Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad

Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Free Chapter

Introduction to Security with Go

Introduction to Security with Go

Why use Go for security?

Development environment

Running Go examples

The Go Programming Language

The Go Programming Language

Go language specification

The Go playground

Notes about source code

Control structures

Getting help and documentation

Working with Files

Working with Files

Reading and writing

Creating temporary files and directories

Downloading a file over HTTP

Forensics

Packet Capturing and Injection

Packet Capturing and Injection

Getting a list of network devices

Capturing packets

Capturing with filters

Saving to the pcap file

Reading from a pcap file

Decoding packet layers

Creating a custom layer

Converting bytes to and from packets

Creating and sending packets

Decoding packets faster

Cryptography

Secure Shell (SSH)

Secure Shell (SSH)

Using the Go SSH client

Brute Force

Brute forcing HTTP basic authentication

Brute forcing the HTML login form

Brute forcing SSH

Brute forcing database login

Web Applications

Web Applications

Web Scraping

Web scraping fundamentals

Using the goquery package for web scraping

How to protect against web scraping

Host Discovery and Enumeration

Host Discovery and Enumeration

TCP and UDP sockets

Grabbing a banner from a service

Creating a TCP proxy

Finding named hosts on a network

Fuzzing a network service

Social Engineering

Social Engineering

Gathering intel via JSON REST API

Sending phishing emails with SMTP

Generating QR codes

Post Exploitation

Post Exploitation

Cross compiling

Creating bind shells

Creating reverse bind shells

Creating web shells

Finding writable files

Changing file timestamp

Changing file permissions

Changing file ownership

Conclusions

Recapping the topics you have learned

More thoughts on the usage of Go

What I hope you take away from the book

Be aware of legal, ethical, and technical boundaries

Where to go from here

Getting help and learning more

Another Book You May Enjoy

Another Book You May Enjoy

Leave a review – let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Changing file timestamp

In the same way you can modify file permissions, you can modify the timestamps to make it look like it was modified in the past or in the future. This can be useful for covering your tracks and making it look like a file that has not been accessed in a long time or set it for a future date to confuse forensic investigators. The Go os package contains the utilities for modifying files.

In this next example, a file's timestamp is modified to look like it was modified in the future. You can tweak the futureTime variable to make a file look like it has been modified to any specific time. This example provides a relative time by adding 50 hours and 15 minutes to the current time, but you can also specify an absolute time:

package main

import (
   "fmt"
   "log"
   "os"
   "time"
)

func main() {
   if len(os.Args) != 2 {
 ...