Learning Systems and Security

A curated collection of learning resources for systems programming, security, cryptography, and related topics.

Table of Contents

• Assembly
• Reverse Engineering
• Fuzzing
• Operating Systems
• Software Engineering
• Embedded Systems
• Game Programming
• Distributed Systems
• Compilers
• Blockchain
• Cryptography
• Entrepreneurship
• Other Topics

Assembly

• Programming in assembly language tutorial - Step-by-step tutorial for learning x86 assembly language programming from scratch
• Learning Assembly - Personal notes and examples for learning assembly language on multiple architectures
• Nand2Tetris: Build a Modern Computer from First Principles - Build a complete computer system from NAND gates through an OS, covering hardware and software layers
• x86 bare metal examples - Minimal runnable examples of x86 bare metal programming with no OS, bootloaders to VGA output
• SkullSecurity Assembly Wiki - Reference wiki covering x86 assembly fundamentals with a security-oriented perspective
• RPISEC MBE: Modern Binary Exploitation - RPI course materials covering reverse engineering, exploit development, and binary analysis
• OpenSecurityTraining: The Life of Binaries - Covers how binaries are compiled, linked, loaded, and executed at the OS level
• OpenSecurityTraining: Introductory Intel x86 - Free course teaching Intel x86 architecture, registers, instructions, and calling conventions
• x86 Assembly: Hello World! - John Hammond - Beginner walkthrough of writing and compiling a hello world program in x86 assembly
• Quick Tips For Learning Assembly and Reverse Engineering at The Same Time - OALabs - Practical tips for combining assembly learning with hands-on reverse engineering practice
• From 0x90 to 0x4c454554, a Journey into Reverse Engineering - myne-us - Personal narrative of learning reverse engineering from NOP sleds to reading raw hex

Books

• Compiling to Assembly from Scratch - Vladimir Keleshev - Teaches how to build a compiler that emits ARM assembly, covering parsing, code generation, and optimization

Reverse Engineering

• Nightmare, intro to reverse engineering course based around ctf challenges - Structured RE course using real CTF challenges to teach binary analysis and exploitation
• Reverse Engineering - Free comprehensive book on reverse engineering for x86/x64 and ARM with real-world examples
• Reverse Engineering for Beginners - Community and resources by Dennis Yurichev for learning RE fundamentals and techniques
• Exploit development - Sam Bowne - College course covering buffer overflows, format strings, ROP chains, and modern exploit mitigations
• Binary Exploitation and Memory Corruption - LiveOverflow - Video series explaining stack overflows, heap exploitation, and memory corruption bugs
• Insecure Programming - Collection of intentionally vulnerable C programs for practicing exploit development
• Corelan: Exploit Development Tutorials - In-depth tutorials on Windows exploit development covering SEH, ROP, and heap spraying
• OpenSecurityTraining: Free courses with lots of content - Collection of free security courses covering x86, malware analysis, and exploit development
• SecurityTube Megaprimers - Video courses on penetration testing, exploit research, and security tool development
• Violent Python archive - Resources for using Python to build security tools, fuzzers, and exploit scripts
• A binary analysis: count me if you can - shell-storm - Walkthrough of analyzing a binary challenge using disassembly and static analysis techniques
• SkullSecurity Blog - Security research blog covering reverse engineering, CTF writeups, and vulnerability analysis
• Awesome Reversing - tylerha97 - Curated list of reverse engineering resources including tools, tutorials, and practice targets
• Best books, tutorials, and courses for exploit development - pentest.guru - Curated guide to the best learning paths for becoming an exploit developer
• Path to exploit developer - Reddit AskNetsec - Community-sourced roadmap for progressing from beginner to professional exploit developer
• SANS Advanced Exploit Development for Penetration Testers - Professional training on advanced heap exploitation, kernel bugs, and modern mitigations
• Smashing the Browser - demi6od - Browser exploitation research covering JavaScript engine bugs and renderer vulnerabilities
• HackerSploit - YouTube channel with tutorials on penetration testing, ethical hacking, and security tools
• BinExp - r0hi7 - Linux binary exploitation learning path with progressive challenges from basic to advanced
• PortSwigger Web Security Academy - Free interactive labs teaching web vulnerabilities like SQL injection, XSS, and SSRF

Exercises

• microcorruption tutorial - Embedded security CTF where you exploit lock firmware using an in-browser debugger and MSP430 assembly
• Reverse-Engineering-C-challenges - Practice challenges for reverse engineering compiled C programs using disassemblers and debuggers

Tools

• pwntools - CTF toolkit - Python library for writing exploits, handling binary I/O, shellcode generation, and ROP chain building
• Tutorials for getting started with Pwntools - Step-by-step guide to using pwntools for CTF challenges and exploit development

Binary exploitation

• Smashing the stack for fun and profit - The classic 1996 paper by Aleph One that introduced stack buffer overflow exploitation techniques
• CNIT 127: Exploit Development - College course covering stack and heap overflows, shellcode writing, and format string attacks
• exploit.education - Vulnerable VMs and challenges for learning memory corruption, format strings, and kernel exploitation
• Buffer Overflow in Belkin N750 (CVE-2014-1635) - Integrity Labs - Real-world case study of discovering and exploiting a buffer overflow in a consumer router
• dostackbufferoverflowgood - justinsteven - Beginner-friendly tutorial on Windows stack buffer overflows for OSCP-level preparation
• Binary Exploitation (binexp-spring2015) - RPI Security - University course on Linux binary exploitation covering shellcode, ROP, and heap attacks
• CNIT 127: Exploit Development (Fall 2019) - Updated exploit development course with modern techniques and mitigations

Books

• Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation - Bruce Dang, Alexandre Gazet, Elias Bachaalany - Covers processor internals, Windows kernel reversing, and code obfuscation analysis techniques

Wargames

• Over The Wire - Progressive wargames teaching Linux command line, networking, and binary exploitation skills
• Smash the stack - Network-based wargame focused on memory corruption and binary exploitation challenges
• Exploit exercises - VMs with escalating privilege escalation and exploit development challenges
• PwnAdventure - Intentionally vulnerable 3D MMO game designed for practicing game hacking and reverse engineering
• PwnAdventure Sourcery - Source-code-level hacking challenges set in the PwnAdventure game universe
• ROP Emporium - Progressive challenges specifically designed to teach return-oriented programming techniques
• 0x0539 - Hacking challenge site with levels covering web, crypto, and binary exploitation
• Pwnable.xyz - Binary exploitation wargame with challenges ranging from basic stack overflows to advanced heap attacks
• HackTheBox - Online platform with vulnerable machines for practicing penetration testing and exploitation
• SkullSecurity CTFs - CTF writeups and challenge archives for learning offensive security techniques

Books

• Hacking, the Art of Exploitation - Jon Erikson - Teaches C programming, networking, and exploitation from first principles with hands-on examples
• The Shellcoders Handbook - Anley, Heasman, Lindner and Richarte - Comprehensive guide to finding and exploiting security holes across platforms and architectures
• Gray Hat Hacking The Ethical Hacker's Handbook - Covers vulnerability discovery, reverse engineering, and exploit development for ethical hackers
• The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities - Exhaustive guide to auditing source code for security flaws in C/C++ and web applications
• The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler - Chris Eagle - Complete guide to using IDA Pro for disassembly, scripting, and reverse engineering workflows
• A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security - Tobias Klein - Real stories of finding bugs in VLC, Solaris kernel, iOS, and other major software

Fuzzing

• FuzzySecurity - Tutorials on exploit development, fuzzing techniques, and Windows privilege escalation
• LibFuzzer Workshop - Hands-on workshop for learning coverage-guided fuzzing with LLVM's LibFuzzer

Operating Systems

• The little book about OS development - Guide to writing a small x86 operating system kernel from scratch, covering boot, paging, and interrupts

Software Engineering

• Foundations of Software Engineering - CMU course covering software design, testing, architecture, and development process at scale

Embedded Systems

• Introductory Microcontroller Programming - Peter Alley - Thesis-based tutorial on microcontroller programming covering I/O, timers, interrupts, and ADC

Game Programming

• COMP4300 - Dave Churchill - University course building a 2D game engine from scratch using C++ and SFML
• GamesWithGabe - Video series on building game engines and games in Java and C++ from the ground up

Distributed Systems

• Distributed Systems - Martin Kleppmann - Cambridge lecture series covering clocks, replication, consensus, and Byzantine fault tolerance
• PingCAP Talent Plan - Open-source training courses for building distributed databases and systems in Rust and Go
• MIT 6.824: Distributed Systems - Classic graduate course covering MapReduce, Raft, Spanner, and distributed transactions

Basics

• Distributed systems for fun and profit - Concise free ebook covering fundamentals of distribution, time, replication, and consistency
• History of the Impossibles - CAP and FLP - Explains the two foundational impossibility results in distributed computing and their implications
• FLP and CAP aren't the same thing - Clarifies the distinction between FLP impossibility and the CAP theorem
• Readings in Database Systems - Peter Bailis, Joseph M. Hellerstein, Michael Stonebraker - Curated collection of the most important database research papers with modern commentary
• The Log: What every software engineer should know about real-time data's unifying abstraction - Jay Kreps - Foundational essay on how append-only logs unify stream processing, replication, and data integration

Courses

• CS6213 Special Topics in Distributed Computing - Graduate course on distributed algorithms with formal verification using separation logic
• CS 425 Distributed Systems - UIUC course covering gossip protocols, consensus, distributed file systems, and key-value stores
• Aphyr's class - Outline and exercises from Kyle Kingsbury's distributed systems class covering linearizability and Jepsen
• MIT 6.824 - Reading list and lab assignments for MIT's distributed systems course including Raft and sharded KV stores
• The System Design Primer - Study guide for large-scale system design interviews covering caching, load balancing, and databases

Papers

• Readings in Distributed Systems - Christopher Meiklejohn - Annotated bibliography of essential distributed systems papers organized by topic
• A Note on Distributed Computing - Jim Waldo et al. - Classic paper arguing that local and remote computing are fundamentally different and cannot be unified
• MapReduce: Simplified Data Processing on Large Clusters - Google's seminal paper on the MapReduce programming model for parallel data processing
• Dynamo - Amazon's paper on a highly available key-value store using consistent hashing, vector clocks, and quorums
• An overview of clock synchronization - Survey of clock synchronization algorithms and their correctness guarantees in distributed systems
• Impossibility of Distributed Consensus with One Faulty Process - The FLP impossibility result proving consensus is unsolvable in asynchronous systems with one crash failure
• Harvest, Yield and Scalable Tolerant Systems - Introduces harvest/yield tradeoffs as a practical alternative to the strict CAP theorem
• Unreliable Failure Detectors for Reliable Distributed Systems - Foundational paper defining failure detector abstractions that make consensus solvable in asynchronous systems
• Survey on Scalable Failure Detectors - Overview of failure detection approaches that scale to large distributed systems
• Life beyond distributed transactions - Pat Helland's influential paper on building scalable systems without distributed transactions
• Two phase commit - Clear explanation of the 2PC atomic commit protocol, its guarantees, and its blocking failure mode
• Three phase commit - Explains how 3PC avoids 2PC's blocking problem by adding a pre-commit phase
• Paxos - Accessible explanation of the Paxos consensus algorithm and its correctness properties
• Chubby - Google's distributed lock service built on Paxos, used for leader election and metadata storage
• ZooKeeper: Wait-free coordination for Internet-scale systems - Apache's coordination service for distributed applications providing configuration, naming, and locks
• A Quorum-based Commit Protocol - Proposes using quorum-based voting instead of unanimous agreement for distributed commit
• Bully algorithm - Simple leader election algorithm where the process with the highest ID becomes coordinator
• How to Build a Highly Available System Using Consensus - Practical guide to using consensus protocols for building fault-tolerant replicated state machines
• Distributed Snapshots: Determining Global States of a Distributed System - Chandy-Lamport algorithm for recording consistent global snapshots without stopping the system
• Atomic broadcast - Defines total order broadcast and proves its equivalence to consensus
• Gossip - Xerox PARC paper on epidemic algorithms for efficient replicated database maintenance
• Chain Replication for Supporting High Throughput and Availability - Replication protocol that achieves high throughput by chaining updates through an ordered sequence of servers
• The Part-Time Parliament - Leslie Lamport - Lamport's original Paxos paper describing consensus through the metaphor of a Greek parliament
• Viewstamped Replication: A New Primary Copy Method to Support Highly-Available Distributed Systems - Introduces view-change-based replication as an alternative to Paxos for state machine replication
• Fast Paxos - Leslie Lamport - Extends classic Paxos to reduce message delays by allowing clients to send directly to acceptors
• Paxos Made Moderately Complex - Robbert van Renesse, Deniz Altinbuken - Step-by-step description of a complete, implementable Paxos-based replicated state machine
• Distributed Snapshots: Determining Global States of Distributed Systems - Chandy, Lamport - The Chandy-Lamport snapshot algorithm for capturing consistent global state in a distributed system
• Forward and Backward Simulations Part I: Untimed Systems - Lynch, Vaandrager - Formal framework for proving correctness of concurrent systems using simulation relations
• An Axiomatic Proof Technique for Parallel Programs I - Owicki, Gries - Foundational work on Owicki-Gries method for verifying shared-variable parallel programs
• Proving Liveness Properties of Concurrent Programs - Owicki, Lamport - Techniques for proving that concurrent programs eventually make progress using well-founded orderings

Exercises

• Toydb - Distributed SQL database built from scratch in Rust with Raft consensus and MVCC transactions
• pea2pea - Lightweight Rust library for creating peer-to-peer networking nodes with minimal boilerplate
• geohot/minikeyvalue - Minimal distributed key-value store in under 1000 lines demonstrating core distributed storage concepts

TLA+

• Leslie Lamport's The TLA+ Video Course - Official video course by TLA+ creator Leslie Lamport on specifying and verifying concurrent systems
• Dr. TLA+ Series - Raft - Walkthrough of formally specifying the Raft consensus algorithm in TLA+
• Dr. TLA+ series - learn an algorithm and protocol, study a specification - Collection of TLA+ specifications for well-known distributed algorithms with video explanations

Raft

• An Erlang implementation of RAFT from WhatsApp - Production Raft implementation in Erlang used at WhatsApp scale

Data Structures

• Distributed Hash Tables - Introduction to DHT concepts including consistent hashing and peer-to-peer lookup protocols

Real Systems

• GFS - Google File System paper on a scalable distributed file system for large-scale data-intensive applications
• Spanner - Google's globally-distributed database using TrueTime for external consistency across datacenters
• F1 - Google's distributed relational database built on Spanner for the AdWords system
• Chubby - Google's distributed lock service providing coarse-grained locking and reliable small-file storage
• BigTable - Google's distributed storage system for managing structured data at petabyte scale
• MillWheel - Google's fault-tolerant stream processing framework with exactly-once delivery guarantees
• Omega - Google's shared-state cluster scheduler using optimistic concurrency control for flexible scheduling
• Dapper - Google's large-scale distributed systems tracing infrastructure for diagnosing performance issues
• Paxos Made Live - Engineering lessons from implementing Paxos in Google's Chubby lock service
• The Tail At Scale - Jeff Dean's paper on techniques for reducing latency variability in large-scale distributed systems
• Dryad - Microsoft's general-purpose distributed execution engine for coarse-grained data-parallel applications
• Cassandra - Facebook's distributed NoSQL database combining Dynamo's partitioning with BigTable's data model
• Ceph - Distributed object store and file system designed for performance, reliability, and scalability
• RAMCloud - Stanford's low-latency storage system keeping all data in DRAM across a datacenter cluster
• HyperDex - Distributed key-value store using hyperspace hashing for efficient multi-attribute search
• PNUTS - Yahoo's globally distributed data serving system with per-record timeline consistency
• Azure Data Lake Store - Microsoft's hyperscale distributed file store optimized for big data analytics workloads

Blog Posts & Talks

• Everything Will Flow - Zach Tellman - Talk on backpressure, queuing theory, and flow control in distributed systems

Other

• CAP Twelve Years Later: How the "Rules" Have Changed - Eric Brewer revisits the CAP theorem with nuance on partition handling and recovery
• Fallacies of distributed computing - The eight false assumptions programmers make about networks that cause distributed system failures
• You Can't Sacrifice Partition Tolerance: In which there are limits to the CAP conjecture - Argues that network partitions are inevitable, so systems must choose between consistency and availability
• Two Generals' Problem - Classic thought experiment proving that consensus over unreliable communication is impossible
• Byzantine fault - Explanation of failures where components may behave arbitrarily, including sending conflicting information
• Vector clock - Logical clock mechanism for determining causal ordering of events in distributed systems
• Quorum - Minimum number of votes needed for a distributed operation to proceed, ensuring consistency
• baseds: Exploring the basics of distributed systems - Beginner-friendly blog series explaining distributed systems concepts with illustrations

Books

• Distributed systems for fun and profit - Free concise ebook covering time, replication, consistency models, and fault tolerance fundamentals
• Designing Data Intensive Applications - Martin Kleppmann - Covers storage engines, replication, partitioning, transactions, and stream processing for modern data systems
• Replication: Theory and Practice - Comprehensive academic treatment of data replication techniques, consistency models, and fault tolerance
• Introduction to Reliable and Secure Distributed Programming - Textbook on building reliable distributed abstractions from broadcast to consensus with formal specifications

Compilers

• CS143 Compilers - Stanford - Stanford's compiler course covering lexing, parsing, semantic analysis, and code generation
• Tiger: Toy compiler implementation in OCaml - Implementation of the Tiger language compiler from Appel's textbook in OCaml
• Types and Programming Languages - Benjamin C. Pierce - Foundational textbook on type theory covering lambda calculus, subtyping, and polymorphism
• lambda_calculus: Untyped lambda calculus in Rust - Rust implementation of untyped lambda calculus with multiple reduction strategies
• How I wrote my own "proper" programming language - Mukul Rathi - Blog series walking through building a concurrent language with type inference and LLVM backend
• coollang-2020-fs: Compiler for a small Scala subset in F# - F# implementation of a compiler for a Scala-like language with classes and type checking
• Toy Compiler Using Ocamllex, Menhir, and LLVM - Daniel Volya - Tutorial on building a compiler with OCaml's lexer/parser generators targeting LLVM IR
• OCaml Programming: Type Checking chapter - Cornell CS 3110 - Explains how to implement type checking for a simple language in OCaml
• Introduction to Compilers and Language Design - Douglas Thain - Free textbook covering scanner, parser, AST, type checking, and code generation for a C-like language
• Beautiful Racket - Matthew Flatt - Teaches language-oriented programming by building domain-specific languages in Racket
• Crafting interpreters - Robert Nystrom - Build two complete interpreters (tree-walk in Java, bytecode VM in C) for the Lox language
• Engineering a Compiler - Keith D. Cooper, Linda Torczon - Textbook covering intermediate representations, optimization, instruction selection, and register allocation
• The Programming Languages Zoo - Andrej Bauer - Collection of small language implementations demonstrating different PL concepts and type systems

Project Ideas

• Lambda calculus
• Compiler targeting QBE / LLVM
• Hindley-Milner type system / W Algorithm
• BitTorrent client
• DHT
• Trees: Merkle tree, LSM
• Consensus algorithms: Raft
• CRDTs
• SNARKs / STARKs
• American Fuzzy Lop
• Symbolic execution
• TLA+

Blockchain

Introduction

• Foundations of Blockchains - Tim Roughgarden's course covering consensus protocols, mechanism design, and blockchain theory
• DeFi MOOC - University-level course covering decentralized finance protocols, AMMs, lending, and oracles

Pre-requisites

• Public & Private Keys - Visual explanation of asymmetric cryptography and how public/private key pairs work
• Digital Signatures - How they work? - Explains how digital signatures provide authentication, integrity, and non-repudiation
• What is Hashing on the Blockchain? - Explains cryptographic hash functions and their role in blockchain data integrity

Cultural

• Nic Carter: Bitcoin Core Values, Layered Scaling, and Blocksize Debates - Discussion of Bitcoin's philosophical foundations and the scaling war history
• Balaji Srinivasan - Bitcoin and Ethereum, Crypto Oracles, and More - Wide-ranging conversation on crypto's role in technology, governance, and the network state
• Raoul Pal Discusses with Punk6529: NFTs, IP Rights & The Metaverse - Discussion on digital ownership, NFT intellectual property, and metaverse economies
• Michael Saylor: Bitcoin, Inflation, and the Future of Money - Deep dive into Bitcoin as a store of value and its monetary policy implications
• The Networked State - Balaji Srinivasan - Vision for building new digital-first communities and nations using blockchain technology
• Cancelled Nickel Trades on the LME - Patrick Boyle - Analysis of the 2022 LME nickel short squeeze and how centralized exchanges can reverse trades

