Botconf 2026: Ghidra workshop on symbol recovery and Golang malware

We are pleased to attend Botconf 2026 in Reims, France. The main conference runs from 15 to 17 April 2026; workshops take place on 14 April 2026. The conference focuses on botnets and malware ecosystems.

Alongside the programme we will join the workshop “Malware symbol recovery with Ghidra using Golang examples”. It covers how to work faster when unnamed functions pile up: restoring function symbols and automating rename steps when hundreds or thousands of unknown symbols get in the way. Examples use Golang because statically linked Go binaries illustrate the ideas well.

In the four-hour workshop we work through two malware families seen in the wild: how symbol recovery works in theory and how to apply it in Ghidra. That includes building your own symbol databases and using privately analysed samples as a starting point for further research into family evolution. The relationship between source and compiled code (especially with Go) is also clarified.

The techniques apply to any binary Ghidra supports and can be adapted for other tools with minor changes.

Note: We will extend this post with impressions and follow-up notes after the visit.