black-hat-rust
john
Our great sponsors
black-hat-rust | john | |
---|---|---|
48 | 77 | |
3,044 | 9,267 | |
1.5% | 3.1% | |
4.3 | 9.3 | |
7 months ago | 5 days ago | |
Rust | C | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
black-hat-rust
-
Cloudflare for Speed and Security
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!
-
Show HN: I'm writing a book – Cloudflare for Speed and Security
Hey HN,
I'm so excited to finally share with you what I've been working on recently.
One month ago I asked my audience what they wanted to learn about Websites, APIs and Servers security [0].
From the feedback, I've identified a few recurring pain points that I've started to address (and many more) in this new book.
From theory to practice, you will learn how low-level network and security protocols work. How to configure Cloudflare to secure and scale your web applications. How to create serverless applications and which database to chose with serverless functions. How to optimize your caching policies. How to distribute videos globally. And a lot of other things, all of that while significantly reducing your cloud bill.
Today, the book is far from ready, but I still wanted to release it as "Early Access". First, to enable you to start learning today and, secondly, to garner feedback and refine the book's content.
Between writing, editing, and technical reviewing, it can take some time to complete a book. That's why I release my books before they are fully completed - so you can commence learning before the book is 100% ready, provide feedback, and help shape the content. Rest assured, all future updates are free of charge.
The final publication date is set for mid-January 2024.
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust [1], for free! Yes, you read it right, two books for less than the price of one!
Furthermore, all early-access supporters will receive the checklist I use to quickly set up a new domain on Cloudflare, ensuring the right balance between security, performance, and user experience.
Lastly, the price is likely to increase once the book transitions out of Early Access, so don't postpone getting your copy.
Sylvain
[0] https://kerkour.com/what-do-you-want-to-learn-about-web-and-...
[1] https://kerkour.com/black-hat-rust
- Black Hat Rust
-
The EU Suppressed a 300-Page Study That Found Piracy Doesn’t Harm Sales
The best way I have found to prevent the piracy of my book (https://kerkour.com/black-hat-rust) is to inundate pirate platforms with only the first chapter and with a discount inside for those who can't afford the original price.
So far it worked really well.
-
[Question] Does Rusts safety features make it less useful for pentesting?
Black Hat Rust
-
Offensive Rust
You mean like this? https://kerkour.com/black-hat-rust
-
Position Independent Shellcodes in Rust (PIC)
As usual, you can find the code on GitHub: github.com/skerkour/black-hat-rust (please don't forget to star the repo 🙏).
-
How to Write and Compile a Shellcode in Rust
This post is an excerpt from my book Black Hat Rust
-
Learn Rust, Offensive Security and Applied Cryptography
This is why I dedicated the past months to write a book about the topic: Black Hat Rust - Applied offensive security with the Rust programming language.
-
Backdooring Rust crates for fun and profit
Want to learn more Rust, Offensive Security and Applied Cryptography? Take a look at my book Black Hat Rust Get 42% off until Friday, November 12 with the coupon 1311B892
john
-
Best Hacking Tools for Beginners 2024
John The Ripper
-
Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.
🔗Kali Linux Wordlist: What you need to know 🔗crunch 🔗WordLists - Kali-Tools 🔗WordLists - GitLab - repository 🔗John - Kali-Tools . 🔗Openwall -github repository -John 🔗John-The-Ripper-Tutorial - Techy Rick 🔗Openwall -John - Offical Website . 🔗Hash Cat - Wiki 🔗Cap 2 Hashcat 🔗Markov - Chain 🔗Hash Cat - Forums 🔗Security Stack Exchange - Question 260773 🔗StationX - How to use Hashcat 🔗MSF/Wordlists - charlesreid 🔗MSFConsole 🔗How to use hashcat 🔗MSF/Wordlists - charlesreid1 🔗Where do the words in /usr/share/dict/words come from? 🔗SCOWL (Spell Checker Oriented Word Lists) 🔗The spell utility -spell - find spelling errors (LEGACY) - UNIX What are Different Types of Cryptography? sha1-vs-sha2-the-technical-difference-explained-by-ssl-experts/ 🔗password-encryption 🔗Secure-Programs SHA-1 🔗What-are-computer-algorithms 🔗What Are MD5, SHA-1, and SHA-256 Hashes, and How Do I Check Them? - howtogeek.com 🔗kali-linux-wordlist-what-you-need-to-know
-
password decryption help
Ok, both John the ripper, hashcat and other tools seem to support extracting the hash, or directly trying to discover the password.
- Metasploit explained for pentesters
-
Inception: Leaking the root hash from /etc./shadow on AMD Zen 4 [video]
With the root hash you can crack the root password using tools like John The Ripper[0]. More generally, I assume, this exploit can be used to read any arbitrary files on the system, bypassing regular access control, and plenty of other stuff you aren't supposed to be able to do as a non-privileged user.
0: https://www.openwall.com/john/
-
How to pass this captcha?
use (John the Ripper)[https://github.com/openwall/john] and (rockyou.txt)[https://github.com/rockyou.txt]
-
Attempting to use john the ripper on a password protected zip file, says it is not encrypted?
this actually seems to have been reported as a bug and fixed years ago but it is still affecting me on a version freshly downloaded from the AUR, is there a way around this or another program i can use?
-
Hackers Tools: Must-Have Tools for Every Ethical Hacker
John the Ripper
-
Password-protecting PDF pay statements with Social Insurance Number (Canada).
Since I used to work for the employer in question, I decide to crack my own password-protected pay statements. I downloaded and built John the Ripper jumbo and then all I had to do was run a few commands after looking at the documentation, and there was my SIN number almost instantly.
-
Why Isn't a Timer Capable of Preventing Brute Force
However, most credential brute forcing takes place offline against a leaked database from some site. A program like John the Ripper is used to try hashing each word in a dictionary until it matches the entries in the database. Because this all happens offline, there's no mechanism in place to delay the attempts or lock the user out.
What are some alternatives?
sn0int - Semi-automatic OSINT framework and package manager
hashcat - World's fastest and most advanced password recovery utility
zero-to-production - Code for "Zero To Production In Rust", a book on API development using Rust.
btcrecover - BTCRecover is an open source wallet password and seed recovery tool. For seed based recovery, this is primarily useful in situations where you have lost/forgotten parts of your mnemonic, or have made an error transcribing it. (So you are either seeing an empty wallet or gettign an error that your seed is invalid) For wallet password or passphrase recovery, it is primarily useful if you have a reasonable idea about what your password might be.
yakuza-freecam - Yakuza Freecam Tool made in Rust
mimikatz - A little tool to play with Windows security
dirble - Fast directory scanning and scraping tool
bitcracker - BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker
rust-windows-shellcode - Windows shellcode development in Rust
JohnTheRipper - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs [Moved to: https://github.com/openwall/john]
CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera - 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.