Any questions, Jerry?
2 weeks ago
Thursday, May 21, 2020
Many Ways Of Malware Persistence (That You Were Always Afraid To Ask)
TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;)
Are you into blue teaming? Have to find those pesky backdoors? This post is not that long, read it ;)
In the previous post, I listed different ways how a Windows domain/forest can be backdoored. In this new post, I am digging a bit deeper, and list the most common/known ways malware can survive a reboot, just using local resources of the infected Windows system. The list is far from complete, and I would like to encourage everyone to comment on new methods, not yet listed here.
From an incident response point of view, one of the best strategies to find malware on a suspicious system is to search for suspicious entries that start with the system. In the good old days, you had to check for 2-3 locations to cover 99% of the infections. Nowadays, there are a thousand ways malware can start. The common ones automatically start whenever Windows starts (or the user logs in), but some tricky ones are triggered by other events.
Autoruns
My favorite choice when it comes to malware persistence is Sysinternals tools, Autoruns. In this paragraph, I mainly quote the official built-in help, but bear with me, it is still interesting.
On a side note, there are some problems with the Autoruns tool: it can only run on a live system. (EDIT: This is not true, Autoruns can analyze offline systems as well! Thanks to a comment from Justin.) And usually, this is not the case - I usually have dd images. And although VBoxManage can convert the dd images to VirtualBox disk image format, usually I don't have the time and storage to do that. This is where xmount awesomeness is here to rescue the day. It can convert dd and Encase images on-the-fly in-memory to Virtualbox format. Just attach the disk image to a new Virtualbox machine as the main boot HDD, modify the CPU/disk/controller settings until Windows starts instead of crashing, and voila, you can boot your forensic image - without modifying a single bit on the original evidence dd file. Another problem with malware analysis on a live system is that a good rootkit can fool the analyst easily.
For quick wins, I usually filter out Microsoft entries, look for per-user locations only and check for unverified (missing or invalid Authenticode) executables. This usually helps to find 90% of malware easily. Especially if it has a color like purple or pink, it is highly suspicious. To find the rest, well, one has to dig deeper.
 |
| Zeus "hiding" in the usual random directory - check the faked timestamp |
To implement "poor-mans monitoring", regularly save the output of Autoruns, and during incident response, it will be highly valuable. Howto guide here.
Logon
"This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations."
There are 42 registry keys/folders at the moment in Autoruns, which can be used to autostart a malware. The most common ways are the HKCU\Software\Microsoft\Windows\CurrentVersion\Run and the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup folder.
One of my favorite regarding this topic is the file-less Poweliks malware, 100% pure awesomeness. Typical ring 3 code execution.
Explorer
"Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks". 71 registry keys, OMG. Usually, this is not about auto-malware execution, but some of them might be a good place to hide malware.
Internet explorer
"This entry shows Browser Helper Objects (BHO's), Internet Explorer toolbars and extensions". 13 registry key here. If a malicious BHO is installed into your browser, you are pretty much screwed.
 |
Scheduled tasks
"Task scheduler tasks configured to start at boot or logon." Not commonly used, but it is important to look at this.
I always thought this part of the autostart entries is quite boring, but nowadays, I think it is one of the best ways to hide your malware. There are so many entries here by default, and some of them can use quite good tricks to trigger the start.
Did you know that you can create custom events that trigger on Windows event logs?
Did you know you can create malware persistence just by using Windows tools like bitsadmin and Scheduled tasks?
 |
| Scheduler in the old days |
 |
| Scheduler in the new days |
Services
HKLM\System\CurrentControlSet\Services is a very commonplace to hide malware, especially rootkits. Check all entries with special care.
Drivers
Same as services. Very commonplace for rootkits. Unfortunately, signing a driver for 64-bit systems is not fun anymore, as it has to be signed by certificates that can be chained back to "Software Publisher Certificates". Typical startup place for Ring 0 rootkits.
