C lessons

280 lessons, ordered from first principles to advanced Linux systems programming.

C Basics

  1. What is C? — beginner
  2. Compiling with gcc — beginner
  3. The main function — beginner
  4. printf and format specifiers — beginner
  5. Variables — beginner
  6. Data types — beginner
  7. Reading input with scanf — beginner
  8. Operators and precedence — beginner
  9. if / else — beginner
  10. switch / case — beginner
  11. for / while / do-while — beginner
  12. Functions — beginner
  13. Scope and lifetime — beginner
  14. Header files — beginner
  15. Bitwise operations — beginner
  16. Endianness and byte order — beginner
  17. Recursion — base case + smaller subproblem — beginner
  18. State machines for parsers — beginner
  19. Makefiles — the C build system — beginner
  20. Debugging with gdb — intermediate

Arrays & Strings

  1. Arrays — beginner
  2. Multi-dimensional arrays — beginner
  3. Character arrays — beginner
  4. C strings — beginner
  5. Implementing strlen — beginner
  6. strcpy and its dangers — beginner
  7. strcmp and string comparison — beginner
  8. String safety and bounded operations — intermediate
  9. Command-line arguments — beginner
  10. The two-pointer technique — intermediate
  11. Searching for a substring — beginner

Pointers & Memory

  1. Pointer basics — beginner
  2. Pointer arithmetic — beginner
  3. Pointers and arrays — beginner
  4. Pointers and strings — beginner
  5. Double pointers — intermediate
  6. malloc and the heap — intermediate
  7. calloc — zero-initialized allocation — intermediate
  8. realloc — grow or shrink — intermediate
  9. free and ownership — intermediate
  10. Memory leaks — intermediate
  11. Use-after-free — advanced
  12. Dangling pointers — advanced
  13. Memory safety — the whole bug class — intermediate

Structs & Data Structures

  1. Structs — beginner
  2. typedef — beginner
  3. enums — beginner
  4. Linked lists — intermediate
  5. Stacks — intermediate
  6. Queues (FIFO) — intermediate
  7. Hash tables — advanced
  8. Binary trees — intermediate
  9. Sorting overview — intermediate
  10. Searching — intermediate
  11. Hashing — turning keys into table indices — intermediate

File Handling

  1. fopen and the stdio model — intermediate
  2. fread for binary I/O — intermediate
  3. fwrite for binary output — intermediate
  4. fgets for safe line reading — intermediate
  5. File permissions and stat — intermediate
  6. Binary files — intermediate
  7. Parsing CSV — intermediate
  8. Log parsing — line iteration + classification — beginner

Linux System Programming

  1. File descriptors — intermediate
  2. open / read / write / close — intermediate
  3. errno and error reporting — intermediate
  4. fork — duplicating the process — intermediate
  5. exec — replacing the process image — advanced
  6. wait and waitpid — intermediate
  7. Pipes — advanced
  8. Signals — advanced
  9. Environment variables — intermediate
  10. Mini shell project — advanced
  11. eventfd, timerfd, signalfd — synthetic fds — intermediate
  12. POSIX threads — pthread_create, mutex, cond — intermediate
  13. rlimit — capping CPU, memory, fds — intermediate
  14. /proc forensics — deep dive — intermediate
  15. Namespaces + cgroups — the container ingredients — advanced
  16. What are signals in C and Linux? — beginner
  17. Common signals: SIGINT, SIGTERM, SIGKILL, SIGSEGV, SIGALRM — beginner
  18. signal() vs sigaction() — and why you should always use sigaction() — intermediate
  19. Writing safe signal handlers — async-signal-safe rules — intermediate
  20. raise() — sending a signal to yourself — beginner
  21. kill() — sending a signal to another process — intermediate
  22. alarm() — schedule a SIGALRM in N seconds — beginner
  23. Handling Ctrl+C safely — intermediate
  24. Common mistakes with signals — intermediate
  25. What are threads? Why use them in C? — beginner
  26. pthread_create() and pthread_join() — beginner
  27. Passing arguments to threads — intermediate
  28. Returning data from threads — intermediate
  29. Race conditions — intermediate
  30. Mutexes — pthread_mutex_t — intermediate
  31. Deadlocks — advanced
  32. Writing thread-safe code — intermediate
  33. The producer/consumer pattern — advanced
  34. Common mistakes with threads — intermediate

Networking in C

  1. Sockets introduction — intermediate
  2. TCP client — advanced
  3. TCP server — advanced
  4. UDP client — advanced
  5. UDP server — advanced
  6. A tiny HTTP GET client — advanced
  7. Simple local HTTP server — advanced
  8. select / poll for multiplexing — advanced
  9. Socket timeouts — advanced
  10. Localhost port checking — advanced
  11. HTTP/1.1 protocol structure — intermediate
  12. Checksums — integrity over the wire — intermediate
  13. epoll — modern Linux I/O multiplexing — intermediate
  14. Non-blocking sockets — O_NONBLOCK and EAGAIN — intermediate
  15. DNS resolution with getaddrinfo — intermediate
  16. Unix domain sockets — local IPC — intermediate
  17. IPv6 mechanics — addresses and dual-stack — beginner
  18. HTTP/1.1 chunked transfer encoding — intermediate
  19. TLS — read about it; never write it — intermediate
  20. What are sockets in C? — beginner
  21. TCP vs UDP — when to pick which — beginner
  22. socket() — creating an endpoint — beginner
  23. struct sockaddr_in — addresses for IPv4 — beginner
  24. htons(), htonl(), inet_pton() — network byte order — beginner
  25. bind() — claim a local port — beginner
  26. listen() and accept() — the server side — intermediate
  27. connect() — the client side — beginner
  28. send() and recv() — moving bytes — intermediate
  29. A complete simple TCP server (localhost) — intermediate
  30. A complete simple TCP client (localhost) — intermediate
  31. Why localhost-only testing matters — beginner
  32. Common socket errors — intermediate
  33. Parse an HTTP/1.1 request line in C — intermediate
  34. Pull the method out of a SIP message — intermediate
  35. Parse an IQ-samples capture header — intermediate
  36. DNS on the wire — names as labels — intermediate
  37. TLS handshake bytes — where SNI lives — intermediate

Secure Coding in C

  1. Buffer overflow basics — intermediate
  2. Bounds checking everywhere — intermediate
  3. Safe string functions — intermediate
  4. Input validation — intermediate
  5. Integer overflow — intermediate
  6. Format string mistakes — advanced
  7. Command injection prevention — intermediate
  8. Secure error handling — intermediate
  9. Buffer safety — bounded copies, every time — beginner
  10. Safe parsing — the defensive parser shape — intermediate
  11. TOCTOU — time-of-check vs time-of-use races — intermediate
  12. Symlink attacks and how to refuse them — intermediate
  13. Score a password against a policy (defensive) — beginner
  14. Detect SQL-injection metacharacters in user input — intermediate
  15. Shape of a libFuzzer-compatible defensive target — intermediate
  16. Constant-time byte comparison — intermediate
  17. Base64 and tokens — decode before you trust — intermediate

Safe Penetration Testing Labs

  1. What is ethical hacking? — beginner
  2. Rules of engagement — beginner
  3. Setting up a local-only lab — beginner
  4. Reading HTTP requests — intermediate
  5. Parsing server logs — intermediate
  6. Detecting failed-login bursts — intermediate
  7. Spotting unsafe strcpy in code — intermediate
  8. Fixing command injection in toy C code — intermediate
  9. SQL injection — the concept — intermediate
  10. A safe localhost-only port scanner — advanced
  11. ELF header — the binary's calling card — intermediate
  12. /proc forensics — a cookbook — beginner
  13. Auditing setuid programs — advanced
  14. seccomp-BPF — allow-list the system calls a process may make — advanced
  15. Fuzz harness design — defensively — advanced
  16. Parse saved nmap XML output (defensive) — intermediate
  17. Detect failed-login bursts in auth.log — intermediate
  18. Generate a Markdown finding report in C — beginner
  19. Parse a pcap per-packet record in C — intermediate
  20. Classify an 802.11 frame from its control byte — intermediate
  21. Extract the local name from a BLE advertisement — intermediate
  22. Count global symbols in an ELF .symtab — intermediate
  23. Classify a firmware blob from its magic bytes — beginner
  24. Pull the filename out of a mock MFT record — intermediate
  25. Recover an 8.3 filename from a FAT directory entry — intermediate
  26. Count unique subdomains in a wordlist — beginner
  27. Count HIGH-severity entries in a mock CVE feed — intermediate
  28. Score a URL for phishing markers — intermediate
  29. Render an ISO/IEC 14443 UID as hex — beginner
  30. Detect a stack canary pattern in a memory snapshot — intermediate
  31. Write a USTAR tar header for an evidence bundle — intermediate
  32. The C-for-Kali Track — Tour and Safe-Lab Map — beginner
  33. Detecting port scans — flags and fan-out — intermediate
  34. Linux file-permission audit — the risky bits — beginner

Computer & OS Fundamentals

  1. How a computer runs a program — beginner
  2. CPU, RAM, disk, and processes — beginner
  3. What an operating system does — beginner
  4. Files, directories, and permissions — beginner
  5. Environment variables and the command line — beginner
  6. Encoding: ASCII, Unicode, Base64, and hex — beginner
  7. Compression and archives — beginner
  8. Logs and timestamps — beginner

Windows Fundamentals

  1. Windows users, groups, and SIDs — beginner
  2. NTFS permissions and ACLs — beginner
  3. Windows services — beginner
  4. The Windows registry — beginner
  5. Event Viewer and Windows logging — beginner
  6. PowerShell basics for operators — beginner
  7. RDP and SMB: two Windows services worth defending — beginner
  8. The Windows privilege model: UAC and tokens — intermediate

