computer programming
internal
Exploits, Tools & Other Proof of Concept Code
irixview.c
- old exploit for SGI IRIX version less than or equal to 6.4, a.k.a. CVE-1999-0148
userrooter.sh
- local privilege escalation to super-user account by dynamically loading a shared library at runtime through the userhelper(8)
PAM interface on RedHat Linux 6.x
napstir.c
- 3rd-party Napster clients permitted viewing of traversed pathname contents relative to the default download directory, as well as DoS due to improper handling of a specically crafted packet
head1.sh
- Shell script that exploits a temporary file symlink(2)
pathname race condition to expose the root password ciphertext from /etc/shadow
through a set-uid root NCP binary
cmd.war
- J2EE web archive containing pwn.jsp for arbitrary remote code execution via CGI
hex4vbs.py
- Percent encoding to evade IDSen when conducting cross-site scripting with VBScript
oligdna.c.html
- Stereoscopic Anaglyph 3D Syntax Highlighting of C99 in HTML
Linux tools for increasing accessibility in a restricted shell or chroot(2) directory
syscaller.c
- execute common Linux commands without access to their executable binary files
netstat.bash
- parse network statistics from Linux proc(5)
ps.bash
- parse process table from the Linux proc(5)
pseudo-filesystem
See also: Jails - High value, but shitty virtualization
Winsock and/or BSD socket library dynamic loading
randsrc-1.0.tar.gz
- bind()
to a random IPv4 interface and connect to specified host/port
shadyshell.c
- Compact, cut & paste UDP portshell written in C99 to stay under the TCP/IP IDS radar
Unbeknownst to me, some phone phreaks have devised a way to tunnel
WAP/VoIP data over their smartphones with this code, according to
this forum posting
porkbind-1.3.tar.gz
- Porkbind recursively retrieves version information for the nameserver(s) of a given domain and produces a report that describes possible vulnerabilities of each.
Corresponding guest editorial I wrote for ZDNet's Zero Day Blog
tcpsee-1.1.c
- tcpdump wrapper that adds ANSI color escape control character sequences for pretty printing
headcap.c
- raw socket example from Linux kernel version 2.2
oligdna.c
- oligonucleotide sequence generator
Apple Inc.© Xcode Related ...
@ayanonagon's Swift Blog
"Hello World"
in various languages
COBOL
TERM="xterm256-color" ./xterm256-color.perl
Random expressions of obscurity
l.cc
⇒ C++ written in C++
l.perl
⇒ X-Mas in Perl
l.c
⇒ Rectangular "C"
Visual Aids
Complexity Classes
Java Language Architecture
JBoss a.k.a. Wildfly JMX Architecture
Git Cheat Sheet (in SVG format)
Automated Drawing of UML Diagrams
shellcheck.net => automatically detect problems in sh/bash scripts and commands
Reference Materials
Code from the book Hacker's Delight
devdocs.io
ascii-code-table.txt
HTML Tags
UTF-8 HTML Character Entity Reference Chart
Explore and Master Chrome DevTools
Open Source Software Security Wiki @ openwall.org
UTF-8 and Unicode FAQ
doxygen
Commands Manual
DocBook XSL: The Complete Guide
DTrace
at Oracle® Wikis
Technical x86 Process Information
MIPS Developer Resources from the ©Imagination Community
Memory Management Reference
X86 Opcode and Instruction Reference
Linux Assembly Web Site
ssltest.py (Original Heatbleed PoC)
histogram.c
Understanding stacks and registers in the SPARC architecture(s)
Technical Documents from SPARC International, Inc.
A Taxonomy of Coding Errors that Affect Security (Documentation of Fortify Acquisition)
Advanced Bash-Scripting Guide
GreyCat's Wiki about shell scripting UNIX with bash (Bourne Again SHell)
Linux Shell Scripting Tutorial (LSST) v2.0
man-ascii.com (pretty much self-explanatory)
Coder's Toolbox - the programmer's bare necessities
rosettacode.org
learnxinyminutes.com
More RGB Color Codes Than a Box of Crayola's™
ANSI Color Tutorial
ANSI Escape Code Article by the Linux Gazette
Scholastic Aptitude Test for Leets
SANS: Application Security Procurement Language
Read the Docs: Create, host, and browse documentation.
Winsock Programmer's FAQ
Search Internet-Drafts and RFC's
Memory Optimization in ANSI C (slides)
ECMA Formal Publications
PHP Fusion Coding Standards
CSE 4254 Programming in Lisp
DEC TOPS-20 OS for the PDP-10: COMPILE
CLI /switches
Intellectual Property Rights in IETF Technology
DocBook XSL: The Complete Guide, Fourth Edition
Algorithms and Data Structures Cheat Sheet
external
Past LISTSERV Posts, Screencasts & Other PoC Demonstrations by Me
Re: remote DoS against inetd and ssh
My comments regardingconnect(2) floods as a DoS attack against daemons dependent upon the listen(2) socket queue limit assigned by inetd(8) on Linux in 1999, especially with respect toidentd(8) and its variants
bugtraq: Re: Fwd: ircii-4.4 buffer overflow
Stack buffer overflow in UNIX IRC client ircII that I reported to Bugtraq in June of 1997 and was (independently?) re-discovered three years later in March of 2000
BlockWatch Recursive NTFS SmartListing Use Case Demo
Video Demonstration of BlockWatch: a revolutionary anti-malware solution that I helped write a middleware component for with the Microsoft .NET Framework's WCF API
IOActive BlockWatch™ and IOActive Memory Cruncher™
Latest BlockWatch rebranded by IOActive® from Security Objectives© (Note: This is not all my own work and by now very little is--it's the brainchild of K2
Spot Feds Online @ decal.sdf.org
Links to research material, slides, talks & more about my IRC client hostname decloaking research findings (Hint: it's got nada to do with hash cracking!)
Programming Paradigms, Algorithms, and Sites with Re-usable Code
The Hello World Collection
Managing XCode
JSR-335 Lambda Expressions for the Java™ Programming Language
Microsoft Research Web N-Gram Services
repository of standard programming situations in a variety of languages
PLEAC - Programming Language Examples Alike Cookbook
Long-term memory for coders. Share and store code snippets.
github:gist is a simple way to share snippets and pastes
Code Snippets Collection
The Undocumented Functions by NTinternals
Wikipedia Programming Language Implementation Category
Lua Programming - Wikibooks
Lua Functional Programming - Wikibooks
Lua Reference Manuals
What is Gradual Typing?
On Lisp by Paul Graham
DBX, XDB, GDB, WinDBG & OpenVMS Debugger via
erik.cabetas.com
Various DNSSEC and SMTP SPF tools written in Java
Henry Baker's Archive of Research Papers
Programming Language Research
Favorite Programming Languages and Frameworks
Current standard for Programming Language C (C11), ISO/IEC 9899:2011
C Reserved Identifiers
Java™ EE 7 Specification API's
PHP INTERVIEW QUESTIONS AND ANSWERS
The Programming Language Lua
fsharp.net
fsharp.org
Scheme
Common LISP
Ruby
rubysecurity.info
Ruby Toolbox
MPICH a.k.a. OpenMPI
OpenMP
How to Harden PHP - according to cPanel
Windows 8.1 API Sets
Node.js® is a platform built on
Chrome's JavaScript runtime
Google's Go Language Documentation
The Java security API's span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.
OpenJDK
The Tcl'ers Wiki!
Source Code Analysis, Refactoring, Minification, etc.
HTML Minifier
JsFiddle @ jsfiddle.net
JSBin
JSHint
JSLint
jsPerf JavaScript performance playground
Flow: a static type checker for JavaScript @ flowtype.org
JSON Shell for the Browser
Readable s-expressions and sweet-expressions
Rough Auditing Tool for Security (RATS)
View the source code for any class in the .NET framework.
Clang Static Analyzer
codetester.org
- test web browser rendering of HTML, JavaScript, etc.
codepen.io
Rextester stands for regular expression tester
The Underhanded C Code Contest
The International Obfuscated C Code Contest
The Underhanded PowerShell Contest Repository
The JavaScript Misdirection Contest
Google Style Guides
Interoperability
Semantic Versioning
Microsoft Debugging Blog
www.WinDBG.info
IKVM.NET: an implementation of Java for Mono and the Microsoft .NET Framework
Open Runtime Platform: open-source dynamic computing research platform
Phalanager - The PHP compiler for .NET
The Python programming language for the .NET framework
The Ruby programming language for the .NET framework
Convert C# to VB and VB to C# With Telerik® Code Converter
Low-level Debugging
Software Diagnostics Institute
Miscellaneous Stuff
Software Testing Paradoxes Article in MSDN Magazine
O'Reilly Open Book
Programming Language Vulnerabilities Group at ISO/IEC
SmallVoid: Developer Links (Lots of Standards and References)
Intel® XDK HTML5 Cross-platform Development Tool
Intel® XDK Documentation
DHS CSD-SWAMP (SoftWare Assurance MarketPlace)
C++ In Depth - Google for Education -- Google Developers
An Example of Object-Oriented Design: An ATM Simulation
Hoogle: Haskell API Search Engine
Visual Studio 11 C++ Compiler Options Listed Alphabetically
Package GUIDs of Visual Studio Features
Higher Logics: Where Programming Meets Science
GCC Online Documentation
Sun Studio 12: Debugging a Program with dbx
Oracle Solaris 11 Information Library: Linker and Libraries Guide (November 2011)
JPanic's Viruses
Cookbook for Java Web Programming via Servlets and JDBC at mollypages.org
MSR: Continuous Space Text Representations
OSI: Open Source Initiative
University of Maryland Computer Organization Course (Based on MIPS)
A Case Against The GO TO Statement by Edsger W. Djikstra
Random code snippets, projects and musings about software from Eric Kidd, a developer and entrepreneur.
codekeyboards.com
IDE's and REPL's, GUI's, Web-based Tools & More..
Netbeans IDE
Eclipse is an IDE in its own right, however a C/C++ IDE and PHP IDE are also available from the same folks
Rubular: a Ruby regular expression editor and tester
Online Regular Expression Testing @ regexplanet.com
Regular Expression Cookbook's Featured Recipes @ regexplanet.com
Regular Expressions - JavaScript | MDN
Debuggex (Regular Expression Debugger That Generates the Corresponding FSA diagrams
Code Style Guides, Naming Conventions, Source Readability/Maintainability, Spacing/Indentation, etc.
Google's Style Guides for: C++, Objective-C, Java, Python, Shell, HTML/CSS, JavaScript, AngularJS, Common LISP, and Vimscript are now available!