Golang Malware with Ben Kurtz Part 1

Ben Kurtz, is an interesting hacker that has been involved in the infosec space for over 20 years. He has done a large chunk of research into writing malware and post-exploitation tools in the Golang programming language.

Tune into this episode of Hacker Talk as we are joined by Ben Kurtz and deep dive into Golang Malware.

In this episode of Hacker Talk, we cover the following topics:

Getting into programming, apple 2, hacking, bulletin board systems,

pirating apple 2 software

unix security, shadow and files in the /etc/ folder

evolution of network security since 1994

first talk at DEFCON,

life as a developer

LISP

Dan Kaminsky, recruited as a professional hacker

Learning different programming languages

Learning pascal in a basement

Functional programming, constraint solver

Getting into the Golang flow.

Plan-9 redoing C++

Getting into Golang malware

encrypted mesh network

Ratnet

Iran shutting down tls connections

Internet Censorship

Code audits

Writing malware in different languages

V programming language

Nym programming language

dild, dynamic loading library in OSX

parsing memory in golang

process execution block

loading windows syscall's

evading anti-malware systems

hells gate, direct windows system calls

Network traffic obfuscation

online communities that have been running for a long time, Second Life

Offline mesh network

Red team penetration

Write your own malware implant as a penetration tester.

Obfuscating malware traffic

writing malware

Sliver, opensource version of cobalt strike, Command and Control Server

testing malware

setting up a test environment

Penetration testing as a Red Team.

Golang Antivirus/EDR evasion

Enterprise network monitoring

Shellcode loaders in pure golang

Rewriting the backdoor factory in golang.

Obfuscating binaries with the custom golang debug library

Parsing executables from memory(RAM)

universal system binary loader without touching disk

Links:

https://www.hack-the-planet.net/

https://github.com/awgh

https://github.com/Binject

https://github.com/Binject/go-donut

https://github.com/C-Sto/BananaPhone/

https://www.symbolcrash.com/wp-content/uploads/2019/02/Authenticode_PE-1.pdf

https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/

https://github.com/boku7/HellsGatePPID

https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/

https://vxug.fakedoma.in/papers/VXUG/Exclusive/HellsGate.pdf

https://2600.com/

https://en.wikipedia.org/wiki/Bulletin_board_system

https://en.wikipedia.org/wiki/Plan_9_from_Bell_Labs

https://go.dev/

https://go.dev/doc/effective_go

https://github.com/awgh/ratnet

https://github.com/BishopFox/sliver

https://www.youtube.com/watch?v=3RQb05ITSyk | Golang Malware defcon talk

https://vlang.io/

https://vlang.io/compare

https://en.wikipedia.org/wiki/Nim_(programming_language)

https://github.com/vyrus001/go-mimikatz

https://github.com/vyrus001/go-mimikatz/blob/master/packer/packer.go