https://github.com/rhboot/pesign.git
ETW: Microsoft-Windows-Winsock-AFD
ALPC: https://blog.csdn.net/feivirus/article/details/50526320 https://bbs.pediy.com/thread-172274.htm https://reverseengineering.stackexchange.com/questions/8116/at-the-rpcrt4ndrclientcall2-function-how-does-it-know-which-pipe-to-use-in-or
https://bbs.pediy.com/thread-251158.htm
VT https://bbs.pediy.com/thread-192237.htm https://bbs.pediy.com/thread-96122.htm https://www.xuebuyuan.com/1280519.html http://www.360doc.com/content/09/0608/08/64805_3810084.shtml http://www.doc88.com/p-0314347096482.html
http://blog.nsfocus.net/flare-on-5th-writeup/
在调试器里看Windows 10的Linux子系统http://www.sohu.com/a/145513478_163588
http://www.doc88.com/p-1542101616393.html http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf http://www.geoffchappell.com/notes/security/stuxnet/mrxcls.htm https://www.codeproject.com/Articles/246545/Stuxnet-Malware-Analysis-Paper https://bbs.pediy.com/thread-121662.htm https://bbs.pediy.com/thread-195890.htm https://www.f-secure.com/v-descs/trojan-dropper_w32_stuxnet.shtml
http://netinfo-security.org/article/2015/1671-1122-0-9-139.html
Windows 中的三种对象 http://blog.csdn.net/qq_18218335/article/details/78143724
http://blog.csdn.net/u013761036/article/details/61467912 http://blog.csdn.net/kingswb/article/details/51468675 http://blog.csdn.net/swanabin/article/details/16858413 https://www.52pojie.cn/thread-245482-1-1.html https://bbs.pediy.com/thread-159743.htm https://bbs.pediy.com/thread-185786.htm http://www.freebuf.com/news/138216.html https://www.anquanke.com/post/id/86928 https://www.anquanke.com/post/id/86821 http://www.sohu.com/a/199121624_257305 https://www.anquanke.com/post/id/86829 https://www.anquanke.com/post/id/86671 https://www.anquanke.com/post/id/86575 https://www.anquanke.com/post/id/87076 http://www.freebuf.com/articles/system/99141.html http://www.freebuf.com/articles/system/93413.html http://www.4hou.com/system/9724.html
https://github.com/tandasat/RemoteWriteMonitor DebugActiveProcess
构建一个高交互型的难以发现的蜜罐 https://ipot.sec-wiki.com/article/2017-05-23-construct-honeypot.html
http://standa-note.blogspot.ca/2015/03/section-based-code-injection-and-its.html
https://mp.weixin.qq.com/s/WMfCNN095-PpM0VB_pRESg https://github.com/AiGangJingYe/Analysis-Tools http://blog.nsfocus.net/ida-stack-pointer/ https://github.com/shmilylty/Malware-Analysis-Tools https://bbs.ichunqiu.com/thread-18052-1-1.html https://zhuanlan.zhihu.com/p/68538874 https://blog.51cto.com/ghfhou/2287818 http://www.cppblog.com/tqsheng/archive/2008/01/24/41796.html https://www.jtianling.com/%E9%BB%91%E5%AE%A2%E8%B0%83%E8%AF%95%E6%8A%80%E6%9C%AF%E6%8F%AD%E7%A7%98-hacker-debugging-uncovered-%E5%AD%A6%E4%B9%A0-1-%E6%9C%80%E7%AE%80%E5%8D%95%E7%9A%84%E5%AF%86%E7%A0%81%E4%BF%9D%E6%8A%A4%E7%A0%B4%E8%A7%A3.html https://www.dbgpro.com/archives/433.html https://www.secpulse.com/archives/95436.html https://zhuanlan.zhihu.com/p/47701596 https://www.zhihu.com/question/304536164/answer/560031467
https://bbs.pediy.com/thread-253450.htm http://www.chinaqking.com/%E5%8E%9F%E5%88%9B%E4%BD%9C%E5%93%81/2009/26934.html https://blog.csdn.net/iiprogram/article/details/2257168 https://www.52pojie.cn/thread-436995-1-1.html https://www.doc88.com/p-4773402520745.html https://bbs.pediy.com/thread-247488.htm