tin-z · October 26, 2025 06:26 · Sep 13, 2025 · May 16, 2025 · Jan 8, 2025 · Nov 24, 2024
diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -65,14 +65,17 @@
 
  - Mentality: You challenge yourself, (the more difficult, the better), you have passion, you are persistent, and you understand that failure is part of growing
     * First 20 minutes of this talk explains what it means, i think, [Attacking Chrome IPC: Reliably finding bugs to escape the Chrome sandbox](https://media.ccc.de/v/35c3-9579-attacking_chrome_ipc#t=1317)
-    * The other side of the coin: Keep your brain and body healthy by sleeping, exercising, meditating, and taking vitamin D. If you don't, you might stress your brain to the point that, if you're genetically predisposed, you might win some kind of disease. Also, don’t stay seated for too long. After some time, stand up, stretch, and move around regularly. This will be good for your health and help prevent issues that often come with aging.
     * Save bookmarks for anything you wish to learn in the future, and keep notes on things you have already studied
     * [Learning How to Learn: Powerful mental tools to help you master tough subjects](https://www.coursera.org/learn/learning-how-to-learn/)
     * [The Process of Mastering a Skill](https://azeria-labs.com/the-process-of-mastering-a-skill/)
     * [The Importance of Deep Work & The 30-Hour Method for Learning a New Skill](https://azeria-labs.com/the-importance-of-deep-work-the-30-hour-method-for-learning-a-new-skill/)
     * [Paradox of Choice |  Azeria Labs](https://azeria-labs.com/paradox-of-choice/)
     * [@netspooky](https://x.com/netspooky?ref=blog.exploits.club)'s [List of healthy reminders](https://x.com/netspooky/status/1554935891298246656?ref=blog.exploits.club)
 
+ - Health
+    * The other side of the coin: Keep your brain and body healthy by sleeping, exercising, meditating, and taking vitamin D. If you don't, you might stress your brain to the point that, if you're genetically predisposed, you might win some kind of disease.
+    * Don't stay seated for too long. After some time, stand up, stretch, and move around regularly. This will be good for your health and help prevent issues that often come with aging.
+    * Creatine, "It may enhance brain function by improving short-term memory, reasoning, and reducing mental fatigue, especially in older adults. It is also being studied for its potential to alleviate symptoms of depression and anxiety, ...". You should check your medical condition before assuming it. DYOR.
 
 <br/>
 

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -182,6 +182,13 @@ In order:
     * Javascript Engines Vulnerability Research: State of the Art (HITBxPHDays 2024), https://www.youtube.com/watch?v=YpsfQl0V_3k
     * VXCON 2024 Workshop | Alisa Esage - Browser Exploitation Workshop,https://www.youtube.com/live/b9OhamkAY2I
 
+ - [NDSS 2025 - DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing](https://www.youtube.com/watch?v=SXrjuJxi32I)
+    * https://github.com/two-heart/dumpling-artifact-evaluation
+
+ - [PatchFuzz: Patch Fuzzing for JavaScript Engines](https://arxiv.org/pdf/2505.00289)
+
+
+
  - Sea of nodes
     * https://darksi.de/d.sea-of-nodes/
     * https://static.squarespace.com/static/50030e0ac4aaab8fd03f41b7/50030ec0e4b0c0ebbd07b0e0/50030ec0e4b0c0ebbd07b268/1281379125883/

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -65,7 +65,7 @@
 
  - Mentality: You challenge yourself, (the more difficult, the better), you have passion, you are persistent, and you understand that failure is part of growing
     * First 20 minutes of this talk explains what it means, i think, [Attacking Chrome IPC: Reliably finding bugs to escape the Chrome sandbox](https://media.ccc.de/v/35c3-9579-attacking_chrome_ipc#t=1317)
-    * The other side of the coin: Keep your brain and body healthy by sleeping, exercising, meditating, and taking vitamin D. If you don't, you might stress your brain to the point that, if you're genetically predisposed, you might win some kind of disease
+    * The other side of the coin: Keep your brain and body healthy by sleeping, exercising, meditating, and taking vitamin D. If you don't, you might stress your brain to the point that, if you're genetically predisposed, you might win some kind of disease. Also, don’t stay seated for too long. After some time, stand up, stretch, and move around regularly. This will be good for your health and help prevent issues that often come with aging.
     * Save bookmarks for anything you wish to learn in the future, and keep notes on things you have already studied
     * [Learning How to Learn: Powerful mental tools to help you master tough subjects](https://www.coursera.org/learn/learning-how-to-learn/)
     * [The Process of Mastering a Skill](https://azeria-labs.com/the-process-of-mastering-a-skill/)

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -177,8 +177,10 @@ In order:
     * https://blog.exodusintel.com/2023/05/16/google-chrome-v8-arrayshift-race-condition-remote-code-execution/
     * Basics of v8, setting up debug env and reproducing CVE, https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
     * Sandbox escape https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/, https://anvbis.au/posts/exploring-historical-v8-heap-sandbox-escapes-i/
-    * Conference talk: Modern attacks on Google Chrome, https://www.youtube.com/watch?v=WouAptHlyC4
+    * Conference talk: Modern attacks on Google Chrome (2023), https://www.youtube.com/watch?v=WouAptHlyC4
     * V8's attack surfaces in 2024, xvonfers' opinion, https://x.com/xvonfers/status/1800246814463189054
+    * Javascript Engines Vulnerability Research: State of the Art (HITBxPHDays 2024), https://www.youtube.com/watch?v=YpsfQl0V_3k
+    * VXCON 2024 Workshop | Alisa Esage - Browser Exploitation Workshop,https://www.youtube.com/live/b9OhamkAY2I
 
  - Sea of nodes
     * https://darksi.de/d.sea-of-nodes/

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -209,6 +209,7 @@ In order:
 
  - ["The Trials and Tribulations of the Exploit Development Lifecycle with Chompie!" off by one security podcast episode](https://www.youtube.com/watch?v=-i9D2pdzGHE)
     * The first part of the episode covers the common exploit development lifecycle
+    * The second part, more interestingly, provides an example of the exploit development lifecycle for a Windows LPE demonstrated at Pwn2Own
 
 
 <br/>

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -5,6 +5,9 @@
  - [#roadmap](#roadmap)
     * [#iot](#iot)
     * [#chrome-and-friends](#chrome-and-friends): Chrome, [V8](#v8), Blink, Mojo, etc.
+    * Linux kernel #todo
+    * expdev #todo
+    * fuzzing #todo
 
  - [#meta-vr](#meta-vr): Reference materials discussing other aspects of vulnerability research, such as the ethical considerations
 
@@ -198,6 +201,15 @@ In order:
  - ["Breaking Into Vulnerability Research: Dr Silvio Cesare - InfoSect" off-by-one 2024 talk](https://www.youtube.com/watch?v=tAmjkfO3-Ow)
     * The talk gives a brief intro of VR and then discusses the challenges of starting and running a company that specialises in vulnerability research. The typical problems likely faced ...
 
+ - ["Selling Exploits for Profit! Memory Corruption Bugs and Binary Exploitation..." off by one security podcast episode](https://www.youtube.com/watch?v=XiAEacZfLFw)
+     * A great episode that explains how the exploit market works from the perspective of security researchers (selling side)
+
+ - ["Fuzzing from First Principles with Alisa Esage" off by one security podcast episode](https://www.youtube.com/watch?v=9U-FK_Qi1XQ)
+    * The first part of the episode gives some lesser-known insights on fuzzing with a particular focus on probability distribution
+
+ - ["The Trials and Tribulations of the Exploit Development Lifecycle with Chompie!" off by one security podcast episode](https://www.youtube.com/watch?v=-i9D2pdzGHE)
+    * The first part of the episode covers the common exploit development lifecycle
+
 
 <br/>
 
@@ -220,6 +232,10 @@ In order:
  - AppSec Ezine
     * ref https://github.com/Simpsonpt/AppSecEzine
 
+ - Off By One Security
+    * ref https://www.youtube.com/@OffByOneSecurity/streams
+    * Cybersecurity podcast discussing VR, rev, and expdev
+
 <br/>
 
 ----

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -4,7 +4,7 @@
 
  - [#roadmap](#roadmap)
     * [#iot](#iot)
-    * [#chrome-and-friends](#chrome-and-friends) ([#v8](#v8))
+    * [#chrome-and-friends](#chrome-and-friends): Chrome, [V8](#v8), Blink, Mojo, etc.
 
