A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development

1. Books
2. Tutorials
3. Browser Exploitation
4. Kernel Exploiation
5. Courses
6. Tools
7. Vulnerable Applications
8. Exploit Databases

• Hacking - The art of exploitation

• A bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security

• The Shellcoder's Handbook: Discovering and Exploiting Security Holes

• Sockets, shellcode, Porting, and coding: reverse engineering Exploits and Tool coding for security professionals

• Writing Security tools and Exploits

• Buffer overflow attacks: Detect, exploit, Prevent

• Metasploit toolkit for Penetration Testing, exploit Development, and vulnerability research

• Binary Exploits for Linux
• Binary Exploits for Windows
• ARM Exploits

• PART 1 - Stack Based Overflow

• PART 2 - Stack Based Overflow

• PART 3 - SEH Exploits

• PART 3.5 - SEH Exploits

• PART 4 - Writing Metasploit Exploits

• PART 5 - Writing Debugger Plugins

• PART 6 - Bypass Stack Cookies, Safe SEH, DEP/NX, and ASLR

• PART 7 - Unicode Exploits

• PART 8 - Win32 Egg Hunting

• PART 9 - Win32 Shellcoding

• PART 10 - ROP Exploits

• PART 11 - Heap Spraying

• PART 12 - Writing Immunity Debugger Pycommands

• Ken Ward Zipper Exploit Write-Up On Abysssec.Com

• Exploiting Ken Ward Zipper : Taking advantage of payload conversion

• Hack Notes : ROP retn+offset and impact on stack setup

• Hack Notes : Ropping eggs for breakfast

• Universal DEP/ASLR bypass with msvcr71.dll and mona.py

• WOW64 Egg Hunter

• Debugging Fun – Putting a process to sleep()

• Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !

• Root Cause Analysis – Memory Corruption Vulnerabilities

• Heap Layout Visualization with mona.py and WinDBG

• DEPS – Precise Heap Spray on Firefox and IE10

• Root Cause Analysis – Integer Overflows

• Nightmare - guyinatuxedo
• Binary Exploitation Notes
• Modern Binary Exploitation - CSCI 4968
• Windows Exploitation - Fu11Shade

• Introduction To Software Exploits

• Exploits 2: Exploitation in the Windows Environment

• Exploit Research Megaprimer

• Buffer Overflow Exploitation For Linux Megaprimer

• Format String Vulnerabilities Megaprimer

• http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/

• https://samsclass.info/127/127_F15.shtml

• Windows Exploit Development – Part 1: The Basics

• Windows Exploit Development – Part 2: Intro to Stack Based Overflows

• Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules

• Windows Exploit Development – Part 4: Locating Shellcode With Jumps

• Windows Exploit Development – Part 5: Locating Shellcode With Egghunting

• Windows Exploit Development – Part 6: SEH Exploits

• Windows Exploit Development – Part 7: Unicode Buffer Overflows

• Native Code Crash Course

• The Browser Hacker's Handbook 1st Edition
• Awesome Browser Exploit GitHub Repo
• Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
• Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2)
• Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 3)

[TODO]

• https://www.corelan-training.com

• AWE (Advanced Windows exploitation)
• WUMED (Windows User Mode Exploit Development)

• XDS (Exploit Development Student)

• SANS SEC760: Advanced Exploit Development for Penetration Testers

• Windows exploit Development Megaprimer by Ajin Abraham

• IDA Pro
• x64dbg
• Ghidra
• pwndbg
• WinDbg
• Mona.py

• https://exploit-exercises.com/protostar/ Protostar

• https://exploit-exercises.com/fusion/ Fusion

• https://www.exploit-db.com

• https://www.milw00rm.com

• http://0day.today

• https://packetstormsecurity.com

• http://www.windowsexploits.com

• http://iedb.ir

• http://www.macexploit.com