Awesome
awesome-exploit-development
A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
A project by Fabio Baroni.
Read the full article here! http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/
BOOKS
-
Hacking - The art of exploitation
-
A bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
-
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
-
Sockets, shellcode, Porting, and coding: reverse engineering Exploits and Tool coding for security professionals
-
Writing Security tools and Exploits
-
Buffer overflow attacks: Detect, exploit, Prevent
-
Metasploit toolkit for Penetration Testing, exploit Development, and vulnerability research
TUTORIALS
Corelan.be
-
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
-
https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
-
https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/
-
https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/
-
https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/
-
https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/
-
https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/
-
https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/
-
https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/
-
https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/
-
https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
-
https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/
Opensecuritytraining.info
Securitytube.net
-
http://www.securitytube.net/groups?operation=view&groupId=7 exploit research megaprimer
-
http://www.securitytube.net/groups?operation=view&groupId=4 buffer overflow exploitation for linux megaprimer
-
http://www.securitytube.net/groups?operation=view&groupId=3 Format string vulnerabilities megaprimer
Massimiliano Tomassoli's blog
Samsclass.info
Securitysift.com
-
http://www.securitysift.com/windows-exploit-development-part-1-basics/
-
http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
-
http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
-
http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
-
http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting
-
http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits
-
http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows
COURSES
Corelan
Offensive Security
- https://www.offensive-security.com/information-security-training/advanced-windows-exploitation/ AWE (Advanced Windows exploitation)
SANS
- https://www.sans.org/course/advance-exploit-development-pentetration-testers SANS SEC760: Advanced Exploit Development for Penetration Testers
Udemy
- https://www.udemy.com/windows-exploit-development-megaprimer/learn/#/ Windows exploit Development Megaprimer by Ajin Abraham
TOOLS
-
IDA Pro
-
OllyDbg
-
WinDbg
-
Mona.py