{"id":13514652,"url":"https://github.com/FabioBaroni/awesome-exploit-development","last_synced_at":"2025-03-31T03:31:06.691Z","repository":{"id":41045508,"uuid":"50617290","full_name":"FabioBaroni/awesome-exploit-development","owner":"FabioBaroni","description":"A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development","archived":false,"fork":false,"pushed_at":"2022-05-27T23:15:01.000Z","size":6,"stargazers_count":1822,"open_issues_count":3,"forks_count":325,"subscribers_count":103,"default_branch":"master","last_synced_at":"2024-05-23T04:14:27.981Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FabioBaroni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-01-28T22:06:46.000Z","updated_at":"2024-05-23T00:38:48.000Z","dependencies_parsed_at":"2022-08-10T23:50:13.545Z","dependency_job_id":null,"html_url":"https://github.com/FabioBaroni/awesome-exploit-development","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FabioBaroni%2Fawesome-exploit-development","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FabioBaroni%2Fawesome-exploit-development/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FabioBaroni%2Fawesome-exploit-development/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FabioBaroni%2Fawesome-exploit-development/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FabioBaroni","download_url":"https://codeload.github.com/FabioBaroni/awesome-exploit-development/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246407294,"owners_count":20772107,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T05:00:59.741Z","updated_at":"2025-03-31T03:31:05.202Z","avatar_url":"https://github.com/FabioBaroni.png","language":null,"readme":"# awesome-exploit-development\nA curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development\n\nA project by Fabio Baroni.\n\nRead the full article here! http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/\n\n## BOOKS\n\n* Hacking - The art of exploitation\n\n* A bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security\n\n* The Shellcoder's Handbook: Discovering and Exploiting Security Holes\n\n* Sockets, shellcode, Porting, and coding: reverse engineering Exploits and Tool coding for security professionals\n\n* Writing Security tools and Exploits\n\n* Buffer overflow attacks: Detect, exploit, Prevent\n\n* Metasploit toolkit for Penetration Testing, exploit Development, and vulnerability research\n\n## TUTORIALS\n\n### Corelan.be\n\n* https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/\n\n* https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/\n\n* https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/\n\n* https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/\n\n* https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/\n\n* https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/\n\n* https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/\n\n* https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/\n\n* https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/\n\n* https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/\n\n* https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/\n\n* https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/\n\n* https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/\n\n* https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/\n\n* https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/\n\n* https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/\n\n* https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/\n\n* https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/\n\n* https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/\n\n* https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/\n\n* https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/\n\n* https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/\n\n* https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/\n\n* https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/\n\n* https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/\n\n\n### Opensecuritytraining.info\n\n* http://opensecuritytraining.info/Exploits1.html\n\n* http://opensecuritytraining.info/Exploits2.html\n\n### Securitytube.net\n\n* http://www.securitytube.net/groups?operation=view\u0026groupId=7  exploit  research megaprimer\n\n* http://www.securitytube.net/groups?operation=view\u0026groupId=4  buffer overflow  exploitation for  linux megaprimer\n\n* http://www.securitytube.net/groups?operation=view\u0026groupId=3 Format string vulnerabilities megaprimer\n\n\n### Massimiliano Tomassoli's blog\n\n* http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/\n \n\n### Samsclass.info\n\n* https://samsclass.info/127/127_F15.shtml\n\n\n### Securitysift.com\n\n* http://www.securitysift.com/windows-exploit-development-part-1-basics/\n\n* http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/\n\n* http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/\n\n* http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/\n\n* http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting\n\n* http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits\n\n* http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows\n \n\n## COURSES\n\n### Corelan\n\n* https://www.corelan-training.com\n\n\n### Offensive Security\n\n* https://www.offensive-security.com/information-security-training/advanced-windows-exploitation/ AWE (Advanced Windows exploitation)\n\n\n### SANS\n\n* https://www.sans.org/course/advance-exploit-development-pentetration-testers  SANS SEC760: Advanced Exploit Development for Penetration Testers\n\n### Udemy\n\n* https://www.udemy.com/windows-exploit-development-megaprimer/learn/#/ Windows  exploit Development Megaprimer by Ajin Abraham\n\n## TOOLS\n\n* IDA Pro\n\n* OllyDbg\n\n* WinDbg\n\n* Mona.py\n\n\n## VULNERABLE APPLICATIONS\n\n### Exploit-exercises.com\n\n* https://exploit-exercises.com/protostar/ Protostar\n\n* https://exploit-exercises.com/fusion/  Fusion\n\n\n## EXPLOITS DATABASE\n\n\n\n* https://www.exploit-db.com\n\n* https://www.milw00rm.com\n\n* http://0day.today\n\n* https://packetstormsecurity.com\n\n* http://www.windowsexploits.com\n\n* http://iedb.ir\n\n* http://www.macexploit.com","funding_links":[],"categories":["Awesome Repositories","Resource","Table of Contents","📘 Valuable Repositories","Related Awesome Lists","Here is a collection of hackers, pentesters, security researchers, scripts and more:","Uncategorized","Programming/Comp Sci/SE Things"],"sub_categories":["Awesome Repositories","Uncategorized","Books"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFabioBaroni%2Fawesome-exploit-development","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFabioBaroni%2Fawesome-exploit-development","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFabioBaroni%2Fawesome-exploit-development/lists"}