Starting from Windows 10, even this will change and all drivers have to be signed by "Windows Hardware Developer Center Dashboard portal" and EV certificates.
Codecs
22 registry keys. Not very common, but possible code execution.
Boot execute
"Native images (as opposed to Windows images) that run early during the boot process."
5 registry keys here. Good place to hide a rootkit here.
Image hijacks
"Image file execution options and command prompt autostarts." 13 registry key here. I believe this was supposed for debugging purposes originally.
This is where the good-old sticky keys trick is hiding. It is a bit different from the others, as it provides a backdoor access, but you can only use this from the local network (usually). The trick is to execute your code whenever someone presses the SHIFT key multiple times before logging into RDP. The old way was to replace the sethc.exe, the new fun is to set a debug program on sethc.
 |
| If you see this, you are in trouble |
AppInit
"This has Autoruns shows DLLs registered as application initialization DLLs." Only 3 registry keys here. This is the good old way to inject a malicious DLL into Explorer, browsers, etc. Luckily it is going to be deprecated soon.
Known DLLs
"This reports the location of DLLs that Windows loads into applications that reference them." Only 1 registry key. This might be used to hijack some system DLLs.
Winlogon
"Shows DLLs that register for Winlogon notification of logon events." 7 registry keys. Sometimes used by malware.
Winsock providers
"Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can disable them, but cannot delete them." 4 registry keys. AFAIK this was trendy a while ago. But still, a good place to hide malware.
Print monitors
"Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself." 1 registry key. Some malware writers are quite creative when it comes to hiding their persistence module.
LSA providers
"Shows registers Local Security Authority (LSA) authentication, notification and security packages." 5 registry keys. A good place to hide your password stealer.
Network providers
"Missing documentation". If you have a good 1 sentence documentation, please comment.
WMI filters
Sidebar gadgets
Thank god MS disabled this a while ago :)
 |
| We all miss you, you crappy resource gobble nightmares |
Common ways - not in autoruns
Now, let's see other possibilities to start your malware, which won't be listed in Sysinternals Autoruns.
Backdoor an executable/DLL
Just change the code of an executable which is either auto-starting or commonly started by the user. To avoid lame mistakes, disable the update of the file ... The backdoor factory is a good source for this task. But if you backdoor an executable/DLL which is already in Autoruns listed, you will break the Digital Signature on the file. It is recommended to sign your executable, and if you can't afford to steal a trusted certificate, you can still import your own CA into the user's trusted certificate store (with user privileges), and it will look like a trusted one. Protip: Use "Microsoft Windows" as the codesigner CA, and your executable will blend in.
 |
 |
 |
Hijack DLL load order
Just place your DLL into a directory which is searched before the original DLL is found, and PROFIT! But again, to avoid lame detection, be sure to proxy the legitimate function calls to the original DLL. A good source on this topic from Mandiant and DLL hijack detector.
 |
Here you can see how PlugX works in action, by dropping a legitimate Kaspersky executable, and hijacking the DLL calls with their DLL.
Hijack a shortcut from the desktop/start menu
Never underestimate the power of lame tricks. Just create an executable which calls the original executable, and meanwhile starts your backdoor. Replace the link, PROFIT! And don't be a skiddie, check the icon ;) I have seen this trick in adware hijacking browsers a lot of times.
 |
| IE hijacked to start with http://tinyurl.com/2fcpre6 |
File association hijack
Choose the user's favorite file type, replace the program which handles the opening with a similar one described in the previous section, and voila!
COM object hijack
The main idea is that some COM objects are scanned for whether they are on the system or not, and when it is registered, it is automatically loaded. See COMpfun for details.
Windows Application Compatibility - SHIM
Not many people are familiar with Windows Application Compatibility and how it works. Think about it as an added layer between applications and the OS. If the application matches a certain condition (e.g. filename), certain actions will take place. E.g. emulation of directories, registry entries, DLL injection, etc. In my installation, there are 367 different compatibility fixes (type of compatibility "simulation"), and some of those can be customized.
 |
| Every time IE starts, inject a DLL into IE |
Bootkits
Although bootkits shown here can end up in Autoruns in the drivers section (as they might need a driver at the end of the day), I still think it deserves a different section.
