Malware Development in Go: Bypassing Windows Defender

Name: Malware Development in Go: Bypassing Windows Defender
Rating: 3.6 (6 reviews)

Simple Shellcode Loader in Go

Created byRudeus Greyrat

Last updated 1/2025

English

What you'll learn

Create a loader in Go that bypasses Windows Defender
Call the Windows API in Go
Use Msfvenom
Understand shellcode
Xor shellcode in Go
Allocate Memory in Windows
Change Memory Protection in Go
Create Threads using the Windows API
Understand Threat Intelligence
Use msfvenom reverse tcp

Course content

9 sections • 22 lectures • 2h 2m total length

Mindset of a whitehat5:41
What mindset to have when taking the course ?
Presenting the Course Lab5:41
Introduce the users to the environment used in this course
This is not a tutorial about installing VirtualBox, there is plenty out there already ;-)
Notes on installing Go inside Kali Linux3:59
Brief introduction on where to find legitimate Go installation guide
This is not a tutorial about installing Go.
Demonstration of Windows Defender Actually Defending12:28
Some well known malicious opensource project will be tested on machine with windows defender and without. These includes Rubeus.exe, msfvenom etc.
VirusTotal will be introduced
Creating your first helloworld.exe7:53
An example of a simple helloworld program will be written in Go
The Go code will be compiled to helloworld.exe and tested in a windows environment

Introduction to the Windows API4:59
Windows API will be introduced
DLL Chained concept is presented
Calling the Windows API in Go - Method 18:17
A first method to call the windows API in Go is shown
A Go program that creates a MessageBox is created
Calling the Windows API in Go - Method 28:41
A second method to call the windows API in Go is shown
A Go program that creates a MessageBox is recreated
Calling the Windows API in Go - Method 31:29
A third method to call the windows API in Go is discussed

Allocation Memory in own process space - VirtualAlloc7:11
Explore allocating memory in a Go process using VirtualAlloc, choosing reserve and commit memory with read-write protection, and preparing to load shellcode in a following step.
Other Method to Allocate Memory1:53
Explore alternative memory allocation methods for Windows processes, including virtualallocex and createfilemapping with mapviewoffile, to support loader development in Go.

Copying Shellcode to own process5:59
Explore copying shellcode into a process memory in Go, using unsafe pointers and byte slices, with a focus on memory allocation and handling in malware development.
Making the memory executable4:35
Explore allocating memory with virtualalloc, then using virtualprotect to make it executable for shellcode on Windows, implementing a two-step protection change with logging.

Creating a thread in current process - CreateThread5:23
Learn to create a thread in the current process using the Windows API, load kernel32.dll, and execute shellcode by its start address, then wait for the thread to finish.
Others ways of launching the thread1:29
Explore alternative thread-launching methods in Go malware development, such as creating a remote thread and queuing a user APC for self or remote shellcode injection.

Requirements

Basic linux usage
Basic C programming will be a plus

Description

This course is designed to provide a comprehensive foundation for anyone interested in learning malware development. The primary objective is clear yet impactful: bypassing Windows Defender by creating a fully functional shellcode loader using the Go programming language. By the end of this course, you will have the essential knowledge and skills to build on, setting the stage for further exploration into offensive security and advanced malware techniques.

We begin by exploring the Windows API, a critical toolkit for low-level interaction with the Windows operating system. You’ll learn how to use these APIs to execute shellcode, allocate memory, and create loaders. Each step is broken down into practical, hands-on lessons that demonstrate how simple Go code can evolve into a powerful executable capable of manipulating and navigating the Windows environment.

In addition to technical insights, this course emphasizes practical learning through demonstrations and exercises, ensuring a solid grasp of the material. From understanding memory allocation to mastering thread creation, you’ll gain invaluable skills for creating efficient and effective programs.

Join our supportive Discord Group, where you can ask questions, collaborate, and stay connected with both peers and experts. The Discord link is provided in the first lecture attachment and will be sent to you again when you buy this course.

Who this course is for:

People wanting to learn about malware development
People willing to learn for fun
Offensive Security Enthusiast

Malware Development in Go: Bypassing Windows Defender

What you'll learn

Explore related topics

Course content

Introduction5 lectures • 36min

The Windows API4 lectures • 23min

Introduction to Loaders and Shellcode3 lectures • 9min

Preparing the shellcode2 lectures • 16min

Allocating Memory2 lectures • 9min

Copying Shellcode to Allocated Memory2 lectures • 11min

Triggering the thread2 lectures • 7min

Putting the Pieces together1 lecture • 8min

Conclusion1 lecture • 3min

Requirements

Description

Who this course is for: