New Video from @collinsinfosec: Creating an Info Stealer Script in Go

In this video, Collinsinfosec explores the creation of an info stealer script using the Go programming language. The goal is to simulate the main functionalities of an info stealer, based on the previous analysis of the Redline info stealer. The project is motivated by the desire to learn Go, a statically typed language that is fast to execute and easy to compile on various platforms such as Mac OS, Linux, and Windows. The developed script aims to capture three main types of information: basic device information, browser extensions, and cookies. For the first functionality, the script collects information such as the computer name, running processes, IP address, and a screenshot at the time of infection. The second functionality involves cataloging the extensions installed on Google Chrome, extracting information such as the name, version, and permissions of the extensions. The third functionality is the retrieval of session cookies, which can be used to demonstrate session hijacking possibilities. The development process is detailed, with an explanation of Go primitives, code organization, and the importation of external libraries. The script is then tested on a virtual Windows 11 machine, where it successfully collects the desired information and sends it to a simulated C2 server. However, potential errors in the code are noted, and improvements are suggested for more extensive use. The video also addresses security measures to prevent such attacks, emphasizing the use of allow listing. This method involves explicitly authorizing certain programs and blocking everything else, which is difficult to implement on a large scale but effective for enhancing security. The Threat Locker platform is mentioned as an example of a zero trust security solution, which allows blocking unauthorized applications even when traditional defenses are disabled. In conclusion, this video offers an in-depth exploration of creating an info stealer in Go while providing valuable insights into security measures to protect against such threats. It demonstrates the importance of vigilance and the use of advanced security solutions to protect computing environments.