TMZ Lair

Having fun with ELF files and GoLang

2 minute read Published:

Now I will show how GoLang interacts with ELF files in a generic example. You could look further into the native module here. I do recommend reading it, I am using some bits of code extracted directly from the module source. It is basically the same idea as the PE, similar module. You can extend it depending on your needs. Here you go. package main import ( "fmt" "io" "os" "debug/elf" ) func check(e error) { if e !

Having fun with PE files and GoLang

2 minute read Published:

New blog design, new post. Today I will show how GoLang interacts with PE files in a generic example. You could look further into the native module here or even check its source code here. I do recommend reading it, I am using some bits of code extracted directly from the module source. Here you go. package main import ( "fmt" "debug/pe" "os" "io" "encoding/binary" ) func check(e error) { if e !

Win32.Liora.B

5 minute read Published:

So I decided to port my Linux.Liora (https://github.com/guitmz/go-liora) Go infector to Win32 and it worked great. Minor tweaks were needed in the code, you can run a diff between both and check it out. EDIT: Fixed the PE verification routine, it checks for a proper PE file now. Thanks hh86! Virus source: /* * Win32.Liora.B - This is a POC PE prepender written in Go by TMZ (2015). * * Win32.

Linux.Liora: a Go virus

4 minute read Published:

So this guy asks me in a job interview last week “Have you ever developed in Go?” and well what’s best to learn a language than writting a prepender (probably a lot of things but don’t kill my thrill)? There you have it, the probably first ever binary infector written in GoLang (SPTH LIP page “outdately” confirms that). Basically a port from my Linux.Zariche ‘cause my life is in a hurry.

Dynamic API Calls in .NET

2 minute read Published:

Today I’m going to share a way to call APIs without DLLImport. I’ve first saw this years ago at OpenSC.ws as far as I remember and got into the idea. The code was lost since then but I found a copy. Program.cs using System; using System.Reflection; namespace APICaller { class Program { public static void Main(string[] args) { Console.Title = "Dynamic API Caller"; Console.WriteLine("Press any key to call your API!"); Console.

MBR Dump With .NET - Part 1

2 minute read Published:

Greetings. Years ago I was messing around with Windows MBR (VXHeaven thread) and got stuck while trying to write a modified copy back to the disk. I’m calling this “Part 1” because I’m still stuck at this and plan to get back on my research. Anyways, it will be a short post, just to share where I was at that time. using System; using System.Runtime.InteropServices; using Microsoft.Win32.SafeHandles; using System.IO; namespace MBR { class MainClass { [DllImport("Kernel32.