 | * [Using Syscalls to Inject Shellcode on Windows](https://www.solomonsklash.io/syscalls-for-shellcode-injection.html) 294 | * [Anti-Debugging Technique based on Memory Protection](https://blog.rootshell.be/2020/06/04/sans-isc-anti-debugging-technique-based-on-memory-protection/) 295 | * [Antivirus Evasion with Python](https://www.youtube.com/watch?v=zRkrx3ikc0g&feature=youtu.be) 296 | * [Hardware breakpoints and exceptions on Windows](https://ling.re/hardware-breakpoints/) 297 | * [How Do Attackers Use LOLBins In Fileless Attacks](https://www.sentinelone.com/blog/how-do-attackers-use-lolbins-in-fileless-attacks/) 298 | * [**Using Frida For Windows Reverse Engineering**](https://darungrim.com/research/2020-06-17-using-frida-for-windows-reverse-engineering.html) 299 | * [**Advanced Windows Malware Analysis - Acquiring Memory Artifacts**](https://darungrim.com/research/2020-07-10-windows-malware-analysis-process-artifacts.html) 300 | * [WoW64 internals](https://wbenny.github.io/2018/11/04/wow64-internals.html) 301 | * [WOW64 Subsystem Internals and Hooking Techniques](https://www.fireeye.com/blog/threat-research/2020/11/wow64-subsystem-internals-and-hooking-techniques.html) 302 | * [**Q4n**](https://github.com/Q4n) - GitHub 303 | * [Abusing COM & DCOM objects](https://packetstormsecurity.com/files/158974) 304 | 305 | *Active Directory* 306 | * [Group Policies Going Rogue](https://www.cyberark.com/resources/threat-research-blog/group-policies-going-rogue) 307 | * [Fundamentals of Active Directory Trust Relationships](https://qomplx.com/qomplx-knowledge-fundamentals-of-active-directory-trust-relationships/?utm_content=132798045&utm_medium=social&utm_source=twitter&hss_channel=tw-936614477339926531) 308 | * [Blackhat2020 - Detecting Access Token Manipulation](https://i.blackhat.com/USA-20/Thursday/us-20-Burgess-Detecting-Access-Token-Manipulation.pdf) 309 | * [ADCollector](https://www.kitploit.com/2020/05/adcollector-lightweight-tool-to-quickly.html) - Lightweight Tool To Extract Info From The Active Directory 310 | * [Windows NT File System Internals: A Developer's Guide](https://balbinochandra.firebaseapp.com/windows-nt-file-system-internals-a-developer-s-guide-1565922492.pdf) 311 | 312 | *.NET* 313 | * [Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge](https://jhalon.github.io/utilizing-syscalls-in-csharp-1/) 314 | * [Detecting and Advancing In-Memory .NET Tradecraft](https://www.mdsec.co.uk/2020/06/detecting-and-advancing-in-memory-net-tradecraft/) 315 | * [Hiding your .NET - COMPlus_ETWEnabled](https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) 316 | * [Evil-Winrm : Winrm Pentesting Framework](https://www.hackingarticles.in/evil-winrm-winrm-pentesting-framework/) 317 | * [**Emulating Covert Operations: Dynamic Invocation (Avoid PInvoke & API Hooks**](https://thewover.github.io/Dynamic-Invoke/) 318 | * [.NET Memory Performance Analysis](https://github.com/Maoni0/mem-doc/blob/master/doc/.NETMemoryPerformanceAnalysis.md) 319 | 320 | * [Advanced Debugging .NET](https://havitknowledgebase.files.wordpress.com/2016/02/2016-02-showit-sk-advanced-debugging-net.pdf) 321 | 322 | * :point_right:[**dnpatch**](https://github.com/ioncodes/dnpatch) 323 | * [guibacellar/DNCI: DNCI](https://github.com/guibacellar/DNCI) - .Net Code Injector 324 | * [Windows C# RPC Clients](https://github.com/tyranid/WindowsRpcClients) 325 | * [Athena - security investigation and info collection](https://labs.f-secure.com/tools/athena/) 326 | * [SharpSploit - .NET post-exploitation library](https://github.com/cobbr/SharpSploit) 327 | - [SharpSploit: Bypassing API Hooks via DInvoke and Manual Mapping](https://vimeo.com/406589341) 328 | * [**cobbr/Covenant**](https://github.com/cobbr/Covenant) - a collaborative .NET C2 framework for red teamers 329 | 330 | *debugging* 331 | * :point_right:[**X64Dbg**](https://www.kitploit.com/2020/07/x64dbg-open-source-x64x32-debugger-for.html) 332 | * [**HyperDbg**](https://github.com/HyperDbg/HyperDbg) - supports both kernel and user spaces 333 | * :point_right:[**ioncodes**](https://github.com/ioncodes) 334 | - [dbgmon - parse all messages sent to DbgPrint without process interaction](https://github.com/ioncodes/dbgmon) 335 | - [WinAPI C++ wrapper](https://github.com/ioncodes/wrapper) 336 | - [shark - Turn off PatchGuard in realtime on win7 (7600) ~ win10 (18950)](https://github.com/ioncodes/Shark) 337 | - [Header-only library that assists you with exploiting the Windows kernel](https://github.com/ioncodes/kernel) 338 | - []() 339 | * [WinDbg: setting up a cross-VM debugging, tips](https://syscall.eu/blog/2020/03/29/windbg-vm/) 340 | * [Windows APIs list in Json](https://github.com/ohjeongwook/windows_sdk_data) - helps on fuzzing or windbg plugin development 341 | * [Windbg Tricks](https://narly.me/posts/windbg-tricks/) 342 | * [Windbg Tricks - Module Relocation](https://narly.me/posts/windbg-tricks-module-relocation/) 343 | 344 | * [WinDbgTool - Windbg Utility Tools based upon PyKD](https://github.com/ohjeongwook/windbgtool) 345 | * [Intel PT log analyzer With Parallel Processing And Block Caching Support](https://github.com/ohjeongwook/iptanalyzer) 346 | * [REPack - Reverse engineering toolkit for exploit/malware analysis](https://github.com/ohjeongwook/REPack) 347 | * [PE File Manipulation Utility](https://github.com/ohjeongwook/petool) 348 | * [ohjeongwook / WindowsIntelPT](https://github.com/ohjeongwook/WindowsIntelPT) - Windows Intel PT Support 349 | * [wintracer](https://github.com/ohjeongwook/wintracer) - Windows Behavior Tracing Tool Based Upon Frida 350 | * [SharpPdb](https://github.com/southpolenator/SharpPdb) - on PDB debug symbols 351 | * [eronnen/procmon-parser](https://github.com/eronnen/procmon-parser) - python library to parse Procmon's internal format of logs 352 | 353 | *Tools* 354 | * :point_right:[**DarunGrim - open source tools**](https://darungrim.com/opensource/) 355 | * [Malwrologist - office/VBA reversing](https://github.com/DissectMalware?tab=repositories) 356 | * [**m417z**](https://m417z.com/about/) 357 | * [**dazzleUP**](https://github.com/hlldz/dazzleUP) - detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates 358 | * [**Sophos Sandboxie is now available as an open-source tool**](https://securityaffairs.co/wordpress/101397/malware/sandboxie-sandbox-open-source.html) 359 | * [PyWinSandbox](https://github.com/karkason/pywinsandbox) - python-based Windows Sandbox Utillities 360 | * [**yusufqk/SystemToken**](https://github.com/yusufqk/SystemToken) - Steal privileged token to obtain SYSTEM shell 361 | * [Windows OS Hardening with PowerShell DSC](https://github.com/NVISO-BE/posh-dsc-windows-hardening) 362 | * [**Ps-Tools**](https://outflank.nl/blog/2020/03/11/red-team-tactics-advanced-process-monitoring-techniques-in-offensive-operations/) - process monitoring 363 | - [GitHub](https://github.com/outflanknl/Ps-Tools) 364 | * [ThreadSpy](https://github.com/Kelvinhack/ThreadSpy) - Thread Hijacker 365 | * [Windows Memory Introspection with IceBox](https://thalium.github.io/blog/posts/windows-full-memory-introspection-with-icebox/) 366 | * [Physmem2profit](https://github.com/FSecureLABS/physmem2profit) - create a minidump of a target hosts' LSASS process by analysing physical memory remotely 367 | * [**Verifying Windows binaries, without Windows**](https://blog.trailofbits.com/2020/05/27/verifying-windows-binaries-without-windows/) 368 | * [FireEye Capa](https://github.com/fireeye/capa) - identify capabilities in PE executable files 369 | 370 | *self study* 371 | * [Windows for Reverse Engineers OS Internals](https://mycourses.aalto.fi/pluginfile.php/428583/mod_resource/content/2/Windows_for_reverse_engineers_OS_Internals_2017.pdf) 372 | * [Windows Internals Training & Consulting - blogs](https://windows-internals.com/pages/internals-blog/) 373 | - [DKOM – Now with Symbolic Links!](https://windows-internals.com/dkom-now-with-symbolic-links/) 374 | - [Symbolic Hooks Part 2 : Getting the Target Name](https://windows-internals.com/symhooks-part-two/) 375 | - [Symbolic Hooks Part 3: The Remainder Theorem](https://windows-internals.com/symhooks-part-three/) 376 | - [Symbolic Hooks Part 4: The App Container Traverse-ty](https://windows-internals.com/symhooks-part-four/) 377 | 378 | * [Introduction to Windbg Series](https://www.youtube.com/watch?list=PLhx7-txsG6t6n_E2LgDGqgvJtCHPL7UFu&v=8zBpqc3HkSE) 379 | 380 | --- 381 | 382 | 383 | ## Linux URLs 384 | 385 | * [**Nick Frichette**](https://frichetten.com/blog/) 386 | * [**Fakhri Zulkifli**](https://fakhrizulkifli.github.io/) - A fan of software bugs and vulnerabilities 387 | * :point_right:[**10 Years of Linux Security**](https://grsecurity.net/10_years_of_linux_security.pdf) 388 | * :point_right:[**Collabora - news and blogs**](https://www.collabora.com/news-and-blog/) 389 | - [Using syzkaller, part 4: Driver fuzzing](https://www.collabora.com/news-and-blog/blog/2020/06/26/using-syzkaller-part-4-driver-fuzzing/) 390 | * [Mastering Embedded Linux](https://www.thirtythreeforty.net/series/mastering-embedded-linux/) 391 | * [Debugging with AddressSanitizer and UndefinedBehaviorSanitizer (UBSAN)](https://www.youtube.com/watch?v=cbk4T_ybpuI&feature=youtu.be) 392 | * [Hijacking Library Functions and Injecting Code Using the Dynamic Linker](https://sumit-ghosh.com/articles/hijacking-library-functions-code-injection-ld-preload/) 393 | * [Writing a kernel driver](https://metabytezero.blogspot.com/2019/06/writing-kernel-driver.html) 394 | * [**Quarkslab - Playing Around With Google's Fuchsia Operating System**](http://blog.quarkslab.com/playing-around-with-the-fuchsia-operating-system.html) 395 | * [**Linux Privilege Escalation - HackTricks**](https://book.hacktricks.xyz/linux-unix/privilege-escalation) 396 | * [Effectiveness of Linux Rootkit Detection Tools](https://www.openwall.com/lists/lkrg-users/2020/06/14/5) 397 | * [GDB on the Linux Kernel: Debugging the Kernel part3](https://www.youtube.com/watch?v=unizGCcZg3Y&feature=youtu.be) 398 | * [Linux Kernel Runtime Guard (LKRG) in a nutshell](https://www.openwall.com/presentations/OSTconf2020-LKRG-In-A-Nutshell/) 399 | * [Linux System Call Table](https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md) 400 | * [NeatMonster/slabdbg](https://github.com/NeatMonster/slabdbg) - GDB plug-in to exploit the kernel's SLUB allocator 401 | * [**Linux rootkits series**](https://xcellerator.github.io/categories/linux/) 402 | 403 | * [ELF file structure](https://metabytezero.blogspot.com/2019/10/elf-file-structure.html) 404 | * [Python for Reverse Engineering #1: ELF Binaries](https://medium.com/sector443/python-for-reverse-engineering-1-elf-binaries-e31e92c33732) 405 | 406 | * [MindShaRE: How to “Just Emulate It With QEMU”](https://www.zerodayinitiative.com/blog/2020/5/27/mindshare-how-to-just-emulate-it-with-qemu) 407 | 408 | * [Detecting Linux memfd_create() Fileless Malware with Command Line Forensics](https://www.sandflysecurity.com/blog/detecting-linux-memfd_create-fileless-malware-with-command-line-forensics/) 409 | 410 | *Tools* 411 | * [**microsoft/ProcMon-for-Linux**](https://github.com/microsoft/ProcMon-for-Linux) - can you believe that? :-) 412 | * [**0x36/BinTrace**](https://github.com/0x36/BinTrace) - process dump tool 413 | * [siemens/isar](https://github.com/siemens/isar) - Integration System for Automated Root filesystem generation 414 | * [efibootguard](https://github.com/siemens/efibootguard) - Simple UEFI boot loader 415 | * [siemens/meta-efibootguard](https://github.com/siemens/meta-efibootguard) - integrate efibootguard with a yocto project 416 | * [shibli2700 / Rekon](https://github.com/shibli2700/Rekon) - shell scripts for automating the tasks during recon 417 | * :point_right:[**XELFViewer**](https://github.com/horsicq/XELFViewer) - ELF editor, supports all major platforms 418 | 419 | --- 420 | 421 | 422 | ## iOS URLs 423 | 424 | --- 425 | 426 | 427 | ## Java URLs 428 | 429 | * [JVM Reverse Engineering](https://tryhackme.com/room/jvmreverseengineering) 430 | * [Pyrogenic Infostealer static analysis – Part 0x1](https://www.securityinbits.com/malware-analysis/pyrogenic-infostealer-static-analysis-part-0x1/) 431 | * [Unpacking Pyrogenic/Qealler using Java agent -Part 0x2](https://www.securityinbits.com/malware-analysis/unpacking/unpacking-pyrogenic-qealler-using-java-agent-part-0x2/) 432 | * [How to write a (toy) JVM](https://zserge.com/posts/jvm/) 433 | * [Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities](https://github.com/BishopFox/rmiscout) 434 | 435 | *Tools* 436 | * [didi/JuShaTa](https://github.com/didi/JuShaTa) - a container that allows hot patching 437 | * [jd-cli](https://github.com/kwart/jd-cli) - Command line Java Decompiler 438 | 439 | --- 440 | 441 | 442 | ## C & C++ URLs 443 | * [Generating source-level Control Flow Graph using Clang 4.0](http://s4.ce.sharif.edu/blog/2019/12/31/clang/) 444 | * [Build your first LLVM Obfuscator](https://medium.com/@polarply/build-your-first-llvm-obfuscator-80d16583392b) 445 | * [OptOut - Compiler Undefined Behavior Optimizations](https://research.checkpoint.com/2020/optout-compiler-undefined-behavior-optimizations/) - from Check Point Research 446 | 447 | *Tools* 448 | * [BeetleChunks / insecure-coding-examples](https://github.com/BeetleChunks/insecure-coding-examples) 449 | * [danmar/cppcheck - static C/C++ checks](https://github.com/danmar/cppcheck) 450 | * [From a C project through assembly to shell code](https://vxug.fakedoma.in/papers/VXUG/Exclusive/FromaCprojectthroughassemblytoshellcodeHasherezade.pdf) 451 | * [Google C++ Language Interface Foundation (CLIF)](https://github.com/google/clif) - Binding generator to wrap C++ for Python using LLVM 452 | 453 | --- 454 | 455 | 456 | ## Python URLs 457 | * :point_right:[**Decompyle++**](https://github.com/zrax/pycdc) - python byte code decompiler 458 | * [Nick Frichette - sample repos](https://github.com/Frichetten?tab=repositories) 459 | * [qwen001 - recon script](https://github.com/gwen001/myrecon.py) 460 | 461 | --- 462 | 463 | 464 | ## Rust URLs 465 | * [New inline assembly syntax available in nightly](https://blog.rust-lang.org/inside-rust/2020/06/08/new-inline-asm.html) 466 | * [Programming Rules to Develop Secure Applications With Rust](https://www.ssi.gouv.fr/en/guide/programming-rules-to-develop-secure-applications-with-rust/) 467 | 468 | * [Rust UEFI Runtime Driver](https://github.com/x1tan/rust-uefi-runtime-driver) 469 | * [**intermezzOS/kernel - A hobby operating system, in Rust**](https://github.com/intermezzOS/kernel) 470 | 471 | --- 472 | 473 | 474 | ## GoLang URLs 475 | * [Red Team: How to embed Golang tools in C#](https://medium.com/@shantanukhande/red-team-how-to-embed-golang-tools-in-c-e269bf33876a) 476 | * [Coverage Guided Fuzzing in Go](https://alexplaskett.github.io/coverage-guided-fuzzing-golang/) 477 | * [Malware Development Pt. 1: Dynamic Module Loading in Go](https://posts.specterops.io/malware-development-pt-1-dynamic-module-loading-in-go-1121f07f3a5a) 478 | 479 | --- 480 | 481 | 482 | ## Assembly URLs 483 | * [**LordNoteworthy/cpu-internals**](https://github.com/LordNoteworthy/cpu-internals) 484 | * [The Holy Book of X86](https://github.com/Captainarash/The_Holy_Book_of_X86) 485 | * [Null Terminated Programming 101 - x64](https://0x00sec.org/t/null-terminated-programming-101-x64/20398) 486 | * [x86-64 Assembly Language Programming with Ubuntu](https://open.umn.edu/opentextbooks/textbooks/733) - Open Textbook Library 487 | * [Intel x86_64 assembly language and pwntools dash docset](https://github.com/0xKira/pwn-dash-docset) 488 | * [Writing a disassembler](https://metabytezero.blogspot.com/2019/08/writing-disassembler.html) 489 | * [Modern x64 Assembly](https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA) 490 | * [How x86_64 addresses memory via a single MOV](https://blog.yossarian.net/2020/06/13/How-x86_64-addresses-memory) 491 | * [Interesting Behaviors in x86 Instructions](https://narly.me/posts/interesting-behaviors-in-x86/) 492 | * [acru3l's blog](https://acru3l.github.io/) 493 | * [Latches inside: Reverse-engineering the Intel 8086's instruction register](http://www.righto.com/2020/08/latches-inside-reverse-engineering.html) 494 | * :point_right:[**Reversing**](https://artik.blue/reversing) 495 | - Reversing 32bit and 64bit binaries using Radare2-7 496 | - [1 intro](https://artik.blue/reversing-radare2-1) 497 | - [2 conditionals](https://artik.blue/reversing-radare2-2) 498 | - [3 funcs, cases and loops](https://artik.blue/reversing-radare-3) 499 | - [4 arrays and strings](https://artik.blue/reversing-radare-4) 500 | - [5 var types and casting](https://artik.blue/reversing-radare-5) 501 | - [6 2d arrays and structs](https://artik.blue/reversing-radare-6) 502 | - [7 struct arrays, r2pm and patching](https://artik.blue/reversing-radare-7) 503 | * [Tutorial of ARM Stack Overflow Exploit – Defeating ASLR with ret2plt](http://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/i8cpJZFoPNk/tutorial-of-arm-stack-overflow-exploit-defeating-aslr-with-ret2plt) 504 | 505 | * [**Miasm - reverse engineering framework**](https://github.com/cea-sec/miasm) 506 | * [RetDec](https://github.com/avast/retdec) - AVAST open-source machine-code decompiler based on LLVM 507 | * [bddisasm](https://github.com/bitdefender/bddisasm) - lightweight x86/x64 disassembler from BitDefender 508 | * [CryptoShark](https://github.com/frida/cryptoshark) - Frida's code tracer based on Dynamic Recompilation 509 | 510 | --- 511 | 512 | 513 | ## Virtualization URLs 514 | * :point_right:[**Wenzel/awesome-virtualization**](https://github.com/Wenzel/awesome-virtualization) 515 | * [**Nody´s blog**](https://blog.nody.cc/) 516 | - [Container Breakouts – Part 1: Access to root directory of the Host](https://blog.nody.cc/posts/container-breakouts-part1/) 517 | 518 | * [QEMU internals](https://lugatgt.org/content/qemu_internals/downloads/slides.pdf) 519 | * [Emulating Hypervisors: a Samsung RKP case study](https://census-labs.com/news/2020/07/22/emulating-hypervisors-a-samsung-rkp-case-study-offensivecon-2020/) - OffensiveCon 2020 520 | * Hypervisor From Scratch 521 | - [Part 1: Basic Concepts & Configure Environment](https://rayanfam.com/topics/hypervisor-from-scratch-part-1/) 522 | - [Part 2: Entering VMX Operation](https://rayanfam.com/topics/hypervisor-from-scratch-part-2/) 523 | - [Part 3: Setting up Our First Virtual Machine](https://rayanfam.com/topics/hypervisor-from-scratch-part-3/) 524 | - [Part 4: Address Translation Using EPT](https://rayanfam.com/topics/hypervisor-from-scratch-part-4/) 525 | - [Part 5: Setting up VMCS & Running Guest Code](https://rayanfam.com/topics/hypervisor-from-scratch-part-5/) 526 | - [Part 6: Virtualizing An Already Running System](https://rayanfam.com/topics/hypervisor-from-scratch-part-6/) 527 | - [Part 7: EPT & Page-Level Monitoring Features](https://rayanfam.com/topics/hypervisor-from-scratch-part-7/) 528 | - [Part 8: How To Do Magic With Hypervisor!](https://rayanfam.com/topics/hypervisor-from-scratch-part-8/) 529 | * [Compromising virtualization without attacking the hypervisor](https://theori.io/research/compromising-dom0-in-xen/) 530 | * [MindShaRE: How to “Just Emulate It With QEMU”](https://www.thezdi.com/blog/2020/5/27/mindshare-how-to-just-emulate-it-with-qemu) 531 | * [Introduction To Virtualization](https://yuvaly0.github.io/2020/06/19/introduction-to-virtualization.html) 532 | 533 | * [Microsoft Hyper-V Type Confusion leading to Arbitrary Memory Dereference](https://labs.bluefrostsecurity.de/advisories/bfs-sa-2020-003/) 534 | * :point_right: **Alex Ionescu - Writing a Hyper-V “Bridge” for Fuzzing** 535 | - [Part 1: WDF](https://alex-ionescu.com/?p=377) 536 | - [Part 2 : Hypercalls & MDLs](https://alex-ionescu.com/?p=471) 537 | * [Hyper-V #0x0 - Research setup](https://foxhex0ne.blogspot.com/2020/05/hyper-v-0x0-research-setup.html) 538 | * [Hyper-V #0x1 - Hypercalls part 1](https://foxhex0ne.blogspot.com/2020/05/hyper-v-0x1-hypercalls-part-1.html) 539 | * Patchguard: Detection of Hypervisor Based Instrospection 540 | - [P1](https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/) 541 | - [P2](https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p2/) 542 | * [Hyper-V memory internals. EXO partition memory access](https://hvinternals.blogspot.com/2020/06/hyper-v-memory-internals-exo-partition.html) 543 | * [How to Manage Hyper-V VM Checkpoints with PowerShell](https://www.thomasmaurer.ch/2020/07/how-to-manage-hyper-v-vm-checkpoints-with-powershell/) 544 | * [vxunderground - Weaponizing Windows Virtualization](https://vxug.fakedoma.in/papers/VXUG/Exclusive/WeaponizingWindowsVirtualization.pdf) 545 | 546 | *Tools* 547 | * [intel/kernel-fuzzer-for-xen-project](https://github.com/intel/kernel-fuzzer-for-xen-project) - VMI Kernel Fuzzer for Xen Project: VM forking, VMI & AFL integration demo 548 | * [Automated Malware Analysis](https://buff.ly/38XM55X) - Analyzing Azorult's Anti-Analysis Tricks with Joe Sandbox Hypervisor 549 | * [**hvpp: lightweight Intel x64/VT-x hypervisor in C++ on virtualization of already running OS**](https://github.com/wbenny/hvpp) 550 | * [virt-manager](https://github.com/virt-manager/virt-manager) - GUI tool to manage virtual machines via libvirt 551 | * [**Bitdefender Napoca Hypervisor**](https://github.com/napocahv/napoca) 552 | * [fofapro/vulfocus](https://github.com/fofapro/vulfocus) 553 | * [**HiddenVM — Use any desktop OS without leaving a trace**](https://github.com/aforensics/HiddenVM) 554 | * [Hyper-V repos](https://github.com/gerhart01) 555 | * [qemu-vm-escape](https://github.com/0xKira/qemu-vm-escape) 556 | * [**Aleph Research**](https://github.com/alephsecurity) 557 | - xnu-qemu-arm64, xnu-qemu-arm64-tools, abootool 558 | * [hvmi - Hypervisor Memory Introspection](https://github.com/hvmi/hvmi) 559 | * [rustyvisor](https://github.com/iankronquist/rustyvisor) - A hypervisor written in Rust 560 | 561 | --- 562 | 563 | 564 | ## Web URLs 565 | * [**Unicode Security Guide**](http://websec.github.io/unicode-security-guide) 566 | * [Fuzzing sockets, part 1: FTP servers - GitHub Security Lab](https://securitylab.github.com/research/fuzzing-sockets-FTP) 567 | * [List of Top Ten Web Hacking Techniques](https://github.com/irsdl/top10webseclist) 568 | 569 | * [Bypassing Content Security Policy (CSP)](https://blog.deteact.com/csp-bypass/) 570 | * [**Content-Security-Policy (CSP) Bypass Techniques**](https://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d) 571 | * [How To Bypass CSP By Hiding JavaScript In A PNG Image](https://www.secjuice.com/hiding-javascript-in-png-csp-bypass/) 572 | * [AST Injection, Prototype Pollution to RCE](https://blog.p6.is/AST-Injection/) 573 | * [JSON Web Token Validation Bypass in Auth0 Authentication API](https://insomniasec.com/blog/auth0-jwt-validation-bypass) 574 | * [A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)](https://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2) 575 | * [**Building a Cyber Security Lab**](https://medium.com/@robertscocca/building-a-cyber-security-lab-4874bddd056b) 576 | * [Patrik Fehrenbach's blogs](https://blog.it-securityguard.com/) 577 | 578 | *Tools* 579 | * [WARF - WebAssembly Runtimes Fuzzing project](https://github.com/pventuzelo/wasm_runtimes_fuzzing) 580 | * [random-robbie/ssrf-finder](https://github.com/random-robbie/ssrf-finder) - find SSRF bugs 581 | * [uknowsec/SharpSQLDump](https://github.com/uknowsec/SharpSQLDump) - get DB info in pentests 582 | * [crowdsecurity/crowdsec](https://github.com/crowdsecurity/crowdsec/) - dockerized agent on abnormal behavior detection 583 | * [guardicore/monkey](https://github.com/guardicore/monkey) - An automated pentest tool 584 | * [**netzob - Protocol Reverse Engineering, Modeling and Fuzzing**](https://github.com/netzob/netzob) 585 | * [ParamSpider](https://github.com/devanshbatham/ParamSpider) - Mining parameters from dark corners of Web Archives 586 | * [**31-days-of-API-Security-Tips**](https://github.com/smodnix/31-days-of-API-Security-Tips) 587 | * [OWASP/Amass: In-depth DNS Enumeration and Network Mapping](https://github.com/OWASP/Amass) 588 | * [Awesome SSL/TLS Hacks](https://github.com/lenny233/awesome-tls-hacks) 589 | * [**Manisso/fsociety**](https://github.com/Manisso/fsociety) - lots of pentest tools 590 | * [**dloss/python-pentest-tools**](https://github.com/dloss/python-pentest-tools) 591 | * [dref - DNS Rebinding Exploitation Framework in javascript](https://labs.f-secure.com/tools/dref/) 592 | * [epi052/feroxbuster](https://github.com/epi052/feroxbuster) - A fast/simple recursive content discovery tool in Rust 593 | * [**s0md3v / ReconDog**](https://github.com/s0md3v/ReconDog) - Reconnaissance Swiss Army Knife 594 | * [s0md3v / Bolt CSRF Scanner](https://github.com/s0md3v/Bolt) 595 | * [**nccgroup/ScoutSuite: multi-cloud security-auditing tool**](https://github.com/nccgroup/ScoutSuite) 596 | * [zhutougg/Awesome-Intranet_pentest_tool](https://github.com/zhutougg/Awesome-Intranet_pentest_tool) 597 | * [**sysdream/ligolo**](https://github.com/sysdream/ligolo) - Reverse Tunneling made easy for pentesters 598 | 599 | * [Windbg Tricks - Javascript Windbg Instrumentation](https://narly.me/posts/windbg-tricks-javascript-windbg/) 600 | 601 | * [**brandonskerritt/RustScan**](https://github.com/brandonskerritt/RustScan) - Scans all 65k ports in 8 seconds 602 | * [Mistica: Swiss Army Knife For Arbitrary Application Communication Protocols](https://www.kitploit.com/2020/08/mistica-open-source-swiss-army-knife.html) 603 | * [**yogeshojha/rengine**](https://github.com/yogeshojha/rengine) - A simple recon engine for penetration testing 604 | * [**Cloud Security Tools**](https://cloudberry.engineering/tool/) 605 | * [NetblockTool](https://blog.netspi.com/netblocktool/) - The Easy Way to Find IP Addresses Owned by a Company 606 | 607 | --- 608 | 609 | 610 | ## Android URLs 611 | * [**Gityuan - blogs**](http://gityuan.com/tags/) 612 | * [Why are Frida and QBDI a Great Blend on Android](https://blog.quarkslab.com/why-are-frida-and-qbdi-a-great-blend-on-android.html) - dynamically analyze native functions 613 | * [How to hook Android Native methods with Frida](https://erev0s.com/blog/how-hook-android-native-methods-frida-noob-friendly/) 614 | * [Based on Frida,Bypassing Xamarin Certificate Pinning on Android](https://www.gosecure.net/blog/2020/04/06/bypassing-xamarin-certificate-pinning-on-android/) 615 | * [An Android Package is no Longer a ZIP](https://www.fortinet.com/blog/threat-research/an-android-package-is-no-longer-a-zip) 616 | * Reversing DexGuard 617 | - [Part 1 – Code Obfuscation & RASP](https://www.pnfsoftware.com/blog/reversing-dexguard/) 618 | - [Part 2 – Assets and Code Encryption](https://www.pnfsoftware.com/blog/reversing-dexguard-encryption/) 619 | - [Part 3 – Code Virtualization](https://www.pnfsoftware.com/blog/reversing-dexguard-virtualization/) 620 | * [Android Internals](https://ocw.cs.pub.ro/courses/_media/osp/lectures/lecture-internals.pdf) 621 | * [Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/app_fundamentals.html) 622 | 623 | *Tools* 624 | * [ainD - Android (Anbox) in Docker](https://github.com/aind-containers/aind) 625 | * [**android security**](https://github.com/alphaSeclab/android-security/) 626 | * [**GetDroid**](https://github.com/thelinuxchoice/getdroid) - malicious Android apk generator 627 | * [Runtime Mobile Security (RMS)](https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security) - based on Frida 628 | * [android injection tool](https://github.com/oleavr/android-inject-custom) - based on Frida 629 | * [Drozer - Comprehensive security and attack framework for Android](https://labs.f-secure.com/tools/drozer/) 630 | * :point_right:[**APKiD**](https://github.com/rednaga/APKiD) 631 | * [**Quark Engine - An Obfuscation-Neglect Android Malware Scoring System**](https://github.com/quark-engine/quark-engine) 632 | * [Android analysis VM](https://github.com/1d8/Android-Analysis) 633 | * [**didi/VirtualAPK**](https://github.com/didi/VirtualAPK) - powerful and lightweight plugin framework 634 | * [**didi/DroidAssist**](https://github.com/didi/DroidAssist) - gradle