forked from blaCCkHatHacEEkr/PENTESTING-BIBLE
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVulnerability Research Engineering Bookmarks Collection v1.0.txt
97 lines (90 loc) · 4.84 KB
/
Vulnerability Research Engineering Bookmarks Collection v1.0.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
Vulnerability Research Engineering Bookmarks Collection v1.0
Hope this is useful for any vuln research/exploit dev anons out there. Good luck on your journey!
Binary Exploitation
==================================================================================================
https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/
https://www.fuzzysecurity.com/tutorials.html
https://trailofbits.github.io/ctf/
https://github.com/advanced-threat-research/firmware-security-training
https://blogs.oracle.com/ksplice/hello-from-a-libc-free-world-part-1
https://samdb.xyz/windows-kernel-exploitation/
http://rh0dev.github.io/blog/2017/the-return-of-the-jit/
https://blogs.technet.microsoft.com/srd/2017/07/13/eternal-synergy-exploit-analysis/
https://securedorg.github.io/RE101/
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
http://octopuslabs.io/legend/blog/sample-page.html
https://redr2e.com/cve-to-poc-cve-2017-0059/
https://azeria-labs.com/writing-arm-shellcode/
http://blog.talosintelligence.com/2009/07/how-do-i-become-ninja.html
http://www.safemode.org/files/zillion/shellcode/doc/Writing_shellcode.html
http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
https://www.cs.cmu.edu/~213/schedule.html
https://github.com/lieanu/it-sec-catalog/blob/master/Exploitation.md
http://opensecuritytraining.info/Exploits1.html
http://opensecuritytraining.info/Exploits2.html
http://opensecuritytraining.info/Rootkits.html
https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20SECRET.pdf
https://wikileaks.org/ciav7p1/cms/files/Persisted-DLL-Spec-v2-SECRET.pdf
https://wikileaks.org/ciav7p1/cms/files/ICE-Spec-v3-final-SECRET.pdf
https://wikileaks.org/ciav7p1/cms/files/Fire%20&%20Forget%20Spec.pdf
https://wikileaks.org/ciav7p1/cms/files/Kernel-Execution-Spec-v1-SECRET.pdf
https://wikileaks.org/ciav7p1/cms/page_14587109.html
https://github.com/x0rz/EQGRP
Vulnerability Research/Discovery
==================================================================================================
https://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html
https://googleprojectzero.blogspot.ca/2015/09/kaspersky-mo-unpackers-mo-problems.html
https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
http://www.flinkd.org/fuzzing-with-peach-part-1/
https://deepspec.org/page/SF/
https://yurichev.com/writings/SAT_SMT_draft-EN.pdf
http://queue.acm.org/detail.cfm?id=2094081
https://lcamtuf.blogspot.ca/2015/08/understanding-process-of-finding.html
https://lcamtuf.blogspot.ca/2016/02/say-hello-to-afl-analyze.html
https://josephg.com/blog/bug-hunting-with-american-fuzzy-lop/
https://github.com/ThalesIgnite/afl-training
https://nebelwelt.net/publications/files/1330c3-presentation.pdf
https://github.com/Microsoft/MSRC-Security-Research
Resource Lists
==================================================================================================
https://github.com/Hack-with-Github/Awesome-Hacking
https://github.com/rmusser01/Infosec_Reference
https://github.com/danielmiessler/SecLists
https://github.com/FabioBaroni/awesome-exploit-development
https://github.com/enddo/awesome-windows-exploitation
http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/
Security Tools
==================================================================================================
https://www.zynamics.com/bindiff.html
https://github.com/longld/peda
http://honggfuzz.com/
https://talosintelligence.com/pyrebox
http://amanda.secured.org/tools/
http://angr.io/
https://blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/
https://github.com/aoh/radamsa
https://github.com/joxeankoret/nightmare
https://github.com/Z3Prover/z3/wiki
https://github.com/OpenRCE/paimei
https://github.com/cea-sec/miasm
https://github.com/sashs/Ropper
https://github.com/Veil-Framework/Veil
Pwnables
==================================================================================================
https://exploit-exercises.com/
https://www.hackthebox.eu/en
https://www.vulnhub.com/
https://microcorruption.com/login
https://picoctf.com/
http://play.plaidctf.com/
http://ghostintheshellcode.com/
https://ringzer0team.com/
https://backdoor.sdslabs.co/
Career
==================================================================================================
https://lcamtuf.blogspot.ca/2016/08/so-you-want-to-work-in-security-but-are.html
https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23
https://noncombatant.org/2016/06/20/get-into-security-engineering/
http://www.catb.org/esr/faqs/hacker-howto.html