wacatac.b!ml

swwwheart · 17.11.2024

voldemort сказал(а):

I think garble won't help to bypass AVs it is certainly intended to obfuscate Go imports, functions name and to remove debug infos to further complicate the RE process.

I asked if he was using garble because it is an instant detection. I compile without garble and I don't face the same problems.

I suggest try to compile with -ldflags="-s -w -H=windowsgui" if you are not already.

voldemort · 17.11.2024

swwwheart сказал(а):

I asked if he was using garble because it is an instant detection. I compile without garble and I don't face the same problems.

I suggest try to compile with -ldflags="-s -w -H=windowsgui" if you are not already.

Yeah that's the typical Go compilation but your build will contain a lot of information that reverse engineer will have it easy, if you don't want to compile with garble you will have to do some extra work to obfuscate your build.

swwwheart · 17.11.2024

voldemort сказал(а):

Yeah that's the typical Go compilation but your build will contain a lot of information that reverse engineer will have it easy, if you don't want to compile with garble you will have to do some extra work to obfuscate your build.

I wouldn't describe reversing stripped go binaries as easy. yes your build will still contain package information and build path but that doesn't mean reversing is easy.

Lipshitz · 17.11.2024

I think sliver has ruined garble. There has been detections for a while now

bismum · 20.11.2024

There is a windows defender disabler on github, it ads whole disk C to exclusion silently

wacatac.b!ml

swwwheart

Its nice to be nice

voldemort

(L3) cache

swwwheart

Its nice to be nice

Lipshitz

(L3) cache

bismum

CD-диск