Untitled

                                                     #Hacking

Well I am certainly not sure where to being with this but let’s gets this in motion and things will unfurls itself and yeah and I hope it helps you in your journey.
Well first we are going to tackle really basics stuff:
||What the hell is hacking: https://en.wikipedia.org/wiki/Hacker_(computer_security) . well you going to think are you fucking kidding me a wiki link lol but yeah many don’t even have an idea of what is hacking and there might be things that you would find interesting. Well it’s a good things to have an clear concept of things that you are going to learn about and not to make fool out of yourself in future.
 (well yeah you can always skip things in this guide or whatever).

And now the part comes where we are going to deal with the most important subject that must get used to before being with this. And that is NETWORKING AKA (COMPUTER NETWORKING) LOL believe me most of the people don’t even bother to look into it and that is just like suicide. Pls Pls learn this before moving forward.
Resource : erm a book that I would like to suggest is : computer networking a top to down approach 6th edition : ( http://www.amazon.com/Computer-Networking-Top-Down-Approach-6th/dp/0132856204 ) buy it , pirate it your wish . Best resource imo.  Pretty much more than enough.
https://github.com/clowwindy/Awesome-Networking
Just go through some basics of networking in general. (you can always google) ran out of resources :P.
Types of Attack vectors : https://www.owasp.org/index.php/Category:Attack
Types of Vulnerability  : https://www.owasp.org/index.php/Category:Vulnerability


                                                          #Penetration testing (aka pen testing)


Well let first begin with the definition ( https://en.wikipedia.org/wiki/Penetration_test ) yeah seriously .

http://pastebin.com/mZa9XLpt ( pentester Academy - Web Application Pentesting & Javascript for Pentesters 2015 TUTORIAL ) check the pastebin link to see what it covers ( basically way more than enough you want to begin with) Video tutorials.

https://github.com/enaqx/awesome-pentest : MAKE FUCKING SURE to check out this link covers way more resource than you can ever imagine .
https://github.com/infoslack/awesome-web-hacking : similar for web apps.
https://github.com/carpedm20/awesome-hacking : Another one.
https://github.com/sbilly/awesome-security : one with more security based stuff.
http://pastebin.com/u/joemccray : good stuff
https://github.com/ashishb/android-security-awesome : really great if you wanna dive into android security related business .
it’s a very wide topic will add more stuff later on. It just an first draft wanna put it out soon so yeah.


                                                                      #programming


So here arrives the ages old question : what programming language should i choose if i want to begin with ?


Simple answer : just choose any one which you find interesting and fuckin stick with until you get the fundamental , principals and concepts

                and don't just stop there either create a project or just modify any other opensource project , just fuckin do it.


Long answer : ah here we go , So let tackle this now  . Now if you just don't want to pick any random language (you get me right?)

              there are language specific for some purposes there are some general programming language , scripting ones , function ones ,assembly....

              low level languages , high level languages ...

              Now the thing here is if you want to get into exploit dev. now you dont want to start with java or with any other high level language .

              you will need to know assembly ,c/c++ and an scripting language. or simple easy to get started with language you can

              choose python , ruby .


Now here are some of the language the what specific things they are used for:


Python : just best for beginners, general purpose language . great for scripting . lot of opensource stuff (go fuckin find on your own ;) )


C/C++ : low level , general purpose language . not much suitable for beginners but really powerful language. gem for malware development , or

        just fuckin reverse engg (who gonna find em overflow bro). exploit/shellcode dev ....


assembly : lowest you can possibly go , not at all for starters good to go after it after learning c/c++ , yeah shellcode dev. no fuckin choice . reverse engg no fuckin

           choice either ;).

Ruby : yeh metasploit is developed with it ,  just an great language if you wanna go into deep into metasploit and shellcode dev through it and in general too.


SQL : SQli :P, specific purpose lang. database shit


Javascript : XSS(cross site scripting attack) duh' :) and you gonna really gonna need it for webdev and all . most popular lang. right now .


HTML : seriously what now it isnt even .. ah leave it


Java : yeah it mah fav. lang yeah whatever dont fuckin judge me , it just an great general purpose lang. you won’t really much gonna find it into security related field . (code a jrat for Anon_Blackcat01 pls)

 Know burpsuite ;) yeah . eh what more go just google i done ;P.


C# : sharppp . : general purpose ,similar to java .


Computer Networking : Oh there what about networking concepts yeah its really fuckin important wanna dive into hacking go just fucking first learn it .

x says:

"Hi, I'd like to hear a TCP joke."

"Hello, would you like to hear a TCP joke?"

"Yes, I'd like to hear a TCP joke."

"OK, I'll tell you a TCP joke."

"Ok, I will hear a TCP joke."

"Are you ready to hear a TCP joke?"

"Yes, I am ready to hear a TCP joke."

"Ok, I am about to send the TCP joke. It will last 10 seconds, it has two characters, it does not have a setting, it ends with a punchline."

"Ok, I am ready to get your TCP joke that will last 10 seconds, has two characters, does not have an explicit setting, and ends with a punchline."

"I'm sorry, your connection has timed out. Hello, would you like to hear a TCP joke?"

get it? No ? then learn networking ;).
Python : https://www.codecademy.com/learn/python
              http://learnpythonthehardway.org/book/
https://www.amazon.com/Learning-Python-5th-Mark-Lutz/dp/1449355730  ( a books that I would like to recommend , buy it , pirate it )
https://www.youtube.com/watch?v=N4mEzFDjqtA (derek banas tutorial ( only for power learners))

Ruby : https://www.codecademy.com/learn/ruby
          https://rubymonk.com
            https://www.amazon.com/Well-Grounded-Rubyist-David-Black/dp/1933988657
        https://www.youtube.com/watch?v=Dji9ALCgfpM (derek banas tutorial ( only for power learners))

C :
          www.tutorialspoint.com/cprogramming/

         https://www.amazon.com/Primer-Plus-5th-Stephen-Prata/dp/0672326965 ( best c book )

         |https://www.youtube.com/watch?v=nXvy5900m3M
         |https://www.youtube.com/watch?v=6uIc4PtB9BM
         https://www.youtube.com/watch?v=IBr78sxWN2M

derek banas tutorial ( only for power learners)

C++ :

https://www.amazon.com/C-Programming-Language-4th/dp/0321563840 ( from the creator itself best thing to learn C++)
https://www.youtube.com/watch?v=Rub-JsjMhWY (derek banas tutorial ( only for power learners)
…

Pro tip : if you want a solid comprehensive full fledge video tutorial on any topic then looks for best featured stuffs on udemy , coursera and other sites like that and look for a torrent of it , well if you can’t afford shit . well yeah it is available ;) ..


                                                              #Exploit development

This is an awesome stuff with shitload of organized resource that iv found ( will paste this here with the original author wordings.  Originally from : http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

               || Also do check for the integrity or cross check of any link with google if they expires or moved onto other||

1.	I put some time in and compiled a list in a course type layout to help people in process of learning exploit development. I hope my research will help others spend more time learning and less time searching.
2.
3.	First off I want to thank the corelan guys for the help they have provided me so far in the process.
4.
5.	layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning
6.
7.	desktop background Link to Backgrounds: http://redmine.corelan.be:8800/projects/corelanart/files
8.
9.	Other Posts like this one:
10.	Because of quality of these posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much.
11.
12.	past-present-future of windows exploitation: http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
13.
14.	smashing the stack in 2010: http://5d4a.wordpress.com/2010/08/02/smashing-the-stack-in-2010/
15.
16.	IT-Sec-catalog: https://code.google.com/p/it-sec-catalog/
17.
18.	#############################################################################################################
19.	#
20.	#                                             Part 1: Programming
21.	#
22.	#############################################################################################################
23.
24.
25.	    Parallel learning #1:(complete this section before getting to the book "Hacking Art of exploitation")
26.	    While going through the programming area I concentrate on core topics to help us later on with exploit writing. One area that is very good to pick up is some kind of scripting language. Listed below are some of the most popular scripting languages and ones I feel will prove to be the most useful.
27.
28.	    Python: One of my favorite languages and growing in popularity python is a powerful language that is easy to use and well documented.
29.
30.	    Learn Python the hard way: http://learnpythonthehardway.org/book/
31.
32.	    Wikibooks Python: http://en.wikibooks.org/wiki/Subject:Python_programming_language
33.
34.	    http://docs.python.org/
35.
36.	    onlinecomputerbooks.com: http://www.onlinecomputerbooks.com/free-python-books.php
37.
38.	    Grey hat python: http://oreilly.com/catalog/9781593271923
39.
40.	################################
41.
42.	    Ruby: If you plan on later on working inside of metasploit this may be the language you want to start with. I highly suggest this for exploit developers to learn.
43.
44.	    Wikibooks Ruby: http://en.wikibooks.org/wiki/Subject:Ruby_programming_language
45.
46.	    LittleBookOfRuby: http://www.sapphiresteel.com/IMG/pdf/LittleBookOfRuby.pdf
47.
48.	    Ruby Programmers Guide: http://www.ruby-doc.org/docs/ProgrammingRuby/
49.
50.	    onlinecomputerbooks.com: http://www.onlinecomputerbooks.com/free-ruby-books.php
51.
52.	################################
53.
54.	    Perl: An older language that still has a lot of use perl is one of the highest used scripting languages and you will see it used in many exploits. (I would suggest python over perl)
55.
56.	    [book] O'Reilly Learning Perl: http://www.amazon.com/Learning-Perl-5th-Randal-Schwartz/dp/0596520107/ref=sr_1_1?ie=UTF8&s=books&qid=1280901933&sr=8-1
57.
58.	    onlinecomputerbooks.com: http://www.onlinecomputerbooks.com/free-perl-books.php
59.
60.	################################
61.
62.	    C and C++ programming:
63.	    It is very important to understand what you are exploiting so to get started let us figure out what we are exploiting. You do not need to go through all of these but when finished with this section you should have a good understanding of C and C++ programming.
64.
65.	    Cprogramming.com
66.
67.	    http://www.java2s.com/Tutorial/C/CatalogC.htm
68.
69.	    http://beej.us/guide/bgc/
70.
71.	    onlinecomputerbooks.com: http://www.onlineprogrammingbooks.com/free-c-books.php
72.
73.	################################
74.
75.	    X86 Assembly:
76.	    Ok now to understand what the computer reads when we compile C and C++. I am going to mostly stick to the IA-32(X86) assembly language. Read the first link to understand why. It explains it very well.
77.
78.	    Skullsecurity: Assembly: http://www.skullsecurity.org/wiki/index.php/Fundamentals
79.
80.	    Windows Assembly Programming Tutorial: http://www.acm.uiuc.edu/sigwin/old/workshops/winasmtut.pdf
81.
