1. Heap : libheap – Python library to examine ptmalloc
2. Heap : heap-viewer – IDA plugin to examine the heap
3. Heap : GEF Heap Exploitation Tools
4. Debug : Dr Memory – Memory Debugger for Linux , Windows , Mac , Android
5. Debug : GDB Peda
6. Debug : Pwndbg
7. Debug : GEF – Gdb Enhanced Features
8. Playground : Old Vulnerable App
9. Playground : Pwnable.tw
10. Playground : XiphosResearch’s POC exploits
11. Playground : Exploit-db
12. Playground : exploit-me ARM Lab
13. Shellcode : Shellcode Database
14. Shellcode : Sickle Shellcode Development Tool
15. Shellcode : shellnoob – Writing Shellcode
16. Shellcode : shelllen – Interactive Shellcoding Environment

1. Hardenedlinux’s Linux Exploit Developemnt ( Chinese )
2. Hardenedlinus’s Kernel Mitigation 101 ( Chinese )
3. C/C++ – Stack Based Buffer Overflow Hands-on
4. Blackhoodie-2018 Linux Binary Exploitation Workshop
5. Nnamon’s Linux Binary Exploitation Workshop
6. Nnamon’s Practical Ret 2 Libc Workshop
7. r0hi7’s BinExp – Linux Exploitation Workshop
8. ARM – BsidesMunich2018 Workshop
9. Billy-Ellis ARM Exploitation Challenges
10. ARMPwn – Learn Memory Corruption on ARM
11. BinTut – Live Demonstration of Memory Corruption Exploitation
12. ROP Emporium -Teaching ROP Exploitation Techniques
13. Smashing the Browser – Discover Vuln to Exploit
14. Awesome-Browser-Exploits
15. Yookiterm’s Exploitation Course ( Slides / Challenges / Challenge Files / Solutions )
16. DC416 : Introduction to x64 Linux Exploit ( Slides / Vuln03 solution )
17. Sam Bowne’s Exploit Development for Beginners Workshop [ Bof without shellcode , 64bit Overflow , Linux BoF with shellcode , Metasploit shellcode practice ]

• Binary Analysis 101
• Blog
• Cryptography
• Damn Vulnerable File Upload
• DFIR
• DVWS
• Filter Bypassing
• Game Hacking
• Home
• Learn to Hack
• Linux Binary Exploitation
• LOL Members Section
• LOL-Fav
• LOL-Press
• Misc
• NodeGoat Walkthrough
• OWASP Juice Shop Walkthrough
• Paralax LFI Lab
• Partners
• Requests
• Resources
• Web Security
• Web-Sec Class
• Win Exploit Development
• XVWA Walkthrough

LOL-Fav

Com-Sys

• Introduction to Linux – A Hands on Guide
• Bash Beginner Guide
• Linux-Inside : about linux kernel and its internals
• Understading the ELF file
• ELF Binaries on Linux : Understanding & Analysis
• Linux File System Infograph 1 / Infograph 2
• Linux Kernel Analysis – Walkthrough
• Linux Kernel Map
• Linux GLibC Stack Canary Values
• Stack Smashing Protector

1. C Function Calls Convention on the Stack
2. The Anatomy of an Executable
3. Introducing Character Sets & Encoding
4. An Introduction to Writing System & Unicode

• Mother board , Chipsets & Memory Map
• How Computer Boots up
• The Kernel Boot Process
• CPU Rings , Privilege & Protection
• What your computer does while you wait
• Cache : A place for concealment & safe-keeping
• Getting Physical with Memory
• Anatomy of a Program in Memory
• How the Kernel Manages your Memory
• Journey to the Stack – part 1
• Epilogues , Canaries & Buffer Overflows
• Recursion : Dream with a dream

• The Little Book about OS Development
• How to make a Computer Operating System in C++

1. x86 nasm Assembly Quick Reference
2. Intel Pentium Instruction Set
3. Win32 Assembly
4. cgasm – Offline Assembly Documentation
5. x86 Op Code & Instruction Reference
6. Linux System Call Table
7. Linux Sys Call Ref
8. NASM Tutorial

1. Getting Started with windbg ( User mode )
2. Getting Started with windbg ( Kernel mode )
3. Getting Started with windbg #1
4. Getting Started with windbg #2
5. Getting Started with windbg #3
6. GDB Command Reference

1. Debug : The Secret Lives of Debuggers

Rev-Eng

1. Nnamon’s Reverse Engineering & Exploitation Workshop
2. Reverse Engineering Workshop – Sprout 2018
3. Reversing Workshop : Solving Flare-on 2016
4. Reverse Engineering Malware 101 – Malware Unicorn

Exp-Dev

1. Basics
2. Introduction to Stack Overflow
3. Changing offsets & Rebased modules
4. Locating shellcode jump
5. Locating shellcode Egg hunting
6. SEH exploits
7. Unicode Buffer Overflows

