BHIS | Shellcode Execution with GoLang | Joff Thyer | 1 Hour

Comments off | script By · 12/05/2023



BHIS | Shellcode Execution with GoLang | Joff Thyer | 1 Hour

BHIS | Shellcode Execution with GoLang | Joff Thyer | 1 Hour

Learn enterprise attacker emulation and c2 implant with Joff Thyer from Antisyphon
Training: https://www.antisyphontraining.com/enterprise-attacker-emulation-and-c2-implant-development-w-joff-thyer/
00:00 – FEATURE PRESENTATION BEGINS: Shellcode Execution with GoLang
01:39 – Meet Joff Thyer
02:16 – What is GoLang?
04:14 – Aspects of GoLang
07:43 – C# or Go?
09:24 – Go Command Line
10:57 – Golang Type Safety
11:31 – What is Shellcode?
12:51 – Sources of Shellcode
14:50 – Executing Shellcode on Windows
16:08 – GoLang “unsafe” Package
16:55 – Go “syscall” package is becoming per platform
17:50 – GoLang “windows” Package
18:22 – “x/sys/windows” package
20:29 – Looking deeper into Syscall
22:26 – Calling Functions out of Kernel32.dll
23:14 – GoLang: Byte Array for Shellcode
24:35 – Method 1: Direct Syscall
29:32 – Tangent: The A/V and EDR evasion paradox
32:36 – Single byte XOR function in GoLang
34:02 – Method 2: Creating Thread in Same Process
35:50 – GoLang Windows Native DLL
36:57 – Steps to build a native DLL
41:18 – Living off the Land with Native DLL
44:05 – DEMO : Run shell code
46:42 – Method 3: Process Injection
49:07 – DEMO – Remote Process Injection
50:10 – Additional Resources
50:51 – DEMO – Remote Process Injection cont.
52:54 – QnA
54:39 – LINK: Attacker Emulation and C2 – https://www.antisyphontraining.com/enterprise-attacker-emulation-and-c2-implant-development-w-joff-thyer/

Description: In this Black Hills Information Security (BHIS) webcast, we will explore using GoLang to author malware with embedded shellcode. GoLang is a Google authored modern successor language to C/C++. It is multi-platform, high performance, multi-threaded, and unlike C/C++ includes garbage collection! It has the advantage of compiling to native machine code, unlike .NET C# which is dependent on the common language runtime, and easily reversible. We will explore how to execute Windows shellcode with GoLang in the same process thread space, and then also explore one process injection method.

slides:https://s1hb.sharepoint.com/Content&Community/Shared%20Documents/Slides/BHIS%20Webcast%20Slides/BHIS232SLIDES_ShellcodeExecutionWithGoLang.pdf?CT=1674587013119&OR=ItemsView

Black Hills Infosec Socials
Twitter: https://twitter.com/BHinfoSecurity
LinkedIn: https://www.linkedin.com/company/antisyphon-training
Discord: https://discord.gg/ffzdt3WUDe
Mastodon: https://infosec.exchange/@blackhillsinfosec

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections

Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/services/active-soc/
Penetration Testing: https://www.blackhillsinfosec.com/services/
Incident Response: https://www.blackhillsinfosec.com/services/incident-response/

Backdoors & Breaches – Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/
Live Training: https://www.antisyphontraining.com/course-catalog/
On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/

Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin’ Fest YouTube: https://www.youtube.com/wildwesthackinfest
Active Countermeasures YouTube: https://youtube.com/activecountermeasures
Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin’ Fest: https://wildwesthackinfest.com/

#bhis #infosec

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav