https://mac.sploit.dk/tags/go/ Recent content in Go on Martin's Blog Hugo en-us Sat, 30 May 2026 00:00:00 +0000 https://mac.sploit.dk/blog/decompile-to-real-code/ Sat, 30 May 2026 00:00:00 +0000 https://mac.sploit.dk/blog/decompile-to-real-code/ <p>When ChatGPT was released, it was helpful in some cases to copy decompiled pseudo-code from IDA Pro into ChatGPT and get faster feedback on how the pseudo-code could be translated into real Go code. Reading real Go code is a lot faster than interpreting pseudo-code. Over time, ChatGPT and Claude have both improved their analysis capabilities.</p> <p>Around the middle of 2025, frontier labs started releasing coding agents, notably Claude Code. Now it seems a new coding agent is released on a weekly basis.</p> https://mac.sploit.dk/blog/go-binaries-that-hide-from-gos-own-tools/ Fri, 29 May 2026 00:00:00 +0000 https://mac.sploit.dk/blog/go-binaries-that-hide-from-gos-own-tools/ <p>I have been building a small C tool that fingerprints Go binaries (version, build metadata, function names, the lot) and pointing it at a corpus of malware samples. A few of them confused an early, naïve version of it: the detector keyed on the <code>pclntab</code> magic number, and these samples did not have the magic it expected. The obvious next question is whether they are Go at all, and if so, how much they are trying to hide. The answer turned out to have two layers, and only one of them does what its author probably hoped.</p>