1. https://www.corelan.be/index.php/articles/ ( Windows )
2. https://www.corelan.be/index.php/forum/exploit-writing-tutorials-linux/ ( Linux )

1. Classic Stack Based Buffer Overflow
2. Integer Overflow
3. Off-by-One Stack Based
4. Bypassing NX using return to libc
5. Bypassing NX using chained return to libc
6. Bypassing ASLR using return to PLT
7. Bypassing ASLR using Bruteforce
8. Bypassing ASLR using GOT Overwrite and GOT Deference
9. Understanding glibc malloc()
10. Heap Overflow using unlink()
11. Heap Overflow using Malloc Maleficarum
12. Off-by-one Heap Based
13. Use After Free

1. Buffer Overflow Exploit
2. Shellcode Injection
3. Heap Exploitation Book

1. Overview
2. Stack Corruption for newbies
3. EIP Redirection
4. Execution Arbitary Code
5. SFP overwrite
6. Format Strings Bug

1. Simple Stack based BoF Tutorial for vulnerable server
2. SEH based BoF Tutorial for vulnerable server
3. Egg Hunter based Exploit for vulnerable server
4. Restricted Character Set exploit for vulneraable server

1. http://www.fuzzysecurity.com/tutorials.html

1. https://azeria-labs.com/

1. Assembly 101 – Part 1 – Basic
2. Assembly 101 – Part 2 – Conditional jumps , Logic and Shifiting
3. Assembly 101 – Part 3 – Multiplications , Repetition and Switches
4. Exploitation 101 – Part 1 – Stack gets over its Head
5. Exploitation 101 – Part 2 – Born in a Shell
6. Exploitation 101 – Part 3 – Heap Overflow , Unlink me , would you please?
7. Exploitation 101 – Part 4 – First Witchy House
8. Exploitation 101 – Part 5 – House of Mind : Undead and Loving it
9. Exploitation 101 – Part 6 – House of Force : Jedi Overflow
10. Exploitation 101 – Part 7 – House of Lore : People and Traditions
11. Exploitation 101 – Part 8 – House of Spirit : Friendly Stack Overflow
12. Exploitation 101 – Part 9 – Off-by-One and Uninvited friend joins the Party
13. Exploitation 101 – Part 10 – Integer Overflow : Adding one more ….AAAAAAnd it’s gone
14. Exploitation 101 – Part 11 – Format Strings : I will tell ya what to say

1. Exploit Module Format
2. Exploit Mixins
3. Exploit Targets
4. Exploit Payloads
5. Getting Shell

1. Stack : BoF with edb-debugger
2. Stack : Stack Based Overflow on x64 Linux
3. Stack : Binary Exploitation ELIF5 – ( Part 1 / Part 2 )
4. Shellcode : Shellcoding for Windows & Linux
5. Shellcode : Understanding Shellcode : Reverse Shell
6. Shellcode : How to write an egg hunter shellcode
7. Shellcode : Shellcode Debugging with Ollydgb
8. Shellcode : Shellcode without Socket
9. Shellcode : Shellcode Obfuscation #1
10. Shellcode : Shellcode Obfuscation #2
11. Binary : GOT & PLT for Pwning
12. Binary : What are the GOT & PLT – part 1
13. Binary : CPU , Memory and Buffer Overflow
14. Mitigation : Bypass ASLR + NX ( Part 1 , Part 2 )
15. Mitigation : New bypass & Protection Techniques for ASLR on Linux
16. Mitigation : Return to PLT , GOT to bypass ASLR remotely
17. Mitigation : Return to libc on Modern 32 bit and 64 bit  Linux
18. Mitigation : Make Stack Execution again
19. Mitigation : Can we bruteforce ASLR?
20. Mitigation : ROPping to Victory – Radare2 + pwntools ( Part 1 )
21. Mitigation : ROPping to Victory – Split ( Part 2 )
22. Mitigation : ROPping to Victory – Call me may be ( Part 3 )
23. Mitigation : Introduction to Returned-Oriented-Programming ROP
24. Mitigation : Introduction to ROP
25. Mitigation : x64 Bit Linux ROP
26. Mitigation : Return to LibC without function calls
27. Mitigation : x86 / x64 BoF Exploits & Borrowed code chunks exploitation techniques
28. Mitigation : Defeating DEP – The Immunity Debugger way
29. Mitigation : Blind ROP ( BROP ) Lab / Paper
30. Mitigation : Advanced Buffer Overflow Method
31. Mitigation : Exploiting the Random Number Generator – ASLR Bypass
32. Mitigation : Fun with Info Leaks ( DEP + ASLR Bypass )
33. Mitigation : Bypassig Memory Protections – The Future of Exploitation
34. Format Strings : GOT overwrite to change control flow remotely on ASLR
35. Format Strings : Defeating Stack Canary, NX and ASLR remotely on 64 bit
36. Format Strings : Exploiting Format String Vulnerabilities
37. Format Strings : Exploiting Format String – Getting the shell
38. Format Strings : Maximum Over-kill Two – from Format String to RCE
39. Heap : Exim Off-by-one RCE Exploiting CVE 2018-6789 with fully mitigations bypass
40. Heap : CVE 2018-6789 Walkthrough
41. Heap : Road to Exim RCE – Abusing unsafe memory allocator in the most popular MTA
42. Heap : From heap to RIP
43. Heap : GlibC malloc() for Exploiters / (Markdown Version)
44. Heap : heapwn – Collection of Heap pwnables binaries
45. Heap : how2heap – Educational Heap Exploitation Collection
46. Heap : ptmalloc fanzine – Heap Meta-data Corruption Series
47. Heap : Play with file structures – Yet another Binary exploit technique
48. Heap : Exploiting the wilderness
49. Heap : Heap Feng Shui in JavaScript
50. Heap : Project HeartBleed
51. Heap : An Introduction to Use-After-Free
52. Heap : Walking Heap using Py-dbg
53. Null-ptr Def : Large Memory Management Vulnerabilities

