Skip to content

Instantly share code, notes, and snippets.

@furusiyya
Created August 22, 2016 18:00
Show Gist options
  • Save furusiyya/6bfe838ed7185e09ac0940a990b0c964 to your computer and use it in GitHub Desktop.
Save furusiyya/6bfe838ed7185e09ac0940a990b0c964 to your computer and use it in GitHub Desktop.
# CySecBooks
============
## Repo Content
- A Guide to Kernel Exploitation Attacking the Core
- Computer Networking A Top-Down Approach
- Fuzzing Brute Force Vulnerability Discovery
- Gray Hat Python - Python Programming for Hackers and Reverse Engineers (2009)
- Hacking - The Art of Exploitation, 2nd Ed.
- Metasploit, Penetration Testers Guide
- Modern Operating Systems, 3rd Ed.
- Reversing - Secrets Of Reverse Engineering (2005)
- The Art of Assembly Language, 2nd Ed.
- The Mac Hacker's Handbook
- The IDA Pro Book, 2nd Ed. (2011)
- The ShellCoder's Handbook - Discovering and Exploiting Security Holes, 2nd Ed.
- Gray Hat Hacking, 3rd Ed.
- nasmdoc
## Where to start
Long story short: pick a system, pick an area of interest, and go wild.
For exploitation techniques in general (UNIX and Linux focused):
1. Start with Hacking The Art of Exploitation Chapter 2 (0x200 Programming), beginning from section 5 (0x250 Getting your Hands Dirty), Chapter 3 (0x300 Exploitation), and Chapter 5 (0x500 Shellcode).
2. Move to A Guide to Kernel Exploitation Attacking the Core and read Part 1 A Journey to Kernel Land.
3. Do CTF practice exercises concerning privilege escalation and memory corruption (this is not really a third step, just do them while you read).
## Resources
### CTF Specific Resources
#### Training Sites
- [Exploit-Exercises](http://exploit-exercises.com)
- [Smash The Stack](http://smashthestack.org/)
- [Over The Wire](http://overthewire.org/)
- [Root Me : Hacking and Information Security learning platform](http://www.root-me.org/)
- [Binary Auditing](http://www.binary-auditing.com/)
### Internet Resources
- [Salted Password Hashing - Doing it Right](https://crackstation.net/hashing-security.htm)
- [Mac Developer Library - Memory Management Programming Guide for Core Foundation - Byte Ordering](https://developer.apple.com/library/mac/documentation/corefoundation/Conceptual/CFMemoryMgmt/Concepts/ByteOrdering.html)
- [Rogunix Docs](http://www.rogunix.com/docs/)
- [CTF Field Guide](https://trailofbits.github.io/ctf/index.html)
- [Aleph One's Smashing the Stack for Fun and Profit](http://insecure.org/stf/smashstack.html)
- [Pentestmonkey’s Blog](http://www.pentestmonkey.net/)
- [Metasploit Unleashed](http://www.offensive-security.com/metasploit-unleashed/Main_Page)
- [g0tmi1k – Basic Linux Privilege Escalation Reference](http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html)
- [Corelan Team | Exploit writing tutorial part 1 : Stack Based Overflows](http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
- [Corelan Team | Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode](https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/)
- [Corelan Team | Exploit writing tutorial part 3 : SEH Based Exploits](https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/)
- [Corelan Team | Exploit writing tutorial part 3b : SEH Based Exploits – just another example](https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/)
- [Corelan Team | Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR](https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/)
- [Corelan Team | Exploit writing tutorial part 8 : Win32 Egg Hunting](https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/)
- [Safely Searching Process Virtual Address Space by skape](http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf)
- [Smashing The Modern Stack For Fun And Profit By Craig J. Heffner](http://hamsa.cs.northwestern.edu/media/readings/modern_stack_smashing.pdf)
- [SEED Labs – Buffer Overflow Vulnerability Lab](http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Vulnerability/Buffer_Overflow/Buffer_Overflow.pdf)
- [Using SHORT (Two-byte) Relative Jump Instructions](http://thestarman.pcministry.com/asm/2bytejumps.htm)
- [SLAE Assignment 5: Analyzing msfpayload shellcode](http://cloud101.eu/blog/2013/05/05/slae-assignment-5-analyzing-msfpayload-shellcode/)
- [x64 Architecture Register Reference](http://msdn.microsoft.com/en-us/library/windows/hardware/ff561499(v=vs.85).aspx)
- [Using Backtrack to spot and fix bad characters in custom buffer-overflow development](http://insidetrust.blogspot.com.au/2011/02/using-backtrack-to-spot-bad-characters.html)
- [The Other Kind of Patch](https://isisblogs.poly.edu/2014/04/02/the-other-kind-of-patch/)
### Book Resources
- Modern Cryptanalysis: Techniques for Advanced Code Breaking [ISBN: 978-0-470-13593-8]
- Modern Operating Systems, 4th Ed. [ISBN: 0-13-359162-X]
### Reddit
- /r/netsec
- /r/reverseeningeering
- /r/securityctf
- /r/OpenToAllCTFteam
- /r/netsec2
- /r/netsec_uncensored
- /r/netsec/students
- /r/pwned
- /r/computerforensic
- /r/computerforensics
## References
Some (most) resources taken from: [NSIMATTSTILES](http://nsimattstiles.wordpress.com/resources/)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment