This page looks best with JavaScript enabled

Six years of saved links

 ·  ☕ 36 min read


Over six years of studying, and working in technology Ive acquired over 600+ links. Losing these links to me would feel like the burning down of the Library of Alexandria. I use alot of them as references for programming and information security based work.

While scraping all these links I saw the word beginner become less frequent as we got closer to the present day, so I even found a fun way to add a visualization to this post.

Browser based Library of Alexandria

I cant stress the importance of reading enough, it will advance you more than you can imagine.

While writing a brief script to scrape all these links, which I will link shortly, I realized there are actually trends in these links.
We can actually use some python libraries and heuristics to identify these trends amongst the links.

  1. Script I used to harvest my saved links from reddit, frequency data, and simultaneously create a word cloud
  2. The organized and sorted links.

You can find the raw unsorted copy of all of the links here

Itll have a good deal of extraneous links that I found interesting, but Ive omitted them from this in order to keep it on topic of security.

Security is more than just knowledge of mechanism or inner-workings of code, its also a mindset. So I have some materials relating to social engineering, and overall thought process mixed in some places.

from __future__ import absolute_import, unicode_literals
import praw
import json 
from wordcloud import WordCloud, STOPWORDS 
import matplotlib.pyplot as plt 

class LinkSave(object):

	def __init__(self, mode=None):

	def load_config(self, data):
		self.config = json.load(open(data))
		return self.config

	def auth_reddit(self):
			self.reddit = praw.Reddit(
				client_id = self.config['reddit']['id'],
				client_secret = self.config['reddit']['secret'],
				user_agent = self.config['reddit']['user_agent'],
				username = self.config['reddit']['username'],
				password = self.config['reddit']['password']
			) =
			return self.reddit
		except Exception as exc:
			print('{0} - Unable to auth to reddit, check your creds'.format(exc))	

	def get_links(self):
		target = open("saved_links.txt", "w")
		self.words = ''
		for link in
				target.write('{0} -- {1}'.format(link.title, link.url))
				self.words = self.words + ' ' + link.title	
			except Exception as exc: 
				print('{0} - This exception handles saved comments '.format(exc))
		return self.words
	def make_cloud(self):
		stopwords = set(STOPWORDS) 
		wordcloud = WordCloud(background_color="white", width=800, height=400, stopwords=stopwords).generate(self.words)
		plt.imshow(wordcloud, interpolation='bilinear')

		#render a second slightly different wordcloud
		wordcloud = WordCloud(background_color="white", stopwords=stopwords, max_font_size=40).generate(self.words)
		plt.imshow(wordcloud, interpolation="bilinear")

if __name__ == '__main__':
	driver = LinkSave()

''' user_config.json
 "reddit": {
   "id": "",
   "secret": "", 
   "user_agent": "",
   "username": "",
   "password": ""

Its a pretty succint script, I try to operate under the thought that if its clean enough its fairly self explanatory. Its a little personalized but you could easily edit it to do the same for you.

4 Step Linear flow:
Read in config -> Auth to reddit -> Scrape links into string and save to file -> generate word cloud

So what does this give us?

Word Cloud

Personally I find that pretty neat, its a visualization of all Ive tried to hone in on over the years.The one that stands out most to me is Reverse Engineering, Ive been working on learning for a while. Its definitely one of the more challenging things Ive tried to wrap my mind around.

So Ive decided to throw it at the top of this list. Without delay, here is my best attempt at a sorted list.