1. Slide : Linux Interactive Exploit Development with GDB & Peda
2. Slide : Understanding Heap by breaking it
3. Book : Hackin9 – Build your own exploits

1. Exploit Tips & Techniques
2. 23c3 : Unusual Bugs
3. ASLR Bypass – Bruteforce
4. ASLR Bypass – Ret2esp
5. ASLR Bypass – Ret2reg

1. Heap : libheap – Python library to examine ptmalloc
2. Heap : heap-viewer – IDA plugin to examine the heap
3. Heap : GEF Heap Exploitation Tools
4. Debug : Dr Memory – Memory Debugger for Linux , Windows , Mac , Android
5. Debug : GDB Peda
6. Debug : Pwndbg
7. Debug : GEF – Gdb Enhanced Features
8. Playground : Old Vulnerable App
9. Playground : Pwnable.tw
10. Playground : XiphosResearch’s POC exploits
11. Playground : Exploit-db
12. Playground : exploit-me ARM Lab
13. Shellcode : Shellcode Database
14. Shellcode : Sickle Shellcode Development Tool
15. Shellcode : shellnoob – Writing Shellcode
16. Shellcode : shelllen – Interactive Shellcoding Environment

1. Hardenedlinux’s Linux Exploit Developemnt ( Chinese )
2. Hardenedlinus’s Kernel Mitigation 101 ( Chinese )
3. C/C++ – Stack Based Buffer Overflow Hands-on
4. Blackhoodie-2018 Linux Binary Exploitation Workshop
5. Nnamon’s Linux Binary Exploitation Workshop
6. Nnamon’s Practical Ret 2 Libc Workshop
7. r0hi7’s BinExp – Linux Exploitation Workshop
8. ARM – BsidesMunich2018 Workshop
9. Billy-Ellis ARM Exploitation Challenges
10. ARMPwn – Learn Memory Corruption on ARM
11. BinTut – Live Demonstration of Memory Corruption Exploitation
12. ROP Emporium -Teaching ROP Exploitation Techniques
13. Smashing the Browser – Discover Vuln to Exploit
14. Awesome-Browser-Exploits
15. Yookiterm’s Exploitation Course ( Slides / Challenges / Challenge Files / Solutions )
16. DC416 : Introduction to x64 Linux Exploit ( Slides / Vuln03 solution )
17. Sam Bowne’s Exploit Development for Beginners Workshop [ Bof without shellcode , 64bit Overflow , Linux BoF with shellcode , Metasploit shellcode practice ]

1. Tutorial : An Introduction to Fuzzing
2. Tutorial : An introudction to fuzzing – Automated security testing approach
3. Tutorial : The art of Fuzzing – Slides & Demos
4. Tutorial : Hack the Hacker : Fuzzing Mimikatz on Windows with WinAFL & Heatmaps
5. Tutorial : Fuzzing Arbitrary Functions in ELF Binaries
6. Tutorial : A year of windows kernel font fuzzing #1 – result by Project Zero
7. Tutorial : A year of windows kernel font fuzzing #2 – techniques by Project Zero
8. Tutorial : Fuzzing workflow – A fuzz job from start to finish
9. Tutorial : 15 mins Guide to Fuzzing by MWR
10. Tutorial : Simple Fuzzing with zzuff #1 by fuzzing-project
11. Tutorial : Find more Bug with Address Sanitizer #2 by fuzzing-project
12. Tutorial : Instrumented Fuzzing with American Fuzzy Loop #3 by fuzzing-project
13. Tutorial : Know your CFLAGS – Tips to find bug with compiler features by fuzzing-project
14. Tutorial : Disabling Custom Memory Allocators by fuzzing-project
15. Tutorial : Libfuzzer Tutorial
16. Tutorial : How Heartbleed could have been found
17. Tutorial : Compiler Fuzzing #1
18. Tutorial : FFmpeg and a thousands fixes
19. Tutorial : Introducing jsfunfuzz
20. Tutorial : 7 Tips to consider before fuzzing Open source Large Project
21. AFL : Basic Usage of AFL with realworld examples
22. AFL : Advanced AFL usage with realworld examples –preeny and dictionaries
23. AFL : Advanced AFL usage with realworld examples — Persistent mode
24. AFL : More advanced AFL usage with realworld examples — fuzzing libraries
25. AFL : A Gentle Introduction to fuzzing C++ code with AFL & libfuzzer
26. AFL : Fuzzing openSSH daemon using AFL
27. AFL : Fuzzing Capstone using AFL
28. AFL : RAM , Disks and saving your SSD from AFL fuzzing
29. AFL : Bug Hunting with American Fuzzy Loop
30. AFL : Segfaulting Python with afl-fuzz
31. AFL : How to fuzz a server with AFL
32. AFL : Fuzzing Projects with American Fuzzy Loop
33. Peach : Peach Tutorials
34. Peach : Fuzzing with Peach #1
35. Peach : Fuzzing with Peach #2
36. Video : Fuzzing 101 from Hack-Night
37. Video : Fuzzing Lecture #1 from W. Owen Redwood
38. Video : Fuzzing Lecture #2 fromW. Owen Redwood
39. Video : Fuzzing Lecture from Free Software Security Course
40. PDF : The Evolving Art of Fuzzing
41. PDF : Automated Whitebox Fuzz Testing
42. PDF : How Hacker Look for Bug
43. PDF : Real World Fuzzing
44. PDF : Effective Bug Discovery
45. PDF : Effective File Format Fuzzing
46. PDF : Fuzzing Frameworks
47. PDF : Fuzzing for fun & for $$$$
48. PDF : MBFuzzer – MITM Fuzzing for Mobile Applications
49. PDF : The Art of File Format Fuzzing
50. PDF : Wifi – Advanced Fuzzing
51. PDF : Analysis of Mutation & Generation-Based Fuzzing
52. PDF : Introducing Sulley fuzzing framework
53. PDF : Grammar-based White Box Fuzzing
54. PDF : zzuf – Multi purpose fuzzer
55. PDF : CS558 – Fuzzing Lab
56. Blog : Fuzzing Blog #1
57. Blog : Fuzzing Blog #2
58. Blog : Fuzzing Blog #3
59. Lab : From fuzzing to zero day
60. Lab : A Practical Example ( AFL vs Binutils )
61. Lab : AFL Training Workshop
62. Lab : libfuzzer Training Workshop
63. Lab : Fuzzing with spike
64. Lab : Fuzzing with Failure Observation Engine
65. Lab : FuzzGoat – Vulnerable C Program for Testing Fuzzers

1. Linux : Linux Kernel Exploit – Environment
2. Linux : Linux Kernel Exploit – Stack Smashing
3. Linux : Linux Kernel Exploit – Null Deference
4. Linux : Kernel Driver : mmap handler exploitation
5. Windows : Setting up a Windows VM lab for Kernel Debugging
6. Windows : A primer to Windows x64 Shellcoding
7. Windows : First exploit in Windows Kernel ( HEVD )
8. Windows : Arbitrary write Primitive on Windows Kernel ( HEVD )

1. https://0x00sec.org/c/exploit-development

1. Smashing the Stack for Fun & Profit
2. Weakening the Linux Kernel
3. Frame Pointer Overwriting
4. Bypassing Stack Guard & Stack Shield
5. Shared Library redirection via ELF PLT infection
6. Smashing C++ VPTRs
7. Backdooring Binary Objects
8. Introduction to PAM
9. Exploiting Non-Adjacent Memory Spaces
10. Writing MIPS/Irix Shellcode
11. IA64 Shellcode
12. Vudo Malloc Tricks
13. Once upon a free()
14. Architecture Spanning Shellcode
15. Writing ia32 Alphanumeric Shellcodes
16. Advanced return-to-libc exploits (PaX Case Study )
17. Runtime Binary Encryption
18. Advances in Kernel Hacking
19. Linux on the fly kernel patching without LKM
20. Linux x86 Kernel function hooking emulation
21. Developing Strong ARM Linux Shellcode
22. HP-UX (PA-RISC 1.1) Overflows
23. Handling the Interrupt Descriptor Table
24. Advances in kernel hacking II
25. Advances in format string exploitation
26. Runtime process infection
27. Bypassing PaX ASLR protection
28. Building ptrace injecting shellcodes
29. Linux/390 shellcode development
30. Playing with Windows /dev/(k)mem
31. Smashing The Kernel Stack For Fun And Profit
32. Burning the bridge: Cisco IOS exploits
33. Static Kernel Patching
34. Big Loop Integer Protection
35. Basic Integer Overflows
36. Advanced Doug Lea’s malloc exploits
37. Hijacking Linux Page Fault Handle
38. The Cerberus ELF interface
39. Polymorphic Shellcode Engine
40. Infecting Loadable Kernel Modules
41. Building IA32 ‘Unicode-Proof’ Shellcodes
42. Hacking the Linux Kernel Network Stack
43. Kernel Rootkit Experiences & the Future
44. Bypassing Win BO Protection
45. Kernel Mode Backdoor for NT
46. Advances in Windows Shellcode
47. UTF8 Shellcode
48. Attacking Apache Modules
49. Win32 Portable Userland Rootkit
50. Bypassing Windows Personal FW’s
51. OSX heap exploitation techniques
52. Games with kernel Memory…FreeBSD Style
53. Embedded ELF Debugging
54. Hacking Grub for Fun & Profit
55. Shifting the Stack Pointer
56. PowerPC Cracking on OSX with GDB
57. Attacking the Core: Kernel Exploitation Notes
58. Mac OS X Wars – A XNU Hope
59. Hacking deeper in the system
60. Abusing the Objective C runtime
61. Backdooring Juniper Firewalls
62. Exploiting DLmalloc frees in 2009
63. Exploiting UMA : FreeBSD kernel heap exploits
64. Malloc Des-Maleficarum
65. Alphanumeric RISC ARM Shellcode
66. Power cell buffer overflow
67. Binary Mangling with Radare
68. Linux Kernel Heap Tampering Detection
69. Kernel instrumentation using kprobes
70. ProFTPD with mod_sql pre-authentication, remote root
71. The House Of Lore: Reloaded ptmalloc v2 & v3: Analysis & Corruption
72. A Eulogy for Format Strings
73. Dynamic Program Analysis and Software Exploitation
74. Exploiting Memory Corruptions in Fortran Programs Under Unix/VMS
75. Scraps of notes on remote stack overflow exploitation
76. Android Kernel Rootkit
77. Pseudomonarchia jemallocum
78. Infecting loadable kernel modules: kernel versions 2.6.x/3.0.x
79. The Art of Exploitation: MS IIS 7.5 Remote Heap Overflow
80. The Art of Exploitation: Exploiting VLC, a jemalloc case study
81. Modern Objective-C Exploitation Techniques

Practice

• [ Pwn ] – HITCON Training
• [ Pwn ] – AIS3 – 2017 Binary Exploitation
• [ Pwn ] – Insecure Programming
• [ Web ] – Orbital Offensive Web Security 2016
• [ Web ] – Node JS Security ( Juice Shop )
• [ Web ] – Node JS Security ( goat.js )
• [ Web ] – Node JS Security ( NodeGoat )
• [ Web ] – Damn Vulnerable NodeJS Application ( DVNA )
• [ Web ] – Damn Vulnerable Web Scokets ( DVWS )
• [ Web ] – Damn Vulnerable Web Services ( DVWS )
• [ Web ] – Damn Vulnerable Web Application ( DVWA )
• [ Web ] – Extreme Vulnerable Web Application ( XVWA )
• [ Web ] – Damn Small Vulnerable Web ( DSVW )
• [ Web ] – Vulnerable Django Application ( django-nV )
• [ Web ] – Vulnerable Grails Application ( grails-nV )
• [ Web ] – Vulnerable JSP Application ( MoneyX )
• [ Web ] – Vulnerable Java Application ( WebGoat )
• [ Web ] – Vulnerable Java Application for Session Puzzling ( puzzlemall )
• [ Web ] – RailsGoat – Vulnerable Rails Application
• [ Web ] – Vulnerable API – Vulnerable Python Web API
• [ Web ] – OWASP Hackademic Challenges
• [ Web ] – Hackazon – a modern vulnerable web app
• [ Web ] – SQLi – Labs ( Audi-1 )
• [ Web ] – LFI – Labs  ( Paralax )
• [ Web ] – Damn Vulnerable File Upload ( Lunam00n )
• [ Mob ] – Offensive & Defensive Android Reverse Engineering DEFCON23
• [ Mob ] – OWASP MSTG Playground
• [ Mob ] – Damn Insecure & Vlunerable App ( DIVA)
• [ Mob ] – Damn Vulnerable Hybrid Mobile App ( DVHMA )
• [ Mob ] – OWASP Goad Droid
• [ Mob ] – ExploitMe Labs ( SecurityCompass )
• [ Mob ] – InsecureBank V2
• [ Mob ] – Sieve Password Manager App ( MWR )
• [ Mob ] – OWASP iGoat
• [ Mob ] – Damn Vulnerable iOS App ( DVIA )
• [ Mob ] – Damn Vulnerable iOS App 2 ( DVIA 2 )
• [ Mob ] – Mobile Challenges Collection
• [ Mob ] – h1-702-2018 CTF challenges
• [ Mob ] – Android Crackme Challenges ( reoky )
• [ Mob ] – iOS Mobile-CTF Challenge( Ivan R )
• [ Mob ] – OWASP Crackme Challenges
• [ Mob ] – Android MIT LL CTF 2013
• [ Mob ] – Android CTF
• [ Mob ] – CTF Droid
• [ IoT  ] – iv-wrt : Intentionally Vulnerable Router Firmware ( OpenWrt)
• [ CTF ] – Dumped CTF Challenges & Materials
• [ CTF ] – Shell-storm : CTF Repo
• [ Ran ] – Damn Vulnerable Thick-client Application ( DVTA )

• [ CTF ] – Backdoor CTF
• [ CTF ] – Learn CTF
• [ CTF + VM ] – Hack The Box
• [ CTF + VM ] – Pentestit
• [ CTF ] – Hone Your Ninja Skills
• [ CTF ] – Microcorruption Embeded Security CTF
• [ CTF ] – OverTheWire Wargame CTF
• [ CTF ] – SmashTheStack Wargame CTF
• [ CTF ] – Ringzer0 Team Online CTF
• [ CTF ] – Root-me
• [ CTF ] – Hall of Valhalla
• [ CTF ] – Enigma Group
• [ Pwn ] – Netgarage’s Wargames
• [ Pwn ] – Pwnable.kr
• [ Pwn ] – Pwnable.tw
• [ Pwn ] – ROP Wargames
• [ RE_ ] – Reversing.kr
• [ Web ] – Webhacking.kr
• [ Misc ] – Command Line Challenge
• [ Forensic ] – Forensic Contests
• [ Forensic ] – DFRWS Forensic Challenges

• Vulnhub – Home of Vulnerable Machines
• The Hacker Games
• PentesterLab Exercises
• OWASP – Broken Web Applications

• CTF-Wiki ( Chinese )
• CTF 101 – Systems ( 2016 )
• CTF 101 – Systems ( 2015 )
• CTF Field Guide
• CTF Resources
• CTF – a small course ( Russian )
• CTF Literature
• CTF Resources
• CTF Wiki – Osiris Lab
• CTF – Reddit
• XSS Challenges – Wiki

• Orange Tsai’s CTF Web Challenges
• Pwning – Public-Writeups
• ctfs – Collections of Writeups
• Pwntools – Writeups
• Smokeleeteverydays – CTF_WRITEUPS

• CTF Tools
• Useful Tools for CTF
• Pentest Scripts

• Setting up a pentest lab with Hyper-V
• Step by step : Vulnerable Windows VM
• Hack yourself : Building a Pentest Lab Video / Slide
• Setting up Windows Lab
• Setting up a Penetraion Testing Lab
• Building a Pentest Lab

Security Open Courseware

• Lecture Videos, Slides
• http://z.cliffe.schreuders.org/SecurityEd.htm
• Overall Topics

• Lecture Slides, Labs, Assignments
• https://ocw.cs.pub.ro/courses/cns
• Binary Exploitation

• Lecture Slides, Labs, Assignments
• https://courses.cs.washington.edu/courses/cse484/14au/
• Overall Topics

• Lecture Slides
• https://nebelwelt.net/teaching/18-527-SoftSec/
• Reverse Egineering , Software Bugs

• Lecuture pptx, Labs
• https://is.muni.cz/el/1433/podzim2018/PA193/
• Software Security

• Lecture Videos, Slides , Projects
• https://samsclass.info/127/127_F15.shtml
• Exploitation for Linux & Windows

• Videos , Slides , Projects
• https://samsclass.info/40/40_F18.shtml
• DNS and Protocol Security

• Videos , Slides , Projects
• https://samsclass.info/152/152_F18.shtml
• Incident Handling

• Videos , Slides , Projects
• https://samsclass.info/126/126_F18.shtml
• Malware Analysis

• Videos , Slides , Projects
• https://samsclass.info/123/123_F18.shtml
• Ethical Hacking , Network Pentesting , Beginner Level

• Videos , Slides , Projects
• https://samsclass.info/124/124_F17.shtml
• Intermediate Level , Ethical Hacking , Penetration Testing

• Projects , Slides
• https://samsclass.info/128/128_S19.shtml
• Mobile Security , Android , iOS

• Vidoes , Slides , Projects
• https://samsclass.info/129S/129S_S18.shtml
• Web Security

• Vidoes , Slides , Projects
• https://samsclass.info/141/141_F17.shtml
• Cryptography , Encryption

• Videos , Codes , Slides , Labs VM
• http://opensecuritytraining.info/Training.html
• Android , CISSP , Network Hunting , Hacking techniques &
  Intrusion detection , x86 / x64 Assembly , ARM , Cellular , Network
  forensics , Secure coding , Vulnerability assement , web , pcap analysis
  , Linux & Windows exploits , Reverse engineering , Rootkits ,
  Malware Analysis , Keylogging

• Slides , Labs
• http://www.cse.iitd.ernet.in/~siy117527/sil765/
• Overall Topics

• Slides , Labs
• https://www.cs.ucr.edu/~heng/teaching/cs260-winter2017/index.html
• Binary Analysis

• Youtube Videos
• http://liveoverflow.com/
• Binary Exploitation , Web, CTFs , Game Hacking , Hardware , Mobile , etc …

• Slides , Labs , VM
• https://github.com/RPISEC/MBE
• http://security.cs.rpi.edu/courses/binexp-spring2015/
• Reverse engineering , Binary Exploitation , Fuzzing

• Videos , Slides , Labs
• http://howto.hackallthethings.com/
• Overall Topics

• Videos , Slides ,Resources
• https://github.com/osirislab/Hack-Night
• Overall Topics

• Practical Tutorials on Linux
• https://www.win.tue.nl/~aeb/linux/hh/
• Overall Topics

And-Sec

• SecMobi – Wiki – Useful Resources and better experience
• Mobile Security – Wiki – Tool many Resources
• DroidSec – Wiki – Huge amount of Whitepapers
• OWASP – MSTG  – Mobile Security Testing Guide
• Collection of Android Malwares Sample
• Android Security Reference

• Practical Android Exploitation
• Manifest Security – Android App Sec Tutorial Seires
• Infosec Institute – Android Tutorial Series
• Tutorialpoints – Android Penetration Tesing Videos
• How to monitor mobile app traffic with sniffers
• Portable mobile app traffic analysis
• Learning android byte code
• Frida Hook Tutorials 1 to 5 / Project

• tool list 1

Unsorted

• Hacking Zines
• https://github.com/michalmalik/linux-re-101 – Linux RE 101
• https://github.com/praetorian-inc/DVRF – Router Firmware
• https://github.com/sagishahar/lpeworkshop – LPE workshop
• https://github.com/trustedsec/ptf – Penetration Testing Framework
• fastandeasyhacking.com  – Armitage

• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
• https://github.com/rebootuser/LinEnumv

Windows stack overflows

• Win32 Buffer Overflows (Location, Exploitation and Prevention) – by Dark spyrit [1999]
• Writing Stack Based Overflows on Windows – by Nish Bhalla’s [2005]

Windows heap overflows

• Third Generation Exploitation smashing heap on 2k – by Halvar Flake [2002]
• Exploiting the MSRPC Heap Overflow Part 1 – by Dave Aitel (MS03-026) [September 2003]
• Exploiting the MSRPC Heap Overflow Part 2 – by Dave Aitel (MS03-026) [September 2003]
• Windows heap overflow penetration in black hat – by David Litchfield [2004]

Kernel based Windows overflows

• How to attack kernel based vulns on windows was done – by a Polish group called “sec-labs” [2003]
• Sec-lab old whitepaper
• Sec-lab old exploit
• Windows Local Kernel Exploitation (based on sec-lab research) – by S.K Chong [2004]
• How to exploit Windows kernel memory pool – by SoBeIt [2005]
• Exploiting remote kernel overflows in windows – by Eeye Security
• Kernel-mode Payloads on Windows in uninformed – by Matt Miller
• Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
• BH US 2007 Attacking the Windows Kernel
• Remote and Local Exploitation of Network Drivers
• Exploiting Comon Flaws In Drivers
• I2OMGMT Driver Impersonation Attack
• Real World Kernel Pool Exploitation
• Exploit for windows 2k3 and 2k8
• Alyzing local privilege escalations in win32k
• Intro to Windows Kernel Security Development
• There’s a party at ring0 and you’re invited
• Windows kernel vulnerability exploitation

Windows memory protections

• Data Execution Prevention
• /GS (Buffer Security Check)
• /SAFESEH
• ASLR
• SEHOP

Bypassing filter and protections

• Third Generation Exploitation smashing heap on 2k – by Halvar Flake [2002]
• Creating Arbitrary Shellcode In Unicode Expanded Strings – by Chris Anley
• Advanced windows exploitation – by Dave Aitel [2003]
• Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server – by David Litchfield
• Reliable heap exploits and after that Windows Heap Exploitation (Win2KSP0 through WinXPSP2) – by Matt Conover in cansecwest 2004
• Safely Searching Process Virtual Address Space – by Matt Miller [2004]
• IE exploit and used a technology called Heap Spray
• Bypassing hardware-enforced DEP – by Skape (Matt Miller) and Skywing (Ken Johnson) [October 2005]
• Exploiting Freelist[0] On XP Service Pack 2 – by Brett Moore [2005]
• Kernel-mode Payloads on Windows in uninformed
• Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
• Exploiting Comon Flaws In Drivers
• Heap Feng Shui in JavaScript by Alexander sotirov [2007]
• Understanding and bypassing Windows Heap Protection – by Nicolas Waisman [2007]
• Heaps About Heaps – by Brett moore [2008]
• Bypassing browser memory protections in Windows Vista – by Mark Dowd and Alex Sotirov [2008]
• Attacking the Vista Heap – by ben hawkes [2008]
• Return oriented programming Exploitation without Code Injection – by Hovav Shacham (and others ) [2008]
• Token Kidnapping and a super reliable exploit for windows 2k3 and 2k8 – by Cesar Cerrudo [2008]
• Defeating DEP Immunity Way – by Pablo Sole [2008]
• Practical Windows XP2003 Heap Exploitation – by John McDonald and Chris Valasek [2009]
• Bypassing SEHOP – by Stefan Le Berre Damien Cauquil [2009]
• Interpreter Exploitation : Pointer Inference and JIT Spraying – by Dionysus Blazakis[2010]
• Write-up of Pwn2Own 2010 – by Peter Vreugdenhil
• All in one 0day presented in rootedCON – by Ruben Santamarta [2010]
• DEP/ASLR bypass using 3rd party – by Shahin Ramezany [2013]

Typical windows exploits

• Real-world HW-DEP bypass Exploit – by Devcode
• Bypassing DEP by returning into HeapCreate – by Toto
• First public ASLR bypass exploit by using partial overwrite – by Skape
• Heap spray and bypassing DEP – by Skylined
• First public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability
• Exploit codes of bypassing browsers memory protections
• PoC’s on Tokken TokenKidnapping . PoC for 2k3 -part 1 – by Cesar Cerrudo
• PoC’s on Tokken TokenKidnapping . PoC for 2k8 -part 2 – by Cesar Cerrudo
• An exploit works from win 3.1 to win 7 – by Tavis Ormandy KiTra0d
• Old ms08-067 metasploit module multi-target and DEP bypass
• PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass
• SMBv2 Exploit – by Stephen Fewer

Exploit development tutorial series

• Corelan Team
  

• Fuzzysecurity
  

• Securitysift
  

Tools

• angr – Platform-agnostic binary analysis framework developed at UCSB’s Seclab.
• BARF – Multiplatform, open source Binary Analysis and Reverse engineering Framework.
• binnavi – Binary analysis IDE for reverse engineering based on graph visualization.
• Bokken – GUI for Pyew and Radare.
• Capstone
  – Disassembly framework for binary analysis and reversing, with support
  for many architectures and bindings in several languages.
• codebro – Web based code browser using clang to provide basic code analysis.
• dnSpy – .NET assembly editor, decompiler and debugger.
• Evan’s Debugger (EDB) – A modular debugger with a Qt GUI.
• GDB – The GNU debugger.
• GEF – GDB Enhanced Features, for exploiters and reverse engineers.
• hackers-grep – A utility to search for strings in PE executables including imports, exports, and debug symbols.
• IDA Pro – Windows disassembler and debugger, with a free evaluation version.
• Immunity Debugger – Debugger for malware analysis and more, with a Python API.
• ltrace – Dynamic analysis for Linux executables.
• objdump – Part of GNU binutils, for static analysis of Linux binaries.
• OllyDbg – An assembly-level debugger for Windows executables.
• PANDA – Platform for Architecture-Neutral Dynamic Analysis
• PEDA – Python Exploit Development Assistance for GDB, an enhanced display with added commands.
• pestudio – Perform static analysis of Windows executables.
• Process Monitor – Advanced monitoring tool for Windows programs.
• Pyew – Python tool for malware analysis.
• Radare2 – Reverse engineering framework, with debugger support.
• SMRT – Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis.
• strace – Dynamic analysis for Linux executables.
• Udis86 – Disassembler library and tool for x86 and x86_64.
• Vivisect – Python tool for malware analysis.
• X64dbg – An open-source x64/x32 debugger for windows.

• angr – Platform-agnostic binary analysis framework developed at UCSB’s Seclab.
• BARF – Multiplatform, open source Binary Analysis and Reverse engineering Framework.
• binnavi – Binary analysis IDE for reverse engineering based on graph visualization.
• Bokken – GUI for Pyew and Radare.
• Capstone
  – Disassembly framework for binary analysis and reversing, with support
  for many architectures and bindings in several languages.
• codebro – Web based code browser using clang to provide basic code analysis.
• dnSpy – .NET assembly editor, decompiler and debugger.
• Evan’s Debugger (EDB) – A modular debugger with a Qt GUI.
• GDB – The GNU debugger.
• GEF – GDB Enhanced Features, for exploiters and reverse engineers.
• hackers-grep – A utility to search for strings in PE executables including imports, exports, and debug symbols.
• IDA Pro – Windows disassembler and debugger, with a free evaluation version.
• Immunity Debugger – Debugger for malware analysis and more, with a Python API.
• ltrace – Dynamic analysis for Linux executables.
• objdump – Part of GNU binutils, for static analysis of Linux binaries.
• OllyDbg – An assembly-level debugger for Windows executables.
• PANDA – Platform for Architecture-Neutral Dynamic Analysis
• PEDA – Python Exploit Development Assistance for GDB, an enhanced display with added commands.
• pestudio – Perform static analysis of Windows executables.
• Process Monitor – Advanced monitoring tool for Windows programs.
• Pyew – Python tool for malware analysis.
• Radare2 – Reverse engineering framework, with debugger support.
• SMRT – Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis.
• strace – Dynamic analysis for Linux executables.
• Udis86 – Disassembler library and tool for x86 and x86_64.
• Vivisect – Python tool for malware analysis.
• X64dbg – An open-source x64/x32 debugger for windows.

https://soundcloud.com/dg4e/beneath-the-underound-scene-e-mck-a-t-m-o-s