hey1me/OffSec-Books

# Vulnerability Research (VR) & Offensive Engineering Series An expert-level repository dedicated to the pursuit of software flaws in **C**, **x86_64/ARM64 Assembly**, and **Golang**. This series moves from manual binary analysis to automated discovery systems and strategic research operations. ## 📚 Repository Structure ### [1. The RE Researcher's Handbook](https://github.com/hey1me/OffSec-Books/tree/main/1.%20The%20RE%20Researcher's%20Handbook) **Focus:** The fundamental mindset and toolkit for Reverse Engineering. - Tooling (Ghidra, IDA, GDB). - Deobfuscation and pattern recognition. - Bridging the gap between CTF and real-world research. ### [2. Expert RE for Vulnerability Research](https://github.com/hey1me/OffSec-Books/tree/main/2.%20Expert%20RE%20for%20Vulnerability%20Research) **Focus:** Deep-dive analysis of systems and memory. - Advanced x86_64/ARM64 architecture. - **Go Internals:** Reversing the Go runtime, scheduler, and interfaces. - Custom memory allocators and heap primitives. ### [3. Fuzzing & Program Analysis](http://github.com/hey1me/OffSec-Books/tree/main/3.%20Fuzzing%20&%20Program%20Analysis) **Focus:** Engineering the automated hunt. - Harness engineering for C and Go. - Symbolic execution (Angr/Triton) and Taint analysis. - Coverage-guided fuzzing and custom mutators. ### [4. The Economics of Research](http://github.com/hey1me/OffSec-Books/tree/main/4.%20The%20Economics%20of%20Research) **Focus:** Strategic operations and target selection. - Bug collision probability and ROI analysis. - Binary diffing (patch analysis) and target recon. - Disclosure methodology and the 0-day market. ### [5. CTF Journey - The Binary Specialist's Path](https://github.com/hey1me/OffSec-Books/tree/main/5.%20CTF%20Journey%20-%20The%20Binary%20Specialist's%20Path) **Focus:** Speed-running binary challenges and mastering "CTF-only" heap/stack primitives. - Techniques for identifying vulnerabilities (Stack, Heap, Logic) and weaponizing them in under 10 minutes. - Mastering "House of" heap attacks, format string sorcery, and Sigreturn-Oriented Programming (SROP). - Using Z3 for complex RE puzzles and building reusable pwntools templates for high-speed exploit delivery. ### [6. CTF Journey 2 - Hardened Targets & Escapes](https://github.com/hey1me/OffSec-Books/tree/main/6.%20CTF%20Journey%202%20-%20Hardened%20Targets%20&%20Escapes/) **Focus:** Breaking out of sandboxes (Seccomp), Kernel Pwn, and non-x86 architectures (ARM64/MIPS). - Mastering Linux kernel pwn, credential structure manipulation, and bypassing KASLR/SMEP/SMAP. - Identifying flaws in Seccomp filters and exploiting container/namespace escapes to reach the host flag. - Adapting exploitation primitives to ARM64 (PAC/BTI) and esoteric MIPS/PowerPC environments. ### [7. CTF Journey 3 - Automation & War-Gaming](https://github.com/hey1me/OffSec-Books/tree/main/7.%20CTF%20Journey%203%20-%20Automation%20&%20War-Gaming/) **Focus:** Attack-Defense (A/D) strategy, exploit sniffing, and building automated "Auto-Pwner" engines. - Engineering traffic sniffers to intercept adversary exploits and performing rapid binary patching under fire. - Developing Python frameworks to deploy polymorphic shellcode across large-scale competition infrastructure. - Advanced analysis of Golang binaries in competitive environments, focusing on goroutine and runtime vulnerabilities. ### [8. DEF CON CTF - The Final Boss](https://github.com/hey1me/OffSec-Books/tree/main/8.%20DEF%20CON%20CTF%20-%20The%20Final%20Boss) **Focus:** Championship-level research involving custom ISAs, microkernels, and esoteric hardware emulation. - Strategies for lifting unknown Instruction Set Architectures (ISA) to LLVM IR for automated analysis. - Auditing and exploiting proprietary game engines and "bare-metal" RTOS challenges. - Leveraging Unicorn and Capstone to build custom emulators and solvers for mid-game hardware reveals. ## ⚖️ License & Attribution Copyright (c) 2026 [OOI TENG QING - HEY1ME] This work is licensed under a [Attribution-NonCommercial-ShareAlike 4.0 International License](https://github.com/hey1me/OffSec-Books/blob/main/LICENSE). **You are free to:** - **Share** — copy and redistribute the material in any medium or format. - **Adapt** — remix, transform, and build upon the material. **Under the following terms:** - **Attribution** — You must give appropriate credit to [OOI TENG QING - HEY1ME](https://github.com/hey1me). - **NonCommercial** — You may not use the material for commercial purposes. - **ShareAlike** — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.