Show newer

[best of]

Writing shellcodes directly in assembly gives you absolute control over what you are crafting, however, it comes with many drawbacks

Here is how to Write your shellcodes in Rust 🦀😈
👉 kerkour.com/blog/shellcode-in-

A great part of Rust's reliability story comes from its error handling ergonomics

Here is the simplest guide about error handling I would have loved to have if I started Rust today 🦀

👉 kerkour.com/rust-error-handlin

Let’s say we want to build a service using end-to-end encryption, a hosted password manager for example

Here is how to securely use only 1 password for both authentication and encryption

👉 kerkour.com/end-to-end-encrypt

Like a lot of people, I used to be a pathological maximalist. A phone with more features is necessarily better, a company with more people is better, a program with more lines of code is better, a house with more stuff is better....

Until the day when reality hit me in the face: there is a direct relationship between “more” and “complexity”

Here is how I did to reduce chaos in my life and projects

👉 kerkour.com/entropy-is-fatal/

Rust is a rather large and complex programming language with a lot of features. But I have good news: less than 20% of the features will bring you more than 80% of the results.

Here are the features I consider indispensable to learn when you are starting Rust.

Ready to dive? 🦀

👉 kerkour.com/indispensable-rust

Last week, we saw the difference between Cooperative and Preemptive scheduling and how it enables resources-efficient I/O operations. Today, we are going to learn how a runtime works under the hood.

👉 kerkour.com/rust-async-await-w

In my opinion, the so called “clean architecture” is too complex, with its jargon that resonates only with professional architects and too many layers of abstraction. It’s not for people actually writing code.

Today I present another approach, equally flexible but much simpler That I have used with success for projects exceeding tens of thousands of lines of code in Rust, Go, and Node.JS.

kerkour.com/rust-web-applicati

Threads have problems: they were designed to parallelize compute-intensive tasks. However, today, a lot of applciations are I/O (Input / Output) intensive.

There are mainly 2 ways to deal with I/O tasks: preemptive scheduling and cooperative scheduling.

Let's see the differences between preemptive scheduling and cooperative scheduling.

kerkour.com/cooperative-vs-pre

Last month we saw how to encrypt large files files that don’t fit in memory using a streaming cipher. The article presupposes that you already have a secure key generation mechanism.

Today, we are going to see how to securely encrypt data using an insecure password 🔒

kerkour.com/rust-file-encrypti

Last month we saw how to encrypt large files files that don’t fit in memory using a streaming cipher. The article presupposes that you already have a secure key generation mechanism.

Today, we are going to see how to securely encrypt data using an insecure password 🔒

kerkour.com/rust-file-encrypti

The past few weeks I implemented an API that relies on Cookies for authentication. When working with Cookies you should always be extremely careful not to introduce CSRF vulnerabilities.

How to attack CSRF vulnerabilities? And how to defend?

Let's find out!

kerkour.com/csrf

The past few weeks I implemented an API that relies on Cookies for authentication. When working with Cookies you should always be extremely careful not to introduce CSRF vulnerabilities.

How to attack CSRF vulnerabilities? And how to defend?

Let's find out!

kerkour.com/csrf

As we saw 2 months ago, supply chain attacks are more and more common, and their frequency is only going to increase because backdooring dependencies is easy, and detecting a backdoor in an ocean of third-party code is hard.

So here is how to set up secure and immutable development environments with Dev Containers

kerkour.com/secure-programming

I’m happy to announce that you can now purchase Black Hat Rust with PayPal, Apple Pay and Google Pay 🎉

Go here to buy the ebook with any of these payment methods: kerkour.com/black-hat-rust

Happy end of the year 🍾

Learn more here 👉 github.com/skerkour/black-hat-

I’m happy to announce that you can now purchase Black Hat Rust with PayPal, Apple Pay and Google Pay 🎉

Go here to buy the ebook with any of these payment methods: kerkour.com/black-hat-rust

Happy end of the year 🍾

Learn more here 👉 github.com/skerkour/black-hat-

When you want to encrypt data you may face a problem: how to encrypt a file or a data stream that doesn't fit in memory?

You could split it into small chunks and encrypt each fragment individually. Unfortunately, this is not as simple.

An attacker could modify or reorder the chunks making the decryption impossible.

Here is a guide on how to encrypt (large) files in Rust kerkour.com/rust-file-encrypti

Last week, I officially announced that my book Black Hat Rust is out 🍾

Since, I received a few questions about the tools and services I used to self-publish it.

So here is my Christmas 🎁 to you: A detailed write-up of all the tools, services, and scripts I’ve used to self-publish my book. What worked, and what didn’t.

👉 kerkour.com/book-self-publishi

Last week, I officially announced that my book Black Hat Rust is out 🍾

Since, I received a few questions about the tools and services I used to self-publish it.

So here is my Christmas 🎁 to you: A detailed write-up of all the tools, services, and scripts I’ve used to self-publish my book. What worked, and what didn’t.

👉 kerkour.com/book-self-publishi

The final edition of Black Hat Rust is out 🍾🦀🏴‍☠️

As of v2021.40, Black Hat Rust is considered out of beta and complete!

To celebrate that, I’ve decided to offer the biggest (and the last) discount of the year: academy.kerkour.com/black-hat-

More info 👉 kerkour.com/black-hat-rust-wee

Now I’m going to sleep 😅

When crafting advanced Shellcodes in Rust we are often confrontend to a problem: The generated code might not be position independent.

Here is how to write position independent shellcodes in🦀: kerkour.com/rust-position-inde

Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!