plugin based on Javassist to edit bytecode 635 | * [DexGraph](https://github.com/ChiminhTT/DexGraph) - Modified DexDump to build control flow graph from classes.dex 636 | * [darvincisec/VirtualDynamicAnalysis](https://github.com/darvincisec/VirtualDynamicAnalysis) 637 | * [Popular Android Malware in 2018](https://github.com/sk3ptre/AndroidMalware_2018) 638 | * [**quark-engine - Android APK**](https://github.com/quark-engine/quark-engine) 639 | - [apk-malware-samples](https://github.com/quark-engine/apk-malware-samples) 640 | * [mstfknn/android-malware-sample-library](https://github.com/mstfknn/android-malware-sample-library) - Android Malware Samples 641 | * [dwisiswant0/apkleaks](https://github.com/dwisiswant0/apkleaks) - Scan APK file for URIs, endpoints & secrets 642 | * :point_right:[**download sample APKs**](https://www.apkmirror.com/) 643 | 644 | *Self study* 645 | * [Android App Hacking](https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/) 646 | * [Reverse engineering an Android Application](https://epic.blog/reverse-engineering/2020/07/27/reverse-engineering-android-app.html) 647 | 648 | --- 649 | 650 | 651 | ## Tools URLs 652 | * :point_right:[**F-SEcure tools**](https://labs.f-secure.com/tools/) 653 | * :point_right:[**Diaphora - best diffing tool and IDA plugin**](https://github.com/joxeankoret/diaphora) 654 | * :point_right:[**SecWiki**](https://github.com/SecWiki) 655 | * :point_right:[**qilingframework/qiling**](https://github.com/qilingframework/qiling) - advanced binary emulation framework 656 | * [**InfoSecMatter**](https://www.infosecmatter.com/tools/) 657 | 658 | *IDA Pro related* 659 | * [gaasedelen/lighthouse](https://github.com/gaasedelen/lighthouse) - A Code Coverage Explorer for Reverse Engineers 660 | - [author's blogs](https://blog.ret2.io/) 661 | * [0xgalz/Virtuailor](https://github.com/0xgalz/Virtuailor) - IDAPython tool for creating automatic C++ virtual tables in IDA Pro 662 | * [GReAT thoughts: Awesome IDA Pro plugins](https://securelist.com/great-ida-pro-plugins/97898/) 663 | * [IDA Pro Tips to Add to Your Bag of Tricks](https://swarm.ptsecurity.com/ida-pro-tips/) 664 | * [Dennis Elser - IDA Pro plugins and scripts](https://github.com/patois) 665 | * [SiBears - IDA tools/plugins](https://github.com/sibears) 666 | * [IDA Pro Plugin For Windows Driver Reversing](https://labs.f-secure.com/tools/win-driver-tool/) 667 | * [IDA Pro Tips to Add to Your Bag of Tricks](https://swarm.ptsecurity.com/ida-pro-tips/) 668 | 669 | *Ghidra related* 670 | * [Decompiling Stack Strings in Ghidra](https://saml98.github.io/jekyll/update/2020/05/03/ghidra-stack-strings.html) 671 | * [Use angr in Ghidra](https://github.com/Nalen98/AngryGhidra) 672 | * [binjo/ghidra_scripts](https://github.com/binjo/ghidra_scripts) 673 | 674 | 675 | --- 676 | 677 | ## Self Study URLs 678 | 679 | * [Building reversing skills, crackme level 6 [write-up]](https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=38) 680 | * [So you want to be a web security researcher?](https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher) 681 | * [Introduction to Reverse Engineering with Ghidra](https://hackaday.io/project/172292-introduction-to-reverse-engineering-with-ghidra) 682 | * [Hacking Articles - Raj Chandel's Blog](https://www.hackingarticles.in/) - entry level 683 | * [**Yossioren/AttacksonImplementationsCourseBook**](https://github.com/Yossioren/AttacksonImplementationsCourseBook) 684 | * [Debasish Mandal - The Big Bounty Tube](https://www.youtube.com/channel/UC9c5Bh5HVKoT91aiAVBqLuA) - youtube videos 685 | * [Bug Bounty Hunters](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters) - for beginners 686 | * [advanced search on reverse engineering](https://www.academia.edu/search?utf8=%E2%9C%93&q=reverse+engineering#) 687 | 688 | * [[CTF] Pwnable.kr write-up - Hash Collision](https://hg8.sh/posts/pwnable/collision/) 689 | 690 | 691 | --------------------------------------------------------------------------------