Feeding Gophers to Ghidra

Explore advanced techniques for analyzing Golang malware using Ghidra in this comprehensive conference talk. Learn how to navigate the complexities of Golang binaries without getting lost in unnecessary details. Discover a set of Java-based scripts developed to enhance Ghidra's capabilities in handling Golang executables, building upon Dorka Palotay's previous work. Delve into the intricacies of both Ghidra and Golang internals, and witness the significant improvements these scripts bring to the analysis process. Gain insights into recovering static and dynamic strings, functions with their original names, and Golang types. Understand the advantages of using Java for Ghidra scripting over the deprecated Python 2 approach. Watch a live demonstration of the scripts in action and learn how to apply them in your own malware research or vulnerability hunting endeavors. By the end of this talk, equip yourself with powerful tools and knowledge to effectively analyze Golang binaries encountered in your security work.

#HITB2023AMS #COMMSEC D2 - Feeding Gophers To Ghidra - Max Kersten