Full Code of re-pronin/Awesome-Vulnerability-Research for AI

Repository: re-pronin/Awesome-Vulnerability-Research
Branch: master
Commit: cb5f7fa434d7
Files: 5
Total size: 58.3 KB

Directory structure:
gitextract_7lsl81bu/

├── CODE-OF-CONDUCT.md
├── CONTRIBUTING.md
├── GLOSSARY.md
├── LICENSE.md
└── README.md

================================================
FILE CONTENTS
================================================

================================================
FILE: CODE-OF-CONDUCT.md
================================================
# Contributor Covenant Code of Conduct

## Our Pledge

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.

## Our Standards

Examples of behavior that contributes to creating a positive environment
include:

* Using welcoming and inclusive language;
* Being respectful of differing viewpoints and experiences;
* Gracefully accepting constructive criticism;
* Focusing on what is best for the community;
* Showing empathy towards other community members.

Examples of unacceptable behavior by participants include:

* The use of sexualized language or imagery and unwelcome sexual attention or advances;
* Trolling, insulting/derogatory comments, and personal or political attacks;
* Public or private harassment;
* Publishing others' private information, such as a physical or electronic address, without explicit permission;
* Other conduct which could reasonably be considered inappropriate in a professional setting.

## Our Responsibilities

Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.

Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.

## Scope

This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project maintainer at serhii.pronin@protonmail.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant][homepage], 
version 1.4, available at [http://contributor-covenant.org/version/1/4][version]

[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/


================================================
FILE: CONTRIBUTING.md
================================================
Appreciate and recognize [all contributors](https://github.com/re-pronin/Awesome-Vulnerability-Research/graphs/contributors). Please note that this project is released with a [Contributor Code of Conduct](https://github.com/re-pronin/Awesome-Vulnerability-Research/blob/master/CODE-OF-CONDUCT.md).

By participating in this project you agree to abide by its terms.

# Table of Contents

- [`Awesome-Vulnerability-Research` Contribution Guidelines](#contribution-guidelines)
- [Quality Standard](#quality-standard)
- [Adding to this list](#adding-to-this-list)
- [Adding something to an awesome list](#adding-something-to-an-awesome-list)
- [Updating your Pull Request](#updating-your-pull-request)

# Contribution Guidelines

- **To add to the list:** Submit a pull request
- **To remove from the list:** Submit a pull request
- want to change something: Submit a pull request
- want to try something else: Submit a pull request
- don't know what to do: Submit a pull request or open an issue, let us know what's going on.

`Awesome-Vulnerability-Research` is a hand-crafted list for high-quality information about vulnerability researching and its resources. It would be nice if it is related or compatible with vulnerability research in some way. But if it's awesome, let's us know why and you're on!

- Each item should be limited to one link, no duplicates, no redirection (careful with `http` vs `https`!);
- The link should be the name of the slide or project or website;
- Description should be clear and concise (read it out loud to be sure);
- Description should follow the link, on the same line;
- if you want to add more than one link, please don't do all PR on the exact same line, it usually results in conflicts and your PR cannot be automatically merged...

Please contribute links to slides/projects you have used or are familiar with. This will help ensure high-quality entries.

# Quality standard

Note that I can help you achieve those standards, just try your best, be brave.
I'll guide you to the best of our abilities.

To be on the list, it would be *nice* if entries adhere to these quality standards:

- Generally useful to the community
- Clearly stating "what is it for": mention the problem it solves. Just try your best, make it clear for the next person.
- Solves a real problem (even a small one)
- if it is a **WIP** (work in progress, not safe for production), mention it.

If your PR is not merged, I will let you know why so that you may be able to improve it.

# Awesome Related Contribution Guidelines

## Adding to this list

Please ensure your pull request adheres to the following guidelines:

- Search previous suggestions before making a new one, as yours may be a duplicate.
- Make sure the list is useful before submitting. That implies it has enough content and every item has a good succinct description.
- Make an individual pull request for each suggestion.
- Use [title-casing](http://titlecapitalization.com) (AP style).
- Use the following format: `[List Name](link)`
- Link additions should be added to the bottom of the relevant category.
- New categories or improvements to the existing categorization are welcome.
- Check your spelling and grammar.
- Make sure your text editor is set to remove trailing whitespace.
- The pull request and commit should have a useful title.
- The body of your commit message should contain a link to the repository.

Thank you for your suggestions!

## Adding something to an awesome list

If you have something awesome to contribute to an awesome list, this is how you do it.

You'll need a [GitHub account](https://github.com/join)!

1. Access the awesome list's GitHub page. For example: https://github.com/sindresorhus/awesome
2. Click on the `readme.md` file: ![Step 2 Click on Readme.md](https://cloud.githubusercontent.com/assets/170270/9402920/53a7e3ea-480c-11e5-9d81-aecf64be55eb.png)
3. Now click on the edit icon. ![Step 3 - Click on Edit](https://cloud.githubusercontent.com/assets/170270/9402927/6506af22-480c-11e5-8c18-7ea823530099.png)
4. You can start editing the text of the file in the in-browser editor. Make sure you follow guidelines above. You can use [GitHub Flavored Markdown](https://help.github.com/articles/github-flavored-markdown/). ![Step 4 - Edit the file](https://cloud.githubusercontent.com/assets/170270/9402932/7301c3a0-480c-11e5-81f5-7e343b71674f.png)
5. Say why you're proposing the changes, and then click on "Propose file change". ![Step 5 - Propose Changes](https://cloud.githubusercontent.com/assets/170270/9402937/7dd0652a-480c-11e5-9138-bd14244593d5.png)
6. Submit the [pull request](https://help.github.com/articles/using-pull-requests/)!

## Updating your Pull Request

Sometimes, a maintainer of an awesome list will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the awesome-* list guidelines.

[Here](https://github.com/RichardLitt/docs/blob/master/amending-a-commit-guide.md) is a write up on how to change a Pull Request, and the different ways you can do that.


================================================
FILE: GLOSSARY.md
================================================
## Glossary

There are many technical terms in the linked materials and the Awesome Vulnearbility Research itself, and they might sometimes be hard to keep straight. As such, there are accumulated definitions of terms explained below.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### A

* **Abstraction** - With reference to a program's semantics, an abstraction is an approximation. All valid behaviors of the program are represented by the abstraction, but invalid ones may be too.

* **Abuse case** - A scenario that details a potential security failure if some defense is not put in place. Used during the design phase to motivate and justify security-related design decisions.

* **Access control** - A kind of security policy that governs what principals have access to resources, and what kind of access (e.g., read vs. write) is allowed. There are different kinds of access control policies, e.g., role-based policies vs. discretionary policies.

* **Address space** - The range of possible (physical or virtual) addresses available to a process or system.

* **Address Space Layout Randomization (ASLR)** - This is a technique by which the starting address of memory areas is chosen randomly when a process is executed. Such randomization makes it harder to perform attacks which might otherwise rely on addresses not changing.

* **Alias** - An alias is another name for the same thing. In programming, this comes up with pointers: a program may have two pointers to the same object, where one pointer is an alias for the other.

* **Architecture** - Short for "computer architecture." Refers to the hardware computing platform that runs programs, which notably consists of a central processing unit (CPU), memory, and peripherals.

* **Audit** - The process of determining whether a security breach has occurred, and how. A system must be built to be auditable, e.g., by logging security-relevant data. Can also refer to the process of studying a system for vulnerabilities.

* **Authentication** - The process by which the purported identity of an actor is confirmed. Examples include password checking and biometric scanning.

* **Authorization** - The process by which a principal's proposed action is determined to be acceptable, or not, according to a system's security policy.

* **Availability** - Refers to a classic security requirement about a system's operation; a system is available if it can be accessed by authorized principals when sought. A violation of availability is often called a denial of service.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### B

* **Basic block** - A sequence of statements in a program where control always begins at the start of the block, and flows from one statement to the next, until the last statement, which ends with a branch (to a different basic block), or halt instruction.

* **Big endian** - Big-endian systems store the most significant byte of a word in the smallest address and the least significant byte is stored in the largest address.

* **Blacklist** - A collection of possibly harmful elements that are checked, removed, or modified during input validation

* **Branch** - A non-sequential control transfer. Branches can be conditional --- they occur only if a condition is met --- or unconditional (sometimes referred to as "jumps").

* **Buffer overflow** - A vulnerability in a program in which an attacker can cause a pointer to access outside of the intended bounds of the buffer it points to. Sometimes this term more narrowly refers to the act of writing beyond the bounds of a buffer, but in this course we use it more generally to include reads as well.

* **Bug** - A bug is a coding mistake in a program that causes it to behave incorrectly and/or insecurely.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### C

* **Call graph** - a graphical representation of the program where nodes are functions and edges indicate that source node's function could call the target node's function.

* **Capability** - a communicable, unforgeable (or hard to forge) token of authority.

* **Chown** - A system call by which one process can change the owner of a file to a different principal.

* **Chroot** - A system call by which the current process's current working directory is made to look like the root directory of the file system, making inaccessible all the directories that are not descendants of the current directory.

* **Client** - one role in a communicating pair (the other being the server), usually initiating the communication by requesting a service.

* **Complete mediation** - A requirement of a secure computer system: all security-relevant actions must mediated so they can be authorized, or there can be a breach of security.

* **Compiler** - A compiler is a program that translates a program written in one language into an equivalent program in another language. Typically, a compiler takes a program in a high-level language, like C or FORTRAN, and compiles it to a program into the language of a particular processor, which can then run that program.

* **Completeness** - A complete analysis is one that, if some property X is true, then analysis says X is true. As applied to static analysis, we interpret completeness to mean: if the analysis says that there is a bug, then there really is one; i.e., there are no false positives.

* **Concolic execution** - A kind of symbolic execution in which we run the program concretely, but keep track of symbolic values and the path condition "on the side". When the program terminates, this information can be used to generate a test that will take the program down a different path.

* **Confidentiality** - Refers to a classic security requirement about a system's data; data enjoys confidentiality if it cannot be learned by an unauthorized principal. Also referred to as secrecy and privacy (where the latter is used when referring to an individual)

* **Constraint graph** - An abstraction of a program that expresses directional constraints on its behavior. For example, when considering flow analysis, constraints indicate whether data can flow form one variable/position to another, and all constraints together can be visualized as a graph.

* **Context sensitivity** - A feature that adds precision to a static analysis whereby a call to a function from one part of the program can be distinguished (i.e., analyzed separately from) another call.

* **Control flow graph (CFG)** - a graphical representation of the program, where nodes in the graph are basic blocks, and edges indicate the possibility of control transferring from the source block to the target block.

* **Control flow integrity (CFI)** - This is a property of a program execution. An execution satisfies control flow integrity if it conforms to a model of the program's control flow, determined in advance. Typically this model is a control-flow graph. CFI is often enforced as an in-line reference monitor.

* **Cookie** - a piece of data associated with a particular web host and stored by the client's browser. Sent along with subsequent requests to that host. Used to implement sessions and personalization, and privacy-threatening tracking.

* **Cross-site Request Forgery (CSRF)** - An attack by which a browser is induced by one site to submit a request to another site to perform an illicit action.

* **Cross-site Scripting (XSS)** - An attack whose goal is to get a browser to execute a Javascript program originating at one site to execute with the privileges (according to the same-origin policy) of another site.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### D

* **Dangling pointer** - A dangling pointer is a pointer to memory that has been deallocated. Sometimes also called a stale pointer. A dangling pointer dereference is a bug that occurs when the program tries to access the memory pointed to by a dangling pointer.

* **Data execution prevention (DEP)** - DEP is a service provided by the hardware and/or operating system that enforces memory can either be writeable or executable, not both. With DEP enabled, attacker-provided buffers cannot be executed directly, and thus cannot (usefully) contain code. DEP does not prevent return-to-libc or ROP attacks, which use code already in the program.

* **Defect** - A defect is a problem in a software system. The problem could be either in the design of the system, in which case we call it a flaw, or in the implementation, in which case we call it a bug

* **Dereference** - To dereference a pointer means to either read or write the memory that the pointer points to

* **Direct call** - A call or jump to a target where the target is a constant. For example, the call printf("hello\n") directly calls the printf function.

* **Dynamic analysis** - An analysis of a program's execution, often designed to find bugs. Oftentimes this analysis happens concurrently with the execution, and may terminate that execution if it observes illegal behavior.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### E

* **Endiannness** - Identifies the order that bytes are stored in memory to make up a multi-byte value. Can be either little endian or big endian.

* **Environment variables** - These are variables whose (string) values are tracked by command shell. Environment variables are passed to programs that are spawned from the shell, along with the command-line arguments.

* **Escaping** - The process of transforming a string, altering characters that might be interpreted as control characters in the current context to be inert. For example, a user string containing a < would be escaped in an HTML context to instead be &lt;

* **Exploit** - An exploit is a series of steps by which an adversary interacts with a system to turn a vulnerability, or vulnerabilities, in the system into an attack whose outcome is to his advantage.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### F

* **File Transfer Protocol (FTP)** - An application layer protocol for transferring files.

* **Flaw** - A flaw is a (possibly security-relevant) defect in the design of a system.

* **Flow analysis** - A kind of static analysis that determines whether values from one position in the program could reach, or flow to, another position in the program.

* **Flow sensitivity** - A feature that adds precision to a static analysis whereby the order of the statements in the program is taken into account; a flow-insensitive analysis supposes that program statements could occur in any order.

* **Fork** - The act of a process creating a new process that is a duplicate of itself; the new process is called the child, and the forking process is called the parent. A typical action of the child process is to immediately use the exec system call to convert itself to run a different program.

* **Format string** - A format string is a descriptor used by the C printf famliy of functions to describe how the provided arguments should be formatted.

* **Format specifier** - A format specifier is one element of a format string that describes how particular arguments should be interpreted, when printed.

* **Frame pointer** - It is typical on the x86 to for the compiler to dedicate the %ebp register as the frame pointer. It contains the address of the start of the area in a stack frame at which the local variables are stored.

* **Fuzzing (or fuzz testing)** - A kind of random testing whose aim to induce a system to fail, where the expectation is that some of these bugs will be security relevant

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### G

* **Gadget** - the name of a code block used in return oriented programming. Such blocks end in return instructions, and return-oriented programs string together gadgets to provide complete functionality.

* **GET** - a kind of HTTP request, used to retrieve a resource from a remote site.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### H

* **Halting problem** - The halting problem is the problem of determining, for an arbitrary program and input, whether the program will finish running or continue to run forever. This problem is known to be undecidable.

* **Heap** - An area of memory in a process responsible for storing dynamically allocated data, which the size and lifetime of that data is determined by information that is not known until run time. (Not to be confused with the heap tree-based data structure.)

* **Hidden Form Field** - A field in an HTML form that is not displayed; it is often used to track hidden state.

* **Hyperlink** - An element of a hypertext document that references, or links, a remote document.

* **Hypertext** - Indicates text that contains hyperlinks, which reference other, related documents.

* **Hypertext Transfer Protocol (HTTP)** - The protocol that underlies the World Wide Web (WWW). The protocol consists of requests from clients (either GET, or POST, usually), and responses from servers.

* **Hypertext Markup Language (HTML)** - The core language of documents served by the `WWW`. Browsers render these documents and permit interacting with them.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### I

* **Immutability** - a memory region is immutable if it cannot be changed. For example, the text segment is often immutable.

* **Indirect call** - A call or jump to a target where the target can vary at run-time. For example, calls to function pointers (in C), and virtual method calls (in C++ and Java) are indirect.

* **In-line reference monitor (IRM)** - An IRM checks that a program's behavior corresponds to a security policy, and is implemented as part of the program, i.e., is "in-lined" within it.

* **Instruction pointer**  - A register that contains the address of the currently executing instruction. On the x86, the instruction pointer is stored in the %eip register.

* **Instruction set** - The set of instruction types that can be executed by a particular computer architecture. There are different styles of instruction set; two common ones are CISC (Complex Instruction Set Computer) and RISC (Reduced Instruction Set Computing).

* **Integrity** - Refers to a classic security requirement about a system's data; data enjoys integrity if it cannot be modified or influenced by an unauthorized principal

* **Internet Control Message Protocol (ICMP)** - A messaging protocol used for network diagnostics

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### J

* **Javascript** - A programming language used to write scripts (small programs) embedded in web pages, which run at the browser. The harbinger of Web 2.0.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### K

* **Keylogging** - The process of logging keystrokes on a machine, usually carried out surreptitiously by malware, with the goal of stealing information like passwords

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### L

* **Lattice** - A lattice is a partially ordered set such that each pair of elements in the set has a unique least upper bounds and a unique greatest lower bound. Lattices are often a foundation of static flow analysis.

* **Least privilege** - A classic security principal; this principle dictates that a subsystem should be given only the privilege it needs, and no more, to carry out its responsibilities. Limiting privilege limits damage if the subsystem is compromised.

* **Little Endian** - Little-endian systems store the least significant byte of a word in the smallest address, and the most significant byte in the largest address.

* **LLVM** - The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. <http://llvm.org/>

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### M

* **Memory safety** - A program execution is memory safe it is both spatially safe and temporally safe (these terms are elsewhere in this glossary).

* **Multi-factor authentication (MFA)** - Authentication protocols typically test multiple factors, e.g., what a purported principal knows, is, or has. Multi-factor authentication involves testing multiple factors, not just one. For example, it may ask for a password (what you know) and a text message (what you have -- a phone).

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### N

* **Nop sled** - A nop sled is a sequence of "no-op" instructions. It is an element of an exploit that is useful when the exact address of injected shellcode is not known. The nop sled precedes the shellcode, so landing anywhere in the sled will drive the program toward the shellcode.

* **NUL terminator** - The character, a zero (or NUL) used to terminate a C string.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### O

* **Operating system** - A program that supports a computer's basic functions, which include starting, scheduling, and managing processes, and mediating access by those processes to input/output devices, like the stable storage (disk) and the network.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### P

* **Parse tree** - A representation of how a string is parsed according to a particular grammar, which identifies the structural elements of that string.

* **Path sensitivity** - A feature that adds precision to a static analysis whereby the order of the statements in the program is taken into account, as is the set of conditionals that have been followed. As such, it is strictly more precise than a flow-sensitive analysis.

* **Payload** - The data injected into a vulnerable program to perform an exploit

* **Penetration testing** - A means to assess the security of a complete system (or network of systems) by actively trying to find exploitable vulnerabilities.

* **Phishing** - An attack against a user, whereby the attacker masquerades as a trusted authority in an attempt to convince the user to reveal secret information or otherwise compromise something of value.

* **Physical address** - An address to a location in physical memory.

* **POST** - A HTTP request type, used to submit information to a remote server, e.g., when filling out a form as part of a request.

* **Precision** - In reference to static analysis, precision refers to faithfulness of the analysis's abstraction to the true semantics of a program: the more precise, the less abstract (and more faithful) is the analysis.

* **Primitives** - In computing, language primitives are the simplest elements available in a programming language. A primitive is the smallest "unit of processing" available to a programmer of a given machine, or can be an atomic element of an expression in a language.

* **Principal** - The subject, or actor, in a security policy, which dictates what actions the subject can perform. A principal can be a person, a computer program, a role, etc.

* **Process** - A process is an instance of a program in execution. Starting, running, and handling the termination of a process is the responsibility of the operating system.

* **Program** - A program is a series of instructions for carrying out some task.

* **Program counter** - Another name for the instruction pointer

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### Q

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### R

* **Random testing** - A kind of testing that uses randomly generated inputs. Such tests may be fully automatic (as with fuzz testing), or may include pre-conditions on the input and assertions on the output.

* **Replay attack** - A kind of attack that involves replaying a recorded message in an attempt to effect, again, an action carried out previously.

* **Return address** - The address to which to restore the instruction pointer when the current function returns. This address is stored on the stack when using the standard x86 calling convention.

* **Return to libc** - This is a style of exploit that aims to get a program to run code already in the program by returning to it (e.g., through an overwritten return address). A typical retun-to-libc attack is to get the program to run the system() library call (e.g., to produce a remote shell controlled by the attacker).

* **Return oriented programming (ROP)** - This is a generalization of return-to-libc attacks, in that the attack may return to arbitrary positions, not just the start of functions, that can be sequenced together by return calls to induced attacker-preferred behavior.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### S

* **Same Origin Policy (SOP)** - A key security policy protecting resources (like cookies and web pages) originating from one web site from running Javascript code that originates from another site.

* **Sanitization** - The process of removing or replacing potentially harmful elements from untrusted input.

* **Satisfiability (SAT) solver** - A program that solves satisfiability constraints, which are simply boolean constraints C, involving variables (X), constants (true and false), conjunctions (C1 and C2), disjunctions (C1 or C2), and negations (not C).

* **SAT modulo theories (SMT) solver** - A program that solves satisfiability constraints coupled with constraints drawn from different theories, such as the theory of linear arithmetic, arrays, and uninterpreted functions. SMT solvers for the core of the automated reasoning portion of many automated analyses.

* **Scanner** - A tool that scans a network aiming to discover hosts and services they might be running. An example scanner is NMAP.

* **Scalability** - In reference to a static analysis, scalability refers to the analysis's ability to work effectively on large programs, and/or programs with sophisticated features.

* **SecComp** - A Linux system call by which a process's ability to carry out certain system calls is reduced. Implements the principle of least privilege.

* **Semantics** - The semantics of a program is its meaning; i.e., what actions it may perform or outputs it may prod\uce in response to certain inputs.

* **Server** - one role in a communicating pair (the other being the client). The server receives requests and provides service of some sort in response.

* **Shell** - The shell is the command prompt on Unix systems. In actuality it is an interpreter for a small "scripting" language whose aim is start, stop, compose, and otherwise work with processes.

* **Shellcode** - Shellcode is code that the attacker would like to inject when exploiting a vulnerability, such as a buffer overflow.

* **Sink** - In reference to flow analysis, a sink is a possible destination of a data flow.

* **Soundness** - A sound analysis is one that, if the analysis says that X is true, then X is true. As applied to static analysis, we interpret soundness to mean: if the analysis claims a program is error free, then it really is; i.e., there are no false negatives.

* **Source** - In reference to flow analysis, a sink is a possible starting point of a data flow.

* **Spatial safety** - A program execution is spatially safe if it does not use a pointer to access memory not "owned" by that pointer. Roughly speaking, a pointer owns the memory it points to if the pointer was constructed by legal means, and subsequent manipulations (e.g., pointer arithmetic) have not caused it to point outside those bounds. Memory safety implies spatial safety.

* **Spear phishing** - A kind of phishing that is targeted at a particular user or group of users, using targeted information to appear more convincing.

* **SQL Injection** - An attack which can effect the execution of SQL code where instead data was expected

* **Stack** - Short for "call stack", which is an area of memory in a process responsible for storing information pertaining to the active functions. The stack stores a series of stack frames, one per active function call. These are pushed onto the stack when a function is called, and popped when the function returns.

* **Stack canary** - this is a special value written to a stack frame that is used to detect evidence of a stack smashing attack. When a function goes to return, it checks that the stack canary is still intact; if not, an attack may have overflowed over it.

* **Stack frame** - A group of data on the stack that is associated with a particular function call. In the x86 standard calling convention, the stack frame stores the arguments passed to the function, the function's local variables, and other metadata about the call, such as the frame pointer and return address.

* **Stack pointer** - This is the address of the logical top of the stack. On the x86 architecture it is typically stored in the %esp register.

* **Static anaysi** - An algorithm that analyzes a computer program without running it in order to determine some property (or many properties) about its executions.

* **Static data area** - The area of memory in a process that stores the program's global variables.

* **Static single assignment (SSA) form** - Programs in SSA form may not assign to a variable more than once (a "static single assignment"). Programs in such form make them easier to analysis, particularly when one is interested in flow sensitivity.

* **Structured Query Language (SQL)** - A special-purpose programming language designed for managing (querying, updating, inserting, and deleting) data held in a relational database management system (RDBMS).

* **Symbolic execution** A technique for automated program analysis in which certain variables are treated as symbolic, rather than as having concrete values. Symbolic exectuion falls somewhere between testing (in a sense you are "running" the programs) and static analysis (each run represents many concrete runs).

* **SYN and SYN/ACK - Two particular packets in the TCP connection setup protocol

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### T

* **Temporal safety** - A program execution is temporally safe it does not use undefined memory. Undefined memory has either never been allocated, or has been allocated but then freed. Memory safety implies temporal safety. See this blog post for details.

* **Text segment** - The area of memory in a process that stores the program code.

* **Transmission Control Protocol (TCP)** - TCP is one of the core protocols of the Internet protocol suite (IP), and provides reliable, streaming data delivery (overtop an unreliable medium).

* **Trusted computing base (TCB)** - The portion of a system that must be trusted if the system's operation is to be secure. Ideally, the trusted computing base is small and simple, so that trust placed in it is warranted.

* **Turing completeness** - A Turing complete system or language is one that can simulate a single-taped Turing machine. Such a machine is known to be very computationally expressive, so the Turing completeness of a system shows that it is similarly very expressive.

* **Type inference** - A kind of static analysis whose goal is to assign a type to a program fragment (like a variable or function). Types may be standard language types (like int or float) or enhanced types expressing other program properties (like tainted int or untainted float).

* **Type safety** - Type safety is a consistency property of a programming language: it states that programs accepted by the language's type system are also well-defined. What this means depends on the type system. See this blog post for more detail.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### U

* **Undecidability** - An undecidable problem is a decision problem for which it is known to be impossible to construct a single algorithm that always leads to a correct yes-or-no answer. The halting problem is an example of an undecidable problem.

* **Universal Resource Locator (URL)** - The name of a document on the WWW. Consists of three parts: the protocol by which the document can be retrieved; the host at which the document is located; and the path at that host that names the document.

* **User Datagram Protocol (UDP)** - A protocol that supports unreliable packet delivery over IP

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### V

* **Virtual address** - An address used by a process to access memory; this address is translated by the hardware, with help from the operating system, to an actual physical memory address. Virtual memory is useful for allowing processes to always have the same address space no matter what physical memory they actual use when running. They also give the illusion that the process has more memory than it actually does.

* **Vulnerability** - A bug in a program that could potentially be exploited by an attacker to compromise security in some fashion.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### W

* **Web proxy** - A program that intercepts traffic sent between a web browser and web server, providing the capability to record it, modify it and/or forward it, etc. Examples include the Burp suite, and OWASP ZAP.

* **Web spider (Crawler)** - A program that explores the structure of a web site (or set of sites), following links from one page to the next, to create a model of the overall network of web pages. Burp Suite and OWASP ZAP both implement Spider functionality.

* **Whitelist** - A collection of known-good elements against which untrusted input is validated; non-whitelisted elements are rejected.

* **Worldwide Web (WWW)** - Refers to the collection of servers that communicate HTML documents via HTTP, over the Internet.

* **W xor X** - Stands for "Writable or executable, but not both". Another name for Data Execution Prevention (DEP).

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### X

* **XSS** - Stands for cross-site scripting.

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### Y

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)

### Z

Back to the [Awesome Vulnearbility Reseacrh](https://github.com/re-pronin/Awesome-Vulnerability-Research)


================================================
FILE: LICENSE.md
================================================
# License

This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](http://creativecommons.org/licenses/by-sa/4.0/deed.en_US).

## Overview

### What This Means

#### You are Free To:
* **Share** — copy and redistribute the material in any medium or format
* **Adapt** — remix, transform, and build upon the material for any purpose, even commercially.

The licensor cannot revoke these freedoms as long as you follow the license terms.

#### Under The Following Terms:

* **Attribution** — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

* **ShareAlike** — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

* **No additional restrictions** — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

#### Notices

You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation.

No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.

### Full License

The full Creative Commons Attribution-ShareAlike 4.0 International License can be viewed at [creativecommons.org](http://creativecommons.org/licenses/by-sa/4.0/legalcode). We recommend [reviewing it in its totality](http://creativecommons.org/licenses/by-sa/4.0/legalcode) especially if planning to use project materials for commercial purposes.


================================================
FILE: README.md
================================================
# Awesome Vulnerability Research [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

## 🦄 A curated list of the awesome resources about the Vulnerability Research

> First things first:
> There are no exploits in this project. `Vulnerabilities != Exploits` A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious about then you’ll find **your own way** to discover a flow, this list aimed to help you **find it faster**.

