دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Black Hat Rust Deep dive into offensive security with the Rust programming language
دانلود کتاب Black Hat Rust Deep با زبان برنامه نویسی Rust به امنیت تهاجمی بروید
مشخصات کتاب
Black Hat Rust Deep dive into offensive security with the Rust programming language
ویرایش:
نویسندگان: Sylvain Kerkour
سری:
ناشر:
سال نشر: 2021
تعداد صفحات: 364
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 3 مگابایت
قیمت کتاب (تومان) : 38,000
در صورت تبدیل فایل کتاب Black Hat Rust Deep dive into offensive security with the Rust programming language به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب Black Hat Rust Deep با زبان برنامه نویسی Rust به امنیت تهاجمی بروید نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Copyright Your early access bonuses Beta & Contact Preface Introduction Types of attacks Phases of an attack Profiles of attackers Attribution The Rust programming language History of Rust Rust is awesome Setup Our first Rust program: A SHA-1 hash cracker Mental models to approach Rust A few things I’ve learned along the way Summary Multi-threaded attack surface discovery Passive reconnaissance Active reconnaissance Assets discovery Our first scanner in Rust Error handling Enumerating subdomains Scanning ports Multithreading Fearless concurrency in Rust The three causes of data races The three rules of ownership The two rules of references Adding multithreading to our scanner Summary Going full speed with async Why Cooperative vs Preemptive scheduling Future Streams What is a runtime Introducing tokio Sharing data Avoid blocking Combinators Porting our scanner to async How to defend Summary Adding modules with trait objects Generics Traits Traits objects Command line argument parsing Logging Adding modules to our scanner Tests Other scanners Summary Crawling the web for OSINT OSINT Tools Search engines IoT & network Search engines Social media Maps Videos Government records Crawling the web Why Rust for crawling Associated types Atomic types Barrier Implementing a crawler in Rust The spider trait Implementing the crawler Crawling a simple HTML website Crawling a JSON API Crawling a JavaScript web application How to defend Going further Summary Finding vulnerabilities What is a vulnerability CWE vs CVE Vulnerability vs Exploit 0 Day vs CVE Web vulnerabilities Injections HTML injection SQL injection XSS Server Side Request Forgery (SSRF) Cross-Site Request Forgery (CSRF) Open redirect (Sub)Domain takeover Arbitrary file read Denial of Service (DoS) Arbitrary file write Memory vulnerabilities Buffer overflow Use after free Double free Format string problems Other vulnerabilities Remote Code Execution (RCE) Integer overflow (and underflow) Logic error Race condition Additional resources Bug hunting The tools Automated audits Summary Exploit development Creating a crate that is both a library and a binary Building our pwntoolkit CVE-2017-9506 CVE-2018-7600 CVE-2019-11229 CVE-2019-89242 CVE-2021-3156 Summary Writing shellcodes in Rust What is a shellcode Sections of an executable Rust compilation process no_std Using assembly from Rust The never type Executing shellcodes Our linker script Hello world shellcode An actual shellcode Reverse TCP shellcode Going further Summary Phishing with WebAssembly Social engineering Nontechnical hacks Phishing Watering holes Evil twin attack Telephone WebAssembly Sending emails in Rust Implementing a phishing page in Rust Architecture Cargo Workspaces Deserialization in Rust A client application with WebAssembly How to defend Summary A modern RAT Architecture of a RAT Existing RAT Why Rust Designing the server Designing the agent Docker for offensive security Let’s code Optimizing Rust’s binary size Some limitations Distributing you RAT Summary Securing communications with end-to-end encryption The C.I.A triad Threat modeling Cryptography Hash functions Message Authentication Codes Key derivation functions Block ciphers Authenticated encryption Asymmetric encryption Key exchanges Signatures End-to-end encryption Who use cryptography Common problems and pitfalls with cryptography A little bit of TOFU? The Rust cryptography ecosystem ring Summary Our threat model Designing our protocol Implementing end-to-end encryption in Rust Some limitations To learn more Summary Going multi-platforms Why multi-platform Cross-platform Rust Supported platforms Cross-compilation cross Custom Dockerfiles Cross-compiling to aarch64 (arm64) More Rust binary optimization tips Packers Persistence Single instance Going further Summary Turning our RAT into a worm to increase reach What is a worm Spreading techniques Cross-platform worm Vendoring dependencies Spreading through SSH Implementing a cross-platform worm in Rust Install Spreading More advanced techniques for your RAT Summary Conclusion What we didn’t cover The future of Rust Leaked repositories How bad guys get caught Your turn Build your own RAT Social media Other interesting blogs Feedback