  - [#meta-vr](#meta-vr): Reference materials discussing other aspects of vulnerability research, such as the ethical considerations
 
@@ -94,7 +94,7 @@ In order:
  - The XY-Z method:
     * You read a blog that talks about X by doing Y, but you can't understand its content
     * Then you learn X so you can replicate Y, and then you add Z which wasn't done before, even if it's a small change
-    * pros: it boosts your confidence, you will remember the subjects stuided more easily by practicing than just by studying the theory
+    * pros: it boosts your confidence, you will remember the subjects studied more easily by practicing than just by studying the theory
 
  - The XZ-Y method:
     * You read only the abstract of a blog that talks about X by doing Y
@@ -133,7 +133,6 @@ In order:
 
 ### Chrome and friends
 
- - Chrome, V8, Blink, Mojo, etc.
  - [#v8](#v8)
  - https://github.com/StarCrossPortal/bug-hunting-101
  - MiraclePtr https://security.googleblog.com/2024/01/miracleptr-protecting-users-from-use.html

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -138,6 +138,9 @@ In order:
  - https://github.com/StarCrossPortal/bug-hunting-101
  - MiraclePtr https://security.googleblog.com/2024/01/miracleptr-protecting-users-from-use.html
 
+ - https://github.com/keyou/chromium_demo
+    * Project giving a series of demos stressing some core components of the Chromium codebase. It's incomplete and partially translated into English, but still a decent way to get the hands dirty
+
  - ITW CVE-2024-5274, CVE-2024-4671
     * https://zerodayengineering.com/insights/chrome-viz-v8-wasm.html
     * https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -6,6 +6,8 @@
     * [#iot](#iot)
     * [#chrome-and-friends](#chrome-and-friends) ([#v8](#v8))
 
+ - [#meta-vr](#meta-vr): Reference materials discussing other aspects of vulnerability research, such as the ethical considerations
+
  - [#projects](#projects)
 
  - [#notes](#notes)
@@ -186,6 +188,19 @@ In order:
 
 ----
 
+## meta-vr
+
+ - ["FAQ: The tragedy of low-level exploitation"](https://gynvael.coldwind.pl/?id=791)
+    * Gynvael Coldwind responds to a FAQ, which is "`How to get into a low-level exploitation and exploit development career ?`", and concludes with what the author calls "`the tragedy of low-level exploitation`".
+
+ - ["Breaking Into Vulnerability Research: Dr Silvio Cesare - InfoSect" off-by-one 2024 talk](https://www.youtube.com/watch?v=tAmjkfO3-Ow)
+    * The talk gives a brief intro of VR and then discusses the challenges of starting and running a company that specialises in vulnerability research. The typical problems likely faced ...
+
+
+<br/>
+
+----
+
 ## Projects
 
  - CVE North Stars
@@ -210,3 +225,4 @@ In order:
 ## Notes
 
  - **this is just my personal experience and should not reflect yours, so forgive me if I have skipped some important reference material** 🤝
+
diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -135,7 +135,10 @@ In order:
  - [#v8](#v8)
  - https://github.com/StarCrossPortal/bug-hunting-101
  - MiraclePtr https://security.googleblog.com/2024/01/miracleptr-protecting-users-from-use.html
- - https://zerodayengineering.com/insights/chrome-viz-v8-wasm.html
+
+ - ITW CVE-2024-5274, CVE-2024-4671
+    * https://zerodayengineering.com/insights/chrome-viz-v8-wasm.html
+    * https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
 
 
 

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -132,7 +132,12 @@ In order:
 ### Chrome and friends
 