Maintained by [Sergey Pronin](https://github.com/sergey-pronin) with contributions from the [community](https://github.com/securitychampions).
Become the next 🌟 [stargazer](https://github.com/securitychampions/Awesome-Vulnerability-Research/stargazers) or ✍️ [contributor](#contributing).  

[![Made With Passion](https://img.shields.io/badge/made%20with-passion-red.svg)](https://github.com/sergey-pronin)
[![License CC-BY-SA-4.0](https://img.shields.io/badge/license-CC--BY--SA--4.0-green.svg)](#license)
[![GitHub Stars](https://img.shields.io/github/stars/securitychampions/Awesome-Vulnerability-Research.svg)](https://github.com/securitychampions/awesome-vulnerability-research/stargazers)

Vulnerability Research is the process of analyzing a product, protocol, or algorithm - or set of related products - to find, understand or exploit one or more vulnerabilities. Vulnerability research can but does not always involve reverse engineering, code review, static and dynamic analysis, fuzzing and debugging.

## Purpose

Currently, there is **way more** insecure code out there than researchers. Much more people looking at code that’s deployed in the real world are required by the market. This project exists to share a different awesome sources of information with you and encourage more people to get involved. Here you will find books and articles, online classes, recommended tools, write-ups, methodologies and tutorials, people to follow, and more cool stuff about Vulnerability Research and tinkering with application execution flow in general.

## Contributing

This List is published according to the *"Done is better than Perfect"* approach, so your contributions and suggestions are very valuable and are always welcome! There are two options:
1. Use the standard method of forking this repo, making your changes and [doing a pull request](https://github.com/securitychampions/Awesome-Vulnerability-Research/pulls) to have your content added. Please check the [Contributing Guideline](CONTRIBUTING.md) for more details.
2. Occasionally, if you just want to copy/paste your content, I'll take that too! [Create an "Issue"](https://github.com/securitychampions/Awesome-Vulnerability-Research/issues) with your suggestions and I will add it for you.

---
**Legend**:
* 🌟: Most Awesome
* 💰: Costs Money
* 🔥: Hot Stuff
* 🎁: For FREE
---
## Contents

* [Awesome Vulnerability Research](#awesome-vulnerability-research-)
* [Purpose](#purpose)
* [Contributing](#contributing)
* [Advisories](#advisories)
    - [Articles](#articles)
    - [Books](#books)
    - [Classes](#classes)
    - [Conferences](#conferences)
    - [Conference talks](#conference-talks)
    - [Intentionally vulnerable packages](#intentionally-vulnerable-packages)
    - [Mailing lists and Newsletters](#mailing-lists-and-newsletters)
    - [Presentations](#presentations)
    - [Podcasts and Episodes](#podcasts-and-episodes)
    - [Relevant Standards](relevant-standards)
    - [Research Papers](#research-papers)
        + [Whitepapers](#whitepapers)
        + [Individual researchers](#individual-researchers)
    - [Tools and Projects](#tools-and-projects)
        + [GitHub repos](#github-repos)
    - [Tutorials](#tutorials)
    - [Videos](#videos)
    - [Vendor’s bug databases](#vendors-bug-databases)
    - [Vulnerability databases](vulnerability-databases)
    - [Wargames and CTFs](#wargames-and-ctfs)
    - [Websites](#websites)
        + [Blogs](#blogs)
    - [Who to Follow](#who-to-follow)
    - [Miscellaneous Advisories](#miscellaneous-advisories)
* [Companies and Jobs](#companies-and-jobs)
* [Coordinated Disclosure](#coordinated-disclosure)
* [Common Lists](#common-lists)
    - [Awesome Lists](#awesome-lists)
    - [Other Lists](#other-lists)
* [Thanks](#thanks)
* [Glossary](GLOSSARY.md)  
* [License](#license)

## Advisories

[Back to Contents](#contents)

### Articles

* [Super Awesome Fuzzing, Part One](https://labsblog.f-secure.com/2017/06/22/super-awesome-fuzzing-part-one/) - by [Atte Kettunen](#twitter) and Eero Kurimo, 2017
* [From Fuzzing Apache httpd Server to CVE-2017-7668 and a $1500 Bounty](https://animal0day.blogspot.co.uk/2017/07/from-fuzzing-apache-httpd-server-to-cve.html) - by Javier Jiménez, 2017
*   [Root cause analysis of integer flow](https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/) - by [Corelan Team](#websites), 2013

[Back to Contents](#contents)

### Books
* 🌟[The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426) - by Mark Dowd, John McDonald, Justin Schuh - published 2006, ISBN-13: 978-0321444424 / ISBN-10: 9780321444424
* 🌟[The Shellcoder's Handbook: Discovering and Exploiting Security Holes](https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/) - by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte - published 2007, 2nd Edition, ISBN-13: 978-0470080238 / ISBN-10: 047008023X

[Back to Contents](#contents)

### Classes
* [Advanced Windows Exploitation (AWE)](https://www.offensive-security.com/information-security-training/advanced-windows-exploitation/) - by Offensive Security with complementary OSEE (Offensive Security Exploitation Expert) Certification
* [Cracking The Perimeter (CTP)](https://www.offensive-security.com/information-security-training/cracking-the-perimeter/) - by Offensive Security, with complementary OSCE (Offensive Security Certified Expert) Certification
* 🎁[Modern Binary Exploitation (CSCI 4968)](https://github.com/RPISEC/MBE) - by RPISEC at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.
* [Software Security Course on Coursera](https://www.coursera.org/learn/software-security/) - by University of Maryland.
* [Offensive Computer Security](http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) - by W. Owen Redwood and Prof. Xiuwen Liu.

