Security with Go - My book now published!



Check out Security with Go, a book I recently wrote, available from Packt Publishing. It covers secure development, red team and blue team topics and is useful for developers and infosec professionals like analysts, investigators, engineers, and pentesters. It's a great book if you want to get to know Go better or if you want to start using Go for security.

It is available on the Packt Publishing website and on Amazon.

Here is a breakdown of the chapters:

Ch. 1 - Introduction to Security with Go

Chapter 1, Introduction to Security with Go, covers the history of Go and discusses why Go is a good choice for security applications, how to set up a development environment, and run your first program.

Ch. 2 - The Go Programming Language

Chapter 2, The Go Programming Language, presents the basics of programming with Go. It reviews the keywords and data types along with the notable features of Go. It also contains information for getting help and reading documentation.

Ch. 3 - Working with Files

Chapter 3, Working with Files, helps you explore various ways of manipulating, reading, writing, and compressing files with Go.

Ch. 4 - Forensics

Chapter 4, Forensics, talks about basic file forensics, steganography, and network forensics techniques.

Ch. 5 - Packet Capturing and Injection

Chapter 5, Packet Capturing and Injection, covers various aspects of packet capturing with the gopacket package. Topics include getting a list of network devices, capturing packets from a live network device, filtering packets, decoding packet layers, and sending custom packets.

Ch. 6 - Cryptography

Chapter 6, Cryptography, explains hashing, symmetric encryption such as AES, and asymmetric encryption such as RSA, signing messages, verifying signatures, TLS connections, generating keys and certificates, and other cryptography packages.

Ch. 7 - Secure Shell (SSH)

Chapter 7, Secure Shell (SSH), covers the Go SSH package, how to use the client to authenticate with a password and with a key pair. It also covers how to execute commands on a remote host using SSH and running an interactive shell.

Ch. 8 - Brute Force

Chapter 8, Brute Force, includes examples of multiple brute force attack clients including HTTP basic authentication, HTML login form, SSH, MongoDB, MySQL, and PostgreSQL.

Ch. 9 - Web Applications

Chapter 9, Web Applications, explains how to build secure web applications with secure cookies, sanitized output, security headers, logging, and other best practices. It also covers writing secure web clients that utilize client certificates, HTTP proxies, and SOCKS5 proxies such as Tor.

Ch. 10 - Web Scraping

Chapter 10, Web Scraping, discusses basic scraping techniques such as string matching, regular expressions, and fingerprinting. It also covers the goquery package, a powerful tool for extracting data from structured web pages.

Ch. 11 - Host Discovery and Enumeration

Chapter 11, Host Discovery and Enumeration, covers port scanning, banner grabbing, TCP proxies, simple socket server and client, fuzzing, and scanning networks for named hosts.

Ch. 12 - Social Engineering

Chapter 12, Social Engineering, provides examples for gathering intel via a JSON REST API such as Reddit, sending phishing emails with SMTP, and generating QR codes. It also covers Honeypots along with TCP and HTTP honeypot examples.

Ch. 13 - Post Exploitation

Chapter 13, Post Exploitation, covers various post exploitation techniques such as crosscompiling bind shells, reverse bind shells, and web shells. It also provides examples of searching for writable files and modifying timestamp, owneerhip, and permissions.

Ch. 14 - Conclusions

Chapter 14, Conclusions, is a recap of topics, showing you where you can go from here, and also has considerations for applying the techniques learned in this book.

To get the book, Security with Go, check out the book page on Packt's website