Appendix F: Companion Code and Open-Source Repositories

Several topics in this book are accompanied by working code and tools in public repositories maintained by the author and associated organizations. This appendix lists those repositories and maps each to the chapter(s) it supports, so readers can move from concept to runnable code. Repository names, languages, and descriptions reflect their public listings; check each repository for its current state and license before use, and run security tooling only in authorized, isolated environments.

Worked Code Examples in This Book

The following short reference programs (Java and C) accompany the text as worked examples; each is introduced and excerpted in the chapter noted. They are teaching artifacts that illustrate mechanics, several deliberately omit production hardening (a caveat stated where they appear).

Cryptography (Chapter 2)

• CaesarCipher.java, caesarcipher.c – Caesar shift cipher (Section 2.2).

• VigenereCipher.java, vigenerecipher.c – Vigenere polyalphabetic cipher (Section 2.2).

• UnsecureRandom.java vs BetterRandom.java – java.util.Random versus SecureRandom (CSPRNG) (Section 2.4).

• AES_ECB.java vs AES_CTR.java – AES block-cipher modes, ECB’s weakness and CTR’s IV/nonce (Section 2.6).

• SymmetricKeyTest.java – a symmetric cipher/mode benchmark harness (Section 2.6, 2.20).

• Hash.java – MD5 and SHA-256 digests (Section 2.7).

• LibCRC.java, MyCRC.java – CRC32 and a by-hand CRC (polynomial division over GF(2)); error detection, not security (Section 2.7).

• HMAC.java – HMAC-SHA-256 keyed authentication (Section 2.8).

• GenerateDigitalSignature.java – DSA key generation and signing (Section 2.13).

Networking (Chapter 3)

• DateServer.java, DateClient.java – a minimal TCP server and client over ServerSocket/Socket (Section 3.6).

• WebServer.java, WebClient.java – a hand-built HTTP/1.0 server and client over raw sockets (Section 3.6).

Memory corruption and low-level (Chapter 9)

• hello.c, hello.i, hello.s, hello.o – the compilation pipeline (source, preprocessed, assembly, object) (Section 9 intro).

• buf1_pass.c, buf1_pass.s – stack buffer overflow / authentication bypass via gets(), with assembly.

• buf2_stack1.c, buf3_stack2.c – stack exhaustion (huge array; infinite recursion).

• buf4_heap1.c, buf5_heap2.c – heap memory leak and oversized allocation.

More cryptography and coding (Chapter 2)

• elgamal.cpp – ElGamal encryption over a prime field (Section 2.11).

• cryptopp-authenc.cpp – Crypto++ Encrypt-then-MAC (PBKDF2 + AES-CBC + HMAC-SHA-256) (Section 2.8).

• CRC.cpp – CRC by modulo-2 polynomial division (Section 2.7).

• Hamming.cpp – (7,4) Hamming single-error-correcting code (Section 2.7).

Networking and web (Chapter 3)

• server.cpp, client.cpp – Berkeley-sockets TCP server and client in C/C++ (Section 3.6).

• login.html, slideshow.html – an HTTP login form (GET) used in the plaintext-password capture demo (Section 3.9).

• self_signed.py, https_server.py – generate a self-signed certificate and serve the page over TLS/HTTPS (Section 3.9).

Note

These files are kept in the companion repositories listed above. Because they are written for clarity, prefer the production guidance in the corresponding chapter (authenticated encryption, password-based key derivation, modern curves and hashes, and TLS) when adapting them for real use.

Author Repositories (github.com/devharsh)

• cybersec-textbook (Jupyter Notebook): the source of this open textbook itself. devharsh/cybersec-textbook (-> all chapters)

• chiku (Python): polynomial function approximation library, used to approximate non-polynomial functions for computation on encrypted data. devharsh/chiku (-> Ch. 2, Ch. 17: homomorphic encryption)

• Python-FHEz (Python): a Python 3 and Microsoft SEAL 4 compatible toolkit for fully homomorphic encryption. devharsh/Python-FHEz (-> Ch. 2, Ch. 17)

• VaultBox (C++): a header-only C++ library for secure storage and transmission, the companion code to the VaultBox security-analytics work. devharsh/VaultBox (-> Ch. 12, Ch. 13)

• CS-576-ROP (Python): a return-oriented programming (ROP) tool. devharsh/CS-576-ROP (-> Ch. 9: exploitation, ROP)

• cyberquest-camp (HTML): materials for a cybersecurity quest/camp. (-> Ch. 16: capture the flag)

• bulldogcyber.github.io (cybersecurity club site). (-> Ch. 16: clubs and competitions)

• municipal-cyber-policy-analytics (Python): analytics on municipal cybersecurity policy, the companion to the local-government supply-chain research. (-> Ch. 5, Ch. 19)

• UNIX_programs © and the APUE repositories: advanced UNIX programming notes and exercises. (-> Ch. 9: systems/programming foundations)

• Theory-of-Computation (notes): computation and algorithmic complexity fundamentals. (-> Ch. 2: computing paradigms)

• MediCrawl (HTML): a web search engine for diseases. (-> general: information retrieval)

Computer Tips Organization (github.com/com-puter-tips)

• Links-Extractor (Python): extracts all internal and external links from a URL, useful for web reconnaissance and crawling. com-puter-tips/Links-Extractor (-> Ch. 7: reconnaissance)

• SEO-Analysis (Python): gathers insights about a domain and a list of keywords, a footprinting and open-source-intelligence aid. com-puter-tips/SEO-Analysis (-> Ch. 7: OSINT)

