Why Rust or Offensive Rust

Why Rust or Offensive Rust?

This post briefly covers why I think Rust is a good programming language in general or for offensive purposes. I’m not a professional developer and only know some things, but I hope it helps someone. If you have not seen my GitHub PoCs then feel free to checkout my GitHub: https://github.com/memN0ps and/or trickster0’s https://github.com/trickster0/OffensiveRust

IMHO:

Open-Source Learning Resource:

• Rust Programming Book: A comprehensive resource for learning Rust with a free online book: Rust Programming Book

Documentation and Learning:

• Rust by Example: Well-structured and easily generated documentation: Rust by Example

Community:

• Rust Community: Engage with the vibrant Rust community on Discord: Rust Community Discord

Unit Testing:

• Unit Testing in Rust: Learn about easy unit testing in Rust: Unit Testing in Rust

Error Handling:

• Robust Error Handling: Understand robust and straightforward error handling in Rust: Error Handling in Rust

Memory Safety:

• Memory Safety in Rust: Learn about memory safety in Rust: Memory Safety in Rust

Performance:

• Rust Performance: Explore Rust’s speed and power compared to other languages: Rust Performance

Full-Stack Development:

• Full-Stack Rust: Discover a comprehensive tutorial and examples for full-stack Rust development: Full-Stack Rust Tutorial

Binary Reverse Engineering:

• Challenging Reverse Engineering: Experience the challenge of reversing Rust binaries and understanding its intricacies: Rust Binary Analysis, Feature by Feature, Rust to Assembly: Understanding the Inner Workings of Rust

File Size and Optimization:

• Optimizing File Size: Learn about optimizing Rust file sizes and exploring techniques to reduce them: Optimizing Rust File Size, Reflective Loader Example

Compiler and Package Manager:

• Cargo: Utilize Rust’s compiler and package manager, Cargo, for efficient development: Cargo Commands, Cargo Check

Crates and Dependencies:

• Crates.io: Access a wide range of libraries/crates for various programming levels without dependency hassles: Crates.io, Specifying Dependencies

More information:

• https://msrc.microsoft.com/blog/2019/07/why-rust-for-safe-systems-programming/
• https://blog.logrocket.com/why-is-rust-popular/
• https://visualstudiomagazine.com/articles/2019/07/18/microsoft-eyes-rust.aspx
• https://developer.okta.com/blog/2022/03/18/programming-security-and-why-rust
• https://thenewstack.io/rust-in-the-linux-kernel/
• https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/

Full-Stack Development in Rust

A list of useful crates for both low-level and high-level programming in Rust. For more information visit: https://github.com/stars/memN0ps/lists/rust

Main:

• GUI/Web Developement Programming - tauri: https://github.com/tauri-apps/tauri or yew https://github.com/yewstack/yew or https://www.areweguiyet.com/ (egui, dioxus, iced etc…)
• Database programming - sqlx: https://github.com/launchbadge/sqlx
• Web Server programming - actix-web: https://github.com/actix/actix-web or Rocket https://github.com/SergioBenitez/Rocket
• Client programming - ureq https://github.com/algesten/ureq or reqwest https://github.com/seanmonstar/reqwest
• CLI Programming - clap https://github.com/clap-rs/clap
• OS Programming (User/Kernel mode) - windows-rs : https://github.com/microsoft/windows-rs or ntapi https://github.com/MSxDOS/ntapi or winapi https://github.com/retep998/winapi-rs
• Hypervisor programming - rust-x86: https://github.com/gz/rust-x86 or x86_64 https://github.com/rust-osdev/x86_64
• UEFI programming - uefi-rs : https://github.com/rust-osdev/uefi-rs

Other:

• https://github.com/rust-lang/log - Logging implementation for Rust
• https://github.com/dtolnay/thiserror - This library provides a convenient derive macro for the standard library’s std::error::Error trait
• https://github.com/dtolnay/anyhow - This library provides anyhow::Error, a trait object based error type for easy idiomatic error handling in Rust applications.
• https://github.com/CasualX/pelite - Lightweight, memory-safe, zero-allocation library for reading and navigating PE binaries.
• https://github.com/willglynn/pdb - A parser for Microsoft PDB (Program Database) debugging information
• https://github.com/not-matthias/kernel-log-rs - A minimalistic logger for Windows Kernel Drivers.
• https://github.com/not-matthias/include_crypt - Safely embed files into your binary.
• https://github.com/gentoo90/winreg-rs - Rust bindings to MS Windows Registry API
• https://github.com/marshallpierce/rust-base64 - Base64
• https://github.com/keepsimple1/libaes - A small and fast AES cipher in safe Rust
• https://github.com/landaire/pdbview - Dump all available information from PDBs
• https://github.com/uuid-rs/uuid - Generate and parse UUIDs.
• https://github.com/tokio-rs/tokio - Runtime for writing reliable, asynchronous, and slim applications with the Rust programming language
• https://github.com/chronotope/chrono - Date and time library for Rust
• https://github.com/dotenv-rs/dotenv - Library to help supply environment variables in testing and development
• https://github.com/serde-rs/serde - Serialization framework for Rust
• https://github.com/phsym/prettytable-rs - A rust library to print aligned and formatted tables
• https://github.com/toml-rs/toml-rs - A TOML encoding/decoding library for Rust
• https://github.com/CasualX/obfstr - Compiletime string literal obfuscation for Rust.

Popular Tools

• https://github.com/skerkour/black-hat-rust - Applied offensive security with Rust - Black Hat Rust
• https://github.com/epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
• https://github.com/OPENCYBER-FR/RustHound - Active Directory data collector for BloodHound written in rust. 🦀
• https://github.com/not-matthias/amd_hypervisor - AMD Hypervisor written in Rust.
• https://github.com/memN0ps/ and https://github.com/trickster0/OffensiveRust and https://github.com/Kudaes - Malware Development Techniques
• https://github.com/tandasat/Hypervisor-101-in-Rust - Hypervisor Development in Rust
• https://github.com/stars/memN0ps/lists/hypervisor - Hypervisors Projects
• https://github.com/caido/caido - Basically Burp Suite in Rust
• https://github.com/wumb0/rust_bof and https://github.com/yamakadi/ldr - Rust Beacon Object Files (BOF/COFF)

Offensive Rust Courses/Training/Books

• https://training.zeropointsecurity.co.uk/collections
• https://signal-labs.thinkific.com/courses/offensive-tool-development
• https://redteamsorcery.teachable.com/p/offensive-rust
• https://kerkour.com/black-hat-rust

Kernel Programming in Rust

• https://github.com/microsoft/windows-rs
• https://github.com/microsoft/wdkmetadata
• https://not-matthias.github.io/posts/kernel-driver-with-rust/
• https://not-matthias.github.io/posts/kernel-driver-with-rust-2022/
• https://codentium.com/guides/windows-dev/
• https://github.com/StephanvanSchaik/windows-kernel-rs/

Windows API Crates

1. The official Microsoft repository has two crates, windows-rs and windows-sys https://github.com/microsoft/windows-rs. The one you use mostly depends on preferences. Check out the FAQ https://github.com/microsoft/windows-rs/blob/master/docs/FAQ.

2. This is made by an individual named @retep998 https://github.com/retep998/winapi-rs and existed before Microsoft started supporting programming for Windows API in Rust.

3. The following crate is Rust FFI bindings for Native API aka NTAPI https://github.com/MSxDOS/ntapi

I went from winapi to windows-sys, but if someone is doing non-malware development things, then it’s probably best to stick to windows-rs. It’s great for error handling, and you’d have to write less code, and it aligns with Rust’s best security practices IMHO.

I found winapi and windows-sys to be similar and more user-friendly/idiomatic. Also, I discovered that windows-sys and winapi had some things that windows-rs did not. The windows-rs crate seems too abstract for some people. Some would prefer the more direct low-level nature of winapi/windows-sys, then having custom abstractions tuned for a specific purpose.

I find windows-sys more familiar because it feels similar to C programming. I think that ntapi and winapi are work better together from my experience (e.g. function calling, data types etc…)

Microsoft:

“The windows-sys crate is a zero-overhead fallback for the most demanding situations and primarily where the absolute best compile time is essential. It only includes function declarations (externs), structs, and constants. No convenience helpers, traits, or wrappers are provided.”

More Information:

• https://kennykerr.ca/rust-getting-started/windows-or-windows-sys.html
• https://github.com/microsoft/windows-rs

Conclusion

Rust can do almost everything (low-level/high-level or full-stack) not only from the perspective of offensive tool development but software development perspective as well. If you like it, then you like it; if you don’t, then you don’t. Every language has or had a purpose. Do what you want and do what you like. No discrimination. But I love Rust, and it’s the future of programming languages.