Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

472 lines
23 KiB

  1. ## Mechanization of Exploits
  2. * https://github.com/REMath/literature_review/blob/master/mechanization_of_exploits.org
  3. ## Binary Analysis
  4. * Moflow BAP-based tools to do post-crash graph backtaint slicing, post-crash forward symbolic emulation to look for more exploitable conditions, whitebox fuzzing based in SAGE
  5. - https://github.com/vrtadmin/moflow
  6. * https://github.com/zardus/pyvex
  7. * Mcsema is a rewriting and static analysis framework based on LLVM
  8. - https://github.com/trailofbits/mcsema
  9. * https://github.com/bdcht/amoco
  10. * A tool that exports LLVM bitcode into a Datalog workspace
  11. - https://github.com/plast-lab/llvm-datalog
  12. * Dagger is a decompilation framework based on LLVM
  13. - http://dagger.repzret.org/
  14. * http://bap.ece.cmu.edu/, https://github.com/BinaryAnalysisPlatform/bap
  15. * http://dynamorio.org/
  16. * https://bitbucket.org/simona/mltk
  17. * http://insight.labri.fr/trac, https://github.com/perror/insight
  18. * https://github.com/rose-compiler/rose/tree/master/projects/BinQ
  19. * https://github.com/neuromancer/SEA
  20. * http://bitblaze.cs.berkeley.edu/
  21. * http://code.google.com/p/avalanche/
  22. * https://bincoa.labri.fr/trac
  23. * http://www.jakstab.org/documentation
  24. * https://code.google.com/p/tree-cbass/
  25. * https://github.com/bitblaze-fuzzball/fuzzball (https://nebelwelt.net/blog/20140114-having_phun_with_SE.html)
  26. * https://code.google.com/p/decaf-platform/
  27. * http://esec-lab.sogeti.com/pages/Fuzzgrind
  28. * http://code.google.com/p/idaocaml/
  29. * http://doar-e.github.io/blog/2013/09/16/breaking-kryptonites-obfuscation-with-symbolic-execution/
  30. * https://github.com/tosanjay/BOPFunctionRecognition
  31. * https://github.com/codelion/pathgrind
  32. * http://doar-e.github.io/blog/2013/09/16/breaking-kryptonites-obfuscation-with-symbolic-execution/
  33. * http://yurichev.com/writings/z3_rockey.pdf
  34. * http://eindbazen.net/2013/04/pctf-2013-cone-binary-250-2/
  35. * http://shell-storm.org/blog/Binary-analysis-Concolic-execution-with-Pin-and-z3/
  36. * An architecture-independent decompiler to LLVM IR
  37. - https://github.com/draperlaboratory/fracture
  38. * DECAF - https://code.google.com/p/decaf-platform/
  39. * Binwalk: Firmware analysis tool
  40. - http://binwalk.org/
  41. * https://code.google.com/p/miasm/
  42. ## Analysis of Communication Protocols
  43. * Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be used to simulate realistic and controllable trafic. - http://www.netzob.org/
  44. * Communication protocols determine how network components interact with each other. Therefore, the ability to derive a specification of a protocol can be useful in various contexts, such as to support deeper black-box testing or effective defense mechanisms. Unfortunately, it is often hard to obtain the specification because systems implement closed (i.e., undocumented) protocols, or because a time consuming translation has to be performed, from the textual description of the protocol to a format readable by the tools. To address these issues, we developed ReverX, a Java application that generates automata for the language and protocol state machine from network traces. Since our solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. - https://code.google.com/p/reverx/
  45. ## Intermediate Representations
  46. * An Intermediate Representation for Integrating Reverse Engineering Analyses (1998)
  47. - http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.47.2766
  48. * REIL: A platform-independent intermediate representation of disassembled code for static code analys
  49. - http://moflow.org/ref/REIL%20-%20A%20platform-independent%20intermediate%20representation%20of%20disassembled%20code%20for%20static%20code%20analysis.pdf
  50. * Relational Reverse Engineering Intermediate Language
  51. - http://www2.in.tum.de/bib/files/sepp11precise.pdf
  52. * VinE Project Documentation
  53. - http://bitblaze.cs.berkeley.edu/papers/vine.pdf
  54. * BIL
  55. - http://bap.ece.cmu.edu/doc/bap.pdf
  56. * LLVM
  57. - http://infoscience.epfl.ch/record/149975/files/x86-llvm-translator-chipounov_2.pdf , http://eurosys2013.tudos.org/wp-content/uploads/2013/paper/Anand.pdf
  58. * TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis
  59. - http://research.cs.wisc.edu/wpis/papers/toplas13-tsl-final.pdf
  60. * Combining Several Analyses into One OR What is a Good Intermediate Language for the Analysis of Executables?
