Get the full ebook with Bonus Features for a Better Reading Experience on ebookmeta.

com

Black Hat Rust Applied offensive security with the

Rust programming language Sylvain Kerkour

https://ebookmeta.com/product/black-hat-rust-applied-
offensive-security-with-the-rust-programming-language-
sylvain-kerkour/

OR CLICK HERE

DOWLOAD NOW

Download more ebook instantly today at https://ebookmeta.com

 Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.

Black Hat Rust Applied offensive security with the Rust

programming language Sylvain Kerkour

https://ebookmeta.com/product/black-hat-rust-applied-offensive-
security-with-the-rust-programming-language-sylvain-kerkour-3/

ebookmeta.com

Black Hat Rust Applied offensive security with the Rust

programming language Sylvain Kerkour

https://ebookmeta.com/product/black-hat-rust-applied-offensive-
security-with-the-rust-programming-language-sylvain-kerkour/

ebookmeta.com

Black Hat Rust Deep dive into offensive security with the
Rust programming language Sylvain Kerkour

https://ebookmeta.com/product/black-hat-rust-deep-dive-into-offensive-
security-with-the-rust-programming-language-sylvain-kerkour/

ebookmeta.com

Agriscience: Fundamentals and Applications, Sixth Edition

L Devere Burton

https://ebookmeta.com/product/agriscience-fundamentals-and-
applications-sixth-edition-l-devere-burton/

ebookmeta.com
Letting Data Lead How to Design Analyze and Respond to
Classroom Assessment Gain Actionable Insights Through
Effective Assessment Methods and Data Interpretation 1st
Edition Eileen Depka
https://ebookmeta.com/product/letting-data-lead-how-to-design-analyze-
and-respond-to-classroom-assessment-gain-actionable-insights-through-
effective-assessment-methods-and-data-interpretation-1st-edition-
eileen-depka/
ebookmeta.com

The Bear the Bat and the Dove Three Stories from Aesop Rob
Cleveland

https://ebookmeta.com/product/the-bear-the-bat-and-the-dove-three-
stories-from-aesop-rob-cleveland/

ebookmeta.com

Software Defined Radio: Theory and Practice (Artech House

Mobile Communications Library) 1st Edition Reyland

https://ebookmeta.com/product/software-defined-radio-theory-and-
practice-artech-house-mobile-communications-library-1st-edition-
reyland/
ebookmeta.com

No Truth Without Beauty God the Qur an and Women s Rights

Sustainable Development Goals Series El-Ali

https://ebookmeta.com/product/no-truth-without-beauty-god-the-qur-an-
and-women-s-rights-sustainable-development-goals-series-el-ali/

ebookmeta.com

Perfect Phrases™ for ESL: Conversation Skills Diane

Engelhardt

https://ebookmeta.com/product/perfect-phrases-for-esl-conversation-
skills-diane-engelhardt/

ebookmeta.com
Redemption Dr Rebecca Sharp

https://ebookmeta.com/product/redemption-dr-rebecca-sharp/

ebookmeta.com
Black Hat Rust
Applied offensive security with the Rust
programming language

Sylvain Kerkour
 Black Hat Rust
Applied offensive security with the Rust programming language

Sylvain Kerkour

v2021.46
Contents

Copyright 7

Your early access bonuses 8

Contact 9

Preface 10

1 Introduction 13
1.1 Types of attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.2 Phases of an attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.3 Profiles of attackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.4 Attribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.5 The Rust programming language . . . . . . . . . . . . . . . . . . . . . 19
1.6 History of Rust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.7 Rust is awesome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.8 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.9 Our first Rust program: A SHA-1 hash cracker . . . . . . . . . . . . . 25
1.10 Mental models for approaching Rust . . . . . . . . . . . . . . . . . . . 31
1.11 A few things I’ve learned along the way . . . . . . . . . . . . . . . . . . 33
1.12 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

2 Multi-threaded attack surface discovery 42

2.1 Passive reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.2 Active reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2.3 Assets discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2.4 Our first scanner in Rust . . . . . . . . . . . . . . . . . . . . . . . . . . 45
2.5 Error handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
2.6 Enumerating subdomains . . . . . . . . . . . . . . . . . . . . . . . . . 46
2.7 Scanning ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
2.8 Multithreading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.9 Fearless concurrency in Rust . . . . . . . . . . . . . . . . . . . . . . . . 49
2.10 The three causes of data races . . . . . . . . . . . . . . . . . . . . . . . 52
2.11 The three rules of ownership . . . . . . . . . . . . . . . . . . . . . . . . 52
2.12 The two rules of references . . . . . . . . . . . . . . . . . . . . . . . . . 52
2.13 Other concurrency problems . . . . . . . . . . . . . . . . . . . . . . . . 53
2.14 Adding multithreading to our scanner . . . . . . . . . . . . . . . . . . . 53

1
 2.15 Alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
2.16 Going further . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
2.17 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

3 Going full speed with async 58

3.1 Why . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.2 Cooperative vs Preemptive scheduling . . . . . . . . . . . . . . . . . . 59
3.3 Future . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.4 Streams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.5 What is a runtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.6 Introducing tokio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.7 Avoid blocking the event loops . . . . . . . . . . . . . . . . . . . . . . . 64
3.8 Sharing data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.9 Combinators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
3.10 Porting our scanner to async . . . . . . . . . . . . . . . . . . . . . . . . 82
3.11 How to defend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
3.12 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

