Golang Deobfuscation with Binary Ninja (Stream - 04/01/2025)

In this stream developed a Binary Ninja plugin to deobfuscate Golang malware that has been obfuscated using the Garble (https://github.com/burrowers/garble) project. We also wrote Yara rules, discussed the security industry, programming languages used by malware authors, reverse engineering platforms and many other topics. Learn how to reverse engineer malware: https://training.invokere.com/course/imbtbn Notes: https://github.com/Invoke-RE/stream-notes/tree/main/binja-golang-deobfuscation Ungarble code: https://github.com/Invoke-RE/ungarble_bn Twitch: https://www.twitch.tv/InvokeReversing Twitter: https://twitter.com/InvokeReversing Mastodon: https://infosec.exchange/@invokereversing Big thanks to Taylor Umer for the Thumbnail art https://www.linkedin.com/in/taylor-umer-616639171/ 0:00 Intro and Overview of Garble 12:53 Binary Refinery's vstack 29:50 Disassembly Fingerprinting 53:58 Ungarble UI Components 56:54 Trying to Get Plugin Reloading Working 1:02:49 Development Continued 1:13:00 Overview of WARP Signatures 1:28:10 Unpac.me Yara Hunting 1:39:00 Adding Threads and RE Discussions 1:58:35 Threads Working and Security Discussions 2:32:13 Development Continued 2:42:10 Debugger Discussion 2:52:55 Threading Development Continued 2:56:34 Critical Thinking and Analytical Skills Discussion 3:01:00 Development Continued 3:03:00 Outro