  61. - http://www.dagstuhl.de/mat/Files/12/12051/12051.SimonAxel.Slides.pdf
  62. * Jakstab uses an IR described in chapter two
  63. - http://www.cs.rhul.ac.uk/home/kinder/papers/phdthesis.pdf
  64. * Wire � A Formal Intermediate Language for Binary Analysis
  65. - https://drive.google.com/file/d/0BymO5h8P3PgAakZqY1RQSldzRmM/edit?usp=sharing
  66. * Automated Synthesis of Symbolic Instruction Encodings from I/O Samples - http://research.microsoft.com/en-us/um/people/pg/public_psfiles/pldi2012.pdf
  67. * Towards A Binary Intermediate Language for Real-Time Embedded System by Jianqi Shi, Qin Li, Longfei Zhu, Xin Ye, Yanhong Huang, Huixing Fang and Fu Song
  68. - http://research.sei.ecnu.edu.cn/~song/publications/MPiE14.pdf
  69. * RockSalt: Better, Faster, Stronger SFI for the x86
  70. - http://www.cse.lehigh.edu/~gtan/paper/rocksalt.pdf
  71. ## Alias / Value Analysis
  72. * Alias Analysis for Assembly
  73. - http://reports-archive.adm.cs.cmu.edu/anon/anon/usr/ftp/2006/CMU-CS-06-180R.pdf
  74. * Probabilistic Alias Analysis for ARM Executable Code
  75. - https://drive.google.com/file/d/0BymO5h8P3PgAc29nUFBleGFtTnc/edit?usp=sharing
  76. * WYSINWYX: What You See Is Not What You Execute
  77. - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.76.637&rep=rep1&type=pdf
  78. * Static Analysis of x86 Executables by Johannes Kinder
  79. - http://www.cs.rhul.ac.uk/home/kinder/papers/phdthesis.pdf
  80. * BDDStab: BDD-based Value Analysis of Binaries
  81. - http://cs.au.dk/~amoeller/tapas2014/tapas2014_2.pdf
  82. * Static Analysis of x86 Assembly: Certification and Robustness Analysis
  83. - http://dumas.ccsd.cnrs.fr/docs/00/63/64/45/PDF/Laporte.pdf
  84. ## Control Flow Recovery
  85. * Alias / Value Analysis
  86. - https://github.com/REMath/literature_review#alias--value-analysis
  87. * Alternating Control Flow Reconstruction
  88. - http://dslab.epfl.ch/pubs/alternatingCFR.pdf
  89. * Refinement-based CFG Reconstruction from Unstructured Programs by Sebastien Bardin, Philippe Herrmann, and Franck Vedrine
  90. - http://www.labri.fr/perso/fleury/download/papers/binary_analysis/long-final-vmcai-11.pdf
  91. * Control flow reconstruction from PowerPC binaries
  92. - http://www2.in.tum.de/bib/files/mihaila09reconstruction.pdf
  93. * Interprocedural Analysis of Low-Level Code
  94. - http://mediatum.ub.tum.de/doc/1006212/1006212.pdf
  95. ## Binary Rewriting
  96. * Control Flow Integrity
  97. - https://github.com/REMath/literature_review#control-flow-integrity
  98. * Metamorphic Software for Buffer Overflow Mitigation
  99. - http://www.cs.sjsu.edu/faculty/stamp/students/cs298report.doc
  100. * Advanced Metamorphic Techniques in Computer Viruses
  101. - http://vxheavens.com/lib/apb01.html
  102. * Metamorphism in practice or "How I made MetaPHOR and what I've learnt"
  103. - http://vxheavens.com/lib/vmd01.html
  104. * Automated reverse engineering: Mistfall engine
  105. - http://vxheavens.com/lib/vzo21.html
  106. * Writing disassembler
  107. - http://vxheavens.com/lib/vmd05.html
  108. * Benny's Metamorphic Engine for Win32
  109. - http://vxheaven.org/29a/29a-6/29a-6.316
  110. * "Do polymorphism" tutorial
  111. - http://vxheavens.com/lib/vwm01.html
  112. * Introductory Primer To Polymorphism in Theory and Practice
  113. - http://vxheaven.org/lib/static/vdat/tupripol.htm
  114. * Recompiling the metamorphism
  115. - http://vxheavens.com/lib/vhe11.html
  116. * Theme: Metamorphism
  117. - http://vxheaven.org/29a/29a-4/29a-4.216
  118. * Some ideas about metamorphism
  119. - http://vxheavens.com/lib/vzo20.html
  120. * Meta-Level Languages in Viruses
  121. - http://vxheavens.com/lib/vsp44.html
  122. * Metamorphism (part 1)
  123. - http://vxheavens.com/lib/vzo10.html
  124. * Metamorphism
  125. - http://vxheavens.com/lib/vlj00.html
  126. * The Viral Darwinism of W32.Evol
  127. - http://www.openrce.org/articles/full_view/27 ( http://www.openrce.org/articles/files/evol_disasm.html )
  128. * The Molecular Virology of Lexotan32: Metamorphism Illustrated
  129. - http://www.openrce.org/articles/full_view/29
  130. * The Design Space of Metamorphic Malware
  131. - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.69.486&rep=rep1&type=pdf
  132. * Diablo
  133. - http://diablo.elis.ugent.be/
  134. ## Abstract Interpretation
  135. * http://arxiv.org/abs/0810.2179 (code: http://hal.inria.fr/docs/00/33/23/39/ANNEX/absint.v )
  136. * http://dumas.ccsd.cnrs.fr/docs/00/63/64/45/PDF/Laporte.pdf (Coq code in the paper)
  137. * http://pop-art.inrialpes.fr/interproc/interprocweb.cgi (code: http://pop-art.inrialpes.fr/people/bjeannet/bjeannet-forge/interproc/index.html )
  138. * http://www.cs.indiana.edu/l/www/classes/b621/abiall.pdf
  139. * http://web.mit.edu/afs/athena.mit.edu/course/16/16.399/www/
  140. * http://www.hexblog.com/?p=42
  141. * https://www.openrce.org/blog/view/1672/Control_Flow_Deobfuscation_via_Abstract_Interpretation ( code: https://www.openrce.org/repositories/users/RolfRolles/BitwiseAI.ml )
  142. * http://www.irisa.fr/celtique/teaching/PAS/
  143. ## Logical solvers
  144. * http://z3.codeplex.com/
  145. * http://alt-ergo.ocamlpro.com/
  146. * http://yices.csl.sri.com/
  147. * http://cvc4.cs.nyu.edu/web/
  148. * http://minisat.se/
  149. * http://fmv.jku.at/boolector/
  150. * http://mathsat.fbk.eu/
  151. ## Probabilistic Logic
  152. * http://alchemy.cs.washington.edu/
  153. * https://github.com/opcode81/ProbCog/wiki
  154. * http://hazy.cs.wisc.edu/hazy/tuffy/
  155. * https://code.google.com/p/thebeast/
  156. ## Datalog
  157. * Alias Analysis for Assembly - http://users.ece.cmu.edu/~dbrumley/pdf/Brumley,%20Newsome_2006_Alias%20Analysis%20for%20Assembly%20%28Revised%29.pdf
  158. * Dyna: Extending Datalog For Modern AI
  159. - http://cs.jhu.edu/~jason/papers/eisner+filardo.datalog11-long.pdf and http://www.cs.jhu.edu/~nwf/datalog20-paper.pdf
  160. * Using Datalog for fast and easy program analysis
  161. - http://cgi.di.uoa.gr/~smaragd/doop-datalog2.0.pdf
  162. * Implementing Dataflow Analyses for Pegasus in Datalog
  163. - http://www.cs.cmu.edu/~drl/course/compilers/report.pdf
  164. * Using Datalog and binary decision diagrams for program analysis - http://people.csail.mit.edu/mcarbin/papers/aplas05.pdf
  165. * Datalog for decompilation - https://media.blackhat.com/us-13/US-13-Cesare-Bugalyze.com-Detecting-Bugs-Using-Decompilation-Slides.pdf
  166. * On Abstraction Re?nement for Program Analyses in Datalog - http://www.cs.ox.ac.uk/people/hongseok.yang/paper/pldi14c-submitted.pdf
  167. * Scaling Datalog for Machine Learning on Big Data
  168. - http://arxiv.org/pdf/1203.0160.pdf
  169. * Relational Representation of the LLVM Intermediate Language
  170. - http://cgi.di.uoa.gr/~smaragd/theses/psallida.pdf
  171. * http://docs.datomic.com/query.html
  172. * Using Datalog for Fast and Easy Program Analysis
  173. - http://cgi.di.uoa.gr/~smaragd/doop-datalog2.0.pdf
  174. * An Efficient Engine for Fixed Points with Constraints
  175. - http://research.microsoft.com/en-us/um/people/leonardo/muze.pdf
