From Day Zero to Zero Day: A Hands-On Guide to Vulnerability ResearchКНИГИ » ПРОГРАММИНГ
Название: From Day Zero to Zero Day: A Hands-On Guide to Vulnerability Research Автор: Eugene Lim Издательство: No Starch Press Год: 2025 Страниц: 344 Язык: английский Формат: epub Размер: 19.6 MB
Find vulnerabilities before anyone else does.
Zero days aren’t magic—they’re missed opportunities. From Day Zero to Zero Day teaches you how to find them before anyone else does.
In this hands-on guide, award-winning white-hat hacker Eugene “Spaceraccoon” Lim breaks down the real-world process of vulnerability discovery. You’ll retrace the steps behind past CVEs, analyze open source and embedded targets, and build a repeatable workflow for uncovering critical flaws in code.
Whether you’re new to vulnerability research or sharpening an existing skill set, this book will show you how to think—and work—like a bug hunter.
Zero day. The term evokes a sense of urgency, fear, and yes, even excitement in infosec circles. They are called zero days because no one other than the researchers who discovered them knows about them, and the clock to patch a known vulnerability hasn’t even started yet. The discoverers of the zero days are thus free to exploit them at will. Rare, dangerous, and often over-hyped, zero days capture the imagination of security enthusiasts, who view zero-day research as one of the pinnacles of offensive security.
This book covers three broad techniques in zero-day research: code review, reverse engineering, and fuzzing. However, it doesn’t simply teach how to use these techniques, but why. It describes the best way to deploy them, and for which targets. I explain the process of analyzing a target to identify the most likely weak spots and demonstrate with real-world examples. For example, when explaining taint analysis in code review, I take a disclosed vulnerability in actual software and rediscover it from scratch.
You’ll learn how to:
Identify promising targets across codebases, protocols, and file formats. Trace code paths with taint analysis and map attack surfaces with precision. Reverse engineer binaries using Ghidra, Frida, and angr. Apply coverage-guided fuzzing, symbolic execution, and variant analysis. Build and validate proof-of-concept exploits to demonstrate real-world impact.
More than a toolkit, this is a window into how top vulnerability researchers approach the work. You’ll gain not just techniques but also the mindset to go deeper, ask better questions, and find what others miss.
If you’re ready to stop reading write-ups and start writing them, From Day Zero to Zero Day is your guide.
Who Should Read This Book and Why: I wrote this book for others who are staring across the gap and for those who experience a sense of impostor syndrome when considering zero-day research, despite having a good grasp of offensive security fundamentals. You may be just starting out, popping a few boxes for practice or capturing flags at contests. You might have read a web hacking book like Real-World Bug Hunting by Peter Yaworski or a more general introduction like Ethical Hacking by Daniel G. Graham. Maybe you have some experience working as a penetration tester or red teamer, but you still feel lost when contemplating getting started on security research.
While some blog posts and other online materials attempt to teach this subject, they can’t go as deeply into the whole range of needed technical skills as a book-length treatment can. Or they may go too deeply into one particular niche topic, without explaining the overall strategy and thought process needed to approach security research. This book is the book I wished I’d had back when I first started out. It provides both a high-level overview and nitty-gritty details, without assuming too much prior knowledge. By the time you finish it, you should be able to initiate your own independent security research project.
Скачать From Day Zero to Zero Day: A Hands-On Guide to Vulnerability Research