Automatically test and explore the capabilities of generic AV engines（反病毒引擎测试框架）

008K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6F1k6h3y4K6N6q4)9J5c8X3y4J5j5i4k6W2

Virtual Machine for Intermediate Representation（解析执行 WebAssembly 和 LLVM Bitcode）

ae2K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6S2L8X3c8G2L8h3q4Q4x3V1k6$3L8h3W2J5

The Windows Library for Intel Process Trace（Intel PT 库）

0bbK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8$3&6W2M7$3y4#2x3o6l9%4i4K6u0r3N6$3W2F1K9i4m8@1

A research purpose hypervisor for Windows on AMD processors（基于 AMD-V 的 hypervisor）

352K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6@1j5h3&6V1j5i4y4S2N6q4)9J5c8W2y4A6L8i4m8D9k6g2y4$3L8f1S2G2L8$3D9`.

Perform a MitM attack and extract clear text credentials from RDP connections（RDP 中间人）

b08K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6e0P5g2y4e0i4K6u0V1f1X3g2K6k6h3q4J5j5$3S2Q4x3V1k6e0k6i4c8Z5

ISSISP 2018 Slides

dd8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0M7#2)9J5k6h3q4F1N6g2)9J5k6h3g2V1N6g2)9J5k6h3q4#2i4K6u0r3j5%4W2T1k6i4u0K6k6h3y4Q4x3V1k6A6M7%4y4A6M7%4l9J5x3o6p5^5i4K6u0r3M7$3y4Z5k6h3c8#2L8r3g2Q4x3X3g2Z5N6r3#2D9

Usenix Security 2018 Schedule

6a1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2#2M7$3g2F1K9i4S2Q4x3X3g2G2M7X3N6Q4x3V1k6U0L8$3&6X3k6i4u0W2L8X3y4W2i4K6u0r3N6i4y4W2L8X3W2^5M7$3g2U0N6i4u0A6N6s2V1I4z5q4)9J5c8Y4c8W2j5$3S2F1K9h3y4S2L8q4)9J5k6s2y4W2M7%4y4A6L8$3&6K6

Precision Issues in Graphic Libraries（图形库中的精确度问题）

948K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4L8$3!0Y4L8r3g2H3M7X3!0B7k6h3y4@1P5X3g2J5L8#2)9J5k6h3u0D9L8$3N6K6M7r3!0@1i4K6u0W2j5$3!0E0i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9%4i4K6u0r3k6s2u0S2N6$3W2F1k6#2)9J5k6r3!0#2N6s2y4A6k6r3g2Q4x3X3c8T1L8%4S2Q4x3X3c8H3M7X3g2U0K9i4y4A6L8$3&6Q4x3X3c8A6M7%4y4#2k6i4y4Q4x3X3c8A6L8W2)9J5k6h3S2@1L8h3H3`.

CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime（Safari WebKit CVE-2017-2446 漏洞）

d7dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1L8$3q4J5i4K6u0V1k6g2)9J5k6h3N6A6N6r3S2#2j5W2)9J5k6h3W2G2i4K6u0r3j5X3I4G2k6#2)9J5c8U0t1H3x3e0S2Q4x3V1j5H3y4#2)9J5c8U0p5@1i4K6u0r3j5%4k6W2i4K6u0V1x3U0l9I4y4#2)9J5k6o6t1@1y4o6k6Q4x3X3c8G2M7W2)9J5k6r3A6K6j5$3A6K6k6$3I4G2j5X3q4D9L8$3u0B7k6h3y4@1K9i4y4Z5j5i4k6A6L8X3N6S2j5X3q4V1N6r3W2E0k6g2)9J5c8R3`.`.

Cracking the Walls of the Safari Sandbox（Safari 沙箱逃逸）

d75K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2J5k6i4b7J5i4K6u0W2K9h3!0Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6N6Q4x3V1j5J5y4g2)9J5c8Y4m8%4L8U0u0G2N6$3&6Q4x3X3b7J5x3o6p5^5i4K6u0V1M7$3q4X3j5i4u0A6i4K6u0V1M7$3q4F1k6r3u0G2P5q4)9J5c8R3`.`.

VirtualBox 3D acceleration considered harmful（VirtualBox 3D 加速的漏洞）

7ffK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6H3K9r3!0W2L8X3S2W2P5q4)9J5k6i4u0W2i4K6u0r3x3U0l9I4z5q4)9J5k6o6l9%4i4K6u0V1x3U0N6Q4x3V1k6T1k6i4c8@1k6i4u0Q4x3X3c8K6L8r3!0%4i4K6u0V1N6r3S2S2L8W2)9J5k6s2y4G2M7Y4u0&6

Taking apart a double zero-day sample discovered in joint hunt with ESET（更多有关 CVE-2018-4990 & CVE-2018-8120 的细节）

678K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0L8r3!0#2k6r3u0D9L8$3N6K6i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3L8h3W2U0M7X3!0K6L8$3k6@1M7$3g2U0N6i4u0W2i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9%4i4K6u0r3x3o6u0Q4x3V1k6@1j5h3E0A6L8X3N6Q4x3X3c8S2M7r3q4J5N6q4)9J5k6r3q4Q4x3X3c8V1L8%4g2T1L8r3g2Q4x3X3c8*7k6i4u0G2i4K6u0V1k6r3q4&6i4K6u0V1M7$3q4E0M7r3I4W2i4K6u0V1k6r3W2K6j5$3!0$3k6i4u0W2k6q4)9J5k6r3W2F1i4K6u0V1K9X3!0A6L8Y4c8Q4x3X3c8Z5N6h3&6@1i4K6u0V1N6$3W2@1K9q4)9J5k6r3g2K6k6i4c8Q4x3V1j5`.

Delving deep into VBScript Internals（深入 VBScript 解析器）

c64K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6k6h3y4#2M7X3g2D9K9i4y4@1i4K6u0W2j5$3!0E0i4K6u0r3k6r3g2D9N6X3W2F1k6#2)9J5k6r3c8W2k6i4m8Q4x3X3c8A6L8Y4c8G2i4K6u0V1N6X3u0K6j5%4u0A6M7s2c8Q4x3X3c8S2L8X3q4D9P5i4y4A6M7#2)9J5k6r3!0X3i4K6u0V1j5%4k6W2i4K6u0V1x3U0l9I4z5q4)9J5k6o6R3I4y4K6c8Q4x3X3c8W2P5s2m8D9L8$3W2@1j5i4c8A6L8$3&6Q4x3V1j5^5y4U0x3K6x3#2)9J5c8R3`.`.

Localhost Network Isolation and Edge（Edge 浏览器网络隔离特性）

35cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1P5i4u0S2L8X3W2V1M7$3I4S2K9i4u0Q4x3X3g2T1L8r3!0Y4M7%4m8G2N6q4)9J5k6h3y4G2L8g2)9J5c8U0t1H3x3e0S2Q4x3V1j5H3y4#2)9J5c8Y4g2%4M7q4)9J5k6r3I4G2j5$3q4D9K9r3!0K6N6q4)9J5k6r3&6W2N6s2N6G2M7X3E0Q4x3X3c8A6M7$3!0D9j5i4c8A6L8$3&6Q4x3X3c8S2L8X3c8Q4x3X3c8W2k6r3N6W2i4K6u0W2K9s2c8E0L8l9`.`.

System call dispatching on Windows ARM64（ARM 架构下的 Windows 系统调用）

1e7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4M7X3q4U0k6h3k6#2L8r3u0A6N6s2y4Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6N6Q4x3V1j5J5y4W2)9J5c8Y4y4&6M7%4c8W2L8g2)9J5k6r3y4S2L8r3I4Q4x3X3c8V1K9i4y4H3j5i4c8U0K9r3W2F1k6#2)9J5k6r3k6G2M7W2)9J5k6s2N6A6L8X3c8G2N6%4y4Q4x3X3c8G2L8W2)9J5k6r3q4J5L8e0j5@1i4K6u0r3

Detecting Hypervisor Presence on Windows 10（Hypervisor 的检测）

49aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6J5k6i4k6W2M7Y4y4Q4x3X3g2W2L8X3N6A6L8X3g2W2M7X3W2F1k6#2)9J5c8X3c8W2N6r3g2U0N6r3W2F1k6#2)9J5k6r3S2&6M7r3g2J5N6X3W2K6L8%4u0Q4x3X3c8H3M7X3g2K6k6h3&6U0k6g2)9J5k6r3!0F1i4K6u0V1N6$3W2F1k6r3!0%4M7#2)9J5k6o6p5H3i4K6u0r3

Overview of Intel SGX（Intel SGX 技术概览）

5f7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2M7i4g2S2M7X3E0K6L8r3q4T1i4K6u0W2j5$3!0E0i4K6u0r3L8%4k6W2M7Y4k6A6k6i4N6Q4x3X3c8G2k6W2)9J5k6r3W2F1N6r3g2D9i4K6u0V1M7$3N6^5i4K6u0V1M7r3q4J5N6q4)9J5k6o6q4Q4x3X3c8K6k6%4S2Q4x3X3c8A6L8Y4c8W2M7X3&6S2L8s2y4Q4x3X3g2Z5N6r3#2D9

830K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2M7i4g2S2M7X3E0K6L8r3q4T1i4K6u0W2j5$3!0E0i4K6u0r3L8%4k6W2M7Y4k6A6k6i4N6Q4x3X3c8G2k6W2)9J5k6r3W2F1N6r3g2D9i4K6u0V1M7$3N6^5i4K6u0V1M7r3q4J5N6q4)9J5k6o6u0Q4x3X3c8K6k6%4S2Q4x3X3c8W2P5s2c8W2M7X3&6S2L8s2y4Q4x3X3g2Z5N6r3#2D9

Solving the Atredis BlackHat 2018 CTF Challenge（题目 Atredis 的 writeup，BlackHat CTF）

345K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2K6M7X3g2$3k6i4u0K6k6h3g2F1k6$3W2F1k6h3g2J5K9h3&6Y4i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6#2)9J5c8U0t1H3x3e0S2Q4x3V1j5%4i4K6u0r3x3U0c8Q4x3V1k6@1K9r3g2Q4x3X3c8S2N6s2u0W2k6r3W2K6i4K6u0V1j5X3I4S2j5$3E0Z5j5i4c8Q4x3X3b7J5x3o6p5^5i4K6u0V1j5%4c8X3i4K6u0V1j5$3S2S2L8r3I4W2L8X3N6W2

Exploiting a Windows 10 PagedPool off-by-one overflow（题目 Searchme 的 writeup，wctf）

a5bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6B7x3o6m8J5N6g2)9J5k6i4k6W2P5r3W2D9L8r3W2#2L8g2)9J5k6h3!0J5k6#2)9J5c8U0t1H3x3e0S2Q4x3V1j5H3y4#2)9J5c8X3g2^5M7r3I4G2K9i4c8A6L8X3N6Q4x3X3c8S2i4K6u0V1N6$3W2F1k6r3!0%4M7#2)9J5k6o6p5H3i4K6u0V1M7r3q4Y4k6h3c8H3L8$3!0D9i4K6u0V1L8$3k6X3i4K6u0V1j5Y4W2Q4x3X3c8G2L8X3g2Q4x3V1j5`.

"Evil Maid" Firmware Attacks Using USB Debug（借助 USB 调试进行攻击）

782K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2k6h3y4D9P5i4m8K6K9i4g2E0i4K6u0W2j5$3!0E0i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9%4i4K6u0r3x3U0y4Q4x3V1k6W2N6X3W2D9i4K6u0V1L8h3q4A6i4K6t1#2c8f1k6Q4x3U0g2n7b7W2)9J5y4f1u0r3k6q4)9J5k6r3k6A6M7X3#2%4j5i4u0W2i4K6u0V1j5i4c8@1j5h3y4C8M7#2)9J5k6s2g2K6K9h3&6Y4i4K6u0V1N6i4y4T1i4K6u0V1k6r3g2T1N6h3N6Q4x3V1j5`.

Dangerous Reality Inside of VR headset: HTC Vive（VR 设备的安全）

59bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6W2L8h3u0W2k6r3W2Q4x3X3g2U0L8$3#2Q4x3V1k6T1L8r3!0Y4i4K6u0r3k6r3q4F1k6$3g2J5L8%4g2K6i4K6u0V1M7X3g2S2L8r3W2@1P5g2)9J5k6r3W2F1M7$3W2V1k6g2)9J5k6r3!0X3i4K6u0V1N6Y4u0Q4x3X3c8Z5k6h3q4V1M7$3g2@1i4K6u0V1K9s2c8U0i4K6u0V1N6X3W2$3k6g2)9J5c8R3`.`.

Build a Mini Mass Deauther Using bettercap and a Raspberry Pi Zero W（WiFi 干扰器）

ea8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2W2N6X3W2D9M7$3!0U0K9$3g2@1i4K6u0W2L8X3g2@1i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9%4i4K6u0r3x3U0S2Q4x3V1k6b7M7X3!0B7k6h3y4@1i4K6u0V1f1p5W2f1b7g2)9J5k6q4N6J5K9i4c8W2N6i4m8Q4x3X3c8T1N6h3W2D9k6q4)9J5k6r3q4Q4x3X3c8E0K9h3&6A6i4K6u0V1L8h3q4K6M7#2)9J5k6r3c8W2j5i4g2@1K9r3g2J5i4K6u0V1N6i4y4A6L8X3N6Q4x3X3c8T1k6i4c8@1k6i4u0U0j5i4m8Q4x3X3c8S2L8X3c8Q4x3X3c8S2i4K6u0V1f1X3q4K6M7r3u0W2M7Y4u0&6i4K6u0V1f1r3W2Q4x3X3c8K9k6i4u0G2i4K6u0V1g2#2)9J5c8R3`.`.

Advanced Mobile Malware Campaign in India uses Malicious MDM（借助恶意 iOS MDM 的攻击）

515K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2N6r3q4D9L8%4y4A6L8Y4c8W2L8r3I4A6k6$3g2F1j5$3g2Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6p5^5i4K6u0r3x3o6N6Q4x3V1k6y4L8$3u0A6L8r3g2Q4x3X3c8y4j5h3I4%4j5i4u0W2i4K6u0V1b7$3q4E0M7r3q4A6k6$3&6Q4x3X3c8#2M7$3g2K6i4K6u0V1e0h3q4D9K9h3y4A6L8%4g2K6i4K6u0V1e0f1c8y4i4K6u0W2K9s2c8E0L8l9`.`.

iOS/macOS kernel double free（iOS/macOS 内核漏洞相关）

7f6K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1N6h3N6K6i4K6u0W2j5$3S2J5L8$3#2A6N6h3#2Q4x3X3g2G2M7X3N6Q4x3V1k6H3i4K6u0r3M7s2u0G2K9X3g2U0N6q4)9J5k6s2A6W2M7X3!0Q4x3V1k6A6M7%4y4#2k6i4y4Q4x3V1k6V1k6i4c8S2K9h3I4Q4x3@1k6A6k6q4)9K6c8o6p5@1x3e0M7`.

A Story About Three Bluetooth Vulnerabilities in Android（Android 蓝牙漏洞）

f0fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2M7i4g2S2M7X3E0K6L8r3q4T1i4K6u0W2j5$3!0E0i4K6u0r3j5g2)9J5k6s2y4@1L8%4u0&6i4K6u0V1j5h3u0G2N6i4c8Q4x3X3c8@1K9s2u0W2k6g2)9J5k6r3u0D9N6h3g2@1L8$3!0@1K9q4)9J5k6s2k6#2L8r3&6W2M7X3q4T1K9h3I4A6N6r3W2W2M7#2)9J5k6r3W2F1i4K6u0V1j5h3&6V1M7X3!0A6k6q4)9J5k6h3S2@1L8h3H3`.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！