Here is a collection of resources that will be updated as we go. This is mostly supplementary material and can also be used as further reading for content not covered formally in the course.
Resources related to much of the work covered in the first half of the course.
- Installing PHP on Ubuntu (w/ Apache and)
- PHP Command to Run Dev Server
- W3 Schools
- Official PHP Tutorial
- Simple PHP Guide
Reading & Viewing Material¶
Automated Vulnerability Detection¶
Resources related to much of the work covered in the latter half of the course.
- DIY Static Code Analyzer: Building your own security tools with Joern
- Elegant and Scalable Code Querying with Code Property Graphs. Fabian Yamaguchi
Note that many of the following tools can help profile applications but without knowledge of the kinds of vulnerabilities they detect/exploit/scan (and some finesse) they won't be of much help.
- Joern (Static data-flow analysis tool using code property graphs)
- Radare (Reversing framework)
- Ghidra (Reverse engineering tool by the NSA)
- JEB (Android Dalvik, Intel x86, ARM, MIPS, Java, WebAssembly & Ethereum Decompilers)
- GDB (GNU Project debugger) + (optional) GEF (a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB)
- lldb basically GDB for MacOS
- WPScan (WordPress site scanner)
- BurpSuite (HTTP proxy tool)
- fcrackzip (Zip file cracker)
- ARP Scan (MAC address scanner)
- sqlmap (SQL vulnerability detection + takeover tool)
- GoBuster (Directory/File, DNS and VHost busting tool written in Go)
- WebSploit (High level MITM framework)
- XSSer (XSS Detection + Exploit framework)