Web Foundations & Databases

  1. How the web works: client, server, request, response — beginner
  2. Cookies, sessions, and browser storage — beginner
  3. REST APIs, HTTP methods, and JSON — beginner
  4. Authentication, authorization, and account flows — beginner
  5. SQL basics: querying a relational database — beginner
  6. SQL injection and prepared statements — intermediate
  7. NoSQL, password storage, and database hardening — intermediate

Web Application Security

  1. Testing the web: intercepting and shaping HTTP requests — beginner
  2. Broken access control and IDOR — intermediate
  3. Cross-site scripting (XSS) — intermediate
  4. Cross-site request forgery (CSRF) — intermediate
  5. Server-side request forgery (SSRF) — intermediate
  6. Command injection and path traversal — intermediate
  7. Security headers, CORS, and JWT weaknesses — intermediate
  8. Business logic flaws and race conditions — advanced

Networking Fundamentals

  1. The TCP/IP and OSI models — beginner
  2. IP addresses: IPv4, IPv6, public vs private — beginner
  3. Subnetting and CIDR notation — intermediate
  4. MAC addresses and ARP — beginner
  5. DNS: how names become addresses — beginner
  6. DHCP and NAT — beginner
  7. TCP vs UDP, ports, and the ones to know — beginner
  8. HTTP, HTTPS, and TLS — beginner
  9. Firewalls, proxies, VPNs, and load balancers — beginner
  10. Reading packet captures with Wireshark — intermediate

API Security

  1. The API attack surface — beginner
  2. Broken Object Level Authorization (BOLA) — intermediate
  3. Broken Function Level Authorization (BFLA) — intermediate
  4. API mass assignment — intermediate
  5. API authentication, tokens, and OAuth — intermediate
  6. Rate limiting and resource consumption — beginner
  7. API documentation, Swagger, and discovery — beginner

Internal Network & Active Directory

  1. Internal network pentest methodology — beginner
  2. What is Active Directory? — beginner
  3. AD objects: users, groups, computers, and OUs — beginner
  4. Kerberos and NTLM authentication — intermediate
  5. LDAP and domain enumeration — intermediate
  6. Password spraying, roasting, and credential reuse — intermediate
  7. Lateral movement and segmentation — intermediate
  8. Attack paths (BloodHound) and Active Directory defenses — intermediate

Privilege Escalation

  1. Privilege escalation: the enumeration-first mindset — beginner
  2. Linux privilege escalation: sudo and SUID binaries — intermediate
  3. Linux privesc: cron jobs and PATH abuse — intermediate
  4. Linux privesc: capabilities, services, and the docker group — intermediate
  5. Windows privesc: service misconfigurations — intermediate
  6. Windows privesc: autostart, scheduled tasks, and AlwaysInstallElevated — intermediate
  7. Windows privesc: token privileges and UAC — advanced

Password Attacks & Cryptography

  1. Hashing: integrity, identification, and its limits — beginner
  2. Symmetric and asymmetric encryption — beginner
  3. TLS, certificates, and digital signatures — intermediate
  4. Common cryptography mistakes — intermediate
  5. Password storage: salts, slow hashes, and work factors — intermediate
  6. Password cracking concepts (authorized labs only) — intermediate
  7. Online attacks, lockout, and MFA — beginner

Cloud & Container Security

  1. The cloud model and IAM — beginner
  2. Storage buckets, security groups, and public exposure — beginner
  3. Secrets, metadata, and cloud privilege escalation — intermediate
  4. Cloud logging and serverless security — beginner
  5. Docker images, containers, and Dockerfile security — beginner
  6. Container runtime risks and Kubernetes — intermediate
  7. CI/CD and software supply-chain security — intermediate

Wireless & Mobile Security

  1. Wi-Fi basics and WPA/WPA2/WPA3 — beginner
  2. Wireless attacks, evil twins, and hardening — beginner
  3. Mobile app security model (Android & iOS) — beginner
  4. Mobile testing: storage, traffic, and the OWASP MASTG — intermediate

Reporting & Professional Practice

  1. The penetration test report: structure — beginner
  2. Writing Findings: Severity, CVSS, and Impact — intermediate
  3. Evidence, reproduction, and remediation — beginner
  4. Social engineering awareness — beginner
  5. Ethics, legality, and knowing when to stop — beginner
  6. Communication and working with developers — beginner

Pentest Methodology & Recon

  1. Authorization, scope, and rules of engagement — beginner
  2. The phases of an engagement — beginner
  3. Passive vs active reconnaissance — beginner
  4. DNS, WHOIS, and subdomain discovery — beginner
  5. OSINT: search dorking, leaks, and metadata — beginner
  6. Technology detection and attack-surface mapping — beginner
  7. Port, service, and OS scanning — intermediate
  8. Service enumeration and the toolset — intermediate