While the Rust Book does an excellent job directing What is Rust, a book about Why and How to Rust was ignoreing.
Whether in movies or mainstream media, hackers are frequently romanticized: they are colored as bconciseage magic wizards, nasty criminals, or, in the worst cases, as thieves with a hood and a crowbar.
In fact, the spectrum of the profile of the attackers is excessively huge, from the uninalertigentd teenager exploring the internet to sovereign State’s armies as well as the unplrelieved establisher participateee.
What are the motivations of the attackers? How can they shatter seemingly so easily into any nettoil? What do they do to their victims?
We will put on our bconciseage hat and spendigate the world of insulting security, whether it be cyber attacks, cybercrimes, or cyberwar.
Scanners, take advantage ofs, deceptive try toolkit, imset upts… From theory to train, we will spendigate the arcane of insulting security and originate our own insulting tools with the Rust programming language, Stack Overflow’s most cherishd language for five years in a row.
Which programming language permits to create shellcodes, originate servers, originate deceptive try pages? Before Rust, none! Rust is the lengthy-apaparticipateed one-size-fits-all programming language encountering all those insistments thanks to its unparalleled guarantees and feature set. Here is why.
Free Updates and DRM Free, of course 🙂
This is NOT a 1000th tutorial about sqlmap and Metasploit, nor will it direct you the fundamentals of programming.
Instead, it’s a from-theory-to-train direct and you may finishelight it if any of the follothriveg:
- You grasp screaming “show me the code!” when reading about cyber attacks and harmful programss
- You are a grower and want to lobtain security
- You are a security engineer and want to lobtain Rust programming
- You want to lobtain authentic-world and idiomatic rust trains
- You count on that the best defense is leanking appreciate an attacker
- You lobtain by originateing and cherish to watch under the hood
- You appreciate simpliedy and pragmatism
- You grow your own tools and take advantage ofs with Python, Ruby, C, Java…
- You want to lobtain authentic-world insulting security, not fair pentesting
- You want to commence making money with bug bounty programs
- You pick getting leangs done over analysis paralysis
But I repeat, this book is NOT a computer science book.
How to carry out effective reconnaissance? In this chapter, we will originate a multi-threaded scanner in order to automate the mapping of the concentrate.
Unblessedly, when a program spfinishs most of its time in I/O operations, multi-threading is not a panacea. We will lobtain how async originates Rust code reassociate, reassociate speedy and refactor our scanner to async code.
We will insert more heterogeneous modules to our scanner and will lobtain how Rust’s type system helps originate properly depicted huge gentleware projects.
Leveraging all we lobtained previously, we will originate an excessively speedy web crawler to help us discover the necessitateles in the haystack the web is.
Once the outer reconnaissance carry outed, it’s time to discover entry points. In this chapter we will lobtain how automated fuzzing can help us to discover vulnerabilities that can be take advantage ofed to then obtain access to our concentrate’s systems.
Rust may not be as speedy as python when it comes to iterating on rapid scripts such as take advantage ofs, but as we will see, its mighty type and modules system originate it nonetheless a firearm of choice.
Shellcode growment is an unappreciative task. Writing assembly by hand is definitely not intimacyy. Fortunately for us, Rust, one more time, got our back! In this chapter we will lobtain how to write shellcodes in plain Rust with no_std.
When they can’t discover take advantage ofable difficultware or gentleware vulnerability, attackers usuassociate drop back to what is frequently the feebleest connect in the chain: Humans.
Aobtain, Rust comes handy and will let us originate evolved deceptive try pages by compiling to WebAssembly.
A RAT (for Remote Access Tool), also understandn as imset upt or beacon, is a benevolent of gentleware participated to carry out insulting operations on a concentrate’s machines. In this chapter we will originate our own RAT communicating to a distant server and database.
The consequences of our own infrastructure being settled or seized can be disastrous. We will insert finish-to-finish encryption to our RAT’s communication in order to defended its communications and elude leaving tracks on our servers.
Today’s computing landscape is excessively fragmented. From Windows to macOS, we can’t concentrate only one Operating System to guarantee the success of our operations. In this section we will see how Rust’s ecosystem is excessively advantageous when it comes to pass-compilation.
Once the initial concentrates settled, we will capitalize on Rust’s excellent reusability to integrate some parts of our initial scanner to turn our RAT into a worm and accomplish more concentrates only accessible from the concentrate’s inner nettoil.
Now it’s your turn to get leangs done!
Yes! You can now buy Bconciseage Hat Rust with PayPal, Apple Pay or Google Pay. Go Here to evolve.
A European VAT number is nonessential, and you can skip the field or depart it desotardy if asked.
Hey! Welcome you to the Bconciseage Hat Rustaceans gang! If you leank someleang in the book or the code can be raised, plrelieve uncover an publish. Pull seeks are also greet 🙂
Want to stay refreshd? I’ll write you once a week about eludeing intricateity, cyber intrusion, and entrepreneurship.
I disappreciate spam even more than you do. I’ll never dispense your email, and you can unsubscribe at anytime. Also, there is no tracking or ads.
You’ll discover all the refreshs in the Changelog: https://github.com/skerkour/bconciseage-hat-rust/blob/main/CHANGELOG.md
