Appendix M: Resources and Communities
This appendix is a curated directory of the online resources, communities, tools, and learning platforms most relevant to the topics in this book. Resources are organized by topic area.
Architecture Documentation (Official)
x86-64
Intel Software Developer's Manuals https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html The authoritative x86-64 reference. Download the Combined Volumes PDF or use the HTML search interface. Volume 2 (Instruction Set Reference) and Volume 3 (System Programming Guide) are the most frequently consulted.
AMD64 Architecture Programmer's Manual https://developer.amd.com/resources/developer-guides-manuals/ AMD's perspective on the architecture. AMD Volume 2 (System Programming) covers virtualization extensions (SVM), secure memory encryption, and AMD-specific system registers.
Compiler Explorer (godbolt.org) https://godbolt.org/ The most practical tool for understanding what compilers emit. Write any language (C, C++, Rust, Go, Zig), select any compiler (GCC, Clang, MSVC), and see the assembly output with color-coded source-to-assembly mapping. Essential for studying compiler output.
ARM64
ARM Architecture Reference Manual for A-profile https://developer.arm.com/documentation/ddi0487 The normative ARM64 reference. Part D (System Architecture) covers exception levels, the interrupt model, and the memory model. Requires registration to download.
ARM Cortex-A Programmer's Guide https://developer.arm.com/documentation/den0024 A more accessible introduction to ARM64 programming than the full ARM ARM. Covers the register file, instruction set, exception model, and SIMD (NEON) in a tutorial style.
ARM ACLE (Architecture Extension Levels) Intrinsics https://developer.arm.com/architectures/instruction-sets/intrinsics/ Searchable intrinsic reference for NEON and other ARM extensions. Useful when writing ARM SIMD code in C.
RISC-V
RISC-V ISA Specifications https://riscv.org/technical/specifications/ The official RISC-V ISA documents. The "Unprivileged ISA" (Volume I) covers the base integer and standard extension instructions. The "Privileged Architecture" (Volume II) covers machine mode, supervisor mode, virtual memory, and exceptions.
RISC-V ELF/psABI Specification https://github.com/riscv-non-isa/riscv-elf-psabi-doc The RISC-V calling convention and ELF file format specification. Defines the ABI (a0-a7 argument registers, s0-s11 callee-saved, etc.) used by all RISC-V Linux binaries.
Tools and Reference
Assembly and Reverse Engineering
NASM Documentation https://www.nasm.us/doc/ The full NASM reference manual. Chapter 3 (The NASM Language) and Chapter 4 (The NASM Preprocessor) are the most relevant for this book.
pwndbg Documentation https://pwndbg.re/ Reference for pwndbg GDB plugin commands and configuration. Includes examples for heap analysis, ROP gadget finding, and CTF workflows.
pwntools Documentation https://docs.pwntools.com/ The complete pwntools API reference. The tutorial section is a good starting point; the ELF, ROP, and tube (process/remote) modules are the most heavily used in CTF work.
Ghidra Documentation https://ghidra-sre.org/ The official Ghidra page with downloads, release notes, and documentation links. The "Ghidra Book" (The Definitive Guide, available from No Starch Press) is the best companion resource.
Agner Fog's Optimization Resources https://agner.org/optimize/ Instruction timing tables for every x86 microarchitecture since the Pentium, plus optimization guides for C++ and assembly. The instruction tables PDF is updated with each new microarchitecture release.
x86.guide — Interactive x86-64 Instruction Reference https://www.felixcloutier.com/x86/ An unofficial but well-formatted HTML version of the Intel SDM instruction reference. Useful for quick lookup of instruction semantics, flags, and encodings without navigating the full PDF.
Performance Monitoring
Intel VTune Profiler
https://www.intel.com/content/www/us/en/developer/tools/oneapi/vtune-profiler.html
Free hardware performance profiler for Intel CPUs. Provides microarchitecture analysis, memory access analysis, and threading analysis. More detailed than perf for Intel-specific bottleneck investigation.
Linux perf wiki
https://perf.wiki.kernel.org/
The official documentation for the Linux perf subsystem. Covers all subcommands (stat, record, report, annotate, trace) and the event specification syntax.
Security Research and CTF
Learning Platforms
pwn.college (Arizona State University) https://pwn.college/ The best structured curriculum for learning binary exploitation and systems security. Modules progress systematically from assembly basics through advanced exploitation (heap, kernel, format strings). Includes a Discord community and automatic flag verification.
