r/ExploitDev

I know Maldev academy isn’t really Exploit dev work but I’m currently working in a SOC currently pivoting as a Junior Malware analyst. I want to get better at reverse engineering and eventually want to pivot into a CNO Developer position in the future. I’ve already looked at pwn.college too but if I have the extra cash is it worth the money?

As the title suggests , a complete beginner with a basic understanding of tech and how it works at a consumer level .

I have got 1 and half to 2 years time to get job ready during my masters .. so any roadmaps or advice or suggestions would be helpful from industry people ? 🙏

And also include your experiences and how you secured your job or if this process or decision was worth it !

How does this stand against layoffs and downsizing and ai incorporation ?

Thanks !

I have been trying to find one myself, I haven't found any for the past two months, am I looking in the wrong places? Or am I doing it wrong

almost feels like a backdoor

A while back I posted the Ultimate Guide to the Time Skip glitch.

I built a tool that automates this glitch.

👉 https://github.com/ArturPen/angry-birds-transformers-farmer

You just pick a mode, type how many gems or resources you want, and hit Start. The tool handles every step — the jumps, the collection timing, and most importantly, the Time Fix at the end so your calendar never freezes.

Two modes:

• 💎 Gem farming — walks away with hundreds of gems while you grab a coffee

• 📦 Resource farming — rides the full weekly reward cycle on autopilot

It runs on Windows with BlueStacks 5. No coding knowledge needed — there's also a ready-to-use .exe in the Releases section if you don't want to touch Python at all.

The project is completely free and open source. If it saves you hours of grinding, a star on GitHub means a lot and helps other players find it.

Happy to answer questions below.

Program interface

Looking for someone who can reverse engineer api of an android app (mobile game), and can develop a bot using the end points to do specific simple tasks like tracking data and more. I can only pay up to $500 up front. And after development is finished and the bot is ready to be used a service for players, expect around a monthly income of $500-1000 which will be passive income mostly and bug fixes (if bugs show up). If the tools the bot can provide are well done, then after a year, it may be able make a profit of 10-20k, which will be split 50/50. This is just a hobby of mine I would like to pursue for some good side income and if anyone is willing to help out, please send a DM!

Everyone talks about SQLi, XSS, and the usual stuff… but what’s a vulnerability, misconfiguration, or exploit chain that actually appears in real-world targets and gets overlooked all the time?

Could be:

• weird auth logic
• SSRF chains
• exposed dev panels
• bad S3 configs
• IDOR tricks
• race conditions
• anything interesting

Curious what experienced people here have seen the most.

I have been trying to do an exploit, I searched the internet looked at older documentation and even asked AI without use the whole internet was agreeing it is impossible even AI was hellucinating at somtimes, I kept reversing structures debugging kernel and user softwares for any sign of clue, in the end I managed to pull it off after 2 months of consistent work, only to find a repo that has like one source file and one header file in cpp in github that perfectly does the exact thing I was looking for, I didn't even commit it to my repo the whole thing is embarresing

is the game becoming way too harder now because of AI ?

For example topic like "format string vulnerability" , you have like 5 blogs and 2 papers and...other resources . Like it makes me feel distracted and frustrated. How you defeat that and should I read all this resources with repeated concepts ?

Hi all,
I’m currently taking osed and very struggling.
I’m looking for someone who can help and guide especially with extra miles. Although have consulting experience but no experience or background with programming. Reading and following won’t make me understand:( may be my brain won’t open for that programing circuit. I checked offsec discord and most are only just very high level answers. Honestly looking for a PoC then test and learn in reverse way.

I know it is not a very wise way of asking or learning. But sorry!

Have a great weekend!

Thank you all.
Regards.

Using nmap, airmon-ng and others…
What file do I use to run multiple commands at once?

Bash?

hello all,

i have learned many topics that will help me to discover and exploit vulnerabilities in windows apps 32bit .
so usually people if they want to scan an application where they search for ?
like i want to test an application to get CVE for example , where to search ? since this is a desktop app not web .

Hello hackers, please if anyone can provide a pdf or a link for this book, Ghidra book 2nd edition (not the first)
that would be highly appreciated. Thank you in advance!!