Basics

• But how does bitcoin actually work? - 3Blue1Brown's visual explanation of Bitcoin's proof-of-work, hashing, and blockchain mechanics
• Bitcoin paper - Satoshi Nakamoto's original whitepaper describing a peer-to-peer electronic cash system
• Ethereum paper - Vitalik Buterin's whitepaper proposing a blockchain with a Turing-complete programming language
• Understanding the Ethereum Blockchain Protocol - Vitalik Buterin - Vitalik explains Ethereum's technical architecture including state tries, the EVM, and gas
• Cryptoeconomics In 30 Minutes - Vitalik Buterin - Concise overview of how economic incentives secure blockchain protocols
• Trie, Merkle, Patricia: A Blockchain Story - Explains the data structures behind Ethereum's state storage: tries, Merkle trees, and Patricia tries

Courses

• Stanford CS 251: Cryptocurrencies and Blockchain Technologies - Stanford course covering consensus, smart contracts, DeFi, and privacy in blockchain systems
• MIT 15.S12 Blockchain and Money - Gary Gensler - MIT course examining blockchain technology through the lens of finance and regulation

Solidity

• Learn Solidity in Y minutes - Quick syntax reference for Solidity covering types, functions, modifiers, and events
• Solidity by Example - Concise, runnable Solidity examples covering common patterns from basic to advanced
• Crypto Zombies - Interactive tutorial that teaches Solidity by building a zombie-themed game step by step
• Peter's Solidity Recruitment Test - Video walkthrough of a Solidity coding challenge used for smart contract developer hiring
• BuidlGuidl is a curated group of Ethereum builders - Community of Ethereum developers building open-source projects with Scaffold-ETH

Contracts

• Programming DeFi: Uniswap V2 - Step-by-step guide to implementing the Uniswap V2 automated market maker from scratch

Ethereum Internals

• EVM Deep Dives: The Path to Shadowy Super Coder - Deep technical exploration of EVM internals including opcodes, memory layout, and gas costs
• EVM: From Solidity to byte code, memory and storage - Video explaining how Solidity compiles to bytecode and how the EVM manages memory and storage
• Ethereum Virtual Machine - Overview of EVM architecture, stack-based execution, and smart contract deployment
• Ethereum VM and Consensus by Fredrik Haga - Explains how the EVM executes transactions and how Ethereum reaches consensus

Ethereum Security

• Ethernaut - Wargame where you exploit vulnerable smart contracts to learn Solidity security patterns
• Honeypot - Example of a smart contract honeypot trap built with Scaffold-ETH for educational purposes
• Honeypots in Ethereum And How To Avoid Them - Video explaining how deceptive smart contracts lure victims and how to identify them
• Damn Vulnerable DeFi - Wargame with DeFi-specific challenges covering flash loans, oracles, and governance attacks
• Solidity Security: Comprehensive list of known attack vectors and common anti-patterns - Reference guide to Solidity vulnerabilities including reentrancy, overflow, and access control flaws
• Capture the Ether - CTF-style challenges teaching Ethereum security by exploiting vulnerable smart contracts

Vulnerabilities

• Smart Contract Vulnerabilities (SCV) List - Categorized registry of smart contract vulnerability types with real exploit examples

MEV

• Understanding MEV - with Georgios Konstantopoulos, Dan Robinson, and Hasu - Panel discussion explaining miner/maximal extractable value and its impact on Ethereum
• Interview with a Searcher - with MEV Senpai and Hasu - First-hand account of running MEV extraction bots and the competitive searcher landscape
• Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges - Seminal paper quantifying frontrunning and MEV extraction on decentralized exchanges
• MEV 101 - Introduction to MEV concepts including sandwiching, liquidations, and arbitrage strategies

Zero Knowledge Proofs

Basics

• Intro to zero knowledge proofs - Beginner-friendly explanation of what zero-knowledge proofs are and why they matter
• Security and Privacy for Crypto with Zero-Knowledge Proofs - Overview of how ZKPs enable privacy-preserving transactions and identity verification

ZK SNARKs

• What are zk-SNARKs? - Zcash's explanation of succinct non-interactive arguments of knowledge and their use in private transactions
• Intro to zk-SNARKs - Howard Wu - Podcast episode providing an accessible introduction to zk-SNARK construction and applications
• Zcash Ceremony - Documentary on Zcash's trusted setup ceremony and why it was necessary for the SNARK parameters

ZK STARKs

• Hasu gets STARK-pilled - with Eli Ben-Sasson - StarkWare founder explains STARK advantages: no trusted setup, post-quantum security, and scalability
• Cairo - a Turing-complete STARK-friendly CPU architecture - Paper describing Cairo's CPU architecture designed for efficient STARK proof generation

Advanced topics

• Vitalik's introduction to how zk-SNARKs are possible - Accessible walkthrough of the math behind SNARKs: polynomials, elliptic curves, and pairings
• Vitalik's post on quadratic arithmetic programs - Explains how computation is converted to QAPs, the core representation used in SNARKs
• Comparing General Purpose zk-SNARKs - Comparison of Groth16, PLONK, Marlin, and other SNARK schemes by performance and tradeoffs

