Hands-on Writing Malware in Go

Presented at BSidesDC 2019, Oct. 26, 2019, 4:30 p.m. (60 minutes).

Go has turned out to be an excellent language for all sorts of things, notably writing malware. In this talk we'll look at the more devious side of programming. We'll see how writing malware is a little different than writing normal programs and we'll look into writing code to perform a handful of techniques relevant to sneaking comms out of a network. By the end of the talk, we'll have a fully-working, (nearly) weapons-grade tool which pushes the bounds of what common defenses will detect. All presented source code will be made available. This talk assumes some familiarity with Go, though any programming background is probably sufficient.


Presenters:

  • Stuart McMurray - IronNet
    Stuart is a Red Teamer at IronNet, where he focuses on tool development, Unix, and general Swiss Army knifery. He's been on the offensive side of public and private sector security for six years, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools. Stuart's been a speaker at BSides and CarolinaCon and has red teamed for Quantum Dawn and the Collegiate Cyber Defense Competition.
  • Carson Seese
    Carson is an Information Assurance and Cybersecurity student at Pennsylvania College of Technology where he's a member of the Information Security Association. He is currently an intern at IronNet developing network auditing tools in Go, deploying and testing the IronDefense stack in AWS GovCloud, and developing layered physical and logical diagrams of both on-prem and cloud variants of IronDefense. In his spare time, Carson maintains an enterprise-grade homelab where he experiments with new software, network, and security technologies.

Links:

Similar Presentations: