Reddit reviews Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level

No problem. I am by no means an expert in writing code or buffer overflows but I have written several myself and even found a few in the wild which was pretty cool. A lot of people want to jump right in to the fun stuff but find out rather quickly that they are missing the skills to perform those tasks. I always suggest to people to start from the ground up when learning to do anything like this. Before going into buffer overflows you need to learn assembly language. Yes, it can be excellent sleep material but it is certainly a must. Once you get an understand of assembly you should learn basic C++. You don't have to be an expert or even intermediate level just learn the basics of it and be familiar with it. The same goes for assembly. Once you get that writing things like shellcode should be no problem. I'll send you some links for a few books I found very helpful. I own these myself and it helped me tremendously.

Jumping into C++: Alex Allain

Write Great Code: Volume1 Understanding the Machine

Write Great Code: Volume2 Thinking Low-Level, Writing High Level

Reversing: Secrets of Reverse Engineering

Hacking: The Art of Exploitation I used this for an IT Security college course. Professor taught us using this book.

The Shellcoders Handbook This book covers EVERYTHING you need to know about shellcodes and is filled with lots of tips and tricks. I use mostly shells from metasploit to plug in but this goes really deep.

.

If you have a strong foundation of knowledge and know the material from the ground-up you will be very successful in the future.

One more thing, I recently took and passed the course from Offensive Security to get my OSCP (Offensive Security Certified Professional). I learned more from that class than years in school. It was worth every penny spent on it. You get to VPN in their lab and run your tools using Kali Linux against a LOT of machines ranging from Windows to Linux and find real vulnerabilities of all kinds. They have training videos that you follow along with and a PDF that teaches you all the knowledge you need to be a pentester. Going in I only had my CEH from eccouncil and felt no where close to being a pentester. After this course I knew I was ready. At the end you take a 24-long test to pass. No questions or anything just hands on hacking. You have 24 hrs to hack into a number of machines and then another 24 hours to write a real pentest report like you would give a client. You even write your own buffer overflow in the course and they walk you through step by step in a very clear way. The course may seem a bit pricey but I got to say it was really worth it. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

It sounds like you're come pretty far in 6 months! I don't know if more tutorials are the right answer to where you are. I've found that reading other people's code is a fantastic way to sharpen C programming skills. I look for code that solves the problem I'm working on and evaluate how it works, sometimes comparing multiple solutions. I then write my own based on what I learned an adapt it to my use case.

Two books I highly recommend are "Writing Great Code, Vol 1 which pretty much covers soup to nuts low level details of types, internal representation of numbers, endianness issues, and other topic of machine organization. You will get so much more out of C programming after reading this book.

>it's all mostly assembler stuff which i've touched on (learnt about the registers, control flow, jump instructions, etc.), it is very confusing I feel and am maybe not ready to undergo such a venture.

The second book is Vol 2 of the same series, and is particularly applicable to your goal of reverse engineering and writing exploits. Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level. This book builds on the first and delves into compiler internals and how choice of conditionals and algorithms effect performance. The code examples are dissected in assembly to illustrate how minor differences in the source greatly effect the machine code generated. A deeper discussion of internal representation of data is also covered. Fair warning, I haven't finished this one due to life, but look forward to picking it up again.

This author also wrote a highly regarded book on x86 assembly, but I haven't read it yet. Hope this helps!

Well, I haven't suggested that you know everything down to subatomic physics, I've suggested you understand assembler. There are good reasons for this, even if you are a Java programmer, as the JVM has it's own bytecode, which you might want to inspect at times, and that turns into real machine instructions, which you might want to inspect sometime, to understand if your abstraction is turning out the way you want.

Example: Yesterday another programmer and I were not sure if the JVM would produce SIMD instructions for a simple loop doing math on doubles. He thought it should, from the documentation, but the speed of the function suggested it wasn't.

By looking at the assembler, we were able to figure it out. While it was using SSE floating point instructions, it was only using a single lane. (64bit compilers do this for obscure reasons I Can get into, if you change your mind about willfull ignorance one day) but only 1 lane of the SSE registers were being used.

So in short, no, the JVM wasn't vectorizing the loop, probably because it was floating point, which is not associative for addition. It may do it with integers. To find out I'll go check the disassembly.

Anyway, the more you know about how the hardware works, the better you can use high level languages and abstractions, because you will understand how to structure them so the assembly that the JVM or compiler produces is efficient.

It is a bit old but still relevant, good book on this subject:
https://www.amazon.com/Write-Great-Code-Low-Level-High-Level/dp/1593270658