  176. * On Abstraction Refinement for Program Analyses in Datalog
  177. - http://www.cs.ox.ac.uk/people/hongseok.yang/paper/pldi14c-submitted.pdf
  178. * Efficient Top-Down Computation Of Queries Under The Well-Founded Semantics - http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=9C9550377F2C74A427FBA59818479087?doi=10.1.1.54.8690&rep=rep1&type=pdf
  179. * Dedalus: Datalog in Time and Space
  180. - http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-173.pdf
  181. * Strictly Declarative Specification of Sophisticated Points-to Analyses
  182. - http://cgi.di.uoa.gr/~smaragd/doop-oopsla09prelim.pdf
  183. * Pregelix: Big(ger) Graph Analytics on A Dataflow Engine
  184. - http://arxiv.org/pdf/1407.0455.pdf
  185. ## String Solvers
  186. * http://webblaze.cs.berkeley.edu/2010/kaluza/
  187. * http://people.csail.mit.edu/akiezun/hampi/
  188. * http://www.cs.purdue.edu/homes/zheng16/str/
  189. * A DPLL(T) Theory Solver for a Theory of Strings and Regular Expressions
  190. - http://www.divms.uiowa.edu/ftp/tinelli/papers/LiaEtAl-CAV-14.pdf and http://cvc4.cs.nyu.edu/papers/CAV2014-strings/
  191. ## Datasets
  192. * https://svn.sosy-lab.org/software/sv-benchmarks/tags/svcomp13/
  193. * http://samate.nist.gov/SRD/testsuite.php
  194. * http://www.nec-labs.com/research/system/systems_SAV-website/benchmarks.php
  195. * http://www.debian.org/distrib/packages
  196. * https://github.com/offensive-security/exploit-database
  197. * 1.2k bugs discovered by Mayhem - https://bugs.debian.org/cgi-bin/pkgreport.cgi?submitter=alexandre%40cmu.edu
  198. ## Ground Truth
  199. * http://dwarfstd.org/
  200. ## Obfuscators
  201. * http://vxheaven.org/vx.php?id=eidx
  202. * http://cansecwest.com/core03/shiva.ppt
  203. * http://diablo.elis.ugent.be/obf_deobfuscation_byhand
  204. * http://blog.yurichev.com/node/58
  205. * https://github.com/enferex/GOAT-Plugs?
  206. * https://github.com/0vercl0k/stuffz/blob/master/llvm-funz/kryptonite/llvm-functionpass-kryptonite-obfuscater.cpp
  207. * http://code.google.com/p/pescrambler/
  208. * http://www.phrack.org/issues.html?id=13&issue=63
  209. * https://github.com/obfuscator-llvm/obfuscator/wiki (https://github.com/obfuscator-llvm/obfuscator/tree/clang-425.0.24)
  210. * Binary code obfuscation through C++ template metaprogramming - https://www.cisuc.uc.pt/publication/showfile?fn=1357250736_metaobfv3.pdf
  211. ## Hidden Computation
  212. * http://mainisusuallyafunction.blogspot.com.es/2014/02/x86-is-turing-complete-with-no-registers.html
  213. * https://github.com/jbangert/trapcc
  214. * http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf
  215. * C++ Templates are Turing Complete - http://ubietylab.net/ubigraph/content/Papers/pdf/CppTuring.pdf
  216. * https://github.com/elitheeli/stupid-machines
  217. ## Deobfuscation
  218. * Using optimization algorithms for malware deobfuscation - http://os2.zemris.fer.hr/ns/malware/2010_spasojevic/diplomski_spasojevic.pdf
  219. * Unpacking Virtualization Obfuscators - http://static.usenix.org/event/woot09/tech/full_papers/rolles.pdf
  220. * https://code.google.com/p/optimice/
  221. ## Disassemblers
  222. * http://code.google.com/p/gdsl-toolkit/wiki/Overview
  223. * http://www.beaengine.org/
  224. * http://code.google.com/p/distorm/
  225. * https://hex-rays.com/products/ida/index.shtml
  226. * http://www.gnu.org/software/binutils/
  227. * https://github.com/vmt/udis86
  228. * http://software.intel.com/en-us/articles/pintool-downloads
