coding @ decal's security shed

computer programming


Exploits, Tools & Other Proof of Concept Code

irixview.c - old exploit for SGI IRIX version less than or equal to 6.4, a.k.a. CVE-1999-0148 - local privilege escalation to super-user account by dynamically loading a shared library at runtime through the userhelper(8) PAM interface on RedHat Linux 6.x

napstir.c - 3rd-party Napster clients permitted viewing of traversed pathname contents relative to the default download directory, as well as DoS due to improper handling of a specically crafted packet - Shell script that exploits a temporary file symlink(2) pathname race condition to expose the root password ciphertext from /etc/shadow through a set-uid root NCP binary

cmd.war - J2EE web archive containing pwn.jsp for arbitrary remote code execution via CGI - Percent encoding to evade IDSen when conducting cross-site scripting with VBScript

oligdna.c.html - Stereoscopic Anaglyph 3D Syntax Highlighting of C99 in HTML

Linux tools for increasing accessibility in a restricted shell or chroot(2) directory

syscaller.c - execute common Linux commands without access to their executable binary files

netstat.bash - parse network statistics from Linux proc(5)

ps.bash - parse process table from the Linux proc(5) pseudo-filesystem

See also: Jails - High value, but shitty virtualization

Winsock and/or BSD socket library dynamic loading

randsrc-1.0.tar.gz - bind() to a random IPv4 interface and connect to specified host/port

shadyshell.c - Compact, cut & paste UDP portshell written in C99 to stay under the TCP/IP IDS radar
Unbeknownst to me, some phone phreaks have devised a way to tunnel WAP/VoIP data over their smartphones with this code, according to this forum posting

porkbind-1.3.tar.gz - Porkbind recursively retrieves version information for the nameserver(s) of a given domain and produces a report that describes possible vulnerabilities of each.

tcpsee-1.1.c - tcpdump wrapper that adds ANSI color escape control character sequences for pretty printing

headcap.c - raw socket example from Linux kernel version 2.2

oligdna.c - oligonucleotide sequence generator

Apple Inc.© Xcode Related ...

@ayanonagon's Swift Blog

"Hello World" in various languages


TERM="xterm256-color" ./xterm256-color.perl

Random expressions of obscurity ⇒ C++ written in C++

l.perl ⇒ X-Mas in Perl

l.c ⇒ Rectangular "C"

Visual Aids

Complexity Classes

Java Language Architecture

JBoss a.k.a. Wildfly JMX Architecture

Git Cheat Sheet (in SVG format)

Automated Drawing of UML Diagrams => automatically detect problems in sh/bash scripts and commands

Reference Materials

Code from the book Hacker's Delight



UTF-8 HTML Character Entity Reference Chart

Explore and Master Chrome DevTools

Open Source Software Security Wiki @

UTF-8 and Unicode FAQ

doxygen Commands Manual

DocBook XSL: The Complete Guide

DTrace at Oracle® Wikis

Technical x86 Process Information

MIPS Developer Resources from the ©Imagination Community

Memory Management Reference

X86 Opcode and Instruction Reference

Linux Assembly Web Site (Original Heatbleed PoC)


Understanding stacks and registers in the SPARC architecture(s)

Technical Documents from SPARC International, Inc.

A Taxonomy of Coding Errors that Affect Security (Documentation of Fortify Acquisition)

Advanced Bash-Scripting Guide

GreyCat's Wiki about shell scripting UNIX with bash (Bourne Again SHell)

Linux Shell Scripting Tutorial (LSST) v2.0 (pretty much self-explanatory)

Coder's Toolbox - the programmer's bare necessities

More RGB Color Codes Than a Box of Crayola's™

ANSI Color Tutorial

ANSI Escape Code Article by the Linux Gazette

Scholastic Aptitude Test for Leets

SANS: Application Security Procurement Language

Read the Docs: Create, host, and browse documentation.

Winsock Programmer's FAQ

Search Internet-Drafts and RFC's

Memory Optimization in ANSI C  (slides)

ECMA Formal Publications

PHP Fusion Coding Standards

CSE 4254 Programming in Lisp

DEC TOPS-20 OS for the PDP-10: COMPILE CLI /switches

Intellectual Property Rights in IETF Technology

DocBook XSL: The Complete Guide, Fourth Edition

Algorithms and Data Structures Cheat Sheet


Past LISTSERV Posts, Screencasts & Other PoC Demonstrations by Me

Re: remote DoS against inetd and ssh

My comments regardingconnect(2) floods as a DoS attack against daemons dependent upon the listen(2) socket queue limit assigned by inetd(8) on Linux in 1999, especially with respect toidentd(8) and its variants

bugtraq: Re: Fwd: ircii-4.4 buffer overflow

Stack buffer overflow in UNIX IRC client ircII that I reported to Bugtraq in June of 1997 and was (independently?) re-discovered three years later in March of 2000

BlockWatch Recursive NTFS SmartListing Use Case Demo

Video Demonstration of BlockWatch: a revolutionary anti-malware solution that I helped write a middleware component for with the Microsoft .NET Framework's WCF API

IOActive BlockWatch™ and IOActive Memory Cruncher™

Latest BlockWatch rebranded by IOActive® from Security Objectives© (Note: This is not all my own work and by now very little is--it's the brainchild of K2

Spot Feds Online @

Links to research material, slides, talks & more about my IRC client hostname decloaking research findings (Hint: it's got nada to do with hash cracking!)

Programming Paradigms, Algorithms, and Sites with Re-usable Code

The Hello World Collection

Managing XCode

JSR-335 Lambda Expressions for the Java™ Programming Language

Microsoft Research Web N-Gram Services

repository of standard programming situations in a variety of languages

PLEAC - Programming Language Examples Alike Cookbook

Long-term memory for coders. Share and store code snippets.

github:gist is a simple way to share snippets and pastes

Code Snippets Collection

The Undocumented Functions by NTinternals

Wikipedia Programming Language Implementation Category

Lua Programming - Wikibooks

Lua Functional Programming - Wikibooks

Lua Reference Manuals

What is Gradual Typing?

On Lisp by Paul Graham

DBX, XDB, GDB, WinDBG & OpenVMS Debugger via

Various DNSSEC and SMTP SPF tools written in Java

Henry Baker's Archive of Research Papers

Programming Language Research

Favorite Programming Languages and Frameworks

Current standard for Programming Language C (C11), ISO/IEC 9899:2011

C Reserved Identifiers

Java™  EE 7 Specification API's


The Programming Language Lua


Common LISP


Ruby Toolbox

MPICH a.k.a. OpenMPI


How to Harden PHP - according to cPanel

Windows 8.1 API Sets

Node.js® is a platform built on Chrome's JavaScript runtime

Google's Go Language Documentation

The Java security API's span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.


The Tcl'ers Wiki!

Source Code Analysis, Refactoring, Minification, etc.

HTML Minifier

JsFiddle @




jsPerf JavaScript performance playground

Flow: a static type checker for JavaScript  @

JSON Shell for the Browser

Readable s-expressions and sweet-expressions

Rough Auditing Tool for Security (RATS)

View the source code for any class in the .NET framework.

Clang Static Analyzer - test web browser rendering of HTML, JavaScript, etc.

Rextester stands for regular expression tester

The Underhanded C Code Contest

The International Obfuscated C Code Contest

The Underhanded PowerShell Contest Repository

The JavaScript Misdirection Contest

Google Style Guides


Semantic Versioning

Microsoft Debugging Blog

IKVM.NET: an implementation of Java for Mono and the Microsoft .NET Framework

Open Runtime Platform: open-source dynamic computing research platform

Phalanager - The PHP compiler for .NET

The Python programming language for the .NET framework

The Ruby programming language for the .NET framework

Convert C# to VB and VB to C# With Telerik® Code Converter

Low-level Debugging

Software Diagnostics Institute

Miscellaneous Stuff

Software Testing Paradoxes Article in MSDN Magazine

O'Reilly Open Book

Programming Language Vulnerabilities Group at ISO/IEC

SmallVoid: Developer Links (Lots of Standards and References)

Intel® XDK HTML5 Cross-platform Development Tool

Intel® XDK Documentation

DHS CSD-SWAMP (SoftWare Assurance MarketPlace)

C++ In Depth - Google for Education -- Google Developers

An Example of Object-Oriented Design: An ATM Simulation

Hoogle: Haskell API Search Engine

Visual Studio 11 C++ Compiler Options Listed Alphabetically

Package GUIDs of Visual Studio Features

Higher Logics: Where Programming Meets Science

GCC Online Documentation

Sun Studio 12: Debugging a Program with dbx

Oracle Solaris 11 Information Library: Linker and Libraries Guide  (November 2011)

JPanic's Viruses

Cookbook for Java Web Programming via Servlets and JDBC at

MSR: Continuous Space Text Representations

OSI: Open Source Initiative

University of Maryland Computer Organization Course (Based on MIPS)

A Case Against The GO TO Statement by Edsger W. Djikstra

Random code snippets, projects and musings about software from Eric Kidd, a developer and entrepreneur.

IDE's and REPL's, GUI's, Web-based Tools & More..

Get-ToThePrompt -at Netbeans IDE

Eclipse is an IDE in its own right, however a C/C++ IDE and PHP IDE are also available from the same folks

Rubular: a Ruby regular expression editor and tester

Online Regular Expression Testing @

Regular Expression Cookbook's Featured Recipes @

Regular Expressions - JavaScript | MDN

Debuggex (Regular Expression Debugger That Generates the Corresponding FSA diagrams

Code Style Guides, Naming Conventions, Source Readability/Maintainability, Spacing/Indentation, etc.

Google's Style Guides for: C++, Objective-C, Java, Python, Shell, HTML/CSS, JavaScript, AngularJS, Common LISP, and Vimscript are now available!

Valid XHTML 1.0 Transitional  Valid CSS!