黑客、技術 黑、科技樹 2017/02/27 II 

Kuon 喜歡學習，特別是「安全技術」。 

No content

逆向 工程 其 他 軟體 破解 惡意 程式 漏洞 攻防 

硬體 軟體 

硬體 Logic Analysis PCB Reversing ROM Extraction IC Reversing 

Emulation Flash Dump JTAG Firmware Analysis FS Extraction Firmware Download File ID 

軟體 De- compiler IDA Pro REIL Binary Analysis Binary Diff Analysis DBI Emulation Firmware Analysis File ID File Format Debugger 

Anti-Anti- Debug Anti- Debug Anti- Dump Packer Anti-DBI Anti- Sandbox Anti- Disasm Anti-VM Anti- Emulator Unpacker Anti-Anti- VM 

Anti- Debug Packer Anti- Sandbox Anti-VM Anti-Virus Virus Anti- Rootkit Anti-Anti- Virus Rootkit Malware Botnet Anti- Botnet Anti- Malware 

ASLR Malware Anti- Malware DEP ROP UAC W^X EMET JIT Spray GrSecurity Anti-Anti- Virus 

Anti- Dump Debugger Memory Hacking Anti-Anti- Debug Anti- Debug VM Anti-VM Anti-Anti- VM 

Hooking Rootkit Malware Injection SMM VM 

No content

需求 架構 開發 測試 部署 API SOAP RESTful JSON Data Format XML Authentication Cookie HTTP Header Token User Input Injection OAuth Cross-Domain Sever-side Proxy SSRF Javascript Hijacking CSP Secure Transport SSL/TLS HSTS NoSQL Cert Validation CORS CSRF JSONP Callback Resource Upload/Download Upload Enumeration CSRF CSRF Security Header Pinning XXE 

No content

流程、標準 Null Pointer Race Condition Dangling Pointer Data Race Double Free Double Destruct Use-After-Free Use-After-Destruct Integer Overflow Counter Overflow Heap Overflow Pool Overflow Stack Overflow Format String JMS & JMX File Inclusion Object Injection 框 架 OGNL Injection HQL Injection 執 行 環 境 Java PHP 通 用 Web Native SQL Injection XSS Cmd Injection Path Traversal Code Injection Unserialization Template Injection Python Template Injection Race Condition CSRF YAML Evaluation Mass Assignment Spring i18n Injection OOB Read Arbitrary Write Info Leak Type Confusion Undef Behavior Uninit Memory 

Q&A 問題‧討論