Further Reading

恶意软件

• 恶意软件的生存之道：监视器与辅助器组件解析
• Developing Modern Ransomware Part 1: User-Land
• 展开数据无眠 - InsomniacUnwinding 登场
• Playing in the (Tradecraft) Garden of Beacon: Finding Eden
• Improving consistency with EDR DLL Injection via APCs

取证分析

• 使用频率分析检测带有抖动的 C2 信标
• RegRipper 注册表取证
• Sleuth Kit 文件系统取证调查
• INetSim: Simulating common internet services in a lab environment
• Caldera 自动化威胁分析平台
• Yara恶意软件检测
• Windows 进程内部结构：PEB 与 LDR 双向链表解析（内存取证基础 第二部分）

逆向

• Boomerang - A general, open source, retargetable decompiler of machine code programs
• VBinDiff 十六进制分析器
• The Ultimate CPU emulator
• Reverse engineering Go binaries using Radare 2 and Python
• fps-pointer-chain-target
• IDA trace 指令分析

漏洞利用

• The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)
• GhostRace: Exploiting and Mitigating Speculative Race Conditions
• Mastering Windows Access Control: Understanding SeDebugPrivilege
• On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025

操作系统底层

• Part 3 - From User Mode to Ring 0: Kernel Driver Fundamentals
• Part 1: Digging deep into LoadLibrary
• Rayanfam blog
• Hypervisors for Memory Introspection and Reverse Engineering
• 5 Days to Virtualization: A Series on Hypervisor Development

计算机科学

• 傅里叶变换交互式入门

软件保护

• Slicing Obfuscations: Design, Correctness, and Evaluation
• Path-Sensitive Backward Slicing

Compiler

• QBE compiler backend
• cproc
• Advanced Compiler Design and Implementation
• Compilers: Principles, Techniques, and Tools

接下来学习

• BYOVD
• Hypervisor & HyperDbg
• angr
• DynamoRIO