coding @ decal's security shed
computer programming
internal
Exploits, Tools & Other Proof of Concept Code
irixview.c - old exploit for SGI IRIX version less than or equal to 6.4, a.k.a. CVE-1999-0148userrooter.sh - local privilege escalation to super-user account by dynamically loading a shared library at runtime through the userhelper(8) PAM interface on RedHat Linux 6.xnapstir.c - 3rd-party Napster clients permitted viewing of traversed pathname contents relative to the default download directory, as well as DoS due to improper handling of a specically crafted packethead1.sh - Shell script that exploits a temporary file symlink(2) pathname race condition to expose the root password ciphertext from /etc/shadow through a set-uid root NCP binarycmd.war - J2EE web archive containing pwn.jsp for arbitrary remote code execution via CGIhex4vbs.py - Percent encoding to evade IDSen when conducting cross-site scripting with VBScriptoligdna.c.html - Stereoscopic Anaglyph 3D Syntax Highlighting of C99 in HTMLLinux tools for increasing accessibility in a restricted shell or chroot(2) directory
syscaller.c - execute common Linux commands without access to their executable binary filesnetstat.bash - parse network statistics from Linux proc(5)ps.bash - parse process table from the Linux proc(5) pseudo-filesystemSee also: Jails - High value, but shitty virtualization
Winsock and/or BSD socket library dynamic loading
randsrc-1.0.tar.gz - bind() to a random IPv4 interface and connect to specified host/portshadyshell.c - Compact, cut & paste UDP portshell written in C99 to stay under the TCP/IP IDS radarUnbeknownst to me, some phone phreaks have devised a way to tunnel WAP/VoIP data over their smartphones with this code, according tothis forum posting
porkbind-1.3.tar.gz - Porkbind recursively retrieves version information for the nameserver(s) of a given domain and produces a report that describes possible vulnerabilities of each.tcpsee-1.1.c - tcpdump wrapper that adds ANSI color escape control character sequences for pretty printingheadcap.c - raw socket example from Linux kernel version 2.2oligdna.c - oligonucleotide sequence generatorApple Inc.© Xcode Related ...
@ayanonagon's Swift Blog"Hello World" in various languages
COBOLTERM="xterm256-color" ./xterm256-color.perlRandom expressions of obscurity
l.cc ⇒ C++ written in C++l.perl ⇒ X-Mas in Perll.c ⇒ Rectangular "C"Visual Aids
Complexity ClassesJava Language Architecture
JBoss a.k.a. Wildfly JMX Architecture
Git Cheat Sheet (in SVG format)
Automated Drawing of UML Diagrams
shellcheck.net => automatically detect problems in sh/bash scripts and commands
Reference Materials
Code from the book Hacker's Delightdevdocs.io
ascii-code-table.txtHTML Tags
UTF-8 HTML Character Entity Reference Chart
Explore and Master Chrome DevTools
Open Source Software Security Wiki @ openwall.org
UTF-8 and Unicode FAQ
doxygen Commands ManualDocBook XSL: The Complete GuideDTrace at Oracle® WikisTechnical x86 Process Information
MIPS Developer Resources from the ©Imagination Community
Memory Management Reference
X86 Opcode and Instruction Reference
Linux Assembly Web Site
ssltest.py (Original Heatbleed PoC)
histogram.c
Understanding stacks and registers in the SPARC architecture(s)
Technical Documents from SPARC International, Inc.
A Taxonomy of Coding Errors that Affect Security (Documentation of Fortify Acquisition)
Advanced Bash-Scripting Guide
GreyCat's Wiki about shell scripting UNIX with bash (Bourne Again SHell)
Linux Shell Scripting Tutorial (LSST) v2.0
man-ascii.com (pretty much self-explanatory)
Coder's Toolbox - the programmer's bare necessities
rosettacode.orglearnxinyminutes.comMore RGB Color Codes Than a Box of Crayola's™
ANSI Color Tutorial
ANSI Escape Code Article by the Linux Gazette
Scholastic Aptitude Test for Leets
SANS: Application Security Procurement Language
Read the Docs: Create, host, and browse documentation.
Winsock Programmer's FAQ
Search Internet-Drafts and RFC's
Memory Optimization in ANSI C (slides)
ECMA Formal Publications
PHP Fusion Coding Standards
CSE 4254 Programming in Lisp
DEC TOPS-20 OS for the PDP-10:
COMPILE CLI /switchesIntellectual Property Rights in IETF Technology
DocBook XSL: The Complete Guide, Fourth Edition
Algorithms and Data Structures Cheat Sheet
external
Past LISTSERV Posts, Screencasts & Other PoC Demonstrations by Me
Re: remote DoS against inetd and ssh
My comments regardingconnect(2) floods as a DoS attack against daemons dependent upon the listen(2) socket queue limit assigned by inetd(8) on Linux in 1999, especially with respect toidentd(8) and its variants
bugtraq: Re: Fwd: ircii-4.4 buffer overflow
Stack buffer overflow in UNIX IRC client ircII that I reported to Bugtraq in June of 1997 and was (independently?) re-discovered three years later in March of 2000
BlockWatch Recursive NTFS SmartListing Use Case Demo
Video Demonstration of BlockWatch: a revolutionary anti-malware solution that I helped write a middleware component for with the Microsoft .NET Framework's WCF API
IOActive BlockWatch™ and IOActive Memory Cruncher™
Latest BlockWatch rebranded by IOActive® from Security Objectives© (Note: This is not all my own work and by now very little is--it's the brainchild of K2
Spot Feds Online @ decal.sdf.org
Links to research material, slides, talks & more about my IRC client hostname decloaking research findings (Hint: it's got nada to do with hash cracking!)
Programming Paradigms, Algorithms, and Sites with Re-usable Code
The Hello World CollectionManaging XCode
JSR-335 Lambda Expressions for the Java™ Programming Language
Microsoft Research Web N-Gram Services
repository of standard programming situations in a variety of languages
PLEAC - Programming Language Examples Alike Cookbook
Long-term memory for coders. Share and store code snippets.
github:gist is a simple way to share snippets and pastes
Code Snippets Collection
The Undocumented Functions by NTinternals
Wikipedia Programming Language Implementation Category
Lua Programming - Wikibooks
Lua Functional Programming - Wikibooks
Lua Reference Manuals
What is Gradual Typing?
On Lisp by Paul Graham
DBX, XDB, GDB, WinDBG & OpenVMS Debugger via erik.cabetas.com
Various DNSSEC and SMTP SPF tools written in Java
Henry Baker's Archive of Research Papers
Programming Language Research
Favorite Programming Languages and Frameworks
Current standard for Programming Language C (C11),ISO/IEC 9899:2011C Reserved Identifiers
Java™ EE 7 Specification API's
PHP INTERVIEW QUESTIONS AND ANSWERS
The Programming Language Lua
fsharp.netfsharp.orgScheme
Common LISP
Ruby
rubysecurity.info
Ruby Toolbox
MPICH a.k.a. OpenMPI
OpenMP
How to Harden PHP - according to cPanel
Windows 8.1 API Sets
Node.js® is a platform built on Chrome's JavaScript runtime
Google's Go Language Documentation
The Java security API's span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.
OpenJDK
The Tcl'ers Wiki!
Source Code Analysis, Refactoring, Minification, etc.
HTML MinifierJsFiddle @ jsfiddle.net
JSBin
JSHint
JSLint
jsPerf JavaScript performance playground
Flow: a static type checker for JavaScript @ flowtype.org
JSON Shell for the Browser
Readable s-expressions and sweet-expressions
Rough Auditing Tool for Security (RATS)
View the source code for any class in the .NET framework.
Clang Static Analyzer
codetester.org - test web browser rendering of HTML, JavaScript, etc.codepen.io
Rextester stands for regular expression tester
The Underhanded C Code Contest
The International Obfuscated C Code Contest
The Underhanded PowerShell Contest Repository
The JavaScript Misdirection Contest
Google Style Guides
Interoperability
Semantic VersioningMicrosoft Debugging Blog
www.WinDBG.info
IKVM.NET: an implementation of Java for Mono and the Microsoft .NET Framework
Open Runtime Platform: open-source dynamic computing research platform
Phalanager - The PHP compiler for .NET
The Python programming language for the .NET framework
The Ruby programming language for the .NET framework
Convert C# to VB and VB to C# With Telerik® Code Converter
Low-level Debugging
Software Diagnostics InstituteMiscellaneous Stuff
Software Testing Paradoxes Article in MSDN MagazineO'Reilly Open Book
Programming Language Vulnerabilities Group at ISO/IEC
SmallVoid: Developer Links (Lots of Standards and References)
Intel® XDK HTML5 Cross-platform Development Tool
Intel® XDK Documentation
DHS CSD-SWAMP (SoftWare Assurance MarketPlace)
C++ In Depth - Google for Education -- Google Developers
An Example of Object-Oriented Design: An ATM Simulation
Hoogle: Haskell API Search Engine
Visual Studio 11 C++ Compiler Options Listed Alphabetically
Package GUIDs of Visual Studio Features
Higher Logics: Where Programming Meets Science
GCC Online Documentation
Sun Studio 12: Debugging a Program with dbx
Oracle Solaris 11 Information Library: Linker and Libraries Guide (November 2011)
JPanic's Viruses
Cookbook for Java Web Programming via Servlets and JDBC at
mollypages.orgMSR: Continuous Space Text Representations
OSI: Open Source Initiative
University of Maryland Computer Organization Course (Based on MIPS)
A Case Against The GO TO Statement by Edsger W. Djikstra
Random code snippets, projects and musings about software from Eric Kidd, a developer and entrepreneur.
codekeyboards.comIDE's and REPL's, GUI's, Web-based Tools & More..
Netbeans IDEEclipse is an IDE in its own right, however a C/C++ IDE and PHP IDE are also available from the same folks
Rubular: a Ruby regular expression editor and tester
Online Regular Expression Testing @ regexplanet.com
Regular Expression Cookbook's Featured Recipes @ regexplanet.com
Regular Expressions - JavaScript | MDN
Debuggex (Regular Expression Debugger That Generates the Corresponding FSA diagrams
