Rust for Cyber Security and Red Teaming
2024-1-24 11:4:33 Author: infosecwriteups.com(查看原文) 阅读量:18 收藏

Smukx

InfoSec Write-ups

This blog covers about short Introduction of Rust and where you should start learning the basics to advance and how to implement it in Cyber Security, red teaming, Tool development . Providing you A..Z Resources to Kick Start into Rust .

Hello everyone, It's been a while since I write an blog. I stopped writing on blogs because i was focused on my learning phase , Developing new tools, writing C2 Frameworks, Writing my own security Tools etc. Okkie Guys, Lets Dive into the Blog.

“It doesn’t matter if you come from C++, JavaScript, or even if you don’t know any programming language. Rust is a good choice for your first programming language.”

In this blog :-

* Short Into about rust
* Advantages of using rust
* Rust for cybersecurity
* Rust Resources for Cyber Security
* Rust Books to master
* Tips while learning Rust

By StackOverFlow

Rust is a multi-paradigm programming language that combines the blazing speed of C/C++, the memory safety of languages like Java, and the modern features of functional programming. This unique blend makes it an increasingly popular choice for a variety of applications, especially those demanding high performance and reliability.

Sure, but why, really?

Rust solves some of developers’ most frustrating memory management problems commonly associated with C and C++, but that’s not its only capability. Rust has Concurrency , No garbage collection , Cargo Package Manager, Zero-cost abstractions , Pattern matching, Type inference.

Rust is a rapid growing language with a bright future. It is being used by major companies like Microsoft , Amazon , Discord , Mozilla, Dropbox, and Facebook etc. and it is becoming increasingly popular in the embedded systems and web development spaces.

For More about rust here is an Blog that released by Github.
Microsoft statement of using Rust on Windows : Microsoft Site.
The Most Loved Programming language of all Time by StackOverFlow.

Created in Canva by Me

Since rust has become most popular among developers and hackers , writing malware on rust has increasing day by day. As you can see the fundamental tools are started rewritten on rust.

For Example,
RustScan, Feroxbuster , LibAF, Lsniffglue , goblin, ripgrep etc..

Not yet, its just the beginning. Rust can be used writing your own shellcode , exploits, malwares, reverse shells fuzzing tools and many more. Rust can be an challenging task for reverse engineers.

For more content about rust for Cyber Sec . Check out this LinkedIn Blog.

Rust on Low Level and Malware Perspective .

  • Threat actors chooses Rust for its speed and efficiency compared to other languages. This can allow them to develop malware that runs faster, consumes fewer resources, and evades detection by traditional security software.
  • Smaller binaries: Rust’s statically-typed nature and minimal runtime can lead to smaller binaries compared to interpreted languages. This can make malware harder to detect by size-based analysis.
  • Rust’s strong concurrency features allow for complex, multi-threaded malware that can perform multiple tasks simultaneously. This can make it harder to track and analyze the malware’s behavior.
  • Rust’s ownership system helps prevent memory leaks and dangling pointers, which are common vulnerabilities exploited in malware. This can make the malware more robust and resilient to attacks.
  • Embeddability: Rust can be embedded within other applications, making it difficult to identify and remove malicious code.

Rust on Frameworks, Web assembly Perspective.

  • Unbeatable Predictability: The predictability of Rust’s memory management eliminates memory-related crashes that can sometimes occur in languages with garbage collection. This can be invaluable for developing mission-critical systems or applications where downtime is unacceptable.
  • Beyond Traditional JavaScript: Although the frontend environment for Rust is still developing, frameworks for creating high-performance web apps such as Actix Web, Axum, and Rocket.rs are showing promise. They present a welcome substitute for frameworks based on JavaScript, offering a special fusion of control, safety, and performance.
  • Pushing the Boundaries with WASM: Fronted frameworks like Yew, Leptos, and Iced are pushing the boundaries of what’s possible with Rust in the browser, enabling the creation of performant and interactive web UIs. While they may not yet match the maturity of established JavaScript frameworks, these Rust options offer potential for developers seeking alternative approaches with inherent safety and performance benefits.

