In this episode of the Hack the Planet Podcast:
We dive into reverse engineering and malware development with Malware Unicorn, red teamer and author of some of the best the malware development training on the internet. We discuss why MacOS is an interesting environment for malware, tips for building your own reverse engineering lab, and future trainings in the works. We recorded this episode before the latest training was released, but you can find Malware Unicorn’s portable executable injection study on her website linked below.
Links:
Malware Unicorn Workshops – https://malwareunicorn.org/#/workshops
Xori – https://i.blackhat.com/us-18/Wed-August-8/us-18-Rousseau-Finding-Xori-Malware-Analysis-Triage-With-Automated-Disassembly.pdf
Writing Bad @$$ Malware for OS X – https://www.slideshare.net/Synack/writing-bad-malware-for-os-x
lena151 Tutorials – https://archive.org/details/lena151
Flare-On Challenges – https://flare-on.com/
Joe Sandbox – https://www.joesandbox.com/
Universal Loader – https://github.com/Binject/universal
https://www.symbolcrash.com/2021/03/04/the-universal-loader-for-go/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We talk with some of the most prolific developers of Golang offensive tools, from opposite points on the globe, about why they use Go, what they’ve been working on, how to work around some of Go’s challenges for red teams, and where things are going in the near future with Go malware. Featuring C-Sto (bananaphone/goWMIexec) and capnspacehook (pandorasbox/garble).
List of Golang Security Tools:
https://github.com/Binject/awesome-go-security
C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump
capnspacehook:
https://github.com/capnspacehook/pandorasbox
https://github.com/capnspacehook/taskmaster
Misc:
https://github.com/moonD4rk/HackBrowserData
https://github.com/emperorcow/go-netscan
https://github.com/CUCyber/ja3transport
https://github.com/EgeBalci/sgn
https://github.com/sassoftware/relic
https://github.com/swarley7/padoracle
https://github.com/gen0cide/gscript
Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite
Obfuscation/RE:
https://github.com/goretk/redress
https://github.com/unixpickle/gobfuscate
https://github.com/mvdan/garble
Of interest, but breaks Docker & Terraform:
https://github.com/unsecureio/gokiller
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.