The SECRET of NIM! - Creating RED TEAM TOOLS with Nim-Lang

Подписаться 11 тыс.

Просмотров 12 тыс.

50% 1

When you're focused on offensive security like I am, you're constantly looking for new methods, tactics, and tools to help you get any advantage. While on that quest the other day, I stumbled across a little-known programming language called Nim.
Long story short...after about 3 hours of reading Nim documentation and watching a few videos I was able to build a custom tool that allowed me to gain shell access from a Windows 10 laptop without tripping Defender.
Useful Links
========================================
Nim Download and Documentation
nim-lang.org
Offensive Nim Github Repo
github.com/byt3bl33d3r/Offens...
HuskyHacks and The Taggart Institute discuss Nim for Pentesting
• #ChillCode | Nim for P...
My Nim-Shell Github Repo
github.com/daniellowrie/Nim-S...
========================================
#nim #nimlang #nimprogramming #redteam #pentesting #penetrationtesting #oscp #python #pythonprogramming #programmingforbeginners #infosec #cybersecurity #offensivesecurity #ethicalhacking #ethicalhacker #malware #informationsecurity #reverseshell #netcat #fudmalware #hacker #hackers #hacking #programmer #kali #kalilinux
========================================
Chapters
00:00 intro
00:55 What is Nim?
04:20 How I Found Nim
05:40 Offensive Nim Repo
09:00 Nim ReversShell Code Explanation
10:45 Sleep without sleep()
15:05 Network Socket Code
19:45 HuskyHacks - Nim for Pentesting
20:22 Compile Code
21:45 Start Netcat Listener
22:34 Run Nim-Shell
25:11 Final Thoughts

Наука

Опубликовано:

12 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 66

@leonlysak4927 2 года назад

Yeah man I've been writing nim exclusively since I found it in 2020. Beautiful and strong language

@daniellowrie 2 года назад

Thanks for watching, Leon and I've got more Nim content coming 👍

@tonywtyt Год назад

I cut my teeth on C and spent my last 20 professional year in Java... Talking about verbose : ( ...bracket and semicolon hell! Their build systems are hell. I work for the government and we can't do anything that reaches out to the rest of the word to grab dependencies, so have to make sure we're using an internal repo.

@AshishKumar-ld5kx Год назад

@@tonywtyt what do u think about nim...does it have a future?

@daniellowrie Год назад

@@AshishKumar-ld5kx IMO I think the biggest thing holding Nim back right now is recognition and better documentation. Now I'm not a dev and I mess around with Nim purely for pragmatic reasons and the challenge of it, but the docs are in desperate need of good examples, especially for some of the more esoteric procs and functions. The user community has been great, but I would love to just go to the docs and see good examples to help clarify the explanations. Fix that and Nim could really be the next Python as far as a first programming language which would "future-proof" it. But hey, that's just one guy's opinion.

@TechnologyBudda Год назад

ARC/ORC are going to show how real the Rust cult really is as they see Nim outperforms rust without the convoluted borrow checker out front

@dorianhill2480 2 года назад

More Nim this is cool!

@daniellowrie 2 года назад

There will be more Nim content coming within the next few days (I just need the time to film it 😁) So keep a look out 👍

@dorianhill2480 2 года назад

Great video. Glad to see other people discovering this awesome language!

@daniellowrie 2 года назад

Thanks, Dorian! I'm really liking it so far 👍

@emanuelepicariello 2 года назад

Thanks for sharing, you’re inspiring me to put nim in my queue languages to learn. 😁

@daniellowrie 2 года назад

Glad to do it. Nim is so easy yet so powerful!

@quad7375 Год назад

great video. diving into nim now!!! One thing ive been getting annoyed with is their documentation for libraries. It hasnt been easy even figuring out how to use their httpclient module. maybe im just spoiled having multiple examples and additional resources for well established languages.

@daniellowrie Год назад

I couldn't agree with you more, Quad! Now that I'm trying to build more things with Nim, I'm finding the docs to be nearly or fully useless in some cases. Unfortunately, Nim's user base isn't the biggest and so there aren't as many resources or people creating good examples for things. If/when you need help, a great resource is the Nim Gitter page 9 gitter.im/nim-lang/Nim ). The folks there are super helpful. 👍

@romanxyz7248 2 года назад

24:39 🤣 The Best IT Teacher Ever. Love your videos.

@daniellowrie 2 года назад

Thanks for the kind words, RomanXyZ! I love that you got a kick out of just watching me be me. 😁

@guilherme5094 Год назад

Really nice👍Thanks!

@daniellowrie Год назад

Thanks, Felix! Glad you enjoyed it 👍

@dasherreal 2 года назад

Love this. Thank you.

@daniellowrie 2 года назад

Glad you liked this, dasherreal! I've got another Nim video coming this Friday (spoiler-alert! We're gonna build a port scanner 👍)

@CyberCelt. 9 месяцев назад

Loved this, thank you

@daniellowrie 9 месяцев назад

Glad you enjoyed it, CyberCelt 👍

@firosiam7786 2 года назад

This is what I would call back with a bang 👏

@daniellowrie 2 года назад

Thanks firos! It's good to be back 😀👍

@demoncanplay730 2 года назад

Love your videos

@daniellowrie 2 года назад

that's awesome! I'm glad you enjoy them and thanks for watching! 👍

@wellingtonbatista1479 20 дней назад

Nice👏🏾

@daniellowrie 18 дней назад

Thanks! I'm glad to hear that you enjoyed it 👍💯 and thanks for watching!

@KartikRao 2 года назад

Thanks to you and Wes and Adam, I passed my Sec+ recently. Onto CySA+ and also Loving your Hands on Hacking series! I love to gobble up all the ITproTV content I can get :D

@daniellowrie 2 года назад

That's awesome, Kartik and a hearty Congratulations!!! Let us raise a glass and toast to your victory! 🍻💪

@KartikRao 2 года назад

@@daniellowrie Thank you kind sir. And thank you for making Technical videos so much more fun. ITProTV is the motivation I needed to finally get my IT certs done. :)

@daniellowrie 2 года назад

@@KartikRao I've taken my fair share of training and most of it is BORING! That's why I try to have fun when I make content. Everyone stays engaged, including myself and I get to make dumb jokes. 😁

@JoakimBB Год назад

Nim metaprogramming ftw!

@daniellowrie Год назад

Nim Rawks! 😎

@shizanahamadali3748 2 года назад

do not ignore this like others

@dcriley65 Год назад

I'm adding Nim to my Trick Bag/Portflio.

@daniellowrie Год назад

It's a useful trick 😎👍

@tonywtyt Год назад

Its also easy to bind to popular, established C/C++ libraries.

@daniellowrie Год назад

That is a huge advantage 👍

@dcriley65 Год назад

Is that anything like the time bomb from my passed?

@user-ru7qk6ui4u 9 месяцев назад

I've seen some malware written in D. Languages such as Carbon, Zig, Haxe can be used. Could an AI help in these cases of detecting unconventional codes?

@daniellowrie 9 месяцев назад

Great question! I'm not sure, but my initial guess would be yes.

@Vogel42 Год назад

dude, your beard is dope. insta subscribed. #nohomo

@daniellowrie Год назад

Thanks for the compliment and the sub, Vogel! 😁👍

@abhinavgamercr1419 2 года назад

Sir i have some knowledge of python,bash powershell basics ,c, SQL programming, and batch scripting and linux . And i have some basics networking knowledge not that leval knowledge of comptia network+ knowledge . Sir i am enough to start learning pentesting or i need to learn something more ?

@daniellowrie 2 года назад

Sounds like you have a decent foundation of knowledge. The thing about cybersecurity is that there is always something more you need to learn. That said, I think you're in a good spot to start picking up cybersecurity basics.

@abhinavgamercr1419 2 года назад

@@daniellowrie yes sir i agreed because in cyber security there is always more and there will be . So sir can I start learning penetration testing or what things i need to learn ?? Please help sir and sir what kind of cyber security basics or Red team i need to learn

@daniellowrie 2 года назад

@@abhinavgamercr1419 I would look into the eJTP certification. It's a GREAT beginner cert for penetration testing.

@pushqrdx Год назад

That while loop would burn through cpu for 30 seconds straight though xD

@daniellowrie Год назад

You say that like it's a bad thing 😆😂😝

@pushqrdx Год назад

@@daniellowrie i mean if you wanna get caught i guess it's fine xD

@masudurrehman4880 2 года назад

Can you please make videos on CTF?

@daniellowrie 2 года назад

It's honestly been a while since I've done CTFs, but I should get back at them 👍

@masudurrehman4880 2 года назад

@@daniellowrieThanks 👍

@shizanahamadali3748 2 года назад

hello Mr.daniel lowrie, in youtube no one explain what is android hacking what is ios, some are there explain what is android hacking how does it work, but most case no one get the exact output. you check also they comment section, we need to learn phone hacking , and i know that is simple to you, but the simple thing is give us to big motivation

@daniellowrie 2 года назад

Mobile hacking would definitely be a good topic to cover. I honestly don't have much experience with it, but maybe that's something we can all learn together 👍

@Tomaskotomco Год назад

Just talk normally not with that tone , it's kinda irritating sorry just saying the truth

@daniellowrie Год назад

Hey xxanub1sxx, I appreciate the subjective feedback. I understand that I'm not everyone's 'cup of tea' and that's OK, but like it or not, that's just how I am. I'd be happy to have you as a regular viewer, but if you watch this channel you're gonna have to put up with my goofy personality. There are way better RU-vidrs out there like John Hammond, Neal Bridges, and Heath Adams. They have great cybersecurity content and you won't have to hear my silly voices or weird mannerisms. Links below. Have a great day! 🙂👍 ru-vid.com ru-vid.com ru-vid.com

@vaishnav3735 Год назад

@@daniellowrie I like the way you talk, it's expressive 👍

@JoakimBB Год назад

Nah Daniel is a legend and he's tone is awesome!

@licriss Год назад

@@daniellowrie tbh you talking like that had me paying attention way better than I normally do, picked up a fair bit in this, subbed

@daniellowrie Год назад

Thanks @@licriss ! 😀

@px43 Год назад

Oh god that busy wait is killing me 😀 Just as an FYI, it's considered a mortal sin to do stuff like that since it's likely cranking the CPU to maximum for "no good reason" en.wikipedia.org/wiki/Busy_waiting The fact that the busy wait looked more legit than a sleep to Defender is hilarious though. Definitely a fun find 👍

@daniellowrie Год назад

I've never heard of 'busy waiting' before! Thanks for introducing me to the concept, Dean! Much appreciated 😀 👍