AV/EDR bypass with Go
2023-09-09, 17:10–17:40 (Europe/Berlin), Tesla

Some time ago, it was enough to recompile Go program with different Go version and you would magically bypass anti malware products. Nowadays, it become an art. Since you have to do lot of work in the background in order to bypass all the protections in place. Also, craft is different for different anti malware product providing more spice to the challenge and both sides do not like to share all details publicly.

Vlatko Kosturjak is security consultant at Diverto where he helps clients to reach desired security level(s). He likes to break and build depending on the mood and time of day(night). Beside security, his passion is open and free software, so he authored many open source offensive tools and contributed code to various free security software.