As we saw 2 months ago, supply chain attacks are more and more common, and their frequency is only going to increase because backdooring dependencies is easy, and detecting a backdoor in an ocean of third-party code is hard.

So here is how to set up secure and immutable development environments with Dev Containers

kerkour.com/secure-programming

I’m happy to announce that you can now purchase Black Hat Rust with PayPal, Apple Pay and Google Pay 🎉

Go here to buy the ebook with any of these payment methods: kerkour.com/black-hat-rust

Happy end of the year 🍾

Learn more here 👉 github.com/skerkour/black-hat-

I’m happy to announce that you can now purchase Black Hat Rust with PayPal, Apple Pay and Google Pay 🎉

Go here to buy the ebook with any of these payment methods: kerkour.com/black-hat-rust

Happy end of the year 🍾

Learn more here 👉 github.com/skerkour/black-hat-

When you want to encrypt data you may face a problem: how to encrypt a file or a data stream that doesn't fit in memory?

You could split it into small chunks and encrypt each fragment individually. Unfortunately, this is not as simple.

An attacker could modify or reorder the chunks making the decryption impossible.

Here is a guide on how to encrypt (large) files in Rust kerkour.com/rust-file-encrypti

Last week, I officially announced that my book Black Hat Rust is out 🍾

Since, I received a few questions about the tools and services I used to self-publish it.

So here is my Christmas 🎁 to you: A detailed write-up of all the tools, services, and scripts I’ve used to self-publish my book. What worked, and what didn’t.

👉 kerkour.com/book-self-publishi

Last week, I officially announced that my book Black Hat Rust is out 🍾

Since, I received a few questions about the tools and services I used to self-publish it.

So here is my Christmas 🎁 to you: A detailed write-up of all the tools, services, and scripts I’ve used to self-publish my book. What worked, and what didn’t.

👉 kerkour.com/book-self-publishi

Thank you very much @bemyak 🙏

Haha I absolutely know this sentiment of being overflown by the number of items in my reading stack 😅

The final edition of Black Hat Rust is out 🍾🦀🏴‍☠️

As of v2021.40, Black Hat Rust is considered out of beta and complete!

To celebrate that, I’ve decided to offer the biggest (and the last) discount of the year: academy.kerkour.com/black-hat-

More info 👉 kerkour.com/black-hat-rust-wee

Now I’m going to sleep 😅

When crafting advanced Shellcodes in Rust we are often confrontend to a problem: The generated code might not be position independent.

Here is how to write position independent shellcodes in🦀: kerkour.com/rust-position-inde

Supply chains attacks are all the rage these days, whether to deliver RATs or cryptocurrencies miners.

Here are 8 techniques to achieve Remote Code Execution using backdoored crates.

👉 kerkour.com/rust-crate-backdoo

Supply chains attacks are all the rage these days, whether to deliver RATs or cryptocurrencies miners.

Here are 8 techniques to achieve Remote Code Execution using backdoored crates.

👉 kerkour.com/rust-crate-backdoo

Assembly, C, C++, Python, Java Ruby…

You have to choose between low-level, fast, but unsafe, or high-level, mostly safe, but slow.

What if instead we could have a single language.

A language that once mastered, would fill all your needs:
- Shellcodes
- Cross-platform Remote Access Tools (RATs)
- Reusable and embeddable exploits
- Scanners
- Phishing toolkits
- Web servers
- ...

A language to rule them all.

👉 kerkour.com/why-rust-for-offen

Job queues are a central piece of any web application but they come with a high operational cost

What if instead of adding another part we could use smthng we already have?

I’m talking about our old friend

👉 kerkour.com/rust-job-queue-wit

@bemyak Let's say he his now married with Mary and they are happy with many children 😄

Thank you for the feedback 🙏

You put words on my ideas!

For the detailed how-to, I trust the Google-fu of the readers 😊

I find that a lot of hacking tutorials and posts are boring. I understand the authors as hacking is a grey area, and the line is slippery, so they don’t want to take risks, but, it’s at the detriment of you dear reader.

This is why I want to try a new format: Hacking stories.

Hacking stories are fictitious adventures backed by real-world hacking techniques. With these stories, I want to share the mindset and techniques of the attackers.

Here is the #1 : The Evil Twin

kerkour.com/hacking-stories/ev

I just published a benchmark comparing the principal symmetric encryption libraries for
: ring by @BRIAN_____@twitter.com
& @RustCryptoOrg@twitter.com

Interesting how fast is ring's ChaCha20-Poly1305 implementation!

kerkour.com/rust-symmetric-enc

Signatures: The secret behind modern end-to-end encryption 🔒

kerkour.com/blog/signatures-mo

Now that most of our communications are digital, a problem arises: How to keep our messages private despite all the intermediaries?

Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!