4 Adding modules with trait objects 88

4.1 Generics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.2 Traits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
4.3 Traits objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
4.4 Command line argument parsing . . . . . . . . . . . . . . . . . . . . . 100
4.5 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
4.6 Adding modules to our scanner . . . . . . . . . . . . . . . . . . . . . . 102
4.7 Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
4.8 Other scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4.9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

5 Crawling the web for OSINT 114

5.1 OSINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.2 Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.3 Search engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
5.4 IoT & network Search engines . . . . . . . . . . . . . . . . . . . . . . . 117
5.5 Social media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
5.6 Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
5.7 Videos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
5.8 Government records . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
5.9 Crawling the web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.10 Why Rust for crawling . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
5.11 Associated types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
5.12 Atomic types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
5.13 Barrier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
5.14 Implementing a crawler in Rust . . . . . . . . . . . . . . . . . . . . . . 124
5.15 The spider trait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.16 Implementing the crawler . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.17 Crawling a simple HTML website . . . . . . . . . . . . . . . . . . . . . 129

2
 5.18 Crawling a JSON API . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
5.19 Crawling a JavaScript web application . . . . . . . . . . . . . . . . . . 133
5.20 How to defend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
5.21 Going further . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
5.22 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

6 Finding vulnerabilities 139

6.1 What is a vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
6.2 Weakness vs Vulnerability (CWE vs CVE) . . . . . . . . . . . . . . . . 139
6.3 Vulnerability vs Exploit . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.4 0 Day vs CVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.5 Web vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.6 Injections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6.7 HTML injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6.8 SQL injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
6.9 XSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
6.10 Server Side Request Forgery (SSRF) . . . . . . . . . . . . . . . . . . . 147
6.11 Cross-Site Request Forgery (CSRF) . . . . . . . . . . . . . . . . . . . . 149
6.12 Open redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
6.13 (Sub)Domain takeover . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
6.14 Arbitrary file read . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
6.15 Denial of Service (DoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
6.16 Arbitrary file write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
6.17 Memory vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
6.18 Buffer overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
6.19 Use after free . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
6.20 Double free . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
6.21 Other vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
6.22 Remote Code Execution (RCE) . . . . . . . . . . . . . . . . . . . . . . 160
6.23 Integer overflow (and underflow) . . . . . . . . . . . . . . . . . . . . . . 161
6.24 Logic error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
6.25 Race condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
6.26 Additional resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
6.27 Bug hunting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
6.28 The tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
6.29 Automated audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
6.30 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

7 Exploit development 173

7.1 Where to find exploits . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
7.2 Creating a crate that is both a library and a binary . . . . . . . . . . . 174
7.3 libc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
7.4 Building an exploitation toolkit . . . . . . . . . . . . . . . . . . . . . . 176
7.5 CVE-2019-11229 && CVE-2019-89242 . . . . . . . . . . . . . . . . . . 176
7.6 CVE-2021-3156 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
7.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

3
8 Writing shellcodes in Rust 182
8.1 What is a shellcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
8.2 Sections of an executable . . . . . . . . . . . . . . . . . . . . . . . . . . 183
8.3 Rust compilation process . . . . . . . . . . . . . . . . . . . . . . . . . . 184
8.4 no_std . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
8.5 Using assembly from Rust . . . . . . . . . . . . . . . . . . . . . . . . . 187
8.6 The never type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
8.7 Executing shellcodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
8.8 Our linker script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
8.9 Hello world shellcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
8.10 An actual shellcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
8.11 Reverse TCP shellcode . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
8.12 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

9 Phishing with WebAssembly 204

9.1 Social engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
9.2 Nontechnical hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
9.3 Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
9.4 Watering holes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
9.5 Telephone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
9.6 WebAssembly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
9.7 Sending emails in Rust . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
9.8 Implementing a phishing page in Rust . . . . . . . . . . . . . . . . . . 218
9.9 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
9.10 Cargo Workspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
9.11 Deserialization in Rust . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
9.12 A client application with WebAssembly . . . . . . . . . . . . . . . . . . 220
9.13 Evil twin attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
9.14 How to defend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
9.15 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

10 A modern RAT 235

10.1 Architecture of a RAT . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
10.2 C&C channels & methods . . . . . . . . . . . . . . . . . . . . . . . . . 237
10.3 Existing RAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
10.4 Why Rust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
10.5 Designing the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
10.6 Designing the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
10.7 Docker for offensive security . . . . . . . . . . . . . . . . . . . . . . . . 252
10.8 Let’s code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
10.9 Optimizing Rust’s binary size . . . . . . . . . . . . . . . . . . . . . . . 273
10.10Some limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
10.11Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

11 Securing communications with end-to-end encryption 275

11.1 The C.I.A triad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
11.2 Threat modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