Reverse Engineering && Malware

Title URL
An Introduction to the CAN Bus: How to Programmatically Control a Car
DhavalKapil/libdheap: A shared (dynamic) library that can be transparently injected into different processes to detect memory corruption in glibc heap
Reverse Engineering My Home Security System: Decompiling Firmware Updates
Project Zero: Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
Where-theres-a-JTAG-theres-a-way Where-theres-a-JTAG-theres-a-way Where-theres-a-JTAG-theres-a-way.pdf
New emotet hijacks windows api evades sandbox analysis
Skeleton in the closet. MS Office vulnerability you didn’t know about
ROPEmporium: Pivot 32-bit CTF Walkthrough With Radare2
ropchain @kvakil
Escape Docker Container Using waitid() CVE-2017-5123
ROPEmporium: Pivot 64-bit CTF Walkthrough With Radare2 - Zero State Machine
/lobotomy: Android Reverse Engineering
java-decompiler/jd-gui: A standalone Java Decompiler GUI
Defusing a Binary Bomb with Binary Ninja
Notepad+++ - Break it, Fix it, Write It Down - Putting stuff together so you dont have to google as hard as I did
buffer overflow explained
Vulnerable Security - Reverse Engineering a book cover
CVE-2017-5521: Bypassing Authentication on NETGEAR Routers
C++ DLL Injector Version 2 - BOTH 32-bit and 64-bit - Clean Code! - Multiple Functionalities!
An in-depth explanation of how a 10 year old bug in Guitar Hero was reverse-engineered and fixed without using the source code
Breaking the x86 Instruction Set
The Wonderful World of MIPS
A good two-part lecture on the basics of x86 architecture and system calls in *Nix systems [for beginners]
Linux ASLR and GNU Libc: Address space layout computing and defence, and “stack canary” protection bypass [PDF and Github Sources]
Reverse Engineering a MMORPG Bot to Find Vulnerabilities
Reverse Engineering A Mysterious UDP Stream in My Hotel · Gokberk Yaltirakli
Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain
Reverse Engineering Malware 101
This channel explains a good deal of C/C++ for malware creation for Windows and lots of low-level fundamentals
Cracking Sublime Text 3
Coding A Keylogger - Understand How Actual Keyloggers Work
Docker 0-Day Stopped Cold by SELinux
How Can Drones Be Hacked? The Vulnerable drone and attack tools Compilation
a single byte write opened a root execution exploit on ChromeOS
Internet Explorer has a URL problem
How to crack a totally blurred captcha? (any lead?)
MS16-039 – “Windows 10” 64 bits Integer Overflow exploitation by using GDI objects
Hey guys, Ive gone and put together a github repo containing in-depth tutorials designed to teach binary exploitation from the ground up. Tell me what you think!
Just released the Practical Malware Analysis Starter Kit, a collection of pretty much every binary mentioned in the book.[x-post /r/reverseengineering]
X86 Shellcode Obfuscation - Part 2 - The obfuscception! (source in Python included)
Practical Reverse Engineering of a Router Part 2: Scouting the Firmware
Building a Home Lab to Become a Malware Hunter - A Beginner’s Guide - An exploit Developers swiss army knife (With ROP gadget support )
Android Reverse Engineering using apktool
Ghost in the Droid: Reverse Engineering Android Apps
Mining Android Secrets (Decoding Android App Resources)
Reverse engineering a router part 1 - Hunting for hardware debug ports
New self-protecting USB trojan able to avoid detection
attactics[dot]org: Bypassing Antivirus With Ten Lines of Code or (Yet Again) Why Antivirus is Largely Useless
AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device (x-post /r/programming)
Assembly Optimizations I: (Un)Packing Structures
Breaking homegrown crypto
Exploiting a Kernel Paged Pool Buffer Overflow in Avast Virtualization Driver
glibc getaddrinfo() stack-based buffer overflow
DLL Injection with an old MMO client
Reverse Engineering the Yik Yak Android App
Hacking the PS4, part 1 - Introduction to PS4s security, and userland ROP
[VIDEO] Software Hacking - Simple Patching (IDA Pro, C)
Where do I start with reverse engineering malware? I recommend “RE for Beginners”, I like the method used to teach reverse engineering. Then you can start doing some challenges.
MacOS X 10.11.1 File System Buffer Overflow
Statically Linking a Windows Kernel Driver as an ELF
A closer look at an operating botnet
How to Reverse Engineer Android Applications
hackme: Deconstructing an ELF File
Lots of Reversing Tutorials for Newbs
Meet ‘Tox’: Ransomeware for the Rest of Us
Code injection – a simple PHP virus carried in a JPEG image
Source for malware, backdoors etc for whitehat testing.
Building an SSH Botnet C&C Using Python and Fabric
Malware as a service [pdf]

Bug Bounties

Title URL
How i Hacked into a PayPals Server - Unrestricted File Upload to Remote Code Execution
Yahoo Bug Bounty: Exploiting OAuth Misconfiguration To Takeover Flickr Accounts – MISHRE
Slack SAML authentication bypass
How I hacked Google’s bug tracking system itself for $15,600 in bounties
Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read
Facebook Bug Bounties
Image removal vulnerability in Facebook polling feature
All your Paypal OAuth tokens belong to me - localhost for the win
Authentication bypass on Airbnb via OAuth tokens theft
Bug bounty left over (and rant) Part III (Google and Twitter)
How I have hacked Facebook again (..and would have stolen a valid access token) OAuth 2
Taking over Facebook accounts using Free Basics partner portal
How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties
Stored XSS, and SSRF in Google using the Dataset Publishing Language
Authentication bypass on Uber’s Single Sign-On via subdomain takeover – Arne Swinnens Security Blog
AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2
Piercing the Veil: Server Side Request Forgery to NIPRNet access
My Public Evernote: 0day writeup: XXE in
Advice From A Researcher: Hunting XXE For Fun and Profit
Hunting For Bugs With AFL 101 - A PRIMER
Content Injection Vulnerability in WordPress 4.7 and 4.7.1
Slack SAML authentication bypass
Microsoft didn’t sandbox Windows Defender, so I did
[WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
[Bug Bounty] GitHub Enterprise SQL Injection
Node.js code injection (RCE) on
Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS
How I Hacked Facebook, and Found Someones Backdoor Script
Google increases bug bounty reward for Chromebook to $100,000
Hack The Pentagon: DoD Launches First-Ever Federal Bug Bounty Program
Details of eBays JavaScript bug that they refuse to fix.
PayPal Remote Code Execution Vulnerability using Java Deserialization
Even the LastPass Will be Stolen Deal with It!

Penetration Testing (Exploit POCs, vulnerabilities)

Title URL
Introduction to Manual Backdooring
CVE-2017-3881 Cisco Catalyst RCE Proof-Of-Concept
Node.fz: fuzzing the server-side event-driven architecture
Rooting a Printer: From Security Bulletin to Remote Code Execution
Escaping a restricted shell – humblesec
The Weak Bug - Exploiting a Heap Overflow in VMware
Penetration Testing Flash Apps (aka “How to Cheat at Blackjack”) – PrivSec
PenTest Tools for your Security Arsenal
Linux privilege escalation using weak NFS permissions
Using Python To Get A Shell Without A Shell
86_64 TCP bind shellcode with basic authentication on Linux systems
Building and Attacking an Active Directory lab with PowerShell
interference-security/icmpsh: Simple reverse ICMP shell
Meltdown and Spectre
Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic
[PentesterLab] Our exercises
Mount a Raspberry Pi File System Image
IOActive Labs Research: In Flight Hacking System
Shortcuts: another neat phishing trick
Basics of Making a Rootkit: From syscall to hook!
Cracking 12 Character Above Passwords
ImageTragick/PoCs: Proof of Concepts for CVE-2016–3714
ImageTragick Remote Code Execution
A pure python, post-exploitation, data mining tool and remote administration tool for macOS
Using the Registry to Discover Unix Systems and Jump Boxes
The most complete open-source tool for Twitter intelligence analysis (With Sources)
Five Pentesting Tools and Techniques (That Every Sysadmin Should Know)
Various Docker Images for Pentesting
SharpShooter - a weaponised payload generation framework with anti-sandbox analysis, staged and stageless payload execution and support for evading ingress monitoring [See comment for Sources]
Any Interest in a Web Application PenTesting Methodology Cheat Sheet?
An ICMP reverse shell to bypass TCP firewall rules
On a pentesting gig, you pivot from credential harvesting to an authenticated command injection to a privilege escalation for root.
A Review of PentesterLab
OSCP Survival Guide Cheatsheet
Screwdriving BLE devices
Operation Luigi: How I hacked my friend without her noticing
5 severe Vulnerabilities found in IoT smart alarm system that could allow remote execution A python cheat sheet program à la red team field manual
Stealing passwords from McDonalds users
p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited
Truffle Hog: A tool that Searches Entire Commit History in Git Repositories for High Entropy Strings to Find Secrets Accidentally Committed to Version Control
A thorough Guide to Pentesting Tutorials & WalkThroughs
$3 USB Rubber Ducky
Best 5 Websites to Master Hacking With Kali Linux : For Beginners
Hacking the Hard Way at the DerbyCon CTF
Metasploit Cheat Sheet - a handy quick reference guide with the most useful commands
nmap cheatsheet + examples
“Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking
22 Hacking Sites, CTFs and Wargames To Legally Practice Hacking
Pentest Series: The State of Security - What Project Zeros font bug can teach us about engineering workflow, the nature of exploits, and legacy issues
Building a Brute-Force Zip File Cracking Tool (this is my first truly original cracking script and I just wanted to show it off, ‘cause I’m proud of it. I would love any constructive criticism on the code).
VMware Escapology - Researchers from ZDI release Metasploit modules for VMware Escapes
Random Vulnerable VM Generator!
A Secure Shell (SSH) scanner / bruteforcer controlled via the Internet Relay Chat (IRC) protocol.
oss-sec: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)
Getting Domain Admin with Kerberos Unconstrained Delegation
Pwning CCTV cameras
DLL Hijacking Just Won’t Die
How to embed an executable into Outlook, disguised as a .docx
I created a beginner’s tutorial for performing DoS and DDoS attacks for y’all
Useful PHP Exploitation Methods in Metasploit
Breaking 512-bit RSA encryption with Amazon EC2 is so easy novices can do it.
Attacking Ruby on Rails Applications
Kali Linux 2.0 Android phone hack.
Kali linux 2.0. ~ Wireless Network Hacking ~
Hack Like the Bad Guys – Using Tor for Firewall Evasion and Anonymous Remote Access
How I hacked my IP camera, and found this backdoor account
Here is a quick video series I made on Metasploit (for Beginners)
Pupy: a RAT with an embeded Python interpreter. can load python packages from memory and transparently access remote python objects. The payload is a reflective DLL and leaves no trace on disk
Exploiting MS15-100 Vulnerability (CVE-2015-2509)
Twittor, a Python backdoor that uses Twitter as a C&C server
The Latest on Stagefright: CVE-2015-1538 Exploit is Now Available for Testing Purposes
0x00.txt - the write-up/guide from the FinFisher hack
Things you should do after you install Kali Linux/how to fix things
DLL Injection Resources - more in comments
Help with SLMailv5.5 Buffer Overflow
Security CheatSheets a wealth of knowledge for a pen-tester
(My) Introduction to Doxing. Various Sites and (Basic-Advanced) Information Gathering Techniques.
Pwning a thin client in less than two minutes the most thorough network/pcap credential harvester
Hacking Oklahoma State University’s Student ID
PowerShell: Better phishing for all!
[Screenshots] catch usernames, passwords, and messages on a network + inject arbitrary HTML into visited pages
How to Approach Hacking
What do we think about compiling all our social engineering into some easy-to-read guides?
Tactics to Hack an Enterprise Network

