May 20

Webinar Takeaway: Shellcode Execution with GoLang

0  comments

My key takeaways

  • Go basics:
    • local functions start with small letter, exported functions start with a capital letter
    • walrus operator = declare and initialize in one statement like k := 3
    • the only loop is a for loop
    • Go is truly a compiled language, it produces a machine native executable
  • Shellcode:
    • machine code native to architecture of target system
    • often first stage payload
    • msfvenom is a rich source of various shellcode
  • 3 steps for shellcode in Windows
    • allocate memory marked as exec
    • copy shellcode into allocated memory
    • create a thread that points to the starting address of memory or directly execute if possible
  • PAGE_EXECUTE_READWRITE as mem alloc is an instant hit for good EDR/AV
    • to avoid EDR detection, copy shellcode to R/W then switch to PAGE_EXECUTE_READ
  • On a win dev system use dumpbin to validate created dll’s
  • Defender and blue teams: back to living of the land runDLL inspection eg for network traffic

Env

additional links


Tags

Golang, red team, reverse shell, shellcode


You may also like

Webinar takeaway – Shellcode Execution with Python

Webinar takeaway – Shellcode Execution with Python

Webinar takeaway – Offensive Windows Event Logs

Webinar takeaway – Offensive Windows Event Logs
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}