Reverse Engineering Go Malware: From Manual to AI-Powered Analysis
Asher Davila
BSidesSF 2026 · Day 1 · AMC Theatre 14
This talk, presented by Asher Davila, a Security Researcher at Palo Alto Networks, delves into the evolving landscape of Go malware analysis, transitioning from traditional manual reverse engineering techniques to leveraging the power of AI and Large Language Models (LLMs). Davila highlights the increasing prevalence of malware written in **Go** (often referred to as **Golang**), a language that presents unique challenges for security analysts due to its compilation characteristics and runtime mechanisms. The presentation serves as a crucial guide for reverse engineers and incident responders facing these modern threats.
AI review
Competent survey of Go malware RE techniques bolted to an LLM capability/limitation tour. Davila clearly knows the material and the open-sourced Radare2 parser for the go PC line table is a genuine contribution, but the talk reads more like a well-organized blog post than a research drop — the individual pieces (Go binary internals, GoStrings, MCP agents) are each publicly documented elsewhere, and the AI angle adds breadth without adding depth.