Reading Material

A collection of resources that I found useful and interesting across various domains.

Contents

• Javascript
  • Pilot Run
  • Advanced Concepts
  • Node.js
  • Webpack
  • React, Redux
• Elm
• Security
  • Attacks
  • Tools
  • Guides
  • Games and CTF's
  • Crypto
• Python
• Docker
• Algorithms
• Internet
  • Webservers
  • Protocols
  • Random
• Git
• Linux
  • Kernel
  • PAM
  • SSH
  • Security
  • Vim
  • Bash
• OS Dev
• C
• Ruby
• Rails
• Haskell
• Go
• Lua
• Rust
• Database
• Blockchain, Bitcoin
• Tor
• Functional Programming
• OAuth
• Regex
• Awesome Lists
• Useful Command Line Tools
• More
• Books
• Papers
• Courses
• Topics

Javascript

Pilot Run

• Objects in javascript
• Two Pillars of Javascript
• How are the Event Loop, Callback Queue, and Javascript’s single thread connected? ✨
• Philip Roberts: What the heck is the event loop anyway?
• Types in Javascript
• Modern JavaScript Cheatsheet
• Arrow function vs function declaration / expressions: Are they equivalent / exchangeable?

Advanced Concepts

• this in JS
• What is a Promise?
• Lazy, composable, and modular JavaScript
• Advanced JS
• The Dao of Immutability
• Composing Software ✨✨
• What is the Difference Between Class and Prototypal Inheritance?
• What is a Closure?
• Circular dependencies in JavaScript
• Hoisting in Javascript
• Async-Await
• Await and Async Explained with Diagrams and Examples
• Concurrent marking in V8
• JavaScript engine fundamentals: Shapes and Inline Caches ✨
• Javascript : The Curious Case of Null >= 0
• How to Fix the ES6 class keyword
• The Modern JavaScript Tutorial
• Elements of JavaScript Style
• The JavaScript Encyclopedia
• Javascript Debugging
• Javascript 3D Game Engines
• Headless Chromium
• Rich JavaScript Applications – the Seven Frameworks
• Angular vs. React vs. Vue: A 2017 comparison
• Object-oriented Programming in vanilla JavaScript
• Essential Image Optimization ✨
• Why does Google prepend while(1); to their JSON responses?
• The Curious Case of Mobx State Tree
• In defense of Functional CSS
• Douglas Crockford: Really. JavaScript. 📺
• Defensive JavaScript
• What is this? The Inner Workings of JavaScript Objects
• Responsible JavaScript
• https://github.com/tc39

Node.js

• Getting Started with NodeJS
• Making NodeJS App faster
• Looking into assembly code of coercion
• Understanding V8’s Bytecode

Webpack

• Diving Webpack
• Webpack How-to

React, Redux

• Under the hood ReactJS
• Thinking in React
• Redux
• React.js Conf 2015 - Immutable Data and React 📺
• Full Stack Redux Tutorial
• Paul O Shannessy - Building React From Scratch 📺
• React Implementation Notes
• React Internals
• Scheduling in React

Elm

• Elm Tutorial
• Elm Architecture Tutorial
• Beginning Elm
• Elm For Beginners

Security

Attacks

• Blind SQL Injection Exploit
• SSL Strip
• SQL Injection
• Binary Exploitation
• SQL Attack Constraint Based
• Buffer Overflow Attack
• DNS Reconnaissance – DNSRecon
• What is a DDoS Attack?
• SSRF
• All you need to know about SYN floods
• "kernel: Possible SYN flooding on port X. Sending cookies" is logged
• SSL Strip for Newbies
• Cold Boot Attack
• Heartbleed Bug
• Shellshock
• Mirai Botnet
• POODLE
• Format string attack
• Off-by-one error
• EFAIL

Tools

• John the Ripper
• HAProxy
• Hashcat
• XSStrike
• GDB: The GNU Project Debugger
  • gdb Debugging Full Example (Tutorial): ncurses
  • GDB Cheatsheet
  • CppCon 2015: Greg Law "Give me 15 minutes & I'll change your view of GDB" 📺

Guides

• CTF Wiki
• Sites to practice InfoSec Skills
• CVE-2016-4484: Cryptsetup Initrd root Shell
• Securing API with OAuth 2.0
• CTF Field Guide
• Owasp
• How To Become A Hacker
• Modern CSRF
• Buffer Overflow
• Why shouldn't we roll our own?
• Sometimes HTTP > HTTPS
• Tale of a DDoS
• Security list for fun and profit
• Radare 2 Book
• Project Zero
• What “hacking” competitions/challenges exist?
• SQL Injection Cheat Sheet
• Shodan
• Kerberos: The Network Authentication Protocol
• Reverse Shell Cheat Sheet ✨
• How to securely hash passwords?
• Use bcrypt
• Beware of strncpy() and strncat()
• https://insomnihack.ch/wp-content/uploads/2016/01/Hacking_like_in_the_movies-Teaser.pdf
• https://io.netgarage.org/
• Write-ups for CTF's - (Refer only if you are really stuck solving CTF questions)
• Lessons learned and misconceptions regarding encryption and cryptology ✨
• GOT and PLT for pwning
• A Look at The Draft for JWT Best Current Practices
• GOT and PLT for pwning.
• LiveOverflow Binary Hacking 📺
• Advanced web security topics
• Don't publicly expose .git ✨
• https://rpis.ec/
• The State Of Software Security In 2019 🔒

Games and CTF's

• Web for Pentesters
• Overthewire: Bandit
• Overthewire: Natas
• Crypto Challenges
• https://io.netgarage.org/
• https://picoctf.com/
• https://pwnable.kr
• http://gracker.org/
• https://cryptopals.com/
• https://ringzer0ctf.com/challenges
• http://websec.fr/
• https://365.csaw.io/
• https://crackmes.one/

Crypto

• Cipher Tools
• So, You Want To Learn To Break Ciphers
• Alice & Bob : A History of The World’s Most Famous Cryptographic Couple
• Implementing AES
• A Stick Figure Guide to the Advanced Encryption Standard (AES)
• Cryptography Services Archives
• An Intensive Introduction to Cryptography
• How to prevent cryptographic pitfalls by design

Python

• Python Memory Management
• Making Photos Smaller
• Automate the Boring Stuff with Python
• A Programmer's Guide to Data Mining ✨

Docker

• Docker Internals
• Understanding Docker Internals
• Docker Secure Deployment
• Docker Curriculum
• Docker Cheatsheet

Algorithms

• Complexity of Python Operations
• Essentials of Machine Learning Algorithms
• Heap Algorithm
• Linked lists are still hard
• Know Thy Complexities!
• Understanding Dijkstra's Algorithm
• How to think in graphs
• Ask HN: What's your favorite elegant/beautiful algorithm?
• Algorithms Behind Modern Storage Systems -The Knuth-Morris-Pratt Algorithm in my own words
• Why is processing a sorted array faster than processing an unsorted array?

Internet

Webservers

• Apache vs Nginx
• Secure Nginx with SSL Certificate
• Web Cache - Everything you need to know
• The C10K problem
• Cache Docs
• 10 Tips for 10x Application Performance
• nginx
• How we scaled nginx and saved the world 54 years every day
• GLB: GitHub's open source load balancer

Protocols

• IPFS
• Paper review. IPFS: Content addressed, versioned, P2P file system
• HTTP
• Analysis of HTTP Performance
• Capturing HTTP Packets
• FTP: File Transfer Protocol
• HTTP is obsolete. It's time for the Distributed Web
• How does SSL/TLS work?
• Building Protocols with HTTP
• QUIC
• The Illustrated TLS Connection
• The New Illustrated TLS Connection
• HTTP3
• HTTP/3 explained
• The Web Developer's Guide to DNS
• Messing With Telnet

Random

• Web Bloat
• Let's code a TCP/IP stack
• Load Balancing
• What are Long-Polling, Websockets, Server-Sent Events (SSE) and Comet?
• The future of the open internet
• What happens when... ✨✨
• How Wi-Fi Works
• Let 'localhost' be localhost
• Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
• How Does the Internet Work?
• The Law of Leaky Abstractions
• How WebSocket server handles multiple incoming connection requests?
• A cartoon intro to DNS over HTTPS
• How to crawl a quarter billion webpages in 40 hours
• The uncertainty of measuring the DNS
• DHCP configuration file /etc/dhcp/dhcpd.conf explained
• Scalability for Dummies - Part 3: Cache
• A Brief History of High Availability
• Do You Really Know CORS?
• How Tor Works
• How Cloudflare’s Architecture Can Scale to Stop the Largest Attacks
• What Is Load Balancing?
• Introduction to Microservices
• How does HTTPS actually work?
• HTTPS in the real world
• Designing Headers for HTTP Compression
• Setting up your server for IPv6 (nginx)
• How does Team Viewer establish a Remote Desktop Connection?
• Everything You Need To Know About Networking On AWS
• Network Protocols ✨
• HTTP headers for the responsible developer

