Becoming A Exploit Developer & Vulnerability Researcher

This roadmap is meant to help guide me to becoming competent (and eventually master) the following skills:

• Binary Exploitation
• Reverse Engineering
• Systems Programming
• Vulnerability Research

https://github.com/seal9055/resources

https://ctf-wiki.org/pwn/linux/user-mode/environment/

Table of Contents

1. Fundamentals
2. Reverse Engineering
3. Binary Exploitation
4. Vulnerability Research
5. Systems Programming
6. Toolbox
7. Contributing & Feedback

Mindset & Methodology

• Process of mastering a skill
• The importance of deep work and the 30-hour method for learning a new skill
• Paradox of choice

Fundamentals

• Computer Architecture and Assembly
  • x86-64
  • RISC-V
  • ARM
• Programming
  • C
  • C++
  • Python
• Operating Systems
  • Linux internals (processes, memory management, syscalls)
    • Julia's Drawings
  • Basic Windows internals (PE format, WinAPI) — learn as needed for targets

---

Reverse Engineering

Resources

• Symbolic Analysis
  • Learn to analyze programs and determine which inputs cause which specific part of a program to execute.
• Debugging
  • GDB
    • Intro to gdb
  • Binary Ninja
    • Intro to binja
  • WinDbg
    • Intro to windbg
• Reversing C++ binaries
• Reverse Engineering 101 From malwareunicorn
  • Introduction to windows malware reverse engineering
• Reverse Engineering For Everyone

Challenges

• Flare On series
  • Solutions can be found on the website.
• Crackmes
  • A website for reverse engineering challenges.

---

Binary Exploitation

Each week do the following:

1. Pick a new exploit technique.
2. Learn the theory behind the exploit technique.
3. Read and follow CTF writeups that use that technique.
4. Play and solve 2 - 4 CTFs that use that technique.
5. Write a blog post and explain the technique, and also provide clear examples.

Resources

• Pwn College
• Nightmare
• lectures from University of Delaware on software exploitation
• Lectures from  UMass CyberSecurity Club
• https://www.lazenca.net/
  • Explanation of exploit techniques

Articles / Blog Posts

• low level exploitation by 0xdevil
• https://connormcgarr.github.io/
• voidsec.com
• Will's root
• Corelan
• gamozolabs

Heap

• StarCross
• how2heap
• ir0nstone's notes on heap exploitation

Kernel

• ir0nstone's notes on kernel exploitation
• Linux kernel exploitation series
• how2kernel
• Linux Kernel Pwn
• Another Linux kernel exploitation series
• Pwanyable

Challenges

1. Pwn Adventure Series by Vector35
   • PwnAdventure Sourcery (In Browser)
   • PwnAdventure 2
   • PwnAdventure 3 Solution Videos
     https://www.youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw9DnQtssdAwgG
2. Exploit Eduction
   • Phoenix
   • Nebula
   • Fusion
3. Rop Emporium
   • Practice Return Oriented Programming
4. PhrackCTF from Chompie/xforeced
   • Linux Userland
   • Windows Kernel
5. Wargames
   • https://wargames.ret2.systems/

---

Vulnerability Research

Resources

• Vulnerabilities
  • Vuln 1001
  • Vuln 1002
• CVE North Stars
  • Use freely available CVE information to learn become proficient in vulnerability analysis. This tutorial walks through practical CVE analysis, binary patch diffing, and root cause analysis.
• Off by one
  • Youtube channel with streams discussing vulnerability research, exploit development and reverse enginering.
• how to get started

Articles/Blog Posts

• Project zero
• Zero Day Initiative
• Star Labs

Real world case studies

FUZZING

• fuzzing.io
• Fuzzing101
• Guide to fuzz testing

Challenges

• Pick a old software and find vulnerabilities.

---

Systems Programming

Resources

• Linux kernel Dev

Toolbox

Category	Tools I'm Learning
Disassembler/Decompiler	Binary Ninja
Debugger	GDB (with GEF) and Radare2
Exploitation	Pwntools
RE Frameworks	angr (for symbolic execution) and Radare2

Contributing & Feedback

This is a personal roadmap. If you have an excellent resource or spot an inaccuracy, feel free to open an Issue. Let's learn together.