'Documentation is a love letter that you write to your future self.' - Damian Conway
Go
- Web Assembly and Go: A look to the future
- Go 1.11: WebAssembly for the gophers
- Using Interfaces and Dependency Injection to Future Proof Your Designs
- Taking Go modules for a spin
- How to build RPC server in golang
- one-file-pdf - A minimalist PDF generator
- Introduction to Go Modules
- Tracking down a Golang memory leak with grmon
- Using Go modules with vendor support on Travis CI
- A quick one-liner to list all imports of your current project
- Go Compiler Internals
- goebpf - Library to work with eBPF programs from Go
- script - Making it easy to write shell-like scripts in Go
- llvm: Library for interacting with LLVM IR in pure Go
.NET
- Mallet, a framework for creating proxies
- House: A Mobile Analysis Platform Built on Frida
- Socks proxy server using PowerShell
- BeRoot: Privilege Escalation Project - Windows / Linux / Mac
- DbgShell: A PowerShell front-end for the Windows debugger engine
- SleuthQL: - Burp History parsing tool to discover potential SQL injection points
- ExchangeRelayX: An NTLM relay tool to the EWS endpoint for on-premise exchange servers
- windows-acl: working with ACLs in Rust
- Notable: Note taking app
- TCPHound: Win32 utility for auditing TCP connections
- PolarProxy is a transparent TLS proxy that creates PCAP files with the decrypted data.
- InfinityHook: Hook system calls, context switches, page faults and more.
- Fermion, an electron wrapper for Frida & Monaco.
- pown-cdb: Automate common Chrome Debug Protocol tasks to help debug web applications from the command-line
- VS Code x Frida
- burptime: Burp Show Response Time.
- Example of using Turbo Intruder in a "listen and attack" mode.
- Dead code elimination with Triton
Static Analysis
- Static Program Analysis book (updated regularly)
- ShellCheck, a static analysis tool for shell scripts
- Security Code Audit - For Fun and Fails
- Horde Webmail - Remote Code Execution via Email - PHP Static Analysis guide
- Shells.Systems - static code analysis archive
Cloud
- AWS Privilege Escalation – Methods and Mitigation
- Analysis of Netflix's Streaming Services Architecture
Mobile - IoT
- Learning Bluetooth Hackery with BLE CTF
- Giving Yourself a Window to Debug a Shared Library Before DT_INIT – with Frida, on Android
- Getting started with Firmware Emulation for IoT Devices
- Patching Binaries with Radare2 – ARM64
- Independent Security Evaluators IoT Writeups
- Let’s write Swift code to intercept SSL Pinning HTTPS Requests
- Android CrackMes
- Defeating an Android Packer with Frida
- Frida-onload: Frida module to hook module initializations on Android
- The Path to the Payload - Android Edition - Recon 2019
- SafetyNet Killer - a Frida script to bypass SafetyNet attestation
- Bypassing Certificate Pinning on iOS 12 with Frida
- Breaking mobile userland w[0x42]alls - Giovanni - iGio90 - Rocca
- Skiptracing: Reversing Spotify.app
- Reverse Engineering the iClicker Base Station
- Calling iOS Native Functions from Python Using Frida and RPC
- UCT - IMEI number disclosure through a text file
CTF
- Collections of 150 CTF Challenges (Vulnhub+HTB)
- Google's Beginner CTF
- Small CTF challenges running on Docker
- CTF Series : Vulnerable Machines
- Dockerscan: Docker Security Analysis Tools
- Defcon DFIR CTF 2018
Netsec
Not Security
- Dealing with Hard Problems
- Generation of diagram and flowchart from text in a similar manner as markdown
- Zotero: An open-source tool to help collect, organize, cite, and share research
- How to Learn Anything... Fast - Josh Kaufman
*nix
- Intercepting and Emulating Linux System Calls with Ptrace
- Sed - An Introduction and Tutorial
- Compiling DLLs with MinGW on Kali
- How hostname to IP address Conversion or Name Resolution works in Linux?
