Rust for Cyber Security and Red Teaming🦀

⚠️ The information you gather here is for education and research purpose only. The author does not responsible for misuse of these content & resources.

Hello everyone, It's been a while since I write an blog.

“It doesn’t matter if you come from C++, JavaScript, or even if you don’t know any programming language. Rust is a good choice for your first programming language.”

In this blog :-

• Short Into about rust

• Advantages of using rust

• Rust for cybersecurity

• Rust Resources for Cyber Security

• Rust Books to master

What is Rust and why you should learn ?

Rust is a multi-paradigm programming language that combines the blazing speed of C/C++, the memory safety of languages like Java, and the modern features of functional programming. This unique blend makes it an increasingly popular choice for a variety of applications, especially those demanding high performance and reliability.

Sure, but why, really?

Rust solves some of developers’ most frustrating memory management problems commonly associated with C and C++, but that’s not its only capability. Rust has Concurrency , No garbage collection , Cargo Package Manager, Zero-cost abstractions , Pattern matching, Type inference.

Rust is a rapid growing language with a bright future. It is being used by major companies like Microsoft , Amazon , Discord , Mozilla, Dropbox, and Facebook etc. and it is becoming increasingly popular in the embedded systems and web development spaces.

For More about rust here is an Blog that released by Github. Microsoft statement of using Rust on Windows : Microsoft Site. The Most Loved Programming language of all Time by StackOverFlow. Bare-metal Rust in Android by Google.

Rust for Cybersecurity

Since rust has become most popular among developers and hackers , writing malware on rust has increasing day by day. As you can see the fundamental tools are started rewritten on rust.

For Example, RustScan, Feroxbuster , LibAF, Lsniffglue , goblin, ripgrep etc..

Not yet, its just the beginning. Rust can be used writing your own shellcode , exploits, malwares, reverse shells fuzzing tools and many more. Rust can be an challenging task for reverse engineers.

For more content about rust for Cyber Sec . Check out this LinkedIn Blog.

Rust on Low Level and Malware Perspective .

• Threat actors chooses Rust for its speed and efficiency compared to other languages. This can allow them to develop malware that runs faster, consumes fewer resources, and evades detection by traditional security software.

• Smaller binaries: Rust’s statically-typed nature and minimal runtime can lead to smaller binaries compared to interpreted languages. This can make malware harder to detect by size-based analysis.

• Rust’s strong concurrency features allow for complex, multi-threaded malware that can perform multiple tasks simultaneously. This can make it harder to track and analyze the malware’s behavior.

• Rust’s ownership system helps prevent memory leaks and dangling pointers, which are common vulnerabilities exploited in malware. This can make the malware more robust and resilient to attacks.

• Embeddability: Rust can be embedded within other applications, making it difficult to identify and remove malicious code.

Rust on Frameworks, Web assembly Perspective.

• Unbeatable Predictability: The predictability of Rust’s memory management eliminates memory-related crashes that can sometimes occur in languages with garbage collection. This can be invaluable for developing mission-critical systems or applications where downtime is unacceptable.

• Beyond Traditional JavaScript: Although the frontend environment for Rust is still developing, frameworks for creating high-performance web apps such as Actix Web, Axum, and Rocket.rs are showing promise. They present a welcome substitute for frameworks based on JavaScript, offering a special fusion of control, safety, and performance.

• Pushing the Boundaries with WASM: Fronted frameworks like Yew, Leptos, and Iced are pushing the boundaries of what’s possible with Rust in the browser, enabling the creation of performant and interactive web UIs. While they may not yet match the maturity of established JavaScript frameworks, these Rust options offer potential for developers seeking alternative approaches with inherent safety and performance benefits.

Compared to JavaScript, Rust can produce significantly faster binaries, especially when compiled to Web Assembly for the fronted. This can lead to a noticeably smoother user experience, particularly for computationally demanding tasks.

Rust Roadmap for Cyber Security

So you have decided to learn rust but don't know where to get started ?!. Don’t worry you have came to the right place.