Web Application Security

Title URL
Your interpreter isn’t safe anymore — The PHP module rootkit
On a high level, how does OAuth 2 work? - Stack Overflow
Inject All the Things - Shut Up and Hack
XSS Contexts and some Chrome XSS Auditor tricks - web 0x03 - YouTube
Basic of SQL for SQL Injection part 3
Java Deserialization Security FAQ
SAMLRaider/SAMLRaider: SAML2 Burp Extension
The Grey Corner: CommonCollections deserialization attack payloads from ysoserial failing on JRE 8u72
Mobile penetration testing on Android using Drozer – Security Café
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine
Bypassing SAML 2.0 SSO with XML Signature Attacks
OAuth 2 attacks - Introducing The Devil Wears Prada and Lassie Come Home
Hunting in the Dark - Blind XXE
Cracking the Lens: Targeting HTTPs Hidden Attack-Surface
S3 bucket enumerator bbb31/slurp
Extract subdomains with GAN GETALTNAME
Gaining Domain Admin from Outside Active Directory
Dear developers, beware of DNS Rebinding
In-Depth Subdomain Enumeration caffix/amass
Triggering a DNS lookup using Java Deserialization
mpirnat/lets-be-bad-guys: A deliberately-vulnerable website and exercises for teaching about the OWASP Top 10
RIPS - The State of Wordpress Security
Infection Monkey - GuardiCore
Getting MOAR Value out of PHP Local File Include Vulnerabilities
Location based XSS attacks
What is DOM Based XSS (Cross-site Scripting)?
Mining Meteor
dns - GitHub pages custom domain infinite redirect loop
XML External Entity (XXE) Processing
SSRF bible. Cheatsheet
GitHub’s post-CSP journey - GitHub Engineering
fWaf – Machine learning driven Web Application Firewall Fsecurify
Major version release 1.0.0 of amass, the subdomain enumeration tool written in Go. Shown to be more effective than Sublist3r.
Extract subdomains with GAN python tool that extract subdomains from HTTPS certificates.
introduction xml external entity attack and exploitation
Lab for Java Deserialization Vulnerabilities
Exposing Server IPs Behind CloudFlare
RESTful DOOM: HTTP/JSON API for classic Doom
Injection Vulnerabilities - or: How I got a free Burger
AWS Security Primer
The entire WebGL Insights book is now free: 23 chapters on advanced topics from 42 authors and 25 reviewers!
Exploiting PHPMailer
Bypassing PHP Null Byte Injection protections - Challenge
Bypassing PHP Null Byte Injection protections - Part II (Challenge Write-up)
XSS Cheat Sheet SecLists/Fuzzing has some good text file examples of XSS along with a lot more, like password lists.
owasp is great too
another good xss list
the big list of naughty strings is another fun one.
Use good libraries to prevent it whenever you get a chance, because implementing secure sanitization yourself is always going to be a large project on its own, outside the scope of whatever app you’re making.
for real examples, visit /r/xss and check (also a good place to disclose them)
SQL cheat sheet
Using Multi-byte Characters to Nullify SQL injection sanitizing
Probing to Find XSS
The Genesis of an XSS Worm – Part I
Looking for XSS in PHP Source Code
How The Hacker that Hacked The Catalan Police Union Did It? He Posted A Video Of The Process
Pastejacking: Using JavaScript to override your clipboard contents and trick you into running malicious commands
XSS on GoDaddy, Match, CalvinKlein, ToysRus, Southwest, Senate.Gov, RuneScape, CNET, DeviantArt and more
How I broke a mobile banking application to gain unrestricted access to several Billion Dollars worth of Deposits.
Blind XSS Code
I’m not a human: Breaking the Google reCAPTCHA
Domino’s: Pizza and Payments
Issue 773 - google-security-research - TrendMicro: A remote Node.js debugger stub is listening in default install
SQL Injection Cheat Sheet by Netsparker
XSS without HTML: Client-Side Template Injection with AngularJS
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
CSS based Attack: Abusing unicode-range of @font-face
Security for building modern web apps

