Awesome-Vulnerability-Research
Vulnerability research resource
A curated list of resources to help researchers and developers discover and analyze vulnerabilities in software.
๐ฆ A curated list of the awesome resources about the Vulnerability Research
1k stars
51 watching
159 forks
last commit: almost 4 years ago awesomeawesome-listcuratedexploit-developmentfuzzingreading-listsecurity-researchvulnerability-research
Awesome Vulnerability Research / Contributing | |||
doing a pull request | 1,136 | almost 4 years ago | Use the standard method of forking this repo, making your changes and to have your content added. Please check the for more details |
Create an "Issue" | 1,136 | almost 4 years ago | Occasionally, if you just want to copy/paste your content, I'll take that too! with your suggestions and I will add it for you |
Awesome Vulnerability Research / Contents / Advisories | |||
Relevant Standards | |||
Vulnerability databases | |||
Awesome Vulnerability Research / Contents | |||
Glossary | |||
Awesome Vulnerability Research / Advisories / Articles | |||
Super Awesome Fuzzing, Part One | by and Eero Kurimo, 2017 | ||
From Fuzzing Apache httpd Server to CVE-2017-7668 and a $1500 Bounty | by Javier Jimรฉnez, 2017 | ||
Root cause analysis of integer flow | by , 2013 | ||
Awesome Vulnerability Research / Advisories / Books | |||
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities | ๐ - by Mark Dowd, John McDonald, Justin Schuh - published 2006, ISBN-13: 978-0321444424 / ISBN-10: 9780321444424 | ||
The Shellcoder's Handbook: Discovering and Exploiting Security Holes | ๐ - by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte - published 2007, 2nd Edition, ISBN-13: 978-0470080238 / ISBN-10: 047008023X | ||
Awesome Vulnerability Research / Advisories / Classes | |||
Advanced Windows Exploitation (AWE) | by Offensive Security with complementary OSEE (Offensive Security Exploitation Expert) Certification | ||
Cracking The Perimeter (CTP) | by Offensive Security, with complementary OSCE (Offensive Security Certified Expert) Certification | ||
Modern Binary Exploitation (CSCI 4968) | 5,490 | almost 3 years ago | ๐ - by RPISEC at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation |
Software Security Course on Coursera | by University of Maryland | ||
Offensive Computer Security | by W. Owen Redwood and Prof. Xiuwen Liu | ||
Awesome Vulnerability Research / Advisories / Conferences | |||
DEF CON | ๐ - Las Vegas, NV, USA | ||
Black Hat | Las Vegas, NV, USA | ||
Black Hat Europe | London, UK //๐ฅJoin this year on ! | ||
Black Hat Asia | Singapore | ||
BSides | ๐ - Worldwide | ||
BruCON | Brussels, Belgium | ||
Chaos Communication Congress (CCC) | ๐ - Hamburg, Germany | ||
Code Blue | Tokyo, Japan | ||
Nullcon | Goa, India | ||
44CON | London, UK | ||
AppSecUSA | Washington DC | ||
OWASP AppSec EU | Europewide | ||
Positive Hack Days | Moscow, Russia | ||
ZeroNights | ๐ - Moscow, Russia | ||
WarCon | ๐ - Warsaw, Poland | ||
Awesome Vulnerability Research / Advisories / Conference talks | |||
Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game | ๐ - by and at 24, 2016 | ||
Writing Vulnerability Reports that Maximize Your Bounty Payouts | by , originally presented at , 2016 | ||
Browser Bug Hunting: Memoirs of a Last Man Standing | , by , presented at , 2013 | ||
Awesome Vulnerability Research / Advisories / Intentionally vulnerable packages | |||
HackSys Extreme Vulnerable Windows Driver | 2,488 | 3 months ago | |
Awesome Vulnerability Research / Advisories / Presentations | |||
Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game [PDF] | ๐ - by and at 24, 2016 | ||
Effective File Format Fuzzing [PDF] | ๐ - by presented at , 2016 | ||
Bootstrapping A Security Research Project [PDF] | or - by at SOURCE Boston, 2016 | ||
Bug Hunting with Static Code Analysis [PDF] | by Nick Jones, MWR Labs, 2016 | ||
Awesome Vulnerability Research / Advisories / Relevant Standards | |||
CVE | Common Vulnerabilities and Exposures, maintained by the | ||
CWE | Common Weakness Enumeration, maintained by the | ||
CVSS | Common Vulnerability Scoring System, maintained by | ||
ISO/IEC 29147:2014 | ๐ฐ - Vulnerability Disclosure Standard | ||
RFPolicy 2.0 | Full Disclosure Policy (RFPolicy) v2.0 by | ||
