转:https://github.com/re-pronin/Awesome-Vulnerability-Research
Awesome Vulnerability Research
🦄 A curated list of the awesome resources about the Vulnerability Research
First things first: There are no exploits in this project.
Vulnerabilities != Exploits
A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious about then you’ll find your own way to discover a flow, this list aimed to help you find it faster.
Maintained by Serhii Pronin with contributions from the community. Become the next 🌟 stargazer or ✍️ contributor.
In case of emergency gimme a shout 🔑 PGP key fingerprint: 2B56 34F1 51A3 84E0 A039 7815 793A 1A66 A341 8A12
Vulnerability Research is the process of analyzing a product, protocol, or algorithm - or set of related products - to find, understand or exploit one or more vulnerabilities. Vulnerability research can but does not always involve reverse engineering, code review, static and dynamic analysis, fuzzing and debugging.
Purpose
Currently, there is way more insecure code out there than researchers. Much more people looking at code that’s deployed in the real world are required by the market. This project exists to share a different awesome sources of information with you and encourage more people to get involved. Here you will find books and articles, online classes, recommended tools, write-ups, methodologies and tutorials, people to follow, and more cool stuff about Vulnerability Research and tinkering with application execution flow in general.
Contributing
This List is published according to the "Done is better than Perfect" approach, so your contributions and suggestions are very valuable and are always welcome! There are two options:
- Use the standard method of forking this repo, making your changes and doing a pull request to have your content added. Please check the Contributing Guideline for more details.
- Occasionally, if you just want to copy/paste your content, I'll take that too! Create an "Issue" with your suggestions and I will add it for you.
Legend:
- 🌟: Most Awesome
- 💰: Costs Money
- 🔥: Hot Stuff
- 🎁: For FREE
Contents
- Awesome Vulnerability Research
- Purpose
- Contributing
- Advisories
- Articles
- Books
- Classes
- Conferences
- Conference talks
- Intentionally vulnerable packages
- Mailing lists and Newsletters
- Presentations
- Podcasts and Episodes
- Relevant Standards
- Research Papers
- Tools and Projects
- Tutorials
- Videos
- Vendor’s bug databases
- Vulnerability databases
- Wargames and CTFs
- Websites
- Who to Follow
- Miscellaneous Advisories
- Companies and Jobs
- Coordinated Disclosure
- Common Lists
- Thanks
- Glossary
- License
Advisories
Articles
- Super Awesome Fuzzing, Part One - by Atte Kettunen and Eero Kurimo, 2017
- From Fuzzing Apache httpd Server to CVE-2017-7668 and a $1500 Bounty - by Javier Jiménez, 2017
- Root cause analysis of integer flow - by Corelan Team, 2013
Books
- 🌟The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities - by Mark Dowd, John McDonald, Justin Schuh - published 2006, ISBN-13: 978-0321444424 / ISBN-10: 9780321444424
- 🌟The Shellcoder's Handbook: Discovering and Exploiting Security Holes - by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte - published 2007, 2nd Edition, ISBN-13: 978-0470080238 / ISBN-10: 047008023X
Classes
- Advanced Windows Exploitation (AWE) - by Offensive Security with complementary OSEE (Offensive Security Exploitation Expert) Certification
- Cracking The Perimeter (CTP) - by Offensive Security, with complementary OSCE (Offensive Security Certified Expert) Certification
- 🎁Modern Binary Exploitation (CSCI 4968) - by RPISEC at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.
- Software Security Course on Coursera - by University of Maryland.
- Offensive Computer Security - by W. Owen Redwood and Prof. Xiuwen Liu.
Conferences
- 🌟DEF CON - Las Vegas, NV, USA
- Black Hat - Las Vegas, NV, USA
- Black Hat Europe - London, UK //🔥Join me this year on Dec 4-7, 2017!
- Black Hat Asia - Singapore
- 🎁BSides - Worldwide //🔥Join me this year in Warsaw on Oct 13-15, 2017!
- BruCON - Brussels, Belgium
- 🌟Chaos Communication Congress (CCC) - Hamburg, Germany
- Code Blue - Tokyo, Japan
- Nullcon - Goa, India
- 44CON - London, UK
- AppSecUSA - Washington DC
- OWASP AppSec EU - Europewide
- Positive Hack Days - Moscow, Russia
- 🌟ZeroNights - Moscow, Russia //🔥Join me this year on Nov 16-17, 2017!
