Best resource for leaning exploits and vulnerabilities

Hello noob city here and I was hoping to get some guidance on exploits and vulns. I just wanted to know if anyone could recommend any literature or education on exploits and vulns. How does one go about figuring out certain vulns and exploits for machines? what is the process? thanks and any information will help huge!

@sparkla thanks for the kind words about my youtube channel :slight_smile:

I’d also recommend Live Overflow youtube channel in addition to the ones sparkla mentioned.

As for your what the process is for figuring out an exploit… whilst I’m not an expert on that, I would say there probably is no set process. Its going to be different for every piece of software. Sure, there are some common things like buffer overflows you can check for, but at the end of the day figuring out brand new exploits is going to take a lot of time and an intimate knowledge of whatever software it is you’re trying to exploit.

In reality I’d say most people in this industry don’t find new exploits themselves. They just find out about existing exploits other people have created and know when to use them (i.e. what to look for that hints something might be vulnerable to a specific exploit).

This video sums it up pretty well:

muchos gracias @sparkla @VbScrub