The SECRET of NIM! - Creating RED TEAM TOOLS with Nim-Lang

Рет қаралды 11,479

Күн бұрын

When you're focused on offensive security like I am, you're constantly looking for new methods, tactics, and tools to help you get any advantage. While on that quest the other day, I stumbled across a little-known programming language called Nim.
Long story short...after about 3 hours of reading Nim documentation and watching a few videos I was able to build a custom tool that allowed me to gain shell access from a Windows 10 laptop without tripping Defender.
Useful Links
========================================
Nim Download and Documentation
nim-lang.org
Offensive Nim Github Repo
github.com/byt3bl33d3r/Offens...
HuskyHacks and The Taggart Institute discuss Nim for Pentesting
• #ChillCode | Nim for P...
My Nim-Shell Github Repo
github.com/daniellowrie/Nim-S...
========================================
#nim #nimlang #nimprogramming #redteam #pentesting #penetrationtesting #oscp #python #pythonprogramming #programmingforbeginners #infosec #cybersecurity #offensivesecurity #ethicalhacking #ethicalhacker #malware #informationsecurity #reverseshell #netcat #fudmalware #hacker #hackers #hacking #programmer #kali #kalilinux
========================================
Chapters
00:00 intro
00:55 What is Nim?
04:20 How I Found Nim
05:40 Offensive Nim Repo
09:00 Nim ReversShell Code Explanation
10:45 Sleep without sleep()
15:05 Network Socket Code
19:45 HuskyHacks - Nim for Pentesting
20:22 Compile Code
21:45 Start Netcat Listener
22:34 Run Nim-Shell
25:11 Final Thoughts

Пікірлер: 62

@leonlysak4927 Жыл бұрын

Yeah man I've been writing nim exclusively since I found it in 2020. Beautiful and strong language

@daniellowrie Жыл бұрын

Thanks for watching, Leon and I've got more Nim content coming 👍

@tonywtyt Жыл бұрын

I cut my teeth on C and spent my last 20 professional year in Java... Talking about verbose : ( ...bracket and semicolon hell! Their build systems are hell. I work for the government and we can't do anything that reaches out to the rest of the word to grab dependencies, so have to make sure we're using an internal repo.

@AshishKumar-ld5kx Жыл бұрын

@@tonywtyt what do u think about nim...does it have a future?

@daniellowrie Жыл бұрын

@@AshishKumar-ld5kx IMO I think the biggest thing holding Nim back right now is recognition and better documentation. Now I'm not a dev and I mess around with Nim purely for pragmatic reasons and the challenge of it, but the docs are in desperate need of good examples, especially for some of the more esoteric procs and functions. The user community has been great, but I would love to just go to the docs and see good examples to help clarify the explanations. Fix that and Nim could really be the next Python as far as a first programming language which would "future-proof" it. But hey, that's just one guy's opinion.

@TechnologyBudda Жыл бұрын

ARC/ORC are going to show how real the Rust cult really is as they see Nim outperforms rust without the convoluted borrow checker out front

@emanuelepicariello Жыл бұрын

Thanks for sharing, you’re inspiring me to put nim in my queue languages to learn. 😁

@daniellowrie Жыл бұрын

Glad to do it. Nim is so easy yet so powerful!

@dorianhill2480 Жыл бұрын

More Nim this is cool!

@daniellowrie Жыл бұрын

There will be more Nim content coming within the next few days (I just need the time to film it 😁) So keep a look out 👍

@dorianhill2480 Жыл бұрын

Great video. Glad to see other people discovering this awesome language!

@daniellowrie Жыл бұрын

Thanks, Dorian! I'm really liking it so far 👍

@quad7375 Жыл бұрын

great video. diving into nim now!!! One thing ive been getting annoyed with is their documentation for libraries. It hasnt been easy even figuring out how to use their httpclient module. maybe im just spoiled having multiple examples and additional resources for well established languages.

@daniellowrie Жыл бұрын

I couldn't agree with you more, Quad! Now that I'm trying to build more things with Nim, I'm finding the docs to be nearly or fully useless in some cases. Unfortunately, Nim's user base isn't the biggest and so there aren't as many resources or people creating good examples for things. If/when you need help, a great resource is the Nim Gitter page 9 gitter.im/nim-lang/Nim ). The folks there are super helpful. 👍

@KartikRao Жыл бұрын

Thanks to you and Wes and Adam, I passed my Sec+ recently. Onto CySA+ and also Loving your Hands on Hacking series! I love to gobble up all the ITproTV content I can get :D

@daniellowrie Жыл бұрын

That's awesome, Kartik and a hearty Congratulations!!! Let us raise a glass and toast to your victory! 🍻💪

@KartikRao Жыл бұрын

@@daniellowrie Thank you kind sir. And thank you for making Technical videos so much more fun. ITProTV is the motivation I needed to finally get my IT certs done. :)

@daniellowrie Жыл бұрын

@@KartikRao I've taken my fair share of training and most of it is BORING! That's why I try to have fun when I make content. Everyone stays engaged, including myself and I get to make dumb jokes. 😁

@guilherme5094 Жыл бұрын

Really nice👍Thanks!

@daniellowrie Жыл бұрын

Thanks, Felix! Glad you enjoyed it 👍

@CyberCelt. 8 ай бұрын

Loved this, thank you

@daniellowrie 7 ай бұрын

Glad you enjoyed it, CyberCelt 👍

@dasherreal Жыл бұрын

Love this. Thank you.