  - Chrome, V8, Blink, Mojo, etc.
+ - [#v8](#v8)
  - https://github.com/StarCrossPortal/bug-hunting-101
+ - MiraclePtr https://security.googleblog.com/2024/01/miracleptr-protecting-users-from-use.html
+ - https://zerodayengineering.com/insights/chrome-viz-v8-wasm.html
+
+
 
 #### V8
 

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -80,8 +80,8 @@ In order:
 
  - [Vulns1001 OST2 course](https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1/about)
     * You will learn something about code auditing
-    * [AOSS book](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426)
-    * [TLPI book](https://man7.org/tlpi/)
+    * [AOSS book](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426) (personal [notes](https://gist.github.com/tin-z/b5da60a56947b03c977baf260d687601))
+    * [TLPI book](https://man7.org/tlpi/) (personal [notes](https://gist.github.com/tin-z/17292073289c0451b72e1108d20a2116))
     * [Teaching and Learning Software Analysis via SVF](https://github.com/SVF-tools/Teaching-Software-Analysis)
     * Variant analysis and taint analysis: codeQL, coccinelle, semgrep, joern, weggli
 

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -192,6 +192,8 @@ In order:
     * ref https://pagedout.institute/
     * Non-Profit, Community-Driven Magazine about Technical Hacking and Programming
 
+ - AppSec Ezine
+    * ref https://github.com/Simpsonpt/AppSecEzine
 
 <br/>
 

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -184,6 +184,15 @@ In order:
     * ref https://cve-north-stars.github.io/
     * CVE North Stars introduces a method to kickstart vulnerability research by taking advantage of the CVE information freely available. This tutorial walks through practical CVE analysis, binary patch diffing, and root cause analysis.
 
+ - Exploits.Club
+    * ref https://blog.exploits.club/
+    * Newsletter for exploit developers, vuln researchers, and hackers
+
+ - Paged Out!
+    * ref https://pagedout.institute/
+    * Non-Profit, Community-Driven Magazine about Technical Hacking and Programming
+
+
 <br/>
 
 ----

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -163,6 +163,7 @@ In order:
     * Basics of v8, setting up debug env and reproducing CVE, https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
     * Sandbox escape https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/, https://anvbis.au/posts/exploring-historical-v8-heap-sandbox-escapes-i/
     * Conference talk: Modern attacks on Google Chrome, https://www.youtube.com/watch?v=WouAptHlyC4
+    * V8's attack surfaces in 2024, xvonfers' opinion, https://x.com/xvonfers/status/1800246814463189054
 
  - Sea of nodes
     * https://darksi.de/d.sea-of-nodes/

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -152,7 +152,7 @@ In order:
     * https://seal9055.com/blog/browser/turbofan
     * https://seal9055.com/blog/browser/exploitation
 
- - Blogs
+ - Blogs, etc.
     * https://v8.dev/blog/pointer-compression
     * https://jhalon.github.io/chrome-browser-exploitation-1/ (start here)
     * https://ponyfoo.com/articles/an-introduction-to-speculative-optimization-in-v8
@@ -161,6 +161,8 @@ In order:
     * https://doar-e.github.io/blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/ (outdated)
     * https://blog.exodusintel.com/2023/05/16/google-chrome-v8-arrayshift-race-condition-remote-code-execution/
     * Basics of v8, setting up debug env and reproducing CVE, https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
+    * Sandbox escape https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/, https://anvbis.au/posts/exploring-historical-v8-heap-sandbox-escapes-i/
+    * Conference talk: Modern attacks on Google Chrome, https://www.youtube.com/watch?v=WouAptHlyC4
 
  - Sea of nodes
     * https://darksi.de/d.sea-of-nodes/

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -6,6 +6,8 @@
     * [#iot](#iot)
     * [#chrome-and-friends](#chrome-and-friends) ([#v8](#v8))
 
+ - [#projects](#projects)
+
  - [#notes](#notes)
 
 <br/>
@@ -167,6 +169,18 @@ In order:
 
  - TheHole object value
 
+ - ...
+
+<br/>
+
+----
+
+## Projects
+
+ - CVE North Stars
+    * ref https://cve-north-stars.github.io/
+    * CVE North Stars introduces a method to kickstart vulnerability research by taking advantage of the CVE information freely available. This tutorial walks through practical CVE analysis, binary patch diffing, and root cause analysis.
+
 <br/>
 
 ----

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -4,7 +4,7 @@
 
  - [#roadmap](#roadmap)
     * [#iot](#iot)
-    * [#chrome-and-friends](#chrome-and-friends)
+    * [#chrome-and-friends](#chrome-and-friends) ([#v8](#v8))
 
  - [#notes](#notes)
 
@@ -129,7 +129,10 @@ In order:
 
 ### Chrome and friends
 
- - Chrome, V8, Blink, Mojo
+ - Chrome, V8, Blink, Mojo, etc.
+ - https://github.com/StarCrossPortal/bug-hunting-101
+
+#### V8
 
  - Let’s Understand Chrome V8 series [EN/CN]
     * https://medium.com/@huidou
@@ -139,7 +142,6 @@ In order:
  - https://github.com/two-heart/v8-design-docs
  - https://github.com/danbev/learning-v8
  - https://github.com/plctlab/v8-internals [CN] (i will publish the translated repo + video soon)
- - https://github.com/StarCrossPortal/bug-hunting-101
 
  - seal9055 browser exploit series (partially outdated)
     * https://seal9055.com/blog/browser/browser_architecture
@@ -149,13 +151,22 @@ In order:
     * https://seal9055.com/blog/browser/exploitation
 
  - Blogs
+    * https://v8.dev/blog/pointer-compression
     * https://jhalon.github.io/chrome-browser-exploitation-1/ (start here)
     * https://ponyfoo.com/articles/an-introduction-to-speculative-optimization-in-v8
     * https://doar-e.github.io/blog/2019/01/28/introduction-to-turbofan/
     * https://www.madstacks.dev/categories/v8-series/ (outdated)
+    * https://doar-e.github.io/blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/ (outdated)
     * https://blog.exodusintel.com/2023/05/16/google-chrome-v8-arrayshift-race-condition-remote-code-execution/
     * Basics of v8, setting up debug env and reproducing CVE, https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
 
+ - Sea of nodes
+    * https://darksi.de/d.sea-of-nodes/
+    * https://static.squarespace.com/static/50030e0ac4aaab8fd03f41b7/50030ec0e4b0c0ebbd07b0e0/50030ec0e4b0c0ebbd07b268/1281379125883/
+    * SSA and dominator nodes, https://www.cs.princeton.edu/courses/archive/fall03/cs528/handouts/a%20fast%20algorithm%20for%20finding.pdf
+
+ - TheHole object value
+
 <br/>
 
 ----

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -4,7 +4,7 @@
 
  - [#roadmap](#roadmap)
     * [#iot](#iot)
-    * [#v8](#v8)
+    * [#chrome-and-friends](#chrome-and-friends)
 
  - [#notes](#notes)
 
@@ -127,7 +127,9 @@ In order:
 
 <br/>
 
-### Chrome, V8, Blink
+### Chrome and friends
+
+ - Chrome, V8, Blink, Mojo
 
  - Let’s Understand Chrome V8 series [EN/CN]
     * https://medium.com/@huidou

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -125,8 +125,34 @@ In order:
     * [Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation 1st Edition](https://www.amazon.com/Attacking-Network-Protocols-Analysis-Exploitation/dp/1593277504/)
     * simple dynamic binary instrumentation with PythonGdb, [1](https://sourceware.org/gdb/wiki/PythonGdbTutorial), [2](https://lnxblog.github.io/2019/06/17/python-support-for-gdb.html), [3](https://blog.lse.epita.fr//2012/05/01/pythongdb-tutorial-for-reverse-engineering-part.html), [4](https://tromey.com/blog/?p=698), [5](https://blog.0x972.info/?d=2016/01/08/09/14/47-simple-gdb-extensions-with-python), [6](https://github.com/crossbowerbt/GDB-Python-Utils/blob/master/examples/in-memory-fuzzer/in-memory-break.py), [7](https://crossbowerbt.github.io/in_memory_fuzzing.html)
 
