Awesome
Awesome Vulnerability Research
๐ฆ A curated list of the awesome resources about the Vulnerability Research
First things first: There are no exploits in this project.
Vulnerabilities != Exploits
A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious about then youโll find your own way to discover a flow, this list aimed to help you find it faster.
Maintained by Sergey Pronin with contributions from the community. Become the next ๐ stargazer or โ๏ธ contributor.
Vulnerability Research is the process of analyzing a product, protocol, or algorithm - or set of related products - to find, understand or exploit one or more vulnerabilities. Vulnerability research can but does not always involve reverse engineering, code review, static and dynamic analysis, fuzzing and debugging.
Purpose
Currently, there is way more insecure code out there than researchers. Much more people looking at code thatโs deployed in the real world are required by the market. This project exists to share a different awesome sources of information with you and encourage more people to get involved. Here you will find books and articles, online classes, recommended tools, write-ups, methodologies and tutorials, people to follow, and more cool stuff about Vulnerability Research and tinkering with application execution flow in general.
Contributing
This List is published according to the "Done is better than Perfect" approach, so your contributions and suggestions are very valuable and are always welcome! There are two options:
- Use the standard method of forking this repo, making your changes and doing a pull request to have your content added. Please check the Contributing Guideline for more details.
- Occasionally, if you just want to copy/paste your content, I'll take that too! Create an "Issue" with your suggestions and I will add it for you.
Legend:
- ๐: Most Awesome
- ๐ฐ: Costs Money
- ๐ฅ: Hot Stuff
- ๐: For FREE
Contents
- Awesome Vulnerability Research
- Purpose
- Contributing
- Advisories
- Articles
- Books
- Classes
- Conferences
- Conference talks
- Intentionally vulnerable packages
- Mailing lists and Newsletters
- Presentations
- Podcasts and Episodes
- Relevant Standards
- Research Papers
- Tools and Projects
- Tutorials
- Videos
- Vendorโs bug databases
- Vulnerability databases
- Wargames and CTFs
- Websites
- Who to Follow
- Miscellaneous Advisories
- Companies and Jobs
- Coordinated Disclosure
- Common Lists
- Thanks
- Glossary
- License
Advisories
Articles
- Super Awesome Fuzzing, Part One - by Atte Kettunen and Eero Kurimo, 2017
- From Fuzzing Apache httpd Server to CVE-2017-7668 and a $1500 Bounty - by Javier Jimรฉnez, 2017
- Root cause analysis of integer flow - by Corelan Team, 2013
Books
- ๐The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities - by Mark Dowd, John McDonald, Justin Schuh - published 2006, ISBN-13: 978-0321444424 / ISBN-10: 9780321444424
- ๐The Shellcoder's Handbook: Discovering and Exploiting Security Holes - by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte - published 2007, 2nd Edition, ISBN-13: 978-0470080238 / ISBN-10: 047008023X
Classes
- Advanced Windows Exploitation (AWE) - by Offensive Security with complementary OSEE (Offensive Security Exploitation Expert) Certification
- Cracking The Perimeter (CTP) - by Offensive Security, with complementary OSCE (Offensive Security Certified Expert) Certification
- ๐Modern Binary Exploitation (CSCI 4968) - by RPISEC at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.
- Software Security Course on Coursera - by University of Maryland.
- Offensive Computer Security - by W. Owen Redwood and Prof. Xiuwen Liu.
Conferences
- ๐DEF CON - Las Vegas, NV, USA
- Black Hat - Las Vegas, NV, USA
- Black Hat Europe - London, UK //๐ฅJoin me this year on Dec, 7-10, 2020!
