- Dissecting Go Binaries
- Go: Overview of the Compiler
- Go compiler internals: adding a new statement to Go - Part 1
- Go compiler internals: adding a new statement to Go - Part 2
- Reversing GO binaries like a pro
- How a Go Program Compiles down to Machine Code
- Analyzing Golang Executables
- Go Reverse Engineering Tool Kit
- go-internals book
- [Reconstructing Program Semantics from Go Binaries](http://home.in.tu
Quang Nguyễn quangnh89
quangnh89
/ GORE.md
Last active
May 12, 2022 10:18
— forked from alexander-hanel/GORE.md
Go Lang Reverse Engineering Resources/Links
quangnh89
/ inject.c
Created
July 2, 2018 03:33
— forked from hfiref0x/inject.c
Process Doppelgänging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Ref = src | |
| // https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf | |
| // | |
| // Credits: | |
| // Vyacheslav Rusakov @swwwolf | |
| // Tom Bonner @thomas_bonner | |
| // | |
| #include <Windows.h> |
quangnh89
/ Suspect_File_1_writeup.py
Created
August 7, 2017 17:49
SHA2017 CTF Rev100 Suspect File 1 write-up
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import angr | |
| def malloc_cb(state): | |
| print "malloc!" | |
| state.regs.eax = 0xc0000000 # concrete address | |
| def strlen_cb(state): |
quangnh89
/ deobfuscate.py
Last active
October 12, 2023 17:26
A malware analysis case-study: Deobfuscate Windows malicious obfuscated code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Slide : https://docs.google.com/presentation/d/1jLUDucNtvGotHw0LOvDonMYwCkXYcb-cnsOWLNt-Ag0 | |
| import sys | |
| import pefile | |
| from capstone import * | |
| from capstone.x86 import * | |
| from keystone import * | |
| from datetime import datetime | |
| MAX_DISASM_COUNT = 1000 * 1000 | |
| FILE_NAME = r"dump-g4pic.dll" |