Git

• Making Commit in past
• A Successful Git Branching Model
• Oh shit, git!
• Git from the inside out
• YOU'RE USING GIT WRONG
• What’s Wrong With Git? - Git Merge 2017 📺
• Git Aliases of the Gods! 📺
• High-level Problems with Git and How to Fix Them
• Git Submodules: Adding, Using, Removing, Updating
• Git from the bottom up
• Advanced Git Commands You Will Actually Use
• Git Memo
• Commit Often, Perfect Later, Publish Once: Git Best Practices
• Rebase with history -- implementation ideas
• Git team workflows: merge or rebase?
• Git introduction – .git directory
• How to teach Git
• Git Immersion
• Git Compression of Blobs and Packfiles.
• Why do Git/Mercurial repositories use less space?
• How bad can it git? Characterizing secret leakage in public GitHub repositories

Linux

• Linux Insides
• chmod Tutorial
• Linux Tracing Systems
• File System Hierarchy
• Linux tracing systems
• BPF: Tracing and More
• Automate linux system maintenance tasks
• Orphan vs Zombie vs Daemon Processes
• Rute User's Tutorial and Exposition
• Linux Bridge
• inetd Vs xinetd in linux
• The Lost Art of the Makefile✨✨
• rm -rf remains
• Linux Containers in 500 lines
• What happens when you start a process on Linux?
• The Unix and Internet Fundamentals HOWTO ✨✨
• How does the system shutdown of a linux kernel work internally?
• The Definitive Guide to Linux System Calls ✨
• grep your way to freedom
• Iptables
• The real power of Linux executables
• x86 Assembly Guide ✨
• In UNIX Everything is a File
• Linux file descriptors
• UNIX Syscalls
• How statically linked programs run on Linux ✨
• File Types in Linux
• Write your Own Virtual Machine
• Killing processes that don't want to die
• Threads and fork(): think twice before mixing them
• Loading and ptrace'ing a process on Linux
• Understanding glibc malloc
• Why does APT not use HTTPS?
• Systemd as tragedy
• The Good, the Bad, and the Ugly: The Unix! Legacy
• Rethinking PID 1
• Inside the Linux boot process
• What is Overcommit? And why is it bad?
• What you need may be “pipeline +Unix commands” only
• Your terminal is not a terminal: An Introduction to Streams
• How fast are Unix domain sockets?
• The 101 of ELF files on Linux: Understanding and Analysis

Kernel

• Kernel Map
• Documentation extracted from the Linux kernel
• The Linux Kernel documentation
• Pushing the Limits of Kernel Networking
• The Linux Kernel Module Programming Guide

PAM

• Linux PAM
• Using PAM

SSH

• Simplify Your Life With an SSH Config File
• SSH Agent Vulnerabilities
• Secure Secure Shell
• SSH Examples, Tips & Tunnels

Linux Security

• Linux Kernel Exploitation
• Dirty Cow
• Explaining Dirty COW local root exploit - CVE-2016-5195 📺
• Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals
• Security Tips for Linux Servers
• Three kinds of memory leaks
• Running Untrusted Programs in Linux
• Writing a simple rootkit for linux
• Do sudo and .profile/.bashrc enable trivial privilege escalation?
• How to break out of a chroot() jail
• Securing Debian Manual

Vim

• Interactive Vim Tutorial
• Vim Galore
• Vim Cheatsheet

Bash

• Bash Guide for Beginners
• Writing Shellcode
• Shellcoding
• Writing Shellcode
• Creating a bash completion script
• Explain Shell
• Writing a Unix Shell

OS dev

• Operating Systems Lecture Notes
• Kernel 101 – Let’s write a Kernel
• Kernel development
• Computer architecture for network engineers
• Building a simple Kernel
• How Does an Intel Processor Boot?
• implement your own Linux kernel

