Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

8.5 KiB

###Programming Language Courses and References

TOC

Cull

###Cull java-aes-crypto (Android class)

  • A simple Android class for encrypting & decrypting strings, aiming to avoid the classic mistakes that most such classes suffer from.

smalisca

  • Static Code Analysis for Smali files

PHPMD - PHP Mess Detector * What PHPMD does is: It takes a given PHP source code base and look for several potential problems within that source. These problems can be things like: Possible bugs; Suboptimal code; Overcomplicated expressions; Unused parameters, methods, properties.

PMD

  • PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, PLSQL, Apache Velocity, XML, XSL. Additionally it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Ruby, Scala, Objective C, Matlab, Python, Go.

Learn_X_in_Y_Minutes

Hyperpolyglot

###General

Secure Coding Standards - Android

What a C programmer should know about memory

###Source Code Analysis

[RIPS]http://rips-scanner.sourceforge.net/)

  • RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

###Assembly x86/x64/ARM

####Learning x86 Assembly Guide/Reference - Wikibooks

  • Introduction for those who don’t know ASM and a reference for those that do.

Guide to x86 Assembly

Intro to x86 calling conventions

Reading ASM

Machine-Level Representation of Programs

http://opensecuritytraining.info/IntroX86.html

####Reference

Nasm x86 reference

x86 Assembly Guide/Reference - Wikibooks

  • Introduction for those who don’t know ASM and a reference for those that do.

x86 Disassembly/Calling Conventions x86 Disassembly/Calling Convention Examples

sandpile.org

  • The world's leading source for technical x86 processor information.
  • Good source of reference docs/images for x86 ASM

Walkthrough: Creating and Using a Dynamic Link Library (C++)

Intel x86 Assembler Instruction Set Opcode Table

###Videos

Introduction Video Series(6) to x86 Assembly

###C/C++

Stanford C 101

  • Stanford CS Education Library: A 45 page summary of the C language. Explains all the common features and techniques for the C language. The coverage is pretty quick, so it is most appropriate for someone with some programming background who needs to see how C works. Topics include variables, int types, floating point types, promotion, truncation, operators, control structures (if, while, for), functions, value parameters, reference parameters, structs, pointers, arrays, the pre-processor, and the standard C library functions. (revised 4/2003) Homepage

Stanford C Pointers and Memory

  • Stanford CS Education Library: a 31 page introduction to programming with pointers and memory in C, C++ and other languages. Explains how pointers and memory work and how to use them -- from the basic concepts through all the major programming techniques. Can be used as an introduction to pointers for someone with basic programming experience or as a quick review. Many advanced programming and debugging problems only make sense with a solid understanding of pointers and memory -- this document tries to provide that understanding.
  • Homepage

###Go Go Programming Language

###<a name="perl"Perl [Perl Programming Language[(https://www.perl.org/)

Introduction to Perl

###Powershell

Dirty Powershell Webserver

Useful Powershell scripts

Try/Catch Exception in Powershell """

try { #stuff } catch { $ErrorMessage = $.Exception.Message $ErrorSource = $.Exception.Source $err = $ErrorSource + " reports: " + $ErrorMessage }

"""

###Python

Obfuscating python

Understanding Python Bytecode

####Learn Learn Python the Hard Way

[Python For Beginners]( Python For Beginners

  • Welcome! Are you completely new to programming? If not then we presume you will be looking for information about why and how to get started with Python. Fortunately an experienced programmer in any programming language (whatever it may be) can pick up Python very quickly. It's also easy for beginners to use and learn, so jump in!

####Reference

####Libraries

Python Library for interacting with Serial Ports

Hachoir

  • Hachoir is a Python library that allows to view and edit a binary stream field by field

Equip: python bytecode instrumentation

  • equip is a small library that helps with Python bytecode instrumentation. Its API is designed to be small and flexible to enable a wide range of possible instrumentations. The instrumentation is designed around the injection of bytecode inside the bytecode of the program to be instrumented. However, the developer does not need to know anything about the Python bytecode since the injected code is Python source.

Construct2

  • Construct is a powerful declarative parser (and builder) for binary data. Instead of writing imperative code to parse a piece of data, you declaratively define a data structure that describes your data. As this data structure is not code, you can use it in one direction to parse data into Pythonic objects, and in the other direction, convert ("build") objects into binary data.

###Ruby Ruby - Tutorials Point Ruby in 20 Minutes

###Useful Libraries/programs

Shellpaste

  • Tiny snippet of code that pulls ASCII shellcode from pastebin and executes it. The purpose of this is to have a minimal amount of benign code so AV doesn't freak out, then it pulls down the evil stuff. People have been doing this kind of stuff for years so I take no credit for the concept. That being said, this code (or similar code) works surprisingly often during pentests when conventional malware fails.

###Papers

Mov is turing complete