@daniellowrie Жыл бұрын

Glad you liked this, dasherreal! I've got another Nim video coming this Friday (spoiler-alert! We're gonna build a port scanner 👍)

@demoncanplay730 Жыл бұрын

Love your videos

@daniellowrie Жыл бұрын

that's awesome! I'm glad you enjoy them and thanks for watching! 👍

@romanxyz7248 Жыл бұрын

24:39 🤣 The Best IT Teacher Ever. Love your videos.

@daniellowrie Жыл бұрын

Thanks for the kind words, RomanXyZ! I love that you got a kick out of just watching me be me. 😁

@firosiam7786 Жыл бұрын

This is what I would call back with a bang 👏

@daniellowrie Жыл бұрын

Thanks firos! It's good to be back 😀👍

@dcriley65 Жыл бұрын

Is that anything like the time bomb from my passed?

@tonywtyt Жыл бұрын

Its also easy to bind to popular, established C/C++ libraries.

@daniellowrie Жыл бұрын

That is a huge advantage 👍

@shizanahamadali3748 Жыл бұрын

do not ignore this like others

@dcriley65 Жыл бұрын

I'm adding Nim to my Trick Bag/Portflio.

@daniellowrie Жыл бұрын

It's a useful trick 😎👍

@abhinavgamercr1419 Жыл бұрын

Sir i have some knowledge of python,bash powershell basics ,c, SQL programming, and batch scripting and linux . And i have some basics networking knowledge not that leval knowledge of comptia network+ knowledge . Sir i am enough to start learning pentesting or i need to learn something more ?

@daniellowrie Жыл бұрын

Sounds like you have a decent foundation of knowledge. The thing about cybersecurity is that there is always something more you need to learn. That said, I think you're in a good spot to start picking up cybersecurity basics.

@abhinavgamercr1419 Жыл бұрын

@@daniellowrie yes sir i agreed because in cyber security there is always more and there will be . So sir can I start learning penetration testing or what things i need to learn ?? Please help sir and sir what kind of cyber security basics or Red team i need to learn

@daniellowrie Жыл бұрын

@@abhinavgamercr1419 I would look into the eJTP certification. It's a GREAT beginner cert for penetration testing.

@px43 Жыл бұрын

Oh god that busy wait is killing me 😀 Just as an FYI, it's considered a mortal sin to do stuff like that since it's likely cranking the CPU to maximum for "no good reason" en.wikipedia.org/wiki/Busy_waiting The fact that the busy wait looked more legit than a sleep to Defender is hilarious though. Definitely a fun find 👍

@daniellowrie Жыл бұрын

I've never heard of 'busy waiting' before! Thanks for introducing me to the concept, Dean! Much appreciated 😀 👍

@JoakimBB Жыл бұрын

Nim metaprogramming ftw!

@daniellowrie Жыл бұрын

Nim Rawks! 😎

@pushqrdx Жыл бұрын

That while loop would burn through cpu for 30 seconds straight though xD

@daniellowrie Жыл бұрын

You say that like it's a bad thing 😆😂😝

@pushqrdx Жыл бұрын

@@daniellowrie i mean if you wanna get caught i guess it's fine xD

@masudurrehman4880 Жыл бұрын

Can you please make videos on CTF?

@daniellowrie Жыл бұрын

It's honestly been a while since I've done CTFs, but I should get back at them 👍

@masudurrehman4880 Жыл бұрын

@@daniellowrieThanks 👍

@Vogel42 Жыл бұрын

dude, your beard is dope. insta subscribed. #nohomo

@daniellowrie Жыл бұрын

Thanks for the compliment and the sub, Vogel! 😁👍

@shizanahamadali3748 Жыл бұрын

hello Mr.daniel lowrie, in youtube no one explain what is android hacking what is ios, some are there explain what is android hacking how does it work, but most case no one get the exact output. you check also they comment section, we need to learn phone hacking , and i know that is simple to you, but the simple thing is give us to big motivation

@daniellowrie Жыл бұрын

Mobile hacking would definitely be a good topic to cover. I honestly don't have much experience with it, but maybe that's something we can all learn together 👍

@Tomaskotomco Жыл бұрын

Just talk normally not with that tone , it's kinda irritating sorry just saying the truth

@daniellowrie Жыл бұрын

Hey xxanub1sxx, I appreciate the subjective feedback. I understand that I'm not everyone's 'cup of tea' and that's OK, but like it or not, that's just how I am. I'd be happy to have you as a regular viewer, but if you watch this channel you're gonna have to put up with my goofy personality. There are way better KZbinrs out there like John Hammond, Neal Bridges, and Heath Adams. They have great cybersecurity content and you won't have to hear my silly voices or weird mannerisms. Links below. Have a great day! 🙂👍 kzbin.info kzbin.info kzbin.info

@vaishnav3735 Жыл бұрын

@@daniellowrie I like the way you talk, it's expressive 👍

@JoakimBB Жыл бұрын

Nah Daniel is a legend and he's tone is awesome!

@licriss Жыл бұрын

@@daniellowrie tbh you talking like that had me paying attention way better than I normally do, picked up a fair bit in this, subbed

@daniellowrie Жыл бұрын

Thanks @@licriss ! 😀