how can HACKERS use Rust for EVIL?? (the future of malware) 

We get it it's safe, stop the brainwashing it is safe, it is safe, it is safe, memory safe, memory safe, it is safe, it borrows, no garbage collector, it is safe, safe, safe, safe, safe, safe, rust is good, everyone should use it, it is fast, those C/C++ guys don't get it, use rust, use rust, it is safe, it's portable, it is used in linux, it is safe, memory safe

At least someone has found a practical use for it, instead of just talking how great Rust is.

​@@OlegLecinskyPlenty of people have found practical uses for it. While it's rare to refactor everything into Rust it's actually becoming quite common to refactor bits of code into Rust. Things that needs memory safety, speed, parallelism etc.

@@Luredreier This is all again just talk I've heard before. The same talk we've had 20 years ago about "Linux replacing Windows on a desktop" is now "Rust will replace C++". For a language which is supposed to dethrone C++ the results aren't quite visible yet. I'm sure with some time Rust will find its usages, like Linux still exists on desktop, with probably a couple of % of installations.

@@Luredreier What's the use tho? Rust IS NOT a systems programming language. Rust is an userspace language? Kernels and such - heck no. Rust's unsafe is terrible and it's not meant to be used as much as it's needed in low-level space.

It was a real trip for me. I went from ass, to asses, then maybe assets, wondered about asserts for a while, and finally, *finally*, saw assemb-- and figured it out.

@@peter9477 Lol 😂

@@peter9477 asm LOL

same lmao

yup just what I was thinking

Ladies and gentlemen. We got'em!

- -

Highly suggested.Feels like the compiler massages the brain

Reject rust, embrace C

Aahahahahahahahaha lol you have a very nice taste in thin sharp humor! YOur comment deserves 10k likes!

"If a language is used by malwares, you know the language is a real deal." I suppose that must then include Visual Basic since it used to be used for a bunch of macro viruses back in the day.

@@seneca983 VB used to be it actually, just evolution of the rest of the world pushed it away with time

@@seneca983 VB just got old and unsupported. It was very good for the time the viruses were made.

​@@seneca983 VB, LUAscript, C++, Powershell, GO, Java, Python, bash-script loaders, etc. All of these are valid attack vectors. IR and malware analysis is reactive so when you're developing in not C/C++, IR has to play catch-up and get to to speed.

"Rust is the most loved language by malware authors!" - Not StackOverflow

Literally who says that lmao

Imagine a payload in "go", it would be like 700MB.

me: uses both coz they're both better than many languages 🤓👍

​@@monad_tcp 9mb hello world in rust lol

I think the most popular languages for wirting this stuff are C, C++, Go and Nim, for specific reasons. C and C++: it is low level and is efficient, so the malware will not use a lot of resources, lowering the chance of detection, also lots of libraries Go: It is easy to write, still can use pointers, decent performace. (You can do pointer arithemitic with the unsafe package.) Nim: Basically C++, but with a python-ish syntax and Garbage collector. (that you can turn off), easy to write, but is a small language, so lacks libraries. (It is so much used for malware that depending on your antivirus, it will flag every Nim program as malware). Rust is only being used more now, because it have more libraries today, the standard library lacks features, like you need to install a crate just to have a random number generator, even the 50 years old C have a a PRNG in the std library. But thankfully Rust is kinda popular today, so you can find lots of crates that make up for the small std library.

Bash?

@@Stopinvadingmyhardware Malicious shell scripts are a thing.

Not only "a thing", if you use Linux you should always check bash scripts that you get on the web, it's incredibly easy to write bad stuff with bash. Besides it's very easy to check it since it's just a text file (and usually only one text file)

right but logical mistakes make up the majority of them, but its still nice

​@@zeez7777 thing is, with better modeling tools you can make some logical errors impossible down the line. Ofc this still leaves the one that you couldn't/forgot to/decided not to forbid, but that's a net win.

@@ccgarciab sure is :)

@zeez7777 I am pretty sure the most common error and cause of (big) problems in C/C++ is related to memory management. That's something in rust you can't never have (unless you use unsafe rust, but still the fact you need to declare something is unsafe, instead of just having to know it by experience is wayyy better)

@@no_name4796 Its pretty hard creating leaks with modern c++ if you're not a beginner

there's plenty of training data, so it's only a matter of time that a deep learning model / LLM is engineered that decompiles Rust

Shit

@@LowLevelLearning i cannot believe you broke rule 1 of your comment section truly disgraceful and expect an apology video

The real joke is that Rust is being useful for something.

