Evasive Linux Malware Detection Video Presentation (BPFDoor)
Sandfly founder Craig Rowland recently spoke at the Oslo Cold Incident Response Conference on evasive Linux malware. Although talks were not recorded, he made a video of the presentation he gave below.
This talk focused on the infamous BPFDoor backdoor. BPFDoor used a combination of simple evasion techniques to avoid detection on Linux by doing the following:
Covert communications and encryption
Professionally written and deployed
In this presentation we go over the elements that make for effective Linux malware and how to detect it using simple command line forensics.
Slides for the talk are below:
Evasive Linux Malware and Backdoors Slides
We thank the organizers of the conference for having us speak.