Summer has finally arrived, time for everybody to forget the monotony of the city and head to the beaches to relax and a few unforgettable parties. It's also the favorite period of the year for the government to pass all their controversial and creepy laws that don't have … | Continue reading
I have a confession to make. I have always dreamed of gluing tiny screens in front of my eyes in order to escape the real world and join virtual ones with blue grass, pink elephants, microtransactions everywhere and purple aliens with too many nipples but no legs. Just kidding. N … | Continue reading
Books, articles, websites, videos, or audios worth sharing. Case study: fake hardware cryptowallet Rest of World - Reporting Global Tech Stories LibRedirect: A web extension that redirects YouTube, Twitter, TikTok, and other websites to alternative privacy friendly frontends Back … | Continue reading
Today no technical deep dive as I'm preparing something BIG for the coming weeks :) Instead, I wanted to share what I consider to be the best tool that I use as a technical writer. No, it's not a Large Language Model which will generate infinite crap that you can | Continue reading
RSA SSH keys are either insecure (too small) or inconvenient (too large). Instead you should use Ed25519 keys which are 32 bytes long and provides ~128 bits of security, similar to ~3000 bits (375 bytes) long RSA keys. Here is how to generate Ed25519 SSH keys: $ ssh-keygen -t ed2 … | Continue reading
Books, articles, websites, videos, or audios worth sharing. On self-modifying executables in Rust Beepberry – a portable e-paper computer for hackers The Threat on Your Desk: Building an Evil USB-C Dock Hypersonic missiles are misunderstood ARM Takes Wing: Qualcomm vs. Intel CPU … | Continue reading
Today, I've updated the home page of this website to include my new policy regarding Artifial Intelligence systems. This website and its content is mostly Artifial Intelligence (AI) free. As a non-native English writer, I may occasionally use it to correct the grammar of my w … | Continue reading
Last week, we saw why SHA256 is certainly the best hashing algorithm that you can use today if you want to securely check the integrity of some data. As explained, SHA256 is preimage resistant: it's virtually impossible to find the original message Message for a given H where … | Continue reading
SHA256 being vulnerable to length-extension attacks, you need to use the special HMAC construction to securely sign data with SHA256 and a secret key. Here is how to do it in Go. package main import ( "crypto/hmac" "crypto/rand" "crypto/sha256" "encodi … | Continue reading
Whether you are developing a new application or defining a new protocol, you may have a hard time deciding which hash function to use. Which one is safe? Which one is fast? Let's find out! Why do we need fast hashing? But Sylvain, I thought that hashing should be slow | Continue reading
Compressing files into a .zip archive and unzipping it in Go is super easy thanks to its extensive and easy-to-use standard library. Here is how. Zip files in Go // zip.go package main import ( "archive/zip" "io" "io/fs" "log" "os" "pat … | Continue reading
Deep Work: Rules for Focused Success in a Distracted World by Cal Newport In "Deep Work", Cal Newport, an associate professor of computer science at Georgetown University, argues that deep work is a valuable and increasingly rare skill in our attention-starved society. As … | Continue reading
Books, articles, websites, videos, or audios worth sharing. Turn off VoLTE, Wi-Fi calling due to severe Exynos modem vulnerabilities on Pixel 6, more "Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at t … | Continue reading
Privacy is the foundation of all other freedoms. Without privacy, there can be no freedom of speech, no freedom of association, and no freedom of thought. On January 18, 2023, Apple, with iOS 16.3, expanded the global availability of its new feature: Advanced data protection for … | Continue reading
Books, articles, websites, videos, or audios worth sharing. Who's Behind the NetWire Remote Access Trojan? I quitted Infosec and I couldn't be happier My 40-liter backpack travel guide AI Face Generator GCore cloud platform | Continue reading
Books, articles, websites, videos, or audios worth sharing. Strategies to reduce smartphone use How Bullshit Has Dominated The Tech Industry UK Proposes Even More Stupid Ideas For Directly Regulating The Internet, Service Providers Information Collection For Pentest SRC Choosing … | Continue reading
