From Day Zero to Zero Day

From Day Zero to Zero Day

A Hands-On Guide to Vulnerability Research by Eugene "Spaceraccoon" Lim

  • Select targets for vulnerability research
  • Master and automate code review
  • Reverse-engineer software for flaws
  • Build fuzzers and analyze crashes
  • Develop exploits and proof-of-concepts
Buy Now
Book cover

Your Guide to Zero Days

Learn the fundamental building blocks of vulnerability research through practical, real-world examples that teaches you to discover vulnerabilities from scratch.

  • Target Selection

    Target Selection

    Analyze potential targets for likely weaknesses and tailor your research to the right attack surfaces.

  • Code Review

    Code Review

    Find the optimal path through large codebases and scale across multiple targets with automated code analysis.

  • Reverse Engineering

    Reverse Engineering

    Reveal the inner workings of a range of targets with static and dynamic analysis to identify weaknesses.

  • Fuzzing

    Fuzzing

    Build effective fuzzing harnesses with optimal strategies that reach interesting corners of your targets.

  • Exploit Development

    Exploit Development

    Write effective proofs of concept that highlight vulnerabilities and facilitate responsible disclosure.

Book Contents

Delving into the intricacies of code review, reverse-engineering, fuzzing, and more, Eugene "Spaceraccoon" Lim guides you step-by-step on how to discover real-world vulnerabilities in the wild. Even experienced researchers can benefit from Lim’s insights, expanding their toolkits and discovering new zero days along the way.

Read Sample Chapter
  • 0

    Day Zero

    Introduces the key concepts of zero-day vulnerability research and differentiates it from other offensive security disciplines. You'll also learn how to identify potential research targets.
  • 1

    Taint Analysis

    Walks through the process of manual source and sink analysis through real-world examples. It explains the sink-to-source strategy as an optimal approach.
  • 2

    Mapping Code to Attack Surface

    Teaches you how to map the code you are reading to the actual target, and vice versa. It identifies various attack vectors and shows you how to identify them in source code.
  • 3

    Automated Variant Analysis

    Demonstrates how you can automate source code analysis using tools like CodeQL and Semgrep. It also explains how to scale your research across multiple targets at once.
  • 4

    Binary Taxonomy

    Covers several categories of typical binaries and how to reverse engineer them. We'll explore how to quickly triage binaries and apply the right reverse engineering tools.
  • 5

    Source and Sink Discovery

    Explains how to locate areas of interest in binaries for further analysis using static and dynamic methods.
  • 6

    Hybrid Analysis in Reverse Engineering

    Delves into more advanced reverse engineering approaches, such as emulation, code coverage, and symbolic analysis. The examples combine static and dynamic analysis to narrow down your search.
  • 7

    Quick and Dirty Fuzzing

    Explores the basics of fuzzing files and protocols and how to quickly bootstrap fuzzing with templates.
  • 8

    Coverage-Guided Fuzzing

    Details the process of coverage-guided fuzzing with AFL++, including writing a harness and analyzing fuzzing performance.
  • 9

    Fuzzing Everything

    Discusses even more fuzzing targets and approaches to handle complex formats and binaries.
  • 10

    Beyond Day Zero

    Describes the process of coordinated vulnerability disclosure, writing a good vulnerability report, and how to apply vulnerability research to improve the security of organizations.

Community Reviews

Hear what fellow hackers and vulnerability researchers have to say about the book! From beginners to experts, there's something for everyone.

Jacob Soo

This book is more than just a theoretical exploration; it's a hands-on, practical guide designed for immediate application. Whether you're mapping out attack surfaces or analyzing subtle vulnerabilities, the insights you gain will translate directly into enhanced research capabilities.

Shubham "Shubs" Shah
Shubham "Shubs" Shah
Co-Founder and CTO, Assetnote

What I loved the most about this book is its unique ability to really start from day zero and teach the fundamentals needed to be successful at vulnerability research. Eugene’s detailed guidance in the different areas of vulnerability research reinforces this mindset and provides practical steps to discover vulnerabilities in widely deployed software.

Heart logo

Ready to dive in? Buy the book now!

Available everywhere you buy your books.

Amazon Barnes and Noble No Starch Press Kobo

Frequently asked questions

When will the book be out?

The book is currently available at No Starch Press as an Early Access book, and print copies are expected in late-June. By August 12, it will be available at all major retailers like Amazon and Kobo.

Does this book have practical examples?

Yes, every chapter comes with multiple step-by-step walkthroughs where you re-discover past CVEs using just the tools and techniques taught.

Is there reference code?

Yes, the book is accompanied by a code repository for all examples. You can submit issues there as well.

Does the book cover Windows, Linux, firmware, C++, web, etc?

All of them! This book focuses on vulnerability research techniques that can apply to any particular target, rather than specific niches.