Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad
Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Related Content you might be interested in

Current Title:

Small book image
Security with Go
John Daniel Leon | Karthik Gaekwad
Jan, 2018 | 340 pages
Small book image
Go Web Scraping Quick Start Guide
Vincent Smith
Jan, 2019 | 132 pages
Small book image
Go Standard Library Cookbook
Radomír Sohlich
Feb, 2018 | 340 pages
Small book image
Go Systems Programming
Mihalis Tsoukalos
Sep, 2017 | 466 pages
Table of Contents (15 chapters)
Free Chapter
1
Introduction to Security with Go
Introduction to Security with Go
About Go
Why use Go for security?
Development environment
Running Go examples
Summary
2
The Go Programming Language
The Go Programming Language
Go language specification
The Go playground
A tour of Go
Keywords
Notes about source code
Comments
Types
Control structures
Defer
Packages
Classes
Goroutines
Getting help and documentation
Summary
3
Working with Files
Working with Files
File basics
Reading and writing
Archives
Compression
Creating temporary files and directories
Downloading a file over HTTP
Summary
4
Forensics
Forensics
Files
Steganography
Network
Summary
5
Packet Capturing and Injection
Packet Capturing and Injection
Prerequisites
Getting a list of network devices
Capturing packets
Capturing with filters
Saving to the pcap file
Reading from a pcap file
Decoding packet layers
Creating a custom layer
Converting bytes to and from packets
Creating and sending packets
Decoding packets faster
Summary
6
Cryptography
Cryptography
Hashing
Encryption
Summary
7
Secure Shell (SSH)
Secure Shell (SSH)
Using the Go SSH client
Summary
8
Brute Force
Brute Force
Brute forcing HTTP basic authentication
Brute forcing the HTML login form
Brute forcing SSH
Brute forcing database login
Summary
9
Web Applications
Web Applications
HTTP server
HTTP client
Summary
10
Web Scraping
Web Scraping
Web scraping fundamentals
Using the goquery package for web scraping
How to protect against web scraping
Summary
11
Host Discovery and Enumeration
Host Discovery and Enumeration
TCP and UDP sockets
Port scanning
Grabbing a banner from a service
Creating a TCP proxy
Finding named hosts on a network
Fuzzing a network service
Summary
12
Social Engineering
Social Engineering
Gathering intel via JSON REST API
Sending phishing emails with SMTP
Generating QR codes
Honeypots
Sandboxing
Summary
13
Post Exploitation
Post Exploitation
Cross compiling
Creating bind shells
Creating reverse bind shells
Creating web shells
Finding writable files
Changing file timestamp
Changing file permissions
Changing file ownership
Summary
14
Conclusions
Conclusions
Recapping the topics you have learned
More thoughts on the usage of Go
What I hope you take away from the book
Be aware of legal, ethical, and technical boundaries
Where to go from here
Getting help and learning more
15
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review – let other readers know what you think

Creating bind shells

Bind shells are programs that bind to a port and listen for connections and serves shells. Whenever a connection is received, it runs a shell, such as Bash, and passes off the standard input, output, and error handles to the remote connection. It can listen forever and serve shells to multiple incoming connections.

Bind shells are useful when you want to add persistent access to a machine. You can run the bind shell and then disconnect or inject the bind shell into memory through a remote code execution vulnerability.

The biggest problem with bind shells is that firewalls and the NAT routing can prevent direct remote access to the computer. Incoming connections are usually blocked or routed in a way that prevent connecting to the bind shell. For this reason, reverse bind shells are often used. The next section covers reverse bind shells.

When compiling this...

Previous Section
End of Section 3
Next Section