DEF CON 29 - Ben Kurtz - Offensive Golang Bonanza: Writing Golang Malware
About this talk
The past two years have seen the rise of Golang-based malware from its beginnings as a way to win at CCDC and red team engagements to its current use by actual threat actors. This talk will break down why Golang is so useful for malware with a detailed tour through the available components used for exploitation, EDR and NIDS evasion, and post-exploitation, by one of the main authors of the core components. Although focused on the offensive perspective, there will be valuable insights into the challenges in detecting Golang malware. Interested in learning Golang? Interested in writing or detecting malware? This is your invitation into the weird and wonderful world of Golang malware. REFERENCES: List of Golang Security Tools: https://github.com/Binject/awesome-go-security C-Sto: https://github.com/c-sto/goWMIExec https://github.com/C-Sto/BananaPhone https://github.com/C-Sto/gosecretsdump capnspacehook: https://github.com/capnspacehook/pandorasbox https://github.com/capnspacehook/taskmaster Vyrus / gscript crew: https://github.com/gen0cide/gscript https://github.com/vyrus001/go-mimikatz https://github.com/vyrus001/msflib secretsquirrel / Josh Pitts: https://github.com/secretsquirrel/the-backdoor-factory https://github.com/Genetic-Malware/Ebowla https://github.com/secretsquirrel/SigThief https://github.com/golang/go/issues/16292 malwareunicorn on OSX loading: https://malwareunicorn.org/workshops/macos_dylib_injection.html Misc: https://github.com/sassoftware/relic https://github.com/EgeBalci/sgn https://github.com/moonD4rk/HackBrowserData https://github.com/emperorcow/go-netscan https://github.com/CUCyber/ja3transport https://github.com/swarley7/padoracle Command and Control: https://github.com/BishopFox/sliver https://github.com/DeimosC2/DeimosC2 https://github.com/t94j0/satellite Obfuscation/RE: https://github.com/unixpickle/gobfuscate https://github.com/mvdan/garble https://github.com/goretk/redress Of interest for defense, but breaks Docker & Terraform: https://github.com/unsecureio/gokiller
Stay Updated
Get notified about new features and conference additions.
