Resources
There are a ton of other awesome resources out there for learners to look into, this website alone is not enough for anyone to master vulnerability research, it takes some combination of hands on practice and a healthy amount of reading! Below are various resources you absolutely should read or work through if you want to learn vulnerability research:
CTFs
pwnable (https://pwnable.kr/) - A listing of different VR / Reverse Engineering challenges you can ssh into. Some good starters include BOF and UAF, a more intermediate but fun challenge recommendation would be Dragon.
RPISEC ‘The Art of Exploitation’ (https://github.com/RPISEC/MBE) - Course lecture notes made available online along with an accompanying VM and challenges to practice your techniques on. A good beginners start would be to work through the Binary Exploitation and Reverse Engineering sections.
Microcorruption (https://microcorruption.com/login) - A series of increasingly difficult (not NASM) assembly challenges. Your given a web-based, watered-down, debugger to reverse engineer and leverage the target programs with.
ROP Emporium (https://ropemporium.com/) - A handful of challenges about working around DEP using ROP and python’s MONA tool to string together ROP gadgets.
Reading
The Art of Security Assessment - A book about reviewing and auditing code to make sure it is secure. Specifically chapters 6 through 8 offer a ton of real world examples of auditing C code and spotting bugs and vulnerabilities.
Corelan Guide (https://www.corelan.be/) - A larger blog with walk-throughs of exploits of all varieties. A good beginners exercise might be to read and (when possible) replicate step-by-step some of the more simple exploits discussed there.
Shellcoder’s Handbook A great resource on shellcoding and some VR stuff. This is probably best saved for a later date after som eof these other listed items have been digested, but it’s opening few chapters do wonders to describe more general VR concepts as well.