Golang Malware with Ben Kurtz Part 1

Hacker Talk

Firo Solutions LTD에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Firo Solutions LTD 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

3+ y ago 1:06:07

MP3•에피소드 홈

Ben Kurtz, is an interesting hacker that has been involved in the infosec space for over 20 years. He has done a large chunk of research into writing malware and post-exploitation tools in the Golang programming language.

Tune into this episode of Hacker Talk as we are joined by Ben Kurtz and deep dive into Golang Malware.

In this episode of Hacker Talk, we cover the following topics:

Getting into programming, apple 2, hacking, bulletin board systems,

pirating apple 2 software

unix security, shadow and files in the /etc/ folder

evolution of network security since 1994

first talk at DEFCON,

life as a developer

LISP

Dan Kaminsky, recruited as a professional hacker

Learning different programming languages

Learning pascal in a basement

Functional programming, constraint solver

Getting into the Golang flow.

Plan-9 redoing C++

Getting into Golang malware

encrypted mesh network

Ratnet

Iran shutting down tls connections

Internet Censorship

Code audits

Writing malware in different languages

V programming language

Nym programming language

dild, dynamic loading library in OSX

parsing memory in golang

process execution block

loading windows syscall's

evading anti-malware systems

hells gate, direct windows system calls

Network traffic obfuscation

online communities that have been running for a long time, Second Life

Offline mesh network

Red team penetration

Write your own malware implant as a penetration tester.

Obfuscating malware traffic

writing malware

Sliver, opensource version of cobalt strike, Command and Control Server

testing malware

setting up a test environment

Penetration testing as a Red Team.

Golang Antivirus/EDR evasion

Enterprise network monitoring

Shellcode loaders in pure golang

Rewriting the backdoor factory in golang.

Obfuscating binaries with the custom golang debug library

Parsing executables from memory(RAM)

universal system binary loader without touching disk

Links:

https://www.hack-the-planet.net/

https://github.com/awgh

https://github.com/Binject

https://github.com/Binject/go-donut

https://github.com/C-Sto/BananaPhone/

https://www.symbolcrash.com/wp-content/uploads/2019/02/Authenticode_PE-1.pdf

https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/

https://github.com/boku7/HellsGatePPID

https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/

https://vxug.fakedoma.in/papers/VXUG/Exclusive/HellsGate.pdf

https://2600.com/

https://en.wikipedia.org/wiki/Bulletin_board_system

https://en.wikipedia.org/wiki/Plan_9_from_Bell_Labs

https://go.dev/

https://go.dev/doc/effective_go

https://github.com/awgh/ratnet

https://github.com/BishopFox/sliver

https://www.youtube.com/watch?v=3RQb05ITSyk | Golang Malware defcon talk

https://vlang.io/

https://vlang.io/compare

https://en.wikipedia.org/wiki/Nim_(programming_language)

https://github.com/vyrus001/go-mimikatz

https://github.com/vyrus001/go-mimikatz/blob/master/packer/packer.go

20 에피소드

#Tech #Hacker Talk