DEF CON 29 – Ben Kurtz – Offensive Golang Bonanza: Writing Golang Malware

11 Comments | script By · 21/03/2023



DEF CON 29 – Ben Kurtz – Offensive Golang Bonanza: Writing Golang Malware

DEF CON 29 - Ben Kurtz - Offensive Golang Bonanza: Writing Golang Malware

The past two years have seen the rise of Golang-based malware from its beginnings as a way to win at CCDC and red team engagements to its current use by actual threat actors. This talk will break down why Golang is so useful for malware with a detailed tour through the available components used for exploitation, EDR and NIDS evasion, and post-exploitation, by one of the main authors of the core components. Although focused on the offensive perspective, there will be valuable insights into the challenges in detecting Golang malware. Interested in learning Golang? Interested in writing or detecting malware? This is your invitation into the weird and wonderful world of Golang malware.

REFERENCES:

List of Golang Security Tools:
https://github.com/Binject/awesome-go-security

C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump

capnspacehook:
https://github.com/capnspacehook/pandorasbox
https://github.com/capnspacehook/taskmaster

Vyrus / gscript crew:
https://github.com/gen0cide/gscript
https://github.com/vyrus001/go-mimikatz
https://github.com/vyrus001/msflib

secretsquirrel / Josh Pitts:
https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/Genetic-Malware/Ebowla
https://github.com/secretsquirrel/SigThief
https://github.com/golang/go/issues/16292

malwareunicorn on OSX loading:
https://malwareunicorn.org/workshops/macos_dylib_injection.html

Misc:
https://github.com/sassoftware/relic
https://github.com/EgeBalci/sgn
https://github.com/moonD4rk/HackBrowserData
https://github.com/emperorcow/go-netscan
https://github.com/CUCyber/ja3transport
https://github.com/swarley7/padoracle

Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite

Obfuscation/RE:
https://github.com/unixpickle/gobfuscate
https://github.com/mvdan/garble
https://github.com/goretk/redress

Of interest for defense, but breaks Docker & Terraform:
https://github.com/unsecureio/gokiller

Comments are closed.

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav