Security research is crucial amid the rapid evolution of cybercrime, the prevalence of nation-state attacks, and over 40k CVEs reported last year. With plenty of learning resources online, it’s challenging to begin your own research. This talk explores fundamental approaches and techniques to discover existing vulnerabilities in software, focusing on practical aspects and essential tools to perform black box and white box analysis, use static analysis tools to understand application structure, and dynamic tools to analyze its behaviour. Additionally, we will exercise static analysis on a vulnerable Python application to apply new knowledge. The goal is to understand how to perform a security research.