Learn Exploit Development for Free

The most frustrating thing about hacking has become finding good learning resources without breaking the bank.

While studying for CEH (hold the judgment, please, I was young and naive), I had to resort to far more than just the EC-Council curriculum. If you’ve ever tried for one of their certifications, you’ll know why: the material isn’t good enough.

For the OSCP, I had the same experience. The PWK lab was not diverse enough to make me feel truly prepared, and looking back, I’m glad I resorted to sites like HackTheBox, Vulnerable Hacking Labs, and Vulnhub for extra practice. Luckily, many outstanding individuals like TJNull had compiled lists of practice machines for me to reference.

After spending time learning advanced pentesting and red team tactics in a useful-but-never-too-deep manner, I’ve landed on exploit development as my next deeper learning path. I’ve built a roadmap for myself entirely made up of free resources and compiled it here.

I may edit this as I go, and I will post reviews as separate blogs if warranted. If I do make a meaningful update, I’ll be sure to mention that.

(Prerequisite) x86 Assembly and C

NASM and C are more important than I realized at first. A strong understanding of both will help you tremendously as you get into the actual exploit development and research parts of this.

Resources will be mostly focused around Linux to ensure that the barrier to entry is as low as possible. Once I get into Windows, I’ll add resources around that OS, but I’ll stick with what I know best for now.

Books:

The C Programming Language 2e

Linux Exploit Development

This list contains a healthy mix of challenges, guides, course material, and books. These resources are invaluable and I cannot believe they are free.

Exploit.Education - Phoenix
Exploit.Education - Nebula
OpenSecurityTraining - Intro to Software Exploits
- Course Textbook: The Shellcoder’s Handbook

Books:

The Art of Exploitation 2e