Path: blob/master/10-part-100-article/Vulnerability Research Engineering Bookmarks Collection v1.0.txt
319 views
Vulnerability Research Engineering Bookmarks Collection v1.012Hope this is useful for any vuln research/exploit dev anons out there. Good luck on your journey!34Binary Exploitation5==================================================================================================6https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/7https://www.fuzzysecurity.com/tutorials.html8https://trailofbits.github.io/ctf/9https://github.com/advanced-threat-research/firmware-security-training10https://blogs.oracle.com/ksplice/hello-from-a-libc-free-world-part-111https://samdb.xyz/windows-kernel-exploitation/12http://rh0dev.github.io/blog/2017/the-return-of-the-jit/13https://blogs.technet.microsoft.com/srd/2017/07/13/eternal-synergy-exploit-analysis/14https://securedorg.github.io/RE101/15https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash16http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/17http://octopuslabs.io/legend/blog/sample-page.html18https://redr2e.com/cve-to-poc-cve-2017-0059/19https://azeria-labs.com/writing-arm-shellcode/20http://blog.talosintelligence.com/2009/07/how-do-i-become-ninja.html21http://www.safemode.org/files/zillion/shellcode/doc/Writing_shellcode.html22http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html23https://www.cs.cmu.edu/~213/schedule.html24https://github.com/lieanu/it-sec-catalog/blob/master/Exploitation.md25http://opensecuritytraining.info/Exploits1.html26http://opensecuritytraining.info/Exploits2.html27http://opensecuritytraining.info/Rootkits.html28https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20SECRET.pdf29https://wikileaks.org/ciav7p1/cms/files/Persisted-DLL-Spec-v2-SECRET.pdf30https://wikileaks.org/ciav7p1/cms/files/ICE-Spec-v3-final-SECRET.pdf31https://wikileaks.org/ciav7p1/cms/files/Fire%20&%20Forget%20Spec.pdf32https://wikileaks.org/ciav7p1/cms/files/Kernel-Execution-Spec-v1-SECRET.pdf33https://wikileaks.org/ciav7p1/cms/page_14587109.html34https://github.com/x0rz/EQGRP3536Vulnerability Research/Discovery37==================================================================================================38https://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html39https://googleprojectzero.blogspot.ca/2015/09/kaspersky-mo-unpackers-mo-problems.html40https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/41https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/42http://www.flinkd.org/fuzzing-with-peach-part-1/43https://deepspec.org/page/SF/44https://yurichev.com/writings/SAT_SMT_draft-EN.pdf45http://queue.acm.org/detail.cfm?id=209408146https://lcamtuf.blogspot.ca/2015/08/understanding-process-of-finding.html47https://lcamtuf.blogspot.ca/2016/02/say-hello-to-afl-analyze.html48https://josephg.com/blog/bug-hunting-with-american-fuzzy-lop/49https://github.com/ThalesIgnite/afl-training50https://nebelwelt.net/publications/files/1330c3-presentation.pdf51https://github.com/Microsoft/MSRC-Security-Research5253Resource Lists54==================================================================================================55https://github.com/Hack-with-Github/Awesome-Hacking56https://github.com/rmusser01/Infosec_Reference57https://github.com/danielmiessler/SecLists58https://github.com/FabioBaroni/awesome-exploit-development59https://github.com/enddo/awesome-windows-exploitation60http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/6162Security Tools63==================================================================================================64https://www.zynamics.com/bindiff.html65https://github.com/longld/peda66http://honggfuzz.com/67https://talosintelligence.com/pyrebox68http://amanda.secured.org/tools/69http://angr.io/70https://blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/71https://github.com/aoh/radamsa72https://github.com/joxeankoret/nightmare73https://github.com/Z3Prover/z3/wiki74https://github.com/OpenRCE/paimei75https://github.com/cea-sec/miasm76https://github.com/sashs/Ropper77https://github.com/Veil-Framework/Veil7879Pwnables80==================================================================================================81https://exploit-exercises.com/82https://www.hackthebox.eu/en83https://www.vulnhub.com/84https://microcorruption.com/login85https://picoctf.com/86http://play.plaidctf.com/87http://ghostintheshellcode.com/88https://ringzer0team.com/89https://backdoor.sdslabs.co/9091Career92==================================================================================================93https://lcamtuf.blogspot.ca/2016/08/so-you-want-to-work-in-security-but-are.html94https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d2395https://noncombatant.org/2016/06/20/get-into-security-engineering/96http://www.catb.org/esr/faqs/hacker-howto.html9798