The joke is that there is no joke

How eloquent

It sort of is in a way, it's impossible at first, but those with experience understand it and can deal with it easily(with some occasional deaths/errors)

you just earned a sub btw

Really high-level but programming languages need to be compiled before they can be run. Essentially languages like C, C++, Rust, the computer knows nothing about this. The computer only knows machine code, instructions which it can operate on. Compilers don't really compile to machine code, they compile to assembly, and then an assembler turns that into an executable. So, a C++ to x86 compiler will convert C++ to x86 assembly, and then the assembler will convert that into machine code for an x86 computer. What LLVM offers is an alternative. A machine-independent Instruction set architecture. It has similar instructions to x86, primitive things, like load, store, jump, branch. Compilers then target LLVM, and LLVM converts it into a platform assembly. Now, not all platforms have the same ISA. But... they are all turing complete. LLVM can often, but not always, transform some instructions. In reality most programs only need a very small set of instructions to run. Some LLVM instructions may compile to 1 x86 instruction, but 2-3 ARM instructions. Now, where do OS come into play? Theoretically, very little. An x86 algorithm will be identical in Windows or Linux. The binary layout should* be exactly the same. However, the executables themselves are different. You need to construct an OS executable type, like an ELF, so the OS will accept it and know how to run it. But that's just the beginning. In addition, most non-trivial programs require OS intervention to run. This isn't obvious in high-level languages like C++. But a function like, say, allocating memory requires the OS to intervene. These calls to the OS are called syscalls. These are unique to the OS. Calling operator new often performs a syscall, which will be different on Linux than Windows. How does a high-level language and compiler deal with this? It would be incredibly annoying if you had to use a different operator new, or different malloc, depending on which OS you're targeting. Well, the language provides a standard implementation for relevant operating systems. This is often called the standard library, like libc or libc++. At compile-time, the compiler chooses which implementation to use. The code is different, but to the programmer the interface is the same. Malloc is always malloc, but behind the scenes the syscall and algorithm malloc uses will be different for each operating system. They also provide platform-independent frontends for other tasks that require syscalls. For example, std::thread in C++, std::filesystem, etc. Some programs include "hardware intrinsics". These are sections of the program written to target specific hardware. For example, inline x86 assembly in C/C++. These cannot be ported, its simply impossible. So, they're generally avoided and only used in user-land code to do very specific things. You can turn these off on some platforms in the code, using the compiler. You can request the compiler check what platform its compiling to, and if the specific hardware code doesn't work there then don't compile it. Very common to see in high-performance hardware-bound applications, like video games.

Thanks for watching!

Yes, don't underestimate the impact of a single individual making 90% of contributions to a small field.

An easy way is just search the strings for "crate". A Rust binary (that hasn't been completely mangled to hell) will have package strings for every crate that was included by the dependency manager.

The most evil part about Rust is that it's a neomarxist programming language.

@@hdjwkrbrnflfnfbrjrmd what does it mean? 😅

@@hdjwkrbrnflfnfbrjrmd what? lol

@@hdjwkrbrnflfnfbrjrmd I've noticed that all the worst sort of commie scum seem to main that language. That realization snuffed out any desire I had to work with Rust. I refuse to accept them as my peers.

@@hdjwkrbrnflfnfbrjrmd so true, fr fr no cap

hi dexie :0

@@vampirenoodles ainoway the real vampirenoodles from fortnite battle royale?

@@DexieTheSheep the one n only😎

Well, it really depends on the implementation. I'm writing a library in Go which for now only works on Unix systems due the syscalls I'm using. And the last question, most servers run Unix systems like Linux and BSD, which are greater targets than your neighbour maybe. Also some people have that tendency to think they're safe just because they use Linux, but that overconfidence just make them easier targets. But of course, the majority of malwares are on Windows due it's popularity

@@_garicas Linux is far more popular than windows - Android and servers. Nobody is safe, but everyone who uses his brain is safer on Linux.