MBR - Master boot record
Malware can overwrite the Master boot record, start the boot process with its own code, and continue the boot process with the original one. It is common for rootkits to fake the content of the MBR record, and show the original contents. Which means one just have attached the infected HDD to a clean system, and compare the first 512 bytes (or more in some cases) with a known, clean state, or compare it to the contents shown from the infected OS. SecureBoot can be used to prevent malware infections like this.
 |
| There is a slight difference when MBR is viewed from infected OS vs clean OS |
VBR - Volume boot record
This is the next logical step where malware can start it's process, and some malware/rootkit prefers to hide it's startup code here. Check GrayFish for details. SecureBoot can be used to prevent malware infections like this.
BIOS/UEFI malware
Both the old BIOS and the new UEFI can be modified in a way that malware starts even before the OS had a chance to run. Although UEFI was meant to be more secure than BIOS, implementation and design errors happens. Check the Computrace anti-theft rootkit for details.
Hypervisor - Ring -1 rootkit
This is somewhat special, because I believe although rootkit can run in this layer but it can't persist only in this layer on an average, physical machine, because it won't survive a reboot See Rutkowska's presentation from 2006 But because the hypervisor can intercept the restart event, it can write itself into one of the other layers (e.g. install a common kernel driver), and simply delete it after it is fully functional after reboot. Update: There is a good paper from Igor Korkin about hypervisor detection here.
SMM (System Management Mode) malware - Ring -2 rootkit
Somehow related to the previous type of attacks, but not many people know that System Management Mode can be used to inject code into the OS. Check the DEITYBOUNCE malware for more details ;) Also, abusing Intel Dual Monitor Mode (DMM) can lead to untrusted code execution, which basically monitors the SMM mode.
Intel® Active Management Technology - Ring -3 rootkit
According to Wikipedia, "Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them". You can ask, what could possibly go wrong? See Alexander Tereshkin's and Rafal Wojtczuk's great research on this, or Vassilios Ververis thesis about AMT.
As not many people click on links, let me quote the scary stuff about AMT:
- Independent of the main CPU
- Can access host memory via DMA (with restrictions)
- Dedicated link to NIC, and its filtering capabilities
- Can force host OS to reboot at any time (and boot the system from the emulated CDROM)
- Active even in S3 sleep!
Other stuff
Create new user, update existing user, hidden admins
Esoteric firmware malware
Almost any component in the computer runs with firmware, and by replacing the firmware with a malicious one, it is possible to start the malware. E.g. HDD firmware (see GrayFish again), graphic card, etc.
Hidden boot device
Malware can hide in one of the boot devices which are checked before the average OS is loaded, and after the malware is loaded, it can load the victim OS.
Network-level backdoor
Think about the following scenario: every time the OS boots, it loads additional data from the network. It can check for new software updates, configuration updates, etc. Whenever a vulnerable software/configuration update, the malware injects itself into the response, and get's executed. I know, this level of persistence is not foolproof, but still, possible. Think about the recently discovered GPO MiTM attack, the Evilgrade tool, or even the Xensploit tool when we are talking about VM migration.
Software vulnerability
Almost any kind of software vulnerability can be used as a persistent backdoor. Especially, if the vulnerability can be accessed remotely via the network, without any user interaction. Good old MS08-067...
Hardware malware, built into the chipset
I am not sure what to write here. Ask your local spy agency for further information. Good luck finding those!
More links
Tools I highly recommend:
For more information, check this blog post, part 1, part 2
Update 2017-04-29: A very nice list of Office persistence: https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/
Update 2017-10-23: Persistence via Security Descriptors and ACLs: https://www.youtube.com/watch?v=SeR4QJbaNRg
Update 2018-07-25: Backdooring LAPS https://rastamouse.me/2018/03/laps---part-1/
https://rastamouse.me/2018/03/laps---part-2/
I would like to thank to Gabor Pek from CrySyS Lab for reviewing and completing this post.
Update 2017-04-29: A very nice list of Office persistence: https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/
Update 2017-10-23: Persistence via Security Descriptors and ACLs: https://www.youtube.com/watch?v=SeR4QJbaNRg
Update 2018-07-25: Backdooring LAPS https://rastamouse.me/2018/03/laps---part-1/
https://rastamouse.me/2018/03/laps---part-2/
I would like to thank to Gabor Pek from CrySyS Lab for reviewing and completing this post.
CEH Practical: Gathering Target Information: Reconnaissance And Competitive Intelligence
CEH Exam Objectives:
Describe Reconnaissance.
Describe aggressive/competitive intelligence.
Reconnaissance
Reconnaissance is the process of gathering informative data about a particular target of a malicious hack by exploring the targeted system. Basically two types of Reconnaissance exist i.e. Active and Passive. Active reconnaissance typically related to port scanning and observing the vulnerabilities about the targeted system (i.e., which ports are left vulnerable and/or if there are ways around the firewall and routers). Passive reconnaissance typically you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.Understand Aggressive Intelligence
Competitive intelligence means information gathering about competitors' products, marketing, and technologies. Most competitive intelligence is non intrusive to the company being investigated and is benign in nature. It's used for product comparison or as a sales and marketing tactic to better understand how competitors are positioning their products or services.Online tools to gather competitive intelligence
Exercise 1.1
Using KeywordSpy
To use the KeywordSpy online tool to gather competitive intelligence information:- Go to the www.keywordspy.com website and enter the website address of the target in the search field
- Review the report and determine valuable keywords, links, or other information.
Exercise 1.2
Using spyfu
- Go to your browser and type www.spyfu.com and enter the website address of the target in the search field.
Exercise 1.3
Using the EDGAR Database to Gather Information
1. Determine the company's stock symbol using Google.
2. Open a web browser to www.sec.gov.
3. On the right side of the page, click the link EDGAR Filers.
2. Open a web browser to www.sec.gov.
3. On the right side of the page, click the link EDGAR Filers.
4. Click the Search For Filings menu and enter the company name or stock symbol to search the filings for information. You can learn, for example, where the company is registered and who reported the filing.
5. Use the Yahoo! yellow pages ( http://yp.yahoo.com ) to see if an address or phone number is listed for any of the employee names you have located.
5. Use the Yahoo! yellow pages ( http://yp.yahoo.com ) to see if an address or phone number is listed for any of the employee names you have located.
More information
Wednesday, May 20, 2020
CEH: Gathering Network And Host Information, Types Of Scan
In Hacking the main focus is over gathering the information about victim or victim's machine. Which will help to find out which type of exploit will works according to the given circumstances. Gathering the network and host information means to find out by which network, the which victim's machine is connected and communicating over the network. Moreover, scanning is also performed for gathering information about open and closed ports. After that they'll able to find the vulnerabilities in the target system and try to get access to the system.
Types Of Scan
As a CEH you should know the scan types and uses:SYN
SYN scan doesn't complete the TCP three way handshake that is why it is known as a half-open scan. An attacker send a SYN packet to the victim machine if SYN/ACK packet is received back to attacker, then it clarify that the port is listening due to the acknowledgment by the victim that it has completed the connection. While if the attacker is received the RST/ACK packet then it assumed that the port is closed or open.
XMAS
XMAS scan works only on target system that has the RFC 793 development of TCP/IP and it doesn't works against any version of windows.XMAS scan send a packet with by setting up the FIN, URG and PSH flags of the TCP header. The function of this scan is if the port is active there will be no response but if the port is closed the target responds with a RST/ACK packet.
FIN
A FIN scan send a packet by setting up only the FIN flag of the TCP. This scan is similar to XMAS scan. FIN scan receives no response if the port is active while if the port is closed it receives the RST/ACK packet.