4
 11.3 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
11.4 Hash functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
11.5 Message Authentication Codes . . . . . . . . . . . . . . . . . . . . . . . 278
11.6 Key derivation functions . . . . . . . . . . . . . . . . . . . . . . . . . . 280
11.7 Block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
11.8 Authenticated encryption (AEAD) . . . . . . . . . . . . . . . . . . . . 281
11.9 Asymmetric encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
11.10Diffie–Hellman key exchange . . . . . . . . . . . . . . . . . . . . . . . . 284
11.11Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
11.12End-to-end encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
11.13Who uses cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . 294
11.14Common problems and pitfalls with cryptography . . . . . . . . . . . . 295
11.15A little bit of TOFU? . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
11.16The Rust cryptography ecosystem . . . . . . . . . . . . . . . . . . . . . 296
11.17Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
11.18Our threat model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
11.19Designing our protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
11.20Implementing end-to-end encryption in Rust . . . . . . . . . . . . . . . 303
11.21Some limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
11.22To learn more . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
11.23Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

12 Going multi-platforms 316

12.1 Why multi-platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
12.2 Cross-platform Rust . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
12.3 Supported platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
12.4 Cross-compilation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
12.5 cross . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
12.6 Custom Dockerfiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
12.7 Cross-compiling to aarch64 (arm64) . . . . . . . . . . . . . . . . . . . . 322
12.8 More Rust binary optimization tips . . . . . . . . . . . . . . . . . . . . 323
12.9 Packers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
12.10Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
12.11Single instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
12.12Going further . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
12.13Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

13 Turning our RAT into a worm to increase reach 331

13.1 What is a worm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
13.2 Spreading techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
13.3 Cross-platform worm . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
13.4 Spreading through SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
13.5 Vendoring dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . 336
13.6 Implementing a cross-platform worm in Rust . . . . . . . . . . . . . . . 337
13.7 Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
13.8 Spreading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
13.9 More advanced techniques for your RAT . . . . . . . . . . . . . . . . . 343

5
 13.10Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

14 Conclusion 348
14.1 What we didn’t cover . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
14.2 The future of Rust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
14.3 Leaked repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
14.4 How bad guys get caught . . . . . . . . . . . . . . . . . . . . . . . . . 350
14.5 Your turn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
14.6 Build your own RAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
14.7 Other interesting blogs . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
14.8 Contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

6
Copyright

Copyright © 2021 Sylvain Kerkour

All rights reserved. No portion of this book may be reproduced in any form without
permission from the publisher, except as permitted by law. For permissions contact:
[email protected]

7
Your early access bonuses

Dear reader, in order to thank you for buying the Black Hat Rust early access edition
and helping to make this book a reality, I prepared you a special bonus: I curated a
list of the best detailed analyses of the most advanced malware of the past two decades.
You may find inside great inspiration when developing your own offensive tools. You
can find the list at this address: https://github.com/black-hat-rust-bonuses/black-
hat-rust-bonuses

If you notice a mistake (it happens), something that could be improved, or want to
share your ideas about offensive security, feel free to join the discussion on Github:
https://github.com/skerkour/black-hat-rust

8
Contact

I regularly publish content that is complementary to this book in my newsletter.

Every week I share updates about my projects and everything I learn about how to
(ab)use technology for fun & profit: Programming, Hacking & Entrepreneurship. You
can subscribe by Email or RSS: https://kerkour.com/follow.

You bought the book and are annoyed by something? Please tell me, and I will do my
best to improve it!

Or, you greatly enjoyed the read and want to say thank you?

Feel free to contact me by email: [email protected] or matrix: @sylvain:kerkour.com

You can find all the updates in the changelog.

9
Preface

After high school, my plan for life was to become a private detective, maybe because
I read too many Sherlock Holmes books. In France, the easiest way to become one is
(was?) to go to law university and then to attend a specialized school.

I was not ready.

I quickly realized that studying law was not for me: reality is travestied to fit whatever
narrative politics or professor wanted us to believe. No deep knowledge is taught here,
only numbers, dates, how to look nice and sound smart. It was deeply frustrating for
the young man I was, with an insatiable curiosity. I wanted to understand how the
world works, not human conventions. For example, how do these machines we call
computers that we are frantically typing on all day long work under the hood?

So I started by installing Linux (no, I won’t enter the GNU/Linux war) on my Asus
EeePC, a small netbook with only 1GB of RAM, because Windows was too slow, and
started to learn to develop C++ programs with Qt, thanks to online tutorials. I coded
my own text and my own chat systems. But my curiosity was not fulfilled.

One day, I inadvertently fell on the book that changed my life: “Hacking: The Art of
Exploitation, 2nd Edition”, by Jon Erickson.

This book not only made me curious about how to make things, but, more importantly,
how to break things. It made me realize that you can’t build reliable things without
understanding how to break them, and by extension, where their weaknesses are.

While the book remains great to learn low-level programming and how to exploit simple
memory safety bugs, today, hacking requires new skills: web exploitation, network and
system programming, and, above all, how to code in a modern programming language.

Welcome to the fascinating world of Rust and offensive security.

While the Rust Book does an excellent job teaching What is Rust, I felt that a book
about Why and How to Rust was missing. That means that some concepts will not

10
be covered in-depth in this book. Instead, we are going to see how to effectively use
them in practice.

In this book, we will shake the preconceived ideas (Rust is too complex for the real world,
Rust is not productive…) and see how to architect and create real-world Rust projects
applied to offensive security. We will see how polyvalent Rust is, which enables its users
to replace the plethora of programming languages (Python, Ruby, C, C++…) plaguing
the offensive security world with a unique language that offers high-level abstractions,
high performance, and low-level control when needed.

We will always start with some theory, deep knowledge that pass through ages, tech-
nologies and trends. This knowledge is independent of any programming language and
will help you to get the right mindset required for offensive security.

I designed this book for people who either want to understand how attackers think in
order to better defend themselves or for people who want to enter the world of offensive
security and eventually make a living off it.

The goal of this book is to save you time in your path to action, by distilling knowledge
and presenting it in applied code projects.

It’s important to understand that Black Hat Rust is not meant to be a big encyclopedia
containing all the knowledge of the world. Instead, it was designed as a guide to help
you getting started and pave the way to action. Knowledge is often a prerequisite,
but it’s action that is shaping the world, and sometimes knowledge is a blocker for
action (see analysis paralysis). As we will see, some of the most primitive offensive
techniques are still the most effective. Thus some very specific topics, such as how to
bypass modern OSes protection mechanisms won’t be covered because there already is
extensive literature on these topics, and they have little value in a book about Rust.
That being said, I did my best to list the best resources to further your learning journey.

It took me approximately 1 year to become efficient in Rust, but it’s only when I started
to write (and rewrite) a lot of code that I made real progress.

Rust is an extremely vast language, but in reality, you will (and should) use only a
subset of its features: you don’t need to learn them all ahead of time. Some, that we
will study in this book, are fundamentals. Others are not and may have an adversarial
effect on the quality of your code by making it harder to read and maintain.

My intention with this book is not only to make you discover the fabulous world of
offensive security, to convince you that Rust is the long-awaited one-size-fits-all pro-
gramming language meeting all the needs of offensive security, but also to save you

11
a lot of time by guiding you to what really matters when learning Rust and offensive
security. But remember, knowledge is not enough. Knowledge doesn’t move mountains.
Actions do.

Thus, the book is only one half of the story. The other half is the accompanying code
repository: https://github.com/skerkour/black-hat-rust. It’s impossible to learn
without practice, so I invite you to read the code, modify it and make it
yours!

If at any time you feel lost or don’t understand a chunk of Rust code, don’t hesitate
to refer to the Rust Language Cheat Sheet, The Rust Book, and the Rust Language
Reference.

Also, the book is code-heavy. I recommend reading it with a web browser aside, in order
to explore and play with the code on GitHub: https://github.com/skerkour/black-hat-
rust/.

12
Chapter 1

Introduction

“Any sufficiently advanced cyberattack is indistinguishable from magic”, unknown

Whether it be in movies or in mainstream media, hackers are often romanticized: they

are depicted as black magic wizards, nasty criminals, or, in the worst cases, as thieves
with a hood and a crowbar.

In reality, the spectrum of the profile of the attackers is extremely large, from the bored
teenager exploring the internet to sovereign State’s armies as well as the unhappy former
employee. As we will see, cyberattacks are not that hard. Knowledge is simply unevenly
distributed and jealously kept secret by the existing actors. The principal ingredients
are a good dose of curiosity and the courage to follow your instinct.

As digital is taking an always more important place in our lives, the impact and scale
of cyberattacks will increase in the same way: we are helplessly witnessing during
the current COVID-19 pandemic attacks against our hospitals which have real-life and
dramatic consequences.

It’s time to fight back and to prepare ourselves for the wars and battles of today (not
tomorrow) and to understand that, in order to defend, there is no other way than
to put ourselves in the shoes of attackers and think how they think. What are their
motivations? How can they break seemingly so easily into any system? What do they
do to their victims? From theory to practice, we will explore the arcanes of offensive
security and build our own offensive tools with the Rust programming language.

Why Rust?

The world of security (and, more generally, software) is plagued by too many program-
ming languages with too many footguns. You have to choose between fast and unsafe
(C, C++…) or slow but mostly safe (Python, Java…).

13
 Another Random Document on
Scribd Without Any Related Topics
liked it.” W. A. Barrett

+ Bookm 51:476 Je ’20 700w

“Mr Guiterman has a virtue beyond the virtue of the average

humorist in verse whose quips and laughter after a little grow
tiresome; that virtue is his unfailing humanism. The humanist in him
has made him sing on occasions with all the fine fervor of a truly
inspired poet. These ballads help very largely and convincingly to
show us this very little-thought-of side of Mr Guiterman.” W. S. B.

+ Boston Transcript p6 Mr 3 ’20 1250w

“Displays pleasing variety in the matter of subject and form.”

+ Cleveland p51 My ’20 40w

+ − Dial 69:211 Ag ’20 80w

“In ‘Ballads of old New York’ a delightful idea is somewhat

disappointingly worked out.”

+ Ind. 104:65 O 9 ’20 50w

“Arthur Guiterman is a perfect master of his trade. He has a genius

for mirth, for seeing the funny side of life, for throwing a fantastic
light on everything that happens. ‘Ballads of old New York’ is worth
its price twice over.” B: de Casseres

+ N Y Times 25:132 Mr 21 ’20 1300w

 + N Y Times 25:286 My 30 ’20 1650w

“The versatility of the author’s pen is evident in the variety both

subjective and metrical, of the different ballads and interludes. The
book ought to be among the most popular metrical offerings of the
season.”

+ Springf’d Republican p8 F 26 ’20 240w

[2]
GUITERMAN, ARTHUR. Chips of Jade. il *$2
Dutton 895

20–19184

“This is a volume of alleged folk-sayings of China and Hindustan,

clothed in homely English verse, and there is a chuckle in every
quatrain. There is sharp social comment in many of the lines—and it
is often anti-Socialist.”—N Y Call

“The amount of exhilaration which may be obtained from a book of

mottoes is rather less than half of one per cent, and even the
knowledge that the present compilation has an oriental origin is not
in itself calculated to intoxicate the reader. After all, a jingle is only a
jingle, and ‘Chips of jade’ is but the small change of philosophy.” L.
B.

− Freeman 2:310 D 8 ’20 150w

 “A thoroughly delectable addition to the already rich proverb-
literature which exists in English.”

+ Nation 112:124 Ja 26 ’21 160w

“Perhaps it is no exaggeration to say that this volume is the most

crystalline, the most brilliant, the most uniform yet issued by this
twanger of the harp of Momus. There are a thousand universal words
here, which read as if they were spoken for your ear only.” Clement
Wood

+ N Y Call p8 Ja 9 ’21 260w

“Attractive in appearance and contents.” E. L. Pearson

+ Review 3:419 N 3 ’20 130w

[2]
GUITRY, SACHA. Deburau; a comedy; in an
English version by Harley Granville Barker. $2
Putnam 842

This English version of a French play is a free rendering, which

preserves the original meaning detail by detail but uses a paraphrase
where a literal rendering would appear labored. The play is in four
acts. The first shows the auditorium of a theatre after a successful
evening. Gaspard Deburau, the Pierrot, has just made a great hit in
“The old clo’ man.” In the second act Deburau is seen in the room of
Marie Duplessis, the famous “Camellia lady,” to whose charms he has
succumbed and who, immediately after his departure, accepts
another lover. Act three is in Deburau’s own garret, seven years later,
with Deburau ill and retired. His young son is pleading with him for
permission to become his successor on the stage. In the fourth act
Deburau once more after a long intermission essays to act his old
rôle. He is a complete failure and while the management is
deliberating in despair what course to pursue, Deburau brings on his
son, has him dressed in his old Pierrot costume and puts him thru
his paces as his successor. The scene abounds in good stage advice.

GULICK, LUTHER HALSEY. Evolution of the

budget in Massachusetts. *$2.50 Macmillan 336

20–10284

This volume is the second in a series of Special studies in

administration in course of preparation by the Bureau of municipal
research and the training school for the public service. Its object is to
record in orderly fashion the long series of events that have led up to
the present budget system of Massachusetts and to counteract some
of the superficial views that prevail on budget-making. Among the
contents, following the early financial history of Massachusetts, are:
The governor and the budget, 1910–1918; The joint special
committee on finance and budget procedure; Establishing the budget
system; Experience with the budget in 1919; Constitutional conflict
over the budget in 1920; Classification of the Massachusetts budget
system; Outstanding facts in the evolution of the Massachusetts
budget. The appendices contain The budget amendment of the
Massachusetts constitution, and The Massachusetts budget act.

“The book is one which should appeal to the practical

administrator as well as to the student of political science.” A. C.
Hanford
 + Am Pol Sci R 14:712 N ’20 450w
Booklist 16:329 Jl ’20

“The study of the budget system is usually supposed to be dull and

uninteresting, but Dr Gulick has succeeded in writing an interesting
book.”

+ Boston Transcript p6 Je 23 ’20 320w

“It will prove exceedingly helpful to those political adolescents who

imagine that a piece of legislation imposing on the governor the duty
of preparing a financial plan will produce any important changes in
our way of doing business.” C: A. Beard

+ Nation 111:275 S 4 ’20 260w

R of Rs 62:109 Jl ’20 60w

“The author has prepared an interesting and well written history.

The illustrative excerpts from political speeches and journals add
decided readability to what might be otherwise tedious history.” L. D.
Upson

+ Survey 45:104 O 16 ’20 200w

GULICK, LUTHER HALSEY. Philosophy of

play. *$1.60 (3c) Scribner 790

20–4701
 Joseph Lee, in his foreword to this posthumous volume, calls it Dr
Gulick’s legacy to his fellow citizens. In making the study of play his
life work the author has come to the conclusion that it affords the
best and most profitable way of studying humankind itself; that the
individual reveals himself more completely in play than in any other
way; that play has a greater shaping power over the character and
nature of man than any other activity; and that a people also most
truly reveals itself in the character of its pleasures. Contents: The
extent of the play interest: Separation vs. concentration; Hunting
and fighting plays; Playing house; Fire play; Toys—construction and
ownership; Masculine and feminine differences; The play of animals;
The play of adults; The play of subnormal children; Play progression;
Play and physical growth; Play and education; Play and moral
growth; Instinct and tradition in play; Play and our changing
civilization; Play and the modern city; Direction and control in play—
playgrounds; Play and democracy; Play, the pursuit of the ideal;
Index.

“Dr Gulick’s last book is suggestive especially to parents.”

+ Booklist 17:19 O ’20

+ Boston Transcript p6 Mr 31 ’20 200w
+ N Y Evening Post p12 My 8 ’20 650w

“He has built up an attractive guide to the understanding of

children’s ways. There is not a hint of superficiality in his treatment.”

+ Springf’d Republican p10 Jl 1 ’20 170w

“With this book Dr Gulick has made a real contribution which will
enrich all who read it. It should be in the hands not only of all who
are interested in recreational activities, but of fathers, mothers and
educators as well.” S. L. Jean

+ Survey 44:309 My 29 ’20 80w

GULL, CYRIL ARTHUR EDWARD RANGER

(GUY THORNE, pseud.). Air pirate. *$1.75 (3c)
Harcourt

20–26883

The time setting of this story is about ten years in the future, when
travel and commerce by air have become thoroughly established, and
cross-Atlantic air trips are an everyday occurrence. The story is told
by Sir John Custance, young and popular commissioner of air police
for the British government. On one of its regular trips, one of the
aerial liners is held up by a pirate airship, and even while this affair is
being investigated, a second holdup is made. And it so happens that
on this ship, Connie Shepherd, Sir John’s fiancée, is a passenger, and
is captured and carried away by the pirates. His motive is therefore
doubly strong for discovering the criminals. He has the help of Mr
Danjuro, a unique Japanese personality with apparently infinite
resources and capabilities. Altho they are in the end successful in
capturing the whole pirate band and releasing Connie, it is by no
means an easy task, and Sir John finds himself in close proximity to
death more than once.

Booklist 17:71 N ’20

 “By all the rules of the game, ‘The air pirate’ should be a badly
written attempt at a thriller, and its jacket goes far to confirm that
suspicion. But with the jacket the resemblance to a dime novel
abruptly ceases. Mr Gull has a facility for turning melodrama into
plausibility.”

+ Boston Transcript p4 O 6 ’20 250w

+ The Times [London] Lit Sup p633 N 6
’19 40w

GUNION, PHILIP CYRUS (GEORGE

CONOVER PEARSON, pseud.). Selling your
services. $2 (1½c) Jordan-Goodwin corporation,
Jefferson bank bldg., N.Y. 658

20–6660

Getting a job, says the author, is a problem in salesmanship. A

man’s services are a product that can be sold and how to go about to
sell it has been so successfully and methodically worked out by John
Caldwell, that he was asked to teach a class in re-employment for the
graduates of the Metropolitan university. His lectures as given to the
class are here edited and collected into book form by the author.
John Caldwell’s method is to apply modern salesmanship, marketing
methods and advertising to the selling of a man’s individual product,
his services. Among the contents are: Make a job of getting a job;
Know your product—yourself; Determine your appeal; Make good
use of your experience; Develop a group of prospects; Situation
wanted advertisements; The circular letter; The personal call; The
employment agency; The interview; The eternal question—the salary;
Keep your case alive; Index.
 GUTHRIE, ANNA LORRAINE, comp. Index to
St Nicholas, service basis Wilson, H. W. 051

The forty-five volumes of St Nicholas, from 1873 to 1918, have

been indexed for this volume. “The index is dictionary in form, giving
author, subject and title entries, the latter as a rule made for fiction
and poetry only. Selection of subject headings most easily usable by
children has been the aim striven for.” (Preface) The work is
compiled and edited by Anna Lorraine Guthrie, formerly editor of
the Readers’ Guide to Periodical Literature.

“Indispensable aid.”

+ Booklist 16:296 Je 20

GUTTERSEN, GRANVILLE. Granville. *$1.25

Abingdon press 940.44

19–15645

“The experience of a young chap in the army air service—a fellow

who embodied all that was fine and noble in young manhood, who
suffered continual disappointment in not being able to get his
overseas orders and in being held on this side as an instructor in
bombing, and who yet retained his humor and philosophy of life—are
pictured in ‘Granville,’ the subtitle of which is ‘Tales and tail spins
from a flyer’s diary.’ The book, which is published anonymously in
deference to the wishes of the author’s family, contains a series of
letters from ‘Granny’ to his folks at home. These tell of his hopes and
desires, his setbacks, his friends in the service and the girls he met,
and the experiences that he went through from the time he entered
ground school until he received his last orders.”—Springf’d
Republican

Boston Transcript p6 Ap 14 ’20 240w

“The writer is so frank and outspoken in what he says and thinks

and does that anyone reading the book cannot help feeling
unbounded admiration for him. From cover to cover the book is
filled with a buoyancy and a joy of living that leave one refreshed
with even a few short pages.”

+ Springf’d Republican p16 O 19 ’19 220w

GWYNN, STEPHEN LUCIUS. Irish books and

Irish people. *$1.75 Stokes 891.6

A20–768

“These essays are for the most part revived from the years 1897–
1907, representing the views, during the changing moods of the
decade, of this capable and cultured Irish essayist, who, it will be
remembered, severed his connexion with the Gaelic league when it
decided to make the learning of Irish compulsory and who believes
that, as Yeats and Synge have shown, it is possible to be completely
Irish while using the English language. His subjects are Nineteenth
century novels of Irish life; A century of Irish humour (written 1901);
Literature among the illiterates, from a volume called ‘To-day and to-
morrow in Ireland’ (1902), now out of print (in two parts, The
Shanachy, and The life of a song, a traditional song which Mr Gwynn
took down from the lips of an Irish peasant); Irish education and
Irish character. There are two later essays on Irish gentry (1913), and
Yesterday in Ireland (1918).”—The Times [London] Lit Sup

+ Ath p1167 N 7 ’19 140

Booklist 17:84 N ’20
Brooklyn 12:131 My ’20 40w
The Times [London] Lit Sup p613 O 30
’19 170w