82.	    http://en.wikibooks.org/wiki/X86_Assembly
83.
84.	    [book]The Art of Assembly: http://homepage.mac.com/randyhyde/webster.cs.ucr.edu/index.html
85.
86.	    Assembly primer for hackers: http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-1%29-System-Organization-video.aspx
87.
88.	    PC Assembly Language: http://www.drpaulcarter.com/pcasm/
89.
90.	################################
91.
92.	    Windows Programming:
93.	    This is to help understand what we are programming in and the structure of libraries in the OS. This area is very important far down the line
94.
95.	    http://en.wikibooks.org/wiki/Windows_Programming
96.
97.	    http://www.relisoft.com/win32/index.htm
98.
99.	    [book]Windows Internals 5: http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Dstripbooks&field-keywords=windows+sysinternals&x=0&y=0
100.
101.	    [book]Windows Internals 4: http://www.amazon.com/Microsoft-Windows-Internals-4th-Server/dp/0735619174
102.
103.	################################
104.
105.	    Disassembly:
106.	    Dissassembly is not as much programming as it is what the computer understands and the way it is interpreted from CPU and memory. This is where we start getting into the good stuff.
107.
108.	    http://en.wikibooks.org/wiki/X86_disassembly
109.
110.	    The Art of Disassembly: http://tuts4you.com/download.php?view.187
111.
112.
113.	#############################################################################################################
114.	#
115.	#                                             Part 2: Getting started
116.	#
117.	#############################################################################################################
118.
119.
120.	    Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation.
121.	    Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed.
122.
123.	################################
124.
125.	    Smash the stack for fun and profit (Phrack 49): http://www.phrack.org/issues.html?issue=49&id=14#article
126.
127.	    C function call conventions and the stack: http://cs.umbc.edu/~chang/cs313.s02/stack.shtml
128.
129.	    Anatomy of a program in memory: http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory
130.
131.	    Function Calls, Part 1 (the Basics): http://www.codeguru.com/cpp/misc/misc/assemblylanguage/article.php/c14641
132.
133.	    IA-32 Architecture: http://www.sandpile.org/ia32/index.htm
134.
135.	    [videos]Code Audit from cryptocity.net: http://pentest.cryptocity.net/code-audits/
136.
137.	################################
138.
139.	    (Parallel learning #1 finished: You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages)
140.
141.	    [Book]Hacking art of exploitation [Chapter 1&2]: http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_fkmr1_1?ie=UTF8&qid=1280905635&sr=1-1-fkmr1
142.
143.	    Corelan T1: http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
144.
145.	    Corelan T2: http://www.corelan.be:8800/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
146.
147.	################################
148.
149.	    Parallel learning #2:(complete this section before end of part 2)
150.
151.	    (Read the first few posts on this blog has some good info)
152.	    Kspice blog: http://blog.ksplice.com/2010/03/
153.
154.	    (Read some of the post from this blog they are very helpful with starting out with fuzzers.)
155.	    Nullthreat's blog: http://www.nullthreat.net/
156.
157.	    (I am linked directly to a demo exploit for this area but this is a useful blog to keep track of for many things)
158.	    A demo exploit: http://www.darklevel.org/index.php?option=com_content&task=view&id=54&Itemid=89
159.
160.
161.	    tenouk.com: Buffer overflow intro: http://www.tenouk.com/Bufferoverflowc/stackbasedbufferoverflow.html
162.
163.	    The Tao of Windows Buffer Overflow: http://www.cultdeadcow.com/cDc_files/cDc-351/index.html
164.
165.	    nsfsecurity on BOF: http://nsfsecurity.pr.erau.edu/bom/index.html
166.
167.	    Hacker center: BOF: http://www.hackerscenter.com/index.php?/Downloads/Library/Application-Security/View-category.html
168.
169.	    [video]Buffer overflow Primer: http://www.securitytube.net/Buffer-Overflow-Primer-Part-1-%28Smashing-the-Stack%29-video.aspx
170.
171.	    [Book]Shellcoder's Handbook Ch1&2: http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_1?ie=UTF8&s=books&qid=1282450549&sr=8-1
172.
173.	    [Book]Hacking art of exploitation [Chapter 3]: http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_fkmr1_1?ie=UTF8&qid=1280905635&sr=1-1-fkmr1
174.
175.
176.	    Corelan T3A: http://www.corelan.be:8800/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
177.
178.	    Corelan T3B: http://www.corelan.be:8800/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
179.
180.	    SEH Based Exploits and the development process: http://www.ethicalhacker.net/content/view/309/2/
181.
182.	    SEH overwrite simplified: http://www.shell-storm.org/papers/files/405.pdf
183.
184.	    ((Parallel learning #2 finished:)
185.
186.	#############################################################################################################
187.	#
188.	#                                              Part 3:Tools of the trade
189.	#
190.	#############################################################################################################
191.
192.	    This is a list of tools I have started using and find very useful.
193.
194.	    Immunity Debugger: http://www.immunityinc.com/products-immdbg.shtml
195.
196.	    Ollydbg: http://www.ollydbg.de/
197.
198.	    Windbg: http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
199.
200.	    IDA Pro: http://www.hex-rays.com/idapro/
201.
202.	    explorer suite: http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
203.
204.	    Sysinternals: http://technet.microsoft.com/en-us/sysinternals/bb795533.aspx
205.
206.	################################
207.
208.	    And here are some corelan posts on how to use them. I will supply more in future but this is a very good start.
209.
210.	    Corelan T5: http://www.corelan.be:8800/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
211.
212.	    Corelan: Immunity debugger cheatsheet: http://www.corelan.be:8800/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/
213.
214.	#############################################################################################################
215.	#
216.	#                                              Part 4: Network and Metasploit
217.	#
218.	#############################################################################################################
219.
220.
221.	    (Networking)
222.
223.	    Beej.us network programming: http://beej.us/guide/bgnet/output/html/multipage/index.html
224.
225.	    [Book]Hacking art of exploitation [Chapter 4]: http://www.amazon.com/Hacking-Art-Exploitation-Jon-   Erickson/dp/1593271441/ref=sr_1_fkmr1_1?ie=UTF8&qid=1280905635&sr=1-1-fkmr1
226.
227.	    Socket Programming in ruby: https://www6.software.ibm.com/developerworks/education/l-rubysocks/l-rubysocks-a4.pdf
228.
229.	################################
230.
231.	    (Metasploit)
232.
233.	    [Video]Security Tube: Metasploit Megaprimer: http://www.securitytube.net/Metasploit-Megaprimer-%28Exploitation-Basics-and-need-for-Metasploit%29-Part-1-video.aspx
234.
235.	    Metasploit.com: http://www.metasploit.com/
236.
237.	    Metasploit Unleashed: http://www.offensive-security.com/metasploit-unleashed/
238.
239.	    [video]Metasploit Louisville Class: http://www.irongeek.com/i.php?page=videos/metasploit-class
240.
241.	    Metasploitable (a target): http://blog.metasploit.com/2010/05/introducing-metasploitable.html
242.
243.	    Corelan T4: http://www.corelan.be:8800/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
244.
245.	    intern0t: developing my first exploit: http://guides.intern0t.net/msf2.php
246.
247.	    [video]DHAtEnclaveForensics: Exploit Creation in Metasploit: http://www.youtube.com/user/DHAtEnclaveForensics#p/u/9/rGlvgeeU0vQ
248.
249.	    Wikibooks Metasploit/Writing Windows Exploit: http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit
250.
251.	#############################################################################################################
252.	#
253.	#                                              Part 5: Shellcode
254.	#
255.	#############################################################################################################
256.
257.
258.	    Corelan T9: http://www.corelan.be:8800/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
