from Hacker News

Ask HN: Resource for Learning Binary Exploitation

by Goofy_Coyote on 1/26/23, 8:59 PM with 1 comments

I've been doing web security research for a few years now. I've dove deep into HTTP, and how the requests are handled, different web servers, frameworks, browsers and programming language behaviours at the code level. Now I'm thinking about expanding into another field. I'd like to learn more about reverse engineering, and binary research and exploitation (like finding vulnerabilities sudo, OpenSSL, Apache, Chrome etc), then get more into researching kernel (linux) vulnerabilities.

Can you help me come up with a roadmap of thins I need to learn? Do you have any recommendations for books, courses, or anything that can help me with that?

Thank you.

by jimmyl02 on 1/26/23, 9:34 PM
Binary exploitation involves a pretty different skill set compared to web exploitation. You will need to understand the basics of computer architecture and then you can continue to build up skills to learn how to exploit security vulnerabilities in code.
I haven't used it myself but I've heard good things about https://pwn.college/ . It is run by former organizers of defcon ctf and professors at ASU. UC Berkeley also offers a security course with some pretty digestable modules on binary exploitation at https://sp23.cs161.org/ . Beyond the courses, the best way to improve is just more practice so I would highly recommend just trying your hand at the challenges in a ctf.
Overall, binary exploitation is a little different as you need some hard skills (ex. understanding what the stack is) to get a good start.