GWYNN, STEPHEN LUCIUS. John Redmond’s

last years. *$5 (*16s) Longmans

20–5238

“A personal and political study of very great interest, written by

one who was a friend of Mr Redmond and had access to his papers
for the period beginning with the war. Mr Gwynn makes no attempt
to represent Mr Redmond as a hero, but lays emphasis upon the
patriotism, modesty, and nobility of purpose of the Irish leader, who
died heartbroken because he had not ‘won through.’ ‘His action upon
the war was his life’s supreme action; he felt this, and knew that it
had failed to achieve its end.’ But, says the author, ‘tangled as are the
threads of all this policy, he leaves the task far nearer to
accomplishment than he found it; and if in the end freedom and
prosperity come to a united Ireland, they will be found to proceed ...
from the action which John Redmond took in August, 1914, and
upon which his brother ... set the seal of his blood.’”—Ath

“Mr Gwynn displays some of the qualities which a biographer

ought to possess. He knew Redmond intimately and admired him
greatly, yet he makes no attempts to represent him as unerring in
judgment and supreme in every quality of leadership. Yet his book
has serious defects from the point of view of both the serious student
of Irish affairs and the general reader.”

+ − Am Hist R 26:134 O ’20 520w

Ath p1365 D 12 ’19 160w

“Written with a sympathy and ease that will make interesting

reading for those informed on Irish politics.”

+ Booklist 16:278 My ’20

“Mr Gwynn’s book has not a little of the somber splendor of a

Greek tragedy. Certainly a reading of it is indispensable to an
understanding of Irish history in the last ten years. The record is set
down with a fairness which even Redmond’s most bitter opponents
can hardly fail to praise.” H. J. Laski

+ Nation 110:sup484 Ap 10 ’20 850w

“Mr Gwynn has given far the clearest account of the procession of
events, and especially a fascinating narrative of the labors and
personalities of the convention. His book is almost indispensable to
anyone who would wish to understand the relation of opinion to the
controversy which is about to open concerning the new Home rule
bill.”

+ Nation [London] 26:544 Ja 17 ’20 1750w

“Amid the abundant and increasing literature on Irish affairs it is

seldom indeed that there comes into a reviewer’s hand a literary
treasure such as this. Mr Gwynn writes as one having knowledge and
authority. Perhaps what strikes one first in the book is the judicial
balance by which it is everywhere marked.” H. L. Stewart

+ Review 2:390 Ap 17 ’20 1800w

Sat R 128:688 D 20 ’19 750w

“Captain Gwynn’s memoir of his late leader, though in no sense a

dispassionate or unbiassed narrative of events, displays a breadth of
view that is wholly lacking in most modern Irish books, and puts the
nationalist case with courtesy and discretion. We cannot agree either
with his estimate of Mr Redmond or with his presentation of certain
notorious episodes in recent Irish controversy. Nevertheless we feel
that he is an honourable political opponent.”

+ − Spec 123:728 N 29 ’19 1400w

“Mr Gwynn writes in a sanely liberal vein and can take a detached
view of all sides of the struggle of Ireland for home rule....
Nevertheless, the summing-up is an indictment of a government that
had an excellent chance to show, by firmness and justice, that it was
determined to give Ireland the promised measure of home rule.”
 + Springf’d Republican p11a Mr 21 ’20
1200w

“Nowhere throughout a book which vividly illumines the recent

history of Irish politics, is Captain Gwynn more intimately informed
or more profoundly interesting than in the story of the Irish
convention. His work is one which every student of modern politics
should read and read at once. There has been no more important
publication on the Irish question during recent years.”

+ The Times [London] Lit Sup p642 N 13

’19 950w

Reviewed by N. J. O’Conor

Yale R n s 10:210 O ’20 270w

 H

HAGEDORN, HERMANN. That human being,

Leonard Wood. *$1 (7c) Harcourt, Brace & Howe

20–8515

A eulogistic sketch of General Wood by one who regards him as the

legitimate successor of the late Colonel Roosevelt. It is also an
arraignment of the Wilson administration and a campaign
document. “Gradually, as month has succeeded month and the
presidential election has drawn near, Wood has become the focus of
the hopes of an increasing number of men and women scattered over
the country who have found in him a symbol of that blunt belief in
facts, that respect for training and experience, that love of open
dealing, which the administration has offended.... It is not strange
that countless Americans, angered at the lack of these qualities in the
administration, should seek to make the man who most patently
possesses them, the instrument of their indignation.”

“The little book will have no political influence at this time, but it
should have a personal influence to inspire better citizenship and
continual preparedness.” J. S. B.

