All kinds of infosec related stuff to read goes here.
- Cool blogs
- Nice articles
- ... and more...
If you have any cool content, please link to it via a PR.
The actual stuff
Yet to organize
- 2000 cuts with Binary Ninja
- Knowing your Binary! -- blog by Akash Trehan
- Writing your own shellcode -- blog by Paras Chetal
- Cache Attacks Enable Bulk Key Recovery on the Cloud
- Diving into r2
- CMU Binary Bomb -- r2 and angr
- Sour Pickles -- Python pickle problems
- Sonic Hacking Utilities
- GDB Example ncurses
- Websec Learning
- Exploring Python using GDB
- Exploiting PHP File Inclusion
- Address Sanitizer
- Roposaurusrex -- a primer on return oriented programming
- XSSed - some practically done xss attacks
- BinTut - BinTut is a set of tutorials, as well as exercises.
- lcamtuf's blog - lcamtuf is the creator of AFL (american fuzzy lop) and writes a lot of great stuff
- OWASP Top 10 - Presentatioin on Top 10 Web Application Vulnerabilities and how to avoid them.
- hacksplaining - Good set of challenges
- Vudo malloc tricks
- Once upon a free()
- RSA Attacks - Explanation of various RSA attacks
- How the heck do we get to main()?
- Malloc Internals - glibc wiki
- 10 things InfoSec professionals need to know about networking
- ELF executable reconstruction from a core image
- Reflections on Trusting Trust by Ken Thompson
- Manual SQL Injection Discovery Tips
- CTF pwn Tips
- The Conscience of a Hacker by the Mentor
- How To Become A Hacker by Eric Steven Raymond
- A Magnetized Needle and a Steady Hand -- elf structures with a nice storyline.
- x86 Assembly Guide
- GDB Basics
- Format String Exploitation
- Exploiting Format String Vulnerabilities
- Pentester's Lab -- specifically try the Web For Pentester 1 and 2
- How 2 Heap -- a repository for learning various heap exploitation techniques
- AFL fuzzing primer -- BSidesSF. Fuzz smarter, not harder. Craig Young.
- Advanced SQL Injection in SQL Server Applications -- great sqli primer
- A Crash Course in x86 Assembly for Reverse Engineers
- Fuzzy Security Tutorials -- bunch of good reads
- Intro to r2
- PHP Security Cheat Sheet
- Local File Inclusion
- Libheap Heap Flowchart
- Calling Conventions - Detailed description of calling conventions across different compilers and operating systems. Maintained by Agner Fog.
- Penetration testing tools cheat sheet
- Enumeration cheat sheet
- Crypto challenges list 2017
- Crypto challenges list 2016
- Crypto challenges list 2015
- Pwn challenges list
- Rev challenges list
- Web challenges list 2016