Why Rust for offensive security

Imagine: all the tanks of your army are made of cardboard. Now imagine that not only your tanks but also all your airforce is composed of paper planes and your navy of paper vessels. It would be a pretty bad situation, don't you think?

While it sounds absurd, this is the sad state of hacking today.

A paper plane

A fighter jet, according to the Cybersecurity industry

Assembly, C, C++, Python, Java, Ruby...

You have to choose between low-level, fast, but unsafe, or high-level, mostly safe but slow.

Can someone be an expert in all these languages? I don't think so. And the countless bugs and vulnerabilities in offensive tools prove I'm right.

What if, instead, we could have a unique language.

A language that once mastered, would fill all the needs of the field:

  • Shellcodes
  • Cross-platform Remote Access Tools (RATs)
  • Reusable and embeddable exploits
  • Scanners
  • Phishing toolkits
  • Embedded programming
  • Web servers
  • ...

What if we had a single language that is low-level enough while providing high-level abstractions, is exceptionally fast, easy to cross-compile, all of that while being memory safe, highly reusable and extremely reliable.

No more weird toolchains, strange binary packagers, vulnerable network code, injectable phishing forms...

You got it, Rust is the language to rule them all.

Due to momentum, Rust isn't widely adopted by the security industry yet, but once the tech leads and independent hackers understand this reality, the change will happen really fast.

This is why I dedicated the past months to write a book about the topic: Black Hat Rust - Applied offensive security with the Rust programming language.

While the Rust Book does a great job explaining What is Rust, Black Hat Rust is about Why and How to Rust.

Some say that Rust is ugly or too hard write. This is false! You can write Rust code without lifetime annotations. Actually, clean Rust code looks very similar to TypeScript while empowering the developers a thousand times more. And I can prove it: All the code accompanying the book is available on GitHub: https://github.com/skerkour/black-hat-rust

In the book, we learn how to:

  • Build fast and reusable network scanners
  • Craft cross-platform shellcodes
  • Code a Phishing toolkit with WebAssembly
  • Create a cross-platform Remote Access Tool
  • Design and implement an end-to-end encryption protocol
  • And many other tips and tricks

But, more importantly, I share what I learned through years of experience and thousands of lines of code, so you don't have to make the same costly (in time) mistakes as I did.

Indeed, the book is designed to save you a lot of time in your Rust and offensive security learning journey. So if you understand the value of your time, and understand that, in order to write secure code you have to think like an attacker, this book is for you!

You can get the book here: https://kerkour.com/black-hat-rust.

1 email / week to learn how to (ab)use technology for fun & profit: Programming, Hacking & Entrepreneurship.
I hate spam even more than you do. I'll never share your email, and you can unsubscribe at any time.

Tags: hacking, programming, rust, security

Want to learn Rust, Cryptography and Security? Get my book Black Hat Rust!