From the founder of PentesterLab

CVE Archeologist's Field Guide

Name: CVE Archeologist's Field Guide
Author: Louis Nyffenegger

Methodology and lessons from ten real-world vulnerability analyses.

Ten real CVEs, taken apart one at a time. The book walks through the code, the bug, the fix, and the lessons behind each one, across four programming languages and seventeen years of CVE history. It is about how to reason your way to the root cause, not how to run a payload.

Written by Louis Nyffenegger, pentester, code reviewer, and founder of PentesterLab.

Practice the method on PRO Get the book on Amazon Available in paperback and Kindle on Amazon.

What is inside

Not a catalogue of payloads. A worked method for getting from a CVE to the line of code that caused it, and understanding why the bug was there in the first place.

Real vulnerabilities

Ten genuine CVEs dissected end to end, from the public advisory back to the root cause in the source.

Languages

Real bugs in Go, Ruby, PHP, and Java, so the method holds up well beyond any single stack or framework.

Years of CVE history

Seventeen years of vulnerabilities, surfacing the patterns that keep reappearing in real production code.

Every chapter follows the same path: the code→the bug→the fix→the lessons.

The same methodology powers every PentesterLab lab

The Field Guide is the thinking; PentesterLab is where you build the reflex. Our hands-on labs reproduce real CVEs so you can work the same root-cause analysis yourself, against real code and real targets, until spotting the pattern becomes second nature.

Explore PentesterLab PRO How we build exercises