TECHNICAL SKILLS

The practical algorithm designer's reference — technique + problem catalog. Skiena's 'war stories' show how problems arise in practice. The Hitchhiker's Guide catalogs 75 classic problems with implementations.

The definitive textbook on concurrent programming theory — linearizability, mutual exclusion algorithms, lock-free data structures, hardware primitives, and transactional memory. Combines rigorous theory with practical Java implementations.

Python 3 offensive security tooling from scratch — raw sockets to Scapy to Windows internals. Covers networking, packet sniffing, web hacking, Burp extensions, GitHub C2, Windows trojaning (keylogger/shellcode/sandbox detection), data exfiltration, privilege escalation, and Volatility memory forensics.

Generic C++ graph library: adjacency_list/adjacency_matrix graph classes, BFS/DFS/topological sort/Dijkstra/Bellman-Ford/Kruskal algorithms, property maps, visitor customization hooks, and the concepts-and-models generic programming design pattern that makes all BGL types interoperable.

Comprehensive game programming reference: fixed-timestep game loop, component-entity architecture, game AI (FSM/A*/steering/influence maps), 3D pipeline (BSP/LOD/terrain), skeletal animation with IK, camera systems (FPS/third-person/cinematic), particle systems, and multiplayer networking with interpolation.

Complete guide to C++11 multithreading — from basic thread management and mutex patterns through lock-free data structures and the memory model. Williams is the primary author of the Boost Thread Library and C++11 concurrency proposals.

Complete C++ reference: template mechanics (function/class templates, total/partial specialization, type deduction), type traits with tag dispatch, overload resolution rules, STL container selection guide, iterator categories and safety rules, erase-remove idiom, and custom container design with allocator support.

Concurrent OO network programming in C++: server architecture patterns (iterative, thread-per-request, thread-per-connection, thread-pool, reactive select-based), process vs thread tradeoffs, synchronization primitives (mutex, RW-lock, condvar, semaphore), socket IPC, non-blocking I/O, and the ACE toolkit wrapper facade philosophy.

Definitive C++11 reference by Stroustrup: type system, uniform initialization, RAII/ownership, class design (Rule of Five), operator overloading, virtual dispatch, templates, generic programming, variadic templates, metaprogramming, STL containers/algorithms/iterators, lambdas, concurrency (threads/futures/atomics), and C++20 ranges.

Stroustrup's C++ pedagogy textbook: class design from struct to class with invariants and pre/postconditions, deep copy semantics (copy constructor + assignment), vector internals (sz/elem/space capacity model, amortized push_back), RAII with exception safety guarantees (basic/strong/no-throw), grammar-to-recursive-descent-parser translation, and embedded systems C++ constraints (no new/delete/exceptions in hard real-time, pool allocators, bitfields).

Complete C++11 Standard Library reference — containers with complexity analysis, 50+ algorithms, iterator categories, move semantics, lambdas, smart pointers, and strings. The definitive STL guide.

Comprehensive technical interview prep: Big O analysis, data structures (hash tables, trees, graphs, heaps, tries), algorithm patterns (sorting, searching, DP, recursion, bit manipulation), system design, and behavioral storytelling — with company-specific interview guidance.

History of cDc (Cult of the Dead Cow), the pioneering hacking supergroup that coined hacktivism, built Back Orifice to force Windows security reckoning, testified to Congress under hacker handles, and whose alumni (Mudge/Dildog/Weld Pond) built the modern professional infosec industry.

Expert DAX from Ferrari & Russo — the definitive reference. Master evaluation contexts, CALCULATE mechanics, iterators, time intelligence, and advanced data modeling patterns.

Tactical and strategic patterns for software where domain complexity is the central challenge. Evans' canonical text distilled into actionable design guidance.

42 guidelines for effective C++11/14: type deduction (templates/auto/decltype), modern initialization, nullptr/constexpr/override/noexcept, smart pointers, rvalue references, move semantics, perfect forwarding, lambdas, and concurrency with futures and thread_local.

50 specific guidelines for correct, efficient STL usage. Meyers covers the non-obvious pitfalls: container selection traps, iterator invalidation, erase-remove idiom, equality vs equivalence in associative containers, sort algorithm selection, and functor design rules.

Rigorous treatment of transcendental function implementation: IEEE 754 fundamentals (ULPs, rounding modes, FMA, subnormals), polynomial approximation via Chebyshev/Remez minimax, Horner/Estrin evaluation, range reduction (Cody-Waite, Payne-Hanek for large arguments), CORDIC for sin/cos/atan, and correct-rounding via Ziv's multilevel strategy.

Academic ethical framework for political hacking using just-war theory analogues. Argues hacking is justified when protecting vital interests (physical integrity, autonomy, liberty, privacy) and the state fails its protective duty. Six criteria: just cause, right intention, legitimate authority, last resort, proportionality, discrimination.

Python network programming fundamentals: TCP/UDP socket clients/servers, DNS resolution, HTTP/web client and HTML parsing, SMTP/POP/IMAP email, FTP, database clients (DB-API 2.0), SSL/TLS, and concurrency (forking/threading/select/asyncio).

Windows EDR internals from kernel callbacks to AMSI — how sensors work, what they see, and the architectural principles behind robust detection engineering. Required reading for both detection engineers and red teamers.

Comprehensive ethical hacking handbook covering exploit development (Linux/Windows/kernel), C2 deployment and EDR evasion, PowerShell living-off-the-land, Active Directory attacks (Kerberoasting, BloodHound, persistence), IoT/embedded hardware attacks, SDR, cloud hacking (AWS/Azure/containers/Kubernetes), and threat hunting with MITRE ATT&CK.

Python for Windows security tooling — debugger internals, all three breakpoint types, function hooking, DLL/code injection, fuzzing with Sulley, and IDAPython automation. Uses ctypes to interface directly with the Windows API.

Red team operations playbook — from recon through web exploitation, AD attack paths, lateral movement, and social engineering. Includes lab exercises and real-world attack chains against simulated environments.

Comprehensive pentesting reference covering Kali Linux toolchain (nmap/hydra/Wireshark/Burp/Metasploit/Empire/Sliver), offline attacks (physical access, BitLocker/LUKS, password reset), web testing (Juice Shop, OWASP methodology), network attacks (ARP poisoning, Responder, pass-the-hash), and defensive hardening (10 steps, CVSS prioritization).

Complete API security testing methodology — from discovery through authentication attacks, BOLA/BFLA, mass assignment, injection, GraphQL-specific attacks, and rate limit bypass. Includes a comprehensive testing checklist.

Low-level exploitation from first principles — C programming, x86 memory layout, buffer overflows, format strings, shellcode writing, network hacking, and countermeasure bypasses. Erickson explains the 'why' behind techniques rather than just the 'how'.

Threat-driven Kubernetes security guide: pod hardening (securityContext/capabilities/seccomp), RBAC audit and privilege escalation paths, network policies (default deny), supply chain (Trivy/cosign/SBOM), container runtime isolation (gVisor/Kata), secrets management (Vault/External Secrets), OPA/Gatekeeper policy, and Falco intrusion detection.

The rigorous academic reference for applied cryptography — block/stream ciphers, cipher modes (ECB/CBC/CTR/GCM), hash functions (birthday bound, collision resistance), RSA (OAEP/PSS), DH/ECDH, ECC, digital signatures (DSA/ECDSA/EdDSA), authentication protocols, key establishment, and cryptographic attack taxonomy.

Comprehensive hardware security attack guide — finding debug interfaces (JTAG/UART), firmware extraction (SPI/JTAG), fault injection techniques (voltage/clock/EM/optical), power analysis attacks (SPA/DPA/CPA with Python), real-world examples (PS3, Trezor One, Philips Hue), and countermeasure design.