[Back to Contents](#contents)

### Conferences

* 🌟[DEF CON](https://defcon.org/) - Las Vegas, NV, USA
* [Black Hat](https://www.blackhat.com/) - Las Vegas, NV, USA
* [Black Hat Europe](https://www.blackhat.com/upcoming.html) - London, UK //🔥Join [me](https://github.com/sergey-pronin) this year on [Dec, 7-10, 2020](https://www.blackhat.com/eu-20/)!
* [Black Hat Asia](https://www.blackhat.com/upcoming.html) - Singapore
* 🎁[BSides](http://www.securitybsides.com/) - Worldwide
* [BruCON](http://brucon.org/) - Brussels, Belgium
* 🌟[Chaos Communication Congress (CCC)](https://www.ccc.de/en/) - Hamburg, Germany
* [Code Blue](https://codeblue.jp/) - Tokyo, Japan
* [Nullcon](http://nullcon.net/) - Goa, India
* [44CON](https://44con.com/) - London, UK
* [AppSecUSA](https://appsecusa.org/) - Washington DC 
* [OWASP AppSec EU](https://2017.appsec.eu/) - Europewide
* [Positive Hack Days](https://www.phdays.com/) - Moscow, Russia
* 🌟[ZeroNights](https://zeronights.org) - Moscow, Russia
* 🌟[WarCon](http://warcon.pl/) - Warsaw, Poland

[Back to Contents](#contents)

### Conference talks

* 🌟[Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game](https://www.youtube.com/watch?v=UYgBLUhHrCw) - by [Joshua Drake](#twitter) and [Steve Christey Coley](#twitter) at [DEFCON](#confernces) 24, 2016
* [Writing Vulnerability Reports that Maximize Your Bounty Payouts](https://www.youtube.com/watch?v=zyp2DoBqaO0) - by [Kymberlee Price](#twitter), originally presented at [Nullcon](#conferences), 2016
* [Browser Bug Hunting: Memoirs of a Last Man Standing](https://vimeo.com/109380793), by [Atte Kettunen](#twitter), presented at [44CON](#conferences), 2013

[Back to Contents](#contents)

### Intentionally vulnerable packages

* [HackSys Extreme Vulnerable Windows Driver](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver)

[Back to Contents](#contents)

### Mailing lists and Newsletters

[Back to Contents](#contents)

### Presentations

* 🌟[Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game [PDF]](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEF%20CON%2024%20-%20Drake-Christey-Vulnerabilities-101-UPDATED.pdf) - by [Joshua Drake](#twitter) and [Steve Christey Coley](#twitter) at [DEFCON](#confernces) 24, 2016
* 🌟[Effective File Format Fuzzing [PDF]](http://j00ru.vexillium.org/slides/2016/blackhat.pdf) - by [Mateusz “j00ru” Jurczyk](#twitter) presented at [BlackHat EU](#confernces), 2016
* [Bootstrapping A Security Research Project [PDF]](https://speakerd.s3.amazonaws.com/presentations/282c314b75404805b01825a73586ed27/Bootstrap_Research_-_SOURCEBoston2016.pdf) or [Speaker Deck](https://speakerdeck.com/andrewsmhay/source-boston-2016-bootstrapping-a-security-research-project) - by [Andrew M. Hay](#twitter) at SOURCE Boston, 2016
* [Bug Hunting with Static Code Analysis [PDF]](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-bug-hunting-with-static-code-analysis-bsides-2016.pdf) - by Nick Jones, MWR Labs, 2016 

[Back to Contents](#contents)

### Podcasts and Episodes

#### Podcasts

[Back to Contents](#contents)

#### Episodes

[Back to Contents](#contents)

### Relevant Standards

* [CVE](https://cve.mitre.org/) - Common Vulnerabilities and Exposures, maintained by the [MITRE Corporation](https://www.mitre.org/)
* [CWE](https://cwe.mitre.org/) - Common Weakness Enumeration, maintained by the [MITRE Corporation](https://www.mitre.org/)
* [CVSS](https://www.first.org/cvss/) - Common Vulnerability Scoring System, maintained by [FIRST (Forum of Incident Response and Security Teams)](https://www.first.org/)

[Back to Contents](#contents)

#### Miscellaneous Documents

* 💰[ISO/IEC 29147:2014](https://www.iso.org/standard/45170.html) - Vulnerability Disclosure Standard
* [RFPolicy 2.0](https://dl.packetstormsecurity.net/papers/general/rfpolicy-2.0.txt) - Full Disclosure Policy (RFPolicy) v2.0 by [Packet Storm](https://packetstormsecurity.com/)

[Back to Contents](#contents)

### Research Papers

#### Whitepapers

* 🔥[TSIG Authentication Bypass Through Signature Forgery in ISC BIND [PDF]](http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf) - Clément BERTHAUX, Synacktiv, [CVE-2017-3143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143)

[Back to Contents](#contents)

#### Individual researchers

* 🔥[Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging WRITE-WHAT-WHERE
Vulnerabilities in Creators Update [PDF]](https://github.com/MortenSchenk/BHUSA2017/blob/master/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level%E2%80%93Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf) - [Morten Schenk](#github), originally presented at [Black Hat](#conferences) 2017

[Back to Contents](#contents)

### Tools and Projects

* [Windbg](https://msdn.microsoft.com/en-in/library/windows/hardware/ff551063(v=vs.85).aspxi) - The preferred debugger by exploit writers.
* [ltrace](http://ltrace.org/) - Intercepts library calls 
* [ansvif](https://oxagast.github.io/ansvif/) - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code.
* [Metasploit Framework](https://www.rapid7.com/products/metasploit/download.jsp) - A framework which contains some fuzzing capabilities via Auxiliary modules.
* [Spike](http://www.immunitysec.com/downloads/SPIKE2.9.tgz) - A fuzzer development framework like sulley, a predecessor of sulley.

