Sylvain Kerkour @sylvain@kerkour.com

As we saw 2 months ago, supply chain attacks are more and more common, and their frequency is only going to increase because backdooring dependencies is easy, and detecting a backdoor in an ocean of third-party code is hard.

So here is how to set up secure and immutable development environments with Dev Containers

https://kerkour.com/secure-programming-with-vscode-dev-containers

#Rust #rustlang #hacking #security #cybersecurity #programming #100DaysOfCode

I’m happy to announce that you can now purchase Black Hat Rust with PayPal, Apple Pay and Google Pay 🎉

Go here to buy the ebook with any of these payment methods: https://kerkour.com/black-hat-rust

Happy end of the year 🍾

Learn more here 👉 https://github.com/skerkour/black-hat-rust

#hacking #rust #rustlang #cybersecurity

When you want to encrypt data you may face a problem: how to encrypt a file or a data stream that doesn't fit in memory?

You could split it into small chunks and encrypt each fragment individually. Unfortunately, this is not as simple.

An attacker could modify or reorder the chunks making the decryption impossible.

Here is a guide on how to encrypt (large) files in Rust https://kerkour.com/rust-file-encryption/

#rust #rustlang #cryptography #100DaysOfCode #hacking

Last week, I officially announced that my book Black Hat Rust is out 🍾

Since, I received a few questions about the tools and services I used to self-publish it.

So here is my Christmas 🎁 to you: A detailed write-up of all the tools, services, and scripts I’ve used to self-publish my book. What worked, and what didn’t.

👉 https://kerkour.com/book-self-publishing-pandoc

#rust #cybersecurity #publishing #book #rustlang #hacking #tutorial

Thank you very much @bemyak 🙏

Haha I absolutely know this sentiment of being overflown by the number of items in my reading stack 😅

The final edition of Black Hat Rust is out 🍾🦀🏴‍☠️

As of v2021.40, Black Hat Rust is considered out of beta and complete!

To celebrate that, I’ve decided to offer the biggest (and the last) discount of the year: https://academy.kerkour.com/black-hat-rust?coupon=BLACK-HAT-WEEK

More info 👉 https://kerkour.com/black-hat-rust-week-2021/

Now I’m going to sleep 😅

#hacking #rust #rustlang #cybersecurity #100DaysOfCode #code

When crafting advanced Shellcodes in Rust we are often confrontend to a problem: The generated code might not be position independent.

Here is how to write position independent shellcodes in🦀: https://kerkour.com/rust-position-independent-shellcode/

#Rust #Rustlang #hacking #cybersecurity #100DaysOfCode #code

Supply chains attacks are all the rage these days, whether to deliver RATs or cryptocurrencies miners.

Here are 8 techniques to achieve Remote Code Execution using backdoored crates.

👉 https://kerkour.com/rust-crate-backdoor/

#cybersecurity #infosec #hacking #rust #rustlang

Assembly, C, C++, Python, Java Ruby…

You have to choose between low-level, fast, but unsafe, or high-level, mostly safe, but slow.

What if instead we could have a single language.

A language that once mastered, would fill all your #hacking needs:
- Shellcodes
- Cross-platform Remote Access Tools (RATs)
- Reusable and embeddable exploits
- Scanners
- Phishing toolkits
- Web servers
- ...

A language to rule them all.

👉 https://kerkour.com/why-rust-for-offensive-security/

#cybersecurity #infosec #hacking #rust #rustlang

Job queues are a central piece of any web application but they come with a high operational cost

What if instead of adding another part we could use smthng we already have?

I’m talking about our old friend #PostgreSQL

👉 https://kerkour.com/rust-job-queue-with-postgresql/

#rust #100DaysOfCode #devops

@bemyak Let's say he his now married with Mary and they are happy with many children 😄

Thank you for the feedback 🙏

You put words on my ideas!

For the detailed how-to, I trust the Google-fu of the readers 😊

I find that a lot of hacking tutorials and posts are boring. I understand the authors as hacking is a grey area, and the line is slippery, so they don’t want to take risks, but, it’s at the detriment of you dear reader.

This is why I want to try a new format: Hacking stories.

Hacking stories are fictitious adventures backed by real-world hacking techniques. With these stories, I want to share the mindset and techniques of the attackers.

Here is the #1 : The Evil Twin

https://kerkour.com/hacking-stories/evil-twin/

I just published a benchmark comparing the principal symmetric encryption libraries for #Rust
: ring by @BRIAN_____@twitter.com
& @RustCryptoOrg@twitter.com

Interesting how fast is ring's ChaCha20-Poly1305 implementation!

https://kerkour.com/rust-symmetric-encryption-aead-benchmark

#rustlang #crypto #cryptography #hacking

🔔Reminder🔔: You have until Sunday 11:00 GMT to benefit from the the beta price of my book Black Hat Rust: https://academy.kerkour.com/black-hat-rust?coupon=BETA

#100DaysOfCode #Rust #RustLang #Programming #Dev #Code #security #cybersecurity #hacking #CyberMonth #infosec

Signatures: The secret behind modern end-to-end encryption 🔒

https://kerkour.com/blog/signatures-modern-end-to-end-encryption/

Now that most of our communications are digital, a problem arises: How to keep our messages private despite all the intermediaries?

#100DaysOfCode #cryptography #Programming #Dev #Code #crypto #cryptoEngineering #security #cybersecurity #hacking #infosec

After a short pause of deep work and flu recovery, I’m extremely happy to announce that Black Hat Rust is entering its Beta phase 🥳

What is the Beta phase? https://kerkour.com/blog/black-hat-rust-october-update/

👉 https://academy.kerkour.com/black-hat-rust?coupon=BETA

#100DaysOfCode #Rust #RustLang #Programming #Dev #Code #security #cybersecurity #hacking #CyberMonth #infosec