HackTheBox https://www.hackthebox.com/ A platform with machine-based and challenge-based security learning. The "Pwn" category challenges range from beginner to advanced exploitation. Unlike pwn.college, challenges are not guided — you must find your own path.
TryHackMe https://tryhackme.com/ More guided than HackTheBox; good for beginners. The "Binary Exploitation" and "Buffer Overflow Prep" rooms provide step-by-step walkthrough of exploitation concepts.
CTFtime.org https://ctftime.org/ The hub for international CTF competitions. The calendar shows upcoming competitions; the writeup archive (searchable by category: pwn, rev, crypto, web) is the most valuable resource for learning from others' approaches.
Reference
LiveOverflow YouTube Channel https://www.youtube.com/c/LiveOverflow High-quality video content on binary exploitation, CTF challenges, and RE. The "Binary Exploitation" playlist is a video companion to Parts V-VII of this book.
OAlabs YouTube Channel https://www.youtube.com/c/OALabs Professional malware analysis walkthroughs. Each video analyzes a real malware sample, demonstrating the RE workflow from initial triage through behavioral analysis.
how2heap (GitHub: shellphish/how2heap) https://github.com/shellphish/how2heap A repository of heap exploitation technique demonstrations for glibc's ptmalloc. Each technique is a standalone C program that demonstrates the exploitation primitive with explanation. Covers fastbin dup, tcache poisoning, unsafe unlink, and others.
exploit.education https://exploit.education/ A series of VM-based exploitation challenges with increasing difficulty. Good for practicing buffer overflows, format strings, and heap exploitation in a legal, controlled environment.
Exploit Databases
Exploit Database (exploit-db.com) https://www.exploit-db.com/ A public archive of exploits. The GHDB (Google Hacking Database) is less relevant; the raw exploit archive is useful for studying how real-world vulnerabilities are exploited. Maintained by Offensive Security.
NVD (National Vulnerability Database) https://nvd.nist.gov/ The U.S. government repository of vulnerability information. Useful for understanding the scope and impact of published CVEs, and for finding CVEs affecting specific software versions.
Operating Systems Development
OSDev Wiki https://wiki.osdev.org/ The most comprehensive freely available reference for bare-metal x86 programming. Pages on the boot process, GDT, IDT, APIC, ACPI, memory map, PCI, AHCI, and many other hardware topics are directly applicable to the MinOS project. When hardware behavior seems wrong, this wiki usually has the explanation.
OSDev Forum https://forum.osdev.org/ The accompanying community forum. Questions ranging from "my bootloader doesn't switch to protected mode" to "how do I implement SMP" receive thoughtful answers from experienced OS developers. The forum has been active since 2003 and the archives are searchable.
os-tutorial (GitHub: cfenollosa/os-tutorial) https://github.com/cfenollosa/os-tutorial A step-by-step tutorial for writing a small OS from scratch. Each step builds on the last; the source code for each step is included. Useful as a cross-reference for the MinOS development in Chapter 38.
kernelnewbies.org https://kernelnewbies.org/ A community and wiki for people learning Linux kernel development. The "FirstKernelPatch" guide walks through the entire first-patch process: setting up the development environment, finding a task, writing the patch, and submitting it.
Linux Kernel Mailing List Archive (lore.kernel.org)
https://lore.kernel.org/
The complete archive of Linux kernel development mailing lists. Reading the linux-kernel and subsystem-specific lists (e.g., linux-crypto, linux-arch) is educational for understanding the culture, expectations, and technical depth of kernel development.
Compiler Engineering
LLVM Project https://llvm.org/ The LLVM compiler infrastructure. The documentation includes tutorials (Kaleidoscope JIT compiler), the LLVM Language Reference Manual (IR specification), and the Target-Independent Code Generator guide. The LLVM developers forum at https://discourse.llvm.org/ is active and welcoming to contributors.
GCC Internals https://gcc.gnu.org/onlinedocs/gccint/ The GNU Compiler Collection internals manual. Less accessible than LLVM documentation but covers the same concepts: GIMPLE IR, RTL (Register Transfer Language), tree optimizations, and machine descriptions.
GCC Mailing Lists
https://gcc.gnu.org/lists.html
The GCC development lists. The gcc list (general development) and architecture-specific lists are the channels for discussing GCC contributions.
