Security research

Security research #

Learning Resource #

  • Proof of Concept or GTFO mirror by Ange Albertini: [Link] [GitHub]
  • How the Best Hackers Learn Their Craft: [YouTube]
  • Open Security Training: [Link]
  • Awesome-Hacking: A collection of various awesome lists for hackers, pentesters and security researchers
  • wargame-nexus: A sorted and updated list of security wargame sites
  • 1earn: The security knowledge framework maintained by the fffffff0x team includes content that is not limited to web security, industrial control security, forensics, emergency response, blue team facility deployment, post-infiltration, Linux security, and various target drone writeups
  • AppSecEzine: AppSec Ezine Public repository

Reverse engineering #

Tools #

  • awesome-reverse-engineering: Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts& videos)
  • cutter: Free and Open Source Reverse Engineering Platform powered by rizin
  • ghidra: Ghidra is a software reverse engineering (SRE) framework
  • qira: QEMU Interactive Runtime Analyser
  • ttdbg: Time travel debugging IDA plugin
  • voltron: A hacky debugger UI for hackers
  • rr: Record and replay framework
  • idaplugins-list: A list of IDA Plugins
  • ImHex: A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM
  • GDB stuff
    • gdb-frontend: GDBFrontend is an easy, flexible and extensible gui debugger
    • gef: GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
    • gdb-dashboard: Modular visual interface for GDB in Python
    • gdbgui: Browser-based frontend to gdb (gnu debugger). Add breakpoints, view the stack, visualize data structures, and more in C, C++, Go, Rust, and Fortran. Run gdbgui from the terminal and a new tab will open in your browser
  • Data visualization
    • katai-struct: Kaitai Struct: declarative language to generate binary data parsers in C++/ C#/ Go/ Java/ JavaScript/ Lua/ Nim/ Perl/ PHP/ Python/ Ruby
    • binocle: A graphical tool to visualize binary data

Exploit development #


Web security #

Tools #

  • hetty: An HTTP toolkit for security research

Anti-analysis #


Symbolic execution #

Tools #

  • angr: A powerful and user-friendly binary analysis platform!
  • Triton: Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code

Malware development #

  • maldev-for-dummies: A workshop about Malware Development
  • al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection
  • building-c2-implants-in-cpp: The source code files that accompany the short book “Building C2 Implants in C++: A Primer” by Steven Patterson

Fuzzing #

Tutorials #

  • google/fuzzing: Tutorials, examples, discussions, research proposals, and other resources related to fuzzing

Tools #


Tools #

  • static-analysis: A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality
  • osx-and-ios-security-awesome: OSX and iOS related security tools
  • macOS-iOS-system-security: Here is some resources about macOS/iOS system security
  • awesome-hardening: A collection of awesome security hardening guides, tools and other resources