259.
260.	    projectShellcode: Shellcode Tutorial: http://projectshellcode.com/?q=node/12
261.
262.	    [Book]Shellcoder's Handbook Ch3: http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_1?ie=UTF8&s=books&qid=1282450549&sr=8-1
263.
264.	    [Book]Hacking art of exploitation [Chapter 5]: http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_fkmr1_1?ie=UTF8&qid=1280905635&sr=1-1-fkmr1
265.
266.	    Writing small shellcode: http://www.shell-storm.org/papers/files/440.pdf
267.
268.	    Shell-storm Shellcode database: http://www.shell-storm.org/shellcode/
269.
270.	    Advanced shellcode: http://www.vividmachines.com/shellcode/shellcode.html#as
271.
272.	#############################################################################################################
273.	#
274.	#                                       Part 6: Engineering in Reverse
275.	#
276.	#############################################################################################################
277.
278.
279.	    Parallel Learning #3:(constant place to reference and use for reversing)
280.
281.	    Understanding Code: http://www.reteam.org/papers/e57.pdf
282.
283.	    Reverse Engineering the World: http://mattoh.wordpress.com/
284.
285.	    Reversing for Newbies: http://tuts4you.com/download.php?list.17
286.
287.	    Room362.com reversing blog post: http://www.room362.com/blog/2009/6/12/getting-your-fill-of-reverse-engineering-and-malware-analysi.html
288.
289.	    Ethicalhacker.net intro to reverse engineering: http://www.ethicalhacker.net/content/view/152/2/
290.
291.	    acm.uiuc.edu Intro to Reverse Engineering software: http://www.acm.uiuc.edu/sigmil/RevEng/
292.
293.	    [Book]Reversing: secrets of reverse engineering: http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817/ref=sr_1_1?s=books&ie=UTF8&qid=1280937813&sr=1-1
294.
295.	    [video]Reverse Engineering from cryptocity.net: http://pentest.cryptocity.net/reverse-engineering/
296.
297.	    CrackZ's Reverse Engineering Page: http://www.woodmann.com/crackz/
298.
299.	    Reverse engineering techniques: http://www.securitytube.net/Reverse-Engineering-Techniques-to-find-Security-Vulnerabilities-video.aspx
300.
301.	    CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View: http://dl.dropbox.com/u/5489930/CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View.pdf
302.
303.	    HistoryofPackingTechnology: http://securitylabs.websense.com/content/Assets/HistoryofPackingTechnology.pdf
304.
305.	    Windows PE Header: http://marcoramilli.blogspot.com/2010/12/windows-pe-header.html
306.
307.	    OpenRCE Articles: http://www.openrce.org/articles/
308.
309.
310.	    [GAME]Crackmes.de: http://crackmes.de/
311.
312.	#############################################################################################################
313.	#
314.	#                                    Part 7: Getting a little deeper into BOF
315.	#
316.	#############################################################################################################
317.
318.
319.	    Parallel Learning #4:(To the end of the course and beyond)
320.	    Find old exploits on Exploit-db (http://www.exploit-db.com/) download them, test them, rewrite them, understand them.
321.
322.	################################
323.
324.	    (Part A: preventions)
325.
326.	    Buffer overflow protection: http://en.wikipedia.org/wiki/Buffer_overflow_protection
327.
328.	    The evolution of Microsoft's Mitigations: http://technet.microsoft.com/en-us/security/dd285253.aspx
329.
330.	    Purdue.edu: Canary Bit: http://www.cs.purdue.edu/homes/mkirkpat/papers/canbit.pdf
331.
332.	    Preventing the exploitation of SEH Overwrites with SEHOP: http://blogs.technet.com/b/srd/archive/2009/02/02/preventing-the-exploitation-of-seh-overwrites-with-sehop.aspx
333.
334.	    Bypassing SEHOP: http://www.sysdream.com/articles/sehop_en.pdf
335.
336.	    Wikipedia Executable space protextion: http://en.wikipedia.org/wiki/Executable_space_protection
337.
338.	    Wikipedia DEP: http://en.wikipedia.org/wiki/Data_Execution_Prevention
339.
340.	    Bypassing Hardware based DEP: http://www.securestate.com/Docs/Bypassing_Hardware_based_Data_Execution_Prevention.pdf
341.
342.	    Wikipedia ASLR: http://en.wikipedia.org/wiki/ASLR
