NorthSec 2023

Go reverse-engineering workshop
2023-05-19, 13:00–16:00, Workshop 2

Go is becoming more and more prevalent in offensive security tooling. And while the analysis of most programs can be approached using the same methods, binaries generated by this language are different enough from what compilers generally produce that they require developing a special skillset.

Short, unscientific surveys conducted in my professional circle indicate that Go is reverse-engineers’ most dreaded language. It doesn’t have to be this way. In this workshop, I would like to share the knowledge I have built up reverse-engineering Go malware as well as the methodology I follow during my day-to-day work and useful disassembler plugins.

What is the language of your talk/workshop?


An OSCP and OSCE-certified penetration tester and malware analyst working as a Senior Security Researcher in the Global Research and Analysis Team (GReAT) at Kaspersky Lab since 2018. Also delivers Kaspersky’s reverse-engineering trainings in Europe. Ivan maintains an open-source dissection tool for Windows executables and his research was presented during several cybersecurity conferences. As a digital privacy activist, he also operates an exit node of the Tor network.