A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
-
Hacking - The art of exploitation http://amzn.to/2izehnJ
-
A bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security http://amzn.to/2jMcppK
-
The Shellcoder's Handbook: Discovering and Exploiting Security Holes http://amzn.to/2jSAZcC
-
Sockets, shellcode, Porting, and coding: reverse engineering Exploits and Tool coding for security professionals http://amzn.to/2jSCeZo
-
Writing Security tools and Exploits http://amzn.to/2jkYTMZ
-
Buffer overflow attacks: Detect, exploit, Prevent http://amzn.to/2jM6pgL
-
Metasploit toolkit for Penetration Testing, exploit Development, and vulnerability research http://amzn.to/2itTsqJ
-
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
-
https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
-
https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/
-
https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/
-
https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/
-
https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/
-
https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/
-
https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/
-
https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/
-
https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/
-
https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
-
https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/
-
http://www.securitytube.net/groups?operation=view&groupId=7 exploit research megaprimer
-
http://www.securitytube.net/groups?operation=view&groupId=4 buffer overflow exploitation for linux megaprimer
-
http://www.securitytube.net/groups?operation=view&groupId=3 Format string vulnerabilities megaprimer
-
http://www.securitysift.com/windows-exploit-development-part-1-basics/
-
http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
-
http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
-
http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
-
http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting
-
http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits
-
http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows
- https://www.offensive-security.com/information-security-training/advanced-windows-exploitation/ AWE (Advanced Windows exploitation)
- https://www.sans.org/course/advance-exploit-development-pentetration-testers SANS SEC760: Advanced Exploit Development for Penetration Testers
- https://www.udemy.com/windows-exploit-development-megaprimer/learn/#/ Windows exploit Development Megaprimer by Ajin Abraham
-
IDA Pro
-
OllyDbg
-
WinDbg
-
Mona.py
Please have a look at
- Best Hacking Books
- Best Reverse Engineering Books
- Best Machine learning Books
- Best 5 books Programming Books
- Best Java Books
Window exploit developnment resources
1.https://github.com/gungage53/windows-exploit-development 2.https://github.com/FULLSHADE/OSCE/blob/master/README.md 3.https://github.com/r3p3r/nixawk-awesome-windows-exploitation 4.https://github.com/castrated/Windows-Exploit-Development-practice 5.https://github.com/freddiebarrsmith/Advanced-Windows-Exploit-Development-Practice 6.https://github.com/mtomassoli/papers/blob/master/Modern%20Windows%20Exploit%20Development.pdf 7.https://github.com/naivenom/exploiting 8.https://github.com/WindowsExploits/Exploits 9.https://github.com/mgeeky/Exploit-Development-Tools 10.https://www.reddit.com/r/ExploitDev/comments/7zdrzc/exploit_development_learning_roadmap/ 11.https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/ -----> Heap Overflow 12.https://blog.rapid7.com/author/wei-chen/page/ 13.https://www.shogunlab.com/blog/ 14.https://github.com/takuzoo3868/ctf/blob/master/docs/DostoevskyLabs/chapter-6.md 15.https://www.corelan.be/index.php/articles/ 16.https://www.shogunlab.com/blog/2017/08/11/zdzg-windows-exploit-0.html 17.https://github.com/Billy-Ellis/Exploit-Challenges