Pinned post

Supply chains attacks are all the rage these days, whether to deliver RATs or cryptocurrencies miners.

Here are 8 techniques to achieve Remote Code Execution using backdoored crates.

👉 kerkour.com/rust-crate-backdoo

Supply chains attacks are all the rage these days, whether to deliver RATs or cryptocurrencies miners.

Here are 8 techniques to achieve Remote Code Execution using backdoored crates.

👉 kerkour.com/rust-crate-backdoo

Assembly, C, C++, Python, Java Ruby…

You have to choose between low-level, fast, but unsafe, or high-level, mostly safe, but slow.

What if instead we could have a single language.

A language that once mastered, would fill all your needs:
- Shellcodes
- Cross-platform Remote Access Tools (RATs)
- Reusable and embeddable exploits
- Scanners
- Phishing toolkits
- Web servers
- ...

A language to rule them all.

👉 kerkour.com/why-rust-for-offen

Job queues are a central piece of any web application but they come with a high operational cost

What if instead of adding another part we could use smthng we already have?

I’m talking about our old friend

👉 kerkour.com/rust-job-queue-wit

I find that a lot of hacking tutorials and posts are boring. I understand the authors as hacking is a grey area, and the line is slippery, so they don’t want to take risks, but, it’s at the detriment of you dear reader.

This is why I want to try a new format: Hacking stories.

Hacking stories are fictitious adventures backed by real-world hacking techniques. With these stories, I want to share the mindset and techniques of the attackers.

Here is the #1 : The Evil Twin

kerkour.com/hacking-stories/ev

I just published a benchmark comparing the principal symmetric encryption libraries for
: ring by @BRIAN_____@twitter.com
& @RustCryptoOrg@twitter.com

Interesting how fast is ring's ChaCha20-Poly1305 implementation!

kerkour.com/rust-symmetric-enc

Signatures: The secret behind modern end-to-end encryption 🔒

kerkour.com/blog/signatures-mo

Now that most of our communications are digital, a problem arises: How to keep our messages private despite all the intermediaries?

October Update:

Introducing the #PinePhonePro - $399

#PineNote and PinePhone Pro pre-orders are now open to developers & shipping this year!

#PineTime #InfiniTime major firmware progress & project management update

pine64.org/2021/10/15/october-

Poll:
Why do you prefer Mastodon than other (decentralized) communication medium (Email / Newsletters / Matrix...)?

I'm having a hard time fitting it in my information consumption workflow.

Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!