securitychampions / Awesome Vulnerability Research
Licence: other
🦄 A curated list of the awesome resources about the Vulnerability Research
Stars: ✭ 658
Projects that are alternatives of or similar to Awesome Vulnerability Research
Frida Fuzzer
This experimetal fuzzer is meant to be used for API in-memory fuzzing.
Stars: ✭ 415 (-36.93%)
Mutual labels: fuzzing
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-25.23%)
Mutual labels: fuzzing
Netzob
Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
Stars: ✭ 584 (-11.25%)
Mutual labels: fuzzing
Graphicsfuzz
A testing framework for automatically finding and simplifying bugs in graphics shader compilers.
Stars: ✭ 448 (-31.91%)
Mutual labels: fuzzing
Awesome Appsec
A curated list of resources for learning about application security
Stars: ✭ 4,761 (+623.56%)
Mutual labels: reading-list
0d1n
Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
Stars: ✭ 506 (-23.1%)
Mutual labels: fuzzing
Kafl
Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Stars: ✭ 486 (-26.14%)
Mutual labels: fuzzing
Hypothesis
Hypothesis is a powerful, flexible, and easy to use library for property-based testing.
Stars: ✭ 5,571 (+746.66%)
Mutual labels: fuzzing
Qsym
QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
Stars: ✭ 459 (-30.24%)
Mutual labels: fuzzing
Knowledge Distillation Papers
knowledge distillation papers
Stars: ✭ 422 (-35.87%)
Mutual labels: reading-list
Crosshair
An analysis tool for Python that blurs the line between testing and type systems.
Stars: ✭ 586 (-10.94%)
Mutual labels: fuzzing
Awesome Critical Tech Reading List
A reading list for the modern critical programmer
Stars: ✭ 644 (-2.13%)
Mutual labels: reading-list
Deepstate
A unit test-like interface for fuzzing and symbolic execution
Stars: ✭ 603 (-8.36%)
Mutual labels: fuzzing
Awesome Vulnerability Research 
🦄 A curated list of the awesome resources about the Vulnerability Research
First things first: There are no exploits in this project.
Vulnerabilities != ExploitsA Vulnerability resides in the software itself, doing nothing on its own. If you are really curious about then you’ll find your own way to discover a flow, this list aimed to help you find it faster.
Maintained by Sergey Pronin with contributions from the community. Become the next 🌟 stargazer or ✍️ contributor.
Vulnerability Research is the process of analyzing a product, protocol, or algorithm - or set of related products - to find, understand or exploit one or more vulnerabilities. Vulnerability research can but does not always involve reverse engineering, code review, static and dynamic analysis, fuzzing and debugging.
Purpose
Currently, there is way more insecure code out there than researchers. Much more people looking at code that’s deployed in the real world are required by the market. This project exists to share a different awesome sources of information with you and encourage more people to get involved. Here you will find books and articles, online classes, recommended tools, write-ups, methodologies and tutorials, people to follow, and more cool stuff about Vulnerability Research and tinkering with application execution flow in general.
Contributing
This List is published according to the "Done is better than Perfect" approach, so your contributions and suggestions are very valuable and are always welcome! There are two options:
- Use the standard method of forking this repo, making your changes and doing a pull request to have your content added. Please check the Contributing Guideline for more details.
- Occasionally, if you just want to copy/paste your content, I'll take that too! Create an "Issue" with your suggestions and I will add it for you.
Legend:
- 🌟: Most Awesome
- 💰: Costs Money
- 🔥: Hot Stuff
- 🎁: For FREE
Contents
- Awesome Vulnerability Research
- Purpose
- Contributing
-
Advisories
- Articles
- Books
- Classes
- Conferences
- Conference talks
- Intentionally vulnerable packages
- Mailing lists and Newsletters
- Presentations
- Podcasts and Episodes
- Relevant Standards
- Research Papers
- Tools and Projects
- Tutorials
- Videos
- Vendor’s bug databases
- Vulnerability databases
- Wargames and CTFs
- Websites
- Who to Follow
- Miscellaneous Advisories
- Companies and Jobs
- Coordinated Disclosure
- Common Lists
- Thanks
- Glossary
- License
Advisories
Articles
- Super Awesome Fuzzing, Part One - by Atte Kettunen and Eero Kurimo, 2017
- From Fuzzing Apache httpd Server to CVE-2017-7668 and a $1500 Bounty - by Javier Jiménez, 2017
- Root cause analysis of integer flow - by Corelan Team, 2013
Books
- 🌟The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities - by Mark Dowd, John McDonald, Justin Schuh - published 2006, ISBN-13: 978-0321444424 / ISBN-10: 9780321444424
- 🌟The Shellcoder's Handbook: Discovering and Exploiting Security Holes - by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte - published 2007, 2nd Edition, ISBN-13: 978-0470080238 / ISBN-10: 047008023X
Classes
- Advanced Windows Exploitation (AWE) - by Offensive Security with complementary OSEE (Offensive Security Exploitation Expert) Certification
- Cracking The Perimeter (CTP) - by Offensive Security, with complementary OSCE (Offensive Security Certified Expert) Certification
- 🎁Modern Binary Exploitation (CSCI 4968) - by RPISEC at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.
- Software Security Course on Coursera - by University of Maryland.
- Offensive Computer Security - by W. Owen Redwood and Prof. Xiuwen Liu.
Conferences
- 🌟DEF CON - Las Vegas, NV, USA
- Black Hat - Las Vegas, NV, USA
- Black Hat Europe - London, UK //🔥Join me this year on Dec, 7-10, 2020!