• MP3-Stereo-Analyzer (Python): analyzes stereo audio, relevant to audio steganography and media forensics. com-puter-tips/MP3-Stereo-Analyzer (-> Ch. 2 steganography, Ch. 13 forensics)

• LSTM-Demo (Python): a bidirectional LSTM example with TensorFlow. (-> Ch. 17: machine learning)

• Perf_Plotter ®: visualizing system performance. (-> general: data visualization)

• Technical-eBooks: curated PDFs for programming tutorials. (-> general: further reading)

Note

A separate teaching organization (github.com/BSU-COSC-TRIVEDI) hosts GitHub Classroom assignment and exam repositories used in the author’s university courses; those are course-management artifacts rather than content cited in this book. The repositories above are listed for their topical relevance; the penetration-testing and exploitation tools among them (for example the ROP tool and the reconnaissance scripts) must be used only against systems you own or are explicitly authorized to test, consistent with the legal and ethical principles of Chapter 6.

Companion Blog Tutorials (com.puter.tips)

The author’s blog hosts hands-on tutorials that complement the book’s concepts. The most relevant are listed below, grouped by chapter. These are practical how-to posts; treat any offensive tooling under the authorization and ethics rules of Chapter 6.

Cryptography (-> Ch. 2, Ch. 17)

• A Primer on RSA. https://com.puter.tips/2020/11/a-primer-on-rsa.html

• Codes and Ciphers. https://com.puter.tips/2020/11/codes-and-ciphers.html

• Monoalphabetic Substitution Cipher in C. https://com.puter.tips/2017/10/monoalphabetic-substitution-cipher-in-c.html

• Encryption using OpenSSL. https://com.puter.tips/2015/01/encryption-using-openssl.html

• Encryption/Decryption of an XML File. https://com.puter.tips/2015/05/encryptiondecryption-of-xml-file.html

• Random Number Generation in C. https://com.puter.tips/2021/03/random-number-generation-in-c.html

• Steganography using StegoMagic. https://com.puter.tips/2015/06/steganography-using-stegomagic.html

• NTRU in Python 3 (post-quantum, lattice). https://com.puter.tips/2021/09/ntru-in-python3.html

• Running HElib / homomorphic encryption. https://com.puter.tips/2022/06/how-to-run-helr-homomorphic-encryption.html

• Installing Pyfhel (homomorphic encryption) on macOS. https://com.puter.tips/2022/07/how-to-install-pyfhel-in-macos.html

• Microsoft SEAL installation (FHE). https://com.puter.tips/2020/10/microsoft-seal-installation-on-macos.html

• Calculate the hash of a vector in C++. https://com.puter.tips/2022/02/how-to-calculate-hash-of-vector-in-c.html

• Using Crypto++ in Xcode / Kali; generating key and IV for Crypto++. https://com.puter.tips/2021/02/how-to-use-cryptopp-in-xcode.html

Networking and TLS (-> Ch. 3)

• HTTP/2 Is Here. https://com.puter.tips/2015/06/http2-is-here.html

• Install a free SSL/TLS certificate. https://com.puter.tips/2021/03/how-to-install-free-ssl-certificate-for.html

• Free VPN service (device / router / Android). https://com.puter.tips/2018/09/free-vpn-service-for-device.html

• setsockopt “protocol not available” solved (socket programming). https://com.puter.tips/2021/02/setsockopt-protocol-not-available-solved.html

• Procedures for writing scripts in ns-3 (network simulation). https://com.puter.tips/2020/11/procedures-to-writing-script-in-ns3.html

Reconnaissance and web (-> Ch. 7, Ch. 10)

• Extract all internal and external links (web recon). https://com.puter.tips/2016/12/extract-all-internal-and-external-links.html

• Google Search API in Python 3 (OSINT). https://com.puter.tips/2020/03/google-search-api-in-python-3.html

• MySQL Injection Attack Tutorial (SQL injection). https://com.puter.tips/2023/12/mysql-injection-attack-tutorial.html

• Hide a password in the command prompt. https://com.puter.tips/2018/02/hide-password-in-command-prompt.html

Tooling, hardware, and platform (-> Ch. 6, Ch. 8, Ch. 17)

• 30 must-have software for Kali Linux; fix Kali update/upgrade errors. https://com.puter.tips/2015/06/30-must-have-softwares-for-kali-linux.html

• Check if Intel SGX is enabled (trusted execution environment). https://com.puter.tips/2021/02/how-to-check-if-intel-sgx-is-enabled.html

• List supported CPU instruction sets. https://com.puter.tips/2022/11/list-supported-cpu-instructions-set.html

Society, ML, and emerging topics (-> Ch. 1, Ch. 17)

• The Rise of Cybercrime in India. https://com.puter.tips/2020/11/the-rise-of-cybercrime-in-india.html

• Top 7 free cybersecurity newsletters. https://com.puter.tips/2022/08/top-7-free-cyber-security-newsletters.html

• RAG architecture and multi-GPU training (DDP). https://com.puter.tips/2026/03/rag-architecture-multi-gpu-training-ddp.html

• Run a bidirectional LSTM in Python. https://com.puter.tips/2022/06/how-to-run-bidirectional-lstm-in-python.html

Note

The blog (com.puter.tips), maintained since 2015, contains many more posts; the above are selected for direct topical relevance. URLs are current as of writing; if a link moves, search the blog by title.