My key takeaways
- Go basics:
- local functions start with small letter, exported functions start with a capital letter
- walrus operator = declare and initialize in one statement like
k := 3
- the only loop is a
for
loop - Go is truly a compiled language, it produces a machine native executable
- Shellcode:
- machine code native to architecture of target system
- often first stage payload
msfvenom
is a rich source of various shellcode
- 3 steps for shellcode in Windows
- allocate memory marked as exec
- copy shellcode into allocated memory
- create a thread that points to the starting address of memory or directly execute if possible
PAGE_EXECUTE_READWRITE
as mem alloc is an instant hit for good EDR/AV- to avoid EDR detection, copy shellcode to
R/W
then switch toPAGE_EXECUTE_READ
- to avoid EDR detection, copy shellcode to
- On a win dev system use
dumpbin
to validate created dll’s - Defender and blue teams: back to living of the land runDLL inspection eg for network traffic
Env
- Provided by BHIS
- Presenter: Joff Thyer
additional links
- https://github.com/yoda66/GoShellcode
- https://nostarch.com/blackhatgo
- https://golang.cafe/blog/my-5-favourite-online-resources-to-learn-golang-from-scratch.html
- https://samsclass.info/127/GoWrong.shtml
- https://github.com/penberg/godoom
- https://github.com/Ne0nd0g/go-shellcode
- https://github.com/mitchellh/go-ps
- https://github.com/brimstone/go-shellcode