Skip to content


Here is a collection of resources that will be updated as we go. This is mostly supplementary material and can also be used as further reading for content not covered formally in the course.

Penetration Testing

Resources related to much of the work covered in the first half of the course.

Learning Resources


Reading & Viewing Material

Automated Vulnerability Detection

Resources related to much of the work covered in the latter half of the course.



Note that many of the following tools can help profile applications but without knowledge of the kinds of vulnerabilities they detect/exploit/scan (and some finesse) they won't be of much help.

  • Joern (Static data-flow analysis tool using code property graphs)
  • Radare (Reversing framework)
  • Ghidra (Reverse engineering tool by the NSA)
  • JEB (Android Dalvik, Intel x86, ARM, MIPS, Java, WebAssembly & Ethereum Decompilers)
  • GDB (GNU Project debugger) + (optional) GEF (a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB)
  • lldb basically GDB for MacOS
  • WPScan (WordPress site scanner)
  • BurpSuite (HTTP proxy tool)
  • fcrackzip (Zip file cracker)
  • ARP Scan (MAC address scanner)
  • sqlmap (SQL vulnerability detection + takeover tool)
  • GoBuster (Directory/File, DNS and VHost busting tool written in Go)
  • WebSploit (High level MITM framework)
  • XSSer (XSS Detection + Exploit framework)