Recon 2022

Juan Andres Guerrero-Saade

Juan Andrés is a Principal Threat Researcher at SentinelOne and an Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). Juan Andrés was Chronicle Security’s Research Tsar, founding researcher of the Uppercase team. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. His joint work on Moonlight Maze is now featured in the International Spy Museum’s permanent exhibit in Washington, DC.

The speaker's profile picture

Sessions

06-04
11:30
30min
Beyond AlphaGolang: Automated hunting based on reversing Go binaries
Juan Andres Guerrero-Saade

Reverse engineering Golang was considered a nightmare. Over time, our understanding of Go has evolved and it turns out that with the right tooling, Go may be one of the easiest languages to reverse engineer. We released AlphaGolang as a way to tackle reversing Go binaries, recovering as much information as possible and surfacing user generated code. Where do we go from here? How about using the understanding we can glean from Go malware to automate hunting and clustering?

Grand Salon