Privileges escalation in kubernetes

Read the article

Why you should check out Go as a hacker?

Written on Sat Apr 01 2023
3 minutes reading
golang
tools
cybersecurity

Introduction

A years ago, I did a quick intervention in a cybersecurity conference. I wanted to give a talk about something, but didn't really know what to talk about. I took the first thing that came to my mind, talking about golang and how it can be useful for hackers.

At the time, I was a beginner in golang, but I was already convinced that it was a language that could be useful for hackers. Severals cybersecurity projects and tools developped, I'm still convinced. Here is why.

About Go

Go is a programming language created at Google in 2009 by Robert Griesemer, Rob Pike, and Ken Thompson. It is a compiled, statically typed language in the tradition of Algol and C, with garbage collection, limited structural typing, memory safety features and CSP-style concurrent programming features added.

Go is open source and its design philosophy emphasizes code readability, simplicity, and efficiency. Go is syntactically similar to C, but with memory safety, garbage collection, structural typing, and CSP-style concurrency.

Go is a general-purpose language designed with systems programming in mind. The compiler and standard library are written in Go itself, and the language compiles quickly to machine code.

In summary, go is an expressive, concise, clean, and efficient language.

Why Go match hackers requirements ?

As an hacker, we search to develop tool easily. The language have to be easy and accessible. Go provide a user-friendly development experience, including a large documentation and a rich standard library.

Also, Go provides a clean package management (not like python), by doing some dependency analysis.

Unlike python, Go is typed, that can cause some harder problems but for me it's still worth it. Because, due to this, we can compile Go code and get a single binary that embeds the whole program. And that a things, we can't ignore because we need to have a highly portability for our programs to fit our requirements as an hacker. Plus, Go allow us to do cross-compilation, which enpowers everything.

Go features to improve your confidence

  1. Concurrent programming: Golang has built-in support for concurrency, making it easier to write multi-threaded and parallel code. This can be particularly useful for developing tools that require high performance and can handle multiple requests simultaneously, such as network scanners or password cracking tools.
  2. Fast compilation: Golang is compiled, rather than interpreted, which means that it can produce executable files that can run on any platform without the need for an interpreter. Additionally, Golang's compilation is very fast, making it ideal for rapid prototyping and testing.
  3. Memory safety: Golang has several built-in features, such as garbage collection and memory safety checks, that help prevent common programming errors like buffer overflows and null pointer dereferences. This can help reduce the likelihood of security vulnerabilities in the tools developed with Golang.
  4. Open-source community: Golang has a large and active open-source community that has developed many libraries and tools that can be used by hackers to build their own tools. This community also helps ensure that Golang remains up-to-date with the latest security standards and best practices.

Projects coded in Golang

Here are some projects that are developed in Golang:

  • Docker: Docker, the popular containerization platform, was built using Golang. Golang's concurrency support and fast compilation times made it an ideal language for building Docker's server-side components, which require high performance and scalability.
  • Kubernetes: Kubernetes, the open-source container orchestration platform, was also built using Golang. Golang's concurrency features make it easy to build distributed systems like Kubernetes, which require many concurrent processes communicating with each other.
  • Prometheus: Prometheus, a monitoring system and time-series database, was built using Golang. Golang's built-in support for concurrency and fast compilation times make it well-suited for building monitoring systems that can handle high volumes of data.
  • Gobuster: Gobuster is a popular open-source tool used for website directory and file enumeration. It is written in Golang and provides a fast and efficient way to scan websites for hidden directories and files.
  • GitLeaks: GitLeaks is a popular open-source tool used for detecting secrets and sensitive information in Git repositories. It is written in Golang and provides a fast and efficient way to scan Git repositories for sensitive information.

These are just a few examples of the many real-world applications of Golang. Golang's combination of performance, concurrency support, and safety features make it a popular choice for building high-performance and reliable systems.

Recap

Go is a great language for hackers. It's easy to learn, it's fast to compile, it's safe and highly portable. It's also a great language for building tools that can handle high volumes of data and multiple requests simultaneously. If you're interested in learning more about Golang, check out the official documentation.

Also, I made my own tool template in Golang, you can check it out here. The template include:

  • A CLI with minimal features for a hacker tool and some example of code
  • CI/CD with github actions, testing and cross-building binary for multiple platforms
  • Predefined documentation folder with automated site generation and deployment to github pages.