Go reverse-engineering workshop

Back to the list of Speakers and Sessions

Go is becoming more and more prevalent in offensive security tooling. And while the analysis of most programs can be approached using the same methods, binaries generated by this language are different enough from what compilers generally produce that they require developing a special skillset.

Short, unscientific surveys conducted in my professional circle indicate that Go is reverse-engineers’ most dreaded language. It doesn’t have to be this way. In this workshop, I would like to share the knowledge I have built up reverse-engineering Go malware as well as the methodology I follow during my day-to-day work and useful disassembler plugins.

Participants should prepare by:

This workshop is intended for people who have experience with reverse-engineering and know their way around a disassembler and a debugger. They should already be familiar with x86 and x64 ASM and reversing C / C++ programs.

Participants must have the following equipment:

A laptop with all the necessary analysis tools: disassembler + debugger.

Ivan Kwiatkowski Senior Security Researcher, Kaspersky

An OSCP and OSCE-certified penetration tester and malware analyst working as a Senior Security Researcher in the Global Research and Analysis Team (GReAT) at Kaspersky Lab since 2018. Also delivers Kaspersky’s reverse-engineering trainings in Europe. Ivan maintains an open-source dissection tool for Windows executables and his research was presented during several cybersecurity conferences. As a digital privacy activist, he also operates an exit node of the Tor network.