https://github.com/hey1me/offsec-books

Offensive Security Books
https://github.com/hey1me/offsec-books

book ctf cybersecurity offensive-security reverse-engineering vulnerability-research

Last synced: about 9 hours ago
JSON representation

Offensive Security Books

• Host: GitHub
• URL: https://github.com/hey1me/offsec-books
• Owner: hey1me
• License: other
• Created: 2026-05-05T13:34:25.000Z (about 2 months ago)
• Default Branch: main
• Last Pushed: 2026-05-26T17:26:13.000Z (30 days ago)
• Last Synced: 2026-05-26T19:15:00.247Z (30 days ago)
• Topics: book, ctf, cybersecurity, offensive-security, reverse-engineering, vulnerability-research
• Language: Markdown
• Homepage: https://hey1me.org
• Size: 813 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Vulnerability Research (VR) & Offensive Engineering Series

An expert-level repository dedicated to the pursuit of software flaws in **C**, **x86_64/ARM64 Assembly**, and **Golang**. This series moves from manual binary analysis to automated discovery systems and strategic research operations.

## 📚 Repository Structure

### [1. The RE Researcher's Handbook](https://github.com/hey1me/OffSec-Books/tree/main/1.%20The%20RE%20Researcher's%20Handbook)

**Focus:** The fundamental mindset and toolkit for Reverse Engineering.

- Tooling (Ghidra, IDA, GDB).

- Deobfuscation and pattern recognition.

- Bridging the gap between CTF and real-world research.

### [2. Expert RE for Vulnerability Research](https://github.com/hey1me/OffSec-Books/tree/main/2.%20Expert%20RE%20for%20Vulnerability%20Research)

**Focus:** Deep-dive analysis of systems and memory.

- Advanced x86_64/ARM64 architecture.

- **Go Internals:** Reversing the Go runtime, scheduler, and interfaces.

- Custom memory allocators and heap primitives.

### [3. Fuzzing & Program Analysis](http://github.com/hey1me/OffSec-Books/tree/main/3.%20Fuzzing%20&%20Program%20Analysis)

**Focus:** Engineering the automated hunt.

- Harness engineering for C and Go.

- Symbolic execution (Angr/Triton) and Taint analysis.

- Coverage-guided fuzzing and custom mutators.

### [4. The Economics of Research](http://github.com/hey1me/OffSec-Books/tree/main/4.%20The%20Economics%20of%20Research)

**Focus:** Strategic operations and target selection.

- Bug collision probability and ROI analysis.

- Binary diffing (patch analysis) and target recon.

- Disclosure methodology and the 0-day market.

### [5. CTF Journey - The Binary Specialist's Path](https://github.com/hey1me/OffSec-Books/tree/main/5.%20CTF%20Journey%20-%20The%20Binary%20Specialist's%20Path)

**Focus:** Speed-running binary challenges and mastering "CTF-only" heap/stack primitives. 

- Techniques for identifying vulnerabilities (Stack, Heap, Logic) and weaponizing them in under 10 minutes.

- Mastering "House of" heap attacks, format string sorcery, and Sigreturn-Oriented Programming (SROP).

- Using Z3 for complex RE puzzles and building reusable pwntools templates for high-speed exploit delivery.

### [6. CTF Journey 2 - Hardened Targets & Escapes](https://github.com/hey1me/OffSec-Books/tree/main/6.%20CTF%20Journey%202%20-%20Hardened%20Targets%20&%20Escapes/)

**Focus:** Breaking out of sandboxes (Seccomp), Kernel Pwn, and non-x86 architectures (ARM64/MIPS).

- Mastering Linux kernel pwn, credential structure manipulation, and bypassing KASLR/SMEP/SMAP.

- Identifying flaws in Seccomp filters and exploiting container/namespace escapes to reach the host flag.

- Adapting exploitation primitives to ARM64 (PAC/BTI) and esoteric MIPS/PowerPC environments.

### [7. CTF Journey 3 - Automation & War-Gaming](https://github.com/hey1me/OffSec-Books/tree/main/7.%20CTF%20Journey%203%20-%20Automation%20&%20War-Gaming/)

**Focus:** Attack-Defense (A/D) strategy, exploit sniffing, and building automated "Auto-Pwner" engines.

- Engineering traffic sniffers to intercept adversary exploits and performing rapid binary patching under fire.

- Developing Python frameworks to deploy polymorphic shellcode across large-scale competition infrastructure.

- Advanced analysis of Golang binaries in competitive environments, focusing on goroutine and runtime vulnerabilities.

### [8. DEF CON CTF - The Final Boss](https://github.com/hey1me/OffSec-Books/tree/main/8.%20DEF%20CON%20CTF%20-%20The%20Final%20Boss)

**Focus:** Championship-level research involving custom ISAs, microkernels, and esoteric hardware emulation.

- Strategies for lifting unknown Instruction Set Architectures (ISA) to LLVM IR for automated analysis.

- Auditing and exploiting proprietary game engines and "bare-metal" RTOS challenges.

- Leveraging Unicorn and Capstone to build custom emulators and solvers for mid-game hardware reveals.

---

## ⚖️ License & Attribution

Copyright (c) 2026 HEY1ME

This work is licensed under a [Attribution-NonCommercial-ShareAlike 4.0 International License](https://github.com/hey1me/OffSec-Books/blob/main/LICENSE).

**You are free to:**

- **Share** — copy and redistribute the material in any medium or format.

- **Adapt** — remix, transform, and build upon the material.

**Under the following terms:**

- **Attribution** — You must give appropriate credit to [HEY1ME](https://github.com/hey1me).

- **NonCommercial** — You may not use the material for commercial purposes.

- **ShareAlike** — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.