Reading Material
All kinds of infosec related stuff to read goes here.
We have
- Tutorials
- Cool blogs
- Nice articles
- ... and more...
Contributing
If you have any cool content, please link to it via a PR.
The actual stuff
Blog Posts
- 2000 cuts with Binary Ninja
- Knowing your Binary! -- blog by Akash Trehan
- Writing your own shellcode -- blog by Paras Chetal -- deadlink:paraschetal.in/writing-your-own-shellcode
- Diving into r2
- CMU Binary Bomb -- r2 and angr
- GDB Example ncurses
- Exploring Python using GDB
- Roposaurusrex -- a primer on return oriented programming
- Exploiting PHP File Inclusion
- How the heck do we get to main()?
- 10 things InfoSec professionals need to know about networking
- ELF executable reconstruction from a core image
- Manual SQL Injection Discovery Tips
- Intro to r2
- GCC-Inline-Assembly-HOWTO
- GDB Basics
- XSSed - some practically done xss attacks
- Vudo malloc tricks
- Once upon a free()
- A Magnetized Needle and a Steady Hand -- elf structures with a nice storyline.
- How To Become A Hacker by Eric Steven Raymond
Blogs
Multiple blogposts on these blogs are good reads, so rather than listing them each separately above, we just link to the entire blog here :)
- Diary of a Reverse Engineer
- lcamtuf's blog - lcamtuf is the creator of AFL (american fuzzy lop) and writes a lot of great stuff
- Liveoverflow
- Fuzzy Security Tutorials -- bunch of good reads
Books
- A Bug Hunter's Diary
- Tangled Web
- Serious Cryptography
- PoC || GTFO volume 1
- PoC || GTFO volume 2
- The Art of Software Security Assesment
- Hacking: The Art of Exploitation
- The Shellcoder's Handbook
Cheat Sheets, Charts
- PHP Security Cheat Sheet
- Local File Inclusion
- Libheap Heap Flowchart
- Calling Conventions - Detailed description of calling conventions across different compilers and operating systems. Maintained by Agner Fog.
- Penetration testing tools cheat sheet
- Enumeration cheat sheet
Culture, History, Zines, Lore
- The Conscience of a Hacker by the Mentor
- Phrack
- Pwnies
- PoC || GTFO
- Paged Out
Githubs, Gists, lists
- How to start in Infosec
- Awesome Hacking Resources list
- Awesome reverse engineering resources
- CTF pwn Tips
- BinTut - BinTut is a set of tutorials, as well as exercises.
- Sonic Hacking Utilities
- How 2 Heap -- a repository for learning various heap exploitation techniques
Pastebins
- Crypto challenges list 2017
- Crypto challenges list 2016
- Crypto challenges list 2015
- Pwn challenges list
- Rev challenges list
- Web challenges list 2016
Podcasts
Practice/Wargames
- Pentester's Lab -- specifically try the Web For Pentester 1 and 2
- Websec Learning
- hacksplaining - Good set of challenges
- ROP Emporium
- ctf4u
White-papers, Research papers, Slides, Wikis
- Format String Exploitation
- Exploiting Format String Vulnerabilities
- Advanced SQL Injection in SQL Server Applications -- great sqli primer
- A Crash Course in x86 Assembly for Reverse Engineers
- Sour Pickles -- Python pickle problems
- OWASP Top 10 - Presentatioin on Top 10 Web Application Vulnerabilities and how to avoid them.
- RSA Attacks - Explanation of various RSA attacks
- Malloc Internals - glibc wiki
- Reflections on Trusting Trust by Ken Thompson
- x86 Assembly Guide
- Address Sanitizer
- Cache Attacks Enable Bulk Key Recovery on the Cloud
- The Art, Science, and Engineering of Fuzzing: A Survey
- Fuzzing: A Survey
Youtube
- Conferences
- Creators
- Videos
- x86 Assembly Crash Course
- AFL fuzzing primer -- BSidesSF. Fuzz smarter, not harder. Craig Young.
- Fuzzing 101 -- Fuzzing 101