I was thinking, since i'm gonna start learning myself, because i would have so many use's for it, and would like to contribute to the security world...maybe someone that's real experienced in "Vulnerability Hunting", that possibly a tutorial could be placed for newbs like myself to the area of security that it is.

For example it could have this kind of layout.



Any Thoughts? Or anyone who would be willing to volunteer their time to this?

There is a few ways of looking at this.

If you are a whitehat penetration tester, then any vulnerability could be classed as good regardless of what the vulnerability affects, it can still be a good thing because you are able to find it and fix it. Some clients like you to find something wrong otherwise they feel hiring somebody to check their security was a waste of time and money. Although I think that is quite a silly way to think.

If you are a whitehate that doesn't make any money from internet/computer security and do it purely as a hobby and you want to make the internet/computers safer, then no vulnerability is a good vulnerability.

If you are a blackhat, depending on why you are a blackhat whether it is for money or political purposes doesn't matter. Any vulnerability can be a good vulnerability (depending on what you want to do for the specific task though).

There are very good books, buy them on Amazon:

Hacking the art of exploitation //very good
The shellcoders handbook //probably the best book, this really covers everything in only 644 pages
Exploiting software how to break code
Reversing: Secrets of Reverse Engineering //very good, shows a dissection of a bot worm caught in the wild
Hacker Debugging Uncovered (Uncovered series)
Hacker Disassembling Uncovered //very good, teaches you the subtle difference between different compilers.

And many more, like python, perl, c, api guide's, ASM,...

I really recommend the book "The shellcoders handbook" to begin with, they start with a challenge, a dissasembly of a c program on linux and you have to be able to understand the code before you can proceed to the second chapter, this book also covers webaplication hacking.

You have to know at least the basics of asm, c, *nix.
These books will teach you everything

I have read Hacking the art of exploitation and i can also say that thats is a great book and is a really must read if you really want to learn about exploits and know C or pearl because the book goes through the diffrent kinds of exploits making exploitable programs in c and then exploiting them in pearl and again its a very good book to read.

"Everything" is quite strong.

The books can't teach you how to have a NOSE for these things; how to read the hairs on the back of your neck that are standing up and shouting "SOMETHING IS WRONG HERE."

I think some folks have a knack for "finding" things as they are more sensitive to clues that don't seem to be there, a 6th sense type of thing.

Not sure where you get this; you can survive without it, but the less technical you are, the more IT helps.

p.s. Of course, some of those tingles, as I recently demonstrated at some length on this very board, are best left unexplored. Or undocumented.

Yes indeed I meant to say, that these books will answer his question.