Compiler Research — PLDI and ASPLOS Proceedings https://dl.acm.org/conference/pldi (PLDI) https://dl.acm.org/conference/asplos (ASPLOS) The premier academic venues for programming language and compiler research (PLDI) and architecture/systems interaction research (ASPLOS). Many papers on loop optimizations, register allocation, and vectorization are open access.
RISC-V Ecosystem
RISC-V International https://riscv.org/ The RISC-V standards body. The "Technical" section has all ISA specifications, ratified extensions, and work-in-progress proposals. The "Exchange" directory lists RISC-V hardware, software tools, and educational resources.
riscv-bytes.com (Daniel Mangum's blog) https://danielmangum.com/categories/risc-v-bytes/ A blog covering RISC-V at the assembly and hardware level. Articles on calling convention, instruction encoding, and platform bring together what the specification says and what Linux on RISC-V actually looks like.
RISC-V Software Ecosystem https://github.com/riscv-software-src/ The GitHub organization for the RISC-V software ecosystem, including the official toolchain (GCC, GDB, binutils), simulators (Spike, QEMU RISC-V), and test suites.
Communities and Forums
r/asm (Reddit) https://www.reddit.com/r/asm/ Assembly programming discussions. Signal quality varies but useful for finding resources, getting help with specific problems, and following assembly-related news.
r/ReverseEngineering (Reddit) https://www.reddit.com/r/ReverseEngineering/ Reverse engineering discussions, tool announcements, and research papers. The "Weekly Research Thread" is a good source for new techniques and tools.
Reverse Engineering Stack Exchange https://reverseengineering.stackexchange.com/ High-quality Q&A for RE tools and techniques. Well-moderated; answers are specific and actionable. Good for questions about Ghidra, IDA, specific binary formats, and RE methodology.
Stack Overflow (assembly tag) https://stackoverflow.com/questions/tagged/assembly The general-purpose programming Q&A site. The assembly tag has decades of answered questions on NASM syntax, GAS syntax, calling convention questions, and hardware-specific behavior.
pwn.college Discord The community around pwn.college. Active, helpful, and specifically focused on binary exploitation and CTF. Accessible from the pwn.college website.
Books (Quick Reference)
| Title | Author(s) | Best For |
|---|---|---|
| Intel SDM (free) | Intel | x86-64 authoritative reference |
| CS:APP | Bryant, O'Hallaron | Systems overview complementing this book |
| OSTEP (free) | Arpaci-Dusseau | OS concepts behind MinOS |
| Art of Exploitation | Erickson | Hands-on exploitation depth |
| Practical Malware Analysis | Sikorski, Honig | RE and malware analysis |
| Engineering a Compiler | Cooper, Torczon | Compiler internals |
| RISC-V Reader | Patterson, Waterman | RISC-V ISA reference |
| Computer Org. & Design (RISC-V ed.) | Patterson, Hennessy | Microarchitecture depth |
| Linux Kernel Development | Love | Linux kernel internals |
| Hacking: The Art of Exploitation | Erickson | x86 exploitation |
| The Ghidra Book | Eagle, Nance | Ghidra mastery |
Keeping Current
Security Research Conferences (Videos Available Free)
| Conference | Timing | URL |
|---|---|---|
| DEF CON | August, Las Vegas | https://defcon.org/html/links/dc-archives.html |
| Black Hat | August, Las Vegas | https://www.youtube.com/c/BlackHatOfficialYT |
| CCC (Chaos Computer Club) | December, Germany | https://media.ccc.de/ |
| Usenix Security | August | https://www.usenix.org/conferences/byname/108 |
| IEEE S&P (Oakland) | May | https://www.ieee-security.org/TC/SP-Index.html |
| NDSS | February | https://www.ndss-symposium.org/ |
Academic Preprint Archive
arXiv.org — cs.CR (Cryptography and Security) https://arxiv.org/list/cs.CR/recent Many security research papers are posted here before or alongside conference publication.
Security Blogs Worth Following
- Project Zero Blog: https://googleprojectzero.blogspot.com/ — Google's elite security research team
- Trail of Bits Blog: https://blog.trailofbits.com/ — Security engineering and research
- Margin Research: https://margin.re/ — Systems security research
- 0xOPOSEC: Various CTF team blogs indexed at ctftime.org