Added resources and tools

README.md

@@ -1,177 +1,215 @@
-# awesome-exploit-development
-A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
-
-A project by Fabio Baroni.
-
-Read the full article here! http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/
-
-## BOOKS
-
-* Hacking - The art of exploitation
-
-* A bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
-
-* The Shellcoder's Handbook: Discovering and Exploiting Security Holes
-
-* Sockets, shellcode, Porting, and coding: reverse engineering Exploits and Tool coding for security professionals
-
-* Writing Security tools and Exploits
-
-* Buffer overflow attacks: Detect, exploit, Prevent
-
-* Metasploit toolkit for Penetration Testing, exploit Development, and vulnerability research
-
-## TUTORIALS
-
-### Corelan.be
-
-* https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
-
-* https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
-
-* https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
-
-* https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
-
-* https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
-
-* https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
-
-* https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
-
-* https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
-
-* https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
-
-* https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
-
-* https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
-
-* https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
-
-* https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/
-
-* https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/
-
-* https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/
-
-* https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/
-
-* https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/
-
-* https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/
-
-* https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/
-
-* https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/
-
-* https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/
-
-* https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/
-
-* https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/
-
-* https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
-
-* https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/
-
-
-### Opensecuritytraining.info
-
-* http://opensecuritytraining.info/Exploits1.html
-
-* http://opensecuritytraining.info/Exploits2.html
-
-### Securitytube.net
-
-* http://www.securitytube.net/groups?operation=view&groupId=7  exploit  research megaprimer
-
-* http://www.securitytube.net/groups?operation=view&groupId=4  buffer overflow  exploitation for  linux megaprimer
-
-* http://www.securitytube.net/groups?operation=view&groupId=3 Format string vulnerabilities megaprimer
-
-
-### Massimiliano Tomassoli's blog
-
-* http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/
-
-
-### Samsclass.info
-
-* https://samsclass.info/127/127_F15.shtml
-
-
-### Securitysift.com
-
-* http://www.securitysift.com/windows-exploit-development-part-1-basics/
-
-* http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
-
-* http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
-
-* http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
-
-* http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting
-
-* http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits
-
-* http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows
-
-
-## COURSES
-
-### Corelan
-
-* https://www.corelan-training.com
-
-
-### Offensive Security
-
-* https://www.offensive-security.com/information-security-training/advanced-windows-exploitation/ AWE (Advanced Windows exploitation)
-
-
-### SANS
-
-* https://www.sans.org/course/advance-exploit-development-pentetration-testers  SANS SEC760: Advanced Exploit Development for Penetration Testers
-
-### Udemy
-
-* https://www.udemy.com/windows-exploit-development-megaprimer/learn/#/ Windows  exploit Development Megaprimer by Ajin Abraham
-
-## TOOLS
-
-* IDA Pro
-
-* OllyDbg
-
-* WinDbg
-
-* Mona.py
-
-
-## VULNERABLE APPLICATIONS
-
-### Exploit-exercises.com
-
-* https://exploit-exercises.com/protostar/ Protostar
-
-* https://exploit-exercises.com/fusion/  Fusion
-
-
-## EXPLOITS DATABASE
-
-
-
-* https://www.exploit-db.com
-
-* https://www.milw00rm.com
-
-* http://0day.today
-
-* https://packetstormsecurity.com
-
-* http://www.windowsexploits.com
-
-* http://iedb.ir
-
-* http://www.macexploit.com
+# Awesome-Exploit-Development
+A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
+
+## Table of content:
+1. [Books](#books)
+2. [Tutorials](#tutorials)
+3. [Browser Exploitation](#browser-exploitation)
+4. [Kernel Exploiation](#kernel-exploitation)
+5. [Courses](#courses)
+6. [Tools](#tools)
+7. [Vulnerable Applications](#vulnerable-applications)
+8. [Exploit Databases](#exploit-databases)
+
+## BOOKS
+
+* Hacking - The art of exploitation
+
+* A bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
+
+* The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+
+* Sockets, shellcode, Porting, and coding: reverse engineering Exploits and Tool coding for security professionals
+
+* Writing Security tools and Exploits
+
+* Buffer overflow attacks: Detect, exploit, Prevent
+
+* Metasploit toolkit for Penetration Testing, exploit Development, and vulnerability research
+
+## TUTORIALS
+
+### Gray Hat Introduction to Exploit Development
+
+* [Binary Exploits for Linux](https://samsclass.info/127/ED_2020.shtml)
+* [Binary Exploits for Windows](https://samsclass.info/127/ED_2020.shtml)
+* [ARM Exploits](https://samsclass.info/127/ED_2020.shtml)
+
+### Corelan.be
+
+* [PART 1 - Stack Based Overflow](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
+
+* [PART 2 - Stack Based Overflow](https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/)
+
+* [PART 3 - SEH Exploits](https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/)
+
+* [PART 3.5 - SEH Exploits](https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/)
+
+* [PART 4 - Writing Metasploit Exploits](https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/)
+
+* [PART 5 - Writing Debugger Plugins](https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/)
+
+* [PART 6 - Bypass Stack Cookies, Safe SEH, DEP/NX, and ASLR](https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/)
+
+* [PART 7 - Unicode Exploits](https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/)
+
+* [PART 8 - Win32 Egg Hunting](https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/)
+
+* [PART 9 - Win32 Shellcoding](https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/)
+
+* [PART 10 - ROP Exploits](https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/)
+
+* [PART 11 - Heap Spraying](https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/)
+
+* [PART 12 - Writing Immunity Debugger Pycommands](https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/)
+
+* [Ken Ward Zipper Exploit Write-Up On Abysssec.Com](https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/)
+
+* [Exploiting Ken Ward Zipper : Taking advantage of payload conversion](https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/)
+
+* [Hack Notes : ROP retn+offset and impact on stack setup](https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/)
+
+* [Hack Notes : Ropping eggs for breakfast](https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/)
+
+* [Universal DEP/ASLR bypass with msvcr71.dll and mona.py](https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/)
+
+* [WOW64 Egg Hunter](https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/)
+
+* [Debugging Fun – Putting a process to sleep()](https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/)
+
+* [Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !](https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/)
+
+* [Root Cause Analysis – Memory Corruption Vulnerabilities](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/)
+
+* [Heap Layout Visualization with mona.py and WinDBG](https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/)
+
+* [DEPS – Precise Heap Spray on Firefox and IE10](https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/)
+
+* [Root Cause Analysis – Integer Overflows](https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/)
+
+
+### Gitbooks
+
+* [Nightmare - guyinatuxedo](https://guyinatuxedo.github.io/)
+* [Binary Exploitation Notes](https://ir0nstone.gitbook.io/notes/)
+* [Modern Binary Exploitation - CSCI 4968](https://github.com/RPISEC/MBE)
+* [Windows Exploitation - Fu11Shade](https://web.archive.org/web/20200510110201/https://fullpwnops.com/windows-exploitation-pathway.html)
+
+### Opensecuritytraining.info
+
+* [Introduction To Software Exploits](http://opensecuritytraining.info/Exploits1.html)
+
+* [Exploits 2: Exploitation in the Windows Environment](http://opensecuritytraining.info/Exploits2.html)
+
+### Securitytube.net
+
+* [Exploit Research Megaprimer](http://www.securitytube.net/groups?operation=view&groupId=7)
+
+* [Buffer Overflow Exploitation For Linux Megaprimer](http://www.securitytube.net/groups?operation=view&groupId=4)
+
+* [Format String Vulnerabilities Megaprimer](http://www.securitytube.net/groups?operation=view&groupId=3)
+
+
+### Massimiliano Tomassoli's blog
+
+* http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/
+
+
+### Samsclass.info
+
+* https://samsclass.info/127/127_F15.shtml
+
+
+### Securitysift.com
+
+* [Windows Exploit Development – Part 1: The Basics](http://www.securitysift.com/windows-exploit-development-part-1-basics/)
+
+* [Windows Exploit Development – Part 2: Intro to Stack Based Overflows](http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/)
+
+* [Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules](http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/)
+
+* [Windows Exploit Development – Part 4: Locating Shellcode With Jumps](http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/)
+
+* [Windows Exploit Development – Part 5: Locating Shellcode With Egghunting](http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting)
+
+* [Windows Exploit Development – Part 6: SEH Exploits](http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits)
+
+* [Windows Exploit Development – Part 7: Unicode Buffer Overflows](http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows)
+
+ ### Hacker101 Resources
+
+ * [Native Code Crash Course](https://www.hacker101.com/sessions/native_code_crash_course)
+
+## BROWSER EXPLOITATION
+
+- [The Browser Hacker's Handbook 1st Edition](https://www.amazon.com/Browser-Hackers-Handbook-Wade-Alcorn/dp/1118662091)
+- [Awesome Browser Exploit GitHub Repo](https://github.com/Escapingbug/awesome-browser-exploit)
+- [Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)](https://connormcgarr.github.io/type-confusion-part-1/)
+- [Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2)](https://connormcgarr.github.io/type-confusion-part-2/)
+- [Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 3)](https://connormcgarr.github.io/type-confusion-part-3/)
+
+
+
+## KERNEL EXPLOITATION
+[TODO]
+
+## COURSES
+
+### Corelan
+
+* https://www.corelan-training.com
+
+### Offensive Security
+
+* [AWE (Advanced Windows exploitation)](https://www.offensive-security.com/awe-osee/)
+* [WUMED (Windows User Mode Exploit Development)](https://www.offensive-security.com/exp301-osed/)
+
+
+### eLearnSecurity / INE
+
+* [XDS (Exploit Development Student)](https://elearnsecurity.com/blog/a-closer-look-at-the-exploit-development-training-course-xds/)
+
+
+### SANS
+
+* [SANS SEC760: Advanced Exploit Development for Penetration Testers](https://www.sans.org/course/advance-exploit-development-pentetration-testers)
+
+### Udemy
+
+* [Windows  exploit Development Megaprimer by Ajin Abraham](https://www.udemy.com/windows-exploit-development-megaprimer/learn/#/)
+
+## TOOLS
+
+* [IDA Pro](https://hex-rays.com/ida-pro/)
+* [x64dbg](https://x64dbg.com/)
+* [Ghidra](https://ghidra-sre.org/)
+* [pwndbg](https://github.com/pwndbg/pwndbg)
+* [WinDbg](https://www.microsoft.com/en-us/p/windbg-preview/9pgjgd53tn86?rtc=1#activetab=pivot:overviewtab)
+* [Mona.py](https://github.com/corelan/mona)
+
+
+## VULNERABLE APPLICATIONS
+
+### Exploit-exercises.com
+
+* https://exploit-exercises.com/protostar/ Protostar
+
+* https://exploit-exercises.com/fusion/  Fusion
+
+
+## EXPLOIT DATABASES
+
+
+* https://www.exploit-db.com
+
+* https://www.milw00rm.com
+
+* http://0day.today
+
+* https://packetstormsecurity.com
+
+* http://www.windowsexploits.com
+
+* http://iedb.ir
+
+* http://www.macexploit.com