Skip to content

🦄 A curated list of the awesome resources about the Vulnerability Research

License

Notifications You must be signed in to change notification settings

sergey-pronin/Awesome-Vulnerability-Research

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

75 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Vulnerability Research Awesome

🦄 A curated list of the awesome resources about the Vulnerability Research

First things first: There are no exploits in this project. Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious about then you’ll find your own way to discover a flow, this list aimed to help you find it faster.

Maintained by Sergey Pronin with contributions from the community. Become the next 🌟 stargazer or ✍️ contributor.

Made With Passion License CC-BY-SA-4.0 GitHub Stars

Vulnerability Research is the process of analyzing a product, protocol, or algorithm - or set of related products - to find, understand or exploit one or more vulnerabilities. Vulnerability research can but does not always involve reverse engineering, code review, static and dynamic analysis, fuzzing and debugging.

Purpose

Currently, there is way more insecure code out there than researchers. Much more people looking at code that’s deployed in the real world are required by the market. This project exists to share a different awesome sources of information with you and encourage more people to get involved. Here you will find books and articles, online classes, recommended tools, write-ups, methodologies and tutorials, people to follow, and more cool stuff about Vulnerability Research and tinkering with application execution flow in general.

Contributing

This List is published according to the "Done is better than Perfect" approach, so your contributions and suggestions are very valuable and are always welcome! There are two options:

  1. Use the standard method of forking this repo, making your changes and doing a pull request to have your content added. Please check the Contributing Guideline for more details.
  2. Occasionally, if you just want to copy/paste your content, I'll take that too! Create an "Issue" with your suggestions and I will add it for you.

Legend:

  • 🌟: Most Awesome
  • 💰: Costs Money
  • 🔥: Hot Stuff
  • 🎁: For FREE

Contents

Advisories

Back to Contents

Articles

Back to Contents

Books

Back to Contents

Classes

Back to Contents

Conferences

Back to Contents

Conference talks

Back to Contents

Intentionally vulnerable packages

Back to Contents

Mailing lists and Newsletters

Back to Contents

Presentations

Back to Contents

Podcasts and Episodes

Podcasts

Back to Contents

Episodes

Back to Contents

Relevant Standards

Back to Contents

Miscellaneous Documents

Back to Contents

Research Papers

Whitepapers

Back to Contents

Individual researchers

Back to Contents

Tools and Projects

  • Windbg - The preferred debugger by exploit writers.
  • ltrace - Intercepts library calls
  • ansvif - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code.
  • Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules.
  • Spike - A fuzzer development framework like sulley, a predecessor of sulley.

Back to Contents

GitHub repos

  • Google Sanitizers - A repo with extended documentation, bugs and some helper code for the AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer. The actual code resides in the LLVM repository.
  • 🔥FLARE VM - FLARE (FireEye Labs Advanced Reverse Engineering) a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
  • hackers-grep - The hackers-grep is a tool that enables you to search for strings in PE files. The tool is capable of searching strings, imports, exports, and public symbols (like woah) using regular expressions.
  • Grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
  • Choronzon - An evolutionary knowledge-based fuzzer
  • boofuzz - A fork and successor of Sulley framework

Back to Contents

Tutorials

Back to Contents

Videos

Back to Contents

Vendor’s bug databases

Back to Contents

Vulnerability databases

Back to Contents

Wargames and CTFs

Back to Contents

Websites

Back to Contents

Blogs

Back to Contents

Who to Follow

Discord

Back to Contents

GitHub

Back to Contents

Medium

Back to Contents

Twitter

Back to Contents

Miscellaneous Advisories

Back to Contents

Companies and Jobs

Back to Contents

Coordinated Disclosure

  • SecuriTeam Secure Disclosure (SSD) - SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers, for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.
  • The Zero Day Initiative (ZDI) - ZDI is originally founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. Currently managed by Trend Micro.

Back to Contents

Common Lists

Awesome Lists

  • Awesome AppSec - A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.
  • Awesome Web Security - A curated list of Web Security materials and resources.
  • Awesome Fuzzing - A curated list of fuzzing resources for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

Back to Contents

Other Lists

Back to Contents

Thanks

Thanks a lot!

Back to Contents

License

This work is licensed under a Creative Commons Attribution Share-Alike 4.0 International License

CC-BY-SA-4.0

Back to Contents