Hadrien Chauder
CVE writeups and web exploitation research, SSRF and account-takeover chains included.
links · curated
Things worth reading.
External articles, talks, and tools I keep coming back to. Filter by tag.
YoyoChaud
Yoan's corner: hacking writeups on one side, Provence food on the other.
Building Secure and Reliable Systems
Google's free O'Reilly book on building systems that are secure and stay up. The SRE security bible.
Aituglo
Bug bounty guides and notes on AI-assisted testing, plus a weekly newsletter.
x64 Syscall Table
Linux x86-64 syscall table: numbers, registers, and man-page links. The page I keep open while writing shellcode.
Critical Thinking - Bug Bounty Podcast
The by-hackers-for-hackers bug bounty podcast. Technical episodes on real web bugs and workflow.
Stéphane Robert - DevSecOps
A big French DevSecOps knowledge base: hardening, supply chain, IaC, CI/CD, the lot.
The Rust Book (Brown Interactive)
Brown's interactive fork of the Rust book, with quizzes and a better ownership chapter.
Phrack Magazine
The hacker zine. Deep exploitation and reversing articles, still going.
mizu.re
Mizu's blog: web exploitation, CTF writeups, and disclosed CVEs.
HideAndSec
Community security knowledge base. Pentest cheatsheets and exploitation tutorials, EN and FR.
Think Love Share
Laluka's blog. SSRF/XXE/RCE chains and offensive-security writeups.
Unprotect Project
A catalog of malware evasion and anti-analysis techniques, with code and YARA rules.
Orange Tsai's Blog
The ProxyLogon/ProxyShell-tier web exploitation writeups.
Tuts 4 You - Software Security
Long-running RE community forum on packers, protectors, and anti-tamper.
xchg rax,rax
xorpd's wordless assembly puzzle book. One snippet at a time.
ReversingHero
A hands-on RE course built around analyzing one unknown binary, by xorpd.
Gumroad
Where a lot of indie security courses (ReversingHero included) are sold.
PortSwigger Research
PortSwigger's research hub. Where new web attack classes get named.
Deductive Engine (Pwno)
A talk on using LLMs as taint-reasoners for autonomous binary bug hunting.
Hackropole
ANSSI's archive of France Cybersecurity Challenge problems, replayable year-round.
CryptoHack
Learn modern crypto by breaking it. RSA, ECC, lattices, the works.
ROP Emporium
Learn ROP through eight progressive pwn challenges. ret2win to ret2csu.
DeepReview
A hacking-challenge platform; this is the leaderboard.
x86re
Reverse engineering for noobs: x86, stack frames, and PE files from scratch.
sillywa.re - shc writeup
A FLARE-On writeup reversing an shc-compiled shell script.
Google SAIF Map
Google's interactive map of AI risks and controls across the ML lifecycle.
JavaScript Analysis for Pentesters
How to actually read client-side JavaScript on a pentest.
OWASP
The application-security nonprofit. Top Ten, ASVS, cheat sheets, Juice Shop.
OpenSSF
Linux Foundation's open-source security effort. Sigstore, SLSA, GUAC.