I am gonna separate the Study path as modules for Easy Journey and attain the perfect learning curve.

Learn the basis, understand the complex and develop some tools before using rust into security . why? because in order to break things you must understand how they works right !!

MODULE 1 : <BASICS>

• Rust Book with Quiz: An unofficial documentation (an copy of Rust Book ) that has quizzes and question per topic ( Recommend Document).

• Take your first step with Rust : An Rust Beginner Documentation by Microsoft ( Recommend ).

• Rust for Windows: An official Guide to getting start in Rust by Microsoft. ( Recommend )

• Easy Rust : Learn Rust with Easy English. Topic wise Topic. If you want to learn about particular topic i recommend this documentation for reference.

• Rust Book: An official rust documentation by the rust community. Learn all the topics in that documentation.

For Practicing i highly recommend Rustlings an rust program that teaches rust by solving them ‘learn rust by doing’.

MODULE 2 : <Basic\Intermediate>

• Microsoft’s Path : An complete path to become strong at Basics and Intermediate. ( Highly Recommend )

• Rust By Example : An Mini Documentation that Explains Rust with runnable examples that illustrate various Rust concepts and standard libraries ( Recommend )

• Rust Macros : Practical Examples and Best Practices. ( Highly Recommend )

• Asynchronous Programming: Learn the Basics of multi-threading programming. ( Highly Recommend )

• Windows API : Learn how to implement windows API with Rust. ( Highly Recommend )

• Into about Rust Ecosystem : From there you can choose what you need to do depend upon your use .( Recommend )

MODULE 3: <Intermediate/Advance>

Enter the world of Low-Level Programming!

• Writing OS in Rust : Since you do not need to write the Kernel in rust but read the fundamentals like Heap Allocation , Async/Await , Paging . It the most common thing to learn in rust if you are coding an system level tools and projects like Mimikaz etc.

• Rust Atomics and Locks : Learn low-level concurrency looks like from a Rust perspective. Great book to learn about threads ,mutexes, references , interior mutability , memory ordering etc.

• Visit OffensiveRust Repository where it contains Offensive . Analise and understand How its done, you will get an better idea !

• Web Frameworks : Actix and Rocket is an top web framework for Rust.

[Additional] Visit These Repository for awesome security Lists about Rust:

• OffensiveRust

• Rust for malware development

• Rust Red ops

• Black-hat-rust

• awesome-rust-security

• Security Related Rust Projects

Top Books for Rust to Master

• Black Hat Rust by Sylvain Kerkour

• Network Programming with Rust by Abhishek Chanda

• Zero to Production in Rust by Luca Palmieri

• Command Line Rust by y Ken Youens-Clark

• Hands-On System Programming with Rust by Ken Youens-Clark

• Rust Servers, Services and Apps by Prabhu Eshwarla

• Rust in Action by Tim McNamara

• Practical System Programming for Rust Developers by by Prabhu Eshwarla

You can either Buy these hard-copy books or download the PDF version using google dork or at PDF Sites :) Since, I can’t provide the direct Link to these books due to copyright issues .

Some Rust YouTube Playlists I Recommend Cyber Stuffs

• Low Level Learning

• Tech69

• Michael Mullin

YouTube channels to Learn Rust <basics/core concepts?>

• Ryan Levick

• Mithradates

• Trevor Sullivan

An List of Rust Course [Free/Paid] through Class Central .

YouTube channels to Learn Rust <intermediate/?>

• Packt Publications Rust-> Learn Rust Concepts by the Rust Authors

• Jeremy Chone -> Rust Tips and Tricks for Project Development Phases

• Tsoding -> You can watch his rust videos like how he codes rust .

• Code to the moon -> A YouTube channel that delivers usage of rust in a different perspective

Extra Tips for Learning Rust

There is a repository exercise called Rust by Practice. you can do it to understand the topics learned . Link to Documentation and do the Rustlings course which contains small problems with errors . you need to fix in order to move to the next level.

My socials: X , GitHub , Medium and my Personal Blog. Thanks for reading = )