-### V8
- - Basics of v8, setting up debug env and reproducing CVE, https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
+<br/>
+
+### Chrome, V8, Blink
+
+ - Let’s Understand Chrome V8 series [EN/CN]
+    * https://medium.com/@huidou
+    * https://github.com/v8blink/v8-JavaScript-Documents
+    * https://www.zhihu.com/people/v8blink
+
+ - https://github.com/two-heart/v8-design-docs
+ - https://github.com/danbev/learning-v8
+ - https://github.com/plctlab/v8-internals [CN] (i will publish the translated repo + video soon)
+ - https://github.com/StarCrossPortal/bug-hunting-101
+
+ - seal9055 browser exploit series (partially outdated)
+    * https://seal9055.com/blog/browser/browser_architecture
+    * https://seal9055.com/blog/browser/ignition
+    * https://seal9055.com/blog/browser/memory_management
+    * https://seal9055.com/blog/browser/turbofan
+    * https://seal9055.com/blog/browser/exploitation
+
+ - Blogs
+    * https://jhalon.github.io/chrome-browser-exploitation-1/ (start here)
+    * https://ponyfoo.com/articles/an-introduction-to-speculative-optimization-in-v8
+    * https://doar-e.github.io/blog/2019/01/28/introduction-to-turbofan/
+    * https://www.madstacks.dev/categories/v8-series/ (outdated)
+    * https://blog.exodusintel.com/2023/05/16/google-chrome-v8-arrayshift-race-condition-remote-code-execution/
+    * Basics of v8, setting up debug env and reproducing CVE, https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
 
 <br/>
 
@@ -135,4 +161,3 @@ In order:
 ## Notes
 
  - **this is just my personal experience and should not reflect yours, so forgive me if I have skipped some important reference material** 🤝
- - I don't feel confident enough to link material about the V8 engine. However, I'll include the links you suggest and write a blog post discussing them 📡
diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -16,8 +16,9 @@
 
  - CTFs (binary and reverse)
     * [pwn.college](https://pwn.college/)
+    * [COMPSCI 390R Reverse Engineering & Vulnerability Analysis](https://pwn.umasscybersec.org/index.html)
     * [Course materials for Modern Binary Exploitation by RPISEC](https://github.com/RPISEC/MBE)
-    * [wiki](https://github.com/ctf-wiki/ctf-wiki)
+    * [ctf-wiki](https://github.com/ctf-wiki/ctf-wiki)
     * Handbook for CTFers by Nu1L Team
 
  - CTF tools and writeups

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -114,7 +114,7 @@ In order:
 
 ### IoT
 
- - [IoT VR roadmap (hardware hacking excluded)](https://gist.github.com/tin-z/7cbc165f2a606b52d574d4742e4dd223) (optional)
+ - [IoT VR roadmap (hardware hacking excluded)](https://gist.github.com/tin-z/7cbc165f2a606b52d574d4742e4dd223)
     * binary analysis (binary lifting, binary rewriting, binary diffing, CFG, Data analysis, etc.)
     * string analysis (string distribution)
     * cross compilation == pain
@@ -134,4 +134,4 @@ In order:
 ## Notes
 
  - **this is just my personal experience and should not reflect yours, so forgive me if I have skipped some important reference material** 🤝
- - I don't feel confident enough to link material about the V8 engine. However, I'll include the links you suggest and write a blog post discussing it 📡
+ - I don't feel confident enough to link material about the V8 engine. However, I'll include the links you suggest and write a blog post discussing them 📡
diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -1,7 +1,12 @@
 ## Index
 
  - [#prepreqs](#preprequisites)
+
  - [#roadmap](#roadmap)
+    * [#iot](#iot)
+    * [#v8](#v8)
+
+ - [#notes](#notes)
 
 <br/>
 
@@ -100,6 +105,15 @@ In order:
 
  - Follow the same path you have followed for the code auditing tasks, but this time, do fuzzing
 
