Becoming a Vulnerability Researcher roadmap: my personal experience

Index

#prepreqs
#roadmap

preprequisites

CTFs (binary and reverse)
- pwn.college
- Course materials for Modern Binary Exploitation by RPISEC
- wiki
- Handbook for CTFers by Nu1L Team
CTF tools and writeups
Books, tutorials:
- Learn C :) C Programming Language, 2nd Edition 2nd Edition
- The Shellcoder's Handbook: Discovering and Exploiting Security Holes 2nd Edition (outdated)
- Hacking: The Art of Exploitation, 2nd Edition 2nd Edition
- Learn intel assembly :) Programming from the Ground Up by Jonathan Bartlett
- Learn what is ELF, the linker and loader Linker and Libraries Guide - oracle
- The Legend of R4ndom Tutorials
- Modern Windows Exploit Development by mtomassoli (outdated)
- Reversing: Secrets of Reverse Engineering 1st Edition
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
- Phrack articles
- 0x00sec.org/u/_py
Mentality: You challenge yourself, (the more difficult, the better), you have passion, you are persistent, and you understand that failure is part of growing
- First 20 minutes of this talk explains what it means, i think, Attacking Chrome IPC: Reliably finding bugs to escape the Chrome sandbox
- The other side of the coin: Keep your brain and body healthy by sleeping, exercising, meditating, and taking vitamin D. If you don't, you might stress your brain to the point that, if you're genetically predisposed, you might win some kind of disease
- Save bookmarks of anything you wish to learn in future, and keep notes of things you have already studied
- Learning How to Learn: Powerful mental tools to help you master tough subjects
- The Process of Mastering a Skill
- The Importance of Deep Work & The 30-Hour Method for Learning a New Skill
- Paradox of Choice | Azeria Labs
- @netspooky's List of healthy reminders

roadmap

In order:

Vulns1001 OST2 course
- You will learn something about code auditing
- AOSS book
- TLPI book
- Teaching and Learning Software Analysis via SVF
- Variant analysis and taint analysis: codeQL, coccinelle, semgrep, joern, weggli
Do code auditing by your own, select a project, read docs, etc.
- use a code navigator (for example vim + cscope https://cscope.sourceforge.net/)
- increase the difficulty
The XY-Z rule:
- You read a blog that talks about X by doing Y, but you can't understand its content
- Then you learn X so you can replicate Y, and then you add Z which wasn't done before, even if it's a small change
- pros: it boosts your confidence, you will remember the subjects stuided more easily by practicing than just by studying the theory
The XZ-Y rule:
- You read only the abstract of a blog that talks about X by doing Y
- Then you learn X, then you do Z, which is how you would have resolved Y without knowing how the author implemented it. Finally, you compare your results with the author's.
- pros: same as above + you learn how to think like a researcher
- cons: difficult maybe
Ideally, you will follow first the XY-Z rule, and then the XZ-Y rule
fuzzing open source projects tutorial
- Roadmap to learn fuzzing
- https://github.com/u1f383/fuzzing-learning-in-30-days
Follow the same path you have followed for the code auditing tasks, but this time, do fuzzing
IoT VR roadmap (hardware hacking excluded) (optional)
- binary analysis (binary lifting, binary rewriting, binary diffing, CFG, Data analysis, etc.)
- string analysis (string distribution)
- cross compilation == pain
- binary code scanners (cwe_checker, emba, etc.)
- Practical Binary Analysis book
- Learning Linux Binary Analysis 1st Edition, Kindle Edition
- Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation 1st Edition
- simple dynamic binary instrumentation with PythonGdb, 1, 2, 3, 4, 5, 6, 7
Vulns1002 OST2 course
- do the labs by following the XZ-Y rule
Work in progress...

Please note, this is just my personal experience and should not reflect yours, so forgive me if I have skipped some important reference material 🤝

killvxk/VR_roadmap.md

Index

preprequisites

roadmap