以下图片来自网络,非本人所有
UEFI threats moving to the ESP: Introducing ESPecter bootkit | WeLiveSecurity
windows消息机制:https://blog.csdn.net/youyou519/article/details/82392183 感同身受:通过openssl生成证书:https://www.jianshu.com/p/9091ebd439a0 ssl通信:https://blog.csdn.net/qq_39521181/article/details/96454732?utm_medium=distribute.pc_relevant.none-task-blog-2~default~baidujs_title~default-4-96454732-blog-98418983.pc_relevant_multi_platform_featuressortv2removedup&spm=1001.2101.3001.4242.3&utm_relevant_index=7 Tunneling TCP based protocols through Web proxy servershttps://curl.se/rfc/draft-luotonen-web-proxy-tunneling-01.txt
breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors:https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
windows 内核驱动hook入门:https://blog.csdn.net/weixin_43956962/article/details/107366974
ndis6.0 NetSendBuffer函数相关数据结构:https://blog.csdn.net/cumirror/article/details/6644815
netfilter github wfp:https://github.com/teddysback/netFilter
win10 Hal's heap:https://labs.bluefrostsecurity.de/blog/2017/05/11/windows-10-hals-heap-extinction-of-the-halpinterruptcontroller-table-exploitation-technique/
$$$需要被记住的时刻,时刻保持清醒@@@
about bypass uac,a sample:https://xz.aliyun.com/t/10423
windows EternalBlue in c++:https://github.com/CyberSecurityExploitDevelopment/WindowsEternalBlue
cve-2020-1350,rce exploit paper:https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred
self-reference PML4 entry:https://blahcat.github.io/2020/06/15/playing_with_self_reference_pml4_entry/
模块遍历:https://cloud.tencent.com/developer/article/1626322
遍历idt表:https://www.gyarmy.com/post-499.html
函数指针类型:https://blog.csdn.net/fuyuehua22/article/details/34852629/
seh结构化异常处理:https://blog.csdn.net/wangpengk7788/article/details/54930185
inlinehook多线程解决:https://blog.csdn.net/qq_31507523/article/details/92800468?spm=1001.2014.3001.5502
内核dpc,线程使用:https://blog.csdn.net/kingswb/article/details/51714430
irp结构与理解:https://blog.csdn.net/zhuhuibeishadiao/article/details/51027412
修改EPROCESS隐藏进程:https://blog.csdn.net/Simon798/article/details/108129202
windows内核遍历驱动模块:https://www.cnblogs.com/kuangke/p/6155360.html
IOCP:https://blog.csdn.net/zhuky/article/details/5363824?spm=1001.2014.3001.5501
OBJECT HOOK:https://blog.csdn.net/qq_42814021/article/details/120789325
SHADOWN SSDT HOOK:https://blog.csdn.net/u013761036/article/details/66473126
windows-driver-samples:https://github.com/microsoft/Windows-driver-samples
动态关闭PatchGuard:https://github.com/9176324/Shark/
aes in c:https://github.com/dhuertas/AES/blob/master/main.c
MiniFilter实现硬链接和软链接监控:http://www.sinkland.cn/?p=204
PowerLoaderEx :https://github.com/YHVHvx/PowerLoaderEx/blob/master/PowerLoaderEx.cpp
vs中使用64位汇编:https://www.mallocfree.com/basic/asm/asm-4-x64.htm
InfinityHook :https://bbs.pediy.com/thread-253450.htm
通过ZwCreateThreadEx调用usermode代码:http://blog.sina.com.cn/s/blog_6ee90d830101khqm.html
win7 64 ssdt hook:https://blog.csdn.net/zfdyq0/article/details/26753797
cve-2020-1034 利用代码:https://github.com/yardenshafir/CVE-2020-1034/blob/main/exploit_part_1/Main.cpp
花指令:https://ctf-wiki.org/reverse/windows/anti-debug/junk-code/
malware samples :https://github.com/cyber-research/APTMalware/tree/master/samples
VMProtect3.09 分析文章:https://www.52pojie.cn/thread-586130-1-1.html
cve-2020-1206(任意地址读/写到远程代码执行):https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
cve-2020-0796:https://github.com/ZecOps/CVE-2020-0796-RCE-POC/blob/master/SMBleedingGhost.py
一些研究文章集合:Research — Möbius Strip Reverse Engineering
dns 漏洞相关 链接:https://blog.skullsecurity.org/2011/a-deeper-look-at-ms11-058
dll编写相关:链接:dll导出函数的两种方式的比较 - talenth - 博客园
dll劫持:链接:DLL劫持技术详解(lpk.dll) - 程序员博客 - 博客园
dll相关:链接:从DllMain下断点到LdrpCallInitRoutine - 程序园
com编程相关:链接:2.实现一个最简单的COM_文洲的专栏-CSDN博客
com in plain c:链接:COM in plain C - CodeProject
windows服务程序编写:链接:用 C 语言编写 Windows 服务程序的五个步骤 - songtzu - 博客园
process hollowing:链接:GitHub - m0n0ph1/Process-Hollowing: Great explanation of Process Hollowing (a Technique often used in Malware)
对bootkit Pitou的一些分析,有不少有用的信息,链接:News - Malware & Hoax - TG Soft Cyber Security Specialist
32位虚拟地址转换为物理地址,链接:[原创]启用PAE后虚拟地址到物理地址的转换-编程技术-看雪论坛-安全社区|安全招聘|bbs.pediy.com
64位虚拟地址转换为物理地址,链接:[原创]X64下的虚拟地址到物理地址的转换-软件逆向-看雪论坛-安全社区|安全招聘|bbs.pediy.com
PDE-PTE相关:链接:19-PDE-PTE_进击的小学生-CSDN博客
windows驱动模型发展的历史:链接:Windows 驱动模型的发展历史 - vcerror - 博客园
hfiref0x 的github:链接:https://github.com/hfiref0x/al-khaser/tree/master/al-khaser
PE文件签名解析:https://github.com/leeqwind/PESignAnalyzer
通过浏览器的配置获取代理服务器信息:https://github.com/tsupo/getProxyInfo/blob/master/getProxyInfo.c
vmprotect 相关1:[原创]通过编译优化进行VMP代码还原-软件逆向-看雪论坛-安全社区|安全招聘|bbs.pediy.com
vmprotect相关2:ZVM – 记VMP保护代码还原工程_whatday的专栏-CSDN博客
关于pe 重定位表 https://blog.csdn.net/qq_40890756/article/details/90080880?spm=1001.2014.3001.5502