A nonexhaustive list of my favorite papers, have fun!

Dis/Assembly

SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask

mov is Turing-complete

Detecting Code Clones in Binary Executables

A Novel Disassemble Algorithm Designed for Malicious File

Towards Optimal Use of Exception Handling Information for Function Detection

Statistical Reconstruction of Class Hierarchies in Binaries

String Analysis for x86 Binaries

Disassembly of Executable Code Revisited

Recovering C++ Objects From Binaries Using Inter-Procedural Data-Flow Analysis

Compiler theory & RCE

Binary Recompilation via Dynamic Analysis and the Protection of Control and Data-flows therein

Alias Analysis of executable code

Generalized Vulnerability Extrapolation using Abstract Syntax Trees

When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries

Type Inference on Executables

Type Analysis of Low-level Code

TIE: Principled Reverse Engineering of Types in Binary Programs

Efficient Features for Function Matching between Binary Executables

Testing Intermediate Representations for Binary Analysis

Equational Reasoning on x86 Assembly Code

GDSL: A Generic Decoder Specification Language for Interpreting Machine Language

Dynamically Translating x86 to LLVM using QEMU

Decompilation

Practical Dynamic Reconstruction of Control Flow Graphs

How to write a basic control flow decompiler

Notes on Graph Algorithms Used in Optimizing Compilers

(!) Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring

A Usability-Optimized Decompiler and Malware Analysis User Study

Sound C Code Decompilation for a subset of x86-64 Binaries

Design of an Automatically Generated Retargetable Decompiler

decompiler internals: microcode

No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations

Designing an object-oriented decompiler: Decompilation support for Interactive Disassembler Pro (2002)

Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis

Links

Breaking Down Binary Ninjas Low Level IL

fcd - An optimizing decompiler

Deobfuscation

A Tutorial on Software Obfuscation

(!) x64Unpack: Hybrid Emulation Unpacker for 64-bit Windows Environments and Detailed Analysis Results on VMProtect 3.4

Deobfuscation: Tracing & Symex

Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation https://www.youtube.com/watch?v=MRku-2fW42w

On Symbolic Execution of Decompiled Programs

How to Kill Symbolic Deobfuscation for Free

PyPANDA: Taming the PANDAmonium of Whole System Dynamic Analysis

Practical Symbolic Execution and SATisfiability Module Theories (SMT) 101

SAT & SMT by Example

(Reven:) Updated Analysis of PatchGuard on Microsoft Windows 10 RS4

Dynamic Binary Instrumentation Primer

A Survey of Symbolic Execution Techniques

Enabling Sophisticated Analyses of x86 Binaries with RevGen

Search-based Approaches for Local Blackbox Deobfuscation Understand, Improve and Mitigate

Deobfuscation: MBA Synt

Reasoning about Software Security via Synthesized Behavioral Substitutes

MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic Obfuscation

Code deobfuscation by program synthesis-aided simplification of Mixed Boolean-Arithmetic expressions

QSynth - A Program Synthesis based Approach for Binary Code Deobfuscation

Souper: A Synthesizing Superoptimizer

STOKE: stochastic superoptimization

Obfuscation with MBA Expression: Reconstruction, Analyse and Simplification

Program Synthesis in Reverse Engineering

(!)Greybox Program Synthesis

links

msynth

qsynth

Deobfuscation: Virtualization-based Obfuscation

LOKI : Hardening Code Obfuscation Against Automated Attacks

Automatic Deobfuscation and Reverse Engineering of Obfuscated Code

VMAttack: Deobfuscating Virtualization-Based Packed Binaries

Behavioral Analysis of Obfuscated Code https://www.youtube.com/watch?v=aYQ4TIcGD2o

Deobfuscation of Virtualization-obfuscated Code through Symbolic Execution and Compilation Optimization

Introduction to Modern Code Virtualization by Nooby

Seeing through obfuscation: interactive detection and removal of opaque predicates

Symbolic deobfuscation: from virtualized code back to the original

VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification

NISLVMP: Improved Virtual Machine-Based Software Protection

Replacement Attacks Against VM-protected Applications (process level)

Search-based Approaches for Local Blackbox Deobfuscation Understand, Improve and Mitigate

links

https://github.com/JeremyWildsmith/x86devirt

https://github.com/malrev/ABD

(!)VTIL

Playing with Binary Analysis - Deobfuscation of VM based software protection

Advanced Binary Deobfuscation + The Art of De-obfuscation

modern malware threat: HANDLING OBFUSCATED CODE

Bug finding / Exploitation

Sys: a Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code

Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation

Automatic Heap Layout Manipulation for Exploitation

Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking

Identifying and Exploiting Windows Kernel Race Conditions via Memory Access Patterns

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels

T-Fuzz: fuzzing by program transformation

Tracing Privileged Memory Accesses to Discover Software Vulnerabilities

ASLR Smack & Laugh Reference

Static detection of C++ vtable escape vulnerabilities in binary code

FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware

Fuzzing

HYPER-CUBE : High-Dimensional Hypervisor Fuzzing https://www.youtube.com/watch?v=GmIlLKT_nH8

NYX : Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types

RCE other

Datalog Disassembly

Neural Reverse Engineering of Stripped Binaries using Augmented Control Flow Graphs

Weird machines, exploitability, and provable unexploitability

Everything Old is New Again: Binary Security of WebAssembly

Reverse Engineering WebAssembly

Learning to Find Usages of Library Functions in Optimized Binaries

B2R2: Building an Efficient Front-End for Binary Analysis

An Exploratory Analysis of Microcode as a Building Block for System Defenses

Reverse code engineering of .NET applications

Hardware

THE FAKE CISCO Hunting for backdoors in Counterfeit Cisco devices

One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers

Remote Exploitation of an Unaltered Passenger Vehicle

Reverse Engineering of Intel Microcode Update Structure

Syria

Americas Global Retreat and the Ensuing Strategic Vacuum

Hezbollah Finance in Lebanon: A Primary-Source Review

The al-Mawla Files

Festering Grievances and the Return to Arms in Southern Syria

How Global Jihad Relocalises and Where it Leads. The Case of HTS, the Former AQ Franchise in Syria

Syria at the Center of Power Competition and Counterterrorism

Attaque chimique du 7 avril 2018 (Douma, Ghouta orientale, Syrie) Programme chimique syrien clandestin

From Rebel Rule to a Post-Capitulation Era in Daraa Southern Syria: The Impacts and Outcomes of Rebel Behaviour During Negotiations

Nowhere to Hide The Logic of Chemical Weapons Use in Syria

Islamic State recoilless launcher systems

Lebanese Hezbollahs Experience in Syria

Idlib and Its Environs

A TALE OF SIX TRIBES Securing the Middle Euphrates River Valley

Other

Adaptive Flight Control With Living Neuronal Networks on Microelectrode Arrays

ILK-Stellungnahme zur Wiederaufarbeitung abgebrannter Brennelemente

Transformation von elektrischer Energie in Wasserstoff und dessen Speicherung

Leaking Information Through Cache LRU States

Factoring 2 048 RSA integers in 177 days with 13 436 qubits and a multimode memory

Pig Chimeric Model with Human Pluripotent Stem Cells

Cure53 Browser Security White Paper

On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits

In vitro neurons learn and exhibit sentience when embodied in a simulated game-world