Advertisement
Guest User

Vulnerability Research Engineering Bookmarks Collection v1.0

a guest
Jul 24th, 2017
2,476
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.84 KB | None | 0 0
  1. Vulnerability Research Engineering Bookmarks Collection v1.0
  2.  
  3. Hope this is useful for any vuln research/exploit dev anons out there. Good luck on your journey!
  4.  
  5. Binary Exploitation
  6. ==================================================================================================
  7. https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/
  8. https://www.fuzzysecurity.com/tutorials.html
  9. https://trailofbits.github.io/ctf/
  10. https://github.com/advanced-threat-research/firmware-security-training
  11. https://blogs.oracle.com/ksplice/hello-from-a-libc-free-world-part-1
  12. https://samdb.xyz/windows-kernel-exploitation/
  13. http://rh0dev.github.io/blog/2017/the-return-of-the-jit/
  14. https://blogs.technet.microsoft.com/srd/2017/07/13/eternal-synergy-exploit-analysis/
  15. https://securedorg.github.io/RE101/
  16. https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
  17. http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
  18. http://octopuslabs.io/legend/blog/sample-page.html
  19. https://redr2e.com/cve-to-poc-cve-2017-0059/
  20. https://azeria-labs.com/writing-arm-shellcode/
  21. http://blog.talosintelligence.com/2009/07/how-do-i-become-ninja.html
  22. http://www.safemode.org/files/zillion/shellcode/doc/Writing_shellcode.html
  23. http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
  24. https://www.cs.cmu.edu/~213/schedule.html
  25. https://github.com/lieanu/it-sec-catalog/blob/master/Exploitation.md
  26. http://opensecuritytraining.info/Exploits1.html
  27. http://opensecuritytraining.info/Exploits2.html
  28. http://opensecuritytraining.info/Rootkits.html
  29. https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20SECRET.pdf
  30. https://wikileaks.org/ciav7p1/cms/files/Persisted-DLL-Spec-v2-SECRET.pdf
  31. https://wikileaks.org/ciav7p1/cms/files/ICE-Spec-v3-final-SECRET.pdf
  32. https://wikileaks.org/ciav7p1/cms/files/Fire%20&%20Forget%20Spec.pdf
  33. https://wikileaks.org/ciav7p1/cms/files/Kernel-Execution-Spec-v1-SECRET.pdf
  34. https://wikileaks.org/ciav7p1/cms/page_14587109.html
  35. https://github.com/x0rz/EQGRP
  36.  
  37. Vulnerability Research/Discovery
  38. ==================================================================================================
  39. https://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html
  40. https://googleprojectzero.blogspot.ca/2015/09/kaspersky-mo-unpackers-mo-problems.html
  41. https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
  42. https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
  43. http://www.flinkd.org/fuzzing-with-peach-part-1/
  44. https://deepspec.org/page/SF/
  45. https://yurichev.com/writings/SAT_SMT_draft-EN.pdf
  46. http://queue.acm.org/detail.cfm?id=2094081
  47. https://lcamtuf.blogspot.ca/2015/08/understanding-process-of-finding.html
  48. https://lcamtuf.blogspot.ca/2016/02/say-hello-to-afl-analyze.html
  49. https://josephg.com/blog/bug-hunting-with-american-fuzzy-lop/
  50. https://github.com/ThalesIgnite/afl-training
  51. https://nebelwelt.net/publications/files/1330c3-presentation.pdf
  52. https://github.com/Microsoft/MSRC-Security-Research
  53.  
  54. Resource Lists
  55. ==================================================================================================
  56. https://github.com/Hack-with-Github/Awesome-Hacking
  57. https://github.com/rmusser01/Infosec_Reference
  58. https://github.com/danielmiessler/SecLists
  59. https://github.com/FabioBaroni/awesome-exploit-development
  60. https://github.com/enddo/awesome-windows-exploitation
  61. http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/
  62.  
  63. Security Tools
  64. ==================================================================================================
  65. https://www.zynamics.com/bindiff.html
  66. https://github.com/longld/peda
  67. http://honggfuzz.com/
  68. https://talosintelligence.com/pyrebox
  69. http://amanda.secured.org/tools/
  70. http://angr.io/
  71. https://blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/
  72. https://github.com/aoh/radamsa
  73. https://github.com/joxeankoret/nightmare
  74. https://github.com/Z3Prover/z3/wiki
  75. https://github.com/OpenRCE/paimei
  76. https://github.com/cea-sec/miasm
  77. https://github.com/sashs/Ropper
  78. https://github.com/Veil-Framework/Veil
  79.  
  80. Pwnables
  81. ==================================================================================================
  82. https://exploit-exercises.com/
  83. https://www.hackthebox.eu/en
  84. https://www.vulnhub.com/
  85. https://microcorruption.com/login
  86. https://picoctf.com/
  87. http://play.plaidctf.com/
  88. http://ghostintheshellcode.com/
  89. https://ringzer0team.com/
  90. https://backdoor.sdslabs.co/
  91.  
  92. Career
  93. ==================================================================================================
  94. https://lcamtuf.blogspot.ca/2016/08/so-you-want-to-work-in-security-but-are.html
  95. https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23
  96. https://noncombatant.org/2016/06/20/get-into-security-engineering/
  97. http://www.catb.org/esr/faqs/hacker-howto.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement