/home/ret2basic

ASU CSE | Pwnie Island | Computer Security Research

Security Research Learning Resources

23 December 2020

Introduction

Security research is all about reading, understanding, practicing, and taking notes.

Getting started in security research can be difficult. Good news is that there are plenty of resources available on the Internet ready for you to learn.

My advice is to start from these three places:

  1. OverTheWire
  2. picoCTF
  3. redpwnCTF

Working through the above resources gives you a solid foundation for competing in CTFs. Especially when you are able to solve most challenges from redpwnCTF, you are more than ready to dive into medium level CTFs.

If you are interested in a specific category and wish to study more, continue reading.

  1. Linux
  2. Pentest
  3. Pwn
  4. Reversing
  5. Binary Analysis
  6. Crypto
  7. Web
  8. Bug Bounty

Linux

Theory

  1. Linux Journey
  2. The Linux Command Line, 2nd Edition
  3. How Linux Works, 3rd Edition
  4. The Linux Programming Interface, 1st Edition

Practice

  1. PentesterLab Unix Badge

Pentest

Theory

  1. IppSec Youtube Channel
  2. snowscan’s Blog

Practice

  1. Proving Grounds
  2. Hack The Box

Pwn

Theory

  1. Hacking: The Art of Exploitation, 2nd Edition
  2. The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition
  3. Linux Heap Exploitation - Part 1
  4. Linux Heap Exploitation - Part 2
  5. Computer & Internet Security: A Hands-on Approach, 2nd Edition

Practice

  1. pwn.college
  2. Nightmare
  3. ROP Emporium
  4. pwnable.kr
  5. CTFium

Reversing

Theory

  1. x86 Assembly Guide
  2. RE4B

Practice

  1. MicroCorruption
  2. RE4B Exercises

Binary Analysis

Theory

  1. Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly, 1st Edition
  2. Programming Z3
  3. Angr Documentation

Practice

  1. pwn.college Module 12
  2. Nightmare - z3
  3. Nightmare - angr

Crypto

Theory

  1. An Introduction to Mathematical Cryptography, 2nd Edition
  2. Introduction to Modern Cryptography, 3rd Edition
  3. Practical Cryptography in Python: Learning Correct Cryptography by Example, 1st Edition

Practice

  1. CryptoHack
  2. Crypto CTF

Web

Theory

  1. Web Security Academy
  2. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd Edition
  3. The Tangled Web: A Guide to Securing Modern Web Applications, 1st Edition

Practice

  1. OWASP Juice Shop
  2. PentesterLab
  3. XSS Game

Bug Bounty

Theory

  1. BugBountyHunter
  2. XSS 101
  3. Real-World Bug Hunting: A Field Guide to Web Hacking, 1st Edition
  4. The Bug Hunter’s Methodology

Practice

  1. BARKER
  2. Hacker101 CTF
  3. CTF Challenge