aahh the nineties!
Trust no one not even yourself.
My earliest PC consulting was cleaning up sub7 infections caused by antivirus packages deleting the main executable.
Sub7 associated the .exe format in windows with it's main executable, so if you removed the "infection" you had a really interesting time loading up windows afterwards, explorer.exe and all the others were looking for sub7.exe to load themselves =)
I'm sure this sounds sarcastic and to be fair, it is. Still, I really don't understand the need to constantly tout the fact that it is, indeed, possible to write things using Go. As a community, Hacker News doesn't seem to do this, at least not to the same extent, with any other language. However, if a new developer cracks open a Go book, it seems we have to have a "Hello, World! written in Go" article to go along with it. Does anyone else find that weird?
I've been hoping Go would replace Ruby and Python as the language for security and pentesting tooling, so in that respect I'm happy to see this and hope for more.
On HN a lot of people are against TLS interception. How is a defender suppose to detect this traffic? TLS aside snort or yara rules can be implemented.
For personal devices of course TLS should not be interceptable. But I've personally gone 180 and support TLS decryption for enterprise networks.
Probably by taking a decentralized approach, that's probably more secure, performant and better to maintain anyways. Also on the server side one could do TLS using Haproxy or nginx, this way it would even be possible to use existing tools - just on localhost though. Or, one can do TLS re-encryption with Haproxy/nginx (or Squid for the other direction), and do checking on the host at the same time.
The best documentation available is the paper linked to on the above page, and the examples in the github repo below.
Plus, they're sort of inevitable anyhow. The technical difference between ansible/puppet/etc. and blackhat C&C servers isn't that great. Definitely non-zero, but not that huge.
A more significant difference I was thinking of is that ansible et al are more focused on getting the system into a certain state, whereas a C&C server is likely to be oriented around executing commands and keeping certain tasks running. However, since the way you get a system into a certain state is by executing commands, well, the technical differences aren't that significant. Most of that difference would be in organization of the "UI" layer, rather than under the hood.
Another is that by disclosing security problems and the tools to test and research them, we enable defenders and we fix what might be kept confidential and exploited by attackers. The theory that sunlight is the best disinfectant.
The "enabled" attackers surely are nothing when they couldn't have come up with anything better themselves.
It just made the discussion of such tools public.
If this is happening, then either the red team needs to be disbanded as nobody cares enough to warrant their existence... or the engineers ignoring the alerts need to be educated on the value of a red team.
The videos are freely available.
As for hating C's lack of safety features, it goes back to the earlier 80's from Algol/Pascal/Modula-2/Ada side.
So no, it isn't something new, just now the always on Internet and IoT adoption are making it relatively easier to prove our point.
I only became aware of his work since Google.
Not all languages are necessarily equally susceptible to logic errors, though, and C is rather middling in that regard.
It remains to be seen what ARM and Google will actually do with the new memory extensions.
It remains to be seen what will happen with Fuchsia.
Microsoft is pushing for a mix of .NET Native, modern C++ and Rust.
Apple is still pushing for Swift, although very incrementally.
The big question is how UNIX clones will actually tackle C's unsafety at large, if ever.
In any case, there wasn’t any shortage of tools even in the 90s. Nor places to research them either. Plus systems were less security conscious then too so the barrier for entry was a little lower.
Source: my own misspent youth.