+ - [Vulns1002 OST2 course](https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Vulns1002_C-family+2023_v1/about)
+    * do the labs by following the XZ-Y method
+
+ - Work in progress...
+
+<br/>
+
+### IoT
+
  - [IoT VR roadmap (hardware hacking excluded)](https://gist.github.com/tin-z/7cbc165f2a606b52d574d4742e4dd223) (optional)
     * binary analysis (binary lifting, binary rewriting, binary diffing, CFG, Data analysis, etc.)
     * string analysis (string distribution)
@@ -110,14 +124,14 @@ In order:
     * [Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation 1st Edition](https://www.amazon.com/Attacking-Network-Protocols-Analysis-Exploitation/dp/1593277504/)
     * simple dynamic binary instrumentation with PythonGdb, [1](https://sourceware.org/gdb/wiki/PythonGdbTutorial), [2](https://lnxblog.github.io/2019/06/17/python-support-for-gdb.html), [3](https://blog.lse.epita.fr//2012/05/01/pythongdb-tutorial-for-reverse-engineering-part.html), [4](https://tromey.com/blog/?p=698), [5](https://blog.0x972.info/?d=2016/01/08/09/14/47-simple-gdb-extensions-with-python), [6](https://github.com/crossbowerbt/GDB-Python-Utils/blob/master/examples/in-memory-fuzzer/in-memory-break.py), [7](https://crossbowerbt.github.io/in_memory_fuzzing.html)
 
+### V8
+ - Basics of v8, setting up debug env and reproducing CVE, https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
 
+<br/>
 
- - [Vulns1002 OST2 course](https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Vulns1002_C-family+2023_v1/about)
-    * do the labs by following the XZ-Y method
-
- - Work in progress...
-
+----
 
-<br/>
+## Notes
 
-**Please note, this is just my personal experience and should not reflect yours, so forgive me if I have skipped some important reference material 🤝**
+ - **this is just my personal experience and should not reflect yours, so forgive me if I have skipped some important reference material** 🤝
+ - I don't feel confident enough to link material about the V8 engine. However, I'll include the links you suggest and write a blog post discussing it 📡
diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -37,9 +37,9 @@
     * it's a bird, it's a plane, it's [ptr-yudai's blog](https://ptr-yudai.hatenablog.com/) :)
 
  - Books, tutorials:
-    * Learn C :) [C Programming Language, 2nd Edition 2nd Edition](https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/ref=pd_sim_d_sccl_3_9/)
+    * Learn C :) [C Programming Language, 2nd Edition](https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/ref=pd_sim_d_sccl_3_9/)
     * [The Shellcoder's Handbook: Discovering and Exploiting Security Holes 2nd Edition](https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/) (outdated)
-    * [Hacking: The Art of Exploitation, 2nd Edition 2nd Edition](https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/)
+    * [Hacking: The Art of Exploitation, 2nd Edition](https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/)
     * Learn intel assembly :) [Programming from the Ground Up by Jonathan Bartlett](https://www.amazon.com/Programming-Ground-Up-Jonathan-Bartlett/dp/1616100648)
     * Learn what is ELF, the linker and loader [Linker and Libraries Guide - oracle](https://docs.oracle.com/cd/E23824_01/html/819-0690/index.html)
     * The Legend of R4ndom Tutorials

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -53,7 +53,7 @@
  - Mentality: You challenge yourself, (the more difficult, the better), you have passion, you are persistent, and you understand that failure is part of growing
     * First 20 minutes of this talk explains what it means, i think, [Attacking Chrome IPC: Reliably finding bugs to escape the Chrome sandbox](https://media.ccc.de/v/35c3-9579-attacking_chrome_ipc#t=1317)
     * The other side of the coin: Keep your brain and body healthy by sleeping, exercising, meditating, and taking vitamin D. If you don't, you might stress your brain to the point that, if you're genetically predisposed, you might win some kind of disease
-    * Save bookmarks of anything you wish to learn in future, and keep notes of things you have already studied
+    * Save bookmarks for anything you wish to learn in the future, and keep notes on things you have already studied
     * [Learning How to Learn: Powerful mental tools to help you master tough subjects](https://www.coursera.org/learn/learning-how-to-learn/)
     * [The Process of Mastering a Skill](https://azeria-labs.com/the-process-of-mastering-a-skill/)
     * [The Importance of Deep Work & The 30-Hour Method for Learning a New Skill](https://azeria-labs.com/the-importance-of-deep-work-the-30-hour-method-for-learning-a-new-skill/)

