Presentations-Blogs-Papers-Tutorials-Books

This is a place to share the presentations, blog posts, papers, tutorials, books etc. I have watched/ planed to watch, mainly related to hacking, coding & learning.

Course list

Course	Learning point	Status
High-Level Approaches for Finding Vulnerabilities	bug hunting methodology	Not started
What Makes Software Exploitation Hard?	placeholder	Not started
Operational Mental Models	Mental model for offensive R&D	Not started
It Depends: Why Managing Nuance Matters for Red Teams	Red team management	Not started
How Do You Actually Find Bugs?	Methodology of vulnerability research	Not started
Write My Own Security Tooling & Why You Should Too!	Methodology of vulnerability research	Not started
Security Research and the Creative Process	Methodology of vulnerability research	Done
Researchers, what do you use as your source of inspiration?	Methodology of vulnerability research	Not started
Demystifying Security Research	Methodology of vulnerability research	Done
An Intro to Fuzzing (AKA Fuzz Testing)	Overview of fuzzing	Not started
Modern Source Fuzzing	Overview of fuzzing	Not started
Fuzz Smarter Not Harder An afl fuzz Primer	afl	Not started
The Smart Fuzzer Revolution by Dan Guido	History and future (from 2016 POV) of fuzzing	Not started
Fuzzing Like It’s 1989	placeholder	Not started
Parser Parser Combinators for Program Transformation	Story behind comby.dev	Not started
Adventures in Fuzzing - NYU Talk 2018	fuzzing	Not started
Structured Fuzzing	structured fuzzing	Not started
No source, no problem! High speed binary fuzzing	Static rewriting for fuzzing	Not started
Fuzzing for Humans: Real Fuzzing in the Real World	fuzzing	Not started
Automated Testing of Crypto Software Using Differential Fuzzing	differential fuzzing	Not started
Exposing Hidden Exploitable Behaviors In Programming Languages Using Differential Fuzzing	Differential fuzzing	Not started
Effective File Format Fuzzing – Thoughts, Techniques and Results	file format fuzzing	Not started
Deconstructing programs for compiler fuzzing	Compiler fuzzing	Not started
Adventures in Fuzzing Instruction Selection	Compiler fuzzing	Not started
DNS parser, meet Go fuzzer	GO fuzzing	Not started
[Inside the Black Box	How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities](https://www.sentinelone.com/labs/inside-the-black-box-how-we-fuzzed-microsoft-defender-for-iot-and-found-multiple-vulnerabilities/)	Fuzzing microsoft defender
A gentle introduction to Linux Kernel fuzzing	Linux kernel fuzzing	Not started
50 CVES IN 50 DAYS: FUZZING ADOBE READER	Windows userspace fuzzing	Not started
BUGS ON THE WINDSHIELD: FUZZING THE WINDOWS KERNEL	Windows kernel fuzzing	Not started
How to crash a famous JS engine for fun	JS engine fuzzing	Not started
FuzzIL: Guided Fuzzing for JavaScript Engines	JS engine fuzzing	Not started
automatic fuzz chromium from a easy way	fuzzing chromium, automation	Not started
Evaluating IoT firmware through emulation and fuzzing	fuzzing fireware, emulation	Not started
Fuzzing Hardware Like Software	Hardware fuzzing	Not started
Fuzzing sockets, part 1: FTP servers	socket-based fuzzing	Not started
Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing	race conditions fuzzing	Not started
Introduction to VirtualBox security research	Network device drivers fuzzing	Not started
Fuzz the Unfuzzable	fuzzing non-crashing bugs	Not started
A Story of a Bug Found Fuzzing	fuzzer development	Not started
Fuzzing Like A Caveman	implementing fuzzing from scratch	Not started
A Methodical Approach to Browser Exploitation	browser exploitation	Not started
Attacking JavaScript Engines in 2022	js engine exploit	Not started
FUZZORIGIN: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing	browser logic bugs fuzzing	Not started
Attacking the DevTools	hacking chrome devtools	Not started
Effectively Fuzzing the IPC Layer in Firefox	Firefox IPC fuzzing	Not started
Examining JavaScript Inter-Process Communication in Firefox	Firefox IPC in Javascript	Not started
Guest Blog Post: Good First Steps to Find Security Bugs in Fenix (Part 1)	Bug hunting in Fenix (Android Firefox)	Not started
Efficient Approach to Fuzzing Interpreters	Interpreter bugs, fuzzing interpreters	Not started
FuzzGen: Automatic Fuzzer Generation	fuzzer generation	Not started
Fuzzle: Making a Puzzle for Fuzzers	fuzzers benchmarking	Not started
Evaluating Fuzz Testing	Evaluate fuzzing techniques	Not started
FuzzBench: Fuzzer Benchmarking As a Service	Google's fuzzer benmarking	Not started
How to Spot Good Fuzzing Research	Picking fuzzing research papers	Not started
FUZZIFICATION: Anti-Fuzzing Techniques	anti-fuzzing	Not started
The Layman's Guide to Zero-Day Engineering	Exploit development	Not started
Building a Basic Fuzzer with GDB: The Five Minute GDB Scripting Tutorial	GDB scripting, writing fuzzer in gdb	Not started
Learning Linux Kernel Exploitation	Linux kernel exploitation	Not started
E'rybody Gettin' TIPC: Demystifying Remote Linux Kernel Exploitation - Sam Page	Linux kernel exploitation	Not started
Exploit Engineering – Attacking the Linux Kernel	Reliable linux kernel exploit development	Not started
CVE-2020-8835: LINUX KERNEL PRIVILEGE ESCALATION VIA IMPROPER EBPF PROGRAM VERIFICATION	linux kernel exploitation, eBPF	Not started
Fuzzing for eBPF JIT bugs in the Linux kernel	linux kernel exploitation, eBPF, fuzzing	Not started
You can be a kernel hacker!	Starting linux kernel development	Not started
Rustproofing Linux	linux rust code audit	Not started
Rooting with root cause: finding a variant of a Project Zero bug	ARM driver bugs writeup	Not started
Debugging D-Link: Emulating firmware and hacking hardware	Firmware/ hackware hacking, emulation	Not started
FIRMWARE SECURITY: A GUIDE TO LEARNING FIRMWARE PENTESTING FROM ZERO TO ONE	firmware security learning guide	Not started
Beaconfuzz	blockchain fuzzing	Not started
Your Mitigations Are My Opportunities	windows exploitation	Not started
Advanced Windows exploit development resources	Windows exploit dev	Not started
Dirty Vanity: A New Approach to Code Injection & EDR Bypass	windows code injection	Not started
awesome windows logical bugs	windows logical LPE	Not started
Call the plumber – You have a leak in your (named) pipe	(windows) named pipe exploits	Not started
Offensive Windows IPC Internals 1: Named Pipes	Windows IPC explots	Not started
Thick Client Penetration Testing Methodology	vulnerable Windows practice app	Not started
Social Engineering The Windows Kernel: Finding And Exploiting Token Handling Vulnerabilities	windows token handling bugs	Not started
[BlueHat v18		Mitigation Bypass: The Past, Present, and Future](https://www.youtube.com/watch?v=WsoFmN3oDw8)
Unknown Known DLLs... and other Code Integrity Trust Violations	windows code integrity	Not started
Kernel Debugging macOS with SIP	Mac	Not started
macOS Security Features Bypasses by Example	Mac	Not started
macOS Vulnerabilities Hiding in Plain Sight	Mac Exploits	Not started
Smart Fuzzing XPC & XNU	fuzzing, Mac	Not started
Summer of Fuzz: MacOS	fuzzing, Mac	Not started
Mobile Exploitation, the past, present, and future	Mobile exploitations	Not started
DIFUZE: Android Kernel Driver Fuzzing	Android, fuzzing	Not started
We Can Still Crack You! General Unpacking Method For Android Packer (no Root)	Android, packing	Not started
IOS Deep Link Attacks	iOS exploit	Not started
CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research	static analysis theory, codeQL	Not started
Automating binary vulnerability discovery with Ghidra and Semgrep	automated static analysis	Not started
Advanced Frida Usage	Mobile app analysis by Frida	Not started
Discover Vulnerabilities in Intel CPUs!	CPU side channels	Not started