  229. * http://capstone-engine.org/
  230. * winSRDF https://github.com/AmrThabet/winSRDF
  231. * Udis86 http://udis86.sourceforge.net/
  232. ## Decompilers
  233. * http://users.ece.cmu.edu/~ejschwar/papers/usenix13.pdf
  234. * http://dagger.repzret.org/
  235. * http://www.cl.cam.ac.uk/~mom22/thesis.pdf
  236. * http://code.google.com/p/arm-thumb-decompiler-plugin/
  237. * https://github.com/EiNSTeiN-/ida-decompiler
  238. * http://boomerang.sourceforge.net/
  239. * http://decompiler.fit.vutbr.cz/decompilation/
  240. * Retargetable Decompiler http://decompiler.fit.vutbr.cz/index.php
  241. * C4Decompiler http://www.c4decompiler.com
  242. * SmartDec decompiler http://decompilation.info/
  243. * REC Studio 4 http://www.backerstreet.com/rec/rec.htm
  244. * List of .Net Decompilers: https://code.google.com/p/facile-api/wiki/ListOfDotNetDecompilers
  245. ## Virtual Machines
  246. * http://klee.llvm.org/
  247. * https://s2e.epfl.ch/
  248. * https://github.com/feliam/pysymemu
  249. * http://pages.cs.wisc.edu/~davidson/fie/
  250. * http://www.megalith.co.uk/8086tiny/
  251. ## Videos
  252. * http://media.ccc.de/browse/congress/2013/30C3_-_5224_-_en_-_saal_6_-_201312271400_-_triggering_deep_vulnerabilities_using_symbolic_execution_-_gannimo.html
  253. * http://www.youtube.com/watch?v=CJccn9d2t5w
  254. * http://www.youtube.com/watch?v=YUikShiPEg8
  255. * http://www.youtube.com/watch?v=b8SeZTgwXEY
  256. * http://www.youtube.com/watch?v=_jq3swTyk_k
  257. * http://www.youtube.com/watch?v=1lh_DNBZBHQ
  258. * http://www.youtube.com/watch?v=azTVEwxN8zM
  259. * http://www.youtube.com/watch?v=k1qqNE1xMII
  260. * https://archive.org/details/Recon2012Keynote-TheCaseForSemantics-basedMethodsInReverseEngineering
  261. * https://archive.org/details/ApplyingTaintAnalysisAndTheoremProvingToExploitDevelopment-SeanHeelan
  262. * https://air.mozilla.org/verification-history/
  263. * http://vimeo.com/75326415
  264. ## Model Checkers
  265. * http://nusmv.fbk.eu/
  266. * http://www.cprover.org/cbmc/
  267. * http://mtc.epfl.ch/software-tools/blast/index-epfl.php
  268. * http://research.microsoft.com/en-us/projects/slam/
  269. * https://bitbucket.org/arieg/ufo/wiki/Home
  270. * http://www.cprover.org/boom/
  271. ## Reasoning About Finite-state and Pushdown Automata
  272. * http://research.cs.wisc.edu/wpis/papers/CAV05-tool-demo.pdf
  273. * http://www.cs.binghamton.edu/~dima/hpca13.pdf
  274. * http://www2.informatik.uni-stuttgart.de/fmi/szs/tools/moped/
  275. * http://www2.informatik.uni-stuttgart.de/fmi/szs/tools/wpds/
  276. * http://research.cs.wisc.edu/wpis/wpds/opennwa-index.php
  277. * http://rise4fun.com/rex
  278. * http://www.cs.bham.ac.uk/~hxt/research/rxxr.shtml
  279. ## Debuggers
  280. * https://bitbucket.org/khooyp/expositor
  281. * http://www.eresi-project.org/
  282. * http://redmine.corelan.be/projects/mona
  283. ## Interactive Theorem Provers
  284. * http://research.microsoft.com/en-us/um/people/akenn/coq/LOLA2012.pdf
  285. * http://research.microsoft.com/en-us/um/people/nick/coqasm.pdf
  286. * http://research.microsoft.com/en-us/um/people/akenn/coq/HLSL.pdf
  287. * http://dream.inf.ed.ac.uk/
  288. * http://www.cs.chalmers.se/%7Ehallgren/Alfa/
  289. * http://coq.inria.fr/
  290. * http://www.dcs.ed.ac.uk/home/lego
  291. * http://wiki.portal.chalmers.se/agda/pmwiki.php
  292. * http://www.comlab.ox.ac.uk/archive/formal-methods/hol.html
  293. * http://www.cl.cam.ac.uk/Research/HVG/Isabelle/
  294. * http://www.csl.sri.com/pvs.html