Computer Science && Algorithms

Title URL
algorithm - Python- Sieve of Eratosthenes
Improve Your Python: Python Classes and Object Oriented Programming
Quick Guide To Polymorphism In Java
Google Infrastructure Security Design Overview Google Cloud Platform
Avoid Else, Return Early
Genius explanation of Meltdown/Spectre malware
Pi-Tac 1.0 - A Raspberry Pi Zero W in a Tic-Tac box, with an Adafruit PiOLED display, and a Powerboost 1000C for push-button power, and safe shutdown on low battery.
500 Data Structures and Algorithms practice problems and their solutions
I created a beginners guide to SSH Keys video tutorial
I want to practice Python but I have no idea what to make.
Bootloader and Low-Level Programming Tutorial: How To Develop Your Own Boot Loader
Things you didn’t know a bunch of Pis can do: Playing a single video on multiple, freely arranged screens (more in a comment)
My journey to getting hired with no CS degree and no professional programming experience
Free Microsoft e-book giveaway with thousands of books. Grab ‘em.
Maze generation code, inspired by working through Mazes for Programmers
I built a self-driving car!
Six programming paradigms that will change how you think about coding
Java/C++ bots playing StarCraft live at Twitch. Commentary each Sunday 11:00 AM PT. > BWMirror API is a Java wrapper for C++ BWAPI. It wraps all the classes, constants and enums inside Java objects, while providing the exact same interface as the original C++ BWAPI. This is achieved by heavily utilising JNI.
500 Data structures and algorithms interview questions and their solutions
Practical Color Theory for People Who Code
How I Ruined Office Productivity With a Face-Replacing Slack Bot
A beginners trick I learned way too late in the game of learning to code: repetition repetition repetition
Google Infrastructure Security Design Overview
We’re programming a virtual machine - from scratch!
Google Interview University - multi-month study plan for going from web developer (self-taught, no CS degree) to Google software engineer
Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections
Found an interactive game to learn programing
How I made over $50,000 in 5 days with a drone (a step-by-step plan).
Over 183,000 datasets on - if you’re looking for data for a personal project, here you go
Become a GDB power user!
Detecting cats in images with OpenCV.
Your favorite scripts you have stolen or made
My new Raspberry Pi espresso controller: touchscreen GUI + PID control + Siri
Pi-Hole doing its job!
For all of you who are starting programming, here is a site that lets you visualise some data structures and algorithms involving them. I wish I had this in college.
A simple stack overflow question becomes an interesting lesson in tech history (ZIP)
Taking over 17000 hosts by typosquatting package managers like PyPi or
A game about hacking an imaginary device using a real assembly instruction set. It gives you a debugger and a memory dump and you have to figure out how to exploit it. Xpost from r/programming
Facebook begins tracking non-users around the internet
Google just open sourced something called ‘Parsey McParseface,and it could change AI forever
Googling is a skill. How to use Google.
Open Source remake of Red Alert / C&C / Dune with working multiplayer & a really active community!
Two Google developers have drafted an API for direct USB access via web pages
Building your own GSM station has become the simplest task in the world
C/C++ Program Memory - Easily the most helpful book I’ve ever read.
Why is calculus important for programming, specifically algorithms?
Markov Chains explained visually
The gloves are off: FBI argues it can force Apple to turn over iPhone source code
Surprise! NSA data will soon routinely be used for domestic policing that has nothing to do with terrorism
About SQL Server on Linux
PSA: Learn Discrete Math
ELI5: Why do even numbers feel safer and more pleasing than odd numbers?
“An important thing to become better at programming is to read good code”. I agree but where do I find code for my language and skill level and how do I know it’s good?
