Tweet
Saturday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood
Audience: Defense Joakim Kennedy
The Go Reverse Engineering Tool Kit (go-re.tk) is a new open-source toolset for analyzing Go binaries. The tool is designed to extract as much metadata as possible from stripped binaries to assist in both reverse engineering and malware analysis. For example, GoRE can detect the compiler version used, extract type information, and recover function information, including source code line numbers for functions and source tree structure. The core library is written in Go, but the tool kit includes C-bindings and a library implementation in Python. When using the C-bindings or the Python library, it is possible to write plugins for other analysis tools such as IDA Pro and Ghidra. The toolset also includes “redress”, which is a command line tool to “dress” stripped Go binaries. It can both be used standalone to print out extracted information from the binary or as a radare2 plugin to reconstruct stripped symbols and type information. The tool kit consists of:
* Core library written in Go
* C-bindings
* Python library using the C-bindings
* A command line tool for easy analysis
https://github.com/goretk
Joakim Kennedy
Joakim Kennedy is the Threat Intel Manager for Anomali Research. His job involves playing with malware, tracking threat actors and everything else around threat intelligence.
Audience: Defense Joakim Kennedy
The Go Reverse Engineering Tool Kit (go-re.tk) is a new open-source toolset for analyzing Go binaries. The tool is designed to extract as much metadata as possible from stripped binaries to assist in both reverse engineering and malware analysis. For example, GoRE can detect the compiler version used, extract type information, and recover function information, including source code line numbers for functions and source tree structure. The core library is written in Go, but the tool kit includes C-bindings and a library implementation in Python. When using the C-bindings or the Python library, it is possible to write plugins for other analysis tools such as IDA Pro and Ghidra. The toolset also includes “redress”, which is a command line tool to “dress” stripped Go binaries. It can both be used standalone to print out extracted information from the binary or as a radare2 plugin to reconstruct stripped symbols and type information. The tool kit consists of:
* Core library written in Go
* C-bindings
* Python library using the C-bindings
* A command line tool for easy analysis
https://github.com/goretk
Joakim Kennedy
Joakim Kennedy is the Threat Intel Manager for Anomali Research. His job involves playing with malware, tracking threat actors and everything else around threat intelligence.