- Black Hat Asia - Singapore
- 🎁BSides - Worldwide
- BruCON - Brussels, Belgium
- 🌟Chaos Communication Congress (CCC) - Hamburg, Germany
- Code Blue - Tokyo, Japan
- Nullcon - Goa, India
- 44CON - London, UK
- AppSecUSA - Washington DC
- OWASP AppSec EU - Europewide
- Positive Hack Days - Moscow, Russia
- 🌟ZeroNights - Moscow, Russia
- 🌟WarCon - Warsaw, Poland
Conference talks
- 🌟Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game - by Joshua Drake and Steve Christey Coley at DEFCON 24, 2016
- Writing Vulnerability Reports that Maximize Your Bounty Payouts - by Kymberlee Price, originally presented at Nullcon, 2016
- Browser Bug Hunting: Memoirs of a Last Man Standing, by Atte Kettunen, presented at 44CON, 2013
Intentionally vulnerable packages
Mailing lists and Newsletters
Presentations
- 🌟Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game [PDF] - by Joshua Drake and Steve Christey Coley at DEFCON 24, 2016
- 🌟Effective File Format Fuzzing [PDF] - by Mateusz “j00ru” Jurczyk presented at BlackHat EU, 2016
- Bootstrapping A Security Research Project [PDF] or Speaker Deck - by Andrew M. Hay at SOURCE Boston, 2016
- Bug Hunting with Static Code Analysis [PDF] - by Nick Jones, MWR Labs, 2016
Podcasts and Episodes
Podcasts
Episodes
Relevant Standards
- CVE - Common Vulnerabilities and Exposures, maintained by the MITRE Corporation
- CWE - Common Weakness Enumeration, maintained by the MITRE Corporation
- CVSS - Common Vulnerability Scoring System, maintained by FIRST (Forum of Incident Response and Security Teams)
Miscellaneous Documents
- 💰ISO/IEC 29147:2014 - Vulnerability Disclosure Standard
- RFPolicy 2.0 - Full Disclosure Policy (RFPolicy) v2.0 by Packet Storm
Research Papers
Whitepapers
- 🔥TSIG Authentication Bypass Through Signature Forgery in ISC BIND [PDF] - Clément BERTHAUX, Synacktiv, CVE-2017-3143
Individual researchers
- 🔥Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging WRITE-WHAT-WHERE Vulnerabilities in Creators Update [PDF] - Morten Schenk, originally presented at Black Hat 2017
Tools and Projects
- Windbg - The preferred debugger by exploit writers.
- ltrace - Intercepts library calls
- ansvif - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code.
- Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules.
- Spike - A fuzzer development framework like sulley, a predecessor of sulley.
GitHub repos
- Google Sanitizers - A repo with extended documentation, bugs and some helper code for the AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer. The actual code resides in the LLVM repository.
- 🔥FLARE VM - FLARE (FireEye Labs Advanced Reverse Engineering) a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
- hackers-grep - The hackers-grep is a tool that enables you to search for strings in PE files. The tool is capable of searching strings, imports, exports, and public symbols (like woah) using regular expressions.
- Grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
- Choronzon - An evolutionary knowledge-based fuzzer
- boofuzz - A fork and successor of Sulley framework
Tutorials
Videos
Vendor’s bug databases
- Google Chrome issue tracker - The Chromium Project. Google Account Required
Vulnerability databases
Wargames and CTFs
Websites
- Corelan Team
- FuzzySecurity by b33f
- Fuzzing Blogs - by fuzzing.info
Blogs
- 🌟j00ru//vx tech blog - Coding, reverse engineering, OS internals covered one more time
Who to Follow
Discord
- 🌟Security Champions (join now)
GitHub
Medium
- the grugq (@thegrugq)
- 🌟Joshua Drake (@jduck)
- 🌟Steve Christey Coley (@sushidude)
- Andrew M. Hay (@andrewsmhay)
- the grugq (@thegrugq)
- b33f (@FuzzySec)
- Tim Strazzere (@timstrazz)
- Wojciech Pawlikowski (@wpawlikowski)
- Atte Kettunen (@attekett)
- Pawel Wylecial (@h0wlu)
- Hooked Browser (@antisnatchor)
- Kymberlee Price (@Kym_Possible)
- Michael Koczwara (@MichalKoczwara)
- Mateusz Jurczyk (@j00ru)
- Project Zero Bugs (@ProjectZeroBugs) - Cheks for new bug reports every 10 minutes. Not affiliated with Google.
- Hack with GitHub (@HackwithGithub) - Open source hacking tools for hackers and pentesters.
Miscellaneous Advisories
Companies and Jobs
Coordinated Disclosure
- SecuriTeam Secure Disclosure (SSD) - SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers, for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.
- The Zero Day Initiative (ZDI) - ZDI is originally founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. Currently managed by Trend Micro.
Common Lists
Awesome Lists
- Awesome AppSec - A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.
- Awesome Web Security - A curated list of Web Security materials and resources.
- Awesome Fuzzing - A curated list of fuzzing resources for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
Other Lists
- Hack with Github - Open source hacking tools for hackers and pentesters.
- Movies for Hackers - A list of movies every cyberpunk must watch.
- SecLists - SecLists is the security tester's companion.
Thanks
- Joshua Drake (@jduck) and Steve Christey Coley (@sushidude) for the inspiration!
- @yournamehere for the most awesome contributions
- And sure everyone of you, who has sent the pull requests or suggested a link to add here!
Thanks a lot!
License
This work is licensed under a Creative Commons Attribution Share-Alike 4.0 International License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].