'분류 전체보기' 카테고리의 글 목록 (23 Page)

분류 전체보기

basic_exploitation_001 2022.11.22
Return Address Overwrite 2022.11.21
Static Analysis vs Dynamic Analysis 2022.11.01
정보보안 공부용 자료들 링크 2022.11.01 1
Integer overflow and heap overflow that occur sequentially in the BPF module 2022.10.21
basic_exploitation_000 2022.06.04
calling convention 2022.05.27
shell_basic 2022.05.23

Static Analysis vs Dynamic Analysis

2022. 11. 1. 00:42

정보보안 공부용 자료들 링크

tr4ce 2022. 11. 1. 00:20

2022. 11. 1. 00:20

공부하면서 유용하다고 느낀 자료의 링크입니다.

다본건 아님.... 뜨문 뜨문 본 것도 있구 필요한거만 본 것도 있구 ㅠ

꾸준히 추가할 예정(기억하는한?)

-Web hacking tricks-

https://book.hacktricks.xyz/pentesting-web/web-vulnerabilities-methodology

https://www.hahwul.com/

https://blog.rubiya.kr/

-kernerl source-
wget ~ in https://github.com/torvalds/linux

-qemu version-
https://download.qemu.org/

-라젠카 문서(pwn 공격기법들)-
https://www.lazenca.net/display/TEC/03.ROP%28Return+Oriented+Programming%29+-+mmap%2C+mprotect

-달고나 문서(BOF기초)-
https://t1.daumcdn.net/cfile/tistory/242BA84757A6D12C32?originalhttps://t1.daumcdn.net/cfile/tistory/242BA84757A6D12C32?original

-까망눈연구소-
https://wogh8732.tistory.com/399?category=807175 (Numa)
https://wogh8732.tistory.com/402?category=807175 (buddy allocator)
https://wogh8732.tistory.com/420 (kmalloc)
https://wogh8732.tistory.com/308 (kernel exploit을 위한 기본 함수들)
https://wogh8732.tistory.com/323 (kernel protection)
https://wogh8732.tistory.com/312 (kernel debugging)

-linux system call table-
https://rninche01.tistory.com/entry/Linux-system-call-table-%EC%A0%95%EB%A6%ACx86-x64

-heap overflow-
https://intadd.tistory.com/41

-slab allocator-
https://www.kernel.org/doc/gorman/html/understand/understand011.html

-kgdb-
https://www.kernel.org/doc/html/v4.18/dev-tools/kgdb.html

-RTL & ROP-
https://sulla-ksh.tistory.com/8
https://mineta.tistory.com/148?category=790096
https://kaspyx.tistory.com/100

-FSOP-

https://baobob1024.tistory.com/176

-메모리 구조-
https://velog.io/@kingyong9169/%EB%A9%94%EB%AA%A8%EB%A6%AC-%EA%B5%AC%EC%A1%B0
https://blog.naver.com/PostView.nhn?blogId=cjsksk3113&logNo=222270185816
https://jeongminhee99.tistory.com/49

-stack pivoting-
https://man-25-1.tistory.com/207

-bof 32bit vs 64bit-
https://duwjdtn11.tistory.com/364

-arm heap exploitation-
https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/

-메모리 보호기법 우회-
https://teamcrak.tistory.com/332

-레지스터-
https://m.blog.naver.com/PostView.naver?isHttpsRedirect=true&blogId=qbxlvnf11&logNo=221349867776

-기초 포너블 공격기법 정리-
https://snwo.tistory.com/147

https://github.com/xairy/linux-kernel-exploitation

-glibc malloc-
https://umbum.tistory.com/386

-어셈블리어-
https://rninche01.tistory.com/13
http://doc.kldp.org/KoreanDoc/html/Assembly_Example-KLDP/Assembly_Example-KLDP.html
https://htst.tistory.com/51?category=641794
https://itguava.tistory.com/11

-FPO(Frame Pointer Overflow)-
https://dokhakdubini.tistory.com/228?category=809542

-인터럽트, 핸들러-
https://sean.tistory.com/158

-fd(file discriptor)-
https://dev-ahn.tistory.com/m/96

-bin/sh 오류 해결-
https://iamswdeveloper.tistory.com/entry/The-command-could-not-be-located-because-usrbin-is-not-included-in-the-PATH-environment-variable

-커널 배경 지식-
https://defenit.kr/2019/10/21/Pwn/%E3%84%B4%20Research/%EC%BB%A4%EB%84%90_%EA%B8%B0%EC%B4%88/

-syzkaller(on Qemu)-
https://cpuu.postype.com/post/9075747

https://wcventure.github.io/FuzzingPaper/

-buzzer(bpf fuzzer)-

https://github.com/google/buzzer

-kernel config-
https://github.com/google/syzkaller/blob/master/docs/linux/kernel_configs.md

-gdb-peda( rop gadget)-

https://go-madhat.github.io/gdb-peda/

-sanitizer-

https://www.usenix.org/system/files/sec22summer_zhang-yuchen.pdf

https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43308.pdf

https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf

-fuzzing-

https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf

-eBPF-

https://www.kernel.org/doc/html/latest/bpf/verifier.html
https://docs.cilium.io/en/stable/bpf/

https://www.collabora.com/news-and-blog/blog/2019/04/15/an-ebpf-overview-part-2-machine-and-bytecode/
https://www.spinics.net/lists/xdp-newbies/msg00185.html
https://ebpf.io/what-is-ebpf#jit-compilationd

https://www.kernel.org/doc/html/latest/bpf/index.html
https://wariua.github.io/man-pages-ko/bpf%282%29/#bpf
https://man7.org/linux/man-pages/man2/bpf.2.html
https://ssup2.github.io/theory_analysis/Linux_BPF/

https://www.blackhat.com/docs/eu-16/materials/eu-16-Reshetova-Randomization-Can't-Stop-BPF-JIT-Spray-wp.pdf

https://www.gigamon.com/content/dam/resource-library/english/guide---cookbook/gu-bpf-reference-guide-gigamon-insight.pdf

https://man7.org/conf/ndctechtown2018/limiting-the-kernel-attack-surface-with-seccomp-NDC-TechTown-Kerrisk.pdf

https://kim-dragon.tistory.com/274

https://github.com/zoidbergwill/awesome-ebpf

https://cdn.open-nfp.org/media/documents/demystify-ebpf-jit-compiler.pdf

https://www.usenix.org/system/files/osdi20-nelson.pdf

-exploit payload-

https://github.com/swisskyrepo/PayloadsAllTheThings

https://book.hacktricks.xyz/pentesting-web/command-injection

https://www.hahwul.com/

-java beautifier-

https://beautifier.io/

-cryto(잘 정리되어 있어 도움 많이 받음)-

https://www.crocus.co.kr/1203

'DEBUG Project(one-day analysis)' 카테고리의 다른 글

Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit - review (0)	2023.11.27
CVE-2021-34866 (0)	2023.06.02
CVE-2022-1103 (0)	2023.05.31
CVE-2021-3490 (0)	2022.12.15
Integer overflow and heap overflow that occur sequentially in the BPF module (0)	2022.10.21