Subjects / Exploit development

Best books to learn Exploit development, in order

Exploit development is unforgiving of gaps: you cannot write a working exploit without genuinely understanding memory, the stack, and how a CPU executes code. A good path therefore starts with assembly and process internals, then classic stack overflows and shellcode, before layering on the modern mitigations (ASLR, DEP, canaries) and the bypass techniques that make current vulnerability research so demanding.

Build your own Exploit development list →Browse all paths

Reading paths for exploit development

Popular exploit development books

Related reading

Frequently asked questions

How should I approach learning exploit development?
Exploit development is unforgiving of gaps: you cannot write a working exploit without genuinely understanding memory, the stack, and how a CPU executes code. A good path therefore starts with assembly and process internals, then classic stack overflows and shellcode, before layering on the modern mitigations (ASLR, DEP, canaries) and the bypass techniques that make current vulnerability research so demanding.
What's a good book to start exploit development with?
A strong starting point is The art of software security assessment by Mark Dowd. The ordered reading paths above show exactly where it fits and what to read next.
What should I read after exploit development?
Once you have the fundamentals, explore closely related subjects like Perl programming, COBOL programming, MySQL database development.

Related subjects