Reversing Modern Binaries: Practical Rust & Go Analysis
Instructors: Daniel Frederic & Mathieu Hoste
Dates: June 23 to 26 2025
Capacity: 25 Seats
This 4-day training combines two comprehensive modules, focusing on reverse engineering Rust binaries
(Days 1-2) and Golang binaries (Days 3-4). Participants will gain hands-on experience with tools,
techniques, and advanced malware analysis, concluding with a capstone project to reinforce their skills.
Designed for malware analysts, reverse engineers, and security professionals, this course provides the
knowledge needed to tackle real-world reverse engineering challenges in modern programming languages.
KEY LEARNING OBJECTIVES
- Understand Rust & Go Fundamentals
- Comprehend Rust & Go Compilation and Runtime
- Analyze Rust & Go Structures and Control Flow
- Utilize Tools for Rust & Go Reverse Engineering
- Apply Advanced Reverse Engineering Techniques
- Reverse Engineer Malware Techniques in Rust and Go
Course Topics
Day 1: Rust Reverse Engineering - Fundamentals and Tooling
Module 1: Introduction to Rust and Reverse Engineering
- History, philosophy, and features of Rust
- Why attackers use Rust for malware development
- Fundamentals of reverse engineering
- Setting up the reverse engineering environment (Ghidra, GDB, LLDB, Radare2)
Module 2: Rust Compilation and Runtime
- Compilation process: From source code to machine code (LLVM/MIR)
- Rust runtime (Linux and Windows)
- Rust's calling conventions, memory management, symbol mangling/demangling
Module 3: Analyzing Rust Structures and Control Flow
- Understanding data structures (Option, Result enums, slices, structs)
- Analyzing control flow: Functions, methods, loops, conditionals
- Exercise: Reverse engineering a simple Rust program
Day 2: Advanced Rust Reversing and Malware Analysis
Module 4: Tools and Techniques for Rust Reverse Engineering
- Configuring Ghidra for Rust binaries
- Debugging with GDB/GEF and LLDB
- Practical exercises with Rust debugging and analysis
Module 5: Advanced Reverse Engineering and Obfuscation Techniques
- Tackling stripped binaries: Symbol recovery and function inlining
- Handling obfuscation techniques: String obfuscation, anti-debugging
- Exercise: Reverse engineering an obfuscated Rust binary
Module 6: Advanced Malware Reverse Engineering Techniques in Rust
- Analyzing process hollowing, API hooking, and DLL injection in Rust malware
- Understanding loader injection and packers in Rust binaries
- Practical exercises with Rust malware samples
Module 7: Rust Malware Analysis
- Case studies (e.g., Luca Stealer)
- Writing YARA rules for Rust binaries
- Exercise: Analyzing a Rust malware sample and crafting YARA rules
Day 3: Golang Reverse Engineering - Fundamentals and Tooling
Module 8: Introduction to Golang and Reverse Engineering
- Overview of Go language and its features
- Why attackers use Go for malware development
- Go compilation (go build, go install) and runtime basics
- Exercise: Reversing a simple Go binary
Module 9: Basics of Golang Reversing
- Challenges in reversing Go binaries
- Tools for Go analysis: Ghidra, Radare2, GDB, and IDA Pro
- Go runtime analysis: Common runtime functions, calling conventions
- Analyzing Go binary sections and basic structures (int, string, slice, map)
- Exercise: Analyzing a Go binary with basic structures
Module 10: Analyzing Go Structures and Control Flow
- Go structs and interfaces
- Understanding control flow in Go: Functions, methods, loops, and error handling
- Exercise: Reverse engineering a Go program
Day 4: Advanced Golang Reversing and Malware Analysis
Module 11: Advanced Go Reversing Techniques
- Challenges with stripped Go binaries
- Advanced Go features: Goroutines, channels, synchronization (wait groups, mutex)
- Analyzing Go's memory management and reflection
- Exercise: Reversing a Go binary with advanced features
Module 12: Go Malware Analysis
- Case studies of Go-based malware
- Writing YARA rules for Go binaries
- Exercise: Reversing Go malware and crafting YARA rules
Module 13: Capstone Project and Conclusion
- Reverse engineering a complex Go application
- Guided capstone project combining advanced techniques from both Rust and Go
- Review of core concepts and open Q&A session
- Additional resources for further learning
Prerequisites
- Basic knowledge of Rust and Go programming.
- Familiarity with reverse engineering concepts and assembly language.
- Familiarity with scripting (Python, Bash) and Linux.
- SKILL LEVEL: BEGINNER / INTERMEDIATE
HARDWARE REQUIREMENTS
- A working laptop capable of running virtual machines
- 8GB RAM required, at a minimum
- 40 GB free Hard disk space
- Administrator / root access MANDATORY
SOFTWARE REQUIREMENTS
- VirtualBox installed with guest addition
- IDA Pro and/or Binary Ninja would be helpful but not required
WHO SHOULD ATTEND
Malware analysts, reverse engineers, security researchers, vulnerability researchers, software developers
Bio
Daniel Frederic is a security researcher at Fuzzinglabs and the current head of the CTF team at
LSE.
Originally a kernel and low-level developer with a passion for reverse engineering, he merges these
interests by focusing on low-level targets. His research primarily involves developing low-level fuzzing
tools through in-depth exploration of often obscure targets.
Mathieu Hoste is a security engineer at FuzzingLabs, he is a cybersecurity enthusiast who began his
journey in reverse engineering and especially Rust. Over time, his passion led him to specialize in
blockchain vulnerability research. At FuzzingLabs, he focuses on uncovering critical flaws in Ethereum
using advanced fuzzing techniques to improve the security of the blockchain ecosystem.
To Register
Click here to register.