Back to All Events

Rust for Security Engineers


  • secwest.net Vancouver Canada (map)

DOJO Details/Logistics

2 Day DOJO

There will be 2 Instances of this DOJO:

  • March 16 to 17 (Saturday, Sunday)

  • March 18 to 19 (Monday, Tuesday)

The following types of attendance are available:

  • In-Person

  • On-Line

 

DOJO Summary

This two day workshop will provide a practical survey of use cases for the Rust language within the field of information security. The material will be hands-on and accessible.

 

Day 1: Defense

The morning will be a fast-paced introduction to the Rust language, with a particular focus on explaining concepts in the language that can be difficult to come to grips with, such as lifetimes, ownership and borrowing.

By the end of the day, workshop participants will have have undertaken three small projects. The aim is demonstrate Rust's utility and provide learners with something that they can immediately build upon for their own purposes.

  • Create system monitoring agent. Rust is a promising language to build long-running monitoring processes, because they can be trivially deployed across your fleet and run with minimal resource footprint. Our agent will be able to monitor the system's state and send JSON-encoded messages over HTTPS when some threshold is triggered.

  • Scan your team's Rust programs for undefined behaviour. While the vast majority of Rust is memory safe, explicit unsafe blocks relax some of the compiler's checks. It's possible to minimise the risk of introducing these blocks, and workshop participants will be guided through this.

  • Run static analysis tools to improve code quality. This section will provide an opportunity to discuss the tooling available to Rust programmers.

 

Day 2: Offense

The second day focuses on using Rust to detect and exploit security vulnerabilities.

We'll start by extending a Rust-based OSINT framework called sn0int with a custom module for reconnaissance. This will provide the opportunity to refresh some of the Rust knowledge and to give participants something that's an immediately useful.

The rest of the day will be spent on gaining knowledge about how to use Rust to develop an exploit. While we won't be creating an end-to-end project, we will examine many of the pieces.

The agenda is still to be confirmed, but should include:

  • Creating a portable executable binary

  • Cross-compilation into exotic CPU architectures, such as those used by IoT devices

  • Fuzzing Rust code

  • Scanning process memory

  • Inline assembly

Join us for this immersive two-day workshop and unlock the full potential of Rust in the realm of information security. Whether you're a seasoned security professional or new to the field, this workshop promises to broaden your horizons and elevate your security expertise to new heights.

 

About the instructor: Tim McNamara

Tim McNamara is one of the world's leading Rust educators and runs a consultancy in the language called accelerant.dev. Previously the global head of Rust language education at AWS, he is the lead content creator for the official Rust training program offered by the Rust Foundation, author of the world-renowned textbook Rust in Action, and host of a popular YouTube channel offering tutorials in the language. He has held positions within the New Zealand eScience Infrastructure (NeSI), Canonical, AWS, and a number of data science consultancies.

 
 
 
Previous
Previous
March 16

StealthOps: Red Team Tradecraft Targeting Enterprise Security Controls

Next
Next
March 16

RISC-V Assembly