The definitive Linux driver development guide — char drivers (file_operations, ioctl, blocking I/O, poll), kernel synchronization (mutex/spinlock/completions), interrupt handling (top/bottom half), DMA (streaming/coherent), block drivers, network drivers (sk_buff), and the Linux device model (kobject/sysfs).

Deep dive into Linux kernel networking internals: sk_buff socket buffer lifecycle (allocation, pointer manipulation, stack traversal), net_device NIC driver registration, softirq receive/transmit path (NAPI), IPv4 forwarding and fragmentation, ARP/neighboring subsystem state machine, and routing table FIB lookup with route cache.

Linux socket programming from first principles: Berkeley socket API lifecycle, three server architectures (iterative/select/fork), TCP vs UDP and stateful vs stateless protocol design, OpenSSL TLS integration (SSL_CTX/SSL layer setup), and secure C coding (buffer overflow prevention, unsafe function replacements, error-handling wrappers).

Bitcoin protocol internals from first principles — keys, addresses, UTXO model, Script language, P2P network, Merkle trees, mining, and consensus. Antonopoulos frames Bitcoin as a decentralized trust network, not just digital money.

Advanced Kali Linux pentesting guide: OSINT/stealth recon, wireless attacks (WPA2/WPS/Evil Twin), web exploitation (Burp/sqlmap/BeEF), cloud exploitation (AWS IAM/S3), AV evasion (Veil/fileless/UAC bypass), Metasploit, lateral movement (CrackMapExec/ProxyChains), privilege escalation, and Kerberos golden ticket attack.

Complete malware analysis methodology — from triage through static/dynamic/reverse engineering analysis. Covers anti-analysis bypass, APT techniques, MITRE ATT&CK mapping, IoT malware, and report writing.

MIT's discrete mathematics course textbook — proof techniques (induction, contradiction), number theory (modular arithmetic, Fermat/Euler), graph theory (trees, coloring, planar, Hall's theorem), recurrences (Master Theorem, linear recurrences), counting (combinations, inclusion-exclusion, pigeonhole), probability (Bayes, independence, birthday paradox), random variables (binomial, geometric), expected value (linearity), and tail bounds (Markov, Chernoff).

30 algorithm 'pearls' derived from specifications using equational reasoning in Haskell. Bird demonstrates that efficiency emerges from algebraic manipulation of a correct-but-naive specification — no separate proofs needed.

Compact operator field reference — Linux/Windows command syntax for post-exploitation, networking (tunneling, proxies, pivots), file operations, web attacks, databases, scripting one-liners, and wireless — organized for fast lookup during active engagements.

The complete human hacking framework — from OSINT and target profiling through influence, elicitation, and nonverbals, to the M.A.P.P. defense program. Hadnagy draws on Cialdini, Ekman, and Dreeke to build a science-grounded SE methodology.

The definitive protocol reference — every TCP/IP protocol explained with packet captures and field-by-field analysis. Covers IPv4/IPv6, ARP, ICMP, UDP, TCP (connection, reliability, congestion control), DNS, NAT, and protocol-layer attacks.

Twisted event-driven networking for Python: reactor pattern, Protocol/Factory/Transport layering, Deferred callback chains, LineReceiver state machines, Twisted Web server and client, SSH via Conch, and testing with Trial's StringTransport mock.

Comprehensive deep-dive into Linux 2.6 kernel internals — memory addressing (paging/segmentation), process management (task_struct, context switch, CoW), scheduling, synchronization primitives, memory management (buddy/slab), VFS, device drivers, page cache, IPC, and ELF execution.

Practical OWASP ZAP recipes for web app pentesting: Docker/GUI setup, Python API automation, spidering (traditional + AJAX), authentication bypass, IDOR, cookie security, CSRF, session hijacking, XSS/SQLi/SSTI/SSRF/command injection fuzzing, business logic manipulation, report generation, and CI/CD integration.