NULL
NULL scan is also similar to the XMAS scan. But the only difference is that it sends a packet without setting up the any flag of TCP header. NULL scan receives no response if the port is open but if the port is closed it receives the RST/ACK packet.
IDLE
It is just like spoofing an IP address by sending a SYN packet to the victim's machine to find out which services are available over the system. This scan is completed with the help of another system called as "Zombie" (that is not receiving or transmitting any information).
More info
5 BEST HACKING BOOKS 2018
Most of the people don't go with videos and read books for learning. Book reading is a really effective way to learn and understand how things work. There are plenty of books about computers, security, penetration testing and hacking. Every book shows a different angle how things work and how to make system secure and how it can be penetrated by hackers. So, here I have gathered a few of the best hacking books of 2018 available on the market.
BEST HACKING BOOKS OF 2018
There are hundreds of books about hacking, but I have streamlined few of best hacking books of 2018.
1. THE HACKER'S PLAYBOOK PRACTICAL GUIDE TO PENETRATION
This handbook is about experting yourself with the hacking techniques in the hacker's way. This is about penetration testing that how hackers play their techniques and how we can counter them.
CONTENTS
- Introduction
- Pregame – The Setup
- Setting Up a Penetration Testing Box
- Before the Snap – Scanning the Network
- The Drive – Exploiting Scanner Findings
- The Throw – Manual Web Application Findings
- The Lateral Pass – Moving Through the Network
- The Screen – Social Engineering
- The Onside Kick – Attacks that Require Physical Access
- The Quarterback Sneak – Evading AV
- Special Teams – Cracking, Exploits, Tricks
- Post Game Analysis – Reporting
Download the Hacker's Playbook Practical Guide to Penetration.
2. ANDROID HACKER'S HANDBOOK
The Android Hacker's Handbook is about how the android devices can be hacked. Authors chose to write this book because the field of mobile security research is so "sparsely charted" with disparate and conflicted information (in the form of resources and techniques).
CONTENTS
- Chapter 1 Looking at the Ecosystem
- Chapter 2 Android Security Design and Architecture
- Chapter 3 Rooting Your Device
- Chapter 4 Reviewing Application Security
- Chapter 5 Understanding Android's Attack Surface
- Chapter 6 Finding Vulnerabilities with Fuzz Testing
- Chapter 7 Debugging and Analyzing Vulnerabilities
- Chapter 8 Exploiting User Space Software
- Chapter 9 Return Oriented Programming
- Chapter 10 Hacking and Attacking the Kernel
- Chapter 11 Attacking the Radio Interface Layer
- Chapter 12 Exploit Mitigations
- Chapter 13 Hardware Attacks
Download Android Hacker's Handbook.
3. PENETRATION TESTING: A HANDS-ON INTRODUCTION TO HACKING
This book is an effective practical guide to penetration testing tools and techniques. How to penetrate and hack into systems. This book covers beginner level to highly advanced penetration and hacking techniques.
CONTENTS
- Chapter 1: Setting Up Your Virtual Lab
- Chapter 2: Using Kali Linux
- Chapter 3: Programming
- Chapter 4: Using the Metasploit Framework
- Chapter 5: Information Gathering
- Chapter 6: Finding Vulnerabilities
- Chapter 7: Capturing Traffic
- Chapter 8: Exploitation
- Chapter 9: Password Attacks
- Chapter 10: Client-Side Exploitation
- Chapter 11: Social Engineering
- Chapter 12: Bypassing Antivirus Applications
- Chapter 13: Post Exploitation
- Chapter 14: Web Application Testing
- Chapter 15: Wireless Attacks
- Chapter 16: A Stack-Based Buffer Overflow in Linux
- Chapter 17: A Stack-Based Buffer Overflow in Windows
- Chapter 18: Structured Exception Handler Overwrites
- Chapter 19: Fuzzing, Porting Exploits, and Metasploit Modules
- Chapter 20: Using the Smartphone Pentesting Framework
Download Penetration Testing: A Hands-On Introduction To Hacking.
