Ben Kurtz, is an interesting hacker that has been involved in the infosec space for over 20 years.  He has done a large chunk of research into writing malware and post-exploitation tools in the Golang programming language. 

Tune into this episode of Hacker Talk as we are joined by Ben Kurtz and deep dive into Golang Malware.

In this episode of Hacker Talk, we cover the following topics:

Getting into programming, apple 2, hacking, bulletin board systems, 

pirating apple 2 software

unix security, shadow and files in the /etc/ folder    

evolution of network security since 1994

first talk at DEFCON,

life as a developer

LISP

Dan Kaminsky, recruited as a professional hacker 

Learning different programming languages

Learning pascal in a basement  

Functional programming, constraint solver  

Getting into the Golang flow.  

Plan-9 redoing C++

Getting into Golang malware

encrypted mesh network

Ratnet

Iran shutting down tls connections

Internet Censorship 

Code audits

Writing malware in different languages

V programming language

Nym programming language

dild, dynamic loading library in OSX

parsing memory in golang

process execution block

loading windows syscall's

evading anti-malware systems

hells gate, direct windows system calls

Network traffic obfuscation

online communities that have been running for a long time, Second Life  

Offline mesh network  

Red team penetration

Write your own malware implant as a penetration tester.     

Obfuscating malware traffic   

writing malware  

Sliver, opensource version of cobalt strike, Command and Control Server   

testing malware 

setting up a test environment     

Penetration testing as a Red Team.   

Golang Antivirus/EDR evasion   

Enterprise network monitoring    

Shellcode loaders in pure golang    

Rewriting the backdoor factory in golang.

Obfuscating binaries with the custom golang debug library 

Parsing executables from memory(RAM)

universal system binary loader without touching disk

Links:    

https://www.hack-the-planet.net/   

https://github.com/awgh    

https://github.com/Binject   

https://github.com/Binject/go-donut       

https://github.com/C-Sto/BananaPhone/

https://www.symbolcrash.com/wp-content/uploads/2019/02/Authenticode_PE-1.pdf

https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/

https://github.com/boku7/HellsGatePPID

https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/  

https://vxug.fakedoma.in/papers/VXUG/Exclusive/HellsGate.pdf   

https://2600.com/

https://en.wikipedia.org/wiki/Bulletin_board_system  

https://en.wikipedia.org/wiki/Plan_9_from_Bell_Labs   

https://go.dev/

https://go.dev/doc/effective_go   

https://github.com/awgh/ratnet   

https://github.com/BishopFox/sliver  

https://www.youtube.com/watch?v=3RQb05ITSyk  | Golang Malware defcon talk 

https://vlang.io/    

https://vlang.io/compare   

https://en.wikipedia.org/wiki/Nim_(programming_language)  

https://github.com/vyrus001/go-mimikatz   

https://github.com/vyrus001/go-mimikatz/blob/master/packer/packer.go