Further Reading

恶意软件

• 恶意软件的生存之道：监视器与辅助器组件解析
• Developing Modern Ransomware Part 1: User-Land
• 展开数据无眠 - InsomniacUnwinding 登场
• Playing in the (Tradecraft) Garden of Beacon: Finding Eden
• Reading Event Tracing for Windows Threat Intelligence
• Creating a Protected Process Light in Rust for Sanctum EDR
• 滥用漏洞驱动 (BYOVD) 实现任意内核读写并绕过 PPL 保护
• BYOVD to the next level (part 1) — exploiting a vulnerable driver (CVE-2025-8061)
• BYOVD to the next level (part 2) — rootkit like it's 2025
• Living Off The Land Drivers
• Shellcode Loader 高级执行与规避技艺
• 利用任意物理读写驱动来加载自己的驱动
• Updated Analysis of PatchGuard on Microsoft Windows 10 RS4
• The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls(on the x86)
• GhostRace: Exploiting and Mitigating Speculative Race Conditions
• Mastering Windows Access Control: Understanding SeDebugPrivilege
• On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025

取证分析

• Windows 系统安全事件应急响应
• 使用频率分析检测带有抖动的 C2 信标
• RegRipper 注册表取证
• Sleuth Kit 文件系统取证调查
• INetSim: Simulating common internet services in a lab environment
• Caldera 自动化威胁分析平台
• Yara恶意软件检测
• Windows 进程内部结构：PEB 与 LDR 双向链表解析（内存取证基础 第二部分）

逆向

• Boomerang - A general, open source, retargetable decompiler of machine code programs
• VBinDiff 十六进制分析器
• The Ultimate CPU emulator
• Reverse engineering Go binaries using Radare 2 and Python
• fps-pointer-chain-target
• IDA trace 指令分析
• x64dbg插件无驱动过vmp3.9.4反调试
• Static Devirtualization of Themida
• An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x
• Microblogging: Synthesizing (obfuscated) expressions
• VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
• VMProtect 2 - Part Two, Complete Static Analysis
• Back Engineering Blos Posts

操作系统底层

• Part 3 - From User Mode to Ring 0: Kernel Driver Fundamentals
• Part 1: Digging deep into LoadLibrary
• Rayanfam blog
• Hypervisors for Memory Introspection and Reverse Engineering
• 5 Days to Virtualization: A Series on Hypervisor Development

计算机科学

• 傅里叶变换交互式入门

软件保护

• Slicing Obfuscations: Design, Correctness, and Evaluation
• Path-Sensitive Backward Slicing

Compiler

• QBE compiler backend
• cproc
• Advanced Compiler Design and Implementation
• Compilers: Principles, Techniques, and Tools

接下来学习

• BYOVD

• Hypervisor & HyperDbg

• DynamoRIO

• angr

• 动态污点分析

• PIN Trace & Intel PT

• 后向切片

• unicorn