Practical Reverse Engineering Part 1 - Hunting for Debug Ports	Hardware reverse engineering	Not started
Electronics Reverse Engineering Walkthrough - Hacking the Monoprice Select Mini 3D Printer	Hardware reverse engineering	Not started
How I Hacked my Car	Car hacking	Not started
Coverage-Guided USB Fuzzing with Syzkaller	USB fuzzing	Not started
DNS Remote Code Execution: Finding the Vulnerability 👾	how flashback team found router DNS RCE	Not started
[Mastering the Art of SOC Analysis Part 1	Fundamental Skills for Aspiring Security Operations Center Analysts](https://www.sentinelone.com/blog/mastering-the-art-of-soc-analysis-part-1/)	SOC
Low-Level Process Hunting on macos	Mac threat hunting	Not started
App-Store-Malware-Automatic-Hunting-System	iOS malware automated analysis	Not started
Ten process injection techniques: A technical survey of common and trending process injection techniques	Malwares, process injections	Not started
Reverse Engineering For Everyone!	RE tutorials for x86 and ARM
Static binary analysis: the essentials	Basics of static reverse engineering	Not started
Basic Dynamic Analysis with IDA Pro and WinDBG	Basics of dynamic reverse engineering	Not started
An Exercise in Dynamic Analysis	Brain dump of RE/ security research process	Not started
Anti-Reversing - Anti-Dump Trick "Header Erase"	Anti-dump	Not started
RESEARCHING VPN APPLICATIONS	Reverse Engineering VPN app	Not started
ESET - Malware analyst challenge	ESET RE chall writeup	Not started
Reversing GO Binaries With Ghidra	Golang reverse engineering	Not started
Detecting Indirect Syscalls from Userland, A Naive Approach.	Detecting indirect syscalls	Not started
D-Generating EDR Internals	tracing EDR	Not started
How to write a CrackMe for a CTF competition	Writing crackme	Not started
Defeating the RECon's movfuscator crackme	reversing movuscator	Not started
Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries	Windows, automated reverse engineering	Not started
Methodology for Static Reverse Engineering of Windows Kernel Drivers	Windows kernel drivers reverse engineering	Not started
Anti-Forensics for Fun and Privacy - Alissa Gilbert (Shmoocon 2020)	Anti-forensics	Not started
NASM Assembly Language Tutorials	x86 NASM assembly	Not started
INTRODUCTION TO ARM ASSEMBLY BASICS	ARM assembly	Not started
Let's build a Chrome extension that steals everything	place holder	Not started
No Key No PIN No Combo No Problem Pwning ATMs For Fun and Profit	ATM hacking with references to prior arts	Not started
How to Lose at Tetris	tetris proof	Not started
Abusing Password Managers with XSS	password managers	Not started
Reverse Engineering Coin Hunt World’s Binary Protocol	placeholder	Not started
Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”	exploit analysis	Not started
reverse engineering candy-crush-saga on ios using lldb and hopper	placeholder	Not started
[Great Impractical Ideas in Computer Science: PowerPoint Programming](Great Impractical Ideas in Computer Science: PowerPoint Programming)	placeholder	Not started
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator	Reversing windows defender	Not started
Classic Nintendo Games are (NP-)Hard	place holder	Not started
Developing Kernel Drivers with Modern C++	windows kernel development	Not started
Building your own profiling and diagnosis tools with Event Tracing for Windows	windows diagnosis tools development	Not started
Building an offensive Windows RPC interface	build RPC interface	Not started
Toxic Proxies - Bypassing HTTPS & VPNs to pwn your online identity	VPN bypass, privacy leak	Not started
How Russia is trying to block Tor	privacy	Not started
Machine Dumping 101: Pwning Deep Learning Systems	Deep learning intro & attacks	Not started
Espressif ESP32: Breaking HW AES with Power Analysis	Hardware side channels	Not started
Hakluke: Creating the Perfect Bug Bounty Automation	bug bounty automation	Not started