+ Boston Transcript p11 My 15 ’20 300w

“The briefest and most readable of the various current biographies

of General Wood.”
 + R of Rs 61:670 Je ’20 50w

HAGGARD, SIR HENRY RIDER. Ancient

Allan. *$1.75 Longmans

20–5230

“‘The ancient Allan’, by Sir H. Rider Haggard, reintroduces some

of the characters of ‘The ivory child.’ Lady Ragnall, Allan
Quartermain, and his faithful Hottentot Hans, are shown us in a
previous incarnation by means of the mysterious Taduki, as ancient
Egyptians, warring for the independence of their country against the
Lords of the East.” (Sat R) “The new chronicle is chockful of
excitement. There are fights with lions and a crocodile, duels to the
death, the clash of mighty hosts in battle. There is a signet ring
whose bearer commands unquestioning obedience from those who
behold it, an attribute which the Allan of bygone centuries finds most
useful when his faithful dwarf purloins it from its possessor, the
villainous king of kings. There is a white-bearded soothsayer, who
keeps dropping in and making solemn prophecies of a brilliant future
for the great Captain Shabaka. There are hunters and soldiers,
cringing courtiers and solemn priests, warriors and slaves, and the
waters of the ancient Nile murmuring through the breathless
narrative.” (N Y Times)

Ath p274 F 27 ’20 240w

+ Booklist 16:347 Jl ’20
 Lit D p121 S 18 ’20 1500w

“The tale is told swiftly and simply, as all good Rider Haggard tales
are told. It moves so naturally that one overlooks the unreality. ‘The
ancient Allan’ is by no means to be named in the same breath with
‘King Solomon’s mines’ and other earlier creations of its
indefatigable author. But it will not disappoint the reader who wants
thrills without analyzing too closely the methods employed to
provide them for him.”

+ N Y Times 25:152 Ap 4 ’20 900w

“It is a very good example of the author at his second best—we can
never hope to recover the first thrill of ‘She.’”

+ − Sat R 129:352 Ap 10 ’20 80w

“The story is told in Sir Rider’s customary colorful style and with
his gift for creating illusion. Ancient Egypt becomes a vivid reality.”

+ Springf’d Republican p13a Ap 25 ’20

420w
+ The Times [London] Lit Sup p104 F 12
’20 600w

HAIG, DOUGLAS HAIG, 1st earl. Sir Douglas

Haig’s despatches. il *$15 Dutton 940.342
 20–762

“From the time Field Marshal (now Earl) Haig assumed the chief
command of the British armies in France on December 19, 1915, until
the close of fighting at the end of 1918, he forwarded to the war office
at London in May and December of each year a summary of the
operations for the six months preceding. These were intended
frankly for the information of the people at home and were quite
apart from the detailed, confidential information sent daily from
great headquarters in France to the general staff at home. These
statements have been collected and edited by Lieut.-Col. J. H.
Boraston, private secretary to Earl Haig and published under the title
‘Sir Douglas Haig’s despatches.’ The despatches, which number eight
and fill 357 pages of the heavy volume, are preceded by an
introduction written by Marshal Foch, and a preface by the field
marshal himself. The volume is accompanied by a number of
carefully prepared, highly detailed maps in large scale.”—Springf’d
Republican

“For those desirous of studying the war as a military event, these

despatches furnish information of remarkable clearness and
precision. The splendid series of very large and detailed maps which
accompanies the volume, not only enables one to follow each detail
of every struggle, but appeals to the imagination.”

+ No Am 212:135 Jl ’20 2600w

“Altogether the volume is an invaluable aid to the student of the

campaigns that it describes.”

+ R of Rs 62:112 Jl ’20 100w

 “The civilian and the soldier alike may profit by reading and re-
reading the masterly despatches of Lord Haig.”

+ Spec 123:769 D 6 ’19 1000w

Springf’d Republican p8 Mr 23 ’20
950w

HALDANE, RICHARD BURDON HALDANE,

1st viscount of Cloan. Before the war. il *$2.50
(5½c) Funk 327.42

20–3879

The attitude of the author throughout is that of an impartial

investigator rather than an accuser. “Few wars are really inevitable,”
he says. “If we knew better how we should be careful to comport
ourselves it may be that none are so.... How some of those who were
deeply responsible for the conduct of affairs tried to think in the
anxious years before the war, and how they endeavored to apply their
conclusions, is what I have endeavored to state in the course of what
follows.” (Introd.) The book is based on personal, official experience
and contains several interviews of the author with the kaiser. In the
epilog, deprecating the harshness of the treaty, he says: “It is at all
events possible that the wider view of a generation later than this
may be one in which Germany will be judged more gently than the
Allies can judge her today. We do not now look on the French
revolution as our forefathers looked on it.... And here some
enlargement of the spirit seems to be desirable in our own interest.”
Contents: Introduction: Diplomacy before the war; The German
attitude before the war; The military preparations; Epilog; Index.
 “As a defence of those in power it is sincere and in the blame for
the war attributed to Germany, temperate and generously
sympathetic. The style is admirable. Interesting for general readers
and as a first hand account.”

+ Booklist 17:66 N ’20

Reviewed by Sganarelle

+ Dial 68:799 Je ’20 250w

Lit D 64:116 Mr 13 ’20 1250w

“It goes without saying that Viscount Haldane makes out a good
case for Great Britain: but he does so in anything but a blindly
chauvinistic temper. Without anger or irritation, imputing sinister
motives to none, he deals honestly with the facts as he sees them and
presents his case with a patient and persuasive reasonableness that
lends an air of finality to his conclusions. Nevertheless, what strikes
one on reflection is that the discussion never goes below the surface
of things.” Carl Becker

+ − Nation 110:692 My 22 ’20 1600w

Outlook 125:541 Jl 21 ’20 310w

“Great injustice has been done by the press and the public to Mr
Haldane’s work before the war as secretary of state.... The war being
over, Lord Haldane publishes his defence, which we hope everybody
will read, and having read, will admit to be a refutation of charges
hatched in the fever of fear.”