![]() ![]() Malware has been using XOR encoded strings for years now, but Blackrota takes this a step further 1. Gobfuscate presents a number of challenges to reverse engineers but the one I’ll be focusing on today is string obfuscation. Esoteric runtime with a non-standard calling convention breaks most decompilation tools forcing reverse engineers to read assemblyīlackrota uses gobfuscate to obfuscate their source code before it gets compiled by the Go toolchain.Strong package ecosystem allowing you to pull in code that you need from other sources.Cross compilation is often as simple as setting two environment variables.Statically compiled binaries by default.They claim that the Blackrota backdoor is available for both x86/x86-64 architectures which is no surprise given how capable Golang’s cross compilation is.įor the last 4 years we have been using Golang for our internal services, and I can definitely see the allure that Golang has for malware authors: Last week the Network Security Research Lab at 360 released a blog post on an obfuscated backdoor written in Go named Blackrota. They were kind enough to let us cross-post their blog here, but make sure to check out the rest of their posts as well! Note, everything below this paragraph is from Jamie Hankins, not Jordan despite what the “author” tag on this post says! Today’s entry is a guest-post brought to you from our friends at Kryptos Logic who have been working on a handy plugin we wanted to highlight. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |