Getting Offensive with Go

Dear Readers,

Spring is slowly approaching (at least where we’re at - maybe you’re blessed with the Sun already)! The improving weather always sows a seed of the will for self-development, and we hope you feel it too. Let’s take advantage of it and learn new tools and concepts in the realm of cybersecurity!

Right at the beginning, you’ll be able to get acquainted with a top-notch article ‘Getting offensive with Go’. There, you will read about creating Reverse Shells and bypassing Anti-Virus (AV) with Golang. This will give you a brief overview of some existing Go shellcode for Pentesters and Red Teams.

In the next article, you will get to know how ransomware works, what are the parts that make it, and how you can write a simple one using the Python language (and a couple of libraries and modules). Also, you will see in action how it works and will learn how dangerous it can be for an unsuspecting victim.

To widen your knowledge, you will find out about a dynamic approach to detect an SQL Injection Attack (SQLIA) based on a static pattern matching algorithm. You will picture a PHP web server scenario including a miniature SQLIA detection system.

You will also learn about the process of developing tactics with the purpose of preparing for cyberwar. The author will try to answer such questions as: Who are the cyber military powers today? What are their doctrines? What are the military objectives in warfare?, and many more!

In another article titled ‘New frontiers, new worlds, new threats’, you will read an unusual piece about an idea of AI and its effect on our lives going forward. Enjoyable especially for people with interest in history ;)

Later on, we have an excellent collaborative work about the fundamental topic - application security testing. The authors share their insights about what application security testing actually is, about the importance of it, and about some key tools. Brief but essential!

In the essay ‘Cyber Counter-Terrorism: Shutdown’, the author makes important arguments for a counter-terrorist mindset in combating a few popular cybersecurity attacks. There, you will find some handy ideas to counter social engineering and other well-known attacks.

Next, we have a case study report which may spark your interest - ‘File system fault in FAT32-formatted drives revealed by Morse-code directory names in Windows OS environment. Vulnerability in USB flash/hard drive (PenDrive, Portable External/Internal Hard Drive) case study’.

In the closing article, you will learn about the feature of Wireshark that allows you to export objects and, following that, you will explore how you can use Wireshark and extract domains as well as connections. This is a fantastic article you need to read!

Last but not least, we have an interview with Jason Ross, where we ask him about Machine Learning, Deep Learning, and AI. To spice things up, the author gave us 2 sets of answers. One delivered by him, and one by ChatGPT! It is your job to guess which ones are his original answers! If you have a clear idea why one set of answers is given by AI, try to formulate the reason. We're super curious about your opinions! Hit us at [email protected] ;)

We really hope that you will have fun reading this edition’s content!

Stay safe,

Agata Staszelis and the Hakin9 Editorial Team

---

TABLE OF CONTENTS

---

Getting offensive with Go

Daniel W. Dieterle

Right at the beginning, you’ll be able to get acquainted with a top-notch article ‘Getting offensive with Go’. There, you will read about creating Reverse Shells and bypassing Anti-Virus (AV) with Golang. This will give you a brief overview of some existing Go shellcode for Pentesters and Red Teams.

---

Writing A Simple Ransomware Using Python

Mohammad Saeed

In the next article, you will get to know how ransomware works, what are the parts that make it, and how you can write a simple one using the Python language (and a couple of libraries and modules). Also, you will see in action how it works and will learn how dangerous it can be for an unsuspecting victim.

---

Dynamic SQLIA Detection with PHP

Taqie Taqiezadeh

To widen your knowledge, you will find out about a dynamic approach to detect an SQL Injection Attack (SQLIA) based on a static pattern matching algorithm. You will picture a PHP web server scenario including a miniature SQLIA detection system.

---

The process of developing tactics with the purpose of preparing for cyberwar

Lochana Koralage

You will also learn about the process of developing tactics with the purpose of preparing for cyberwar. The author will try to answer such questions as: Who are the cyber military powers today? What are their doctrines? What are the military objectives in warfare?, and many more!

---

New frontiers, new worlds, new threats

Wilson Mendes

In another article titled ‘New frontiers, new worlds, new threats’, you will read an unusual piece about an idea of AI and its effect on our lives going forward. Enjoyable especially for people with interest in history ;)

---

Application Security Testing

Ahamed Nuski, Wathmi Sureshika, Sandali lavanya liyanaarachchi, Nipuni Sathsarani, Umesh Irushika, Chirath De Alwis

Later on, we have an excellent collaborative work about the fundamental topic - application security testing. The authors share their insights about what application security testing actually is, about the importance of it, and about some key tools. Brief but essential!

---

Cyber Counter-Terrorism: Shutdown

Lucas Maclaud

In the essay ‘Cyber Counter-Terrorism: Shutdown’, the author makes important arguments for a counter-terrorist mindset in combating a few popular cybersecurity attacks. There, you will find some handy ideas to counter social engineering and other well-known attacks.

---

File system fault in FAT32-formatted drives revealed by Morse-code directory names in Windows OS environment. (...) case study

Łukasz Grządko

Next, we have a case study report which may spark your interest - ‘File system fault in FAT32-formatted drives revealed by Morse-code directory names in Windows OS environment. Vulnerability in USB flash/hard drive (PenDrive, Portable External/Internal Hard Drive) case study’.

---

Tactical Wireshark: Basic Malware Analysis

Kevin Cardwell

In the closing article, you will learn about the feature of Wireshark that allows you to export objects and, following that, you will explore how you can use Wireshark and extract domains as well as connections. This is a fantastic article you need to read!

---

Interview with Jason Ross

Last but not least, we have an interview with Jason Ross, where we ask him about Machine Learning, Deep Learning, and AI. To spice things up, the author gave us 2 sets of answers. One delivered by him, and one by ChatGPT! It is your job to guess which ones are his original answers! If you have a clear idea why one set of answers is given by AI, try to formulate the reason. We're super curious about your opinions! Hit us at [email protected] ;)