4. THE SHELLCODER'S HANDBOOK
This book is about learning shellcode's of the OS and how OS can be exploited. This book is all about discovering and exploiting security holes in devices to take over.
Authors: Chris Anley, John Heasman, Felix "FX" Linder, Gerardo Richarte.
CONTENTS
- Stack Overflows
- Shellcode
- Introduction to Format String Bugs
- Windows Shellcode
- Windows Overflows
- Overcoming Filters
- Introduction to Solaris Exploitation
- OS X Shellcode
- Cisco IOS Exploitation
- Protection Mechanisms
- Establishing a Working Environment
- Fault Injection
- The Art of Fuzzing
- Beyond Recognition: A Real Vulnerability versus a Bug
- Instrumented Investigation: A Manual Approach
- Tracing for Vulnerabilities
- Binary Auditing: Hacking Closed Source Software
- Alternative Payload Strategies
- Writing Exploits that Work in the Wild
- Attacking Database Software
- Unix Kernel Overflows
- Exploiting Unix Kernel Vulnerabilities
- Hacking the Windows Kernel
Download The ShellCoder's HandBook.
5. THE HACKER'S HANDBOOK WEB APPLICATION SECURITY FLAWS
This handbook is about finding and exploiting the web applications.
Authors: Dafydd Stuttard, Marcus Pinto.
CONTENTS
- Chapter 1 Web Application (In)security
- Chapter 2 Core Defense Mechanisms
- Chapter 3 Web Application Technologies
- Chapter 4 Mapping the Application
- Chapter 5 Bypassing Client-Side Controls
- Chapter 6 Attacking Authentication
- Chapter 7 Attacking Session Management
- Chapter 8 Attacking Access Controls
- Chapter 9 Attacking Data Stores
- Chapter 10 Attacking Back-End Components
- Chapter 11 Attacking Application Logic
- Chapter 12 Attacking Users: Cross-Site Scripting
- Chapter 13 Attacking Users: Other Techniques
- Chapter 14 Automating Customized Attacks
- Chapter 15 Exploiting Information Disclosure
- Chapter 16 Attacking Native Compiled Applications
- Chapter 17 Attacking Application Architecture
- Chapter 18 Attacking the Application Server
- Chapter 19 Finding Vulnerabilities in Source Code
- Chapter 20 A Web Application Hacker's Toolkit
- Chapter 21 A Web Application Hacker's Methodology
So, these are the top 5 best hacking books on the market. There may be more fascinating books in the future that make take place in the top list. But for now, these are the best hacking books. Read and share your experience with these books.
Related word
Top10 Java Script Blogs To Improve Coding Skills
10 Top JavaScript Blogs to Improve Coding Skills
With two decades of improvement, JavaScript has become one of the most popular programming languages of all time. The journey started in 1995 when Brendan Eich created JavaScript in just 10 days. From there, it has seen multiple revisions, drafts, and growth in the form of frameworks, API's, modules, etc. Today, we will go forward and list the top JavaScript blogs from the internet so that you can enjoy the lastest development in the field of JavaScript.
According to RedMonk programming language rankings and GitHut.info, JavaScript is leading the pack in the terms of repositories and the most discussed programming language on StackOverFlow. The numbers itself speaks about the future of JavaScript as it has grown beyond the initial capabilities of simple DOM manipulations.
Learning JavaScript, on the other hand, can be a tricky proposition. New libraries, features, API's or Style Guide, pop up almost every day. The speed of iteration is beyond imagination, and that is why reading leading JavaScript blogs are the best approach to keep up with new changes.
JavaScript is blessed with experts that regularly contribute to the community using live streams, videos, blogs, podcasts, conferences and open source projects. An example of a cool experienced Javascript programmer is evilsoft who broadcasts awesome Javascript projects weekly on LiveEdu..
Some blogs are just gold even when they are not updated frequently. To help you reach the best content on JavaScript, let's list the best JavaScript blogs on the internet. The following blogs have a huge fan following and contain epic JavaScript content.