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -92,7 +92,7 @@ In order:
     * pros: same as above + you learn how to think like a researcher
     * cons: difficult maybe
 
- - Ideally, you will follow first the XY-Z method, and then the XZ-Y method
+ - Ideally, you should first follow the XY-Z method, and then the XZ-Y method
 
  - [fuzzing open source projects tutorial](https://github.com/lcatro/Source-and-Fuzzing)
     * [Roadmap to learn fuzzing](https://gist.github.com/tin-z/23f00e5bafacc7cd3676ac82b1dab8b0)

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -81,18 +81,18 @@ In order:
     * use a code navigator (for example vim + cscope https://cscope.sourceforge.net/)
     * increase the difficulty
 
- - The XY-Z rule:
+ - The XY-Z method:
     * You read a blog that talks about X by doing Y, but you can't understand its content
     * Then you learn X so you can replicate Y, and then you add Z which wasn't done before, even if it's a small change
     * pros: it boosts your confidence, you will remember the subjects stuided more easily by practicing than just by studying the theory
 
- - The XZ-Y rule:
+ - The XZ-Y method:
     * You read only the abstract of a blog that talks about X by doing Y
     * Then you learn X, then you do Z, which is how you would have resolved Y without knowing how the author implemented it. Finally, you compare your results with the author's.
     * pros: same as above + you learn how to think like a researcher
     * cons: difficult maybe
 
- - Ideally, you will follow first the XY-Z rule, and then the XZ-Y rule
+ - Ideally, you will follow first the XY-Z method, and then the XZ-Y method
 
  - [fuzzing open source projects tutorial](https://github.com/lcatro/Source-and-Fuzzing)
     * [Roadmap to learn fuzzing](https://gist.github.com/tin-z/23f00e5bafacc7cd3676ac82b1dab8b0)
@@ -113,7 +113,7 @@ In order:
 
 
  - [Vulns1002 OST2 course](https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Vulns1002_C-family+2023_v1/about)
-    * do the labs by following the XZ-Y rule
+    * do the labs by following the XZ-Y method
 
  - Work in progress...
 

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -58,6 +58,7 @@
     * [The Process of Mastering a Skill](https://azeria-labs.com/the-process-of-mastering-a-skill/)
     * [The Importance of Deep Work & The 30-Hour Method for Learning a New Skill](https://azeria-labs.com/the-importance-of-deep-work-the-30-hour-method-for-learning-a-new-skill/)
     * [Paradox of Choice |  Azeria Labs](https://azeria-labs.com/paradox-of-choice/)
+    * [@netspooky](https://x.com/netspooky?ref=blog.exploits.club)'s [List of healthy reminders](https://x.com/netspooky/status/1554935891298246656?ref=blog.exploits.club)
 
 
 <br/>

diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -116,4 +116,7 @@ In order:
 
  - Work in progress...
 
-
+
+<br/>
+
+**Please note, this is just my personal experience and should not reflect yours, so forgive me if I have skipped some important reference material 🤝**
diff --git a/VR_roadmap.md b/VR_roadmap.md
@@ -55,6 +55,10 @@
     * The other side of the coin: Keep your brain and body healthy by sleeping, exercising, meditating, and taking vitamin D. If you don't, you might stress your brain to the point that, if you're genetically predisposed, you might win some kind of disease
     * Save bookmarks of anything you wish to learn in future, and keep notes of things you have already studied
     * [Learning How to Learn: Powerful mental tools to help you master tough subjects](https://www.coursera.org/learn/learning-how-to-learn/)
+    * [The Process of Mastering a Skill](https://azeria-labs.com/the-process-of-mastering-a-skill/)
+    * [The Importance of Deep Work & The 30-Hour Method for Learning a New Skill](https://azeria-labs.com/the-importance-of-deep-work-the-30-hour-method-for-learning-a-new-skill/)
+    * [Paradox of Choice |  Azeria Labs](https://azeria-labs.com/paradox-of-choice/)
+
 
 <br/>