Today only one link: Opt Out, a fantastic pay-what-you-want book by Rory Price. It's a short fiction about a close future where neural implants would become "required" to participate in society. Of course, it was a not-so-bright idea and we can easily make a parallel … | Continue reading
Books, articles, websites, videos, or audios worth sharing. [Book] Why We Sleep: Unlocking the Power of Sleep and Dreams by Matthew Walker Matthew Walker's "Why We Sleep" Is Riddled with Scientific and Factual Errors Sleep deprivation is not a badge of honor Hardware … | Continue reading
Books, articles, websites, videos, or audios worth sharing. Yes, fun browser extensions can have vulnerabilities too! Hacking myself to prove a point CircleCI incident report for January 4, 2023 security incident My Problems With Facebook The iPad Commandments | Continue reading
Books, articles, websites, videos, or audios worth sharing. Jamsync: A version control system based on rsync A git replacement is long overdue. Even if I think that this specific project is far from perfect, they have some interesting ideas. Content Defined Chunking (CDC) File Tr … | Continue reading
Books, articles, websites, videos, or audios worth sharing. Hack-with-Github/Awesome-Hacking This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761 Making Clouds Rain :: Remote Code Execution in Microsoft Office 365 Everyday Data Science Hiding malware … | Continue reading
The only things you have when you are young. The only things you want when you are old. | Continue reading
Books, articles, websites, videos, or audios worth sharing. Cloudmoney: Cash, Cards, Crypto, and the War for Our Wallets PoC||GTFO, Volume 3 RSSHub - an open source, easy to use, and extensible RSS feed aggregator, it's capable of generating RSS feeds from pretty much everyth … | Continue reading
After seeing how to craft a shellcode in Rust and how to execute it, it's time to build a more advanced shellcode, in Rust too, to understand where a high-level language really shines. A reverse TCP shellcode establishes a TCP connection to a server, spawns a shell, and forwa … | Continue reading
Amazon just introduced their new E-ink table: the Kindle Scribe, which unlike other e-readers made by the company is not limited to reading but also features a larger 10.2" display and a pen to take notes, like the remarkable tablet. As I already own a kindle Paperwhite, and … | Continue reading
In this post, we are going to speed up a port scanner in Rust by using multiple threads instead of only one and see how easily it can be achieved thanks to Rust's type system. This post is an excerpt from my book Black Hat Rust Once you have discovered | Continue reading
The moment has come to get your hands dirty: let's write your first Rust program. As for all the code examples in this course, you can find the complete code in the accompanying Git repository: https://github.com/skerkour/black-hat-rust $ cargo new sha1_cracker Will create a … | Continue reading
Where were you on Monday, September 8, 2014? How much time do you spend outside of your house every day? How many times have you visited your doctor this year? How many messages have you sent to this other guy when your boyfriend was out of town? While you may | Continue reading
I personally find bitsquatting attacks mind-blowing! The idea is that computers suffer from memory errors where one or more bits are corrupted, they are different than their expected value. It can come from electromagnetic interference or cosmic rays (!). This post is an excerpt … | Continue reading
Denial of Service (DoS) attacks always have been the easiest way to inflict maximum financial damages without requiring advanced skills or techniques. With the advent of cloud computing, website owners can now deploy more resources than the attackers and gracefully handle these p … | Continue reading
This post contains excerpts from my book Black Hat Rust There are many architectural patterns to design web applications. A famous one is the "Clean Architecture" by Robert C. Martin This architecture splits projects into different layers in order to produce systems that … | Continue reading
This post contains excerpts from my book Black Hat Rust Threads were designed to parallelize compute-intensive tasks. However, these days, a lot of applications (such as a network scanner) are I/O (Input / Output) intensive. Thus, threads have two significant problems: They use a … | Continue reading
A lot of people want to learn Rust but are afraid that the language or the ecosystem is not production-ready yet, or that they may not find a job. Be reassured, Rust is already used in production, from small shops to the largest companies in the world, serving billions of | Continue reading
This post contains excerpts from my book Black Hat Rust Last week, we saw the difference between Cooperative and Preemptive scheduling and how it enables resources-efficient I/O operations. Today, we are going to learn how runtimes work under the hood. Rust does not provide the e … | Continue reading
Whether it be with React, VueJS, Angular, or in Rust, modern web applications are composed of 3 kinds of pieces: Components Pages Service Components are reusable pieces and UI elements. An input field, or a button, for example. Pages are assemblies of components. They match route … | Continue reading
I used to be a pathological overthinker. Everything had to be carefully planned, from the words I would say to the baker to order a baguette to all the insignificant details of any of the projects I worked on. Is it better to tweet at 18:00 or 18:05? Rust or | Continue reading
This post is part 2 of the series: The foundations of end-to-end encryption and contains excerpts from my book Black Hat Rust about Security, Rust and Cryptography. Building an end-to-end encrypted service Let's say we want to build a service using end-to-end encryption to se … | Continue reading
Like a lot of people, I used to be a pathological maximalist. A phone with more features is necessarily better, a company with more people is better, a program with more lines of code is better, a house with more stuff is better. Until the day when reality hit me | Continue reading
Introduction to Rust generics: Traits Trait Objects (Static vs Dynamic dispatch) This post is an excerpt from my book Black Hat Rust Now you may be wondering: How to create a collection that can contain different concrete types that satisfy a given trait? For example: trait UsbMo … | Continue reading
Now that most of our communications are digital, a problem arises: How to keep our messages private despite all the intermediaries? Internet Service Providers (ISPs) and Service providers (Facebook, Telegram, Line, WeChat...) are all in a position of Man-In-The-Middle (MITM) and … | Continue reading
🇫🇷 Version française ici We cannot solve our problems with the same thinking we used when we created them. Universal and unprecedented challenges (Why?) Open source, access, data... (How?) Bloom: the top-secret master plan (What?) In summary TL;DR To bring an answ … | Continue reading
Introduction to Rust generics: Traits Imagine that you want to add a camera to your computer which is lacking one. You buy a webcam and connect it via a USB port. Now imagine that you want to add storage to the same computer. You buy an external hard drive and | Continue reading
For a few years, serverless has been pushed hard by the different cloud providers as a magical solution for all our problems. Before we get too far, let's clarify things. Here we are talking about serverless functions: AWS lambda or Scaleway Serverless Functions, where you up … | Continue reading
Malicious bots can cause a lot of damages to your websites whether it be stealing your content or scanning for vulnerabilities. Here is how to defend against them. This post is an excerpt from my book Black Hat Rust A zip bomb is a specifically crafted archive abusing the compres … | Continue reading
Over the decades, Humans have proved to be pretty bad at producing bug-free software. Trying to apply our approximative, fuzzy thoughts to perfectly logical computers seems doomed. While the practice of code reviews is increasing, especially with the culture of Open Source becomi … | Continue reading
Unfortunately, using threads is not a free and easy win. Concurrency issues are the fear of a lot of developers. Due to their unpredictable behavior, they are extremely hard to spot and debug. They can go undetected for a long time, and then, one day, simply because your system i … | Continue reading
And by that, I mean exactly 100 lines (excluding templates), with hot reload and an embedded web server 😃 Conceptually, a static site generator is straightforward. It takes some files as input, often markdown, render them, merge them with pre-defined templates, and output … | Continue reading
The Hare programming language was announced a few days ago, and, at first glance, its syntax looks similar to Rust. So, why would people bother to create a new language which aims to fulfill the same niche as Rust (system programming), with a similar syntax? Rust is often describ … | Continue reading