10 Top JavaScript Blogs to Improve Coding Skills
1. David Walsh Blog
David Walsh is a renowned name in the JavaScript world. He started his career with DZone, but his first real break came while working for SitePen as a Software Engineer. His blog composes of topics related to JavaScript, personal thoughts, guides and much more. The blog design is captivating and is going to hook you up on the first visit. Currently, he is working as a Senior Web Developer at Mozilla.
2. DailyJS
DailyJS is one of the best JavaScript blogs on the internet. The blog was started by Alex R. Young, an entrepreneur and Node.js expert in 2009. However, there are recent changes that don't sound great. Currently, the blog is no longer updated, but that does not make the content useless at all. The blog covers diverse content on JavaScript including frameworks, API's, libraries, etc.
3. SitePoint
SitePoint is one of the leading web development portals since 2000. The main attraction of SitePoint is the collection of highly detailed articles. They are aimed at teaching something new to the readers. JavaScript, on the other hand, is one of the leading topics on the website where experts around the world contribute regularly. The rate of the new blog post is high, and you won't find a blog post that doesn't teach you something new. Truly, a great learning place for any JavaScript developer.
4. JavaScript.com
Not technically a blog, but if you love JavaScript, then you need to follow the website's offerings. JavaScript.com news section is an aggregator for excellent JavaScript news, tutorials, guides, and much more. All you need to do is move to their news section and discover tons of new content surrounding JavaScript. The domain is owned by CodeSchool and is mainly utilized to contribute to the community and a landing page to their courses.
5. Brendan Eich
What's the best place to find JavaScript knowledge? The inventor? Well, you are right. Brendan Eich, the creator of JavaScript, keeps his blog with filled with his musings and other excellent thought processes about JavaScript. You can also find videos on the blog. Virtually, the blog is the mind of JavaScript where you understand it in an entirely different manner.
6. JavaScript Playground
JavaScript Playground is yet another great place to get started with all the different JavaScript frameworks, API, and libraries. The focus is to work with the JavaScript ecosystem and provide high quality blog articles, screencast, and podcast for the audience. They also blog about different JavaScript guidelines, tips, and tricks.
7. Superhero.js
If you are looking for a superhero to fetch you the best resources on JavaScript, then you have finally found one. Superhero.js is a simple website that aims to collect everything related to JavaScript including videos, articles, presentations, etc. The content is divided into meaningful sections such as "Understanding JavaScript", "Organize Your Code", etc. Also, the page is regularly updated with new information.
8. JavaScript Jabber
Another "not a blog entry" into the list — JavaScript Jabber is a weekly podcast on JavaScript. Each podcast is around 1 hour of jabber and will sure have something for you to learn. They keep their tab on everything related to JavaScript, including core concepts to popular Framework discussions.
9. Medium JavaScript Collection
Is medium a blog? Technically, not, but it contains high quality JavaScript articles. Medium is a way to connect to the audience so be ready to read many opinions on how JavaScript should have been, and what's wrong with JavaScript. Other than the ramblings, it hosts amazing JavaScript content such as Speed Up Web Apps.
10. Smashing Magazine
Smashing Magazine is one of the oldest websites covering web designing and development. They have a dedicated section for JavaScript, which is constantly updated with tutorials of high caliber. The tutorials surround other web development ideas such as UX, Productivity, etc.
Conclusion
Here are the ten best JavaScript blogs to improve your coding skills. The blogs and mix of other content types will help you to keep up with new changes in JavaScript field, and improve yourself accordingly.
If you are new to JavaScript and want to get started as soon as possible, check out the JavaScript learn section on LiveEdu.tv. And, yes, it is the most popular programming language on LiveEdu.tv which can benefit from your attention! Also, don't forget to leave a comment on how the JavaScript category page can be improved. We are listening!
@£√£RYTHING NT
Related word
Subscribe to:
Comments (Atom)