- Black Hat Asia - Singapore
- ๐BSides - Worldwide
- BruCON - Brussels, Belgium
- ๐Chaos Communication Congress (CCC) - Hamburg, Germany
- Code Blue - Tokyo, Japan
- Nullcon - Goa, India
- 44CON - London, UK
- AppSecUSA - Washington DC
- OWASP AppSec EU - Europewide
- Positive Hack Days - Moscow, Russia
- ๐ZeroNights - Moscow, Russia
- ๐WarCon - Warsaw, Poland
Conference talks
- ๐Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game - by Joshua Drake and Steve Christey Coley at DEFCON 24, 2016
- Writing Vulnerability Reports that Maximize Your Bounty Payouts - by Kymberlee Price, originally presented at Nullcon, 2016
- Browser Bug Hunting: Memoirs of a Last Man Standing, by Atte Kettunen, presented at 44CON, 2013
Intentionally vulnerable packages
Mailing lists and Newsletters
Presentations
- ๐Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game [PDF] - by Joshua Drake and Steve Christey Coley at DEFCON 24, 2016
- ๐Effective File Format Fuzzing [PDF] - by Mateusz โj00ruโ Jurczyk presented at BlackHat EU, 2016
- Bootstrapping A Security Research Project [PDF] or Speaker Deck - by Andrew M. Hay at SOURCE Boston, 2016
- Bug Hunting with Static Code Analysis [PDF] - by Nick Jones, MWR Labs, 2016
Podcasts and Episodes
Podcasts
Episodes
Relevant Standards
- CVE - Common Vulnerabilities and Exposures, maintained by the MITRE Corporation
- CWE - Common Weakness Enumeration, maintained by the MITRE Corporation
- CVSS - Common Vulnerability Scoring System, maintained by FIRST (Forum of Incident Response and Security Teams)
Miscellaneous Documents
- ๐ฐISO/IEC 29147:2014 - Vulnerability Disclosure Standard
- RFPolicy 2.0 - Full Disclosure Policy (RFPolicy) v2.0 by Packet Storm
Research Papers
Whitepapers
- ๐ฅTSIG Authentication Bypass Through Signature Forgery in ISC BIND [PDF] - Clรฉment BERTHAUX, Synacktiv, CVE-2017-3143
Individual researchers
- ๐ฅTaking Windows 10 Kernel Exploitation to the Next Level โ Leveraging WRITE-WHAT-WHERE Vulnerabilities in Creators Update [PDF] - Morten Schenk, originally presented at Black Hat 2017
Tools and Projects
- Windbg - The preferred debugger by exploit writers.
- ltrace - Intercepts library calls
- ansvif - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code.
- Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules.
- Spike - A fuzzer development framework like sulley, a predecessor of sulley.
GitHub repos
- Google Sanitizers - A repo with extended documentation, bugs and some helper code for the AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer. The actual code resides in the LLVM repository.
- ๐ฅFLARE VM - FLARE (FireEye Labs Advanced Reverse Engineering) a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
- hackers-grep - The hackers-grep is a tool that enables you to search for strings in PE files. The tool is capable of searching strings, imports, exports, and public symbols (like woah) using regular expressions.
- Grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
- Choronzon - An evolutionary knowledge-based fuzzer
- boofuzz - A fork and successor of Sulley framework
Tutorials
Videos
Vendorโs bug databases
- Google Chrome issue tracker - The Chromium Project. Google Account Required
Vulnerability databases
Wargames and CTFs
Websites
- Corelan Team
- FuzzySecurity by b33f
- Fuzzing Blogs - by fuzzing.info
Blogs
- ๐j00ru//vx tech blog - Coding, reverse engineering, OS internals covered one more time
Who to Follow
Discord
- ๐Security Champions (join now)
GitHub
Medium
- the grugq (@thegrugq)
- ๐Joshua Drake (@jduck)
- ๐Steve Christey Coley (@sushidude)
- Andrew M. Hay (@andrewsmhay)
- the grugq (@thegrugq)
- b33f (@FuzzySec)
- Tim Strazzere (@timstrazz)
- Wojciech Pawlikowski (@wpawlikowski)
- Atte Kettunen (@attekett)
- Pawel Wylecial (@h0wlu)
- Hooked Browser (@antisnatchor)
- Kymberlee Price (@Kym_Possible)
- Michael Koczwara (@MichalKoczwara)
- Mateusz Jurczyk (@j00ru)
- Project Zero Bugs (@ProjectZeroBugs) - Cheks for new bug reports every 10 minutes. Not affiliated with Google.
- Hack with GitHub (@HackwithGithub) - Open source hacking tools for hackers and pentesters.
Miscellaneous Advisories
Companies and Jobs
Coordinated Disclosure
- SecuriTeam Secure Disclosure (SSD) - SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers, for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.
- The Zero Day Initiative (ZDI) - ZDI is originally founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. Currently managed by Trend Micro.
Common Lists
Awesome Lists
- Awesome AppSec - A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.
- Awesome Web Security - A curated list of Web Security materials and resources.
- Awesome Fuzzing - A curated list of fuzzing resources for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
Other Lists
- Hack with Github - Open source hacking tools for hackers and pentesters.
- Movies for Hackers - A list of movies every cyberpunk must watch.
- SecLists - SecLists is the security tester's companion.
Thanks
- Joshua Drake (@jduck) and Steve Christey Coley (@sushidude) for the inspiration!
- @yournamehere for the most awesome contributions
- And sure everyone of you, who has sent the pull requests or suggested a link to add here!
Thanks a lot!
License
This work is licensed under a Creative Commons Attribution Share-Alike 4.0 International License