- Lin.security – practice your Linux privilege escalation foo
- Replace a string with a new one in all files using sed and xargs
Windows
- Windows Privilege Escalation Methods for Pentesters
- System call dispatching on Windows ARM64
- Juicy Potato, Local Privilege Escalation tool from a Windows Service Accounts to SYSTEM
- You can't contain me!: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows
- About WriteProcessMemory
- Triaging a DLL planting vulnerability
- Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
- Fix Windows 10 Privacy
- The Art of Becoming TrustedInstaller - Task Scheduler Edition
- Modern Windows Attacks and Defense Lab
- Spying on HTTPS - How Antivirus apps monitor HTTPs
- An In Depth Tutorial on Linux Development on Windows with WSL and Visual Studio Code
- [How To] Identify File Types in Windows
- CVE-2019–13142: Razer Surround Elevation of Privilege
- Executing Code Using Microsoft Teams Updater
- Windows API Hooking
- How to Transfer and Share Files Between Windows and Linux
- Deobfuscating Powershell Scripts
- "whoami /priv" - Hack in Paris 2019
- Sysmon 10 - New features including DNS monitoring
- Hunting COM Objects
- Hello World - Compiling Executables for the Classic POSIX Subsystem on Windows
- 1-click RCE with Skype Web Plugin and QT apps
- Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
- Windows NamedPipes 101 + Privilege Escalation
- DLL Import Redirection in Windows 10 1909
- Debug C++ applications inside the Windows Subsystem for Linux using Visual Studio Code
- CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing
- See the command line of processes in task manager
- A History of MS-RPC and open source equivalents
- Offensive Windows IPC Internals 1: Named Pipes
- Offensive Windows IPC Internals 2: RPC
- Offensive Windows IPC Internals 3: ALPC
- Debugging and Reversing ALPC
- Windows Defender Internals
- CVE-2022-26937: Microsoft Windows Network File System NLM Portmap Stack Buffer Overflow
- Chromium: Web Share API allows to write in UNC paths and/or in C:/Users//AppData/Local/Temp/ on Windows
- Remote Debugging
- Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks
Reverse Engineering
- Reverse Engineering for Beginners
- How I Turn Frick into a Real Frida Based Debugger
- Beginner Malware Reversing Challenges
- x86 In-Depth 3: Identifying C-Style Structs
- x86 In-Depth 4: Labeling Structs Properly in IDA Pro
- Infected PDF: Extract the payload
- Solving the Atredis BlackHat 2018 CTF Challenge
- Tools for instrumenting Windows Defender's mpengine.dll
- Fast Incident Response: Tracking app
- Reflective DLL Injection
- Becoming a "Full-Stack Reverse Engineer" in three years
- Reverse engineering the rendering of The Witcher 3
- Tonemapping: https://astralcode.blogspot.com/2017/09/reverse-engineering-rendering-of.html
- Eye adaptation: https://astralcode.blogspot.com/2017/10/reverse-engineering-rendering-of.html
- Chromatic aberration: https://astralcode.blogspot.com/2017/10/reverse-engineering-rendering-of_26.html
- Vignette: https://astralcode.blogspot.com/2018/02/reverse-engineering-rendering-of.html
- Drunk effect: https://astralcode.blogspot.com/2018/08/reverse-engineering-rendering-of.html
- Behind Enemy Lines- Reverse Engineering C++ in Modern Ages
- COM Hijacking Techniques David Tulis - DerbyCon 2019
- WinDbg commands flash cards
- "Modern Debugging with WinDbg Preview" DEFCON 27 workshop
- Analysing RPC With Ghidra and Neo4j
- Trusted types & the end of DOM XSS - Krzysztof Kotowicz - LocoMocoSec 2019
- Malware Unicorn RE workshops
- Electronegativity - Electron security checks
- Overcoming Fear: Reversing With Radare2 - Arnau Gamez Montolio
- hm0x14 CTF: reversing a (not so simple) crackme
- Ghidra Utilities for Analyzing PC Firmware
- Implementing a New CPU Architecture for Ghidra
- gdbghidra - a visual bridge between a GDB session and GHIDRA
- python-decompile3: Python decompiler for 3.7+
- Dragon Dance - Binary code coverage visualizer plugin for Ghidra
- Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
- Virtual Method Table for newbies
- Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra
- Extending LLVM for Code Obfuscation
- Finding Bugs in Windows Drivers, Part 1 – WDM
- Hunting for Bugs in Windows Mini-Filter Drivers
- Technical Dive: Reverse Engineering AOL 3.0
- Frida Hook generator for Ghidra
Python
- CPython internals: A ten-hour codewalk through the Python interpreter source code
- Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors
- FOIA-ed NSA Python Course
Websec
- Practical JSONP Injection
- WebAssembly: potentials and pitfalls
- Analyzing WebAssembly Binaries
- JWT Cheatsheet
- LDAP Injection Cheatsheet
- vuLnDAP: vulnerable LDAP based web app
- How to Hack WebSockets and Socket.io
- JSON Web Token Best Current Practices
- The Illustrated TLS Connection
- OAuth 2.0 Security Best Current Practice
- Automating local DTD discovery for XXE exploitation
- Jackson gadgets - Anatomy of a vulnerability - Java Deserialization
- Knife: A Burp extension that add some useful function to Context Menu
- Better API Penetration Testing with Postman
- JavaScript Supply Chain Security - LocoMocoSec 2019
- XXE: How to become a Jedi - Yaroslav Babin
- Java Serialization: A Practical Exploitation Guide
- XML External Entity(XXE)
- Exploiting XXE with local DTD files
- The parts of JWT security nobody talks about
- Pro Tips: Testing Applications Using Burp, and More
- Actual XSS in 2020
- XXE & SQLi In PaperThin CommonSpot CMS
- OpenID Connect & OAuth 2.0 Security Best Practices
- Reverb: speculative debugging for web applications
- Open redirect vulnerability and how to use it "correctly" in bug bounty
- Arbitrary File Upload Tricks In Java
- Tag each request with the corresponding browser profile in Burp's embedded browser
- The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…
- Critical SSRF on Evernote
- GitLab: Steal private objects of other projects via project import
- Apache Pinot SQLi & RCE Cheat Sheet
- Advanced sqlmap Case Study
- Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB
Misc
- Mainframe Hacking
- Woot 2018: A Modern History of Offensive Security Research
- Learning PowerShell
- CrystalBall, Data Gathering and Machine Learning System for SAT Solvers
- Beyond your studies: a presentation about job interviews by Ange Albertini
- Wireshark Tutorial: Examining Qakbot Infections
- Alfa AWUS036ACH Kali Configuration Guide
- Resistance Isn't Futile: A Practical Approach to Threat Modeling
- Generate Railroad Diagrams from Regular Expressions
- 10 useful websites
- Learning Machine Learning Part 1: Introduction and Revoke-Obfuscation
- Learning Machine Learning Part 2: Attacking White Box Models
- Learning Machine Learning Part 3: Attacking Black Box Models
- Formal Methods Only Solve Half My Problems
- Installing a payphone in my house
- Threat Modeling at Mercari
- Trail of Bits: CTF Field Guide
Exploit Dev
- Return Oriented Programming Series
- Exploiting TurboFan Through Bounds Check Elimination
- HowTo: ExploitDev Fuzzing
- Vulnerable C++ code for practice
- Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB)
- Weird Machines, Exploitability, and Provable Unexploitability
- Before you ship a "security mitigation" ... (related to the above)
- Zoom: Remote Code Execution with XMPP Stanza Smuggling
- Heap Binary Exploitation video
- Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
- libxml2: heap-buffer-overflow in xmlBufAdd
- Is Exploiting a Null Pointer Deref for LPE just a Pipe Dream?
- HEVD - UAF NONPAGEDNX Vulnerability
- The AMD Branch (Mis)predictor: Just Set it and Forget it!
- Introduction to VirtualBox security research
- Linux kernel bug hunting/exploitation resources
- https://twitter.com/alexjplaskett/status/1535189987846668288
- Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability
- Put an io_uring on it: Exploiting the Linux Kernel
- CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers
- syzkaller results
- Exploitation Mitigations repo by NCC
- One day short of a full chain: Part 1 - Android Kernel arbitrary code execution - CodeQL
- Linux Kernel Exploitation
- PlayStation: bd-j exploit chain
- Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
- A Story of a Bug Found Fuzzing - Microsoft Edge
- PS4/PS5 Blu-Ray attacks: TheFloW shares his presentation slides
- An Autopsy on a Zombie In-the-Wild 0-day
- Pwn2Own 2021 Canon ImageCLASS MF644Cdw writeup
- Reverse engineering x64 binaries with Radare2 - Bypassing DEP with simple ROP Chains
- Binary Exploitation: An Oral History - Free course
- Chrome: WebGL uniform integer overflows
C/C++
- Project Based Tutorials in C
- C++ Russia 2021 - some talks are in English
Blockchain
- Wireshark dissectors for Ethereum ÐEVp2p protocols
- Using a Hardware Security Module with Hyperledger Fabric 1.2 SDK for Node.js
- Fumblechain - A Purposefully Vulnerable Blockchain
- Mirror Protocol vulnerability:
- Proxy Libraries in Solidity
- List of Smart Contract Security Vulnerabilities
- Solana State History
Cryptography
- A (relatively easy to understand) primer on elliptic curve cryptography
- A Decade of Lattice Cryptography
- Peter Gutmann's "godzilla crypto tutorial
- Estimating the Bit Security of Pairing-Friendly Curves
CI/CD
- Driving OWASP @zaproxy using Selenium
Docker
- Unprivileged Docker Builds – A Proof of Concept
- Understanding Docker container escapes
- Docker for Pentesters
- Why is Exposing the Docker Socket a Really Bad Idea?
Fuzzing
- Fuzzing projects with American fuzzy lop (AFL)
- AFL-unicorn: What is it and how to use it?
- A Simple Tutorial of AFL-Fuzzer
- FUZZING - AMERICAN FUZZY LOP, ADDRESS SANITIZER AND LIBFUZZER
- Binary fuzzing strategies: what works, what doesn't by AFL creator
- Google Fuzzing repository
- Mindshare: Automated Bug Hunting by Modeling Vulnerable Code
- Putting the Hype in the Hypervisor - Brandon Falk
- Microsoft lain fuzzing framework (in Rust)
- Grizzly: A cross-platform browser fuzzing framework
- Fuzzing the Kernel Using AFL-Unicorn
- Provoking Browser Quirks With Behavioural Fuzzing
- Windows Kernel Fuzzing for Intermediate Learners by Ben Nagy
- RAF - Ruby ALPC Fuzzer
- Go tools for basic ALPC hacking.
- High-Throughput, Formal-Methods-Assisted Fuzzing for LLVM
- Fuzzing USB with Raw Gadget
- Domain-specific Fuzzing With Waypoints Using Fuzzfactory
- sfuzz: coverage-guided, emulation-based greybox fuzzer
- A mini symbolic execution engine
- Introducing Fuzz Introspector, an OpenSSF Tool to Improve Fuzzing Coverage
- SnapFuzz: An Efficient Fuzzing Framework for Network Applications
Game Hacking
- Simple C++ DLL Injecting Source Code Tutorial
- How to Reverse Engineer Save Game Files - Titan Quest Cheats
- GTA III; Money & Health Hacked
- Exploiting the Wii U's USB Descriptor parsing
Documentation/Automation/Efficiency
- Documentation Writing for System Administrators - 2003
- Manual Work is a Bug
- Effective Engineer:
- From Idiot to Imposter: how to get started in a new field
- GTD in 15 minutes – A Pragmatic Guide to Getting Things Done
- How to write a BANGER blogpost! (Hacking the Google algorithm) - Fredrik "STÖK" Alexandersson
Rust
- Rocketing to the moon with Rocket and Rust - how to write a backend web application in Rust using Rocket
- Rust playground
CI/CD
- Building AppSec Pipeline for Continuous Visibility