John Hammond Explores Golang in Malware Development and Binary Analysis

In this video, John Hammond delves into the landscape of cybersecurity and hacking, focusing on the use of Golang (Go) for malware development. He begins by expressing his admiration for Golang, highlighting its advantages such as portability, compilation into standalone executables, and clear, easy-to-read syntax. He compares Golang to other languages like Python, Rust, and C, emphasizing its memory safety features and modern capabilities. Hammond then discusses the increasing use of Golang in malware development, highlighting the cat-and-mouse game between malware developers and cybersecurity analysts. He demonstrates how to create a simple Golang project, using tools like GitHub to host the source code. He also shows how to compile the project using different options to include or exclude debugging information, which can help hide sensitive information. The video then focuses on analyzing compiled Golang binaries with different levels of debugging. Hammond uses popular tools like Binary Ninja, IDA Pro, and Ghidra to examine the binaries and show how information can be extracted or hidden. He demonstrates that even with binaries compiled in release mode, some sensitive information can still be recovered. For further analysis, Hammond introduces tools specific to Golang binaries, such as Redress and GoReSim. These tools allow additional information to be recovered from stripped binaries, including symbols, types, and metadata. He shows how these tools can be used to obtain valuable information, even when binaries have been obfuscated. The video also covers the use of Garble, an obfuscation tool for Golang binaries. Garble helps hide sensitive information, function names, and literal strings, making analysis more difficult. Hammond demonstrates how Garble can be used to obfuscate a binary and how traditional analysis tools can be thwarted by this obfuscation. Finally, Hammond presents Go String Ungarbler, a tool developed by Mandiant to decipher obfuscated strings in Garbled binaries. He shows how this tool can be used to recover sensitive information, even when binaries have been obfuscated with Garble. He also mentions other tools and recent research in the field of Golang binary analysis, emphasizing the importance of staying up-to-date with the latest techniques and tools. In conclusion, this video provides a comprehensive overview of the use of Golang in malware development and the associated analysis and obfuscation techniques. It is a valuable resource for cybersecurity professionals and hacking enthusiasts seeking to understand the challenges and solutions in this ever-evolving field.