Examples with code

• Dark forest's intro + circuits Part 1 - Practical introduction to zk-SNARKs through building circuits for the Dark Forest game
• Dark forest's intro + circuits Part 2 - Continues building zk-SNARK circuits for Dark Forest's initialization proof

R1CS/Circuits

• Circom tutorial - Tutorial on writing arithmetic circuits in Circom for building a simple rollup
• R1CS programing workshop - Hands-on workshop on writing rank-1 constraint systems for zero-knowledge proof circuits

Papers

• A Note on Cryptocurrency Stabilisation: Seigniorage Shares - Robert Sams - Early algorithmic stablecoin design using seigniorage shares to maintain a price peg

Cryptography

• Introduction to Cryptography - Christof Paar - University lecture series covering symmetric ciphers, public key crypto, hashing, and digital signatures
• Cryptography I - Dan Boneh - Stanford's foundational crypto course covering encryption, authentication, key exchange, and public-key systems

Exercises

• amrayn/mine - Minimal C++ encryption library for learning AES, RSA, and Base64 implementations
• mimoo/disco-c - C implementation of the Disco protocol combining Noise framework with Strobe for secure handshakes
• LoupVaillant/Monocypher - Small, portable C cryptography library for studying implementations of Curve25519, ChaCha20, and Blake2b

Blogs

• Trail of Bits - Security research blog covering cryptography audits, vulnerability research, and tool development

Books

• Real World Cryptography - Practical guide to modern cryptography covering TLS, end-to-end encryption, and post-quantum crypto
• Programming Bitcoin - Jimmy Song - Teaches elliptic curve cryptography, transactions, and the Bitcoin protocol by coding them in Python

Elliptic Curves

• Elliptic Curve cryptography explained - Visual and intuitive explanation of elliptic curve math and its application to cryptography
• Elliptic curves - Trustica - Blog series exploring elliptic curve theory from basic group law to pairing-based cryptography
• Elliptic curves in simple Weierstrass form - Trustica - Video series on elliptic curves in Weierstrass form with concrete computations
• 18.783 Elliptic Curves - MIT - Graduate-level MIT course covering elliptic curve arithmetic, isogenies, and cryptographic applications

Discrete Logarithm problem

• 18.783 Elliptic Curves Lecture #9 - The discrete logarithm problem - Covers algorithms for the elliptic curve discrete log problem including Pollard rho and baby-step giant-step
• Zero Knowledge from the Discrete Logarithm Problem - Explains how the hardness of discrete logarithm enables zero-knowledge proof constructions

Pairings

• Pairings for beginners - Craig Costello - Gentle introduction to bilinear pairings on elliptic curves and their use in cryptographic protocols
• The Basics of Pairings - Dan Boneh - Lecture explaining bilinear maps and how pairings enable BLS signatures, IBE, and SNARKs

CTF

• CTF Cryptography for Beginners - Guide to common crypto CTF challenge types including RSA, XOR, and classical ciphers
• Cryptohack - Interactive platform for learning cryptography through progressive challenges from basics to advanced
• Cryptopals - Famous set of 48 practical cryptography exercises covering attacks on real-world crypto systems
• Krypton - OverTheWire wargame teaching classical cipher breaking from Caesar to Vigenere and beyond
• Cryptanalysis - Cryptanalysis challenges ranging from basic encoding to breaking modern crypto implementations

Tools

• CyberChef - Web-based tool for encoding, decoding, encryption, compression, and data analysis operations

zk-SNARK

• The missing explanation of ZK-SNARKs: Part 1 - David Wong - Builds up zk-SNARK intuition from polynomials to the verification equation
• The missing explanation of zk-SNARKs: Part 2 - David Wong - Continues the construction with elliptic curve pairings and the trusted setup
• Why and How zk-SNARK works - Maksym Petkus - Detailed mathematical walkthrough of zk-SNARK construction from basic algebra to Groth16
• zkSNARKs in a nutshell - Christian Reitwiessner - Compact overview of zk-SNARK components: encoding, homomorphic encryption, and verification
• An approximate introduction to how zk-SNARKs are possible - Vitalik Buterin - Vitalik's accessible explanation of the polynomial commitments and pairings behind SNARKs
• Quadratic Arithmetic Programs: from Zero to Hero - Vitalik Buterin - Step-by-step guide to converting programs into the QAP form needed by SNARK provers
• Exploring Elliptic Curve Pairings - Vitalik Buterin - Explains bilinear pairings on elliptic curves and why they are essential for zk-SNARKs
• zk-SNARKs: Under the Hood - Vitalik Buterin - Final part of Vitalik's series connecting QAPs, pairings, and the full SNARK protocol
• The Mathematics behind zkSNARKS - Mirco Richter - Video lecture covering the algebraic foundations needed to understand SNARK constructions

Languages

• Lurk: A Turing-complete programming language for zk-SNARKs - Lisp-like language where program execution can be proven in zero knowledge
• Noir - Domain-specific language for writing zero-knowledge proofs with a Rust-like syntax

Proof systems

• Nova - Microsoft's recursive SNARK scheme using incrementally verifiable computation with minimal overhead

STARKs

• STARKs, Part I: Proofs with Polynomials - Vitalik Buterin - Explains how polynomial evaluation and Merkle trees enable transparent, trustless proofs
• STARKs, Part II: Thank Goodness It's FRI-day - Vitalik Buterin - Covers the FRI protocol for proving that a committed value is close to a low-degree polynomial
• STARKs, Part 3: Into the Weeds - Vitalik Buterin - Complete walkthrough of building a STARK prover and verifier with concrete Python code

Provers and verifiers

• Winterfell - Rust library for generating and verifying STARK proofs with a focus on performance and usability

Other

• Crypto Screencasts - David Wong - Short video explanations of cryptographic concepts including hash functions, MACs, and key exchange
• ZK docs - Community-maintained documentation hub for zero-knowledge proof systems and implementations

Entrepreneurship

• Peter Thiel: Going from Zero to One - Thiel's talk on building monopoly businesses by creating new value rather than competing in existing markets

Other Topics

Finance

• Bridgewater Associates - Videos from the world's largest hedge fund on macro investing, economic cycles, and risk parity
• DX Analytics - Python library for derivatives and risk analytics using Monte Carlo simulation
• Risk Management - Pasquale Cirillo - Lecture series covering VaR, expected shortfall, extreme value theory, and operational risk
• Economics of Money and Banking - Perry Mehrling - Course explaining the money view of the financial system, central banking, and the hierarchy of money
• Quantitative Risk Management - Pasquale Cirillo - Advanced course on modeling financial risk with copulas, heavy tails, and dependence structures
• Financial Mathematics - Pasquale Cirillo - Course covering interest rates, bond pricing, portfolio theory, and the Black-Scholes model
• Python for Computational Finance - Yves Hilpisch - Training program on using Python for financial modeling, algorithmic trading, and risk analytics

Papers

• Demystifying Rebalancing Premium and Extending Portfolio Theory in the Process - Vladislav Dubikovsky, Gabriele Susinno - Formalizes how periodic portfolio rebalancing generates excess returns from volatility
• Rough Volatility Literature - Collection of papers on rough volatility models that better capture observed market dynamics
• Radical Complexity - Jean-Philippe Bouchaud - Argues that standard economic models fail due to ignoring complexity, reflexivity, and fat tails
• Buy Rough, Sell Smooth - Paul Glasserman, Pu He - Develops trading strategies exploiting the difference between rough and smooth volatility models

Volatility

• Rough volatility - Jim Gatheral - Lecture on how fractional Brownian motion with low Hurst parameter models realized volatility
• Fragile Markets - Understanding the dynamic of a Flash Crash - Harel Jacobson - Analysis of market microstructure breakdown and liquidity evaporation during flash crashes
• Liquidity, Volatility, and Information Asymmetry - Harel Jacobson - Explores the relationship between market maker behavior, information flow, and implied volatility
• So You Want to Trade Options - Volatility Trading 101 - Harel Jacobson - Introduction to options trading fundamentals including Greeks, vol surface, and basic strategies
• Delta Hedging made simple (sort of...) - Harel Jacobson - Practical explanation of delta hedging mechanics and P&L from gamma and theta
• Volatility Smile and Delta Hedging (Part 1) - Getting intimate with the vol surface - Harel Jacobson - Explains why the volatility smile exists and how it affects delta hedging strategies
• Turbocharging Derivatives - Variance, Convexity, and Everything in Between - Harel Jacobson - Deep dive into variance swaps, convexity adjustments, and higher-order Greeks
• Trading Volatility Roughness - Rethinking Statistical Arbitrage - Harel Jacobson - Applies rough volatility theory to design statistical arbitrage strategies on the vol surface
• A Brief History of Volatility Models - Harel Jacobson - Survey from Black-Scholes through local vol, stochastic vol, to rough volatility models
• A Story of Liquidity, Volatility, and Returns - Nope, it's Lily - Explains how options market maker hedging flows amplify or dampen equity market moves

Money and Monetarism

• Money - Perry Mehrling - Lecture on money as a hierarchical system of promises and the role of central banks in settlement
• What is Money, Anyway? - Lyn Alden - Comprehensive essay tracing the history and properties of money from commodity to digital forms
• Bagehot was a Shadow Banker: Shadow Banking, Central Banking, and the Future of Global Finance - Perry Mehrling - Reinterprets Bagehot's Lombard Street through the lens of modern shadow banking and dealer markets

Geopolitics

• Ray Dalio: Money, Power, and the Collapse of Empires - Dalio's framework for understanding the rise and fall of empires through debt cycles and reserve currencies

Not yet reviewed

These resources were recently found and have not been reviewed yet. They will be organized into the appropriate sections after review.

Reverse Engineering & Security

• OpenSecurityTraining2 - Free, university-quality curriculum on x86/x64 architecture, Windows/Linux kernel internals, and exploitation
• pwn.college - 1000+ structured challenges covering shellcode, sandboxing, memory corruption, and kernel pwn
• LibAFL: A Framework to Build Modular and Reusable Fuzzers (CCS 2022) - Rust-based composable fuzzing library replacing AFL++
• xairy/linux-kernel-exploitation - Continuously maintained reference index of Linux kernel exploitation techniques and CVEs

Assembly & Low-Level

• RISC-V Assembly Programming - Free textbook teaching assembly through the modern RISC-V ISA
• Rust Atomics and Locks - Mara Bos (O'Reilly, free online) - Definitive treatment of low-level concurrency: atomics, memory ordering, building OS primitives in Rust
• Learning eBPF - Liz Rice (O'Reilly) - Practical introduction to eBPF for tracing, networking, and security

