Tom Steele, Chris Patten, and Dan Kottmann

Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go.

Programming languages have always had an impact on information security. The design constraints, standard libraries, and protocol implementations available within each language end up defining the attack surface of any application built on them. Security tooling is no different; the right language can simplify complex tasks and make the incredibly difficult ones trivial. Go’s cross-platform support, single-binary output, concurrency features, and massive ecosystem make it an amazing choice for security tool development. Go is rewriting the rules for both secure application development and the creation of security tools, enabling faster, safer, and more portable tooling.

Black Hat Go provides everything necessary to get started with Go development in the security space without getting bogged down into the lesser-used language features. Want to write a ridiculous fast network scanner, evil HTTP proxy, or cross-platform command-and-control framework? This book is for you. If you are a seasoned programmer looking for insight into security tool development, this book will introduce the concepts and trade-offs that hackers of all stripes consider when writing tools. Veteran Go developers who are interested in security may learn a lot from the approaches taken here, as building tools to attack other software requires a different mindset than typical application development. Your design trade-offs will likely be substantially different when your goals include bypassing security controls and evading detection.