Reading Material

All kinds of infosec related stuff to read goes here.

We have

• Tutorials
• Cool blogs
• Nice articles
• ... and more...

Contributing

If you have any cool content, please link to it via a PR.

The actual stuff

Blog Posts

• 2000 cuts with Binary Ninja
• Knowing your Binary! -- blog by Akash Trehan
• Writing your own shellcode -- blog by Paras Chetal -- deadlink:paraschetal.in/writing-your-own-shellcode
• Diving into r2
• CMU Binary Bomb -- r2 and angr
• GDB Example ncurses
• Exploring Python using GDB
• Roposaurusrex -- a primer on return oriented programming
• Exploiting PHP File Inclusion
• How the heck do we get to main()?
• 10 things InfoSec professionals need to know about networking
• ELF executable reconstruction from a core image
• Manual SQL Injection Discovery Tips
• Intro to r2
• GCC-Inline-Assembly-HOWTO
• GDB Basics
• XSSed - some practically done xss attacks
• Vudo malloc tricks
• Once upon a free()
• A Magnetized Needle and a Steady Hand -- elf structures with a nice storyline.
• How To Become A Hacker by Eric Steven Raymond

Blogs

Multiple blogposts on these blogs are good reads, so rather than listing them each separately above, we just link to the entire blog here :)

• Diary of a Reverse Engineer
• lcamtuf's blog - lcamtuf is the creator of AFL (american fuzzy lop) and writes a lot of great stuff
• Liveoverflow
• Fuzzy Security Tutorials -- bunch of good reads

Books

• A Bug Hunter's Diary
• Tangled Web
• Serious Cryptography
• PoC || GTFO volume 1
• PoC || GTFO volume 2
• The Art of Software Security Assesment
• Hacking: The Art of Exploitation
• The Shellcoder's Handbook

Cheat Sheets, Charts

• PHP Security Cheat Sheet
• Local File Inclusion
• Libheap Heap Flowchart
• Calling Conventions - Detailed description of calling conventions across different compilers and operating systems. Maintained by Agner Fog.
• Penetration testing tools cheat sheet
• Enumeration cheat sheet

Culture, History, Zines, Lore

• The Conscience of a Hacker by the Mentor
• Phrack
• Pwnies
• PoC || GTFO
• Paged Out

Githubs, Gists, lists

• How to start in Infosec
• Awesome Hacking Resources list
• Awesome reverse engineering resources
• CTF pwn Tips
• BinTut - BinTut is a set of tutorials, as well as exercises.
• Sonic Hacking Utilities
• How 2 Heap -- a repository for learning various heap exploitation techniques

Pastebins

• Crypto challenges list 2017
• Crypto challenges list 2016
• Crypto challenges list 2015
• Pwn challenges list
• Rev challenges list
• Web challenges list 2016

Podcasts

• Security Now
• risky.biz
• Cyber (Motherboard)
• InSecurity
• DarknetDiaries
• Decipher Security
• Unnamedre

Practice/Wargames

• Pentester's Lab -- specifically try the Web For Pentester 1 and 2
• Websec Learning
• hacksplaining - Good set of challenges
• ROP Emporium
• ctf4u

White-papers, Research papers, Slides, Wikis

• Format String Exploitation
• Exploiting Format String Vulnerabilities
• Advanced SQL Injection in SQL Server Applications -- great sqli primer
• A Crash Course in x86 Assembly for Reverse Engineers
• Sour Pickles -- Python pickle problems
• OWASP Top 10 - Presentatioin on Top 10 Web Application Vulnerabilities and how to avoid them.
• RSA Attacks - Explanation of various RSA attacks
• Malloc Internals - glibc wiki
• Reflections on Trusting Trust by Ken Thompson
• x86 Assembly Guide
• Address Sanitizer
• Cache Attacks Enable Bulk Key Recovery on the Cloud
• The Art, Science, and Engineering of Fuzzing: A Survey
• Fuzzing: A Survey

Youtube

• Conferences
  • USENIX Enigma Conference
  • DEFCON Conference
  • BlackHat
  • CCC
  • OffensiveCon
  • Insomni'hack
  • HITB
• Creators
  • LiveOverflow
  • JackkTutorials
  • GynvaelEN
  • MurmusCTF
  • PwnFunction
  • OALabs
  • STÖK
  • Calle Svensson
  • ippsec
  • gamozolabs
• Videos
  • x86 Assembly Crash Course
  • AFL fuzzing primer -- BSidesSF. Fuzz smarter, not harder. Craig Young.
  • Fuzzing 101 -- Fuzzing 101