Evasive Linux Malware Detection Video Presentation (BPFDoor)

Linux Forensics Videos Presentations Linux Security Malware Education

November 14, 2023
The Sandfly Security Team

Sandfly founder Craig Rowland recently spoke at the Oslo Cold Incident Response Conference on evasive Linux malware. Although talks were not recorded, he made a video of the presentation he gave below.

This talk focused on the infamous BPFDoor backdoor. BPFDoor used a combination of simple evasion techniques to avoid detection on Linux by doing the following:

  • Process masquerading

  • Anti-forensics

  • Firewall bypasses

  • Covert communications and encryption

  • Professionally written and deployed

In this presentation we go over the elements that make for effective Linux malware and how to detect it using simple command line forensics.

Slides for the talk are below:

Evasive Linux Malware and Backdoors Slides

We thank the organizers of the conference for having us speak.

Let Sandfly keep your Linux systems secure.

Learn More