[Back to Contents](#contents)

#### GitHub repos

* [Google Sanitizers](https://github.com/google/sanitizers) - A repo with extended documentation, bugs and some helper code for the AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer. The actual code resides in the [LLVM](#l) repository.
* 🔥[FLARE VM](https://github.com/fireeye/flare-vm) -  FLARE (FireEye Labs Advanced Reverse Engineering) a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
* [hackers-grep](https://github.com/codypierce/hackers-grep) - The hackers-grep is a tool that enables you to search for strings in PE files. The tool is capable of searching strings, imports, exports, and public symbols (like woah) using regular expressions.
* [Grinder](https://github.com/stephenfewer/grinder) - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. 
* [Choronzon](https://github.com/CENSUS/choronzon) - An evolutionary knowledge-based fuzzer 
* [boofuzz](https://github.com/jtpereyda/boofuzz) -  A fork and successor of Sulley framework

[Back to Contents](#contents)

### Tutorials

[Back to Contents](#contents)

### Videos

[Back to Contents](#contents)

### Vendor’s bug databases

* [Google Chrome issue tracker](https://bugs.chromium.org/p/chromium/issues/list) - The Chromium Project. *Google Account Required*

[Back to Contents](#contents)

### Vulnerability databases

[Back to Contents](#contents)

### Wargames and CTFs

[Back to Contents](#contents)

### Websites

* [Corelan Team](https://www.corelan.be/)
* [FuzzySecurity](http://www.fuzzysecurity.com/) by [b33f](who-to-follow)
* [Fuzzing Blogs](https://fuzzing.info/resources/) - by fuzzing.info

[Back to Contents](#contents)

#### Blogs

* 🌟[j00ru//vx tech blog](http://j00ru.vexillium.org/) - Coding, reverse engineering, OS internals covered one more time

[Back to Contents](#contents)

### Who to Follow

#### Discord

* 🌟Security Champions [(join now)](https://discord.link/securitychmapions)

[Back to Contents](#contents)

#### GitHub

* [FuzzySecurity](github.com/FuzzySecurity)
* [jksecurity](https://github.com/jksecurity)
* [MortenSchenk](https://github.com/MortenSchenk)

[Back to Contents](#contents)

#### Medium

* the grugq [(@thegrugq)](https://medium.com/@thegrugq/)

[Back to Contents](#contents)

#### Twitter

* 🌟Joshua Drake [(@jduck)](https://twitter.com/jduck)
* 🌟Steve Christey Coley [(@sushidude)](https://twitter.com/sushidude)
* Andrew M. Hay [(@andrewsmhay)](https://twitter.com/andrewsmhay)
* the grugq [(@thegrugq)](https://twitter.com/thegrugq)
* b33f [(@FuzzySec)](https://twitter.com/FuzzySec)
* Tim Strazzere [(@timstrazz)](https://twitter.com/timstrazz)
* Wojciech Pawlikowski [(@wpawlikowski)](https://twitter.com/wpawlikowski)
* Atte Kettunen [(@attekett)](https://twitter.com/attekett)
* Pawel Wylecial [(@h0wlu)](https://twitter.com/h0wlu)
* Hooked Browser [(@antisnatchor)](https://twitter.com/antisnatchor)
* Kymberlee Price [(@Kym_Possible)](https://twitter.com/Kym_Possible)
* Michael Koczwara [(@MichalKoczwara)](https://twitter.com/MichalKoczwara)
* Mateusz Jurczyk [(@j00ru)](https://twitter.com/j00ru)
* Project Zero Bugs [(@ProjectZeroBugs)](https://twitter.com/ProjectZeroBugs) - Cheks for new bug reports every 10 minutes. Not affiliated with Google.
* Hack with GitHub [(@HackwithGithub)](https://twitter.com/HackwithGithub) - Open source hacking tools for hackers and pentesters.

[Back to Contents](#contents)

### Miscellaneous Advisories

[Back to Contents](#contents)

## Companies and Jobs

[Back to Contents](#contents)

## Coordinated Disclosure

* [SecuriTeam Secure Disclosure (SSD)](https://www.beyondsecurity.com/ssd.html) - SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers, for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.
* [The Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) - ZDI is originally founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. Currently managed by Trend Micro.

[Back to Contents](#contents)

## Common Lists

### Awesome Lists

* [Awesome AppSec](https://github.com/paragonie/awesome-appsec) - A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.
* [Awesome Web Security](https://github.com/qazbnm456/awesome-web-security) - A curated list of Web Security materials and resources.
* [Awesome Fuzzing](https://github.com/secfigo/Awesome-Fuzzing) - A curated list of fuzzing resources for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

[Back to Contents](#contents)

### Other Lists

* [Hack with Github](https://github.com/Hack-with-Github/Awesome-Hacking) - Open source hacking tools for hackers and pentesters.
* [Movies for Hackers](https://github.com/k4m4/movies-for-hackers) - A list of movies every cyberpunk must watch.
* [SecLists](https://github.com/danielmiessler/SecLists) - SecLists is the security tester's companion.

[Back to Contents](#contents)

## Thanks

* Joshua Drake [(@jduck)](https://twitter.com/jduck) and Steve Christey Coley [(@sushidude)](https://twitter.com/sushidude) for the inspiration!
* *@yournamehere* for the most awesome contributions
* And sure everyone of [you, who has sent the pull requests](https://github.com/securitychampions/Awesome-Vulnerability-Research/pulls) or [suggested](https://github.com/securitychampions/Awesome-Vulnerability-Research/issues) a link to add here!

Thanks a lot!

[Back to Contents](#contents)

## License

This work is licensed under a [Creative Commons Attribution Share-Alike 4.0 International License](LICENSE.md)

[![CC-BY-SA-4.0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/by-sa.svg)](LICENSE.md)

[Back to Contents](#contents)