At C1b3rWall Academy 2021, Module 9 “Pentesting” has begun today. This course will be divided in two parts so that students can learn how to build scripts and tools for pentesting exercises through practical examples.

Pentesting is a type of cybersecurity audit that consists of performing a set of simulated attacks on a computer system to detect weaknesses or vulnerabilities so that they can be fixedç.

Carlos Azúa, Cybersecurity Consultant at Dreamlab Technologies specialized in pentesting and software development, explains why to use “GO” for pentesting.

Why use GO

GO is a multipurpose program with easy syntax and efficiency comparable to C. It has a large standard library and strong concurrency and multiprocessing from its conception, as well as cross-compilation.

When we are pentesting, at times we need to think big and have high. We are looking for a balance between scripting and larger applications, as well as cross-compiling. In addition, its standard library supports databases, network protocols, cryptography and data encoding (JSON, XML, hex, Base64…).

Reverse shell

The key points to analyze in this code are cross-compilation and expressive syntax. When compiling, the only thing to do is to add the target operating system.

In general terms, what we do is to establish a connection with a maximum timeout under the TCP protocol to a specific IP and port. You can get the code of this tool here.

Carlos gives us the following conclusions about his talk:

  • Go is easy to code and provides us with scalable solutions.
  • It is fast in its execution.
  • Many pentesting tools are being built in this language.

However, I invite you to watch his talk, in which he explains all the tools in detail. You can also read the full article on News-365. You can register at this link.

Posted by Juan M. Corchado

Juan Manuel Corchado (15 de Mayo de 1971, Salamanca, España) Catedrático en la Universidad de Salamanca. Ha sido Vicerrector de Investigación desde el 2013 hasta el 2017 y Director del Parque Científico de la Universidad de Salamanca. Elegido dos veces como Decano de la Facultad de Ciencias, es Doctor en Ciencias de la Computación por la Universidad de Salamanca y, además, es Doctor en Inteligencia Artificial por la University of the West of Scotland. Dirige el Grupo de Investigación Reconocido BISITE (Bioinformática, Sistemas Inteligentes y Tecnología Educativa), creado en el año 2000. Director del IOT Digital Innovation Hub y presidente del AIR Institute, J. M. Corchado también es Profesor Visitante en el Instituto Tecnológico de Osaka desde enero de 2015, Profesor visitante en la Universiti Malaysia Kelantan y Miembro del Advisory Group on Online Terrorist Propaganda of the European Counter Terrorism Centre (EUROPOL). J. M. Corchado ha sido presidente de la asociación IEEE Systems, Man and Cybernetics, y coordinador académico del Instituto Universitario de Investigación en Arte y Tecnología de la Animación de la Universidad de Salamanca e investigador en las Universidades de Paisley (UK), Vigo (Spain) y en el Plymouth Marine Laboratory (UK). En la actualidad compagina toda su actividad con la dirección de los programas de Máster en Seguridad, Animación Digital, Telefonía Movil, Dirección de Sistemas de Información, Internet de las Cosas, Social Media, Diseño e Impresión 3D, Blockchain, Z System, Industria 4.0, Gestión de Proyectos Ágiles y Smart Cities & Intelligent Buildings​, en la Universidad de Salamanca y su trabajo como editor jefe de las revistas ADCAIJ (Advances in Distributed Computing and Artificial Intelligence Journal), OJCST (Oriental Journal of Computer Science and Technology) o Electronics MDPI (Computer Science & Engineering section). J. M. Corchado desarrolla principalmente trabajos en proyectos relacionados con Inteligencia Artificial, Machine Learning, Blockchain, IoT, Fog Computing, Edge Computing, Smart Cities, Smart Grids y Análisis de sentimiento.

Thanks for your comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.