Automated analysis is the main advantage to working with a modern statically typed compiled language like C++. Code analysis tools can inform us when we have implemented an operator overload with a non-canonical form, when we should have made a method const, or when the scope of a variable can be reduced.
lefticus
/ codingstandards-0-automatedanalysis.md
Last active
August 26, 2024 10:03
C++ Coding Standards
atoponce
/ gist:07d8d4c833873be2f68c34f9afc5a78a
Last active
April 8, 2025 14:06
— forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices
Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from
johnazariah
/ free.fs
Created
April 3, 2018 22:02
Free Monad with Trampoline Infrastructure and Computation Builder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // F<'a> is any type with member 'map' of type ('a -> 'b) -> F<'a> -> F<'b> | |
| type F<'a> = QIL<'a> | |
| and S<'a> = F<Q<'a>> | |
| and Q<'a> = | |
| private | |
| | Step of Step<'a> | |
| | Bind of IBind<'a> | |
| with | |
| static member lift (k : F<'a>) : Q<'a> = Step (Suspend (fun () -> S<_>.map (Yield >> Step) k)) |
grugq
/ grugq quotes from Downclimb
Created
February 5, 2019 07:06
— forked from 0xdabbad00/grugq quotes from Downclimb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life. | |
| https://twitter.com/thegrugq/status/563964286783877121 | |
| -- | |
| You can get 25% off a Mandiant incident response with the code: ITWASCHINA. 100% off if you just use that code as the report. | |
| https://twitter.com/thegrugq/status/600345075562909696 | |
| -- | |
| Fear of 0day is like being terrified of ninjas instead of cardiovascular disease. | |
| https://twitter.com/thegrugq/status/851001030019907588 |
v-p-b
/ AV2019.txt
Last active
March 5, 2021 16:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://seclists.org/fulldisclosure/2019/Aug/1 | |
| https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 | |
| https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/ | |
| https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM | |
| http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html | |
| https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
| https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 | |
| https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html |
This is a collection of the things I believe about software development. I have worked for years building backend and data processing systems, so read the below within that context.
Agree? Disagree? Feel free to let me know at @JanStette.
Keep it simple, stupid. You ain't gonna need it.