- Windows Security
- macOS Security
- Linux Security
- Mobile Security
- Web App Security
- Incident Response
- Programming Languages
- Cert Prep
- Security Blogs
- Misc Resources
- Understanding C by learning assembly
- Here Be Dragons: Reverse Engineering with Ghidra - Part 1
- Mike Bell: Extending Ghidra: from Script to Plugins and Beyond
- PentesterAcademy's Reverse Engineering Win32 Application course (PAID)
- OALabs Malware Analysis Virtual Machine
- Uncovering The Unknowns: Mapping Windows API’s to Sysmon Events
- MalwareTech's User After Free (1.0) challenge
- Course - Reverse Engineering
- Reverse Engineering Intel x64 101
- Revsering Windows Libaries: Windows Library Code
- Reversing Windows Internals (Part 1) - Digging Into Handles, Callbacks & ObjectTypes
- Tips for Reverse-Engineering Malicious Code
- OALabs's malware analysis videos
- Sam Bowne's Practical Malware Analysis class (FREE)
- Unpacking Malware Series - Maze Ransomware
- Open Security Training's Malware Dynamic Analysis
- Open Security Training's Reverse Engineering Malware
- Rensselaer Polytechnic Institute's (RIPSEC) Modern Binary Exploitation
- Open Security Training's Introduction To Reverse Engineering Software
- Open Security Training's Introduction To Software Exploits
- Open Security Training's Exploits 2: Exploitation in the Windows Environment
- Open Security Training's Buffer Overflow mystery box
- Scaling up Binary Exploitation Education
- Creating a Rootkit to Learn C
- Analyze Crashes to find Security Vulnerabilities in your Apps
- Understanding Windows Shellcode
- Sam Bowne's Exploit Development class (FREE)
- Introduction to Windows shellcode development – Part 1
- Introduction to Windows shellcode development – Part 2
- List of Corelan.be's exploit development tutorials
- Jonathan Levin's macOS and iOS books
- Writing a Process Monitor with Apple's Endpoint Security Framework
- Skiptracing Part 1: Reversing Spotify.app
- Skiptracing Part 3: Automated Hook Resolution
- Using VMWare Fusion GDB stub for kernal debugging with LLDB
- Basic Linux Malware Process Forensics for Incident Responders
- LiME ~ Linux Memory Extractor (Also works for Android)
- Open Security Training's Introduction to ARM
- Mobile Security Testing Guide
- Maddie Stone: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568
- Sam Bowne's Hacking Mobile Devices class (FREE)
- Mobile Application Penetration Testing Cheat Sheet
- ARM Lab VM
- Debugging With Gdb
- Introduction To Arm Assembly Basics
- Introduction To Writing Arm Shellcode
- Arm Heap Exploitation
- Android Pentesting CheatSheet
- Project Zero's Bad Binder
- Android App Reverse Engineering 101
- Maddie Stone's REcon 2019 presention: Path To The Payload
- Android Resources
- Android Unpacking Automation using Corellium Devices
- Skiptracing Part 2: iOS
- Part 1: Heap Exploit Development
- Part 2: Heap Overflows And The Ios Kernel Heap
- A very deep dive into iOS Exploit chains found in the wild
- Exploring the iOS screen frame-buffer– a kernel reversing experiment
- iOS Kernel Info leak
- Whitepaper: The Definitive Guide to Same-origin Policy
- How to Build an Automated Recon Pipeline with Python and Luigi - Part I (Setup and Scope)
- How to Hunt Bugs in SAML; a Methodology - Part I
- Security Best Practices for Managing API Access Tokens
- Common Threats and How to Prevent Them
- Attacking the OAuth Protocol
- Top X OAuth 2 Hacks
- [FUN] Bypass XSS Detection WAF
- Bypassing Cloudflare WAF with the origin server IP address
- Cross-site scripting (XSS) cheat sheet
- XS-Leak: Leaking IDs using focus
- Testing for XSS (Like a KNOXSS)
- RCEScanner: Simple python script to extract unsafe functions from php projects
- LiveOverflow Web Hacking
- Stealing JWTs in localStorage via XSS
- The Ultimate Guide to handling JWTs on frontend clients (GraphQL)
- Practical Approaches for Testing and Breaking JWT Authentication
- A Deep Dive On The Most Critical API Vulnerability
- How to find more IDORs
- Fuzzing npm/nodejs WebAssembly parsing library with jsfuzz