When malware analysis first emerged, reverse engineers typically operated in a straightforward C landscape — standard Win32 APIs, no massive runtimes, and clear code paths. Today, the landscape has fundamentally shifted. The natural progression to C++ introduced object-oriented hurdles like virtual function tables and standard template library bloat, laying the groundwork for the complexities we see in today's modern ecosystem. In this episode of Behind the Binary, we sit down with Jae Young Kim from the FLARE team to discuss navigating this evolution and what it actually takes to reverse engineer modern compiled languages like Go and Rust.
Jae walks us through his journey of diving head-first into the Go compiler architecture and source code to build a comprehensive internals reference for the FLARE Learning Hub. We discuss why understanding language quirks from the inside out is essential for professional analysts, look at the reality of recovering symbols from "stripped" Go binaries, and explore why traditional workflows like Time Travel Debugging (TTD) often get buried under runtime cruft. Finally, we look at the immediate future of the trade: how LLMs are already excelling at high-level decompilation and what languages he thinks are going to play a more significant role (hint - .NET AOT and Nim came up).
THE SESSION:
The Modern Language Shift: How the transition from C and C++ to sprawling, modern compiled runtimes has altered the day-to-day workflow of threat researchers and steepened the learning curve for beginners.
Demystifying Go Internals: Jae’s perspective on why Go's compact design philosophy can actually make it a highly systematic, and occasionally pleasant, reversing experience once you master its unique quirks and calling conventions.
The Myth of the "Stripped" Go Binary: A look at how tools like goReSym leverage intact compilation metadata to programmatically restore original function names and type definitions.
AI and the Future Decompiler: An honest assessment of how current LLMs handle assembly-to-source reconstruction, where hallucination verification still requires a human in the loop, and how automated tooling will reshape the analysis pipeline.
Emerging Blind Spots: A primer on the next operational hurdles for threat researchers, including the rising frequency of native ahead-of-time (.NET AOT) compilations and wildcard languages like Nim.
Podden och tillhörande omslagsbild på den här sidan tillhör
Josh Stroschein. Innehållet i podden är skapat av Josh Stroschein och inte av,
eller tillsammans med, Poddtoppen.