I thought this repo was something I could read on GitHub, but it seems like it just stores code associated with the book. So this is just an ad for the book. And all the chapter links 404.
> Which programming language allows to craft shellcodes, build servers, create phishing pages? Before Rust, none!<p>i'd ordinarily consider this too implausible a statement to be seriously believed, but rust people really do talk like this.
I think what the author hasn't realized yet is that for the most part - exploit development, fuzzing a binary, finding a logical problem and building a feasible exploit for it - you are fighting against the language that you chose.<p>The reason Go got so popular is not because of its type system, but because it also has a mode of programming "good enough" prototypes.<p>Python for exploit development is also great due to the gdb fork that can generate python payloads, offsets etc, but it sucks for deployment on targets.<p>If I would compare the three language choices I don't see why anyone would choose Rust over the other two in terms of efficiency and not having to fight the language. I don't even know whether it would be possible to write an exploit that overflows something in an external ABI binary in Rust without sacrificing everything that Rust stands for. After all, the binary would have to be statically linked for deployment, have to support invalid types, have to support invalid control flows etc.<p>On the other hand, in Go that's what CGo is made for. The VM and GC in Go doesn't care about what CGo does.<p>Edit: nevermind, the only example that is using Rust for this type of exploits is a sudo cli argument exploit, lol. I would have expected a little more than a char array generator that's using the FFI package. [1]<p>[1] <a href="https://github.com/skerkour/black-hat-rust/blob/main/ch_07/exploits/cve_2021_3156/exploit/src/main.rs">https://github.com/skerkour/black-hat-rust/blob/main/ch_07/e...</a>
I feel as though buying a book like this is admission that you don't have what it takes to do black hat work. Good if it's just out of curiosity though.