XDDD I WAS THINKING ABOUT IT

C and C++ are not "error prone". They simply let you do more than Rust does. Technically there are no such things as "programming errors". There is only a disconnect between the programmer's mental model of what the code does and the actual reality of what the code does. All of my buffers are allocated statically, they are powers of two sized and I generally use a binary mask for the index. That's 100% buffer overflow safe. Rust can't do any better than that, either for scenarios which do not require dynamic memory allocation. At most it can make dynamic memory allocation more convenient than my programming model would. I use finite state machines for parsing of datagrams and they always include conditions that lead to one or several "invalid" states. Rust can't do any better than that, either, because it does not have a mathematical prover that can prove that your datagrams are safe. You have to make sure of that. Using these techniques I have programs out in industrial applications that have 100% uptime and zero known bugs. If that is what you need, then you just have to use your tools in ways that make sure that that is what you get. Relying on a language to do the thinking for you is a guaranteed recipe for failure.

@@lepidoptera9337 Yes, if you want to be pedantic a programming language, (C, C++, anything) is not "error prone". However programmer are. The question is does the language help prevent its users from making silly mistakes. Same like how all kind of dangerous machines are not error prone, their users are, that is why we have all kinds of safety guards and interlocks on dangerous machines. Of course there are such things as programming errors. Same like their are spelling and grammatical errors in normal writing which give the reader the wrong idea, Same like their are errors of judgement that cause drivers to crash their cars. The question is does a programming language help detect those silly programmer mistakes. I'm glad to see you take steps to avoid bugger overruns etc in your code. I don't see why you would not welcome a language that can check all those things for you automatically and save you the trouble. It's wrong to say that Rust cannot do better than you at detecting memory misuse errors. Being human you are prone to making mistakes, you will be tired, or sick, or under pressure to finish, or just have a bad day. Where as Rust will check your work all the time. If nothing else Rust removes the need to check everything yourself all the time. I do agree with you when it comes to program logic or algorithmic correctness. Like you state machines example. Rust cannot save you from writing the wrong algorithm. As you say we don't have the mathematical provers for that. And if we did we would have a very hard time specifying the problem to be proved. Rust does not claim to do that. However the type and memory misuse checking it does is a huge advantage in ensuring program correctness,. Actually state machines is a case where Rust's type system can help greatly in ensuring you write correct state transitions. So not a good example of why Rust does not help. I also agree that if one wants as few bugs as possible and reliable systems one should use the available tools in ways that make sure that is what you get. One of these tools is type safe and memory safe languages like Rust. By your own logic if one wants bug free reliability one should be using languages Rust to help. Nobody is saying rely on the language to do the thinking for you. But I bet you are happy to let a calculator do complex arithmetic for you rather than working it out with pencil and paper. There is no way having a language like Rust check for type and memory misuse can be a recipe for failure. Like you I have been working on industrial applications in languages like C, C++, PL/M, Pascal for a long time. Since 1882 about. I have adopted techniques as you describe to ensure things work reliably. Some other those systems have been running trouble free for twenty years and more. I am very glad to now have a language like Rust that saves me all the tedious and error prone manual checking of everything I do. Many others in industry have had the same experience. For example recently came this story from CloudFlare: blog.cloudflare.com/how-we-built-pingora-the-proxy-that-connects-cloudflare-to-the-internet.

That was the little bit about "cost-free abstractions". Basically structure in your code that isn't in the binary at all, and therefore can't be reverse engineered out of the binary. That doesn't make the reverse engineering impossible, but it makes understanding what you're reading a little bit harder since you've irrevocably lost a lot of the structural information.

For example, a chain of iterator methods might get inlined and optimised to the same code as a series of `if`s and loops, which will be hard to decompile into anything like the original code.

I guess once someone who knows LLVM starts working on a new decompiler things will get easier. And hey, there's money to be made here!

Thank you! Cheers!

Thank you!

I have a simpler theory. Rust is intellectually interesting to learn, which must attract hacker-minded people. Among those are people who create malware.

You don't have to learn Rust. You have to learn computer science and then use what you have learned. ;-)

@lepidoptera9337 I already studying lol, will do masters too

@@zer0day463 Good for you! Happy learning!