Resources

Curated links to tools, references, and learning material

Lectures

  • BsidesTLV 2019 Lecture

    Low Hanging Blue Fruit: Defending With Open-Source Tools.

    • Reverse Engineering

    • IDA Free

      The free version of the industry-standard disassembler. Essential for static analysis of binaries.

      hex-rays.com
    • Ghidra

      NSA's open-source reverse engineering suite. Full decompiler, multi-architecture support, scripting.

      ghidra-sre.org
    • x64dbg

      Open-source x64/x32 debugger for Windows. Excellent plugin ecosystem and clean UI.

      x64dbg.com
    • Cutter

      GUI frontend for rizin (radare2 fork). Good for quick analysis without IDA's price tag.

      github.com/rizinorg/cutter

    Exploitation & Vulnerability Research

    • pwndbg

      GDB plug-in that makes exploit development and binary debugging significantly less painful.

      pwndbg.re
    • pwntools

      CTF framework and exploit development library for Python. Indispensable for binary exploitation.

      github.com/Gallopsled/pwntools
    • exploit.education

      VMs and challenges for learning exploitation from basics to advanced heap techniques.

      exploit.education

    Windows Internals

    • Sysinternals Suite

      Microsoft's collection of advanced utilities for monitoring and troubleshooting Windows. Process Monitor, Process Explorer, Autoruns, and more.

      learn.microsoft.com/sysinternals
    • Process Hacker

      Open-source multi-purpose tool for monitoring system resources, debugging software, detecting malware.

      github.com/processhacker
    • WinDbg Preview

      Microsoft's kernel and user-mode debugger. Required for driver debugging and crash dump analysis.

      windbg.org

    References & Documentation

    • Win32 API Reference

      Microsoft's official Win32 API documentation. The ground truth for Windows programming.

      learn.microsoft.com
    • The Rust Book

      The official Rust programming language book. Comprehensive coverage from basics to advanced ownership concepts.

      doc.rust-lang.org
    • MITRE ATT&CK

      Comprehensive knowledge base of adversary tactics and techniques based on real-world observations.

      attack.mitre.org

    Practice & CTFs

    • pwn.college

      Structured curriculum for learning offensive security — from assembly basics to kernel exploitation.

      pwn.college
    • CTFtime

      Aggregator for upcoming CTF competitions worldwide. Includes team rankings and writeup archives.

      ctftime.org
    • Hack The Box

      Penetration testing labs and challenges. Mix of active machines and retired boxes with community writeups.

      hackthebox.com