ritter.vg
code > recommended reading
articles
Discovering Regular Expressions Prone to Denial of Service Attacks
A neat trick for looking at the complexity of your regular expressions.
Anatomy of a Programin Memory
An excellent explanation of a program's memory image - nothing groundbreaking, just a good resource. Really, a lot of his posts are awesome.
How To Break Disassemblers
A really good presentation about how disassemblers work, and accordingly, how to break them.
The Athens Affair
Over 100 mobile phones belonging to members of the Greek government and top-ranking civil servants were selectively tapped for months, by perpetrators unknown.
100 bugs in Open Source C/C++ projects
If you want to get into Source Code Auditing, here's a good primer for identifying bugs by example.
An explanation of Shor's Algorithm
This blog article explains how Shor's algorithm actually factors numbers. (In a quantum computer of course.)
Differential Fault Analysis by Example
If you know that you can affect cryptographic operations using faults to obtain keys, but don't know how it's actually done, this article is for you.
Writing kernel exploits
An excellent introduction to kernel exploitation. Very entry level stuff, but very good explanations.
Grsecurity and PaX Configuration Options
If you've heard of grsecurity and PaX, but aren't quite sure what they do exactly this is a great introduction, even if it is a bit out of date.
Anatomy of a Symbolic Emulator (Part 2, Part 3)
An excellent introduction to using a SMT solver with a symbolic emulator to achieve fuzzing code coverage of all branches by crafting the input necessary.
A Collection of Examples of 64-bit Errors in Real Programs
A giant list, with examples, of bugs that are exposed only by compiling in 64 bit mode. Very subtle, easy to miss bugs.
Speeding up SSL: enabling session reuse
An excellent explanation of the techniques for speeding up SSL handshakes (reuse and tickets), with analytics, sample code, patches, diagrams, a sample webserver, and tests. An amazing article
Why do Windows functions all begin with a pointless MOV EDI, EDI instruction?
A nice indepth look at the assembly of Windows functions and the care they put into optimizing the x86.
The First Few Milliseconds of an HTTPS Connection
A fantastic overview of the HTTPS handshake down to deriving the master secret.
Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently)
A collection of ways to get from Local Administrator to Domain Administrator in a Windows network.
NBNS Spoofing on your way to World Domination
Very well-written and detailed post on local LAN attacks
Exploit Necromancy in TCMalloc . Reviving the 4-to-N Byte Overflow Primitive with Insert to FreeList
Excellent explanation of Heap Manipulation
TCP -> SQL Server -> .Net -> Linq -> And back down again
Another example of a strange situation observed in TCP, taking the sysadmin all the way up to the application through the database, and finally shaving off about 1/3 of his bandwidth - all from observing TCP window sizes.
NULL Pointer Dereferences (Part 2)
Ksplice explains how to exploit a NULL pointer dereference in Linux.
Hosting Backdoors in Hardware
Ksplice explains how to engineer a PCI card that will backdoor a Linux Kernel
Raymond Chen's CLR Week Articles: 1 2 3 4 5 6
Usually reserved for those people doing Win32 programming, Raymond's insights grace those of us with a bent towards .Net.
Cracking budget encryption
Seen those budget "encrypted" external hard drives? Well the encryption usually isn't so hot. Here's how one was cracked. This is often the closest you'll get to real crypto cracking.
How phpBB.com got Hacked
Complete walkthrough of a real hack on a popular, live site.
Practical Defense in Depth
An article outlining some of the techniques used by Microsoft (and OS products) to make exploiting C/C++ code more difficult.
Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes
Why you want a nice, slow hash function for your password storage, and some suggestions for which to choose.
I Didn't Order That, So Why Is It On My Bill, Episode 2
A great article on minutia of C++ STL string implementation.
Performance Implications of try/catch/finally
Peter Ritchie explains that the compiler cannot entirely optimize inside try blocks, so there is a negative performance impact to them sometimes.
With a little help from your compiler
Robert Love has an old (4+ years) blog post about gcc compiler extensions and optimizations.
A regular expression to check for prime numbers
Would you believe you could write a regular expression that would detect if a number was prime? Well you can. Avinash explains how it works here.
Pointers, arrays, and string literals
An example of a C (or C++) gotcha. I'll take this moment to recommend Expert C Programming - Deep C Secrets by Peter van der Linden
MySQL Doesn't Always Suck; This Time it's AMD
A great blog post from a great blog about getting nice a low level with the processor. I read an article a long time ago, about a music-serving infrastructure (I think) where the software was more reliable than the hardware. Getting to that level in a software project is incredible. Here's another, similar, tale.
How .Net Regular Expressions Really Work
If you've ever wonder just what the heck goes on behind "http://([^\s/]+)/?" - this article will answer your questions. It's a really good insight into complicated code. He links to dozens of other pages, but one that was particurally interesting was Runaway Regular Expressions.
Optimising strlen
Another awesome blog post about micro-optimisations and the power they have. If you're rewriting strlen you're incredibly dangerous - because you're either incredibly good, or incredibly bad. This guy is good.
Continuous Deployment
Continuous Integration is a pretty common method, amoung good software shops, where people check in their code, the build is automated, and prefferably some tests are run. If someone breaks the build, you know about it early. Continuous Deployment is taking it one step further. After the tests pass: the code is pushed to production automatically. Sound crazy? Read the article.
Interview with an Adware Author
An interview with a guy who wrote some crazy-awesome code to keep the adware running. Amazing polling and process monitoring. Explains why it's so hard to get rid of some of the stuff.
Fastest Way To Code a Loop in Javascript
Some well-intentioned guy does all the grunt work to help you optimize that annoying long-running javascript code.
Why there will always be bugs
That's not the name of the article, but that's what I got out of it. Even if you use some powerful framework that abstracts away so much of the nitty gritty - even if you use Space Shuttle-style development with everything code reviewed and controled - you will always get screwed. Sometimes it might just be by leap seconds.
The Old New Thing > The cost-benefit analysis of bitfields for a collection of booleans
You probably know that premature optimization is the root of all evil. But seriously, it is. This article should make you think more critically about your code, question even the most mundane of practices, and most of all - humble you into realizing that there is so much about coding you don't know.
Strategy: Facebook Tweaks to Handle 6 Time as Many Memcached Requests
An article about how Facebook scaled up memcached about 25%. 25% doesn't sound like a lot, but it's not trivial. The interesting part is how they did it. They went all the way up and down the entire stack to find the bottlenecks everywhere - not just memcached. A good lesson in how scaling can be a specialized discipline all in itself.
Comments
Add a comment...
required
required, hidden, gravatared

required, markdown enabled (help)
you type:you see:
*italics*italics
**bold**bold
[stolen from reddit!](http://reddit.com)stolen from reddit!
* item 1
* item 2
* item 3
  • item 1
  • item 2
  • item 3
> quoted text
quoted text
Lines starting with four spaces
are treated like code:

    if 1 * 2 < 3:
        print "hello, world!"
Lines starting with four spaces
are treated like code:
if 1 * 2 < 3:
    print "hello, world!"