From Day Zero to Zero Day
My physical copy of Eugene Lim's From Day Zero to Zero Day arrived today.
I came across the book on LinkedIn, looked into it, and quickly realized it fit very well with the study path I am building.
What stood out immediately is how practical and technical it seems. It focuses on reading real code, mapping attack surfaces, finding sources and sinks, understanding bug patterns, and turning vulnerability research into a repeatable process rather than a vague skill.
Over the past few weeks, I have been trying to balance full-time work with expanding my vulnerability research knowledge. I watched Alisa Esage's Hypervisor Security Research 101 masterclass and started doing several bug self-studies: finding the vulnerable code in the real repo, locating the fix commit, and explaining the mechanics, reachability, and potential impact.
The goal is not only to understand each specific bug, but to distill it into a more general invariant or pattern I can recognize later.
A few practical observations have already come out of these studies. Bugs often repeat as patterns, not isolated accidents. If a developer makes the same mistake in one place, it may exist elsewhere too, even after one instance is fixed.
They also reinforced how difficult real-world code is to reason about. Values move through long flows, internal types hide important assumptions, and a suspicious pattern may not actually be reachable if earlier code constrains the input or state. Security impact is contextual as well: whether a given behavior is actually a vulnerability may depend on design, deployment, or even regulation, not only on what the code does.
I am looking forward to working through the book and studying the skills, examples, and methodology it presents. One thing many experienced researchers emphasized when I asked for study advice is the importance of self-study in this field. Structured resources are relatively rare, which makes a practical book like From Day Zero to Zero Day especially valuable. Hopefully, it will help me build a stronger foundation, continue studying more effectively independently, and eventually find bugs of my own.
Feel free to drop a comment on the LinkedIn post for this article.