- 🌟WarCon - Warsaw, Poland
Conference talks
- 🌟Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game - by Joshua Drake and Steve Christey Coley at DEFCON 24, 2016
- Writing Vulnerability Reports that Maximize Your Bounty Payouts - by Kymberlee Price, originally presented at Nullcon, 2016
- Browser Bug Hunting: Memoirs of a Last Man Standing, by Atte Kettunen, presented at 44CON, 2013
Intentionally vulnerable packages
Mailing lists and Newsletters
Presentations
- 🌟Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game [PDF] - by Joshua Drake and Steve Christey Coley at DEFCON 24, 2016
- 🌟Effective File Format Fuzzing [PDF] - by Mateusz “j00ru” Jurczyk presented at BlackHat EU, 2016
- Bootstrapping A Security Research Project [PDF] or Speaker Deck - by Andrew M. Hay at SOURCE Boston, 2016
- Bug Hunting with Static Code Analysis [PDF] - by Nick Jones, MWR Labs, 2016
Podcasts and Episodes
Podcasts
Episodes
Relevant Standards
- CVE - Common Vulnerabilities and Exposures, maintained by the MITRE Corporation
- CWE - Common Weakness Enumeration, maintained by the MITRE Corporation
- CVSS - Common Vulnerability Scoring System, maintained by FIRST (Forum of Incident Response and Security Teams)
Miscellaneous Documents
- 💰ISO/IEC 29147:2014 - Vulnerability Disclosure Standard
- RFPolicy 2.0 - Full Disclosure Policy (RFPolicy) v2.0 by Packet Storm
Research Papers
Whitepapers
- 🔥TSIG authentication bypass through signature forgery in ISC BIND [PDF] - Clément BERTHAUX, Synacktiv, CVE-2017-3143
Individual researchers
Tools and Projects
- Windbg - The preferred debugger by exploit writers.
- ltrace - Intercepts library calls
- ansvif - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code.
- Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules.
- Spike - A fuzzer development framework like sulley, a predecessor of sulley.
GitHub repos
- Google Sanitizers - A repo with extended documentation, bugs and some helper code for the AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer. The actual code resides in the LLVM repository.
- hackers-grep - The hackers-grep is a tool that enables you to search for strings in PE files. The tool is capable of searching strings, imports, exports, and public symbols (like woah) using regular expressions.
- Grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
- Choronzon - An evolutionary knowledge-based fuzzer boofuzz - A fork and successor of Sulley framework.
Tutorials
Videos
Vendor’s bug databases
- Google Chrome issue tracker - The Chromium Project. Google Account Required
Vulnerability databases
Wargames and CTFs
Websites
- Corelan Team
- FuzzySecurity by b33f
- Fuzzing Blogs - by fuzzing.info
Blogs
- 🌟j00ru//vx tech blog - Coding, reverse engineering, OS internals covered one more time
Who to Follow
GitHub
Mastodon
Medium
- the grugq (@thegrugq)
Slack
SlideShare
Speaker Deck
Telegram
- 🌟Joshua Drake (@jduck)
- 🌟Steve Christey Coley (@sushidude)
- Andrew M. Hay (@andrewsmhay)
- the grugq (@thegrugq)
- b33f (@FuzzySec)
- Tim Strazzere (@timstrazz)
- Wojciech Pawlikowski (@wpawlikowski)
- Atte Kettunen (@attekett)
- Pawel Wylecial (@h0wlu)
- Hooked Browser (@antisnatchor)
- Kymberlee Price (@Kym_Possible)
- Michael Koczwara (@MichalKoczwara)
- Mateusz Jurczyk (@j00ru)
- Project Zero Bugs (@ProjectZeroBugs) - Cheks for new bug reports every 10 minutes. Not affiliated with Google.
- Hack with GitHub (@HackwithGithub) - Open source hacking tools for hackers and pentesters.
Miscellaneous Advisories
Companies and Jobs
Coordinated Disclosure
Common Lists
Awesome Lists
- Awesome AppSec - A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.
- Awesome Web Security - A curated list of Web Security materials and resources.
Other Lists
- Hack with Github - Open source hacking tools for hackers and pentesters.
- Movies for Hackers - A list of movies every cyberpunk must watch.
- SecLists - SecLists is the security tester's companion.
Thanks
- Joshua Drake (@jduck) and Steve Christey Coley (@sushidude) for the inspiration!
- @yournamehere for the most awesome contributions
- And sure everyone of you, who has sent the pull requests or suggested a link to add here!
Thanks a lot!