Awesome Vulnerability Research / Advisories / Research Papers | |||
TSIG Authentication Bypass Through Signature Forgery in ISC BIND [PDF] | ๐ฅ - Clรฉment BERTHAUX, Synacktiv, | ||
Taking Windows 10 Kernel Exploitation to the Next Level โ Leveraging WRITE-WHAT-WHERE Vulnerabilities in Creators Update [PDF] | 179 | over 7 years ago | ๐ฅ - , originally presented at 2017 |
Awesome Vulnerability Research / Advisories / Tools and Projects | |||
Windbg | The preferred debugger by exploit writers | ||
ltrace | Intercepts library calls | ||
ansvif | An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code | ||
Metasploit Framework | A framework which contains some fuzzing capabilities via Auxiliary modules | ||
Spike | A fuzzer development framework like sulley, a predecessor of sulley | ||
Google Sanitizers | 11,559 | about 1 month ago | A repo with extended documentation, bugs and some helper code for the AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer. The actual code resides in the repository |
FLARE VM | 6,637 | 7 days ago | ๐ฅ - FLARE (FireEye Labs Advanced Reverse Engineering) a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc |
hackers-grep | 170 | over 6 years ago | The hackers-grep is a tool that enables you to search for strings in PE files. The tool is capable of searching strings, imports, exports, and public symbols (like woah) using regular expressions |
Grinder | 415 | over 2 years ago | Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes |
Choronzon | 268 | 7 months ago | An evolutionary knowledge-based fuzzer |
boofuzz | 2,045 | 8 days ago | A fork and successor of Sulley framework |
Awesome Vulnerability Research / Advisories / Vendorโs bug databases | |||
Google Chrome issue tracker | The Chromium Project | ||
Awesome Vulnerability Research / Advisories / Websites | |||
Corelan Team | |||
FuzzySecurity | by | ||
Fuzzing Blogs | by fuzzing.info | ||
j00ru//vx tech blog | ๐ - Coding, reverse engineering, OS internals covered one more time | ||
Awesome Vulnerability Research / Advisories / Who to Follow | |||
(join now) | ๐Security Champions | ||
FuzzySecurity | |||
jksecurity | |||
MortenSchenk | |||
(@thegrugq) | the grugq | ||
(@jduck) | ๐Joshua Drake | ||
(@sushidude) | ๐Steve Christey Coley | ||
(@andrewsmhay) | Andrew M. Hay | ||
(@thegrugq) | the grugq | ||
(@FuzzySec) | b33f | ||
(@timstrazz) | Tim Strazzere | ||
(@wpawlikowski) | Wojciech Pawlikowski | ||
(@attekett) | Atte Kettunen | ||
(@h0wlu) | Pawel Wylecial | ||
(@antisnatchor) | Hooked Browser | ||
(@Kym_Possible) | Kymberlee Price | ||
(@MichalKoczwara) | Michael Koczwara | ||
(@j00ru) | Mateusz Jurczyk | ||
(@ProjectZeroBugs) | Project Zero Bugs - Cheks for new bug reports every 10 minutes. Not affiliated with Google | ||
(@HackwithGithub) | Hack with GitHub - Open source hacking tools for hackers and pentesters | ||
Awesome Vulnerability Research / Coordinated Disclosure | |||
SecuriTeam Secure Disclosure (SSD) | SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers, for researchers and will give you the fast response and great support you need to make top dollar for your discoveries | ||
The Zero Day Initiative (ZDI) | ZDI is originally founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. Currently managed by Trend Micro | ||
Awesome Vulnerability Research / Common Lists / Awesome Lists | |||
Awesome AppSec | 6,353 | 5 months ago | A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes |
Awesome Web Security | 11,503 | 10 months ago | A curated list of Web Security materials and resources |
Awesome Fuzzing | 5,364 | 8 months ago | A curated list of fuzzing resources for learning Fuzzing and initial phases of Exploit Development like root cause analysis |
Awesome Vulnerability Research / Common Lists / Other Lists | |||
Hack with Github | 86,146 | 3 months ago | Open source hacking tools for hackers and pentesters |
Movies for Hackers | 10,637 | 4 months ago | A list of movies every cyberpunk must watch |
SecLists | 58,912 | 4 days ago | SecLists is the security tester's companion |
Awesome Vulnerability Research / Thanks | |||
(@jduck) | Joshua Drake and Steve Christey Coley for the inspiration! | ||
you, who has sent the pull requests | 1,136 | almost 4 years ago | And sure everyone of or a link to add here! |