Hey! I'm Sylvain Kerkour 👋
After some time spent attacking and breaking (into) things, I'm now helping organizations and teams to build scalable and secure software projects.
I share on my blog lessons learned the hard way:
- Programming: With software we can introduce automation and scale into our life, which allows us to work less and more efficiently. Mostly Go, Rust and JavsScript/TypeScript.
- Hacking: In order to build great stuff, prevent attacks and defend ourselves we need to understand how to break (into) things.
- Entrepreneurship: Having your own online business lets you live on your own terms. You do what you want, when you want, where you want. You don't have to ask the permission.
Entrepreneurship & Productivity
- Alignment: What Buddhism can teach us about success
- (Ab)using technology for fun & profit
- Overthinking
- Engineer vs Entrepreneur Mindset
- Entropy is Fatal
- Am I going to die if I ditch my phone?
Hacking
- Backdooring Rust crates for fun and profit
- Denial of Wallet Attacks: The new (D)DoS in a Serverless world
- Breaking SHA256: length extension attacks in practice (with Go)
- Signatures: The foundations of modern end-to-end encryption
- The foundations of end-to-end encryption: Domain separation (with code example in Rust)
- The foundations of end-to-end encryption: Key exchange (with code example in Rust)
- How to securely encrypt a file with an insecure password in Rust (using Streaming Encryption + Argon2)
- Position Independent Shellcodes in Rust (PIC)
- Advanced shellcode in Rust
- Hacking Stories #1 - The Evil Twin
- Hacking Stories #3 - The Puppet Master
- Why Rust for offensive security
- Let's talk about supply chain attacks and backdoored dependencies
- Public Toilets and Social Credit
Programming
- Clean and Scalable Architecture for Web Applications in Rust
- How to create small Docker images for Rust
- Secure and immutable development environments with Dev Containers
- Which Rust web framework to choose in 2022 (with code examples)
- Functional Programming in Rust
- HTTP Security Headers: The Best Practices
- Bugs that the Rust compiler catches for you
- Cooperative vs Preemptive scheduling
- Async Rust: What is a runtime? Here is how tokio works under the hood
- The simplest guide to error handling in Rust
Contact & Social 🐣
I'm not active on social networks because they are too noisy and time sucking, by design.
To contact me, please visit the contact page
That begin said, I'm on GitHub: skerkour
AI Policy 🤖
This website and its content is mostly Artifial Intelligence (AI) free. As a non-native English writer, I may occasionally use it to correct the grammar of my writings.
I DO NOT allow any AI system to be trained on my content / data.
I reserve myself the right to hack and / or poison any system violating this policy.
Want to learn Rust, cryptography and offensive security? Get my book Black Hat Rust!