[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-45647-en":3,"doc-seo-45647-105":30,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":21,"is_downloadable":21,"audit_status":21,"page_count":22,"language":23,"language_code":24,"site_id":25,"html_lang":24,"table_of_contents":26,"faqs":27,"seo_title":13,"seo_description":14,"update_tm":28,"read_time":29},45647,4398048949847,"Eliana","https://ap-avatar.wpscdn.com/avatar/400002536579ef2da7f?_k=1778318612642679267",6,"Technology","Writing Golang Malware","Workshop notes on building offensive tooling in Go, covering how an implant communicates with command-and-control systems using encrypted darknet techniques with pluggable transports, covert exfiltration, detection evasion, and resilient infrastructure design. The material also addresses binary transformation, parsing and rewriting executable formats to inject shellcode, and on-the-wire modification from a man-in-the-middle perspective. It further discusses EDR avoidance via in-memory module loading from C2, encrypting packers, and Windows-focused system call/DLL unhooking, plus darknet approaches for NIDS evasion and a practical development environment setup.","Writing Golang Malware  \nBen Kurtz [awgh@awgh.org](awgh@awgh.org)  \nObjectives  \n● Introduction, What is this class going to cover  \n● Building a dev environment  \n● An introduction to the Go language (and why hackers like it)  \n● Set up Golang C2 and Implant  \n● Learn how to spread, infect files, and inject into memory  \n● Other techniques for EDR evasion  \n● Darknet-based methods for NIDS evasion  \nIntroductions!  \n● Who already knows how to program in Go?  \n○ How well?  \n○ Would you mind helping your fellow classmates?  \n● Find a buddy (if you want to)  \n● Make sure you have a local copy of the slides!!!  \n● What are you hoping to get out of this class?  \nWhat is this class going to cover?  \n•  Communication between the implant and the command and control system including encrypted  darknets with pluggable transports, covert exﬁltration methods, detection evasion, and fault tolerant  infrastructure design.  \n•  Binary transformation techniques designed to allow offensive practitioners the freedom of writing  conventional binaries, yet maintaining the mobility of shellcode-like operating conditions.  \n•  Parsing and rewriting all binary formats to inject shellcode using a variety of reconﬁgurable methods.  \n•  On-the-wire modiﬁcation of binaries and archives from a man-in-the-middle or malicious server  perspective.  \n•  Methods of avoiding EDR with your implant, including loading modules direct from the c2 to memory  without touching disk (on all platforms), customizable encrypting packers, and direct system calls/DLL  unhooking (on Windows) .  \nWhat is this class going to cover?  \n• Commu icdarknets wiatthoplubetweggableen thtranespi mportsla, ntcoaettheaexcleimonatdeatnhdodcso, ntro sdetectyisot mn evai nsciol und, ngand ncrfaulyptet tolderant  \ninfrastructure design.  \n• Binary transformation techniques desigDnedoto llouwtoffensive practitioners the freedom of writing   \nconventional binaries, yet maintaining the mobility of shellcode-like operating conditions.  \n• Parsing and rewriting all binary formatBs toiinjejcet shceltlcode using a variety of reconﬁgurable methods.  \n• Onpers-thepec-wtivi ree modiﬁcation of Bbinaries aacdrchives foorrfomaacmtano-i -they-middle or malicious server  \n•  Methods of avoiding EDR with your implant, including loading modules direct from the c2 to memory  wuitnhhoouot touk ngc(hoinngWdiUniskdo(onsill latrfosrmas),lcu&stomiBzabaleenncarypntingapapckrso, and deirect system calls/DLL  \nDisclaimer  \nEven though most of this is on public GitHub repos, it’s not documented and often we leave one or two things that require a little know-how to fix or configure.  \nKnowing how to connect all these pieces is what makes it scary, and that’s what this class is all about. Please be responsible (   don’t use VirusTotal) .  \nThis is a VERY RAPIDLY moving space, and we either are or are directly working with the devs of almost all the tools we’re going to talk about. Everything works along the most tested paths, but there will be bugs.  \nObjectives  \n● Introduction, What is this class going to cover  \n● Building a dev environment  \n● An introduction to the Go language (and why hackers like it)  \n● Set up Golang C2 and Implant  \n● Learn how to spread, infect files, and inject into memory  \n● Other techniques for EDR evasion  \n● Darknet-based methods for NIDS evasion  \nDev Env- Install Go  \nUse the installer and instructions here for your platform:  \n[https://golang.org/doc/install](https://golang.org/doc/install)  \nNote: Go modules are now mandatory, there is no need to use GOPATH.  \nGo Modules Commands That Will Save Your Life: rm go. mod go.sum  \ngo clean-modcache  \nGOPROXY=direct go mod [init github.com/USER/MODULE](init github.com/USER/MODULE)  \n\\# deletes existing go modules definitions  \n\\# clears out the local modules cache  \n\\# creates a new go modules definition, bypass online cache  \nGOPROXY=direct go mod tidy \\# updates and cleans up existing go modules definition, bypass online cache  \nDev Env-","cbCaitoPBURu6bxd","https://ap.wps.com/l/cbCaitoPBURu6bxd","pdf",11391049,3,1,141,"English","en",105,"# Objectives\n## Workshop Coverage\n# Development Environment Setup\n## Install Go\n## Install Git","[{\"question\":\"What are the main goals of the class on writing Go-based malware?\",\"answer\":\"The course targets setting up a Go dev environment, learning Go for offensive use, deploying a Golang C2 and implant, and practicing spreading/infection and memory injection. It also covers EDR evasion and darknet-based NIDS evasion methods.\"},{\"question\":\"How does the implant communicate with the command-and-control system in this workshop plan?\",\"answer\":\"It emphasizes encrypted darknet communications with pluggable transports, covert exfiltration methods, detection evasion, and fault-tolerant infrastructure design.\"},{\"question\":\"What development environment steps are provided for beginners?\",\"answer\":\"The notes include installing Go (with Go modules mandatory, no GOPATH) and installing Git across Linux, macOS, and Windows. They also list helpful Go module commands to initialize, clean, and tidy dependencies.\"}]",1783463402,355,{"code":4,"msg":31,"data":32},"ok",{"site_id":25,"language":24,"slug":33,"title":13,"keywords":34,"description":14,"schema_data":35,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":28},"writing-golang-malware","",{"@graph":36,"@context":85},[37,53,68],{"@type":38,"itemListElement":39},"BreadcrumbList",[40,44,48,50],{"item":41,"name":42,"@type":43,"position":21},"https://docshare.wps.com","Home","ListItem",{"item":45,"name":46,"@type":43,"position":47},"https://docshare.wps.com/document/","Document",2,{"item":49,"name":12,"@type":43,"position":20},"https://docshare.wps.com/document/technology/",{"item":51,"name":13,"@type":43,"position":52},"https://docshare.wps.com/document/writing-golang-malware/45647/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":24,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":41,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-12","2026-07-07",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"What are the main goals of the class on writing Go-based malware?","Question",{"text":75,"@type":76},"The course targets setting up a Go dev environment, learning Go for offensive use, deploying a Golang C2 and implant, and practicing spreading/infection and memory injection. It also covers EDR evasion and darknet-based NIDS evasion methods.","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"How does the implant communicate with the command-and-control system in this workshop plan?",{"text":80,"@type":76},"It emphasizes encrypted darknet communications with pluggable transports, covert exfiltration methods, detection evasion, and fault-tolerant infrastructure design.",{"name":82,"@type":73,"acceptedAnswer":83},"What development environment steps are provided for beginners?",{"text":84,"@type":76},"The notes include installing Go (with Go modules mandatory, no GOPATH) and installing Git across Linux, macOS, and Windows. They also list helpful Go module commands to initialize, clean, and tidy dependencies.","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":25},{"code":4,"msg":5,"data":92},[93,97,101,105,110,113,118,123,128,131,135],{"id":21,"doc_module":4,"doc_module_name":46,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":47,"doc_module":4,"doc_module_name":46,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":46,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":106,"doc_module":4,"doc_module_name":46,"category_name":107,"show_sort_weight":108,"slug":109},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":46,"category_name":12,"show_sort_weight":111,"slug":112},50,"technology",{"id":114,"doc_module":4,"doc_module_name":46,"category_name":115,"show_sort_weight":116,"slug":117},7,"Healthcare",40,"healthcare",{"id":119,"doc_module":4,"doc_module_name":46,"category_name":120,"show_sort_weight":121,"slug":122},8,"Research & Report",30,"research-report",{"id":124,"doc_module":4,"doc_module_name":46,"category_name":125,"show_sort_weight":126,"slug":127},9,"Religion & Spirituality",20,"religion-spirituality",{"id":126,"doc_module":4,"doc_module_name":46,"category_name":129,"show_sort_weight":126,"slug":130},"World Cup","world-cup",{"id":132,"doc_module":4,"doc_module_name":46,"category_name":133,"show_sort_weight":132,"slug":134},10,"Lifestyle","lifestyle",{"id":136,"doc_module":4,"doc_module_name":46,"category_name":137,"show_sort_weight":106,"slug":138},19,"General","general"]