  295. * http://mizar.org/
  296. * http://www.lama.univ-savoie.fr/sitelama/Membres/pages_web/RAFFALLI/af2.html
  297. * http://cvs.metaprl.org:12000/metaprl/
  298. * http://www.cs.ru.nl/~janz/yarrow/
  299. ## Control Flow Integrity
  300. * A Retargettable CFI implementation in LLVM. Authors: Joseph Battaglia and Oulin Yao
  301. - https://github.com/dbrumley/recfi
  302. * BinCFI: Control Flow Integrity for COTS Binaries
  303. - http://www.seclab.cs.sunysb.edu/seclab/bincfi/
  304. * https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/Zhang
  305. * http://lenx.100871.net/papers/FPGate-bluehat.pdf
  306. * http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-February/070210.html
  307. * Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM by Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, �lfar Erlingsson, Luis Lozano, and Geoff Pike - https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-tice.pdf
  308. * Control-Flow Integrity Principles, Implementations, and Applications - http://research.microsoft.com/pubs/69217/ccs05-cfi.pdf
  309. ## C Code / C++ Code (Need to split these at some point)
  310. * http://why3.lri.fr/
  311. * http://pp.ipd.kit.edu/firm/
  312. * https://code.google.com/p/tanalysis/
  313. * http://frama-c.com/
  314. * http://goto.ucsd.edu/~rjhala/papers/liquid_types.html
  315. * http://www.cs.umd.edu/~jfoster/cqual/
  316. * http://sourceforge.net/projects/cil/
  317. * https://github.com/kframework/c-semantics
  318. * http://sixgill.org
  319. * https://bitbucket.org/khooyp/otter
  320. * http://boogie.codeplex.com/
  321. * https://github.com/jirislaby/stanse
  322. * https://github.com/dsw/oink-stack/
  323. * http://delta.tigris.org/
  324. * http://embed.cs.utah.edu/csmith/
  325. * http://css.csail.mit.edu/stack/
  326. * http://embed.cs.utah.edu/creduce/
  327. ## Quantitative Analysis
  328. * Daikon detects likely program invariants - http://plse.cs.washington.edu/daikon/
  329. * DIG: A Dynamic Invariant Generator for Polynomial and Array Invariants - https://bitbucket.org/nguyenthanhvuh/dig/src
  330. * http://www.prismmodelchecker.org/
  331. * http://software.imdea.org/projects/cacheaudit/
  332. * http://www-verimag.imag.fr/~tripakis/openkronos.html
  333. * http://turnersr.github.io/measurements/properties.html
  334. ## Assisted Exploit Engineering
  335. ### Return-oriented Programming
  336. * http://users.ece.cmu.edu/~ejschwar/papers/usenix11.pdf
  337. * https://github.com/programa-stic/ropc-llvm
  338. * https://github.com/pakt/ropc
  339. * https://github.com/JonathanSalwan/ROPgadget
  340. * https://github.com/0vercl0k/rp
  341. * https://github.com/trailofbits/bisc
  342. * Blind Return Oriented Programming (BROP) - http://www.scs.stanford.edu/~sorbo/brop/
  343. ## Random Testing (Fuzzing)
  344. * http://embed.cs.utah.edu/csmith/
  345. * https://code.google.com/p/american-fuzzy-lop/
  346. * https://bitbucket.org/blackaura/browserfuzz
  347. ## Dynamic Analysis is an interpretation of the static semantics
  348. * https://github.com/mrmee/heaper
  349. * https://github.com/neuroo/runtime-tracer
  350. * https://github.com/CTSRD-SOAAP/taintgrind
  351. * https://minemu.org/mediawiki/index.php?title=Main_Page
  352. * https://github.com/neuroo/runtime-tracer
  353. * https://github.com/wirepair/IDAPinLogger
  354. ### To be categorized
  355. * https://github.com/pdasilva/vtrace_scripts
  356. * https://github.com/rapid7/metasploit-framework/tree/master/external/source/byakugan
  357. * https://code.google.com/p/narly/
  358. * https://code.google.com/p/viscope/
  359. * https://github.com/isislab/Catfish
  360. * https://github.com/aaronportnoy/toolbag
  361. * http://www.rise4fun.com/
  362. * Apimonitor http://www.rohitab.com/apimonitor
  363. * efl32mod http://deroko.phearless.org/rce.html
  364. * Insight http://www.bttr-software.de/products/insight/
  365. * Malwasm https://code.google.com/p/malwasm/
  366. * pev http://pev.sourceforge.net/
  367. * mona.py http://redmine.corelan.be/projects/mona
  368. * http://mlsec.org/
  369. ## Disassemblers & Debuggers
  370. ## x86 only
  371. * Ollydbg http://www.ollydbg.de/
  372. * Immunity Debugger https://www.immunityinc.com/products-immdbg.shtml
  373. * Syser http://www.sysersoft.com/
  374. * GDB for Windows http://www.equation.com/servlet/equation.cmd?fa=gdb
  375. ## x64
  376. * FDBG http://fdbg.x86asm.net/
  377. * Nanomite https://github.com/zer0fl4g/Nanomite
  378. * x64_dbg https://bitbucket.org/mrexodia/x64_dbg
  379. * ArkDasm http://www.arkdasm.com/
  380. * VirtDbg https://code.google.com/p/virtdbg/
  381. * BugDbg http://pespin.w.interia.pl/
  382. * MDebug http://www.mdebug.org/
  383. * Visual DuxDebugger http://www.duxcore.com/index.php/prod/visual-duxdebugger/overview
  384. * PEBrowseDbg64 Interactive http://www.smidgeonsoft.prohosting.com/pebrowse-pro-interactive-debugger.
  385. ## Multi-Architecture
  386. * IDA Pro https://www.hex-rays.com/products/ida/
  387. * Hopper http://www.hopperapp.com/
  388. * radare http://radare.org
  389. * GUI: Bokken http://inguma.eu/projects/bokken
  390. * VDB http://visi.kenshoto.com/viki/Vdb
  391. * Frida https://github.com/frida
  392. * Online Disassembler (ODA) http://www.onlinedisassembler.com/odaweb/
  393. ## Java
  394. * Procyon https://bitbucket.org/mstrobel/procyon
  395. * SecureTeam Java Decompiler http://www.secureteam.net/Java-Decompiler.aspx
  396. * Luyten https://github.com/deathmarine/Luyten
  397. * Krakatau Bytecode Tools https://github.com/Storyyeller/Krakatau
  398. * DJ Java Decompiler http://www.neshkov.com/
  399. * reJ http://rejava.sourceforge.net/
  400. * JSwat https://code.google.com/p/jswat/
  401. * Dr. Garbage Tools http://www.drgarbage.com/index.html
  402. * JD-GUI http://jd.benow.ca/
  403. * JAD http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)
  404. * dirtyJOE http://dirty-joe.com/
  405. ## Type and Data Structure Recovering
  406. * Struct Builder: Tool commonly used in game hacking to reverse data structures. This tool is closed source. - http://www.mpcforum.com/showthread.php?128430-Release-StructBuild
  407. ## Miscellaneous Tools
  408. ## Binary Manipulation Frameworks
  409. ## Deobfuscation/Unpacking
  410. * PROTECTiON iD: Detects most common application protectors. This tool is closed source. - http://pid.gamecopyworld.com/
  411. ## Cryptography
  412. ## Visualization
  413. * http://www2.in.tum.de/votum
  414. * http://worrydream.com/MediaForThinkingTheUnthinkable/
  415. * Cantor Dust - http://www.youtube.com/watch?v=4bM3Gut1hIk
  416. * GraphDice: A System for Exploring Multivariate Social Networks - http://www.aviz.fr/graphdice/
  417. * Gephi: Open Source Graph Visualization Platform - https://gephi.org/
  418. ## Anti-Debugging / Anti-Reversing
  419. # Acknowledgements
  420. * https://events.ccc.de/congress/2013/wiki/Session:Binary_Analysis
  421. * http://www.reddit.com/r/ReverseEngineering/comments/1pvqv5/program_analysis_technology_additions_and/cd6tmor