Further Reading
Further Reading
恶意软件的生存之道:监视器与辅助器组件解析 - How Malware Survives Understanding Watcher and Helper Components - https://reversethemalware.blogspot.com/2026/01/how-malware-survives-understanding.html
使用频率分析检测带有抖动的 C2 信标 - Detecting C2-Jittered Beacons with Frequency Analysis - https://www.diegowritesa.blog/2025/04/detecting-c2-jittered-beacons-with.html
RegRipper 注册表取证 - https://www.kali.org/tools/regripper/
Sleuth Kit 文件系统取证调查 - https://www.sleuthkit.org/sleuthkit/desc.php
Simulating common internet services in a lab environment - INetSim - https://www.inetsim.org/index.html
Caldera 自动化威胁分析平台 - A Scalable, Automated Adversary Emulation Platform - https://caldera.mitre.org/
Yara恶意软件检测 - https://yara.readthedocs.io/en/latest/
A general, open source, retargetable decompiler of machine code programs - Boomerang - https://boomerang.sourceforge.net/
VBinDiff 十六进制分析器 - https://www.cjmweb.net/vbindiff/
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) - https://hovav.net/ucsd/dist/geometry.pdf
GhostRace: Exploiting and Mitigating Speculative Race Conditions - https://www.usenix.org/conference/usenixsecurity24/presentation/ragab
Part 3 - From User Mode to Ring 0: Kernel Driver Fundamentals - https://adminions.ca/books/articles/page/part-3-from-user-mode-to-ring-0-kernel-driver-fundamentals
The Ultimate CPU emulator - https://www.unicorn-engine.org/docs/tutorial.html
傅里叶变换交互式入门 - https://www.jezzamon.com/fourier/zh-cn.html
Reverse engineering Go binaries using Radare 2 and Python - https://malware.news/t/reverse-engineering-go-binaries-using-radare-2-and-python/32362
Mastering Windows Access Control: Understanding SeDebugPrivilege - https://binarydefense.com/resources/blog/mastering-windows-access-control-understanding-sedebugprivilege/#:~:text=For%20those%20not%20familiar%20%E2%80%93%20SeDebugPrivilege,handed%20o
Hypervisors for Memory Introspection and Reverse Engineering - https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html#illusion-uefi-based-hypervisor-with-ept-based-hooking
5 Days to Virtualization: A Series on Hypervisor Development - https://revers.engineering/7-days-to-virtualization-a-series-on-hypervisor-development/
Developing Modern Ransomware Part 1: User-Land - https://lorenzomeacci.com/developing-modern-ransomware-part-1-user-land
https://rayanfam.com/
https://github.com/bobbuilder123/fps-pointer-chain-target