book

Black Hat Go

by Tom Steele, Chris Patten, Dan Kottmann

January 2020

Intermediate to advanced

368 pages

9h 46m

English

No Starch Press

Read now

Unlock full access

Who This Book Is ForWhat This Book Isn’tWhy Use Go for Hacking?Why You Might Not Love GoChapter Overview
Setting Up a Development EnvironmentUnderstanding Go SyntaxSummary

Understanding the TCP HandshakeBypassing Firewalls with Port ForwardingWriting a TCP ScannerBuilding a TCP ProxySummary
HTTP Fundamentals with GoBuilding an HTTP Client That Interacts with ShodanInteracting with MetasploitParsing Document Metadata with Bing ScrapingSummary
HTTP Server BasicsCredential HarvestingKeylogging with the WebSocket APIMultiplexing Command-and-ControlSummary
Writing DNS ClientsWriting DNS ServersSummary
The SMB PackageUnderstanding SMBGuessing Passwords with SMBReusing Passwords with the Pass-the-Hash TechniqueRecovering NTLM PasswordsSummary
Setting Up Databases with DockerConnecting and Querying Databases in GoBuilding a Database MinerPillaging a FilesystemSummary
Setting Up Your EnvironmentIdentifying Devices by Using the pcap SubpackageLive Capturing and Filtering ResultsSniffing and Displaying Cleartext User CredentialsPort Scanning Through SYN-flood ProtectionsSummary
Creating a FuzzerPorting Exploits to GoCreating Shellcode in GoSummary
Using Go’s Native Plug-in SystemBuilding Plug-ins in LuaSummary
Reviewing Basic Cryptography ConceptsUnderstanding the Standard Crypto LibraryExploring HashingAuthenticating MessagesEncrypting DataBrute-Forcing RC2Summary
The Windows API’s OpenProcess() FunctionThe unsafe.Pointer and uintptr TypesPerforming Process Injection with the syscall PackageThe Portable Executable FileUsing C with GoSummary
Exploring the PNG FormatReading Image Byte DataWriting Image Byte Data to Implant a PayloadEncoding and Decoding Image Byte Data by Using XORSummaryAdditional Exercises
Getting StartedDefining and Building the gRPC APICreating the ServerCreating the Client ImplantBuilding the Admin ComponentRunning the RATImproving the RATSummary

Overview

Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go.

You’ll begin your journey with a basic overview of Go’s syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You’ll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You’ll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography.

You'll learn how to:

•Make performant tools that can be used for your own security projects

•Create usable tools that interact with remote APIs

•Scrape arbitrary HTML data

•Use Go’s standard package, net/http, for building HTTP servers

•Write your own DNS server and proxy

•Use DNS tunneling to establish a C2 channel out of a restrictive network

•Create a vulnerability fuzzer to discover an application’s security weaknesses

•Use plug-ins and extensions to future-proof products

•Use plug-ins and extensions to future-proof products

•Build an RC2 symmetric-key brute-forcer

•Implant data within a Portable Network Graphics (PNG) image

Are you ready to add to your arsenal of security tools? Then let’s Go!