343.
344.	    Symantec ASLR in Vista: http://www.symantec.com/avcenter/reference/Address_Space_Layout_Randomization.pdf
345.
346.	    Defeating the Stack Based Buffer Overflow Prevention: http://www.ngssoftware.com/papers/defeating-w2k3-stack-protection.pdf
347.
348.	    Corelan T6: http://www.corelan.be:8800/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
349.
350.	    Return to libc: https://secure.wikimedia.org/wikipedia/en/wiki/Return-to-libc_attack
351.
352.	    [video] microsoft protections video: http://technet.microsoft.com/en-us/security/dd285253.aspx
353.
354.	################################
355.
356.	    (Part B: Advanced BOF)
357.
358.	    [video]Exploitation from cryptocity.net: http://pentest.cryptocity.net/exploitation/
359.
360.	    Corelan T7: http://www.corelan.be:8800/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
361.
362.	    Corelan T8: http://www.corelan.be:8800/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
363.
364.	    Corelan T10: http://www.corelan.be:8800/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
365.
366.	    Virtual Worlds - Real Exploits: http://www.youtube.com/watch?v=UIKy1Shxd6Q&feature=related
367.
368.
369.	    [GAME]Gera's Insecure Programming: http://community.corest.com/~gera/
370.
371.	    [GAME]Smash the stack wargaming network: http://www.smashthestack.org/
372.
373.	#############################################################################################################
374.	#
375.	#                                                 Part 8: Heap overflow
376.	#
377.	#############################################################################################################
378.
379.
380.	    Heap Overflows for Humans-101: http://www.exploit-db.com/download_pdf/15982
381.
382.	    rm -rf / on heap overflow: http://pthreads.blogspot.com/2007/04/heap-overflow.html
383.
384.	    w00w00 on heap overflow: http://www.w00w00.org/files/articles/heaptut.txt
385.
386.	    [book]Shellcoder's Handbook Ch4&5: http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_1?ie=UTF8&s=books&qid=1282450549&sr=8-1
387.
388.	    h-online A heap of Risk: http://www.h-online.com/security/features/A-Heap-of-Risk-747161.html
389.
390.	    [video]Defcon 15 remedial Heap Overflows: http://www.youtube.com/watch?v=2W4tuxHcOnE
391.
392.	    heap overflow: ancient art of unlink seduction: http://www.thehackerslibrary.com/?p=872
393.
394.	    Memory corruptions part II -- heap: http://advancedwindowsdebugging.com/ch06.pdf
395.
396.
397.	    [book]Read the rest of Shellcoder's Handbook: http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_1?ie=UTF8&s=books&qid=1282450549&sr=8-1
398.
399.	#############################################################################################################
400.	#
401.	#                                             Part 9: Exploit listing sites
402.	#
403.	#############################################################################################################
404.
405.
406.	    Exploit-DB: http://www.exploit-db.com/
407.
408.	    Injector: http://inj3ct0r.com/
409.
410.	    CVE Details: http://www.cvedetails.com/
411.
412.	    Packetstorm: http://www.packetstormsecurity.org/assess/exploits/
413.
414.	    CERT: http://www.us-cert.gov/cas/techalerts/
415.
416.	    Mitre: http://cve.mitre.org/cve/index.html
417.
418.	    National Vulnerability Database: http://web.nvd.nist.gov/view/vuln/search?cid=3
419.
420.	################################
421.
422.	    (bonus: site that lists types of vulnerabilties and info)
423.	    Common Weakness Enumberation: http://cwe.mitre.org/index.html

well if you are not satisfied by now :  https://github.com/FabioBaroni/awesome-exploit-development


                                                               #Malware analysis

          https://github.com/rshipp/awesome-malware-analysis : shit load of stuff for the topic way more than enough.

….


                        An ebook site suggested by our dear friend and master RedAcor :  http://xfmro77i3lixucja.onion/

Well that’s it for now I think it’s nearly good umm short of :P will surly do an update ,it was just me being quick there are a lot of stuff that will go into this shortly . till this will keep ya in motion .