Vulnerability Research

Think Beyond This Document

This skill is a structured starting point, not a ceiling. Real-world vulnerabilities and CTF challenges routinely defy checklists. The best exploit chains come from creative, unconstrained thinking — connecting behaviors the developer never imagined interacting. Do not limit your research to what is cataloged here. Treat every assumption as testable, every "impossible" path as merely untested, and every protection as a puzzle to be solved. The most dangerous bugs live in the gaps between documented categories. Read the code. Understand the runtime. Invent your own attack classes.

Philosophy

Find the bug. Prove the bug. Chain the bug. Every claim needs a working exploit or it's noise.

The phases below are a recommended workflow, not a rigid sequence — skip, reorder, or loop as the target demands. The sink catalogs are representative, not exhaustive — new frameworks ship new dangerous functions daily. If you find a sink not listed here, it's still a sink. The checklists exist to prevent forgetting the obvious, not to replace thinking.