Compared to JavaScript, Rust can produce significantly faster binaries, especially when compiled to Web Assembly for the fronted. This can lead to a noticeably smoother user experience, particularly for computationally demanding tasks.

Created in Canva by Me

So you have decided to learn rust but don't know where to get started ?!. Don’t worry you have came to the right place.

I am gonna separate the Study path as modules for Easy Journey and attain the perfect learning curve.

Learn the basis, understand the complex and develop some tools before using rust into security . why? because in order to break things you must understand how they works right !!

MODULE 1 : <BASICS>

  • Rust Book with Quiz: An unofficial documentation (an copy of Rust Book ) that has quizzes and question per topic ( Recommend Document).
  • Take your first step with Rust : An Rust Beginner Documentation by Microsoft ( Recommend ).
  • Rust for Windows: An official Guide to getting start in Rust by Microsoft. ( Recommend )
  • Easy Rust : Learn Rust with Easy English. Topic wise Topic. If you want to learn about particular topic i recommend this documentation for reference.
  • Rust Book: An official rust documentation by the rust community. Learn all the topics in that documentation.

For Practicing i highly recommend Rustlings an rust program that teaches rust by solving them ‘learn rust by doing’.

MODULE 2 : <Basic\Intermediate>

  • Microsoft’s Path : An complete path to become strong at Basics and Intermediate. ( Highly Recommend )
  • Rust By Example : An Mini Documentation that Explains Rust with runnable examples that illustrate various Rust concepts and standard libraries ( Recommend )
  • Rust Macros : Practical Examples and Best Practices. ( Highly Recommend )
  • Asynchronous Programming: Learn the Basics of multi-threading programming. ( Highly Recommend )
  • Windows API : Learn how to implement windows API with Rust. ( Highly Recommend )
  • Into about Rust Ecosystem : From there you can choose what you need to do depend upon your use .( Recommend )

MODULE 3: <Intermediate/Advance>

Enter the world of Low-Level Programming!

  • Writing OS in Rust : Since you do not need to write the Kernel in rust but read the fundamentals like Heap Allocation , Async/Await , Paging . It the most common thing to learn in rust if you are coding an system level tools and projects like Mimikaz etc.
  • Rust Atomics and Locks : Learn low-level concurrency looks like from a Rust perspective. Great book to learn about threads ,mutexes, references , interior mutability , memory ordering etc.
  • Visit OffensiveRust Repository where it contains Offensive . Analise and understand How its done, you will get an better idea !
  • Web Frameworks : Actix and Rocket is an top web framework for Rust.

[Additional] Visit These Repository for awesome security Lists about Rust:

Rust By Practice
  1. Use Ai Tools such as Bard, ChatGPT and Bing for using the tools.
  2. In this Ai tools, Bard and Bing is best for Rust practices . I’m impressed with how Bard Explains about the error and it’s pretty good at teaching complex rust codes.
  3. There is a repository exercise called Rust by Practice. you can do it to understand the topics learned . Link to Documentation and do the Rustlings course which contains small problems with errors . you need to fix in order to move to the next level.

Rust Collab :-

Currently, I’m doing more rust projects to my College as well as creating cyber tools for Pen testing. i will be sharing the complex topics and challenge i faced during the creation of tools on the upcoming Blogs .

Since I didn't find any proper source code of Rust Malware. I didn’t mention any malware development resource here. I will be posting malware development using Rust series soon! .

You can check out my project at GitHub Project where i used libraries to build malicious java script to receive user’s public IP, location etc. For more usage of this tool i have documented here.

If You Find this Blog, Please support my work by Leaving a clap and share to your Nerd Friends :)

If you have an Great Resource . Please Share it So that i can Edit and Add into this blog. You can contact via Gmail or via X Message.

Follow me on X and GitHub to stay updated and to know new things .

That’s it Guys
Bye Bye , Take Care.


文章来源: https://infosecwriteups.com/rust-for-cyber-security-and-red-teaming-275595d3fdec?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh