Security research #

Learning Resource #

• Proof of Concept or GTFO mirror by Ange Albertini: [Link] [GitHub]
• How the Best Hackers Learn Their Craft: [YouTube]
• Open Security Training: [Link]
• Awesome-Hacking: A collection of various awesome lists for hackers, pentesters and security researchers
• wargame-nexus: A sorted and updated list of security wargame sites
• 1earn: The security knowledge framework maintained by the fffffff0x team includes content that is not limited to web security, industrial control security, forensics, emergency response, blue team facility deployment, post-infiltration, Linux security, and various target drone writeups
• AppSecEzine: AppSec Ezine Public repository

Reverse engineering #

Tools #

• awesome-reverse-engineering: Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts& videos)
• cutter: Free and Open Source Reverse Engineering Platform powered by rizin
• ghidra: Ghidra is a software reverse engineering (SRE) framework
• qira: QEMU Interactive Runtime Analyser
• ttdbg: Time travel debugging IDA plugin
• voltron: A hacky debugger UI for hackers
• rr: Record and replay framework
• idaplugins-list: A list of IDA Plugins
• ImHex: A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM
• GDB stuff
  • gdb-frontend: GDBFrontend is an easy, flexible and extensible gui debugger
  • gef: GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
  • gdb-dashboard: Modular visual interface for GDB in Python
  • gdbgui: Browser-based frontend to gdb (gnu debugger). Add breakpoints, view the stack, visualize data structures, and more in C, C++, Go, Rust, and Fortran. Run gdbgui from the terminal and a new tab will open in your browser
• Data visualization
  • katai-struct: Kaitai Struct: declarative language to generate binary data parsers in C++/ C#/ Go/ Java/ JavaScript/ Lua/ Nim/ Perl/ PHP/ Python/ Ruby
  • binocle: A graphical tool to visualize binary data

Exploit development #

• malware-and-exploitdev-resources

Web security #

Tools #

• hetty: An HTTP toolkit for security research

Anti-analysis #

• WubbabooMark: Debugger Anti-Detection Benchmark

Symbolic execution #

Tools #

• angr: A powerful and user-friendly binary analysis platform!
• Triton: Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code

Malware development #

• maldev-for-dummies: A workshop about Malware Development
• al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection
• building-c2-implants-in-cpp: The source code files that accompany the short book “Building C2 Implants in C++: A Primer” by Steven Patterson

Fuzzing #

Tutorials #

• google/fuzzing: Tutorials, examples, discussions, research proposals, and other resources related to fuzzing

Tools #

• radamsa: A general-purpose fuzzer

Tools #

• static-analysis: A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality
• osx-and-ios-security-awesome: OSX and iOS related security tools
• macOS-iOS-system-security: Here is some resources about macOS/iOS system security
• awesome-hardening: A collection of awesome security hardening guides, tools and other resources