The software industry when we hear the word "security" There is no one month without some popular dependencies found to be compromised or backdoored. I've already written about how easy it is to insert a stealth backdoor in a software package, so today we are going to … | Continue reading
First, a term disambiguation: what is the difference between a scraper and a crawler? Scraping is the process of turning unstructured web data into structured data. Crawling is the process of running through a lot of interlinked data (web pages, for example). In practice, it' … | Continue reading
I sincerely believe that Rust is a huge step forward in terms of software reliability and performance, which directly translate to $$ and time saved. It solves a lot of problems that I face every day as a developer, such as immutability and good abstractions. But like all technol … | Continue reading
37.2% of vulnerabilities in cryptographic libraries are memory safety issues, while only 27.2% are cryptographic issues, according to an empirical Study of Vulnerabilities in Cryptographic Libraries (Jenny Blessing, Michael A. Specter, Daniel J. Weitzner - MIT). I think it's … | Continue reading
Rust is designed by a committee, by choice. If you ever have managed a project, you should smell the unfocused monstrosity coming from 100 KM away. And yet, after many years, I've come to the conclusion that in Rust's case, it's a huge asset instead of a liability. Ge … | Continue reading
{{< hacking_stories_disclaimer >}} Andrei lives a calm and quiet life in the countryside of a small country. The day he is working remotely as a developer for a company on the other side of the planet. The night, he develops an open-source browser extension that allows peop … | Continue reading
I've been interested in functional programming since a friend introduced Haskell to me at University. While I never successfully learned Haskell as it's too far from what I was using day to day (C and Node.js), a new language perfectly mixing imperative and functional pro … | Continue reading
I write code since 2013 and started my entrepreneurship journey in 2017. That gave me plenty of time to observe a recurring pattern: Engineers love to get it right. Entrepreneurs love to get it done. It materializes in a lot of ways, here are the most striking examples: Engineers … | Continue reading
Let us not beat around the bush: Rust is not easy to learn. I think it took me nearly 1 year of full-time programming in Rust to become proficient and no longer have to read the documentation every 5 lines of code. It's a looong journey but absolutely worth it. | Continue reading
This post is part 3 of the series: The foundations of end-to-end encryption and contains excerpts from my book Black Hat Rust about Security, Rust and Cryptography. When 2 parties, let's say Alice and Bob, want to exchange messages over an insecure channel, they need to find … | Continue reading
Table of contents The frameworks Performance Ecosystem and Community JSON deserialization Routing Middleware State Conclusion The frameworks as of February 2022 crate Version Total Downloads Description actix-web 4.0.0-rc.3 5,134,720 Actix Web is a powerful, pragmatic, and extrem … | Continue reading
A few months ago, we saw how to execute a shellcode from memory in Rust. What if we could write the actual shellcode in Rust?Writing shellcodes is usually done directly in assembly. It gives you absolute control over what you are crafting, however, it comes with many, many drawba … | Continue reading
This post contains excerpts of my book Black Hat Rust There are many architectural patterns to design web applications. A famous one is the “Clean Architecture” by Robert C. MartinThis architecture splits projects into different layers in order to produce systems that are Indepen … | Continue reading
Rust is a rather large and complex programming language with a lot of features. But I have good news: less than 20% of the features will bring you more than 80% of the results.Here are the features I consider indispensable to learn when you are starting Rust.Ready to dive?Enums E … | Continue reading
“But, it works on my machine”“If I install this NPM package, is it going to rm -rf / or infect me with a cryptominner?"“I spent the whole day trying to install $DATABASE on my laptop but it still doesn’t work!"As we saw 2 months ago, supply chain attacks are more and more common, … | Continue reading
Hacking stories are fictitious adventures backed by real-world hacking techniques. Their sole purpose is education. All characters, places and events in this publication are fictitious and any resemblance to real persons, living or dead, is purely coincidental. Sarah was already … | Continue reading
Black Hat Rust is out of beta :) v2021.40 It’s now official, as of v2021.40, Black Hat Rust is considered out of beta and complete!Hundreds of typos have been corrected, layout issues have been fixed, and there is no more “coming soon” remaining. I’ve also added a few tips and tr … | Continue reading
Supply chains attacks are all the rage these days, whether to deliver RATs, cryptocurrencies miners, or credential stealers.In Rust, packages are called crates and are (most of the time) hosted on a central repository: https://crates.io for better discoverability.We are going to … | Continue reading
Hacking stories are fictitious adventures backed by real-world hacking techniques. Their sole purpose is education. All characters and events in this publication are fictitious and any resemblance to real persons, living or dead, is purely coincidental. James is a Computer Scien … | Continue reading
Now that most of our communications are digital, a problem arises: How to keep our messages private despite all the intermediaries? Internet Service Providers (ISPs) and Service providers (Facebook, Telegram, Line, WeChat…) are all in a position of Man-In-The-Middle (MITM) and ar … | Continue reading
A few months ago, we saw how to execute a shellcode from memory in Rust. What if we could write the actual shellcode in Rust?Writing shellcodes is usually done directly in assembly. It gives you absolute control over what you are crafting, however, it comes with many, many drawba … | Continue reading
I write code since 2013 and started my entrepreneurship journey in 2017. That gave me plenty of time to observe a recurrent pattern:Engineers love to get it right.Entrepreneurs love to get it done.It materializes in a lot of ways, here are the most striking examples: Engineer hav … | Continue reading
To write a fast port scanner, a programming language requires: A Good I/O model, not to eat all the resources of the system. High-level abstractions and a good packaging system to isolate low-level code and reuse it easily. To be type and memory safe, because who wants offensive … | Continue reading
I used to be a pathological overthinker. Everything had to be carefully planned, from the words I would say to the baker to order a baguette to all the insignificant details of any of the projects I worked on. Is it better to tweet at 18:00 or 18:05? Rust or Go? Functional or imp … | Continue reading
Programming tips from the field. Mostly Rust and Go. By Sylvain Kerkour, creator of Bloom and author of Black Hat Rust. | Continue reading
The journey of a software craftsman. By Sylvain Kerkour, creator of Bloom and author of Black Hat Rust. | Continue reading
Strong opinions and crazy ideas on minimalism, hacking and everything in between. By Sylvain Kerkour, creator of Bloom. | Continue reading
Strong opinions and crazy ideas on minimalism, hacking and everything in between. By Sylvain Kerkour, creator of Bloom. | Continue reading
Polyglot programming frameworks | Continue reading
Logging | Continue reading