Ben Kurtz - Golang Malware part 2
Hacker Talk19 Apr 2022

Ben Kurtz - Golang Malware part 2

Ben Kurtz - Golang Malware part 2


Topics covered:

Golang

Hells gate, direct system calls on windows

How system calls are normally done in windows, Windows Kernel

Evading anti malware detection on Windows with Banana Phone

How to get started writing c2's in golang.

Sliver, Opensource golang command and control.

Red team mindset

Evolution of programmers, bad patterns

CVE's, common vulnerability enumeration number

Auditing source code

Javascript frameworks

Cross site scripting, SQL injection and XXE(Xml External Entity) for scanning internal networks and exfiltrating data.

Building secure code bases

Security Engineers

Supervisory control and data acquisition (SCADA)

log4j

Remote of execution and directory traversal in Java, Java's file constructor, LDAP and DirContext

Golang for micro services

Python

Common bad patterns

LDAP injection

Modern security nightmares

Remote debug protocols

String concatenation

Resistance to current modern implementation and safer framework.

Finding bugs in games that can be used to attack power-plants.

Dependency management

Backdoor factory

Bettercap

Man in the middle

Spoofing BGP

BGP hijacks



Links:

https://github.com/Binject

https://github.com/C-Sto/BananaPhone

https://github.com/BishopFox/sliver

https://cve.mitre.org/

https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing

https://www.youtube.com/watch?v=FkuUpg5FO2g

https://en.wikipedia.org/wiki/SCADA

https://en.wikipedia.org/wiki/Log4j

https://www.coding-bootcamps.com/blog/build-containerized-applications-with-golang-on-kubernetes.html

https://docs.oracle.com/javase/8/docs/api/index.html?javax/naming/directory/DirContext.html

https://apache.org/foundation/foundation-projects.html

https://docs.oracle.com/javase/8/docs/api/index.html?javax/management/JMX.html

https://en.wikipedia.org/wiki/Java_Debug_Wire_Protocol

https://www.freecodecamp.org/news/big-o-notation-why-it-matters-and-why-it-doesnt-1674cfa8a23c/

https://github.com/bettercap/bettercap

https://www.bettercap.org/

https://bgpmon.net/

https://en.wikipedia.org/wiki/BGP_hijacking

https://labs.ripe.net/author/vastur/bgplay-integrated-in-ripestat/

https://www.symbolcrash.com/podcast/

https://www.youtube.com/symbolcrash


Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(20)

New Year special 2024

New Year special 2024

Hacker Talk 2024 New Year Special Featuring: Johnny Xmas, Zagros Bingol and Filip Kalebo. Topics: infosec's 9/11 - Target.com breach Leaking TSA master keys Starting to work in information ...

29 Des 20242h 4min

Cat shaped hardware hacking with Alex Lynd

Cat shaped hardware hacking with Alex Lynd

The hardware hacker, creator of the wifi-nugget, cybersecurity content creator, hak5 host and our guest of honor in this episode of Hacker Talk is Alex Lynd! In this episode, we cover: Alex backgroun...

14 Apr 202359min

Darknet Operation Security with Sam Bent Part 1

Darknet Operation Security with Sam Bent Part 1

Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode! In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that end...

27 Des 20221h 12min

Bug Bounty Bootcamp with Vickie lii

Bug Bounty Bootcamp with Vickie lii

Our Hacker of the episode is "Vickie lii"! Vickie tells us about Bug Bounties, her new book and information security. Tune in now! In this episode we cover: Background, getting into security Getting...

24 Nov 202238min

CodeQL with Alvaro Munoz

CodeQL with Alvaro Munoz

In this episode of Hacker Talk: One of the most powerful newer static analysis tool is CodeQL. By converting your code base into a Codeql database, you can now write queries in a read-only way, in...

24 Okt 202253min

SecBSD - The penetration testing distribution for the BSD community | BSDBandit on Hacker Talk

SecBSD - The penetration testing distribution for the BSD community | BSDBandit on Hacker Talk

In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit! Tune is as we deep into secbsd, the penetration distribution for the BSD community. In this episode ...

26 Sep 20221h 2min

Podman with Daniel Walsh

Podman with Daniel Walsh

Hacker Talk is back! Stronger than ever with a new episode, in this episode we are all about Podman! Joining us today is Dan Walsh. One of the main people behind Podman! Dan is very knowledgeable in ...

19 Sep 202258min

Social engineering | Scam calls with Mattias Borg

Social engineering | Scam calls with Mattias Borg

In this episode of Hacker Talk, we are joined by the social engineer, windows security ninja, hacker and security researcher Mattias Borg. Tune is as we get to hear about scam calls and social enginee...

6 Sep 202251min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
energi-og-klima
elektropodden
nasjonal-sikkerhetsmyndighet-nsm
hans-petter-og-co
tomprat-med-gunnar-tjomlid
shifter
teknologi-og-mennesker
pedagogisk-intelligens
rss-ai-forklart
rss-for-alarmen-gar
rss-heis
rss-plateprat
rss-trippel-bunnlinje
rss-anleggspraten
smart-forklart
fornybaren
rss-alt-som-gar-pa-strom