May 20

Webinar Takeaway: Shellcode Execution with GoLang

Code, Security

0  comments

My key takeaways

  • Go basics:
    • local functions start with small letter, exported functions start with a capital letter
    • walrus operator = declare and initialize in one statement like k := 3
    • the only loop is a for loop
    • Go is truly a compiled language, it produces a machine native executable
  • Shellcode:
    • machine code native to architecture of target system
    • often first stage payload
    • msfvenom is a rich source of various shellcode
  • 3 steps for shellcode in Windows
    • allocate memory marked as exec
    • copy shellcode into allocated memory
    • create a thread that points to the starting address of memory or directly execute if possible
  • PAGE_EXECUTE_READWRITE as mem alloc is an instant hit for good EDR/AV
    • to avoid EDR detection, copy shellcode to R/W then switch to PAGE_EXECUTE_READ
  • On a win dev system use dumpbin to validate created dll's
  • Defender and blue teams: back to living of the land runDLL inspection eg for network traffic

Env

additional links

Tags

Golang, red team, reverse shell, shellcode

You may also like

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom

Read More

Webinar takeaway – Shellcode Execution with Python

teaser for this Webcast, which made me attend Imagine you are pen testing a company and gain access to a Windows application server. You discover the server has application allow listing deployed, and strong EDR/XDR defensive solutions. To your excitement, you find there is a Python interpreter installed. It would be really great if you

Read More
Leave a Comment