Memoro: A Detailed Heap Profiler（堆内存查看）

92bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6W2M7r3k6D9i4K6u0V1N6X3I4K6j5#2)9J5c8X3#2W2L8h3!0J5L8H3`.`.

LAVA: Large-scale Automated Vulnerability Addition（人造 bug）

c47K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6H3j5h3&6V1j5g2)9J5k6s2u0W2i4K6u0r3L8r3q4$3j5b7`.`.

Python scriptable Reverse Engineering sandbox（基于 QEMU 的逆向框架）

a9eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6o6K9i4y4U0L8#2)9J5k6q4c8S2L8r3!0K6i4K6u0r3M7s2W2J5k6h3u0G2P5l9`.`.

The exploit samples for windows（最近几个漏洞的 PoC）

475K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6K6L8h3N6G2M7X3g2D9K9h3E0Q4x3V1k6i4K9h3&6V1L8%4N6K6i4K6u0V1f1V1y4q4i4K6u0V1k6i4S2H3L8r3!0A6N6s2x3`.

Useful resources for iOS hacking（iOS hacking 学习资料）

669K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6e0K9h3N6#2P5X3q4Q4x3V1k6A6L8%4y4Q4x3X3c8J5k6i4y4G2N6i4u0U0k6i4x3`.

Recon Montreal 2018 Slides（slides 见议题描述）

f4fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6J5k6h3y4G2L8W2)9J5k6h3y4^5i4K6u0r3x3U0l9I4z5q4)9J5c8X3#2G2L8Y4c8J5k6h3q4D9i4K6u0r3M7$3y4Z5k6h3c8#2L8r3g2Q4x3V1k6K6j5$3S2W2k6s2g2D9k6g2)9J5k6h3S2@1L8h3H3`.

Defcon 26 Schedule（议题介绍）

980K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1k6h3k6U0L8$3&6Q4x3X3g2G2M7X3N6Q4x3V1k6Z5N6r3#2D9i4K6u0r3k6r3g2X3j5$3!0F1i4K6u0V1x3U0k6Q4x3V1k6V1j5#2)9J5k6o6t1$3i4K6u0V1M7%4m8W2j5h3E0W2M7Y4y4Q4x3X3g2Z5N6r3#2D9

Looking back at the last 20 years of RE and looking ahead at the next few, slides（逆向之路）

c0bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1L8$3y4K6i4K6u0W2k6$3!0G2k6$3I4W2i4K6u0W2j5$3!0E0i4K6u0r3M7s2u0W2M7$3g2F1N6r3q4@1K9h3!0F1i4K6u0r3k6q4)9J5c8U0q4D9K9W2k6g2K9g2S2h3K9e0u0b7k6V1g2V1L8$3I4s2h3s2t1%4g2%4m8W2M7r3Z5H3P5o6u0d9P5r3q4a6L8K6W2J5P5V1#2w2g2#2S2W2j5V1M7@1i4K6u0r3

Detecting Kernel Memory Disclosure – Whitepaper（内存信息泄露）

dc4K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4L8$3!0Y4L8r3g2H3M7X3!0B7k6h3y4@1P5X3g2J5L8#2)9J5k6h3u0D9L8$3N6K6M7r3!0@1i4K6u0W2j5$3!0E0i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9$3i4K6u0r3k6r3g2@1k6h3y4@1K9h3&6Y4i4K6u0V1K9$3g2J5L8X3g2D9i4K6u0V1L8h3g2E0L8%4u0&6i4K6u0V1k6r3W2K6j5$3I4G2M7%4g2J5k6g2)9J5k6h3S2@1L8h3H3`.

Intel LazyFP vulnerability: Exploiting lazy FPU state switching（Intel LazyFP 漏洞）

742K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4W2T1k6i4u0#2M7#2)9J5k6s2c8W2j5$3S2F1L8$3I4G2k6%4W2Q4x3X3g2V1k6g2)9J5c8Y4m8G2M7%4c8K6i4K6u0r3x3U0l9I4z5q4)9J5k6o6l9$3i4K6u0V1x3o6k6Q4x3X3c8A6L8Y4c8W2L8q4)9J5k6r3I4S2P5Y4W2X3M7q4)9J5k6s2k6#2L8r3&6W2M7X3q4T1K9h3I4A6N6s2W2Q4x3X3g2Z5N6r3#2D9

Foxit Reader Vulnerability Discovery and Exploitation（Foxit PDF 漏洞）

4a0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6M7X3y4A6L8X3y4A6N6r3g2Q4x3X3g2A6L8#2)9J5c8X3u0D9L8$3N6Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6k6Q4x3V1j5J5x3W2)9J5c8X3k6G2P5r3g2K6i4K6u0V1j5h3#2G2L8X3N6Q4x3X3c8#2M7#2)9J5k6r3k6G2P5r3W2@1i4K6u0V1M7X3g2S2k6r3g2J5i4K6u0V1N6Y4g2D9L8X3g2J5j5h3u0A6L8r3W2@1P5g2)9J5k6r3c8A6M7$3y4G2N6X3g2J5P5g2)9J5k6r3q4F1k6q4)9J5k6r3g2^5M7r3I4G2K9i4c8S2N6r3W2G2L8W2)9J5k6h3S2@1L8h3H3`.

Marshalling to SYSTEM - An analysis of CVE-2018-0824（COM 组件漏洞）

968K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0L8$3c8W2N6$3S2A6N6r3g2K6k6h3y4Q4x3X3g2T1L8r3!0Y4M7%4m8G2N6q4)9J5k6h3y4G2L8g2)9J5c8U0t1H3x3e0S2Q4x3V1j5H3y4W2)9J5c8X3y4$3k6g2)9J5k6o6t1H3x3e0S2Q4x3X3b7H3y4U0t1@1i4K6u0W2K9s2c8E0L8l9`.`.

Windows: Child Process Restriction Mitigation Bypass（子进程防护绕过）

61cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1N6h3N6K6i4K6u0W2j5$3S2J5L8$3#2A6N6h3#2Q4x3X3g2G2M7X3N6Q4x3V1k6H3i4K6u0r3M7s2u0G2K9X3g2U0N6q4)9J5k6s2A6W2M7X3!0Q4x3V1k6A6M7%4y4#2k6i4y4Q4x3V1k6V1k6i4c8S2K9h3I4Q4x3@1k6A6k6q4)9K6c8o6p5#2y4o6b7`.

Introduction to Trusted Execution Environment: ARM's TrustZone（TrustZone 的介绍）

0c8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2M7i4g2S2M7X3E0K6L8r3q4T1i4K6u0W2j5$3!0E0i4K6u0r3K9h3&6@1M7X3!0V1N6h3y4@1K9h3!0F1i4K6u0V1N6r3!0Q4x3X3c8@1M7Y4g2K6N6r3g2V1i4K6u0V1k6i4S2W2j5%4g2@1K9h3!0F1i4K6u0V1k6h3&6$3K9i4u0G2L8X3#2W2L8Y4c8Q4x3X3c8S2M7X3#2K6i4K6u0V1N6s2u0#2M7%4c8*7L8$3&6W2i4K6u0W2K9s2c8E0L8l9`.`.

Virtualization-based security (VBS) memory enclaves（虚拟化保护）

f65K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0L8r3!0#2k6r3u0D9L8$3N6K6i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3L8h3W2U0M7X3!0K6L8$3k6@1M7$3g2U0N6i4u0W2i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9$3i4K6u0r3x3o6g2Q4x3V1k6$3K9i4u0@1N6h3q4D9K9i4A6S2N6r3W2G2L8W2)9J5k6r3u0S2M7$3g2V1i4K6u0V1M7$3g2U0N6i4u0A6N6s2W2Q4x3X3c8$3j5Y4y4Q4x3X3c8E0k6h3#2G2M7Y4W2Q4x3X3c8W2L8X3y4D9j5i4k6W2M7#2)9J5k6r3c8S2N6r3q4Q4x3X3c8H3M7X3!0@1k6h3y4@1K9h3!0F1i4K6u0V1N6r3S2J5L8%4g2Y4K9q4)9J5k6r3W2K6L8$3I4S2N6r3W2G2L8W2)9J5c8R3`.`.

Timeless Debugging of Complex Software（Mozilla 的 rr，同 Microsoft 的 TTD）

ab0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2M7X3g2@1x3W2)9J5k6h3W2G2i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9$3i4K6u0r3x3e0W2Q4x3V1k6H3N6$3^5J5L8%4N6F1i4K6u0V1x3U0l9I4z5q4)9J5k6s2u0G2L8%4c8Q4x3X3c8U0j5i4g2K6k6g2)9J5k6r3q4F1j5h3I4&6M7$3W2K6i4K6u0r3

Reverse Engineering open course, slides（逆向分析公开课）

776K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2S2M7Y4c8A6L8W2)9J5k6i4g2&6i4K6u0r3j5X3I4G2k6#2)9J5c8Y4m8J5L8$3A6W2j5%4c8K6i4K6u0r3M7X3g2$3k6i4u0K6k6g2)9J5k6r3g2F1k6$3W2F1k6h3g2J5K9h3&6Y4i4K6u0r3

Delta Debugging（优化 fuzzing 文件的大小）

28bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2k6%4u0A6L8h3#2Q4x3X3c8U0L8#2)9J5k6h3y4G2L8g2)9J5c8Y4m8G2M7%4c8Q4x3V1k6V1k6h3I4@1j5g2)9J5k6r3c8W2j5Y4g2Y4k6$3W2F1k6#2)9J5c8R3`.`.

T-Fuzz: Fuzzing by Program Transformation, slides（fuzzing 工具）

bedK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3&6W2j5X3g2D9N6$3g2D9N6q4)9J5k6h3&6W2N6q4)9J5c8Y4m8#2j5X3I4A6j5$3q4@1K9h3!0F1M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3e0S2a6j5h3E0D9j5h3&6V1i4K6u0V1M7s2u0W2M7$3g2F1N6r3q4@1K9h3!0F1i4K6u0W2M7r3c8X3

SAT/SMT by example（符号执行）

214K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6&6N6i4u0A6j5$3S2W2N6W2)9J5k6h3y4G2L8g2)9J5c8Y4N6J5K9i4c8A6L8X3N6K6i4K6u0r3f1@1q4f1i4K6g2X3f1@1#2f1i4K6g2X3j5Y4W2Q4y4h3k6W2P5r3q4E0M7r3I4W2i4K6u0W2M7r3c8X3

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features, slides（检测 Double-Fetch）

3ffK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0K9i4y4U0x3o6p5I4x3q4)9J5k6h3&6W2N6q4)9J5c8Y4N6W2j5W2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3!0#2j5X3I4W2i4K6g2X3k6X3g2@1j5$3S2Q4y4h3k6K6L8r3W2V1k6i4y4Q4x3X3g2H3k6r3j5`.

Backdooring your server through its BMC: the HPE iLO4 case, slides（向 HPE iLO4 植入固件后门）

1f0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2K6P5h3&6S2j5$3E0@1K9i4k6Q4x3X3g2U0L8$3#2Q4x3V1k6J5k6i4y4K6L8%4g2J5j5$3g2K6i4K6u0r3M7%4y4@1K9h3y4Q4y4h3j5J5x3o6p5^5i4K6g2X3j5X3q4U0K9$3c8G2L8%4u0A6L8X3N6Q4y4h3k6A6L8r3)9@1i4K6g2X3M7$3I4A6k6r3g2K6i4K6g2X3k6h3&6Q4x3X3g2H3k6r3j5`.

Breaking LTE on Layer Two（针对 LTE 数据链路层的攻击）

56dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2L8s2c8W2M7W2)9J5k6r3q4@1N6r3q4U0K9#2)9J5k6h3&6W2N6q4)9J5c8R3`.`.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！