Malware on the Go

Angel Villegas (Cisco Systems)

Go provides a fast compilation environment to create native platform binaries without the need to understand and handle some programming paradigms associated with lower languages like C. This provides an easier entry for malware authors to create malicious binaries that will work for different operating systems. The popularity and adoption rate of the language will make it an enticing vehicle for malware development.

How is Golang used in malware? Are malware authors writing malware in Go? Using it as a dropper? Trojan? RAT?

This talk will cover:

  • A study of Go in malware
  • A couple of malware families/samples leveraging Go
  • Challenges Go executables present for analysts
  • How to overcome some of the challenges

 

Angel-Villegas.jpg

Angel M. Villegas

Angel M. Villegas is a malware reseacher for Cisco Talos. Amongst Angel's notable achievements, he is the author of FIRST - the Function Identification & Recovery Signature Tool, which allows infosec analysts and reverse engineers to perform collective malware analysis. Angel is also the creator of the Villegas Diet - a revolutionary new way to consume the tears of malware authors for sustenance.

Angel's hobbies include hot air balloon surfing, lion fish taming, and Sumarian freestyle rapping.



Register.jpg

VB2017 OVERVIEW

WHY ATTEND

SPEAKERS

PROGRAMME

REGISTER NOW!

VENUE

BOOK HOTEL

VB2017 DRINKS RECEPTION

VB2017 FOOSBALL TOURNAMENT

2017 PÉTER SZŐR AWARD


Other VB2017 papers

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…