Copy Data into Remote Process Address Space with Window Messages（代码注入）

d9eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6$3j5h3I4D9k6h3A6G2j5$3y4Q4x3V1k6b7L8@1y4Q4x3X3c8u0L8X3A6W2j5%4c8Q4x3X3c8p5j5i4c8S2i4K6u0V1g2@1#2Q4y4h3k6o6e0#2m8k6c8p5q4f1b7b7`.`.

Exploits RDP auth for RCE（CVE-2018-0886 的 PoC）

107K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6H3M7X3g2W2L8i4m8@1i4K6u0r3j5%4u0W2k6s2y4K6M7l9`.`.

Instant setup of VM for different CPU architectures（配置不同 CPU 架构的虚拟机）

78eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6F1L8$3&6Y4K9h3q4U0K9q4)9J5c8X3q4J5L8g2)9#2k6X3&6G2N6H3`.`.

A sandboxed container runtime（gVisor 沙箱）

a99K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6Y4L8$3!0Y4L8r3g2Q4x3V1k6Y4N6X3W2K6L8%4t1`.

Awesome Firmware Security（固件安全）

01bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6b7M7X3g2a6f1#2)9J5k6q4y4W2j5%4g2J5K9i4c8&6i4K6u0r3j5i4N6W2M7$3!0E0k6g2)9J5k6r3k6A6M7X3#2%4j5i4u0W2i4K6u0V1M7$3g2U0N6i4u0A6N6s2W2Q4x3V1j5`.

OPCDE 2018 Slides

a50K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6U0L8$3#2S2k6h3W2G2i4K6u0r3e0#2m8o6c8p5g2Q4x3V1k6@1M7X3g2W2i4K6u0r3L8h3q4K6N6r3g2J5i4K6u0r3x3U0l9I4z5l9`.`.

HITB 2018 AMS Slides

32fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0L8$3&6X3k6i4u0W2L8X3y4W2i4K6u0W2K9r3W2@1j5W2)9J5k6h3!0J5k6#2)9J5c8X3S2A6N6r3u0K6k6h3y4U0L8$3&6X3x3U0l9I4z5r3q4E0M7#2)9J5c8X3#2S2N6r3g2J5K9h3q4D9M7#2)9J5c8R3`.`.

Detecting Kernel Infoleaks with x86 Emulation, Slides（内核信息泄露）

0b0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3Z5H3x3s2u0#2i4K6u0W2N6X3g2^5K9h3I4D9K9i4g2E0i4K6u0W2L8%4u0Y4i4K6u0r3M7$3I4A6k6r3g2K6i4K6u0r3x3U0l9I4z5q4)9J5c8X3W2F1k6X3W2D9N6s2u0S2N6r3g2Q4x3X3g2H3k6r3j5`.

The Life And Death of Kernel Object Abuse by Type Isolation, Slides（内核对象漏洞利用缓解）

ee7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6U0L8$3#2S2k6h3W2G2i4K6u0r3e0#2m8o6c8p5g2Q4x3V1k6@1M7X3g2W2i4K6u0r3L8h3q4K6N6r3g2J5i4K6u0r3x3U0l9I4z5q4)9J5c8W2c8Z5k6g2)9J5y4e0t1H3e0r3W2X3k6g2)9J5y4e0t1H3i4K6t1#2x3U0k6Q4x3U0f1J5x3p5c8W2j5i4c8Z5i4K6t1#2x3U0m8G2k6W2)9J5y4e0t1H3d9$3g2J5L8X3g2D9i4K6t1#2x3U0m8a6j5X3A6W2j5%4c8Q4x3U0f1J5x3p5q4T1N6i4y4W2i4K6t1#2x3U0m8T1P5g2)9J5y4e0t1H3g2s2W2H3k6g2)9J5y4e0t1H3d9i4y4G2L8r3q4@1K9h3!0F1i4K6t1#2x3U0m8Q4x3X3c8Q4x3U0f1J5x3q4y4S2K9h3k6Q4x3U0f1J5x3p5g2D9f1$3S2W2M7X3W2Q4x3U0f1J5x3p5W2S2L8W2)9J5y4e0t1H3d9%4u0G2L8Y4q4#2K9i4y4@1

Exploiting Branch Target Injection, Slides（CPU 漏洞）

fb5K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1M7X3W2$3k6g2)9J5k6h3N6G2L8$3N6D9k6g2)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2Q4x3V1k6V1i4K6u0r3x3h3y4S2d9o6M7I4P5p5#2k6j5X3E0n7x3%4q4Q4x3X3c8t1b7$3E0*7M7@1#2Z5g2V1D9I4i4K6g2X3L8g2N6B7P5U0m8&6N6#2)9J5c8Y4k6A6k6i4M7`.

GLitch（GPU，Rowhammer 攻击）

235K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2$3N6i4y4W2j5#2)9J5k6h3&6W2N6q4)9J5c8Y4m8J5L8$3A6W2j5%4c8K6i4K6u0r3k6$3I4A6N6r3y4Z5i4K6u0r3

Apple Safari - Wasm Section Exploit（Safari Wasm 组件漏洞分析）

b44K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6D9j5h3u0K6i4K6u0W2L8i4N6J5K9h3&6X3L8%4y4W2j5%4g2J5K9i4c8&6i4K6u0W2j5$3!0E0i4K6u0r3j5i4y4K6k6i4c8K6i4K6u0r3b7X3I4G2k6@1k6A6L8r3g2K6i4K6u0r3j5i4m8H3L8r3g2Q4x3X3c8K6j5h3k6S2M7X3W2Q4x3X3c8%4j5i4y4E0i4K6u0V1M7$3g2U0N6r3W2G2L8W2)9J5k6s2k6#2L8r3&6Q4x3X3c8%4M7X3W2@1k6g2)9J5k6s2g2H3i4K6u0V1x3U0l9I4z5q4)9J5k6o6l9@1i4K6u0V1x3e0k6Q4x3X3g2H3k6r3j5`.

20aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6E0N6%4u0D9j5h3u0K6i4K6u0r3b7#2k6q4i4K6u0V1x3U0l9I4z5q4)9J5k6o6b7I4x3U0p5`.

7-Zip: From Uninitialized Memory to Remote Code Execution（7-Zip CVE-2018-10115 漏洞分析）

777K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6D9j5h3&6V1j5i4k6W2i4K6u0W2K9h3!0Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6g2Q4x3V1j5%4i4K6u0V1P5X3W2H3i4K6u0V1k6Y4u0G2L8g2)9J5k6s2g2F1K9h3&6A6N6r3W2S2L8r3W2*7k6h3c8Q4x3X3c8E0k6h3#2G2M7Y4W2Q4x3X3c8@1L8#2)9J5k6s2u0W2L8h3!0@1k6g2)9J5k6r3y4G2k6r3g2Q4x3X3c8W2P5r3g2U0N6i4c8A6L8$3&6Q4x3V1j5`.

Breaking CFI: Exploiting CVE-2015-5122 using COOP（基于 COOP 的 CFI 绕过）

5e3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6H3k6i4u0U0k6i4m8@1K9h3!0F1i4K6u0V1M7r3!0A6L8Y4c8Q4x3X3g2A6L8#2)9J5c8U0t1H3x3e0S2Q4x3V1j5H3y4q4)9J5c8U0p5I4i4K6u0r3j5Y4u0W2j5h3E0A6L8X3N6Q4x3X3c8U0k6X3W2Q4x3X3c8U0N6X3g2Q4x3X3b7J5x3o6p5#2i4K6u0V1y4e0p5J5x3W2)9J5k6r3y4G2L8%4m8Q4x3V1j5`.

Fuzzing Adobe Reader for exploitable vulns（Adobe Reader 的 Fuzzing）

5deK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6C8j5$3W2J5k6h3c8G2M7W2)9J5k6h3y4G2L8g2)9J5c8X3k6#2P5Y4A6A6L8X3N6Q4x3X3c8S2k6r3!0T1k6g2)9J5k6s2u0W2j5h3c8W2M7W2)9J5k6r3k6G2M7W2)9J5k6r3g2^5M7r3I4G2K9i4c8S2j5X3I4W2i4K6u0V1N6Y4g2D9L8Y4y4Q4x3X3c8X3N6h3&6Q4x3X3c8F1L8%4c8Q4x3X3c8H3M7X3!0X3K9i4c8Q4x3X3g2Z5N6r3#2D9

Automatic Heap Layout Manipulation for Exploitation（自动化构建漏洞利用堆内存布局）

a2fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2M7Y4S2A6N6W2)9J5k6h3!0J5k6#2)9J5c8Y4m8V1k6W2)9J5c8U0p5^5x3o6c8Q4x3X3f1H3z5o6b7%4x3q4)9J5k6i4m8V1k6R3`.`.

Hyper-V symbols for debugging（Hyper-V 调试符号）

513K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4M7#2)9J5k6i4c8W2j5$3S2F1k6i4c8Q4x3X3g2E0K9h3y4J5L8%4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3V1k6$3K9i4u0@1N6h3q4D9K9i4A6S2N6r3W2G2L8W2)9J5c8U0t1H3x3e0S2Q4x3V1j5H3y4q4)9J5c8U0t1#2i4K6u0r3K9s2W2H3k6i4u0Q4x3X3c8$3i4K6u0V1M7%4W2E0j5X3!0D9M7#2)9J5k6r3k6G2M7W2)9J5k6r3c8W2j5Y4g2Y4k6$3W2F1k6#2)9J5c8R3`.`.

GravityRAT - The Two-Year Evolution Of An APT（反虚拟机之检测硬件温度）

b6bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2N6r3q4D9L8%4y4A6L8Y4c8W2L8r3I4A6k6$3g2F1j5$3g2Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6c8Q4x3V1k6Y4M7X3q4$3K9i4c8&6M7X3q4@1i4K6u0V1N6s2N6G2i4K6u0V1P5h3g2S2M7W2)9J5k6r3g2$3L8$3I4#2N6r3W2G2L8W2)9J5k6r3!0X3i4K6u0V1j5i4m8@1i4K6u0W2K9s2c8E0L8l9`.`.

Upgrading ApiScout: Introducing ApiVectors（基于 API 比对的恶意程序识别）

169K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0&6N6r3g2Q4x3X3c8S2N6r3I4S2M7#2)9J5k6h3u0D9L8$3N6K6M7r3!0@1i4K6u0W2k6r3g2Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6c8Q4x3V1k6S2M7r3W2$3k6h3y4@1L8%4u0K6i4K6u0W2K9s2c8E0L8l9`.`.

How to become the best Malware Analyst E-V-E-R（恶意程序逆向经验谈）

102K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2W2P5r3q4U0L8%4u0F1i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6#2)9J5c8U0t1H3x3e0S2Q4x3V1j5H3y4q4)9J5c8U0p5@1i4K6u0r3K9r3!0%4i4K6u0V1N6r3!0Q4x3X3c8T1k6h3y4G2L8h3g2Q4x3X3c8@1K9r3g2Q4x3X3c8T1k6i4y4@1i4K6u0V1L8h3q4D9N6$3q4J5k6g2)9J5k6r3q4F1j5h3I4&6M7%4c8Q4x3X3c8W2i4K6u0V1N6W2)9J5k6r3g2Q4x3X3c8J5i4K6u0r3

Tools for microarchitectural benchmarking（代码性能分析）

5f6K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1k6h3&6V1K9h3u0S2K9$3S2Q4x3X3g2Y4K9i4c8Z5N6h3u0Q4x3X3g2A6L8#2)9J5c8X3u0D9L8$3N6Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6c8Q4x3V1j5H3x3#2)9J5c8W2c8G2L8$3I4K6i4K6u0V1k6X3!0J5i4K6u0V1L8h3W2U0M7X3!0S2M7X3y4Z5K9i4c8W2j5%4c8#2M7X3q4D9i4K6u0V1j5X3g2F1j5$3S2E0j5i4u0C8K9h3&6Y4

Norton Core Secure WiFi Router（Norton 安全路由器分析）

1d4K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6W2L8h3u0W2k6r3W2Q4x3X3g2U0L8$3#2Q4x3V1k6T1L8r3!0Y4i4K6u0r3N6$3S2G2M7#2)9J5k6s2N6S2N6r3y4Z5K9h3&6Y4i4K6u0V1N6r3S2W2i4K6u0V1N6$3q4@1j5$3S2W2M7Y4y4Q4x3X3c8$3L8$3I4Q4x3X3c8A6K9g2)9J5k6r3&6G2M7Y4c8G2L8W2)9J5k6r3y4G2M7X3g2Q4x3X3c8K6k6h3y4#2M7X3g2Q4x3X3c8%4K9h3k6A6i4K6u0V1M7X3!0#2N6r3g2J5i4K6u0r3

The Connected Car - Ways to get unauthorized access and potential implications（汽车 hacking）

374K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2U0L8$3#2H3N6i4c8W2M7%4c8Q4x3X3g2F1L8q4)9J5c8Y4N6H3i4K6u0V1j5$3!0F1N6r3g2F1N6q4)9J5c8Y4g2H3L8r3!0S2k6s2y4Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6c8Q4x3V1k6U0L8$3&6F1k6h3y4@1k6h3c8Q4x3X3c8U0j5i4u0Q4x3X3c8J5j5i4m8H3L8%4u0@1i4K6u0W2M7r3c8X3

[培训]科锐逆向工程师培训第53期2025年7月8日开班！