GPT in 60 Lines of NumPy	place holder	Not started
RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED	Cryptography	Not started
Never, Ever, Ever Use Pixelation for Redacting Text	de-pixelation	Not started
Stealing Profits from Spammers or: How I learned to Stop Worrying and Love the Spam	stock spam study	Not started
Stealing Bitcoin with Math	Cryptocurrency	Not started
The Blockchain Developer: A Practical Guide for Designing, Implementing, Publishing, Testing, and Securing Distributed Blockchain-based Projects	blockchain development	Not started
Fake It Until You Make It: Using Deep Fakes to Bypass Voice Biometrics	Deepfake training	Not started
The Basics of Social Engineering	Social engineering	Not started
bellebytes-osint-guide OSINT	Not started
Bellingcat's Online Investigation Toolkit	bellingcat OSINT resources	Not started
How to Create an Anonymous Identity	operation security	Not started
Physical Security - Everything That's Wrong With Your Typical Door	physical pentest	Not started
Tactics of Physical Pen Testers	physical pentest	Not started
How To Become a Physical Penetration Tester	becoming physical security consultant	Not started
Lockpicking Forensics	Lockpicking forensics	Not started
When Cybercriminals with Good OpSec Attack	OpSec	Done
The Grugq - OPSEC: Because Jail is for wuftpd	OpSec	Not started
Tor: Darknet OpSec By a Veteran Darknet Vendor & the Hackers Mentality	OpSec	Done
How to Speak	Speech skills	Done
From Noob to Less Noob "Wisdom" from 10 years of CTFs	How to improve yourself when you are not the smartest among people arround you	Done
research101	how to start doing research, tips for learning and staying updated	Done
How I choose a security research topic	how to do research	Done
How to become the best Malware Analyst E-V-E-R	advice in learning malware analysis	Not started
Career / Interview Advice for Reverse Engineers	career advice	Not started
Elitism as the Mid-Career Growth Engine	career advice	Done
Career advice by Terence Tao	career advice	Not started
Why I Love Offensive Work, Why I don't Love Offensive Work	career advice	Done
Project Zero: Five Years of 'Make 0Day Hard'	learning	Not started
Unlocking Your Intuition: How to Solve Hard Problems Easily	learning	Done
How to Train Yourself to Visualize Anything	learning	Done
The Black Box Method: How to Learn Hard Concepts Quickly	learning	Done
How to Awaken & Enhance Your Analytical Problem-Solving Mind	learning	Done
Focusing Your Unconscious Mind: Learn Hard Concepts Intuitively (And Forever)	learning	Done
Learning to Learn: Math Abstraction	Learning, Maths	Done
Ladder of Abstraction	learning	Done
Teach Yourself Programming in Ten Years	Learning, programming	Not started
How the Best Hackers Learn Their Craft	Learning, CTF	Not started
Becoming a full-stack reverse-engineer	Learning, reverse engineering	Done
How I Rob Banks: And Other Such Places	Physical pentesting, Social engineering	Not started
Soft Skills: The software developer's life manual	Soft skills	Not started
Code: The Hidden Language of Computer Hardware and Software	Historical approach of introdution to computation	Not started
The Architecture of Open Source Applications	architecture of great softwares	Not started
Teaching Tech Together	how to teach tech stuff and build a teaching community	Not started
Mythical Man-Month, The: Essays on Software Engineering	Software project management	Not started
How Big Tech Runs Tech Projects and the Curious Absence of Scrum	project management	Not started
Gödel, Escher, Bach: An Eternal Golden Braid	placeholder	Not started
Don't Make Me Think, Revisited: A Common Sense Approach to Web Usability	UX design	Not started
How to Build a Product that Scales into a Company	Entrepreneurship	Not started
Ghost Work: How to Stop Silicon Valley from Building a New Global Underclass	How technology changed labor market and how people live	Not started