Reversing a Go Malware Using Ghidra

symbols

I was called to handle an incident in which a malicious IP address is accessed each time the system boots. They couldn't find out what process is making the connection.

Using one of the BCC eBPF tools called tcpconnect.py, I was able to locate the malicious process that's disguised …

View comments.

more ...