Detecting Evasive Linux Malware Presentation

Rootkits Education Linux Forensics Malware

Date: October 20, 2023

Author: The Sandfly Security Team

Sandfly founder Craig Rowland gave a presentation for the FIRST Cold Incident Response Conference in Oslo on evasive Linux backdoors and malware below:

Evasive Linux Backdoors and Malware Presentation

This talk focused on the infamous BPFDoor backdoor. BPFDoor used a combination of simple evasion techniques to avoid detection on Linux by doing the following:

Process masquerading
Anti-forensics
Firewall bypasses
Covert communications and encryption
Professionally written and deployed

In this presentation we go over the elements that make for effective Linux malware and how to detect them using simple command line forensics such as the following:

Discovering processes that are hiding their real names
Anti-forensic detection
Finding processes sniffing network traffic
General tips and ideas to find evasive Linux malware

We thank the organizers of the conference for having us speak.

Let Sandfly keep your Linux systems secure.

Learn More

Detecting Evasive Linux Malware Presentation

Share this:

Let Sandfly keep your Linux systems secure.