Distributed Systems

• Gossip Glomers - Fly.io Distributed Systems Challenges - Hands-on challenges built on Maelstrom (Jepsen) covering broadcast, CRDTs, Kafka logs, and transactional KV
• FoundationDB: A Distributed Unbundled Transactional Key Value Store (SIGMOD 2021) - Architecture paper on simulation testing, deterministic replay, and the record layer
• Log-structured Protocols in Delos (OSDI 2021) - How Meta built a layered, reconfigurable consensus system
• Zanzibar: Google's Consistent, Global Authorization System - Spawned SpiceDB, OpenFGA, and the entire Zanzibar-like authorization category

Compilers

• CS 6120: Advanced Compilers (Cornell) - Adrian Sampson - PhD-level compiler course covering SSA, dataflow, LLVM passes
• MLIR Getting Started - Jeremy Kun - Clearest introduction to MLIR concepts and dialect system
• SSA-based Compiler Design (free PDF) - Comprehensive academic treatment of SSA form in optimizing compilers

Cryptography

• Proofs, Arguments, and Zero-Knowledge - Justin Thaler (free PDF) - Most rigorous textbook on interactive proofs, SNARKs, and ZK arguments
• ZK-Learning MOOC (Berkeley CS294) - Full university course on ZKP foundations through practical SNARKs and STARKs
• MIT IAP: Modern Zero Knowledge Cryptography - MIT intensive on elliptic curves, polynomial commitments, Groth16, PLONK, Halo2

Game Programming

• Inigo Quilez: Articles on SDFs, Raymarching & Shaders - Best online reference for distance field rendering and procedural graphics by Shadertoy co-creator
• Graphics Programming community resources - Community-curated index of rendering papers, API guides, and GPU architecture references

Distributed Systems (New)

• The Art of the Fugue: Minimizing Interleaving in Collaborative Text Editing - Weidner & Kleppmann (IEEE TPDS, 2025) - Fugue/FugueMax CRDT algorithms with maximal non-interleaving correctness for replicated lists
• Loro: High-Performance CRDTs in Rust - Rust CRDT library integrating Fugue, Eg-walker, and rich text CRDTs; alternative to Yjs/Automerge
• PowerInfer: Fast LLM Serving with Consumer-grade GPU (SOSP 2024) - Exploits power-law neuron activation for GPU-CPU hybrid inference; up to 11.69x speedup on RTX 4090
• TigerBeetle: Deterministic Simulation Testing - Financial transactions database in Zig with VOPR simulation testing; 3.3s simulation covers 39min real-world. See also Phil Eaton's overview

Compilers & Languages (New)

• The MLIR Transform Dialect (CGO 2025) - Controllable IR-based transformation system within MLIR for fine-grained compiler control
• First-Class Verification Dialects for MLIR (PLDI 2025) - Integrates formal verification methods directly into MLIR's dialect framework
• Mojo Programming Language - Chris Lattner's MLIR-native systems language for AI workloads; compiles to GPUs, TPUs, ASICs
• Zig Self-Hosted x86_64 Backend (2025) - Native x86 backend passes more tests than LLVM backend; incremental compilation approaching default-on

Operating Systems & Formal Verification (New)

• Asterinas: Linux ABI-Compatible Rust-Based Framekernel OS (USENIX ATC 2025) - Confines unsafe Rust to ~14% of codebase; supports 210+ Linux syscalls with performance on par with Linux
• Verus: Practical Foundation for Systems Verification (SOSP 2024) - Verification for Rust code 3-61x faster than prior art; case studies in distributed systems, OS, storage
• Atmosphere: Practical Verified Kernels with Rust and Verus (SOSP 2025) - L4-style microkernel verified in Rust/Verus with 7.5:1 proof-to-code ratio in ~2 person-years

Security, Fuzzing & Reverse Engineering (New)

• Rust-for-Linux: Success, Dissatisfaction, and Compromise (USENIX ATC 2024) - Examines 240 driver vulnerabilities and evaluates Rust's actual safety impact in the Linux kernel
• MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency (NDSS 2024) - Context-aware syscall mutation achieving 32% branch coverage growth over state-of-the-art
• LLM4Decompile: Decompiling Binary Code with LLMs (2024) - Open-source LLM (1.3B-33B) for binary decompilation outperforming GPT-4o and Ghidra by 100%+ on re-executability

AI/ML Systems (New)

• FlashAttention-3: Fast Attention with Asynchrony and Low-precision (NeurIPS 2024 Spotlight) - Exploits Hopper GPU asynchrony and FP8; 1.5-2.0x faster than FlashAttention-2 on H100
• SGLang: Efficient Execution of Structured LM Programs (2024) - RadixAttention for KV cache reuse and compressed FSMs for constrained decoding; up to 5x throughput vs vLLM
• DSPy: Compiling Declarative LM Calls into Self-Improving Pipelines (ICLR 2024) - Stanford framework for programming LLMs with automatic prompt/weight optimization
• Towards Efficient Generative LLM Serving: A Survey (ACM Computing Surveys, 2025) - Comprehensive survey covering decoding, quantization, parallelism, memory, and scheduling

WebAssembly (New)

• WASI 0.2 and the WebAssembly Component Model (2024) - Stable release with Component Model for CLI, sockets, clocks; WASI 0.3 adds native async