|Break the code and exploit it Preview.epub|
|Break the code and exploit it Preview.pdf|
Today we present you the newest edition of Hakin9! The holidays are approaching slowly, I hope that this edition will be a good present for you.
We highly recommend reading the main article “Break the code and exploit it” by Adrian Rodriguez Garcia, our long time author. In his article you’ll learn about secure code development: , how to find vulnerabilities, how to exploit them, and finally how to make your code safe.
If you always wanted to learn about about Go programming, we prepared something for you too. In our small section dedicated to Golang, you should start with Golang and why it matters by James O'Toole, that will introduce you to the topic. Now, armed with the knowledge, you can move forward. Web Service Architecture for Golang Developers by Bogdan Alexandru Militaru as topic suggests will focus on creating a simple web service in Golang. If you are working on a similar project, this article will help you! There are plenty more pieces about Golang in the issue, so just dive in and learn about one of the most popular programming language for developers.
Of course we didn’t forget about our fellow hackers! For you, we have two fenomenal articles, the first is Linux Privilege Escalation From Misconfiguration, that’ll definitely helpful for those of you that are preparing for certification exams. After all, privilege escalation is a very important skill for every ethical hacker. The second article is Hacking Blockchain Technology: Harness Identifiable Exploits by Samrat Das! In his article Samrat presents various popular attacks used by hackers and their effect on blockchain technology.
There are two more articles that we can’t recommend enough. Our new author Sahil Ahamad prepared an article for Apple enthusiasts, and in his detailed tutorial you’ll find information on how to make an iOS App Security Testing Lab. With his guide you’ll be ready to work on iOS system vulnerabilities! The second article is written by our well known author Maurício Harley. Artificial Intelligence and Cybercrimes: Offensive and Defensive Approaches research focuses on two sides of AI: the hero and the villain. Is it good for us? Will it destroy us? His article will help you understand how AI influence our daily lives, and form an opinion on this new technology.
We would like to thank all authors, reviewers and proofreaders for participating in this project. We’re extremely excited about this edition! If so are you, let’s dive in!
Enjoy the issue,
Hakin9 Editorial Team
Table of Contents
Exploring Docker Hub
An introduction on how to run malicious code into Docker containers and push it to Docker Hub.
Docker is an amazing technology that helps many organizations and communities to deliver in a fast way new deploys, apps and create a big DevOps culture. One central point of this engine is the Docker Hub and Docker Cloud, the main places that you can access and share your containers, get containers from others that may be helpful to your work and many other helpful things. But are they totally secure? How secure are these places? In this article, we explore the security of Docker Hub/Cloud and some tips to use that in a secure way.
Hacking Blockchain Technology - Harness identifiable exploits
Blockchain in the simplest of terms can be defined as a chain of the block that contains information. The basic fundamental relies on timestamping digital documents to prevent backdating them or tampering them.
Linux Privilege Escalation From Misconfiguration
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system and software and misconfigurations to gain elevated access to resources that are normally protected from an application side or end user. An application with more privileges than intended by the application developer and system administrator can perform unauthorized actions.
Break the code and exploit it
Adrian Rodriguez Garcia
First we’re going to talk about how a Linux system executes a program and the architecture of any program in memory. Then, with C programming language, we will develop a program with vulnerabilities to analyze it, extract it and exploit it. Finally, we will talk about a possible way to secure our code and we will also see some suggestions to avoid vulnerabilities in this kind of programming language.
Web Service Architecture for Golang Developers
Bogdan Alexandru Militaru
Web service architecture is the first phase before building every project, it’s like you prepare to build a house and start by creating the architecture plan. This article will present how I structure my projects when I need to create a simple web service in Golang. It’s very important for you to keep a simple but intuitive architecture, because as you know, in Golang you can call methods by referencing the package name. In the following lines, I’ll present a simple, but traditional model of web service architecture used by me in most of the projects that I’m involved in, treating each individual web service’s component.
iOS Apps Security Testing Lab
When I was setting up the lab, I read many articles but most of them were older and written considering old iOS versions. So, in this article, I tried to add the latest tools and utilities available and tried to include only useful ones.
Avoiding Memory Leak in Golang API
You must read this before releasing your Golang API into production. This article is based on our true story at Kurio, how we struggled for every release because we were not doing it in the right ways. Some time ago, we at Kurio were just fixing our weird and undetected bug in our main services. We have tried so many ways to debug and fix it. The bug is not with the business logic because it has been running in production for a few weeks. But we were always saved by our auto-scaling mechanism, so it's running well. Until later, we figured it out; it is because we are not doing our code well.
How I structure production grade REST APIs in Golang
There is a myth that APIs written in Golang cannot be simple and idiomatic, like in other languages. Actually, I’ve come across a lot of REST API codebases that turned into a complicated mess with so many abstractions that ended up hurting both readability and maintainability. With this article, we will walk through how to build a production grade todo list REST API, which will grow organically, starting with the necessities, like code structure and routing, then going on to add both a mongo db and a badger data storage layer, and then an authentication layer.
Golang and why it matters
Go, or as its easily Google-able moniker, Golang, is a typed systems programming language created by Google. It was designed to be in the vein of C/C++ with Garbage Collection, simpler to read and write unlike C++, strong opinions about how code should be built and strong primitives to enable effective concurrency. It was originally designed as a thought experiment between Robert Griesemer (V8 engine, Google Distributed File System), Rob Pike (Unix Team) and Ken Thompson (B Programming Language, c predecessor).
Artificial Intelligence and Cybercrimes: Offensive and Defensive Approaches
In recent years, the world has been seeing an exacerbated development of the areas of Artificial Intelligence and Machine Learning. Several algorithms have been created or improved to meet the specific needs of mankind. This brings to light the concern raised earlier about how much development can also mean progress in attacking information assets (systems, data, applications) or generation of malware. The following hypotheses can be made, which we wish to confirm in this article:
Hypothesis 1: AI can be used to build or enhance existing malware;
Hypothesis 2: AI may, equivalently, recognize new attack patterns or malicious code and block them in a timely manner.