Golang Offensive Tools with C-Sto and capnspacehook

This entry is part [part not set] of 24 in the series Hack the Planet

In this episode of the Hack the Planet Podcast:

We talk with some of the most prolific developers of Golang offensive tools, from opposite points on the globe, about why they use Go, what they’ve been working on, how to work around some of Go’s challenges for red teams, and where things are going in the near future with Go malware. Featuring C-Sto (bananaphone/goWMIexec) and capnspacehook (pandorasbox/garble).

List of Golang Security Tools:
https://github.com/Binject/awesome-go-security

C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump

capnspacehook:
https://github.com/capnspacehook/pandorasbox
https://github.com/capnspacehook/taskmaster

Misc:
https://github.com/moonD4rk/HackBrowserData
https://github.com/emperorcow/go-netscan
https://github.com/CUCyber/ja3transport
https://github.com/EgeBalci/sgn
https://github.com/sassoftware/relic
https://github.com/swarley7/padoracle
https://github.com/gen0cide/gscript

Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite

Obfuscation/RE:
https://github.com/goretk/redress
https://github.com/unixpickle/gobfuscate
https://github.com/mvdan/garble

Of interest, but breaks Docker & Terraform:
https://github.com/unsecureio/gokiller

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Interview with Josh Pitts

This entry is part [part not set] of 24 in the series Hack the Planet

In this episode of the Hack the Planet Podcast:

We talk with Josh Pitts, creator of The Backdoor Factory, ebowla, and SigThief, about the backstory of some of these tools and the offensive open-source tools debate. Featuring Vyrus and fast Dan.

Pitts Links:
https://github.com/sponsors/secretsquirrel
https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/Genetic-Malware/Ebowla
https://github.com/secretsquirrel/SigThief
https://sec.okta.com/articles/2018/06/issues-around-third-party-apple-code-signing-checks
https://github.com/golang/go/issues/16292

Golang rewrite:
https://binject.github.io/backdoorfactory
https://github.com/Binject/debug

BananaPhone / Hell’s Gate:
https://github.com/C-Sto/BananaPhone

More Code Signature Bypasses:
https://www.securityinbits.com/malware-analysis/interesting-tactic-by-ratty-adwind-distribution-of-jar-appended-to-signed-msi/
dylib TOCTOU: http://powerofcommunity.net/poc2015/pangu.pdf
linux by design: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883949

Copy-Paste Compromises: https://www.cyber.gov.au/sites/default/files/2020-06/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf

Other:
https://github.com/vyrus001/go-mimikatz

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.