C

• Lightweight HTTP Server
• Understanding C by learning assembly ✨✨
• Smashing The Stack For Fun And Profit
• GNU Make: A Program for Directing Recompilation
• NCURSES Programming HOWTO
• Make your own build system
• Malloc tutorial
• Let's Build a Compiler, by Jack Crenshaw
• Back to Basics
• The GNU C Library
• Tearing apart printf() ✨✨

Ruby

• Ruby Programming
• ✨ in Ruby
• Metaprogramming in Ruby
• Visualizing Your Ruby Heap
• 7 Deadly Sins of Ruby Metaprogramming
• Ruby vs. The World
• Developing Games With Ruby

Rails

• RoR Tutorial
• APIs on Rails
• Predicting Test Failures
• XSS and Rails
• RailsConf 2014 - All the Little Things by Sandi Metz 📺

Haskell

• Official Documentation
• How to learn Haskell
• Fighting spam with Haskell ✨
• Huge list of videos, talks, courses for Haskell programming language
• Happy Learn Haskell Tutorial
• Some Notes About How I Write Haskell
• Learn You a Haskell for Great Good!

Go

Pilot run

• Tour of Go
• Go by example
• Effective Go
• Go Programming Video 📺
• Resources for new Go programmers
• Golang channels tutorial
• Hello Go!
• Simple techniques to optimise Go programs
• Go talks

Advanced Concepts

• Interfaces in Go
• How Goroutines Work
• Concurrency is not Parallelism ✨
• The Case For Go
• 5 things about programming I learned with Go
• Profiling Go
• Applied Go
• Concurrency in golang and a mini Load-balancer
• Golang Has Generics
• Getting to Go: The Journey of Go's Garbage Collector
• Visualizing Concurrency in Go
• Five things that make Go faster
• Go-tcha: When nil != nil
• SOLID Go Design

Web Dev in Go

• RESTful routing in Go
• Building Web Apps with Go
• MVC Framework for Go
• A lightweight MVC framework
• Learning Go as a Node.js Developer
• The Way of the Gopher

Networking with Go

• Writing Network Drivers in Go
• Go for Javascript Developers
• Network Programming with Go
• A Million WebSockets and Go
• TCP/IP Networking in Go
• HTTPS and Go

Lua

• Programming in Lua (first edition)
• Nginx image processing server with OpenResty and Lua
• Learn Lua in 15 Minutes
• Creation of a complete game with Lua and LÖVE

Rust

• Learning Rust
• Rust Intro
• Rust Docs
• Why is Rust difficult?

Lisp

• Land of Lisp
• Build Your Own Lisp

Database

• Secure PostgreSQL
• Sharding
• SQL vs NoSQL
• What are Master and Slave databases?
• Principles of Sharding for Relational Databases
• Build a simple database
• Five ways to paginate in Postgres, from the basic to the exotic
• One Giant Leap For SQL: MySQL 8.0 Released ✨
• MongoDB is to NoSQL like MySQL to SQL — in the most harmful way
• Why Uber Engineering Switched from Postgres to MySQL

BlockChain, Bitcoin

• Bitcoin Resources
• Blockchain: the revolution we’re not ready for
• How Bitcoin Transaction Works
• How Bitcoin Works Under the Hood 📺
• Bitcoin Wiki
• Bitcoin, Ethereum, Blockchain, Tokens, ICOs
• Using the raw Bitcoin protocol
• Bitcoin mining the hard way
• EthList: The Crowdsourced Ethereum Reading List
• CryptoEconomics
• Emails from Satoshi Nakamoto to Hal Finney
• Quantifying Decentralization
• Building Blockchain in Go
• The Blockchain Dictionary
• Bitcoin Resources
• Is CPU mining even worth the Ether?
• Nativecoin - build your own crypto-currency

Tor

• Research problems: Ten ways to discover Tor bridges
• Selected Papers in Anonymity
• Onion Router
• Handling bot attacks against a Tor hidden service
• Anti-Censorship & Transparency - Roger Dingledine 📺

Functional Programming

• What is Functional Programming ?
• Functional Programming Jargon
• What is a Functional Composition
• What is Pure function ?
• Functional Programming
• So You Want to be a Functional Programmer
• Practical Functional Programming
• Mostly Adequate Guide to Functional Programming ✨

OAuth

• An Introduction to OAuth 2
• The OAuth 2.0 Authorization Framework RFC
• OAuth 2 Client and OAuth 2.0 Server

Regex

• Learn Regex
• Interactive Exercise
• https://github.com/zeeshanu/learn-regex

Awesome Lists

Curated list of good resources shared on github

• Awesome Security
• Awesome Reversing
• Awesome Sec talks/videos
• Awesome Docker
• Awesome Python
• Awesome Courses
• Awesome Hacking
• Awesome Ruby
• Awesome Microservices
• Awesome Go
• Awesome REST
• Awesome Cheatsheet
• Awesome Guidelines
• Awesome Security Gists
• Awesome Web Security
• https://github.com/Hack-with-Github/Awesome-Hacking

Useful Command Line Tools

• tldr
• Rofi: A window switcher, application launcher and dmenu replacement
• fd: A simple, fast and user-friendly alternative to find
• SCM breeze: Adds numbered shortcuts to the output git status, and much more
• Pass: Simple password manager using gpg and ordinary unix directories
• peerflix

Blogs

• https://lemire.me/blog/
• http://arjunsreedharan.org/
• https://jvns.ca/
• https://githubengineering.com/
• http://nullprogram.com/index/
• https://zwischenzugs.com/
• https://mkdev.me/en/posts
• http://www.uliaea.ca/
• https://blog.cloudflare.com/
• https://blog.cryptographyengineering.com
• http://prog21.dadgum.com/
• https://increment.com/programming-languages/ ✨
• https://blog.filippo.io/
• http://highscalability.com
• https://notes.shichao.io/
• https://blog.acolyer.org/
• https://lwn.net/
• http://www.jimmyr.com/
• https://queue.acm.org/
• https://blog.aqnichol.com/
• https://www.linuxjournal.com/
• https://www.the-paper-trail.org/
• https://overreacted.io/
• https://robertheaton.com/
• https://www.mnot.net/blog/
• https://systemoverlord.com/
• http://openmymind.net/
• http://goyalankit.com/
• https://www.learnenough.com/
• https://learnxinyminutes.com/
• https://learncodethehardway.org/
• https://codingsec.net/2016/04/books-artificial/
• https://blog.rpis.ec/
• https://www.vulnhub.com/
• https://sakurity.com/
• https://blog.jessfraz.com/
• https://www.schneier.com/
• http://harmful.cat-v.org
• https://fgiesen.wordpress.com/

More

• Introduction to Distributed System Design
• Raft: Understandable Distributed Consensus
• Password storage in source control
• Global Variables are Bad
• Difference b/w Integration and Unit Tests
• The language of choice
• Learn Anything
• Programmer Competency Matrix
• Lecture Search
• Hacker's guide to Neural Networks
• Return to the Source
• Front End Checklist
• A list of everything that could go in the of your document
• Collecting All Cheat Sheets
• Design Patterns ✨
• Ask HN: “Write your own” or “Build your own” software projects
• Software Testing Anti-patterns *
• Detecting the use of "curl | bash" server side
• A Practical Introduction to Container Terminology
• Setting up a queue service: Django, RabbitMQ, Celery on AWS
• A Programmable Programming Language
• Constructors Considered Mildly Confusing
• Hacker101
• Ruby vs Python
• Weapon of Mass Destruction
• MooTools
• Developer resources for desktop apps
• The three types of programmers
• Clojure - the perfect language to expand your brain?
• Leaving Clojure for Ruby
• If Programming languages were harry potter characters
• International Journal of Proof-of-Concept or Get The Fuck Out
• An Introduction to Hashing in the Era of Machine Learning
• Making a virtual machine in Google Sheets
• Death By Database
• Beauty of Programming *
• A Mathematician’s Lament
• How Did Software Get So Reliable Without Proof?
• Google’s secret and Linear Algebra
• How We Built r/Place ✨
• Mastering Chaos - A Netflix Guide to Microservices 📺 ✨
• top Learning Frameworks
• The Forgotten History of OOP
• When setting an environment variable gives you a 40x speedup
• Meet the Flexbox Inspector ✨
• https://www.reddit.com/r/sysadmin/comments/9x577m/were_reddits_infrastructure_team_ask_us_anything/
• http://www.alexkras.com/i-tried-to-virtually-stalk-mark-zuckerberg/
• https://blog.ycombinator.com/ycs-2017-summer-reading-list/

Interview Questions

• Front-end Interview Questions
• Front-end Job Interview Questions
• Back-End Developer Interview Questions
• Tech Interview Handbook
• https://github.com/jwasham/google-interview-university