DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Writing Golang Malware by Benjamin Kurtz at DEF CON 29

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Writing Golang Malware by Benjamin Kurtz at DEF CON 29

    Writing Golang Malware
    Benjamin Kurtz

    Prerequisites for students?:
    Programming experience required, some experience with Golang would be helpful.

    Materials or Equipment students will need to bring to participate?:
    Laptop (any operating system)

    What level of skill is required for your targeted audience?:
    Intermediate

    Abstract:
    Summarize what your training will cover, attendees will read this to get an idea of what they should know before training, and what they will learn after. Use this to section to broadly describe how technical your class is, what tools will be used, and what materials to read in advance to get the most out of your training. This abstract is the primary way people will be drawn to your session.

    Participants will learn how to design and build their own multi-platform Golang-based implants and c2 frameworks by building on samples provided.

    Topics will include:
    • Communication between the implant and the command and control system including encrypted darknets with pluggable transports, covert exfiltration methods, detection evasion, and fault tolerant infrastructure design.
    • Binary transformation techniques designed to allow offensive practitioners the freedom of writing conventional binaries, yet maintaining the mobility of shellcode-like operating conditions.
    • Parsing and rewriting all binary formats to inject shellcode using a variety of reconfigurable methods.
    • On-the-wire modification of binaries and archives from a man-in-the-middle or malicious server perspective.
    • Methods of avoiding EDR with your implant, including loading modules direct from the c2 to memory without touching disk (on all platforms), customizable encrypting packers, and direct system calls/DLL unhooking (on Windows).
    Some programming experience is required, some experience with Golang will be helpful. Basic knowledge of networking fundamentals, executable binary formats, and assembly language will be helpful.

    Trainer Bio:
    (not to exceed 1337 characters total)
    Ben Kurtz is a hacker, a hardware enthusiast, and the host of the Hack the Planet podcast (https://symbolcrash.com/podcast). After his first talk, at DefCon 13, he ditched development and started a long career in security.

    He has been a pentester for IOActive, head of security for an MMO company, and on the internal pentest team for the Xbox One at Microsoft. Along the way, he volunteered on anti-censorship projects, which resulted in his conversion to Golang and the development of the ratnet project (https://github.com/awgh/ratnet). A few years ago, he co-founded the Binject group to develop core offensive components for Golang-based malware, and Symbol Crash, which focuses on sharing hacker knowledge through trainings for red teams, a free monthly Hardware Hacking workshop in Seattle, and podcasts. He is currently developing a ratnet-based handheld device for mobile encrypted mesh messenging, planned for release next year.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    If this workshop is "sold out," is there any possibility of attending without pre-registration? Is there going to be a "stand by" list?

    Comment

    Working...
    X