What’s the coolest mathematical fact you know of?
Parsing 10TB of Metadata, 26M Domain Names and 1.4M SSL Certs for $10 on AWS
A critique of “How to C in 2016”
How to C (as of 2016)
If you are learning Python and want to build system monitoring or data driven web apps, then here is something to get you started
15 Sorting Algorithms in 6 Minutes-Visualization
How Cello, a library offering high-level functionality to C, implements (portable) garbage collection
CPython internals: A ten-hour codewalk through the Python interpreter source code
Learn to make a game in C++!
The Greatest Regex Trick Ever
I created web app for monitoring temperature and humidity, and wanted share it with you.
The Art of Command Line
Hi, first post ever! I’ve started a blog on fun graphic guides to algorithms. Thoughts?
NASA’s ten coding commandments
Computer Systems Security MIT OpenCourseWare
Here’s a list of 153 free online programming/CS courses (MOOCs) with feedback(i.e. exams/homeworks/assignments) that you can start this month (July 2015)
The Open-Source Computer Science Degree
BetterExplained - A fun website that explains programming concepts and tools in a very easy and intuitive way
The Technical Interview Cheat Sheet
Goddamn pointers man… It just doesn’t click
Algorithms and Data Structures cheat sheets?
The best Git Workflows explanation so far
Learning programming beyond the basics
The AI Games - Create a bot for Tetris and join the competition!
The Art of Command Line
PSA for people who often do troubleshooting. PSR is relatively unknown, and it’s awesome.
Unicode is Kind of Insane
Top 10 data mining algorithms in plain English
Hi r/programming, 4 months ago I released a tiny text-extraction algorithm. After spending the better part of the last 4 months testing/thinking about extraction algo’s for a paper (never again), I think I’ve landed the big one. Well, it’s small actually. 10 lines of code.
How are reddit bots created?
40 Key Computer Science Concepts Explained In Layman’s Terms (x-post from r/interestingasfuck)
Learn Git Interactively
Here’s Waldo: Computing the optimal search strategy for finding Waldo [OC]
[Resource] Wireshark video course. Most useful packet capture tool every coder should know (100 free coupons)
Hey everyone! I’m writing a complete beginner’s guide on how to use Git / Source Control. Thought some of you might find this helpful.
Main is usually a function. So then when is it not?
I taught myself how to program from scratch. Here are my recommendations for newbies starting out.
Learning iOS development by building a Yik Yak Clone
A github repo that’s actually a game to help you learn git
14 clever and useful 3D-printable camera accessories
Tutorial on creating a platformer in Python
Raspberry Pi Class Now Free on Skillshare
How I learned to develop Android apps in less than a year
What are some exercises a beginner should do to get better at coding.
Introduction to C++, a series of 46 videos created by Redditor sarevok9 [x-post /r/UniversityofReddit]
About 4 months ago I posted a fast/simple youtube to mp3 converter. I’ve kept my promise of no ads and continue to fund it from my own pocket. Can you jump start it by pasting 1 youtube url?
How to make a cakeday site using the Reddit api and JavaScript - x-post r/programming
What other abominations can anyone find written in bash? 3D FPS here…
[Java] Tips and tricks for Java development with Eclipse
Detecting a Loop in Singly Linked List - Tortoise & Hare
9 of the Best Free C Books
Instacode - Instagram for Code! (yes this is as useful as you think it is)
Found a list of legally FREE e-Books pertaining to programming, comp. sci, and engineering over at /r/freebies
Java Beginners Course, Making a 3D Game, Minecraft 2D Tutorials, Tower Defence Tutorials!
You wan’t to learn how to code a game? Here’s a short template for you. Turn this into tetris as a learning experience. Post a screen shot of your success.
Learning to program from zero to employable: tips and tricks, or recommended resources?
How many of you, if any at all, would be interested in a stream of me going through and programming a 2D game?


Title URL
Solving a Danish Defense Intelligence Puzzle - Irken Kitties
Zero Day Initiative — Deconstructing a Winning Webkit Pwn2Own Entry
Solving the SANS 2016 Holiday Hack Challenge
ForAllSecure released their open CTF-style training platform, HackCenter, at Enigma 2017
Learn buffer overflows, assembly, and read step-by-step walkthroughs on CTF events/challenges
Pwntools v3.0 Released
CTF challenges and a guide for beginners
Holiday Hack Challenge 2015 Complete Writeup

Web Development

Title URL is a nice resouce for beginners in CSS
Simple single element spinning loader using CSS
I’ve created a tutorial for creating a module Angular 5 Dashboard from scratch
jq - like sed for JSON data
A Collection & Specification for Exemplary Frontend and Backend Codebases
Things you probably didn’t know you could do with Chrome’s Developer Console
Node.js Playbook - A guide to getting started fast
How to build a responsive parallax scrolling site using only CSS & HTML.
Implementing Search Into Your React & Redux App w/ Algolia
Funky CSS3 Toggle Buttons
Vanilla JS is a fast, lightweight, cross-platform framework for building incredible, powerful JavaScript applications.
I’ve written a 200 page e-book on how to build an Instagram like social network from scratch with Ruby on Rails. It’s yours for free (no sign up required).
How to Not Suck at JavaScript
Share your silly JavaScripts that you created for fun!

Defensive Security && Sys Admin

Title URL
Securing Windows Workstations: Developing a Secure Baseline » Active Directory Security
Detecting Lateral Movements in Windows Infrastructure
IT and Information Security Cheat Sheets
Docker for Automating Honeypots or Malware Sandboxes
A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.
White Hats
Security Resources: Beginner to Advanced.
Leaked Slides Outline What Are Probably Some of the Most State-Of-The-Art Artifical-Intelligence Powered Social Engineering Methods of the Present Day (partial x-post /r/gaming)
Windows Admins: Let’s all take a second to thank or think about Nir Sofer for all the help over the years. What a great portfolio of simple, to the point tools.
GitHub - avatsaev/touchbar_nyancat: Stupid nyancat animation on your +$2k MacBook Pro’s Touchbar
Your Social Media Fingerprint
Malware, malicious charging stations, and rogue cell towers - Oh My! NIST releases the Mobile Threat Catalogue for public comment on Github.
Website enumeration insanity: how our personal data is leaked (xpost r/sysadmin)
PowerShell Security: PowerShell Attack Tools, Mitigation, and Detection
Awesome Infosec Resources
I made a website that explains basic network theory
Excel tricks to impress your boss
Defending Against Mimikatz
Wireshark Workflow - Analyzing Malicious Traffic (Sasser Worm)
CryptoWall 4.0 Released - We’ve already seen it with one of our clients
Portrait of a Sysadmin
Tron v6.7.0 (2015-09-23) // Disable Windows 10 telemetry; Remove Lenovo spyware; large improvements to OEM de-bloat section
Script that tracks the devices in your network and displays statistics/charts about what is running at which times. (I’m definitely the one spending the most time on my computer in my flat)
Great list of sysadmin resources/tools
I’ve been sent a clearly malicious link by a hacked skype account. What’s the best way to safely analyze where the malice is?
Awesome tip i learned form a graybeard, the .\
Free certification practice test engine with thousands of questions for CCNA, CISSP, CEH, Net+, Sec+, PMP, etc.
PSA for people who often do troubleshooting. PSR is relatively unknown, and it’s awesome.
HOW TO: Remove yourself from MOST background check sites and people search engines. Thanks to LawyerCT & Pibbman!
Tron v6.1.0 (2015-03-29) // Add Kaspersky VRT, remove Vipre (speed increase), logging cleanup, preserve LogMeIn sessions
Sad Server: All SysAdmin’s will Love this Twitter Handle [Truly Hilarious]
I made a free tool for rapidly scanning Cisco routers. [Download link in post] (xpost from /r/netsec)
So apparently you need a CAL to obtain an IP address from a Windows DHCP Server..
I was unhappy with the other subnet calculators out there so I built one myself. I hope you agree it’s better than the rest.
The Best Hidden Features of VLC: downloads YouTube videos, records desktop, converts video files and more
windows 10 to have a package manager
Found this brilliant guide on StackExchange - how to Hack into a computer through its MAC and IP address (x-post from /r/sysadmin)
Worked on a completely locked down machine. Time passed quick
How I made the office IT guy hate me
Just Sysadmin Things… for which I’ve been reprimanded
In honor the 4th of July, I present Tron, who “fights for the User” (automated disinfect/cleanup package)
Happy Hour Virus - How to leave work early (XPost from /r/ProgrammerHumor)
How do you get new desktop machines ready as soon as possible?
Active Directory Administrators Toolkit
Why PowerShell?
So my daughter’s friends thought they would prank her…
Best security practices for a VMware Workstation sandbox

Tech News

Title URL
Amazon claims another victim: Cisco kills its $1 billion cloud
This Pakistani student has developed a full-blown IDE for Assembly language
Internet protocols are changing - Future of TCP, DNS, TLS and HTTP
Inside the world of Silicon Valley’s ‘coasters’ — the millionaire engineers who get paid gobs of money and barely work
U.S. Senators introduce IoT bill affecting gov. procurement; good-faith research liability protections.
How is NSA breaking so much crypto?
Comcast’s CEO Wants the End of Unlimited Data

Saved Comments

TIL that Doom was so popular in 1995 that it was installed on more PCs than Windows 95. Bill Gates briefly considered buying ID software, but settled for getting a team at Microsoft to port the game to Win95. The team was led by Gabe Newell. > inverse square root
There is no obvious reason why this should work, and how Carmack or any of the previous users of this stunningly elegant hack came across the magic value 0x5f3759df appears to have been lost to history. Beyond3D tried to trace it back through the ages, but after going through Carmack, an x86 assembly hacker called Terje Matheson, NVIDIA and eventually Gary Tarolli who used it in his days at 3dfx, the trail went cold.
It’s a real pity, because finding that constant would have required someone to think in a completely different direction to everyone else, and be convinced enough that such a constant even existed to spend time narrowing it down.
From a web dev perspective, familiarize yourself with the OWASP rules to prevent it if you want to stay safe. XSS is one of the easiest things to find in the wild. Usually I can find it pretty quickly in a vulnerable site by just looking at the chrome network connections and seeing when requests are made with URL params, and see if changing those gets inserted into bad spots in the page - and that’s just reflected XSS, low hanging fruit. Some people just put URL parameters right into javascript, and something like ', 'z':alert('xss'), 'y': ' can work. Also, it’s not just quotes. alert(/XSS/) will execute too.
Just make sure you track the flow of user input, and never assume obfuscation or an extremely complex javascript file is enough to prevent people from realizing where input goes and how it might be processed. If you check for URL params that are prepended with debug_ and do something special with them, it’s going to be possible for attackers to find that and send their own input. And never assume that it being processed server side is enough to prevent people from finding a vulnerability.
Also, make sure you test with firefox. I’ve found that firefox has a lot of potential XSS that chrome fixes on its own. Chrome might prevent HTML tag injections like

Share on

Anthony Laiuppa
Anthony Laiuppa
DevSecOps Engineer