Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad

Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Free Chapter

Introduction to Security with Go

Introduction to Security with Go

Why use Go for security?

Development environment

Running Go examples

The Go Programming Language

The Go Programming Language

Go language specification

The Go playground

Notes about source code

Control structures

Getting help and documentation

Working with Files

Working with Files

Reading and writing

Creating temporary files and directories

Downloading a file over HTTP

Forensics

Packet Capturing and Injection

Packet Capturing and Injection

Getting a list of network devices

Capturing packets

Capturing with filters

Saving to the pcap file

Reading from a pcap file

Decoding packet layers

Creating a custom layer

Converting bytes to and from packets

Creating and sending packets

Decoding packets faster

Cryptography

Secure Shell (SSH)

Secure Shell (SSH)

Using the Go SSH client

Brute Force

Brute forcing HTTP basic authentication

Brute forcing the HTML login form

Brute forcing SSH

Brute forcing database login

Web Applications

Web Applications

Web Scraping

Web scraping fundamentals

Using the goquery package for web scraping

How to protect against web scraping

Host Discovery and Enumeration

Host Discovery and Enumeration

TCP and UDP sockets

Grabbing a banner from a service

Creating a TCP proxy

Finding named hosts on a network

Fuzzing a network service

Social Engineering

Social Engineering

Gathering intel via JSON REST API

Sending phishing emails with SMTP

Generating QR codes

Post Exploitation

Post Exploitation

Cross compiling

Creating bind shells

Creating reverse bind shells

Creating web shells

Finding writable files

Changing file timestamp

Changing file permissions

Changing file ownership

Conclusions

Recapping the topics you have learned

More thoughts on the usage of Go

What I hope you take away from the book

Be aware of legal, ethical, and technical boundaries

Where to go from here

Getting help and learning more

Another Book You May Enjoy

Another Book You May Enjoy

Leave a review – let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Secure Shell (SSH)

Secure Shell (SSH) is a cryptographic network protocol for communicating on an unsecure network. The most common use of SSH is in connecting to a remote server and interacting with a shell. File transfer is also used via SCP and SFTP over the SSH protocol. SSH was created to replace the plaintext protocol, Telnet. Over time, there have been numerous RFCs to define SSH. Here is a partial list to give you an idea of what is defined. Since it is such a common and critical protocol, it is worth taking the time to understand the details. The following are some of the RFCs:

RFC 4250 (https://tools.ietf.org/html/rfc4250): The Secure Shell (SSH) Protocol Assigned Numbers
RFC 4251 (https://tools.ietf.org/html/rfc4251): The Secure Shell (SSH) Protocol Architecture
RFC 4252 (https://tools.ietf.org/html/rfc4252): The Secure Shell (SSH) Authentication Protocol
RFC 4253...