Free ebook: Software Security: Principles, Policies, and Protection

May 26, 2018 ~ hucktech ~ Leave a comment

Draft of my open book "Software Security: Principles, Policies, and Protection" available at https://t.co/Cwx8p7SeWm Intended audience: developers/advanced students. Comments, feedback, and questions very welcome!

— Mathias Payer (@gannimo) May 24, 2018

Welcome to Software Security: Principles, Policies, and Protection (SS3P), a free book about software security. SS3P focuses on basic software security principles, secure software development from design over implementation to testing, software security policies (with a focus on memory and type unsafe language like C/C++), defense strategies with a focus on verification, testing, and mitigation, attack vectors, and reverse engineering. The different chapters are augmented with several case studies.
This book is, was, and always will be free and openly accessible in PDF form. If you reference the book, please link to the SS3P PDF directly so that your readers will always get the most recent version.
The intended audience of this book are advanced undergraduate and graduate students interested in software security (e.g., as part of a software security, system security, or information security class) as well as developers working with low level languages such as C/C++.

https://nebelwelt.net/SS3P/

Serious Cryptography

November 23, 2017 ~ hucktech ~ Leave a comment

I'm really excited about this book. It's the book I've wanted to publish for at least 20 years. @nostarch https://t.co/OM8eXrfk4p

— Bill Pollock — nostarch@infosec.exchange (@billpollock) November 21, 2017

https://www.nostarch.com/seriouscrypto

Been making my way through this over the last few weeks of travel….and holy sh*t this book is a home run @billpollock ! huge props (and thanks) to @veorq for a much needed book. pic.twitter.com/JHFvhxX1Kr

— Stephen A. Ridley (@s7ephen) November 20, 2017

if you bought or read Serious Cryptography and think it sucks (e.g. because of the wrong lattice basis), make sure to add a 1-star review to https://t.co/xypYF4JTo4!

— JP Aumasson (@veorq) November 14, 2017

The PoC||GTFO Bible

May 5, 2017 ~ hucktech ~ Leave a comment

The PoC||GTFO Bible will be available this summer. Preorder now for only $30, and maybe grab a second for a student.https://t.co/M06fjaDp4m pic.twitter.com/R7ozpMAm7w

— Travis Goodspeed (@travisgoodspeed) May 5, 2017

The book of PoC||GTFO contains a extra chapter with 23 of my file formats diagrams, printed in color.https://t.co/PfB4mJUJhW

— Ange (@angealbertini) May 5, 2017

https://www.nostarch.com/gtfo

iOS App Reverse Engineering book

September 13, 2015 ~ hucktech ~ Leave a comment

The book iOS App Reverse Engineering, as a gift to the whole jailbreak community, is now open-sourced on github https://t.co/vNJy6VzewD

— iOSAppRE (@iOSAppRE) September 12, 2015

This is my gift to the jailbreak community as a 5-year n00b, enjoy! iOS App Reverse Engineering is the world’s 1st book of very detailed iOS App reverse engineering skills, targeting 4 kinds of readers:
* iOS enthusiasts;
* Senior iOS developers, who have good command of App development and have the desire to understand iOS better;
* Architects. During the process of reverse engineering, they can learn architectures of those excellent Apps so that they can improve their ability of architecture design;
* Reverse engineers in other systems who’re also interested in iOS.
The book consists of 4 parts, i.e. concepts, tools, theories and practices. The book follows an “abstraction, concrete, abstraction, concrete” structure, starting from basic concepts like iOS filesystem hierarchy and iOS file types that Apple didn’t expose to App developers but iOS (jailbreak) researchers should know, then goes through the most commonly used tools like class-dump, Theos, Cycript, Reveal, IDA and LLDB to introduce what to do in iOS reverse engineering. After that, iOS reverse engineering theories based on Objective-C and ARM assembly are explained in a methodological way, pointing out the core of this book. Last but not least, 4 originally elaborated practices are there to cover all previous contents of the book and give you the most intuitive perception of iOS reverse engineering. Happy hacking!

https://github.com/iosre/iOSAppReverseEngineering

Embedded Programming with Android’s U-Boot chapter

September 9, 2015 ~ hucktech ~ Leave a comment

From about a week ago on the Pearson InformIT web site, Roger Ye published an article on using U-Boot with embedded Android, “Embedded Programming with Android: Using U-Boot to Boot the Goldfish Kernel“. The article mentions that this is a chapter from Roger’s book, “Embedded Programming with Android“, which is news to me. It appears the book came out in April.

In this chapter from Embedded Programming with Android: Bringing Up an Android System from Scratch, Roger Ye shows you how to build a goldfish Linux kernel and then how to boot Android from NOR flash and NAND flash using U-Boot and this kernel.

Once we have U-Boot ready for the goldfish platform, we can use it to boot the Linux kernel in the Android emulator. Ideally, the boot process starts from nonvolatile memory (such as flash memory). Many kind of storage devices can be used in an embedded system, though NOR and NAND flash devices are the most popular options. In this chapter, we will build a goldfish Linux kernel first. We then explore how to boot Android from NOR flash and NAND flash using U-Boot and this kernel. […]

http://www.informit.com/articles/article.aspx?p=2431417
http://www.informit.com/store/embedded-programming-with-android-bringing-up-an-android-9780134030005