What skills should I improve to find bugs on browsers, real world 2019 apps?

I have been lately training myself on windows exploitation using multiples resources , but I was learning from corelan courses from 1 to 10 and applied to windows 10. I learnt a lot this time in topics such as how to bypass a few security mechanism protections , and overflow stuff attacks bof , seh. what should I focus to learn and find some browser , file format , mobile 0days or join to a vulnerability research job overseas ? I dont hold OSCP or OSCE

buffer overflow

  • bad chars
  • right module

seh

  • stack cookie /GS
    safeseh
    • out of range modules
    • non-safeseh
    • heap pending
  • sehop pending

Egghunter

  • ntdisplaystring

DEP

  • rop chains
  • ret2libc

ASLR

  • non-aslr
  • 2 byte overwrite - pending
  • info leak - pending

shellcoding

  • manual
  • msfvenom
    jumping shellcode
    • call / jmp / push esp
    • pop pop ret
    • call / jmp [reg + offset]

Metasploit modules

  • writting metasploit modules local / remote

Reversing

  • C/C++ skills
  • basic skills
  • Immunity
  • wingdb
  • IDA pro

fuzzing

  • boofuzz
  • peachfuzz
  • winalf

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.